# prof. Ing. Róbert Lórencz, CSc.

Head of the Department of Information Security

- +420224359812
- robert.lorencz@fit.cvut.cz
- TH:A-1122

### Classification and online clustering of zero-day malware

Authors

Year

2024

Published

Journal of Computer Virology and Hacking Techniques. 2024, 2024 1-14. ISSN 2263-8733.

Type

Article

Departments

Annotation

A large amount of new malware is constantly being generated, which must not only be distinguished from benign samples, but also classified into malware families. For this purpose, investigating how existing malware families are developed and examining emerging families need to be explored. This paper focuses on the online processing of incoming malicious samples to assign them to existing families or, in the case of samples from new families, to cluster them. We experimented with seven prevalent malware families from the EMBER dataset, four in the training set and three additional new families in the test set. The features were extracted by static analysis of portable executable files for the Windows operating system. Based on the classification score of the multilayer perceptron, we determined which samples would be classified and which would be clustered into new malware families. We classified 97.21% of streaming data with a balanced accuracy of 95.33%. Then, we clustered the remaining data using a self-organizing map, achieving a purity from 47.61% for four clusters to 77.68% for ten clusters. These results indicate that our approach has the potential to be applied to the classification and clustering of zero-day malware into malware families.

### Single-Trace Side-Channel Attacks on NTRU Implementation

Authors

Rabas, T.; Buček, J.; Lórencz, R.

Year

2024

Published

SN Computer Science. 2024, 5(2), 1-11. ISSN 2662-995X.

Type

Article

Departments

Annotation

Most of the currently used cryptosystems are not secure in the presence of cryptographically relevant quantum computers. As the research in quantum technologies proceeds, a need for quantum-safe cryptography is imminent. NTRU is a post-quantum public-key cryptosystem based on lattices and was a finalist in the 3rd round of the post-quantum standardization process organized by the National Institute of Standards and Technology (NIST). This paper aims to study the implementation security of the cryptosystem with respect to an attacker with access to power leakage. Such a threat model is relevant especially, but not only, for embedded devices. We studied a countermeasure implementation of the NTRU decryption algorithm from An et al. (Appl Sci https://doi.org/10.3390/app8112014 , 2018) that claimed its security against power attacks. This paper revisits an attack presented in as reported by Rabas (In: Proceedings of the9th International Conference on Information Systems Security and Privacy,ICISSP 2023, Lisbon, 2023) that shows it is in fact vulnerable even in the case of just a single trace available to the enemy for extracting the key. We then describe a new profiling template attack on the implementation and show experimental results of the attack using the same datasets, resulting in a comparison of these two methods and further confirmation of the vulnerability of the algorithm even to generic profiling attacks. Several possible types of countermeasures are discussed.

### On the Use of Multiple Approximations in the Linear Cryptanalysis of Baby Rijndael

Authors

Year

2023

Published

Proceedings of the 9th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2023. p. 174-179. ISSN 2184-4356. ISBN 978-989-758-624-8.

Type

Proceedings paper

Departments

Annotation

In this paper, we follow up on our previous research on the resistance of Baby Rijndael, a reduced AES variant, to linear cryptanalysis. We address the issue of relatively low accuracy of the recovery of the encryption key by exploiting multiple linear approximations at once to deduce the correct bit of the key. We try several different methods with varying degree of success, with the final technique increasing the average accuracy of the recovery of the bit of the key to over 82 % in the best case. However, even that technique is not capable of breaking the cipher with less effort than the brute force.

### Single-Trace Attack on NTRU Decryption with Machine Learning and Template Profiling

Authors

Rabas, T.; Buček, J.; Lórencz, R.

Year

2023

Published

2023 26th Euromicro Conference on Digital System Design (DSD). Los Alamitos: IEEE Computer Society, 2023. p. 124-129. ISSN 2771-2508. ISBN 979-8-3503-4419-6.

