Ing. Jiří Buček, Ph.D.

Článek

10.1007/s42979-023-02493-7

Katedra informační bezpečnosti

Most of the currently used cryptosystems are not secure in the presence of cryptographically relevant quantum computers. As the research in quantum technologies proceeds, a need for quantum-safe cryptography is imminent. NTRU is a post-quantum public-key cryptosystem based on lattices and was a finalist in the 3rd round of the post-quantum standardization process organized by the National Institute of Standards and Technology (NIST). This paper aims to study the implementation security of the cryptosystem with respect to an attacker with access to power leakage. Such a threat model is relevant especially, but not only, for embedded devices. We studied a countermeasure implementation of the NTRU decryption algorithm from An et al. (Appl Sci https://doi.org/10.3390/app8112014 , 2018) that claimed its security against power attacks. This paper revisits an attack presented in as reported by Rabas (In: Proceedings of the9th International Conference on Information Systems Security and Privacy,ICISSP 2023, Lisbon, 2023) that shows it is in fact vulnerable even in the case of just a single trace available to the enemy for extracting the key. We then describe a new profiling template attack on the implementation and show experimental results of the attack using the same datasets, resulting in a comparison of these two methods and further confirmation of the vulnerability of the algorithm even to generic profiling attacks. Several possible types of countermeasures are discussed.

Stať ve sborníku

10.1007/978-3-030-94900-6_5

Katedra informační bezpečnosti

The paper deals with the topic of lightweight authentication and secure communication for constrained hardware devices such as IoT or embedded devices. In the paper, protocols based on both symmetric and asymmetric schemes are presented, utilizing a PUF/TRNG combined module, showing it is advantageous to have single module that will allow generation of both TRNG and PUF at the same time. This approach minimizes implementation requirements and operational resource consumption. Moreover, it allows the simplification of the overall key management process as the proposed protocols do not require to store secrets on the devices themselves. This paper is the extended and revised version of the paper entitled "Lightweight Authentication and Secure Communication Suitable for IoT Devices" [1] presented at the 6th International Conference on Information Systems Security and Privacy (ICISSP) 2020.

Článek

10.1016/j.micpro.2021.104375

Katedra informační bezpečnosti

This paper investigates the behavior of the Physical Unclonable Function (PUF) design proposed in our previous work that is based ring oscillators (ROs). Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. We study the behavior of our PUF design together with other two similar proposals that are also based on extracting PUF bits from counter values. In this work we compare the behavior of three PUF designs that are based on extracting PUF bits from counter values with one of them being proposed in our previous work. We evaluate these proposals at both stable and varying temperature and voltage in order to determine their robustness. The results show that our proposed technique, the frequency ratio, is the most reliable one. Furthermore, we compare the behavior of all of the three designs when mutually asymmetric and symmetric ROs are used. All of the measurements were performed on Cmod S7 FPGA boards (Xilinx XC7S25-1CSGA225C).

Stať ve sborníku

10.5220/0011299000003283

Katedra informační bezpečnosti

Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.

Stať ve sborníku

Katedra informační bezpečnosti

This paper extends our previous work, in which we proposed a Ring Oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where the frequencies of ROs are compared. In this work we investigate the behaviour of our proposed PUF design, together with two other similar proposals that are also based on extracting PUF bits from counter values. We evaluate these proposals under stable operating conditions. Furthermore, we compare the behaviour of all of the three designs when mutually asymmetric and symmetric ROs are used. All of the measurements were performed on Digilent Cmod S7 FPGA boards (Xilinx XC7S25-1CSGA225C).

Stať ve sborníku

10.5220/0008959600750083

Katedra informační bezpečnosti

In this paper we present the protocols for lightweight authentication and secure communication for IoT and embedded devices. The protocols are using a PUF/TRNG combined circuit as a basic building block. The goal is to show the possibilities of securing communication and authentication of the embedded systems, using PUF and TRNG for secure key generation, without requirement to store secrets on the device itself, thus allowing to significantly simplify the problem of key management on the simple hardware devices and microcontrollers, while allowing secure communication.

