Encontrados resultados para:
Autor: Erica Tena Sánchez
Año: Desde 2002
Artículos de revistas
Design and Evaluation of Countermeasures Against Fault Injection Attacks and Power Side-Channel Leakage Exploration for AES Block Cipher
F.E. Potestad-Ordóñez, E. Tena-Sánchez, A.J. Acosta-Jiménez, C.J. Jiménez-Fernández and R. Chaves
Journal Paper · IEEE Access, vol. 10, pp 65548-65561, 2022
resumen
doi
Differential Fault Analysis (DFA) and Power Analysis (PA) attacks, have become the main methods for exploiting the vulnerabilities of physical implementations of block ciphers, currently used in a multitude of applications, such as the Advanced Encryption Standard (AES). In order to minimize these types of vulnerabilities, several mechanisms have been proposed to detect fault attacks. However, these mechanisms can have a significant cost, not fully covering the implementations against fault attacks or not taking into account the leakage of the information exploitable by the power analysis attacks. In this paper, four different approaches are proposed with the aim of protecting the AES block cipher against DFA. The proposed solutions are based on Hamming code and parity bits as signature generators for the internal state of the AES cipher. These allow to detect DFA exploitable faults, from bit to byte level. The proposed solutions have been applied to a T-box based AES block cipher implemented on Field Programmable Gate Array (FPGA). Experimental results suggest a fault coverage of 98.5% and 99.99% with an area penalty of 9% and 36% respectively, for the parity bit signature generators and a fault coverage of 100% with an area penalty of 18% and 42% respectively when Hamming code signature generator is used. In addition, none of the proposed countermeasures impose a frequency degradation, in respect to the unprotected cipher. The proposed work goes further in the evaluation of the proposed DFA countermeasures by evaluating the impact of these structures in terms of power side-channel. The obtained results suggest that no extra information leakage is produced that can be exploited by PA. Overall, the proposed DFA countermeasures provide a high fault coverage protection with a low cost in terms of area and power consumption and no PA security degradation.
Hardware Countermeasures Benchmarking against Fault Attacks
F.E. Potestad-Ordóñez, E. Tena-Sánchez, A.J. Acosta, C.J. Jiménez-Fernández and R. Chaves
Journal Paper · Applied Sciences, vol. 12, no. 5, article 2443, 2022
resumen
doi
The development of differential fault analysis (DFA) techniques and mechanisms to inject faults into cryptographic circuits brings with it the need to use protection mechanisms that guarantee the expected level of security. The AES cipher, as a standard, has been the target of numerous DFA techniques, where its security has been compromised through different formulations and types of fault injections. These attacks have shown vulnerabilities of different AES implementations and building blocks. Consequently, several solutions have been proposed that provide additional protection to cover the identified vulnerabilities. In this paper, an extensive analysis has been carried out covering the existing fault injection techniques, the types of faults, and the requirements needed to apply DFA. Additionally, an analysis of the countermeasures reported in the literature is also presented, considering the protection provided, the type of faults considered, and the coverage against fault attacks. The eight different types of fault that allow us to perform DFAs on the AES cipher have been differentiated, as well as the vulnerabilities of the cipher. On the other hand, two comparisons have been made considering frequency penalty vs. area and fault coverage vs. area and frequency overhead. A metric has been proposed to compare the fault coverage of all the proposed solutions. To conclude, a final analysis is presented discussing the key aspects when choosing a particular solution and the possible development of new countermeasures to provide further protection against DFA.
Gate-Level Hardware Countermeasure Comparison against Power Analysis Attacks
E. Tena-Sánchez, F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández, A.J. Acosta and R. Chaves
Journal Paper · Applied Sciences, vol. 12, no. 5, article 2390, 2022
resumen
doi
The fast settlement of privacy and secure operations in the Internet of Things (IoT) is appealing in the selection of mechanisms to achieve a higher level of security at minimum cost and with reasonable performances. All these aspects have been widely considered by the scientific community, but more effort is needed to allow the crypto-designer the selection of the best style for a specific application. In recent years, dozens of proposals have been presented to design circuits resistant to power analysis attacks. In this paper, a deep review of the state of the art of gate-level countermeasures against power analysis attacks has been carried out, performing a comparison between hiding approaches (the power consumption is intended to be the same for all the data processed) and the ones considering a masking procedure (the data are masked and behave as random). The most relevant proposals in the literature, 35 for hiding and 6 for masking, have been analyzed, not only by using data provided by proposers, but also those included in other references for comparison. Advantages and drawbacks of the proposals are analyzed, showing quantified data for cost, performance (delay and power), and security when available. One of the main conclusions is that the RSL proposal is the best in masking, while TSPL, HDRL, SDMLp, 3sDDL, TDPL, and SABL are those with the best security performance figures. Nevertheless, a wise combination of hiding and masking as masked_SABL presents promising results.