Type

Proceedings paper

Departments

Annotation

NTRU is a post-quantum public key cryptosystem
based on lattices and was a finalist in the 3rd round of the
post-quantum standardization process organized by the National
Institute of Standards and Technology (NIST). We present a new single-trace attack against the NTRU decryption algorithm,
meaning we can obtain the private key only from one power trace,
assuming the profiling phase was conducted before the attack.
The attack was performed on the submission implementation
from the standardization process. We used several machine learning methods and Template attacks for the profiling and
testing phase. Both methods achieve high accuracy reaching
almost 100% tested on more than 12 000 traces. We also provide
a comparison of their success score with regard to a different
number of points of interest

### SPA Attack on NTRU Protected Implementation with Sparse Representation of Private Key

Authors

Rabas, T.; Buček, J.; Lórencz, R.

Year

2023

Published

Proceedings of the 9th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2023. p. 135-143. ISSN 2184-4356. ISBN 978-989-758-624-8.

Type

Proceedings paper

Departments

Annotation

NTRU is a post-quantum public-key, lattice-based cryptosystem. Several suggested implementations claim to be simple-power analysis resistant. One of these implementations was described in (An et al., 2018) using a sparse representation of a private key and a new design of an algorithm for the multiplication of polynomials. We show that it is still vulnerable. We theoretically explain a vulnerability in the algorithm description that could potentially lead to a single-trace attack. We practically perform the attack on two targets with different architectures: an 8-bit microcontroller of the AVR family and a 32-bit microcontroller ARM Cortex-M0. Statistical analysis performed on the second target, measured by the ChipWhisperer platform, shows that with a chance of 91.0% we get the correct key just from one measured trace. Ability to get two measurements raises our probability of a successful attack up to 99.6%.

### Automatic Detection and Decryption of AES Using Dynamic Analysis

Authors

Kokeš, J.; Matějka, J.; Lórencz, R.

Year

2022

Published

SN Computer Science. 2022, 2022 ISSN 2662-995X.

Type

Article

Departments

Annotation

In this paper we propose a set of algorithms that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext, assuming that we can control the code flow of the encrypting program, e.g., when an application is performing encryption without the user’s permission. The first algorithm makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naïve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications. We also discuss the options of recovering the same data when hardware-assisted AES implementations on Intel-compatible architectures are used.

### Generation of Adversarial Malware and Benign Examples Using Reinforcement Learning

Authors

Kozák, M.; Jureček, M.; Lórencz, R.

Year

2022

Published

Cybersecurity for Artificial Intelligence. Springer, Cham, 2022. p. 3-25. Advances in Information Security. vol. 54. ISSN 1568-2633. ISBN 978-3-030-97086-4.

Type

Book chapter

Departments

Annotation

Machine learning is becoming increasingly popular among antivirus
developers as a key factor in defence against malware. While machine learning is
achieving state-of-the-art results in many areas, it also has drawbacks exploited by
many with white-box attacks. Although the white-box scenario is possible in mal-
ware detection, the detailed structure of antivirus is often unknown. Consequently,
we focused on a pure black-box setup where no information apart from the predicted
label is known to the attacker, not even the feature space or predicted score.
We implemented our exploratory integrity attack using a reinforcement learning
approach on a dataset of portable executable binaries. We tested multiple agent
configurations while targeting LightGBM and MalConv classifiers. We achieved an
evasion rate of 68.64% and 13.32% against LightGBM and MalConv classifiers,
respectively. Besides traditional modelling of malware adversarial samples, we
present a setup for creating benign files that can increase the targeted classifier’s
false positive rate. This problem was considerably more challenging for our
reinforcement learning agents, with an evasion rate of 3.45% and 36.62% against
LightGBM and MalConv classifier, respectively. To understand how these attacks
transfer from classifiers based purely on machine learning to real-world anti-
malware software, we tested the same modified files against seven well-known
antiviruses. We achieved an evasion rate of up to 47.09% in malware and 14.29% in
benign adversarial attacks.

### Symmetric and Asymmetric Schemes for Lightweight Secure Communication

Authors

Year

2022

Published

Information Systems Security and Privacy. Basel: Springer Nature Switzerland AG, 2022. p. 97-114. ISSN 1865-0929. ISBN 978-3-030-94899-3.