Stať ve sborníku

10.1109/DSD.2019.00099

Katedra informační bezpečnosti

In this paper we present cryptanalysis of the A5/1 stream cipher used in GSM mobile phones. Our attack is based on power analysis where we assume that the power consumption while clocking 3 LFSRs is different than when clocking 2 LFSRs. We demonstrate a simple power analysis (SPA) attack and discuss existing differential power analysis (DPA). We present the attack for recovering secret key based on the information on clocking bits of LFSRs that was deduced from power analysis. The attack has a 100% success rate, requires minimal storage and it does not requires any single bit of a keystream. An average time complexity of our attack based on SPA is around 233 where the computation unit is a resolution of system of linear equations over the Z2. Recovering the secret key using information from the DPA has a constant complexity.

Článek

10.1007/s11265-016-1146-1

Katedra číslicového návrhu
Katedra počítačových systémů

This paper is focused on error-free solution of dense linear systems using residual arithmetic in hardware. The designed Modular System uses hardware identical Residual Processors (RP)s for solving independent systems of linear congruences and combines their solutions into the solution of the given linear system. This approach uses the residue number system which is based on the Chinese remainder theorem. In order to efficiently exploit parallel processing and cooperation of the individual components, a hardware architecture of the Modular System with several RPs is designed. In order to verify the proposed architecture, a Xilinx FPGA with a MicroBlaze processor was used. Experimental results are obtained for an evaluation FPGA board with Virtex 6. Results from implementation serve for subsequent theoretical analysis of the system performance for various linear system sizes and further improvement of the system. The proposed system can be useful as a special hardware peripheral or a part of an embedded system for solving large nonsingular systems of linear equations with integer, rational or floating-point coefficients with arbitrary precision.

Stať ve sborníku

10.1109/MECO.2017.7977169

Katedra číslicového návrhu
Katedra počítačových systémů

This paper describes implementation of contactless smart card emulator compliant with ISO/IEC 14443 in Field Programmable Gate Array (FPGA). Systems using contactless smart cards are widely used and some of these systems are not secured properly. For example in many such systems smart card Unique Identifier (UID) is used as the only one authentication mean. As the UID is not encrypted and is read from the card in plain, it is easy to make a copy of the smart card and use the clone as the original card. In this work we describe emulator of a smart card implemented in FPGA which is able to spoof some genuine smart card. Emulator described in this work emulates protocol described in ISO/IEC 14443 standard, which in detail describes all aspects of RFID smart cards (from physical attributes of both - cards and readers - to communication by digital signals). The emulator is able to come through the whole card selection process and to spoof the real smart card with given UID. Moreover emulator can be selected also for higher application layer protocol communication. If we know the proprietary application layer protocol, emulator is able to spoof communication on this protocol with data recorded in it. This functionality was successfully tested on systems used at Czech Technical University in Prague, where the weak implementation of UID as the only one authentication mean is used. Emulator is responding faster than most of other existing smart card emulators thanks to high efficient implementation in hardware.

Kapitola v knize

10.1007/978-3-319-44318-8_4

Katedra číslicového návrhu
Katedra počítačových systémů

This tutorial will introduce you to the basics of the DPA (Differential Power Analysis) – a technique that exploits the dependency of the processed data on the power trace of the device to extract some secret information that would not be otherwise available. During the session you will learn how to process the power trace of the implementation of the AES encryption algorithm using an algebraic system (in our case Matlab), create the power hypothesis, extract the secret information and also how to measure the power consumption of the embedded system (smart card) in order to obtain the power traces. The first part of the tutorial Differential Power Analysis – Key Recovery is aimed at explaining the creation of the power hypothesis and the use of algebraic systems. The second part of the tutorial DPA – measurement with an oscilloscope covers the practical part of the exercise - the measurement of the power consumption using the PicoScope.