Trivium Stream Cipher Countermeasures Against Fault Injection Attacks and DFA
F.E. Potestad-Ordonez, E. Tena-Sanchez, J.M. Mora-Gutierrez, M. Valencia-Barrero and C.J. Jimenez-Fernandez
Journal Paper · IEEE Access, vol. 9, pp 168444-168454, 2021
resumen
doi
Attacks on cryptocircuits are becoming increasingly sophisticated, requiring designers to include more and more countermeasures in the design to protect it against malicious attacks. Fault Injection Attacks and Differential Fault Analysis have proven to be very dangerous as they are able to retrieve the secret information contained in cryptocircuits. In this sense, Trivium cipher has been shown to be vulnerable to this type of attack. This paper presents four different fault detection schemes to protect Trivium stream cipher implementations against fault injection attacks and differential fault analysis. These countermeasures are based on the introduction of hardware redundancy and signature analysis to detect fault injections during encryption or decryption operations. This prevents the attacker from having access to the faulty key stream and performing differential fault analysis. In order to verify the correct operation and the effectiveness of the presented schemes, an experimental system of non-invasive active attacks using the clock signal in FPGA has been designed. This system allows to know the fault coverage for both multiple and single faults. In addition, the results of area consumption, frequency degradation, and fault detection latency for FPGA and ASIC implementations are presented. The results show that all proposed countermeasures are able to provide a fault coverage above 79% and one of them reaches a coverage of 99.99%. It has been tested that the number of cycles for fault detection is always lower than the number of cycles needed to apply the differential fault analysis reported in the literature for the Trivium cipher.
Gate-Level Design Methodology for Side-Channel Resistant Logic Styles using TFETs
I.M. Delgado-Lozano, E. Tena-Sánchez, J. Núñez and A.J. Acosta
Journal Paper · IEEE Embedded Systems Letters, vol. 14, no. 2, pp 99-102, 2021
resumen
doi
The design of secure circuits in emerging technologies is an appealing area that requires new efforts and attention as an effective solution to secure applications with power constraints. The paper deals with the optimized design of DPA-resilient hiding-based techniques, using Tunnel Field-Effect Transistors (TFETs). Specifically, proposed TFET implementations of Dual-Precharge-Logic primitives optimizing their computation tree in three different ways, are applied to the design of PRIDE Sbox-4, the most vulnerable block of the PRIDE lightweight cipher. The performance of simulation-based DPA attacks on the proposals have shown spectacular results in security gain (34 out of 48 attacks fail for optimized computation trees in TFET technology) and power reduction (x25), compared to their CMOS-based counterparts in 65nm, which is a significant advance in the development of secure circuits with TFETs.
Experimental FIA Methodology using Clock and Control Signal Modifications under Power Supply and Temperature Variations
F.E. Potestad-Ordóñez, E. Tena-Sánchez, J.M. Mora-Gutierrez, M. Valencia-Barrero and C.J. Jiménez-Fernández
Journal Paper · Sensors, vol. 21, no. 22, article 7596, 2021
resumen
doi pdf
The security of cryptocircuits is determined not only for their mathematical formulation, but for their physical implementation. The so-called fault injection attacks, where an attacker inserts faults during the operation of the cipher to obtain a malfunction to reveal secret information, pose a serious threat for security. These attacks are also used by designers as a vehicle to detect security flaws and then protect the circuits against these kinds of attacks. In this paper, two different attack methodologies are presented based on inserting faults through the clock signal or the control signal. The optimization of the attacks is evaluated under supply voltage and temperature variation, experimentally determining the feasibility through the evaluation of different Trivium versions in 90 nm ASIC technology implementations, also considering different routing alternatives. The results show that it is possible to inject effective faults with both methodologies, improving fault efficiency if the power supply voltage decreases, which requires only half the frequency of the short pulse inserted into the clock signal to obtain a fault. The clock signal modification methodology can be extended to other NLFSR-based cryptocircuits and the control signal-based methodology can be applied to both block and stream ciphers.
Projection of dual-rail DPA countermeasures in future FinFET and emerging TFET technologies
I.M. Delgado-Lozano, E. Tena-Sánchez, J. Núñez and A. Acosta
Journal Paper · ACM Journal on Emerging Technologies in Computing Systems, vol. 16, no. 3, article 30, 2020
resumen
doi
The design of near future cryptocircuits will require greater performance characteristics in order to be implemented in devices with very limited resources for secure applications. Considering the security against differential power side-channel attacks (DPA), explorations of different implementations of dual-precharge logic gates with advanced and emerging technologies, using nanometric FinFET and Tunnel FET transistors, are proposed aiming to maintain or even improve the security levels obtained by current Metal-Oxide Semiconductor Field-Effect Transistor (MOSFET) technologies and reducing the resources needed for the implementations. As case study, dual-precharge logic primitives have been designed and included in the 4-bit substitution box of PRIDE algorithm, measuring the performance and evaluating the security through simulation-based Differential Power Analysis (DPA) attacks for each implementation. Extensive electrical simulations with predictive Predictive Transistor model on scaled 16nm and 22nm MOSFET, 16nm and 20nm FinFET, and 20nm Tunnel Field Effect Transistor (TFET) demonstrate a clear evolution of security and performances with respect to current 90nm MOSFET implementations, providing FinFET as fastest solutions with a delay 3.7 times better than conventional proposals, but TFET being the best candidate for future cryptocircuits in terms of average power consumption (x0.02 times compared with conventional technologies) and security in some orders of magnitude.
