Publicaciones del IMSE

Encontrados resultados para:

Autor: Francisco E. Potestad Ordóñez
Año: Desde 2002

Artículos de revistas


Design and Evaluation of Countermeasures Against Fault Injection Attacks and Power Side-Channel Leakage Exploration for AES Block Cipher
F.E. Potestad-Ordóñez, E. Tena-Sánchez, A.J. Acosta-Jiménez, C.J. Jiménez-Fernández and R. Chaves
Journal Paper · IEEE Access, vol. 10, pp 65548-65561, 2022
resumen      doi      

Differential Fault Analysis (DFA) and Power Analysis (PA) attacks, have become the main methods for exploiting the vulnerabilities of physical implementations of block ciphers, currently used in a multitude of applications, such as the Advanced Encryption Standard (AES). In order to minimize these types of vulnerabilities, several mechanisms have been proposed to detect fault attacks. However, these mechanisms can have a significant cost, not fully covering the implementations against fault attacks or not taking into account the leakage of the information exploitable by the power analysis attacks. In this paper, four different approaches are proposed with the aim of protecting the AES block cipher against DFA. The proposed solutions are based on Hamming code and parity bits as signature generators for the internal state of the AES cipher. These allow to detect DFA exploitable faults, from bit to byte level. The proposed solutions have been applied to a T-box based AES block cipher implemented on Field Programmable Gate Array (FPGA). Experimental results suggest a fault coverage of 98.5% and 99.99% with an area penalty of 9% and 36% respectively, for the parity bit signature generators and a fault coverage of 100% with an area penalty of 18% and 42% respectively when Hamming code signature generator is used. In addition, none of the proposed countermeasures impose a frequency degradation, in respect to the unprotected cipher. The proposed work goes further in the evaluation of the proposed DFA countermeasures by evaluating the impact of these structures in terms of power side-channel. The obtained results suggest that no extra information leakage is produced that can be exploited by PA. Overall, the proposed DFA countermeasures provide a high fault coverage protection with a low cost in terms of area and power consumption and no PA security degradation.

Hardware Countermeasures Benchmarking against Fault Attacks
F.E. Potestad-Ordóñez, E. Tena-Sánchez, A.J. Acosta, C.J. Jiménez-Fernández and R. Chaves
Journal Paper · Applied Sciences, vol. 12, no. 5, article 2443, 2022
resumen      doi      

The development of differential fault analysis (DFA) techniques and mechanisms to inject faults into cryptographic circuits brings with it the need to use protection mechanisms that guarantee the expected level of security. The AES cipher, as a standard, has been the target of numerous DFA techniques, where its security has been compromised through different formulations and types of fault injections. These attacks have shown vulnerabilities of different AES implementations and building blocks. Consequently, several solutions have been proposed that provide additional protection to cover the identified vulnerabilities. In this paper, an extensive analysis has been carried out covering the existing fault injection techniques, the types of faults, and the requirements needed to apply DFA. Additionally, an analysis of the countermeasures reported in the literature is also presented, considering the protection provided, the type of faults considered, and the coverage against fault attacks. The eight different types of fault that allow us to perform DFAs on the AES cipher have been differentiated, as well as the vulnerabilities of the cipher. On the other hand, two comparisons have been made considering frequency penalty vs. area and fault coverage vs. area and frequency overhead. A metric has been proposed to compare the fault coverage of all the proposed solutions. To conclude, a final analysis is presented discussing the key aspects when choosing a particular solution and the possible development of new countermeasures to provide further protection against DFA.

