IMSE Publications

Found results matching for:

Author: Javier Arcenegui Almenara
Year: Since 2002

Journal Papers

Secure Combination of IoT and Blockchain by Physically Binding IoT Devices to Smart Non-Fungible Tokens using PUFs
J. Arcenegui, R. Arjona, R. Román and I. Baturone
Journal Paper · Sensors, vol. 21, no. 9, article 3119, 2021
abstract      doi      pdf

Non-fungible tokens (NFTs) are widely used in blockchain to represent unique and non-interchangeable assets. Current NFTs allow representing assets by a unique identifier, as a possession of an owner. The novelty introduced in this paper is the proposal of smart NFTs to represent IoT devices, which are physical smart assets. Hence, they are also identified as the utility of a user, they have a blockchain account (BCA) address to participate actively in the blockchain transactions, they can establish secure communication channels with owners and users, and they operate dynamically with several modes associated with their token states. A smart NFT is physically bound to its IoT device thanks to the use of a physical unclonable function (PUF) that allows recovering its private key and, then, its BCA address. The link between tokens and devices is difficult to break and can be traced during their lifetime, because devices execute a secure boot and carry out mutual authentication processes with new owners and users that could add new software. Hence, devices prove their trusted hardware and software. A whole demonstration of the proposal developed with ESP32-based IoT devices and Ethereum blockchain is presented, using the SRAM of the ESP32 microcontroller as the PUF.

Secure Management of IoT Devices based on Blockchain Non-fungible Tokens and Physical Unclonable Functions
J. Arcenegui, R. Arjona and I. Baturone
Journal Paper · Lecture Notes in Computer Science, ACNS 2020: Applied Cryptography and Network Security Workshops, vol. 12418, pp 24-40, 2020
abstract      doi      

One of the most extended applications of blockchain technologies for the IoT ecosystem is the traceability of the data and operations generated and performed, respectively, by IoT devices. In this work, we propose a solution for secure management of IoT devices that participate in the blockchain with their own blockchain accounts (BCAs) so that the IoT devices themselves can sign transactions. Any blockchain participant (including IoT devices) can obtain and verify information not only about the actions or data they are taking but also about their manufacturers, managers (owners and approved), and users. Non Fungible Tokens (NFTs) based on the ERC-721 standard are proposed to manage IoT devices as unique and indivisible. The BCA of an IoT device, which is defined as an NFT attribute, is associated with the physical device since the secret seed from which the BCA is generated is not stored anywhere but a Physical Unclonable Function (PUF) inside the hardware of the device reconstructs it. The proposed solution is demonstrated and evaluated with a low-cost IoT device based on a Pycom Wipy 3.0 board, which uses the internal SRAM of the microcontroller ESP-32 as PUF. The operations it performs to reconstruct its BCA in Ethereum and to carry out transactions take a few tens of milliseconds. The smart contract programmed in Solidity and simulated in Remix requires low gas consumption.

Trusted Cameras on Mobile Devices based on SRAM Physically Unclonable Functions
R. Arjona, M.A. Prada-Delgado, J. Arcenegui and I. Baturone
Journal Paper · Sensors, vol. 18, no. 10, art, 3352, 2018
abstract      doi      pdf

Nowadays, there is an increasing number of cameras placed on mobile devices connected to the Internet. Since these cameras acquire and process sensitive and vulnerable data in applications such as surveillance or monitoring, security is essential to avoid cyberattacks. However, cameras on mobile devices have constraints in size, computation and power consumption, so that lightweight security techniques should be considered. Camera identification techniques guarantee the origin of the data. Among the camera identification techniques, Physically Unclonable Functions (PUFs) allow generating unique, distinctive and unpredictable identifiers from the hardware of a device. PUFs are also very suitable to obfuscate secret keys (by binding them to the hardware of the device) and generate random sequences (employed as nonces). In this work, we propose a trusted camera based on PUFs and standard cryptographic algorithms. In addition, a protocol is proposed to protect the communication with the trusted camera, which satisfies authentication, confidentiality, integrity and freshness in the data communication. This is particularly interesting to carry out camera control actions and firmware updates. PUFs from Static Random Access Memories (SRAMs) are selected because cameras typically include SRAMs in its hardware. Therefore, additional hardware is not required and security techniques can be implemented at low cost. Experimental results are shown to prove how the proposed solution can be implemented with the SRAM of commercial Bluetooth Low Energy (BLE) chips included in the communication module of the camera. A proof of concept shows that the proposed solution can be implemented in low-cost cameras.

A PUF-and biometric-based lightweight hardware solution to increase security at sensor nodes
R. Arjona, M.A. Prada-Delgado, J. Arcenegui and I. Baturone
Journal Paper · Sensors, vol. 18, no. 8, article 2429, 2018
abstract      doi      pdf

Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure storage of secret keys is required. In this work, a low-cost solution is presented to obfuscate secret keys with Physically Unclonable Functions (PUFs), which exploit the hardware identity of the node. In addition, a lightweight fingerprint recognition solution is proposed, which can be implemented in low-cost sensor nodes. Since biometric data of individuals are sensitive, they are also obfuscated with PUFs. Both solutions allow authenticating the origin of the sensed data with a proposed dual-factor authentication protocol. One factor is the unique physical identity of the trusted sensor node that measures them. The other factor is the physical presence of the legitimate individual in charge of authorizing their transmission. Experimental results are included to prove how the proposed PUF-based solution can be implemented with the SRAMs of commercial Bluetooth Low Energy (BLE) chips which belong to the communication module of the sensor node. Implementation results show how the proposed fingerprint recognition based on the novel texture-based feature named QFingerMap16 (QFM) can be implemented fully inside a low-cost sensor node. Robustness, security and privacy issues at the proposed sensor nodes are discussed and analyzed with experimental results from PUFs and fingerprints taken from public and standard databases.

