Design of hardware-based security solutions for interconnected systems

Among all the different research lines related to hardware security, there is a particular topic that strikingly attracts attention. That topic is the research regarding the so-called Physical Unclonable Functions (PUF). The PUFs, as can be seen throughout the Thesis, present the novel idea of connecting digital values uniquely to a physical entity, just as human biometrics does, but with electronic devices. This beautiful idea is not free of obstacles, and is the core of this Thesis. It is studied from different angles in order to better understand, in particular, SRAM PUFs, and to be able to integrate them into complex systems that expand their potential. During Chapter 1, the PUFs, their properties and their main characteristics are defined. In addition, the different types of PUFs, and their main applications in the field of security are also summarized. Once we know what a PUF is, and the types of them we can find, throughout Chapter 2 an exhaustive analysis of the SRAM PUFs is carried out, given the wide availability of SRAMs today in most electronic circuits (which dramatically reduces the cost of deploying any solution). An algorithm is proposed to improve the characteristics of SRAM PUFs, both to generate identifiers and to generate random numbers, simultaneously. The results of this Chapter demonstrates the feasibility of implementing the algorithm, so in the following Chapters it is explored its integration in both hardware and software systems. In Chapter 3 the hardware design and integration of the algorithm introduced in Chapter 2 is described. The design is presented together with some examples of use that demonstrate the possible practical realizations in VLSI designs. In an analogous way, in Chapter 4 the software design and integration of the algorithm introduced in Chapter 2 is described. The design is presented together with some examples of use that demonstrate the possible practical realizations in low-power IoT devices. The algorithm is also described as part of a secure firmware update protocol that has been designed to be resistant to most current attacks, ensuring the integrity and trustworthiness of the updated firmware.In Chapter 5, following the integration of PUF-based solutions into protocols, PUFs are used as part of an authentication protocol that uses zero-knowledge proofs. The cryptographic protocol is a Lattice-based post-quantum protocol that guarantees the integrity and anonymity of the identity generated by the PUF. This type of architecture prevents any type of impersonation or virtual copy of the PUF, since this is unknown and never leaves the device. Specifically, this type of design has been carried out with the aim of having traceability of identities without ever knowing the identity behind, which is very interesting for blockchain technologies. Finally, in Chapter 6 a new type of PUF, named as BPUF (Behavioral and Physical Unclonable Function), is proposed and analyzed according to the definitions given in Chapter 1. This new type of PUF significantly changes the metrics and concepts to which we were used to in previous Chapters. A new multi-modal authentication protocol is presented in this Chapter, taking advantage of the challenge-response tuples of BPUFs. An example of BPUFs is illustrated with SRAMs. A proposal to integrate the BPUFs described in Chapter 6 into the protocol of Chapter 5, as well as the final remarks of the Thesis, can be found in Chapter 7

A PUF-and biometric-based lightweight hardware solution to increase security at sensor nodes

Security is essential in sensor nodes which acquire and transmit sensitive data. However, the constraints of processing, memory and power consumption are very high in these nodes. Cryptographic algorithms based on symmetric key are very suitable for them. The drawback is that secure storage of secret keys is required. In this work, a low-cost solution is presented to obfuscate secret keys with Physically Unclonable Functions (PUFs), which exploit the hardware identity of the node. In addition, a lightweight fingerprint recognition solution is proposed, which can be implemented in low-cost sensor nodes. Since biometric data of individuals are sensitive, they are also obfuscated with PUFs. Both solutions allow authenticating the origin of the sensed data with a proposed dual-factor authentication protocol. One factor is the unique physical identity of the trusted sensor node that measures them. The other factor is the physical presence of the legitimate individual in charge of authorizing their transmission. Experimental results are included to prove how the proposed PUF-based solution can be implemented with the SRAMs of commercial Bluetooth Low Energy (BLE) chips which belong to the communication module of the sensor node. Implementation results show how the proposed fingerprint recognition based on the novel texture-based feature named QFingerMap16 (QFM) can be implemented fully inside a low-cost sensor node. Robustness, security and privacy issues at the proposed sensor nodes are discussed and analyzed with experimental results from PUFs and fingerprints taken from public and standard databases.Ministerio de Economía, Industria y Competitividad TEC2014-57971-R, TEC2017-83557-

