Spanish National Research Council · University of Seville
esp    ing
IMSE-CNM in Digital.CSIC


In all publications
Author: Potestad Ordóñez, Francisco E.
Year: Since 2002
All publications
Vulnerabilidad y análisis diferencial mediante inserción de fallos de cifradores Trivium en FPGA y ASIC
F.E. Potestad-Ordóñez
Thesis - Date of defense: 05/03/2019
Las comunicaciones en la Sociedad TIC tienen información sensible susceptible de ser interceptada por terceras partes con fines malintencionados. Con el fin de evitar este gran problema, la comunidad científica se ha centrado en la constante búsqueda y desarrollo de algoritmos criptográficos orientados a su integración en criptosistemas, que permitan asegurar la comunicación donde los canales de transmisión son potencialmente inseguros.
A la hora de establecer nuevos estándares de seguridad, es necesario estudiar la vulnerabilidad ofrecida por los nuevos algoritmos. Estas vulnerabilidades es posible estudiarlas tomando el rol de una tercera parte que trata de obtener la información secreta del dispositivo y con ello conocer dónde se encuentran sus puntos débiles. Es aquí donde se enmarca la presente Tesis Doctoral, donde se realiza un estudio del estado del arte de la criptografía, así como las técnicas más importantes para comprometer la seguridad de los criptosistemas actuales, siendo objeto de estudio el cifrador de flujo Trivium, tanto el diseño original presentado en el portfolio del proyecto eSTREAM, como diferentes variantes de éste.
Para poder estudiar la vulnerabilidad de estos criptosistemas y poder recuperar su información secreta, se han diseñado diferentes sistemas de inserción de fallos tanto en tecnología FPGA como en ASIC. Estos sistemas de ataque se han implementado para poder atacar al cifrador mediante la manipulación de su señal de reloj y sus señales de control. Gracias a estos sistemas de ataque experimentales, es posible determinar los puntos débiles de estos criptosistemas y mediante el uso de análisis diferenciales recuperar su información secreta, clave y vector de inicialización. Este estudio, por tanto, presenta la primera rotura de este cifrador de forma experimental, consiguiendo en el 100% de los casos la recuperación de su clave secreta y probando que este criptosistema es vulnerable a los ataques por inserción de fallos.

Floorplanning as a practical countermeasure against clock fault attack in Trivium stream cipher
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández, M. Valencia-Barrero, C. Baena and P. Parra
Conference - Conference on Design of Circuits and Integrated Systems DCIS 2018
The fault injection in ciphers operation is a very successful mechanism to attack them. The inclusion of elements of protection against this kind of attacks is more and more necessary. These mechanisms are usually based on introducing redundancy, which leads to a greater consumption of resources or a longer processing time. This article presents how the introduction of placement restrictions on ciphers can make it difficult to inject faults by altering the clock signal. It is therefore a countermeasure that neither increases the consumption of resources nor the processing time. This mechanism has been tested on FPGA implementations of the Trivium cipher. Several tests have been performed on a Spartan 3E device from Xilinx and the experimental measurements have been carried out with ChipScope Pro. The tests showed that an adequate floorplanning is a good countermeasure against these kind of attacks.

FPGA design example for maximum operating frequency measurements
C.J. Jiménez-Fernandez, P. Parra-Fernandez, C. Baena-Oliva, M.Valencia-Barrero and F.E. Potestad-Ordoñez
Conference - Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2018
The best way to learn how to design digital systems at the RT level is to use practical examples. In addition, from a teaching point of view, the more practical they are, the more attractive to students. But for a design to be attractive, even if it is presented with a low complexity, it is not possible to do it in a single practice session. This paper presents, as a demonstrator, the design at RT level and its implementation in FPGA of a digital system that uses the Trivium flow cipher and on which measurements of maximum operating frequency are made. This circuit is designed in three laboratory sessions of about two hours each.

Distance measurement as a practical example of FPGA design
C.J. Jiménez-Fernandez, P. Parra-Fernandez, C. Baena-Oliva, M.Valencia-Barrero and F.E. Potestad-Ordoñez
Conference - Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2018
Digital design learning at the RT level requires practical examples and as learning progresses, the examples need to become more complex. FPGAs and development boards offer a very suitable platform for the implementation of these designs. However, classroom practice sessions usually last two hours, which does not allow the complexity of the designs be high enough. For this reason, interesting designs that can be made in several sessions are required In this paper, the construction of a distance measuring system is presented as a demonstrator. For this purpose, a distance measurement module based on ultrasound is available and the results are displayed in 7-segment displays on a Nexys4 board.