Článek

10.1016/j.micpro.2017.06.021

Katedra počítačových systémů

In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as Physically Unclonable Function (PUF) based on ring oscillators. The goal is to show that it is possible to design the universal crypto system, that can be used for various applications – the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, True Random Number Generator (TRNG) for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.

Stať ve sborníku

10.1109/AIEEE.2016.7821811

Katedra počítačových systémů

This paper describes the evaluation of available experimental boards, the comparison of their supported set of experiments and other aspects. The second part of this evaluation is focused on the design process of the PCB (Printed Circuit Board) for an FPGA (Field Programmable Gate Array) based cryptography environment suitable for evaluating the latest trends in the IC (Integrated Circuit) security like Side–Channel Attacks (SCA) or Physically Unclonable Function (PUF). It leads to many criteria affecting the design process and of course, the suitability for evaluating and measuring results of the attacks and their countermeasures. The developed system should be open, versatile and unrestricted by the U.S. law.

Stať ve sborníku

Katedra počítačových systémů

This paper describes the evaluation of available experimental boards, the comparison of their supported set of experiments and other aspects. The second part of this evaluation is focused on the design process of the PCB (Printed Circuit Board) for an FPGA (Field Programmable Gate Array) based cryptography environment suitable for evaluating the latest trends in the IC (Integrated Circuit) security like Side–Channel Attacks (SCA) or Physically Unclonable Function (PUF). It leads to many criteria affecting the design process and also the suitability for evaluating and measuring results of the attacks and their countermeasures. The developed system should be open, versatile and unrestricted by the U.S. law.

Článek

10.1016/j.micpro.2016.02.005

Katedra počítačových systémů

PUFs (Physical Unclonable Function) are increasingly used in proposals of security architectures for device identification and cryptographic key generation. Many PUF designs for FPGAs proposed up to this day are based on ring oscillators (RO). The classical approach is to compare frequencies of ROs and produce a single output bit from each pair of ROs based on the result of comparison of their frequencies. This ROPUF design requires all ROs to be mutually symmetric and also the number of pairs of ROs is limited in order to preserve the independence of bits in the PUF response. This led us to design a new ROPUF on FPGA which is capable of generating multiple output bits from each pair of ROs and is also allowing to create higher number of pairs of ROs, thereby making the use of ROs more efficient than the classical approach. Our PUF design is based on selecting a particular part of a counter value and using it for the PUF output. By applying Gray code on the counter values, we have considerably improved the PUF's statistical properties. In principle, this PUF design does not need the ROs to be mutually symmetric, however, it is shown that this ROPUF design has significantly better properties with varying supply voltage when symmetric ROs are used. All of the presented measurements were performed on Digilent Basys 2 FPGA Boards (Xilinx Spartan3E-100 CP132). In this work, we provide a more detailed description of the PUF design on FPGA and the behaviour of ROs with varying supply voltage. Our proposed PUF architecture offers more output bits with required statistical properties from each RO pair than the classical approach, where frequencies of ROs are compared. The presented improvements significantly reduce the dependence on fluctuation of supply voltage.

Stať ve sborníku

10.1109/DSD.2016.29

Katedra počítačových systémů

This paper continues and extends our previous work introduced in [3], [4], in which we proposed a ring oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. Our original design used asymmetric ROs, i.e. without constrained placement of gates. In this paper, we investigate the behaviour of the proposed ROPUF using symmetric ROs, and compare them against the original approach with asymmetric ROs. The measurement results showed that the ROPUF with symmetric ROs is approximately two times more stable with varying temperature. We have also compared three different methods of information extraction from ROPUF based on frequency measurement. The measured results show that out of these three methods, our one is the most stable against change of temperature. The measurements were performed on Digilent Basys 2 FPGA boards (Xilinx Spartan3E-100 CP132).

Stať ve sborníku

10.1109/DSD.2016.36

Katedra počítačových systémů

In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as PUF based on ring oscillators. The goal is to prove that it is possible to design the universal crypto system, that can be used for various applications - the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, TRNG for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.