Gate-Level Hardware Countermeasure Comparison against Power Analysis Attacks
E. Tena-Sánchez, F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández, A.J. Acosta and R. Chaves
Journal Paper · Applied Sciences, vol. 12, no. 5, article 2390, 2022
resumen      doi      

The fast settlement of privacy and secure operations in the Internet of Things (IoT) is appealing in the selection of mechanisms to achieve a higher level of security at minimum cost and with reasonable performances. All these aspects have been widely considered by the scientific community, but more effort is needed to allow the crypto-designer the selection of the best style for a specific application. In recent years, dozens of proposals have been presented to design circuits resistant to power analysis attacks. In this paper, a deep review of the state of the art of gate-level countermeasures against power analysis attacks has been carried out, performing a comparison between hiding approaches (the power consumption is intended to be the same for all the data processed) and the ones considering a masking procedure (the data are masked and behave as random). The most relevant proposals in the literature, 35 for hiding and 6 for masking, have been analyzed, not only by using data provided by proposers, but also those included in other references for comparison. Advantages and drawbacks of the proposals are analyzed, showing quantified data for cost, performance (delay and power), and security when available. One of the main conclusions is that the RSL proposal is the best in masking, while TSPL, HDRL, SDMLp, 3sDDL, TDPL, and SABL are those with the best security performance figures. Nevertheless, a wise combination of hiding and masking as masked_SABL presents promising results.

Trivium Stream Cipher Countermeasures Against Fault Injection Attacks and DFA
F.E. Potestad-Ordonez, E. Tena-Sanchez, J.M. Mora-Gutierrez, M. Valencia-Barrero and C.J. Jimenez-Fernandez
Journal Paper · IEEE Access, vol. 9, pp 168444-168454, 2021
resumen      doi      

Attacks on cryptocircuits are becoming increasingly sophisticated, requiring designers to include more and more countermeasures in the design to protect it against malicious attacks. Fault Injection Attacks and Differential Fault Analysis have proven to be very dangerous as they are able to retrieve the secret information contained in cryptocircuits. In this sense, Trivium cipher has been shown to be vulnerable to this type of attack. This paper presents four different fault detection schemes to protect Trivium stream cipher implementations against fault injection attacks and differential fault analysis. These countermeasures are based on the introduction of hardware redundancy and signature analysis to detect fault injections during encryption or decryption operations. This prevents the attacker from having access to the faulty key stream and performing differential fault analysis. In order to verify the correct operation and the effectiveness of the presented schemes, an experimental system of non-invasive active attacks using the clock signal in FPGA has been designed. This system allows to know the fault coverage for both multiple and single faults. In addition, the results of area consumption, frequency degradation, and fault detection latency for FPGA and ASIC implementations are presented. The results show that all proposed countermeasures are able to provide a fault coverage above 79% and one of them reaches a coverage of 99.99%. It has been tested that the number of cycles for fault detection is always lower than the number of cycles needed to apply the differential fault analysis reported in the literature for the Trivium cipher.

Experimental FIA Methodology using Clock and Control Signal Modifications under Power Supply and Temperature Variations
F.E. Potestad-Ordóñez, E. Tena-Sánchez, J.M. Mora-Gutierrez, M. Valencia-Barrero and C.J. Jiménez-Fernández
Journal Paper · Sensors, vol. 21, no. 22, article 7596, 2021
resumen      doi      pdf

The security of cryptocircuits is determined not only for their mathematical formulation, but for their physical implementation. The so-called fault injection attacks, where an attacker inserts faults during the operation of the cipher to obtain a malfunction to reveal secret information, pose a serious threat for security. These attacks are also used by designers as a vehicle to detect security flaws and then protect the circuits against these kinds of attacks. In this paper, two different attack methodologies are presented based on inserting faults through the clock signal or the control signal. The optimization of the attacks is evaluated under supply voltage and temperature variation, experimentally determining the feasibility through the evaluation of different Trivium versions in 90 nm ASIC technology implementations, also considering different routing alternatives. The results show that it is possible to inject effective faults with both methodologies, improving fault efficiency if the power supply voltage decreases, which requires only half the frequency of the short pulse inserted into the clock signal to obtain a fault. The clock signal modification methodology can be extended to other NLFSR-based cryptocircuits and the control signal-based methodology can be applied to both block and stream ciphers.