Using Physical Unclonable Functions for Internet-of-Thing Security Cameras
R. Arjona, M.A. Prada-Delgado, J. Arcenegui and I. Baturone
Journal Paper · Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (LNICST), vol. 242, pp 144-153, 2018
abstract      doi      

This paper proposes a low-cost solution to develop IoT security cameras. Integrity and confidentiality of the image data is achieved by using the cryptographic modules that implement symmetric key-based techniques which are usually available in the hardware of the IoT cameras. The novelty of this proposal is that the secret key required is not stored but reconstructed from public data and from the start-up values of a SRAM in the camera hardware acting as a PUF (Physical Unclonable Function), so that the physical authenticity of the camera is also ensured. The variability of the start-up values of the SRAM is also exploited to change the IV (initialization vector) in the encryption algorithm, thus increasing security. All the steps to be carried out by the IoT camera at enrollment and normal operation can be included in a simple firmware to be executed by the camera. In addition, this firmware can be trustworthy updated. There is no need to include specific hardware (such as TPMs) but only an SRAM is needed which could be powered down and up by firmware.


HardBlock: Demonstrator of physically binding an IoT device to a non-fungible token in Ethereum blockchain
J. Arcenegui, R. Arjona and I. Baturone
Conference · Design, Automation and Test in Europe DATE 2021

Nowadays, blockchain is a growing technology in the Internet of Thing (IoT) ecosystem. In this work, we show a demonstrator of an IoT device bound to a Non-Fungible Token (NFT) based on the ERC-721 standard of Ethereum blockchain. The advantages of our solution is that IoT devices can be controlled securely by events from the blockchain and authenticated users, besides being able to carry out blockchain transactions. The IoT device generates its own Blockchain Account (BCA) using a secret seed firstly generated by a True Random Number Generator (TRNG) and then reconstructed by a Physical Unclonable Function (PUF). A Pycom Wipy 3.0 board with the ESP32 microcontroller is employed as IoT device. The internal SRAM of the microcontroller acts as PUF and TRNG. The SRAM is controlled by a firmware developed in ESP-IDF. A smart contract developed in Solidity using Remix IDE creates the token. Kovan testnet and a Graphical User Interface programmed in Python are employed to show the results.

Hardware Security for eXtended Merkle Signature Scheme using SRAM-based PUFs and TRNGs
R. Román, R. Arjona, J. Arcenegui and I. Baturone
Conference · International Conference on Microelectronics ICM 2020

Due to the expansion of the Internet of Things (IoT), there is an increasing number of interconnected devices around us. Integrity, authentication and non-repudiation of data exchanged between them is becoming a must. This can be achieved by means of digital signatures. In recent years, the eXtended Merkle Signature Scheme (XMSS) has gained popularity in embedded systems because of its simple implementation, post-quantum security, and minimal security assumptions. From a hardware point of view, the security of digital signatures strongly depends on how the private keys are generated and stored. In this work, we propose the use of SRAMs as True Random Generators (TRNGs) and Physically Unclonable Functions (PUFs) to generate and reconstruct XMSS keys in a trusted way. We achieve a low-cost solution that only adds lightweight operations to the signature itself, such as repetition decoding and XORing, and does not require additional hardware (like secure non-volatile memories) since the manufacturing variations of the SRAM inside the IoT device are exploited. As a proof of concept, the solution was implemented in an IoT board based on the ESP32 microcontroller.

How to Implement a Fingerprint Recognition Algorithm into a Wearable Device
R. Arjona, J. Arcenegui and I. Baturone
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2020

This work describes how to implement a fingerprint recognition algorithm into an ARM Cortex-M3 microcontroller included in a Texas Instruments LaunchPad CC2650 evaluation kit. The application context is the realization of a wearable device for biometrics security. On the one hand, the students become familiar with wearable devices whose basic component is a low power microcontroller. On the other hand, the students learn about a security application based on fingerprint recognition, which employs typical operations of image processing.

Demonstrator of a Fingerprint Recognition Algorithm into a Low-Power Microcontroller
J. Arcenegui, R. Arjona and I. Baturone
Conference · Conference on Design and Architectures for Signal and Image Processing DASIP 2017

A demonstrator has been developed to illustrate the performance of a lightweight fingerprint recognition algorithm based on the fingerprint feature QFingerMap16, which is extracted from a window of the directional image (containing 16 direction values) centered at the convex core of the fingerprint. The algorithm has been implemented into a low-power ARM Cortex-M3 microcontroller included in a Texas Instruments LaunchPad CC2650 evaluation kit. It has been also implemented in a Raspberry Pi 2 so as to show the results obtained at the successive steps of the recognition process with the aid of a Graphical User Interface (GUI).


No results

Book Chapters

No results

Other publications

No results

  • Journals585
  • Conferences1172
  • Books30
  • Book chapters81
  • Others9
  • 20246
  • 202335
  • 202281
  • 202183
  • 2020103
  • 201977
  • 2018106
  • 2017111
  • 2016104
  • 2015111
  • 2014104
  • 201380
  • 2012108
  • 2011102
  • 2010120
  • 200977
  • 200867
  • 200770
  • 200665
  • 200578
  • 200468
  • 200362
  • 200259