Improved Generation of Identifiers, Secret Keys, and Random Numbers From SRAMs

This paper presents a method to simultaneously improve the quality of the identifiers, secret keys, and random numbers that can be generated from the start-up values of standard static random access memories (SRAMs). The method is based on classifying memory cells after evaluating their start-up values at multiple measurements in a registration phase. The registration can be done without unplugging the device from its application context, and with no need for a complex laboratory setup. The method has been validated experimentally with standard low-power SRAM modules in two different application specific integrated circuits (ASICs) fabricated with the 90-nm TSMC technology. The results show that with a simple registration the length of the identifiers can be reduced by 45%, the worst case bit error probability (which defines the complexity of the error correcting code needed to recover a secret key) can be reduced by 64%, and the worst case minimum entropy value is improved, thus reducing the number of bits that have to be processed to obtain full entropy by 81%. The method can be applied to standard digital designs by controlling the external power supply to the SRAM using software or by incorporating simple circuitry in the design. In the latter case, a module for implementing the method in an ASIC designed in the 90-nm TSMC technology occupies an active area of 42, $025~mu text{m}^{mathrm {mathbf {2}}}

Trusted Cameras on Mobile Devices Based on SRAM Physically Unclonable Functions

Nowadays, there is an increasing number of cameras placed on mobile devices connected to the Internet. Since these cameras acquire and process sensitive and vulnerable data in applications such as surveillance or monitoring, security is essential to avoid cyberattacks. However, cameras on mobile devices have constraints in size, computation and power consumption, so that lightweight security techniques should be considered. Camera identification techniques guarantee the origin of the data. Among the camera identification techniques, Physically Unclonable Functions (PUFs) allow generating unique, distinctive and unpredictable identifiers from the hardware of a device. PUFs are also very suitable to obfuscate secret keys (by binding them to the hardware of the device) and generate random sequences (employed as nonces). In this work, we propose a trusted camera based on PUFs and standard cryptographic algorithms. In addition, a protocol is proposed to protect the communication with the trusted camera, which satisfies authentication, confidentiality, integrity and freshness in the data communication. This is particularly interesting to carry out camera control actions and firmware updates. PUFs from Static Random Access Memories (SRAMs) are selected because cameras typically include SRAMs in its hardware. Therefore, additional hardware is not required and security techniques can be implemented at low cost. Experimental results are shown to prove how the proposed solution can be implemented with the SRAM of commercial Bluetooth Low Energy (BLE) chips included in the communication module of the camera. A proof of concept shows that the proposed solution can be implemented in low-cost cameras.España, Ministerio de Ciencia e Innovación TEC2014-57971-R TEC2017-83557-

VLSI Design of Trusted Virtual Sensors

This work presents a Very Large Scale Integration (VLSI) design of trusted virtual sensors providing a minimum unitary cost and very good figures of size, speed and power consumption. The sensed variable is estimated by a virtual sensor based on a configurable and programmable PieceWise-Affine hyper-Rectangular (PWAR) model. An algorithm is presented to find the best values of the programmable parameters given a set of (empirical or simulated) input-output data. The VLSI design of the trusted virtual sensor uses the fast authenticated encryption algorithm, AEGIS, to ensure the integrity of the provided virtual measurement and to encrypt it, and a Physical Unclonable Function (PUF) based on a Static Random Access Memory (SRAM) to ensure the integrity of the sensor itself. Implementation results of a prototype designed in a 90-nm Complementary Metal Oxide Semiconductor (CMOS) technology show that the active silicon area of the trusted virtual sensor is 0.86 mm 2 and its power consumption when trusted sensing at 50 MHz is 7.12 mW. The maximum operation frequency is 85 MHz, which allows response times lower than 0.25 μ s. As application example, the designed prototype was programmed to estimate the yaw rate in a vehicle, obtaining root mean square errors lower than 1.1%. Experimental results of the employed PUF show the robustness of the trusted sensing against aging and variations of the operation conditions, namely, temperature and power supply voltage (final value as well as ramp-up time)Ministerio de Economía, Industria y Competitividad TEC2014-57971-RConsejo Superior de Investigaciones Científicas 201750E01