Type

Proceedings paper

Departments

Annotation

The paper deals with the topic of lightweight authentication and secure communication for constrained hardware devices such as IoT or embedded devices. In the paper, protocols based on both symmetric and asymmetric schemes are presented, utilizing a PUF/TRNG combined module, showing it is advantageous to have single module that will allow generation of both TRNG and PUF at the same time. This approach minimizes implementation requirements and operational resource consumption. Moreover, it allows the simplification of the overall key management process as the proposed protocols do not require to store secrets on the devices themselves. This paper is the extended and revised version of the paper entitled "Lightweight Authentication and Secure Communication Suitable for IoT Devices" [1] presented at the 6th International Conference on Information Systems Security and Privacy (ICISSP) 2020.

### Three counter value based ROPUFs on FPGA and their properties

Authors

Year

2022

Published

Microprocessors and Microsystems. 2022, 88 1-10. ISSN 0141-9331.

Type

Article

Departments

Annotation

This paper investigates the behavior of the Physical Unclonable Function (PUF) design proposed in our previous work that is based ring oscillators (ROs). Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. We study the behavior of our PUF design together with other two similar proposals that are also based on extracting PUF bits from counter values.
In this work we compare the behavior of three PUF designs that are based on extracting PUF bits from counter values with one of them being proposed in our previous work. We evaluate these proposals at both stable and varying temperature and voltage in order to determine their robustness. The results show that our proposed technique, the frequency ratio, is the most reliable one. Furthermore, we compare the behavior of all of the three designs when mutually asymmetric and symmetric ROs are used. All of the measurements were performed on Cmod S7 FPGA boards (Xilinx XC7S25-1CSGA225C).

### Verification of PUF-based IoT Protocols with AVISPA and Scyther

Authors

Rabas, T.; Lórencz, R.; Buček, J.

Year

2022

Published

Proceedings of the 19th International Conference on Security and Cryptography. Madeira: SciTePress, 2022. p. 627-635. ISSN 2184-7711. ISBN 978-989-758-590-6.

Type

Proceedings paper

Departments

Annotation

Paper from 2020 (Buchovecká et al., 2020) suggests protocols suitable for lightweight IoT Devices. They are based on physical unclonable functions (PUF) which among others simplify the problem of key management on simple hardware devices and microcontrollers. These protocols are supposed to authenticate a device and distribute keys safely so that only the intended parties can know the key. We analysed suggested protocols using two automated verification tools AVISPA and Scyther. The analysis shows that there are several issues concerning the authentication property. We demonstrate the results from the tools and describe several attacks that exploit this vulnerability. Finally, we provide modified versions of these protocols that are resistant to those attacks and satisfy authentication as desired.

### Yet Another Algebraic Cryptanalysis of Small Scale Variants of AES

Authors

Year

2022

Published

Proceedings of the 19th International Conference on Security and Cryptography. Madeira: SciTePress, 2022. p. 415-427. ISSN 2184-7711. ISBN 978-989-758-590-6.

Type

Proceedings paper

Departments

Annotation

This work presents new advances in algebraic cryptanalysis of small scale derivatives of AES. We model the cipher as a system of polynomial equations over GF(2), which involves only the variables of the initial key, and we subsequently attempt to solve this system using Gröbner bases. We show, for example, that one of the attacks can recover the secret key for one round of AES-128 under one minute on a contemporary CPU. This attack requires only two known plaintexts and their corresponding ciphertexts. We also compare the performance of Gröbner bases to a SAT solver, and provide an insight into the propagation of diffusion within the cipher.

### Active Directory Kerberoasting Attack: Detection using Machine Learning Techniques

Authors

Kotlaba, L.; Fornůsek, S.; Lórencz, R.

Year

2021

Published

Proceedings of the 7th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2021. p. 376-383. ISSN 2184-4356. ISBN 978-989-758-491-6.

