An Innovative Strategy Based on Secure Element for Cyber–Physical Authentication in Safety-Critical Manufacturing Supply Chain

This research has been founded by the European Union’s Horizon 2020 Research and Innovation program under grant agreement No. 871518, a project named, A COmprehensive cyber-intelligence framework for resilient coLLABorative manufacturing Systems, COLLABS [55].The accurate tracking of every production step and related outcome in a supply chain is a stringent requirement in safety-critical sectors such as civil aviation. In such a framework, trusted traceability and accountability can be reliably and securely managed by means of blockchain-based solutions. Unfortunately, blockchain cannot guarantee the provenance and accuracy of the stored information. To overcome such a limitation, this paper proposes a secure solution to strongly rely on the tracking information of the physical assets in the supply chain. The proposed solution exploits Hardware Security Modules (HSMs) to provide required cryptographic primitives through a Near-Field Communication (NFC) connection. In our approach, each transfer of the assets is authenticated, verified, and recorded in the blockchain through the HSM. Transaction entries are signed, thus providing a guarantee of ownership and authenticity. The proposed infrastructure has been subject of an exhaustive security analysis and proved resilient against counterfeiting attempts, stakeholder repudiations, and misleading information.Horizon 2020 Framework Programme 871518 H202

Table-Free Seed Generation for Hardware Newton–Raphson Square Root and Inverse Square Root Implementations in IoT Devices

Consejeríaa de Economía y Conocimiento de la Junta de Andalucía y el Fondo Europeo de Desarrollo Regional (FEDER) bajo el proyecto B-TIC-588-UGR2

A compact model of the ZARC for circuit simulators in the frequency and time domains

Equivalent-circuit models containing fractional-order elements are often employed to make use of fractionalorder calculus in the frequency and time domains in a variety of applications. Many of these circuits contain constant-phase elements that appear in parallel with a resistor in a configuration called ZARC. But to avoid fractional order derivatives and include it in circuit simulators, the ZARC itself can also be replaced by equivalent circuit models that only contain integer order elements, such as resistors and capacitors. In this article, a novel compact model is presented to substitute the ZARC by a multiple-RC network. This model is valid for a continuous value of the order exponent and is applicable over a very wide range of frequencies, making it useful in both the frequency and time domains. Since it uses only basic functions and operators, it has been easily implemented as a subcircuit in circuit simulators. The validity of the model has been verified and it has been compared with some previously proposed passive circuit models. The model has also been discussed in relation to the initialization problem, which is an often overlooked challenge in fractional-order circuits.Universidad de Granada/CBU

Dracon: An Open-Hardware Based Platform for Single-Chip Low-Cost Reconfigurable IoT Devices

The development of devices for the Internet of Things (IoT) requires the rapid prototyping of different hardware configurations. In this paper, a modular hardware platform allowing to prototype, test and even implement IoT appliances on low-cost reconfigurable devices is presented. The proposed platform, named Dracon, includes a Z80-clone microprocessor, up to 64 KB of RAM, and 256 inputs/outputs (I/Os). These I/Os can be used to connect additional co-processors within the same FPGA, external co-processors, communications modules, sensors and actuators. Dracon also includes as default peripherals a UART for programming and accessing the microprocessor, a Real Time Clock, and an Interrupt Timer. The use of an 8-bit microprocessor allows the use of the internal memory of the reconfigurable device as program memory, thereby, enabling the implementation of a complete IoT device within a single low-cost chip. Indeed, results using a Spartan 7 FPGA show that it is possible to implement Dracon with only 1515 6-input LUTs while operating at a maximum frequency of 80 MHz, which results in a better trade-off in terms of area and performance than other less powerful and less versatile alternatives in the literature. Moreover, the presented platform allows the development of embedded software applications independently of the selected FPGA device, enabling rapid prototyping and implementations on devices from different manufacturers.Junta de AndaluciaEuropean Commission B-TIC-588-UGR2

Fine-Grained Access Control with User Revocation in Smart Manufacturing

This research has been founded by the European Union’s Horizon 2020 Research and Innovation program under grant agreement No. 871518, a project named COLLABS [19].Collaborative manufacturing is a key enabler of Industry 4.0 that requires secure data sharing among multiple parties. However, intercompany data-sharing raises important privacy and security concerns, particularly given intellectual property and business-sensitive information collected by many devices. In this paper, we propose a solution that combines four technologies to address these challenges: Attribute-Based Encryption for data access control, blockchain for data integrity and non-repudiation, Hardware Security Modules for authenticity, and the Interplanetary File System for data scalability. We also use OpenID for dynamic client identification and propose a new method for user revocation in Attribute-Based Encryption. Our evaluation shows that the solution can scale up to 2,000,000 clients while maintaining all security guarantees.European Union’s Horizon 2020, 87151

Integration of Hardware Security Modules and Permissioned Blockchain in Industrial IoT Networks