Breaking Trivium Stream Cipher Implemented in ASIC using Experimental Attacks and DFA
F.E. Potestad-Ordóñez, M. Valencia-Barrero, C. Baena-Oliva, P. Parra-Fernández and C.J. Jiménez-Fernández
Journal Paper · Sensors, vol. 20, no.23, article 6909, 2020
resumen      doi      

One of the best methods to improve the security of cryptographic systems used to exchange sensitive information is to attack them to find their vulnerabilities and to strengthen them in subsequent designs. Trivium stream cipher is one of the lightweight ciphers designed for security applications in the Internet of things (IoT). In this paper, we present a complete setup to attack ASIC implementations of Trivium which allows recovering the secret keys using the active non-invasive technique attack of clock manipulation, combined with Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject effective transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. Finally, a backward version of Trivium was also designed to go back and get the secret keys from the initial internal states. The key recovery has been verified with numerous simulations data attacks and used with the experimental data obtained from the Application Specific Integrated Circuit (ASIC) Trivium. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.

An Academic Approach to FPGA Design Based on a Distance Meter Circuit
C.J. Jimenez-Fernandez, C. Baena-Oliva, P. Parra-Fernandez, F.E. Potestad-Ordonez and M. Valencia-Barrero
Journal Paper · IEEE Revista Iberoamericana de Tecnologías del Aprendizaje, vol. 15, no. 3, pp 123-128, 2020
resumen      doi      

Digital design learning at Register Transfer (RT) level requires practical and complex examples as learning progresses. FPGAs and development boards offer a suitable platform for the implementation of these designs. However, classroom practice sessions usually last two hours, which does not allow the complexity of the designs be high enough. For this reason, interesting designs that can be made in several sessions are required. In this paper, the construction of a distance measuring system is presented. For this purpose, a distance measurement module based on ultrasound is available, the results are displayed in 7-segment displays on a Nexys4 board. This approach has been applied to three Electronic subjects at the University of Seville. The degree of satisfaction on the part of the students as well as the result of the evaluation of the experience by the teachers involved are shown.

Vulnerability Analysis of Trivium FPGA Implementations
F.E. Potestad-Ordonez, C.J. Jimenez-Fernandez and M. Valencia-Barrero
Journal Paper · IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 25, no. 12, pp 3380-3389, 2017
resumen      doi      

Today, the large amount of information ex-changed among various devices as well as the growth of the Internet of Things (IoT) demand the development of devices that ensure secure communications, preventing malicious agents from tapping sensitive data. Indeed, information security is one of the key challenges to address within the IoT field. Due to the strong resource constraints in some IoT applications, cryptographic algorithms affording lightweight implementations have been proposed. They constitute the so-called lightweight cryptography. A prominent example is the Trivium stream cipher, one of the finalists of the eSTREAM project. Although cryptographic algorithms are certainly simpler, one of their most critical vulnerability sources in terms of hardware implementations is side channel attacks. In this paper, it is studied the vulnerability of field-programmable gate array (FPGA) implementations of Trivium stream ciphers against fault attacks. The design and implementation of a system that alters the clock signal and checks the outcome is also described. A comparison between real and simulated fault injections is carried out in order to examine their veracity. The vulnerability of different versions of the Trivium cipher and their routing dependences has been tested in two different FPGA families. The results show that all versions of the Trivium cipher are vulnerable to fault attacks, although some versions are more vulnerable than others.

Congresos


Teaching based on proposed by students designs: a case study
C.J. Jimenez-Fernandez, C. Baena-Oliva, P. Parra-Fernandez, M. Valencia-Barrero, F.E. Potestad-Ordoñez, E. Tena-Sanchez and A. Gallardo-Soto
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2022
resumen     

Learning digital design at RT level is enhanced by practical, lab-based tasks. These tasks, if chosen appropriately, can be highly motivating. The fact that the proposal is attractive to students is an important incentive. Working with FPGAs and development boards is a very suitable tool for carrying out designs of varying complexity. This paper presents an experience developed in the Advanced Digital Design course (4th year of the Degree) consisting of a design on FPGA proposed by the students themselves based on some common specifications, such as the use of a matrix of 8x8 LEDs and that the design has to interact with some external element.