Type

Proceedings paper

Departments

Annotation

Active Directory is a prevalent technology used for managing identities in modern enterprises. As a variety of attacks exist against Active Directory environment, its security monitoring is crucial. This paper focuses on detection of one particular attack - Kerberoasting. The purpose of this attack is to gain access to service accounts’ credentials without the need for elevated access rights. The attack is nowadays typically detected using traditional ”signature-based” detection approaches. Those, however, often result in a high number of false alerts. In this paper, we adopt machine learning techniques, particularly several anomaly detection al- gorithms, for detection of Kerberoasting. The algorithms are evaluated on data from a real Active Directory environment and compared to the traditional detection approach, with a focus on reducing the number of false alerts.

### Application of Distance Metric Learning to Automated Malware Detection

Authors

Year

2021

Published

IEEE Access. 2021, 2021(9), 96151-96165. ISSN 2169-3536.

Type

Article

Departments

Annotation

Distance metric learning aims to find the most appropriate distance metric parameters to improve similarity-based models such as k -Nearest Neighbors or k -Means. In this paper, we apply distance metric learning to the problem of malware detection. We focus on two tasks: (1) to classify malware and benign files with a minimal error rate, (2) to detect as much malware as possible while maintaining a low false positive rate. We propose a malware detection system using Particle Swarm Optimization that finds the feature weights to optimize the similarity measure. We compare the performance of the approach with three state-of-the-art distance metric learning techniques. We find that metrics trained in this way lead to significant improvements in the k -Nearest Neighbors classification. We conducted and evaluated experiments with more than 150,000 Windows-based malware and benign samples. Features consisted of metadata contained in the headers of executable files in the portable executable file format. Our experimental results show that our malware detection system based on distance metric learning achieves a 1.09 % error rate at 0.74 % false positive rate (FPR) and outperforms all machine learning algorithms considered in the experiment. Considering the second task related to keeping minimal FPR, we achieved a 1.15 % error rate at only 0.13 % FPR.

### Automatic Detection and Decryption of AES by Monitoring S-box Access

Authors

Kokeš, J.; Matějka, J.; Lórencz, R.

Year

2021

Published

Proceedings of the 7th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2021. p. 172-180. ISSN 2184-4356. ISBN 978-989-758-491-6.

Type

Proceedings paper

Departments

Annotation

In this paper we propose an algorithm that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext. It makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naíve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications.

### Improving Classification of Malware Families using Learning a Distance Metric

Authors

Year

2021

Published

Proceedings of the 7th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2021. p. 643-652. ISSN 2184-4356. ISBN 978-989-758-491-6.

Type

Proceedings paper

Departments

Annotation

The objective of malware family classification is to assign a tested sample to the correct malware family. This paper concerns the application of selected state-of-the-art distance metric learning techniques to malware families classification. The goal of distance metric learning algorithms is to find the most appropriate distance metric parameters concerning some optimization criteria. The distance metric learning algorithms considered in our research learn from metadata, mostly contained in the headers of executable files in the PE file format. Several experiments have been conducted on the dataset with 14,000 samples consisting of six prevalent malware families and benign files. The experimental results showed that the average precision and recall of the k-Nearest Neighbors algorithm using the distance learned on training data were improved significantly comparing when the non-learned distance was used. The k-Nearest Neighbors classifier using the Mahalanobis distance metric learned by the Metric Learning for Kernel Regression method achieved average precision and recall, both of 97.04% compared to Random Forest with a 96.44% of average precision and 96.41% of average recall, which achieved the best classification results among the state-of-the-art ML algorithms considered in our experiments.

### Active Directory Kerberoasting Attack: Monitoring and Detection Techniques

Authors

Kotlaba, L.; Fornůsek, S.; Lórencz, R.

Year

2020

Published

Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 432-439. ISSN 2184-4356. ISBN 978-989-758-399-5.