Stať ve sborníku

10.1109/ICECS.2014.7050083

Katedra číslicového návrhu
Katedra počítačových systémů

The paper describes an ASIC implementation of a linear congruence solver, part of a parallel system for solution of linear equations, and presents synthesis results for three different standard cell libraries. The previous VHDL design was adapted to three ASIC technologies (130 nm, 110 nm, and 55 nm) from two different vendors and the synthesized results were mutually compared. The comparison results were further used to obtain a view of design properties in higher density technologies.

Stať ve sborníku

Katedra číslicového návrhu
Katedra počítačových systémů

The work is focused on design of a Modular System performing error-free solution of dense linear systems using residue arithmetic in Xilinx FPGA. The designed system shall use a set of Residual Processors (RP)s for linear system solution in Residue Number System and reconstruct the set's solution afterwards. The currently proposed system's architecture has a single RP, a large DDR memory used for data transfer in between a PC and the system, and a built-in MicroBlaze processor. Future work will focus on extending the architecture to implement the entire Modular System consisting of multiple RPs and performing the backward transformation from residue representation into the rational number set.

Stať ve sborníku

10.1109/ISSOC.2014.6972445

Katedra číslicového návrhu
Katedra počítačových systémů

This paper is focused on hardware error-free solution of dense linear systems using residual arithmetic on a System on Chip Modular System. The designed Modular System uses Residual Processors (RP)s for solving independent linear systems in residue arithmetic and combines RP solutions into solution of the linear system. A System on Chip architecture of the Modular System with several RPs is designed, each with a large memory unit used for data transfer and storage. A Xilinx FPGA architecture with a MicroBlaze processor is used to verify the proposed architecture. The experimental results are obtained for an evaluation FPGA board with Virtex 6 and a 1GiB DDR memory and serve for further theoretical analysis of the system performance for various linear system sizes and the architecture of the system.

Stať ve sborníku

10.1109/DSD.2013.125

Katedra počítačových systémů

Residual processor (RP) is a dedicated hardware for solution of sets of linear congruences. RPs are parts of a larger modular system for error-free solution of linear equations in residue arithmetic. We present new FPGA and ASIC RP implementations, focusing mainly on their memory units being a bottleneck of the calculation and therefore determining the efficiency of the system. First, we choose an FPGA to easily test the functionality of our implementation, then we do the same in ASIC, and finally we compare both implementations together. The experimental FPGA results are obtained for Xilinx Virtex 6, while the ASIC results are obtained from Synopsys tools with a 130 nm standard cell library. Results also present a maximum matrix dimension fitting directly into the FPGA and achieved speed as a function of the dimension.

Stať ve sborníku

10.1109/DSD.2013.130

Katedra číslicového návrhu
Katedra počítačových systémů

The differential power analysis is popular technique in exploiting weaknesses of the embedded systems — mostly of the smart cards. This approach is understandable as the DPA does not require expensive equipment or strong theoretical background on the device under attack. Therefore it is ideal for education of beginners or students in the field of computer security. The aim of this paper is to describe the economy of obtaining the basic equipment for the education of the differential power analysis and to share the experience with its teaching.

Stať ve sborníku

10.1109/ICECS.2012.6463632

Katedra počítačových systémů

The residual processor is a dedicated hardware for solving sets of linear congruences. It is a part of the modular system for solving sets of linear equations without rounding errors using Residue Number System. We present a new FPGA implementation of the residual processor, focusing mainly on the memory unit that forms a bottleneck of the calculation, and therefore determines the effectivity of the system. FPGA has been chosen, as it allows us to optimally implement the designed architecture depending on the size of the problem. The proposed memory architecture of the modular system is implemented using the internal FPGA block RAM. Experimental results are obtained for the Xilinx Virtex 6 family. Results present the maximum matrix dimension fitting directly into the FPGA, and achieved speed as a function of the dimension.