Methodology and comparison of evaluation methods in electronic laboratories
E. Tena-Sanchez, F.E. Potestad-Ordonez, J.I. Guerrero-Alonso, D.F. Larios-Marin and J. Luque-Rodriguez
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2022
resumen     

There are different methodologies for the evaluation of the experimental development of students in university technical schools. Specifically, in electronic laboratories, the evaluation of the acquired competencies is not a simple task due to the large number of factors involved. In this work, an evaluation methodology is proposed consisting of voluntary laboratory sessions and a final exam. On the other hand, this methodology is compared with the previous one consisting of compulsory laboratory sessions, the evaluation of theoretical studies prior to the laboratory session, and continuous evaluation through the submission of practical reports during each session. In addition to the objective data on the number of fail/pass, we will present the impressions of both students and teachers who applied this methodology, as well as the most significant changes observed both in the attitude of the students and in the workload of both students and teachers.

ICs tester design and its effect on application in electronics laboratories
F.E. Potestad-Ordonez, C.J. Jimenez-Fernandez, A. Gallardo-Soto, M. Valencia-Barrero, C. Baena-Oliva, P. Parra-Fernandez and E. Tena-Sanchez
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2022
resumen     

One of the best methods to help students assimilate the theoretical concepts about electronic circuits is to perform laboratory sessions with real components. Therefore, the use of integrated circuits in electronics laboratory sessions and exams is very common. Since the electronic training of the students is very different, it is frequent that the devices break and become useless after a bad connection or manipulation. This paper presents the design of an integrated circuit tester, specifically the 741 and 74LS00. The effect observed on the attitude of the students after using the device (functionality check performed with the student there), before the practical sessions and laboratory exams, will be presented, and the different impressions from the point of view of the teachers will be analyzed.

Implementación hardware de un algoritmo ligero de cifrado
C. Fernández-García, V. Zúñiga-Ginzález, A. Casado-Galán, E. Tena-Sácnhez, F.E. Potestad-Ordóñez and C.J. Jiménez-Fernández
Conference · IX Jornadas de I+D+i & 1st International Workshop on STEM
resumen     

Abstract not available

Desarrollo de setup experimental para la realización de cartografía EM en sistemas criptográficos
A. Casado-Galán, V. Zúñiga-González, F.E. Potestad-Ordóñez, C. Fernández-García, C.J. Jiménez- Fernández and E. Tena-Sácnhez
Conference · IX Jornadas de I+D+i & 1st International Workshop on STEM
resumen     

El objetivo de la criptografía es garantizar la confidencialidad, integridad y disponibilidad de la información. En los dispositivos electrónicos, protegemos la información por medio de algoritmos criptográficos. Estos transforman la secuencia mediante operaciones matemáticas en diversas iteraciones haciendo que la información sea, con la potencia computacional de la que disponemos actualmente, imposible de recuperar sin conocer una determinada clave. Si bien teóricamente estos algoritmos son seguros, la implementación en circuitos electrónicos abre la puerta a vulnerabilidades que se pueden explotar para obtener información sobre el mensaje cifrado. Midiendo, por ejemplo, la emisión electromagnética (EM) de un circuito con instrumental apropiado para ello y tenemos un modelo matemático de este lo suficientemente preciso, podemos hackear el dispositivo y obtener la clave o mensaje cifrado. Este trabajo se centra en el desarrollo experimental de un setup de medida para realizar la cartografía EM de los sistemas criptográficos. Esto permite determinar los puntos de máxima emisión de información atacable. El setup experimental propuesto está totalmente automatizado desde un PC, donde con una mesa XY y el posicionamiento fijo de la sonda EM se puede barrer el área completa del dispositivo bajo test y capturar la emisión EM en cada punto.