Type

Proceedings paper

Departments

Annotation

The paper focus is the detection of Kerberoasting attack in Active Directory environment. The purpose of the attack is to extract service accounts’ passwords without need for any special user access rights or privilege escalation, which makes it suitable for initial phases of network compromise and further pivot for more interesting accounts. The main goal of the paper is to discuss the monitoring possibilities, setting up detection rules built on top of native Active Directory auditing capabilities, including possible ways to minimize false positive alerts.

### Comparison of three counter value based ROPUFs on FPGA

Authors

Year

2020

Published

Proceedings of the 23rd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2020. p. 205-212. ISBN 978-1-7281-9535-3.

Type

Proceedings paper

Departments

Annotation

This paper extends our previous work, in which we proposed a Ring Oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where the frequencies of ROs are compared. In this work we investigate the behaviour of our proposed PUF design, together with two other similar proposals that are also based on extracting PUF bits from counter values. We evaluate these proposals under stable operating conditions. Furthermore, we compare the behaviour of all of the three designs when mutually asymmetric and symmetric ROs are used. All of the measurements were performed on Digilent Cmod S7 FPGA boards (Xilinx XC7S25-1CSGA225C).

### Distance Metric Learning using Particle Swarm Optimization to Improve Static Malware Detection

Authors

Year

2020

Published

Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 725-732. ISSN 2184-4356. ISBN 978-989-758-399-5.

Type

Proceedings paper

Departments

Annotation

Distance metric learning is concerned with finding appropriate parameters of distance function with respect to a particular task. In this work, we present a malware detection system based on static analysis. We use k-nearest neighbors (KNN) classifier with weighted heterogeneous distance function that can handle nominal and numeric features extracted from portable executable file format. Our proposed approach attempts to specify the weights of the features using particle swarm optimization algorithm. The experimental results indicate that KNN with the weighted distance function improves classification accuracy significantly.

### Lightweight Authentication and Secure Communication Suitable for IoT Devices

Authors

Year

2020

Published

Proceedings of the 6th International Conference on Information Systems Security and Privacy. Madeira: SciTePress, 2020. p. 75-83. ISSN 2184-4356. ISBN 978-989-758-399-5.

Type

Proceedings paper

Departments

Annotation

In this paper we present the protocols for lightweight authentication and secure communication for IoT and embedded devices. The protocols are using a PUF/TRNG combined circuit as a basic building block. The goal is to show the possibilities of securing communication and authentication of the embedded systems, using PUF and TRNG for secure key generation, without requirement to store secrets on the device itself, thus allowing to significantly simplify the problem of key management on the simple hardware devices and microcontrollers, while allowing secure communication.

### Side-Channel Attack on the A5/1 Stream Cipher

Authors

Year

2019

Published

Proceedings of the 22nd Euromicro Conference on Digital Systems Design. Los Alamitos, CA: IEEE Computer Soc., 2019. p. 633-638. ISBN 978-1-7281-2862-7.

Type

Proceedings paper

Departments

Annotation

In this paper we present cryptanalysis of the A5/1
stream cipher used in GSM mobile phones. Our attack is based
on power analysis where we assume that the power consumption
while clocking 3 LFSRs is different than when clocking 2 LFSRs.
We demonstrate a simple power analysis (SPA) attack and discuss
existing differential power analysis (DPA). We present the attack
for recovering secret key based on the information on clocking
bits of LFSRs that was deduced from power analysis.
The attack has a 100% success rate, requires minimal storage
and it does not requires any single bit of a keystream. An average
time complexity of our attack based on SPA is around 233 where
the computation unit is a resolution of system of linear equations
over the Z2. Recovering the secret key using information from
the DPA has a constant complexity.

### Malware Detection Using a Heterogeneous Distance Function

Authors

Year

2018

Published

Computing and Informatics. 2018, 37(3), 759-780. ISSN 1335-9150.