Design and analysis of secure emerging crypto-hardware using HyperFET devices
I.M. Delgado-Lozano, E. Tena-Sánchez, J. Núñez and A.J. Acosta
Journal Paper · IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 2, pp 787-796, 2020
resumen
doi
The emergence of new devices to be used in low-power applications are expected to reach impressive performance compared to those obtained by equivalent CMOS counterparts. However, when used in lightweight security applications, these emerging paradigms are required to be reliable and safe enough during the task of protecting important and valuable data. In this work, the usage of HyperFET devices for security applications has been analyzed and new paradigms for enhancing security against Power Analysis attacks have been developed for the first time. To perform this analysis, classical dual-precharge logic primitives implemented with 14nm FinFET have been upgraded to incorporate HyperFET devices. The proposed primitives incorporating HyperFETs, as well as a 4-bit Substitution box of PRIDE algorithm as demonstrative example, have been designed and simulated using predictive models. Simulation-based Differential Power Analysis attacks demonstrate high improvements in security levels in a x25 factor at least, with negligible degradation in performance. This first approach could be easily extensible to other ciphers or crypto-circuits, where the incorporation of HyperFET devices will enhance security for most future applications.
Logic minimization and wide fan-in issues in DPL-based cryptocircuits against power analysis attacks
E. Tena-Sánchez and A.J. Acosta
Journal Paper · International Journal of Circuit Theory and Applications, vol. 47, no. 2, pp 238-253, 2019
resumen
doi
This paper discusses the use of logic minimization techniques and wide fan-in primitives and how the design and evaluation of combinational blocks for full-custom dual-precharge-logic-based cryptocircuits affect security, power consumption, and hardware resources. Generalized procedures for obtaining optimized solutions were developed and applied to the gate-level design of substitution boxes, widely used in block ciphers, using sense-amplifier-based logic in a 90-nm technology. The security of several proposals was evaluated with simulation-based correlation power analysis attacks, using the secret key measurements to disclosure metric. The simulation results showed increased security-power-delay figures for our proposals and, surprisingly, indicated that those solutions which minimized area occupation were both the most secure and the most power-efficient.
Power and energy issues on lightweight cryptography
A.J. Acosta, E. Tena-Sánchez, C.J. Jiménez and J.M. Mora
Journal Paper · Journal of Low Power Electronics, vol. 13, no. 3, pp 326-337, 2017
resumen
doi
Portable devices such as smartphones, smart cards and other embedded devices require encryption technology to guarantee security. Users store private data in electronic devices on a daily basis. Cryptography exploits reliable authentication mechanisms in order to ensure data confidentiality. Typical encryption security is based on algorithms that are mathematically secure. However, these algorithms are also costly in terms of computational and energy resources. The implementation of security mechanisms on dedicated hardware has been shown as a first-order solution to meet prescribed security standards at low power consumption with limited resources. These are the guidelines of the so-called lightweight cryptography. Upcoming Internet of Thing (IoT) is extensively demanding solutions in this framework. Interestingly, physical realizations of encryption algorithms can leak side-channel information that can be used by an attacker to reveal secret keys or private data. Such physical realizations must therefore be holistically addressed. Algorithm, circuit and layout aspects are to be considered in order to achieve secure hardware against active and passive attacks. In order to address the challenges raised by the IoT, both academia and industry are these days devoting significant efforts to the implementation of secure lightweight cryptography. This paper is a survey of (i) lightweight cryptography algorithms; (ii) techniques to reduce power applied to cryptohardware implementations; (iii) vulnerability analysis of low-power techniques against sidechannel attacks; and (iv) possibilities opened to emerging technologies and devices in the "More than Moore" scenario.
Embedded electronic circuits for cryptography, hardware security and true random number generation: an overview
A.J. Acosta, T. Addabbo and E. Tena-Sánchez
Journal Paper · International Journal of Circuit Theory and Applications, vol. 45, no. 2, pp 145-169, 2017
resumen
doi
We provide an overview of selected crypto-hardware devices, with a special reference to the lightweight electronic implementation of encryption/decryption schemes, hash functions, and true random number generators. In detail, we discuss the hardware implementation of the chief algorithms used in private-key cryptography, public-key cryptography, and hash functions, discussing some important security issues in electronic crypto-devices, related to side-channel attacks (SCAs), fault injection attacks, and the corresponding design countermeasures that can be taken. Finally, we present an overview about the hardware implementation of true random number generators, discussing the chief electronic sources of randomness and the types of post-processing techniques used to improve the statistical characteristics of the generated random sequences.
Application specific integrated circuit solution for multi-input multi-output piecewise-affine functions
P. Brox, M.C. Martínez-Rodríguez, E. Tena-Sánchez, I. Baturone and A.J. Acosta
Journal Paper · International Journal of Circuit Theory and Applications, vol. 44, no. 1, pp. 4-20, 2015
resumen
doi
This paper presents a fully digital architecture and its application specific integrated circuit implementation for computing multi-input multi-output (MIMO) piecewise-affine (PWA) functions. The work considers both PWA functions defined over regular hyperrectangular and simplicial partitions of the input domains and also lattice PWA representations. The proposed architecture is able to implement PWA functions following different realization strategies, using a common structure with a minimized number of blocks, thus reducing power consumption and hardware resources. Experimental results obtained with application specific integrated circuit (ASIC) integrated in a 90-nm complementary metal-oxide semiconductor standard technology are provided. The proposed architecture is compared with other digital architectures in the state of the art habitually used to implement model predictive control applications. The proposal is superior in power consumption (saving up to 86%) and economy of hardware resources (saving up to 40% in comparison with a mere replication of the three representations) to other proposals described in literature, being ready to be used in applications where high-performance and minimum unitary cost are required.
