Defending cache memory against cold-boot attacks boosted by power or EM radiation analysis

Some algorithms running with compromised data select cache memory as a type of secure memory where data is confined and not transferred to main memory. However, cold-boot attacks that target cache memories exploit the data remanence. Thus, a sudden power shutdown may not delete data entirely, giving the opportunity to steal data. The biggest challenge for any technique aiming to secure the cache memory is performance penalty. Techniques based on data scrambling have demonstrated that security can be improved with a limited reduction in performance. However, they still cannot resist side-channel attacks like power or electromagnetic analysis. This paper presents a review of known attacks on memories and countermeasures proposed so far and an improved scrambling technique named random masking interleaved scrambling technique (RM-ISTe). This method is designed to protect the cache memory against cold-boot attacks, even if these are boosted by side-channel techniques like power or electromagnetic analysis.Postprint (author's final draft

Design and validation of a platform for electromagnetic fault injection

Security is acknowledged as one of the main challenges in the design and deployment of embedded circuits. Devices need to operate on-the-field safely and correctly, even when at physical reach of potential adversaries. One of the most powerful techniques to compromise the correct functioning of a device are fault injection attacks. They enable an active adversary to trigger errors on a circuit in order to bypass security features or to gain knowledge of security-sensitive information. There are several methods to induce such errors. In this work we focus on the injection of faults through the electromagnetic (EM) channel. In particular, we document our efforts towards building a suitable platform for EM pulse injection. We design a pulse injection circuit that can provide currents over 20 A to an EM injector in order to generate abrupt variations of the EM field on the vicinity of a circuit. We validate the suitability of our platform by applying a well-know attack on an embedded 8-bit microcontroller implementing the AES block cipher. In particular, we show how to extract the AES secret cryptographic keys stored in the device by careful injection of faults during the encryption operations and simple analysis of the erroneous outputs.Peer ReviewedPostprint (published version

Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

Modelisation discrete d'un systeme paravalanches mono-ancrage

This master thesis starts from an old thesis. This thesis may adapt the old program to a new Paravalanche system that has been placed the last summer in Val Thorens by HC Systec. So I am supposed to design the numerical modelisation of the new structure and then program it in Fortrqn language. The objectif is to see the effects of the snow efforts on the structure to optimize the paravalanche system.Outgoin

Reduction of the formaldehyde content in leathers treated with formaldehyde resins by means of plant polyphenols

Formaldehyde has applications in many industrial processes, including synthesis of resins and syntans to be used in the retanning process of leather. When resins are employed, they can hydrolyse, releasing formaldehyde. Due to the carcinogenicity of formaldehyde, its presence in leather should be avoided or kept below allowable limits. The aim of this study is to determine the effect of polyphenols contained in vegetable compounds (mimosa, quebracho and tara) in the reduction of the formaldehyde content in leathers treated with resins synthesized with formaldehyde (melamine-formaldehyde and dicyandiamide-formaldehyde). The formaldehyde content in leathers treated only with resin increases with time while the formaldehyde content in leathers treated additionally with vegetable compounds is reduced. The lower the formaldehyde content in the leather, the higher the ability of vegetable compounds to reduce such content. Mimosa shows the strongest ability to reduce the formaldehyde content, and this capacity increases with ageing. The addition of 4% (on shaved wet-blue weight) of mimosa gives rise to an 85% reduction in the formaldehyde content 140 days after leather processing of split hides treated with a formaldehyde resin of low formaldehyde content. However, this reduction is 68% in splits hides treated with a resin of high formaldehyde content. This is of great importance in baby’s leather articles, in which the formaldehyde content is low; therefore, the addition of a small amount (3%) of vegetable compounds (especially mimosa) guarantees that the formaldehyde content is below the allowed limits (16 mg/kg in the most restrictive regulation). Reducing the formaldehyde content using the polyphenols contained in vegetable compounds constitutes a good alternative not only in the leather sector but also in other industrial sectors (wood, textile, etc.) that use formaldehyde resins.Peer ReviewedPostprint (published version