Using physical unclonable functions for internet-of-thing security cameras

This paper proposes a low-cost solution to develop IoT security cameras. Integrity and confidentiality of the image data are achieved by cryptographic modules that implement symmetric key-based techniques which are usually available in the hardware of the IoT cameras. The novelty of this proposal is that the secret key required is not stored but reconstructed from the start-up values of a SRAM in the camera hardware acting as a PUF (Physical Unclonable Function), so that the physical authenticity of the camera is also ensured. The start-up values of the SRAM are also exploited to change the IV (Initialization Vector) in the encryption algorithm. All the steps for enrollment and normal operation can be included in a simple firmware to be executed by the camera. There is no need to include specific hardware but only a SRAM is needed which could be powered down and up by firmware.Ministerio de Economía y Competitividad del Gobierno de España y fondos europeos FEDER-TEC2014-57971-RConsejo Superior de Investigaciones Científicas (CSIC)-HW-SEEDS 201750E010V Plan Propio de Investigación de la Universidad de Sevill

Gestión del conocimiento. Perspectiva multidisciplinaria. Volumen 17

El libro “Gestión del Conocimiento. Perspectiva Multidisciplinaria”, Volumen 17 de la Colección Unión Global, es resultado de investigaciones. Los capítulos del libro, son resultados de investigaciones desarrolladas por sus autores. El libro es una publicación internacional, seriada, continua, arbitrada, de acceso abierto a todas las áreas del conocimiento, orientada a contribuir con procesos de gestión del conocimiento científico, tecnológico y humanístico. Con esta colección, se aspira contribuir con el cultivo, la comprensión, la recopilación y la apropiación social del conocimiento en cuanto a patrimonio intangible de la humanidad, con el propósito de hacer aportes con la transformación de las relaciones socioculturales que sustentan la construcción social de los saberes y su reconocimiento como bien público

Spatiotemporal Characteristics of the Largest HIV-1 CRF02_AG Outbreak in Spain: Evidence for Onward Transmissions

Background and Aim: The circulating recombinant form 02_AG (CRF02_AG) is the predominant clade among the human immunodeficiency virus type-1 (HIV-1) non-Bs with a prevalence of 5.97% (95% Confidence Interval-CI: 5.41–6.57%) across Spain. Our aim was to estimate the levels of regional clustering for CRF02_AG and the spatiotemporal characteristics of the largest CRF02_AG subepidemic in Spain.Methods: We studied 396 CRF02_AG sequences obtained from HIV-1 diagnosed patients during 2000–2014 from 10 autonomous communities of Spain. Phylogenetic analysis was performed on the 391 CRF02_AG sequences along with all globally sampled CRF02_AG sequences (N = 3,302) as references. Phylodynamic and phylogeographic analysis was performed to the largest CRF02_AG monophyletic cluster by a Bayesian method in BEAST v1.8.0 and by reconstructing ancestral states using the criterion of parsimony in Mesquite v3.4, respectively.Results: The HIV-1 CRF02_AG prevalence differed across Spanish autonomous communities we sampled from (p < 0.001). Phylogenetic analysis revealed that 52.7% of the CRF02_AG sequences formed 56 monophyletic clusters, with a range of 2–79 sequences. The CRF02_AG regional dispersal differed across Spain (p = 0.003), as suggested by monophyletic clustering. For the largest monophyletic cluster (subepidemic) (N = 79), 49.4% of the clustered sequences originated from Madrid, while most sequences (51.9%) had been obtained from men having sex with men (MSM). Molecular clock analysis suggested that the origin (tMRCA) of the CRF02_AG subepidemic was in 2002 (median estimate; 95% Highest Posterior Density-HPD interval: 1999–2004). Additionally, we found significant clustering within the CRF02_AG subepidemic according to the ethnic origin.Conclusion: CRF02_AG has been introduced as a result of multiple introductions in Spain, following regional dispersal in several cases. We showed that CRF02_AG transmissions were mostly due to regional dispersal in Spain. The hot-spot for the largest CRF02_AG regional subepidemic in Spain was in Madrid associated with MSM transmission risk group. The existence of subepidemics suggest that several spillovers occurred from Madrid to other areas. CRF02_AG sequences from Hispanics were clustered in a separate subclade suggesting no linkage between the local and Hispanic subepidemics

Método y dispositivo para generar identificadores y números verdaderamente aleatorios

La presente invención tiene por objeto un método que consta de dos etapas: una primera etapa de clasificación de las celdas de memoria estáticas en dos conjuntos disjuntos según su comportamiento ante repetidas veces en que se conectan a alimentación tra