A Methodology for Optimized Design of Secure Differential Logic Gates for DPA Resistant Circuits
E. Tena-Sánchez, J. Castro and A.J. Acosta
Journal Paper · IEEE Journal on Emerging and Selected Topics in Circuits and Systems, vol. 4, no. 2, pp 203-215, 2014
resumen
doi
Cryptocircuits can be attacked by third parties using differential power analysis (DPA), which uses power consumption dependence on data being processed to reveal critical information. To protect security devices against this issue, differential logic styles with (almost) constant power dissipation are widely used. However, to use such circuits effectively for secure applications it is necessary to eliminate any energy-secure flaw in security in the shape of memory effects that could leak information. This paper proposes a design methodology to improve pull-down logic configuration for secure differential gates by redistributing the charge stored in internal nodes and thus, removing memory effects that represent a significant threat to security. To evaluate the methodology, it was applied to the design of AND/NAND and XOR/XNOR gates in a 90 nm technology, adopting the sense amplifier based logic (SABL) style for the pull-up network. The proposed solutions leak less information than typical SABL gates, increasing security by at least two orders of magnitude and with negligible performance degradation. A simulation-based DPA attack on the Sbox9 cryptographic module used in the Kasumi algorithm, implemented with complementary metal-oxide-semiconductor, SABL and proposed gates, was performed. The results obtained illustrate that the number of measurements needed to disclose the key increased by much more than one order of magnitude when using our proposal. This paper also discusses how the effectivenness of DPA attacks is influenced by operating temperature and details how to insure energy-secure operations in the new proposals.
A programmable and configurable ASIC to generate piecewise-affine functions defined over general partitions
P. Brox, R. Castro-Ramirez, M.C. Martinez-Rodriguez, E. Tena, C.J. Jimenez, I. Baturone and A.J. Acosta
Journal Paper · IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 60, no. 12, pp 3182-3194, 2013
resumen
doi
This paper presents a programmable and configurable architecture and its inclusion in an Application Specific Integrated Circuit (ASIC) to generate Piecewise-Affine (PWA) functions. A Generic PWA form (PWAG) has been selected for integration, because of its suitability to implement any PWA function without resorting to approximation. The design of the ASIC in a 90 nm TSMC technology, its integration, test and characterization through different examples are detailed in the paper. Furthermore, the ASIC verification using an ASIC-in-the-loop methodology for embedded control applications is presented. To assess the characteristics of this verification, the double-integrator, a usual control application example has been considered. Experimental results validate the proposed architecture and the ASIC implementation.
Congresos
Cryptographic Security Through a Hardware Root of Trust
L.F. Rojas-Muñoz, S. Sánchez-Solano, M.C. Martínez-Rodríguez, E. Camacho-Ruiz, P. Navarro-Torrero, A. Karmakar, C. Fernández-García, E. Tena-Sánchez, F.E. Potestad-Ordóñez, A. Casado-Galán, P. Ortega-Castro, A.J. Acosta-Jiménez, C.J. Jiménez-Fernández and P. Brox
Conference · Applied Reconfigurable Computing. Architectures, Tools, and Applications (ARC), 2024
resumen
doi
This work presents a novel approach to a Hardware Root-of-Trust that leverages System-on-Chip technology for the implementation of hardware cryptographic functions. Taking advantage of the processing power of a System-on-Chip, the solution established promotes hardware-based security solutions over software-only solutions. The proposed Root-of-Trust, developed around a Xilinx Zynq-7000 SoC device, integrates components based on cryptographic algorithms and physical phenomena. This innovative Root-of-Trust is tailored to support a spectrum of security tasks within cryptographic systems, including device-specific identifiers and keys, encryption and decryption, hashing, and signature generation and verification. The study adopts a unified design methodology, capitalizing on collaborative efforts to efficiently develop hardware primitives that significantly contribute to enhancing security in computing environments. Aligned with the advantages of reconfigurable hardware, this Hardware Root-of-Trust addresses the critical need for robust hardware-level security and introduces a set of countermeasures to fortify the design against potential threats.
A Simple Power Analysis of an FPGA implementation of a polynomial multiplier for the NTRU cryptosystem
E. Camacho-Ruiz, S. Sánchez-Solano, M.C. Martínez-Rodríguez, E. Tena-Sánchez and P. Brox
Conference · XXXVIII Conference on Design of Circuits and Integrated Systems DCIS 2023
resumen
Abstract not available
Teaching based on proposed by students designs: a case study
C.J. Jimenez-Fernandez, C. Baena-Oliva, P. Parra-Fernandez, M. Valencia-Barrero, F.E. Potestad-Ordoñez, E. Tena-Sanchez and A. Gallardo-Soto
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2022
resumen
Learning digital design at RT level is enhanced by practical, lab-based tasks. These tasks, if chosen appropriately, can be highly motivating. The fact that the proposal is attractive to students is an important incentive. Working with FPGAs and development boards is a very suitable tool for carrying out designs of varying complexity. This paper presents an experience developed in the Advanced Digital Design course (4th year of the Degree) consisting of a design on FPGA proposed by the students themselves based on some common specifications, such as the use of a matrix of 8x8 LEDs and that the design has to interact with some external element.