Review of Breaking Trivium Stream Cipher Implemented in ASIC using Experimental Attacks and DFA
F.E. Potestad-Ordoñez, E. Tena-Sánchez, C. Fernández-García, V. Zúñiga-González, J.M. Mora Gutiérrez, C. Baena-Oliva, P. Parra-Fernández, A.J. Acosta-Jiménez and C.J. Jiménez-Fernández
Conference · Jornadas Nacionales de Investigación en Ciberseguridad JNIC 2022
resumen     

In this paper, we present a review of the work [1]. In this work a complete setup to break ASIC implementations of standard Trivium stream cipher was presented. The setup allows to recover the secret keys combining the use of the active noninvasive technique attack of clock manipulation and Differential Fault Analysis (DFA) cryptanalysis. The attack system is able to inject transient faults into the Trivium in a clock cycle and sample the faulty output. Then, the internal state of the Trivium is recovered using the DFA cryptanalysis through the comparison between the correct and the faulty outputs. The secret key of the Trivium were recovered experimentally in 100% of the attempts, considering a real scenario and minimum assumptions.
[1] F.E. Potestad-Ordoñez, M. Valencia-Barrero, C. Baena-Oliva, P. Parra-Fernández, C.J. Jiménez-Fernández, "Breaking Trivium Stream Cipher Implemented in ASIC using Experimental Attacks and DFA". In Sensors, vol. 20, num. 6909, pp. 1-19, 2020.

Review of Gate-Level Hardware Countermeasure Comparison Against Power Analysis Attacks
E. Tena-Sánchez, F.E. Potestad-Ordoñez, V. Zúñiga-González, C. Fernández-García, J.M. Mora Gutiérrez, C.J. Jiménez-Fernández and A.J. Acosta-Jiménez
Conference · Jornadas Nacionales de Investigación en Ciberseguridad JNIC 2022
resumen     

In this paper, we present a review of the work [1]. The fast settlement of Privacy and Secure operations in the Internet of Things (IoT) is appealing the selection of mechanisms to achieve a higher level of security at the minimum cost and with reasonable performances. In recent years, dozens of proposals have been presented to design circuits resistant to Power Analysis attacks. In this paper a deep review of the state of the art of gate-level countermeasures against Power Analysis attacks has been done, performing a comparison between hiding approaches (the power consumption is intended to be the same for all the data processed) and the ones considering a masking procedure (the data are masked and behave as random). The most relevant proposals in the literature, 35 for hiding and 6 for masking, have been analyzed, not only by using data provided by proposers, but also those included in other references for comparison.
[1] E. Tena-Sánchez, F.E. Potestad-Ordoñez, C.J. Jiménez-Fernández, A.J. Acosta and R. Chaves, "Gate-Level Hardware Countermeasure Comparison against Power Analysis Attacks," Applied Sciences, 12(5), 2390, 2022.

Adaptación de prácticas de laboratorios de Electrónica y Automatización a una modalidad semipresencial
E. Tena-Sánchez, F.E. Potestad-Ordóñez, M. Valencia-Barrero, A.J. Acosta and C.J. Jiménez-Fernández
Conference · Congreso Universitario de Innovación Educativa en las Enseñanzas Técnicas CUIEET 2021
resumen     

En el curso 20/21, debido a la situación de pandemia mundial, tanto las clases teóricas como las prácticas sufrieron importantes cambios, además de los que se seguirán adoptando en próximos años. En este trabajo se exponen los problemas observados en las clases de laboratorio, más concretamente en la adecuación de los laboratorios de electrónica y automatización, donde el equipamiento y la capacidad ya eran limitados y se han agravado drásticamente por el problema de no poder juntar dos alumnos por puesto. Esto implica dividir el grupo en subgrupos, y plantear nuevos modelos didácticos adaptados a esta situación.

Learning VHDL through teamwork FPGA game design
C.J. Jimenez-Fernandez, C. Baena-Oliva, P. Parra-Fernandez, A. Gallardo-Soto, F.E Potestad-Ordoñez and M. Valencia-Barrero
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2020
resumen     

The learning of digital design at the RT level by the students improves with practical work, which can be developed in teams, allow both the gradual advance of complexity as the learning progresses, and the proposal to be attractive to them, such as playing simple games. FPGAs and development boards offer a very suitable platform for the implementation of these designs. This paper presents a work in the Advanced Digital Design course (4th year of the Degree) consisting of the construction of a slightly adapted version of the game "Simon Says" in which the player must memorize a sequence that becomes more difficult for as levels pass. The work, which occupies the second half of the semester, is carried out by teams of three students and must have a demonstrator implemented on a Digilent Nexys4-DDR board.