Type

Article

Departments

Annotation

Classication of automatically generated malware is an active research
area. The amount of new malware is growing exponentially and since manual in-
vestigation is not possible, automated malware classication is necessary. In this
paper, we present a static malware detection system for the detection of unknown
malicious programs which is based on combination of the weighted k-nearest neigh-
bors classier and the statistical scoring technique from. We have extracted the
most relevant features from portable executable (PE) le format using gain ratio
and have designed a heterogeneous distance function that can handle both linear
and nominal features. Our proposed detection method was evaluated on a dataset
with tens of thousands of malicious and benign samples and the experimental re-
sults show that the accuracy of our classier is 98.80%. In addition, preliminary
results indicate that the proposed similarity metric on our feature space could be
used for clustering malware into families.

### Design of a Residue Number System Based Linear System Solver in Hardware

Authors

Year

2017

Published

Journal of Signal Processing Systems. 2017, 87(3), 343-356. ISSN 1939-8018.

Type

Article

Annotation

This paper is focused on error-free solution of dense linear systems using residual arithmetic in hardware. The designed Modular System uses hardware identical Residual Processors (RP)s for solving independent systems of linear congruences and combines their solutions into the solution of the given linear system. This approach uses the residue number system which is based on the Chinese remainder theorem. In order to efficiently exploit parallel processing and cooperation of the individual components, a hardware architecture of the Modular System with several RPs is designed. In order to verify the proposed architecture, a Xilinx FPGA with a MicroBlaze processor was used. Experimental results are obtained for an evaluation FPGA board with Virtex 6. Results from implementation serve for subsequent theoretical analysis of the system performance for various linear system sizes and further improvement of the system. The proposed system can be useful as a special hardware peripheral or a part of an embedded system for solving large nonsingular systems of linear equations with integer, rational or floating-point coefficients with arbitrary precision.

### True random number generator based on ring oscillator PUF circuit

Authors

Year

2017

Published

Microprocessors and Microsystems. 2017, 53 33-41. ISSN 0141-9331.

Type

Article

Departments

Annotation

In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as Physically Unclonable Function (PUF) based on ring oscillators. The goal is to show that it is possible to design the universal crypto system, that can be used for various applications – the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, True Random Number Generator (TRNG) for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.

### GPU solver for systems of linear equations with infinite precision

Authors

Khun, J.; Šimeček, I.; Lórencz, R.

Year

2016

Published

17th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing. Los Alamitos: IEEE Computer Society, 2016. p. 121-124. ISBN 978-1-5090-0461-4.

Type

Proceedings paper

Departments

Annotation

In this paper, we would like to introduce a GPU accelerated solver for systems of linear equations with an infinite precision. The infinite precision means that the system can provide a precise solution without any rounding error. These errors usually come from limited precision of floating point values within their natural computer representation. In a simplified description, the system is using modular arithmetic for transforming an original SLE into dozens of integer SLEs that are solved in parallel via GPU. In the final step, partial results are used for a calculation of the final solution. The usage of GPU plays a key role in terms of performance because the whole process is computationally very intensive. The GPU solver can provide about one magnitude higher performance than a multithreaded one.

### Improved ring oscillator PUF on FPGA and its properties

Authors

Year

2016

Published

Microprocessors and Microsystems. 2016, 47 55-63. ISSN 0141-9331.

Type

Article

Departments

Annotation

PUFs (Physical Unclonable Function) are increasingly used in proposals of security architectures for device identification and cryptographic key generation. Many PUF designs for FPGAs proposed up to this day are based on ring oscillators (RO). The classical approach is to compare frequencies of ROs and produce a single output bit from each pair of ROs based on the result of comparison of their frequencies. This ROPUF design requires all ROs to be mutually symmetric and also the number of pairs of ROs is limited in order to preserve the independence of bits in the PUF response. This led us to design a new ROPUF on FPGA which is capable of generating multiple output bits from each pair of ROs and is also allowing to create higher number of pairs of ROs, thereby making the use of ROs more efficient than the classical approach. Our PUF design is based on selecting a particular part of a counter value and using it for the PUF output. By applying Gray code on the counter values, we have considerably improved the PUF's statistical properties. In principle, this PUF design does not need the ROs to be mutually symmetric, however, it is shown that this ROPUF design has significantly better properties with varying supply voltage when symmetric ROs are used. All of the presented measurements were performed on Digilent Basys 2 FPGA Boards (Xilinx Spartan3E-100 CP132). In this work, we provide a more detailed description of the PUF design on FPGA and the behaviour of ROs with varying supply voltage. Our proposed PUF architecture offers more output bits with required statistical properties from each RO pair than the classical approach, where frequencies of ROs are compared. The presented improvements significantly reduce the dependence on fluctuation of supply voltage.