Methodology and comparison of evaluation methods in electronic laboratories
E. Tena-Sanchez, F.E. Potestad-Ordonez, J.I. Guerrero-Alonso, D.F. Larios-Marin and J. Luque-Rodriguez
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2022
resumen
There are different methodologies for the evaluation of the experimental development of students in university technical schools. Specifically, in electronic laboratories, the evaluation of the acquired competencies is not a simple task due to the large number of factors involved. In this work, an evaluation methodology is proposed consisting of voluntary laboratory sessions and a final exam. On the other hand, this methodology is compared with the previous one consisting of compulsory laboratory sessions, the evaluation of theoretical studies prior to the laboratory session, and continuous evaluation through the submission of practical reports during each session. In addition to the objective data on the number of fail/pass, we will present the impressions of both students and teachers who applied this methodology, as well as the most significant changes observed both in the attitude of the students and in the workload of both students and teachers.
ICs tester design and its effect on application in electronics laboratories
F.E. Potestad-Ordonez, C.J. Jimenez-Fernandez, A. Gallardo-Soto, M. Valencia-Barrero, C. Baena-Oliva, P. Parra-Fernandez and E. Tena-Sanchez
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2022
resumen
One of the best methods to help students assimilate the theoretical concepts about electronic circuits is to perform laboratory sessions with real components. Therefore, the use of integrated circuits in electronics laboratory sessions and exams is very common. Since the electronic training of the students is very different, it is frequent that the devices break and become useless after a bad connection or manipulation. This paper presents the design of an integrated circuit tester, specifically the 741 and 74LS00. The effect observed on the attitude of the students after using the device (functionality check performed with the student there), before the practical sessions and laboratory exams, will be presented, and the different impressions from the point of view of the teachers will be analyzed.
Implementación hardware de un algoritmo ligero de cifrado
C. Fernández-García, V. Zúñiga-Ginzález, A. Casado-Galán, E. Tena-Sácnhez, F.E. Potestad-Ordóñez and C.J. Jiménez-Fernández
Conference · IX Jornadas de I+D+i & 1st International Workshop on STEM
resumen
Abstract not available
Desarrollo de setup experimental para la realización de cartografía EM en sistemas criptográficos
A. Casado-Galán, V. Zúñiga-González, F.E. Potestad-Ordóñez, C. Fernández-García, C.J. Jiménez- Fernández and E. Tena-Sácnhez
Conference · IX Jornadas de I+D+i & 1st International Workshop on STEM
resumen
El objetivo de la criptografía es garantizar la confidencialidad, integridad y disponibilidad de la información. En los dispositivos electrónicos, protegemos la información por medio de algoritmos criptográficos. Estos transforman la secuencia mediante operaciones matemáticas en diversas iteraciones haciendo que la información sea, con la potencia computacional de la que disponemos actualmente, imposible de recuperar sin conocer una determinada clave. Si bien teóricamente estos algoritmos son seguros, la implementación en circuitos electrónicos abre la puerta a vulnerabilidades que se pueden explotar para obtener información sobre el mensaje cifrado. Midiendo, por ejemplo, la emisión electromagnética (EM) de un circuito con instrumental apropiado para ello y tenemos un modelo matemático de este lo suficientemente preciso, podemos hackear el dispositivo y obtener la clave o mensaje cifrado. Este trabajo se centra en el desarrollo experimental de un setup de medida para realizar la cartografía EM de los sistemas criptográficos. Esto permite determinar los puntos de máxima emisión de información atacable. El setup experimental propuesto está totalmente automatizado desde un PC, donde con una mesa XY y el posicionamiento fijo de la sonda EM se puede barrer el área completa del dispositivo bajo test y capturar la emisión EM en cada punto.
Review of Breaking Trivium Stream Cipher Implemented in ASIC using Experimental Attacks and DFA
F.E. Potestad-Ordoñez, E. Tena-Sánchez, C. Fernández-García, V. Zúñiga-González, J.M. Mora Gutiérrez, C. Baena-Oliva, P. Parra-Fernández, A.J. Acosta-Jiménez and C.J. Jiménez-Fernández
Conference · Jornadas Nacionales de Investigación en Ciberseguridad JNIC 2022
resumen
In this paper, we present a review of the work [1]. In this work a complete setup to break ASIC implementations of standard Trivium stream cipher was presented. The setup allows to recover the secret keys combining the use of the active noninvasive technique attack of clock manipulation and Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.
[1] F.E. Potestad-Ordoñez, M. Valencia-Barrero, C. Baena-Oliva, P. Parra-Fernández, C.J. Jiménez-Fernández, "Breaking Trivium Stream Cipher Implemented in ASIC using Experimental Attacks and DFA". In Sensors, vol. 20, num. 6909, pp. 1-19, 2020.