Hamming-Code Based Fault Detection Design Methodology for Block Ciphers
F E. Potestad-Ordóñez, E. Tena-Sánchez, R. Chaves, M. Valencia-Barrero, A.J. Acosta-Jiménez and C.J. Jiménez-Fernández
Conference · IEEE International Symposium on Circuits and Systems ISCAS 2020
resumen     

Fault injection, in particular Differential Fault Analysis (DFA), has become one of the main methods for exploiting vulnerabilities into the block ciphers currently used in a multitude of applications. In order to minimize this type of vulnerabilities, several mechanisms have been proposed to detect this type of attacks. However, these mechanisms can have a significant cost or not adequately cover the implementations against fault attacks. In this paper a novel approach is proposed, consisting in generating the signatures of the internal state using a Hamming code. This allows to cover a larger amount of faults allowing to detect even or odd bit changes, as well as multi-bit and multi-byte changes, the ones that make ciphers more vulnerable to DFA attacks. As case of study, this approach has been applied to the Advanced Encryption Standard (AES) block cipher implemented on FPGA using T-boxes. The results suggest a higher fault coverage with an overhead of 16% of resource consumption and without any penalty in the frequency degradation.

Floorplanning as a practical countermeasure against clock fault attack in Trivium stream cipher
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández, M. Valencia-Barrero, C. Baena and P. Parra
Conference · Conference on Design of Circuits and Integrated Systems DCIS 2018
resumen     

The fault injection in ciphers operation is a very successful mechanism to attack them. The inclusion of elements of protection against this kind of attacks is more and more necessary. These mechanisms are usually based on introducing redundancy, which leads to a greater consumption of resources or a longer processing time. This article presents how the introduction of placement restrictions on ciphers can make it difficult to inject faults by altering the clock signal. It is therefore a countermeasure that neither increases the consumption of resources nor the processing time. This mechanism has been tested on FPGA implementations of the Trivium cipher. Several tests have been performed on a Spartan 3E device from Xilinx and the experimental measurements have been carried out with ChipScope Pro. The tests showed that an adequate floorplanning is a good countermeasure against these kind of attacks.

FPGA design example for maximum operating frequency measurements
C.J. Jiménez-Fernandez, P. Parra-Fernandez, C. Baena-Oliva, M.Valencia-Barrero and F.E. Potestad-Ordoñez
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2018
resumen     

The best way to learn how to design digital systems at the RT level is to use practical examples. In addition, from a teaching point of view, the more practical they are, the more attractive to students. But for a design to be attractive, even if it is presented with a low complexity, it is not possible to do it in a single practice session. This paper presents, as a demonstrator, the design at RT level and its implementation in FPGA of a digital system that uses the Trivium flow cipher and on which measurements of maximum operating frequency are made. This circuit is designed in three laboratory sessions of about two hours each.

Distance measurement as a practical example of FPGA design
C.J. Jiménez-Fernandez, P. Parra-Fernandez, C. Baena-Oliva, M.Valencia-Barrero and F.E. Potestad-Ordoñez
Conference · Congreso de Tecnología, Aprendizaje y Enseñanza de la Electrónica TAEE 2018
resumen     

Digital design learning at the RT level requires practical examples and as learning progresses, the examples need to become more complex. FPGAs and development boards offer a very suitable platform for the implementation of these designs. However, classroom practice sessions usually last two hours, which does not allow the complexity of the designs be high enough. For this reason, interesting designs that can be made in several sessions are required In this paper, the construction of a distance measuring system is presented as a demonstrator. For this purpose, a distance measurement module based on ultrasound is available and the results are displayed in 7-segment displays on a Nexys4 board.