Hardware Security Modules (HSM) serve as a hardware based root of trust that offers physical protection while adding a new security layer in the system architecture. When combined with decentralized access technologies as Blockchain, HSM offers robustness and complete reliability enabling secured end-toend mechanisms for authenticity, authorization and integrity. This work proposes an ef cient integration of HSM and Blockchain technologies focusing on, mainly, public-key cryptography algorithms and standards, that result crucial in order to achieve a successful combination of the mentioned technologies to improve the overall security in Industrial IoT systems. To prove the suitability of the proposal and the interaction of an IoT node and a Blockchain network using HSM a proof of concept is developed. Results of time performance analysis of the prototype reveal how promising the combination of HSMs in Blockchain environments is.Infineon Technologies AGEuropean Union's Horizon 2020 Research and Innovation Program through the Cyber Security 4.0: Protecting the Industrial Internet of Things (C4IIoT) 833828FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades B-TIC-588-UGR2

Secure Sensor Prototype Using Hardware Security Modules and Trusted Execution Environments in a Blockchain Application: Wine Logistic Use Case

The security of Industrial Internet of Things (IIoT) systems is a challenge that needs to be addressed immediately, as the increasing use of new communication paradigms and the abundant use of sensors opens up new opportunities to compromise these types of systems. In this sense, technologies such as Trusted Execution Environments (TEEs) and Hardware Security Modules (HSMs) become crucial for adding new layers of security to IIoT systems, especially to edge nodes that incorporate sensors and perform continuous measurements. These technologies, coupled with new communication paradigms such as Blockchain, offer a high reliability, robustness and good interoperability between them. This paper proposes the design of a secure sensor incorporating the above mentioned technologies—HSMs and a TEE—in a hardware device based on a dual-core architecture. Through this combination of technologies, one of the cores collects the data extracted by the sensors and implements the security mechanisms to guarantee the integrity of these data, while the remaining core is responsible for sending these data through the appropriate communication protocol. This proposed approach fits into the Blockchain networks, which act as an Oracle. Finally, to illustrate the application of this concept, a use case applied to wine logistics is described, where this secure sensor is integrated into a Blockchain that collects data from the storage and transport of barrels, and a performance evaluation of the implemented prototype is providedEuropean Union’s Horizon Europe research and innovation program through the funding project “Cognitive edge-cloud with serverless computing” (EDGELESS) under grant agreement number 101092950FEDER/Junta de Andalucia-Consejeria de Transformacion Economica, Industria, Conocimiento y Universidades under Project B-TIC-588-UGR2

Time- and Amplitude-Controlled Power Noise Generator against SPA Attacks for FPGA-Based IoT Devices

Power noise generation for masking power traces is a powerful countermeasure against Simple Power Analysis (SPA), and it has also been used against Differential Power Analysis (DPA) or Correlation Power Analysis (CPA) in the case of cryptographic circuits. This technique makes use of power consumption generators as basic modules, which are usually based on ring oscillators when implemented on FPGAs. These modules can be used to generate power noise and to also extract digital signatures through the power side channel for Intellectual Property (IP) protection purposes. In this paper, a new power consumption generator, named Xored High Consuming Module (XHCM), is proposed. XHCM improves, when compared to others proposals in the literature, the amount of current consumption per LUT when implemented on FPGAs. Experimental results show that these modules can achieve current increments in the range from 2.4 mA (with only 16 LUTs on Artix-7 devices with a power consumption density of 0.75 mW/LUT when using a single HCM) to 11.1 mA (with 67 LUTs when using 8 XHCMs, with a power consumption density of 0.83 mW/LUT). Moreover, a version controlled by Pulse-Width Modulation (PWM) has been developed, named PWM-XHCM, which is, as XHCM, suitable for power watermarking. In order to build countermeasures against SPA attacks, a multi-level XHCM (ML-XHCM) is also presented, which is capable of generating different power consumption levels with minimal area overhead (27 six-input LUTS for generating 16 different amplitude levels on Artix-7 devices). Finally, a randomized version, named RML-XHCM, has also been developed using two True Random Number Generators (TRNGs) to generate current consumption peaks with random amplitudes at random times. RML-XHCM requires less than 150 LUTs on Artix-7 devices. Taking into account these characteristics, two main contributions have been carried out in this article: first, XHCM and PWM-XHCM provide an efficient power consumption generator for extracting digital signatures through the power side channel, and on the other hand, ML-XHCM and RML-XHCM are powerful tools for the protection of processing units against SPA attacks in IoT devices implemented on FPGAs.Junta de AndaluciaEuropean Commission B-TIC-588-UGR2

Revisiting Multiple Ring Oscillator-Based True Random Generators to Achieve Compact Implementations on FPGAs for Cryptographic Applications

FEDER/Junta de Andalucía-Consejería de Transformación Económica, Industria, Conocimiento y Universidades/Proyecto B-TIC-588-UGR2

Non-Intrusive Tank-Filling Sensor Based on Sound Resonance

Different types of fill-level measurement systems exist in the market, but most of them imply some type of intrusion in the tank itself. In this paper, a reconfigurable system based on sound resonance for measuring the fill-level of a tank from the exterior is presented. A relation between sound resonance frequencies and the content of the tank has been found, especially as the tank gets closer to being full. A prototype has been created using reconfigurable technologies combined with wireless communications in order to control the system from an ad hoc application. With this prototype, the fill-level of different tanks has been measured with good resolution, especially when the tank is over half of its capacity