Review of Gate-Level Hardware Countermeasure Comparison Against Power Analysis Attacks
E. Tena-Sánchez, F.E. Potestad-Ordoñez, V. Zúñiga-González, C. Fernández-García, J.M. Mora Gutiérrez, C.J. Jiménez-Fernández and A.J. Acosta-Jiménez
Conference · Jornadas Nacionales de Investigación en Ciberseguridad JNIC 2022
resumen
In this paper, we present a review of the work [1]. The fast settlement of Privacy and Secure operations in the Internet of Things (IoT) is appealing the selection of mechanisms to achieve a higher level of security at the minimum cost and with reasonable performances. In recent years, dozens of proposals have been presented to design circuits resistant to Power Analysis attacks. In this paper a deep review of the state of the art of gate-level countermeasures against Power Analysis attacks has been done, performing a comparison between hiding approaches (the power consumption is intended to be the same for all the data processed) and the ones considering a masking procedure (the data are masked and behave as random). The most relevant proposals in the literature, 35 for hiding and 6 for masking, have been analyzed, not only by using data provided by proposers, but also those included in other references for comparison.
[1] E. Tena-Sánchez, F.E. Potestad-Ordoñez, C.J. Jiménez-Fernández, A.J. Acosta and R. Chaves, "Gate-Level Hardware Countermeasure Comparison against Power Analysis Attacks," Applied Sciences, 12(5), 2390, 2022.
Adaptación de prácticas de laboratorios de Electrónica y Automatización a una modalidad semipresencial
E. Tena-Sánchez, F.E. Potestad-Ordóñez, M. Valencia-Barrero, A.J. Acosta and C.J. Jiménez-Fernández
Conference · Congreso Universitario de Innovación Educativa en las Enseñanzas Técnicas CUIEET 2021
resumen
En el curso 20/21, debido a la situación de pandemia mundial, tanto las clases teóricas como las prácticas sufrieron importantes cambios, además de los que se seguirán adoptando en próximos años. En este trabajo se exponen los problemas observados en las clases de laboratorio, más concretamente en la adecuación de los laboratorios de electrónica y automatización, donde el equipamiento y la capacidad ya eran limitados y se han agravado drásticamente por el problema de no poder juntar dos alumnos por puesto. Esto implica dividir el grupo en subgrupos, y plantear nuevos modelos didácticos adaptados a esta situación.
Hamming-Code Based Fault Detection Design Methodology for Block Ciphers
F E. Potestad-Ordóñez, E. Tena-Sánchez, R. Chaves, M. Valencia-Barrero, A.J. Acosta-Jiménez and C.J. Jiménez-Fernández
Conference · IEEE International Symposium on Circuits and Systems ISCAS 2020
resumen
Fault injection, in particular Differential Fault Analysis (DFA), has become one of the main methods for exploiting vulnerabilities into the block ciphers currently used in a multitude of applications. In order to minimize this type of vulnerabilities, several mechanisms have been proposed to detect this type of attacks. However, these mechanisms can have a significant cost or not adequately cover the implementations against fault attacks. In this paper a novel approach is proposed, consisting in generating the signatures of the internal state using a Hamming code. This allows to cover a larger amount of faults allowing to detect even or odd bit changes, as well as multi-bit and multi-byte changes, the ones that make ciphers more vulnerable to DFA attacks. As case of study, this approach has been applied to the Advanced Encryption Standard (AES) block cipher implemented on FPGA using T-boxes. The results suggest a higher fault coverage with an overhead of 16% of resource consumption and without any penalty in the frequency degradation.
Benchmarking of nanometer technologies for DPA-resilient DPL-based cryptocircuits
E. Tena-Sánchez, I.M. Delgado-Lozano, J. Nuñez and A.J. Acosta
Conference · Conference on Design of Circuits and Integrated Systems DCIS 2018
resumen
The design of cryptographic circuits is requiring greater performance restrictions due to the constrained environments for IoT applications in which they are included. Focusing on the countermeasures based on dual-precharge logic styles, power, area and delay penalties are some of their major drawbacks when compared to their static CMOS single-ended counterparts. In this paper, we propose a initial study where scaled CMOS technnology and FinFET emerging technology are considered to foresee the relationship between ultra low power consumption, reduced delay, and security. As demonstration vehicle, we measure the performance and the security level achieved by different Substitution Boxes, implemented in different technologies. As main results, nanometer CMOS technologies maintains considerable security levels at reasonable power and delay figures, while FinFETs outperform CMOS in power and delay reduction, but with a non negligible degradation in security.
Effect of temperature variation in experimental DPA and DEMA attacks
E. Tena-Sánchez and A.J. Acosta
Conference · Int. Symposium on Power and Timing Modeling, Optimization and Simulation PATMOS 2018
resumen
Side-Channels attacks are usually performed to measure the vulnerability of cryptocircuits against malicious attacks. The conditions in which the attacks are carried out have influence in their effectivity. In this sense, temperature variations should be considered to assess the complete vulnerability of a system, but they have not been deeply considered in the literature. For this purpose, experimental DPA and DEMA attacks are carried out over one of the widest used and studied block cipher, namely AES algorithm, implemented in a Spartan-6 FPGA. The effectivity of DPA and DEMA attacks under different temperatures: 10, 25, 50 and 70°C have been studied experimentally. The attacks have been made over the 128 bits of two randomly chosen keys. The security achieved for each attack is measured using the Measurements to Disclose (MTD) the key, which determines the minimum number of patterns needed to retrieve the secret key. From the results we can obtain interesting conclusions: DPA attack is more effective than the DEMA attack over the AES implementation on FPGA. On the other hand, we conclude that the key has influence on the MTD value, but the variability between keys is of the same magnitude as the variability between temperatures, meaning that temperature variation is not a decisive factor in the effectiveness of an attack.