Vulnerability Analysis of Trivium FPGA Implementations
F.E. Potestad-Ordonez, C.J. Jimenez-Fernandez and M. Valencia-Barrero
Journal Paper - IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 12, pp 3380-3389, 2017
IEEE    DOI: 10.1109/TVLSI.2017.2751151    ISSN: 1063-8210    » doi
Today, the large amount of information ex-changed among various devices as well as the growth of the Internet of Things (IoT) demand the development of devices that ensure secure communications, preventing malicious agents from tapping sensitive data. Indeed, information security is one of the key challenges to address within the IoT field. Due to the strong resource constraints in some IoT applications, cryptographic algorithms affording lightweight implementations have been proposed. They constitute the so-called lightweight cryptography. A prominent example is the Trivium stream cipher, one of the finalists of the eSTREAM project. Although cryptographic algorithms are certainly simpler, one of their most critical vulnerability sources in terms of hardware implementations is side channel attacks. In this paper, it is studied the vulnerability of field-programmable gate array (FPGA) implementations of Trivium stream ciphers against fault attacks. The design and implementation of a system that alters the clock signal and checks the outcome is also described. A comparison between real and simulated fault injections is carried out in order to examine their veracity. The vulnerability of different versions of the Trivium cipher and their routing dependences has been tested in two different FPGA families. The results show that all versions of the Trivium cipher are vulnerable to fault attacks, although some versions are more vulnerable than others.

Fault Injection on FPGA implementations of Trivium Stream Cipher using Clock Attacks
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero
Conference - Workshop on Trustworthy Manufacturing and Utilization of Secure Devices TRUDEVICE 2016
Nowadays the security of cryptographic circuits is threatened not only by attacks on the algorithm, but also by attacks on the circuit implementation. They are the so-called side channel attacks and within such attacks are the Active Fault Analysis attacks. In literature, there are reported some vulnerability analysis of the Trivium stream cipher against Active Fault Analysis attacks using Differential Fault Analysis (DFA) [1][2]. The DFA technique is a side channel attack in which an attacker is able to inject a fault into the encryption or decryption process, thus retrieving the secret information. For the Trivium cypher, a fault is injected into the inner state. These works shown that if an attacker is able to inject only one fault in the inner state of the Trivium, the key could be retrieved, but none of them checks its feasibility on a specific hardware implementation. In this paper, it is presented an experimental analysis about the behaviour of FPGA implementations of Trivium ciphers against fault injection through the variation of the clock signal. In addition, it is made a comparative analysis between the experimental results obtained after the attack, and the expected results obtained by the simulation and timing analysis, that is, the fault positions of the Trivium inner state obtained experimentally and the fault positions expected by the timing analysis. This analysis was presented in [3] and results show the vulnerabilities of these implementations and the impossibility of determining the fault injections through simulation.

Experimental and Timing Analysis Comparison of FPGA Trivium Implementations Against Clock Fault Injection
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero
Conference - Conference on Design of Circuits and Integrated Systems DCIS 2016
The security of cryptocircuits is today threatened not only by attacks on algorithms but also, and above all, by attacks on the circuit implementations themselves. These are known as side channel attacks. One variety is the Active Fault Analysis attack, that can make a circuit vulnerable by changing its behavior in a certain way. This article presents an experimental fault insertion attack on an FPGA implementation of the Trivium stream cipher. It also compares the faults introduced with the faults expected after a timing analysis. The results show that this implementation is vulnerable to such attacks, and also that it is not possible to estimate the position of the inserted faults by means of timing analysis.

Fault Attack on FPGA Implementations of Trivium Stream Cipher
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero
Conference - IEEE International Symposium on Circuits and Systems, ISCAS 2016
This article presents the development of an experimental system to introduce faults in Trivium stream ciphers implemented on FPGA. The developed system has made possible to analyze the vulnerability of these implementations against fault attacks. The developed system consists of a mechanism that injects small pulses in the clock signal, and elements that analyze if a fault has been introduced, the number of faults introduced and its position in the inner state. The results obtained demonstrate the vulnerability of these implementations against fault attacks. As far as we know, this is the first time that experimental results of fault attack over Trivium are presented.

Low power implementation of Trivium stream cipher
J.M. Mora-Gutiérrez, C.J. Jiménez-Fernández, E. Potestad and M. Valencia-Barrero
Conference - Workshop on Cryptographic Hardware and Embedded Systems CHES 2015
Trivium is a synchronous stream cipher designed to generate up to 264 bits of key stream from an 80-bit secret key and an 80-bit initialization vector (IV). The architecture of this cipher is based on a 288-bit cyclic shift register accompanied by an array of combinational logic (AND, OR and XOR) to provide its feedback. The key stream generation consists mainly on an iterative process which updates some bits in the state register with logic operations to generate one bit of key stream.

Scopus access Wok access