Fault Injection on FPGA implementations of Trivium Stream Cipher using Clock Attacks
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero
Conference · Workshop on Trustworthy Manufacturing and Utilization of Secure Devices TRUDEVICE 2016
resumen     

Nowadays the security of cryptographic circuits is threatened not only by attacks on the algorithm, but also by attacks on the circuit implementation. They are the so-called side channel attacks and within such attacks are the Active Fault Analysis attacks. In literature, there are reported some vulnerability analysis of the Trivium stream cipher against Active Fault Analysis attacks using Differential Fault Analysis (DFA) [1][2]. The DFA technique is a side channel attack in which an attacker is able to inject a fault into the encryption or decryption process, thus retrieving the secret information. For the Trivium cypher, a fault is injected into the inner state. These works shown that if an attacker is able to inject only one fault in the inner state of the Trivium, the key could be retrieved, but none of them checks its feasibility on a specific hardware implementation. In this paper, it is presented an experimental analysis about the behaviour of FPGA implementations of Trivium ciphers against fault injection through the variation of the clock signal. In addition, it is made a comparative analysis between the experimental results obtained after the attack, and the expected results obtained by the simulation and timing analysis, that is, the fault positions of the Trivium inner state obtained experimentally and the fault positions expected by the timing analysis. This analysis was presented in [3] and results show the vulnerabilities of these implementations and the impossibility of determining the fault injections through simulation.

Experimental and Timing Analysis Comparison of FPGA Trivium Implementations Against Clock Fault Injection
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero
Conference · Conference on Design of Circuits and Integrated Systems DCIS 2016
resumen     

The security of cryptocircuits is today threatened not only by attacks on algorithms but also, and above all, by attacks on the circuit implementations themselves. These are known as side channel attacks. One variety is the Active Fault Analysis attack, that can make a circuit vulnerable by changing its behavior in a certain way. This article presents an experimental fault insertion attack on an FPGA implementation of the Trivium stream cipher. It also compares the faults introduced with the faults expected after a timing analysis. The results show that this implementation is vulnerable to such attacks, and also that it is not possible to estimate the position of the inserted faults by means of timing analysis.

Fault Attack on FPGA Implementations of Trivium Stream Cipher
F.E. Potestad-Ordóñez, C.J. Jiménez-Fernández and M. Valencia-Barrero
Conference · IEEE International Symposium on Circuits and Systems, ISCAS 2016
resumen     

This article presents the development of an experimental system to introduce faults in Trivium stream ciphers implemented on FPGA. The developed system has made possible to analyze the vulnerability of these implementations against fault attacks. The developed system consists of a mechanism that injects small pulses in the clock signal, and elements that analyze if a fault has been introduced, the number of faults introduced and its position in the inner state. The results obtained demonstrate the vulnerability of these implementations against fault attacks. As far as we know, this is the first time that experimental results of fault attack over Trivium are presented.

Low power implementation of Trivium stream cipher
J.M. Mora-Gutiérrez, C.J. Jiménez-Fernández, E. Potestad and M. Valencia-Barrero
Conference · Workshop on Cryptographic Hardware and Embedded Systems CHES 2015
resumen     

Trivium is a synchronous stream cipher designed to generate up to 264 bits of key stream from an 80-bit secret key and an 80-bit initialization vector (IV). The architecture of this cipher is based on a 288-bit cyclic shift register accompanied by an array of combinational logic (AND, OR and XOR) to provide its feedback. The key stream generation consists mainly on an iterative process which updates some bits in the state register with logic operations to generate one bit of key stream.

Libros


No hay resultados

Capítulos de libros


No hay resultados

Otras publicaciones


No hay resultados

  • Revistas583
  • Congresos1170
  • Libros30
  • Capítulos de libros81
  • Otros9
  • 20242
  • 202335
  • 202281
  • 202183
  • 2020103
  • 201977
  • 2018106
  • 2017111
  • 2016104
  • 2015111
  • 2014104
  • 201380
  • 2012108
  • 2011102
  • 2010120
  • 200977
  • 200867
  • 200770
  • 200665
  • 200578
  • 200468
  • 200362
  • 200259
INVESTIGACIÓN
COMPARTIR