Vulnerability Evaluation and Secure Design Methodology of Cryptohardware for ASIC-embedded Secure Applications to Prevent Side-Channel Attacks
E. Tena-Sánchez, I. Durán, S. Canas and A. J. Acosta
Conference · Workshop on Trustworthy Manufacturing and Utilization of Secure Devices TRUDEVICE 2016
resumen
This poster presents the state of the art in the research performed by our group in designing and testing cryptohardware for ASIC-embedded secure applications. Implementations of both block-ciphers (Kasumi-Sbox9, AES-128) and stream-ciphers (Trivium) are explored at a circuit and transistor level, to increase their security figures. Analysis of vulnerability is made via Correlation Power Analysis (CPA) attacks, by implementing Correlation Electromagnetic Analysis attacks (CEMA), and using t-test leakage detection analysis, which are made at simulation and experimental level
A low-cost FPGA-based platform to perform fast Power/Electromagnetic Attacks on cryptographic circuits
S. Canas, E. Tena-Sánchez and A.J. Acosta
Conference · Conference on Design of Circuits and Integrated Systems DCIS 2016
resumen
In this paper, we propose a general purpose low-cost FPGA-based platform to acquire traces faster than a high performance logic analyzer from any kind of cryptographic device in order to use them to perform Power Analysis (PA) and Electromagnetic Analysis (EMA) attacks. The proposed platform can be easily customized to capture traces from any cryptocircuit to attack it, removing pattern generators (like expensive logic analyzers) to produce test patterns. We have tested and verified the functionality, speed and improvement over a logic analyzer-based setup measuring the power and electromagnetic traces to be used in a PA or EMA attack over an ASIC with an implementation of Trivium stream cipher and over a SBOX-9 (Kasumi) FPGA implementation. In the case of Trivium(ASIC implementation), the time needed to generate input patterns is reduced to 5% of the total time of measurement, being 4% for the SBOX-9 (FPGA implementation). The measurement time is compared to existing instrument-based alternatives.
Secure Cryptographic Hardware Implementation Issues for High-Performance Applications
E. Tena-Sánchez, A.J. Acosta and J. Nuñez
Conference · Int. Workshop on Power and Timing Modeling, Optimization and Simulation PATMOS 2016
resumen
In this paper the effect of high-performance techniques for high speed applications in secure cryptographic implementations is studied. The use of dual precharge logic styles with fine-grained pipelining with an overlapping three-phase clock scheme is studied, also including a correct distribution of the clock signal in the cryptographic implementation. To make this study, four different implementations of the Sbox-9 of the Kasumi algorithm have been implemented using an 90nm TSMC technology. Simulation-based DPA attacks have been carried out, showing how the proper synchronization of data signals gives better results in terms of power consumption and operating frequency, but affects negatively the security against side channel attacks, decreasing the number of input patterns needed to disclosure the secret key.
Optimized DPA attack on Trivium stream cipher using correlation shape distinguishers
E. Tena and A. Acosta
Conference · Conference on Design of Circuits and Integrated Systems DCIS 2015
resumen
Trivium is a hardware oriented stream cipher finalist of the eSTREAM project. In this work, an optimized Differential Power Analysis (DPA) attack on Trivium using correlation shape distinguishers is presented. Unlike in the previous reported attacks, we are able to retrieve the whole 80-bit key without making any hypothesis during the attack using the proposed method. The theoretical vulnerability analysis is presented and then checked developing a simulation-based DPA attack on a standard CMOS Trivium implementation in a 90nm TSMC technology. The results show that our simulation-based attack is successful for random keys, improving the previously-reported attacks at least in 91.25% in terms of number of patterns needed to recover the key.
Design and Characterization of Cryptohardware for ASIC-embedded Secure Applications to Prevent Power Analysis Attacks
E. Tena-Sánchez and A.J. Acosta
Conference · Workshop on Cryptographic Hardware and Embedded Systems CHES 2015
resumen
Information leakaged by cryptosystems can be used to reveal critical information using Side Channel Attacks. Differential Power Analysis (DPA) uses the power consumption dependence on the processed data to reveal the secret key. Countermeasures against DPA.
DPA Vulnerability Analysis on Trivium Stream Cipher using an Optimized Power Model
E. Tena-Sánchez and A.J. Acosta
Conference · IEEE International Symposium on Circuits and Systems ISCAS 2015
resumen
In this paper, a Differential Power Analysis (DPA) vulnerability analysis on Trivium stream cipher is presented. Compared to the two previously presented DPA attacks on Trivium, we retrieve the whole key without making any hypothesis during the attack. An optimized power model is proposed allowing the power trace acquisition without making any algorithmic noise removement thus simplifying the attack strategy considerably. The theoretical vulnerability analysis is presented and then checked developing a simulation-based DPA attack on a standard CMOS Trivium implementation in a 90nm TSMC technology. The results show that our attack is successful for random keys, saving in computer resources and time respecting to previously reported attacks. The attack is independent on technology used for the implementation of Trivium and can be used to measure the security of novel Trivium implementations.