Defeating microprobing attacks using a resource efficient detection circuit

Microprobing is an attack technique against integrated circuits implementing security functions, such as OTP tokens or smartcards. It allows intercepting secrets from onchip wires as well as injecting faults for other attacks. While the necessity to etch open chip packages and to remove the passivation layer makes microprobing appear expensive, it was shown that a successful attack can be run with equipment worth a few thousand euros. On the protector’s side, however, appropriate countermeasures such as active shields, redundancy of core components, or analog detection circuits containing large capacitors, are still expensive. We present a resource efficient microbing detection circuit that we call Low Area Probing Detector (LAPD). It measures minimal timing differences between on-chip wires caused by the capacitive load of microprobes. Simulations show that it can detect up-todate probes with capacitances as low as 10 fF. As a novelty, the LAPD is merely based on digital components and does not require analog circuitry, which reduces the required area and process steps compared to previous approaches.Postprint (author’s final draft

On the use of error detecting and correcting codes to boost security in caches against side channel attacks

Microprocessor memory is sensitive to cold boot attacks. In this kind of attacks, memory remanence is exploited to download its content after the microprocessor has been struck by a hard boot. If just in this moment, a crypto-algorithm was in execution, the memory data can be downloaded into a backup memory and specialized tools can be used to extract the secret keys. In the main memory data can be protected using efficient encryption techniques but in caches this is not possible unless the performance becomes seriously degraded. Recently, an interleaved scrambling technique (IST) was presented to improve the security of caches against cold boot attacks. While IST is effective for this particular kind of attacks, a weakness exists against side channel attacks, in particular using power analysis. Reliability of data in caches is warranted by means of error detecting and correcting codes. In this work it is shown how these kinds of codes can be used not only to improve reliability but also the security of data. In particular, a self-healing technique is selected to make the IST technique robust against side channel attacks using power analysis.Postprint (author’s final draft

Inventari d’arbres singulars i d’interès no protegits de la comarca de l’Alt Empordà (2015)

Un arbre és un element identificador del nostre patrimoni i de la nostra història. Pot designar llocs geogràfics i són elements presents a l'art com la fotografia, la pintura, l’arquitectura, la literatura o altres manifestacions. Conformen el paisatge que coneixem, són referència per l'orientació i molts d'ells testimonis de la història del nostre territori. És per això que la Institució Altempordanesa per a la Defensa i Estudi de la Natura (IAEDEN) ha elaborat un Inventari d’arbres singulars i d’interès no protegits de la comarca de l’Alt Empordà. Representa un recull d’exemplars d’arbres que es consideren interessants per a la comarca de l’Alt Empordà i que ara com ara no estan protegits sota cap catalogació (ja sigui en el planejament municipal o en la declaració d’arbre monumental declarat per la Generalitat o singular o d’interès comarcal). En aquest inventari s’han elaborat fitxes informatives d’un total de 150 arbres de la comarca de l’Alt Empordà ubicats en 35 municipis diferents, en els quals es fa una proposta de catalogació com a arbre/arbreda d’interès local. Així com també s’han inventariat 14 arbredes que es proposen de catalogar com a arbreda d’interès comarcal.A tree can be an identifying element of our heritage and our history. Trees can designate geographic locations and are present in art such as photography, paintings, architecture, literature and other manifestations. They shape the landscape we know, are landmarks that guide us and many are testimonies of our territory's history. Therefore, the Alt Empordà Institution for the Defence and Study of Nature (IAEDEN, in its Catalan acronym) has completed an inventory of singular and interesting, but not protected trees in the Alt Empordà county. It presents a collection of trees considered of interest for the region and which to date are not protected under any classification (either in municipal catalogues or declared as monumental, singular or interesting tree by the Catalan government). This inventory includes informational files for a total of 150 trees from the Alt Empordà county, located in 35 different municipalities, suggesting their protection as tree/grove of local interest. It also includes 14 groves which are proposed for protection as groves of regional interest

Sistemes combinacionals : Introducció a les funcions lògiques i a la minimització d’expressions

En aquest quadern es tractarà l’àlgebra que s’empra en el disseny de sistemes digitalsatemporals. Un sistema atemporal és aquell en què la seva resposta no depèn deltemps i que en conseqüència reacciona de manera instantània i única als impulsosrebuts a l’entrada.2017/201