Programmable ASICs for Model Predictive Control
M.C. Martínez-Rodríguez, P. Brox, E. Tena, A.J. Acosta and I. Baturone
Conference · IEEE International Conference on Industrial Technology ICIT 2015
resumen
Two configurable and programmable ASICs that implement piecewise-affine (PWA) functions have been designed in TSMC 90-nm technology in response to industry demands for embedded, fast response time, and low power solutions for Model Predictive Control (MPC). An automated model-based design flow can extract the parameters necessary for the configuration and the programming of both ASICs. Two application examples in the automotive field illustrate the design flow and the behavior of the ASICs.
Design and test of a low-power 90nm XOR/XNOR gate for cryptographic applications
E. Tena-Sánchez, J. Castro and A. Acosta
Conference · Int. Workshop on Power and Timing Modeling, Optimization and Simulation PATMOS 2014
resumen
In this paper, the design of a XOR/XNOR gate for low-power cryptographic applications is presented. The proposed gate optimizes the SABL (Sense Amplifier Based Logic) gate, widely used in cryptocircuit implementations, by removing residual charge in the pull-down circuit and simplifying the pull-up. The resulting gate improves SABL in terms of area, power consumption, propagation delay and resilience against Differential Power Analysis (DPA) attacks. To demonstrate the gain in performances, both gates have been designed, physically implemented and experimentally characterized, in a 90nm TSMC technology. Experimental results show a reduction of 15% in area, 12% in power consumption, and 40% in delay in the proposed gate. To demonstrate the gain in security of the proposal, simulation-based DPA attacks have been performed on respective Kasumi Sbox9 implementations, being our proposal suitable for inmediate application in high-performance secure cryptographic applications.
Low-Power Differential Logic Gates for DPA Resistant Circuits
E. Tena-Sanchez, J. Castro and A.J. Acosta
Conference · Euromicro Conference on Digital System Design DSD 2014
resumen
pdf
Information leakaged by cryptosistems can be used by third parties to reveal critical information using Side Channel Attacks (SCAs). Differential Power Analysis (DPA) is a SCA that uses the power consumption dependence on the processed data. Designers widely use differential logic styles with constant power consumption to protect devices against DPA. However, the right use of such circuits needs a fully symmetric structure and layout, and to remove any memory effect that could leak information. In this paper we propose improved low-power gates that provide excellent results against DPA attacks. Simulation based DPA attacks on Sbox9 are used to validate the effectiveness of the proposals.
Automatic and Systematic Test Toolset for Digital ASICs
E. Tena-Sánchez, J. Castro-Ramirez and A.J. Acosta-Jimenez
Conference · Conference on the Design of Circuits and Integrated Systems DCIS 2013
resumen
Abstract not available
Automatic and Systematic Control of Experimental Data Measurements on ASICs
E. Tena, J. Castro and A.J. Acosta
Conference · Symposium IMEKO TC 4 Symposium and IWADC Workshop 2013
resumen
This paper presents a methodology to perform automatic and systematic characterization test on application specific integrated circuits (ASICs). The proposed methodology is based on the automatic control of all laboratory equipment and the data processing with Matlab. The ASIC, or integrated system, is connected to controllable test equipment to generate patterns and collect the output data provided by the ASIC. The methodology that provides the Matlab script controlling the equipment, test process, making the analysis of the results and supervising the whole process, can be easily adapted to different experiments and ASIC features. The test of a piecewise affine (PWA) ASIC controller has been used to experimentally prove the automatic control in both open-loop as well as in closed-loop configurations, reducing the risk of manual measurement errors.
Reducing bit flipping problems in SRAM physical unclonable functions for chip identification
S. Eiroa, J. Castro, M.C. Martínez-Rodríguez, E. Tena, P. Brox and I. Baturone
Conference · IEEE International Conference on Electronics, Circuits, and Systems ICECS 2012
resumen
pdf
Physical Unclonable functions (PUFs) have appeared as a promising solution to provide security in hardware. SRAM PUFs offer the advantage, over other PUF constructions, of reusing resources (memories) that already exist in many designs. However, their intrinsic noisy nature produces the so called bit flipping effect, which is a problem in circuit identification and secret key generation. The approaches reported to reduce this effect usually resort to the use of pre- and post-processing steps (such as Fuzzy Extractor structures combined with Error Correcting Codes), which increase the complexity of the system. This paper proposes a pre-processing step that reduces bit flipping problems without increasing the hardware complexity. The proposal has been verified experimentally with 90-nm SRAMs included in digital application specific integrated circuits (ASICs).
ASIC-in-the-loop methodology for verification of piecewise affine controllers
M. Martínez-Rodríguez, P. Brox, J. Castro, E. Tena, A. Acosta and I. Baturone
Conference · IEEE International Conference on Electronics, Circuits, and Systems ICECS 2012
resumen
pdf
This paper exposes a hardware-in-the-loop metho- dology to verify the performance of a programmable and confi- gurable application specific integrated circuit (ASIC) that imple- ments piecewise affine (PWA) controllers. The ASIC inserted into a printed circuit board (PCB) is connected to a logic analyzer that generates the input patterns to the ASIC (in particular, the values to program the memories, configuration parameters, and values of the input signals). The output provided by the ASIC is also taken by the logic analyzer. A Matlab program controls the logic analyzer to verify the PWA controller implemented by the ASIC in open-loop as well as in closed-loop configurations.
Libros
No hay resultados
Capítulos de libros
No hay resultados
Otras publicaciones
No hay resultados