### Parallel solver of large systems of linear inequalities using Fourier--Motzkin elimination

Authors

Year

2016

Published

Computing and Informatics. 2016, 35(6), 1307-1337. ISSN 1335-9150.

Type

Article

Departments

Annotation

Fourier-Motzkin elimination is a computationally expensive but powerful method to solve a system of linear inequalities. These systems arise e.g. in execution order analysis for loop nests or in integer linear programming. This paper focuses on the analysis, design and implementation of a~parallel solver for distributed memory for large systems of linear inequalities using the Fourier--Motzkin elimination algorithm. We also measure the speedup of parallel solver and prove that this implementation results in good scalability.

### Proposal and Properties of Ring Oscillator-Based PUF on FPGA

Authors

Year

2016

Published

JOURNAL OF CIRCUITS SYSTEMS AND COMPUTERS. 2016, 25(3), ISSN 0218-1266.

Type

Article

Departments

Annotation

This paper deals with design of physical unclonable functions (PUFs) based on field-programmable gate array (FPGA).
The goal was to propose a cheap, efficient and secure device identification or even a cryptographic key generation based on PUFs.
Therefore, a design of a ring oscillator (RO)-based PUF producing more output bits from each RO pair is presented.
24 Digilent Basys 2 FPGA boards (Spartan-3E) and 6 Digilent Nexys 3 FPGA boards (Spartan-6) were tested and statistically
evaluated indicating suitability of the proposed design for device identification.
A stable PUF output is required for generating cryptographic keys. As post-processing technique to further improve the efficiency of this PUF design,
we used Gray code on the obtained bits from RO pairs. Ultimately, the PUF design is combined with error correction code and
together with Gray code is able to generate cryptographic keys of sufficient length.

### Temperature Dependence of ROPUF on FPGA

Authors

Year

2016

Published

Proceedings of 19th Euromicro Conference on Digital System Design DSD 2016. Los Alamitos, CA: IEEE Computer Soc., 2016. p. 698-702. ISBN 978-1-5090-2816-0.

Type

Proceedings paper

Departments

Annotation

This paper continues and extends our previous work introduced in [3], [4], in which we proposed a ring oscillator (RO) based Physical Unclonable Function (PUF) on FPGA. Our approach is able to extract multiple output bits from each RO pair in contrary to the classical approach, where frequencies of ROs are compared. Our original design used asymmetric ROs, i.e. without constrained placement of gates. In this paper, we investigate the behaviour of the proposed ROPUF using symmetric ROs, and compare them against the original approach with asymmetric ROs. The measurement results showed that the ROPUF with symmetric ROs is approximately two times more stable with varying temperature. We have also compared three different methods of information extraction from ROPUF based on frequency measurement. The measured results show that out of these three methods, our one is the most stable against change of temperature. The measurements were performed on Digilent Basys 2 FPGA boards (Xilinx Spartan3E-100 CP132).

### True Random Number Generator Based on ROPUF Circuit

Authors

Year

2016

Published

Proceedings of 19th Euromicro Conference on Digital System Design DSD 2016. Los Alamitos, CA: IEEE Computer Soc., 2016. p. 519-523. ISBN 978-1-5090-2816-0.

Type

Proceedings paper

Departments

Annotation

In this paper we propose the method of generating true random numbers utilizing the circuit primarily designed as PUF based on ring oscillators. The goal is to prove that it is possible to design the universal crypto system, that can be used for various applications - the PUF can be utilized for asymmetric cryptography and generating asymmetric keys, TRNG for symmetric cryptography (generating session and ephemeral keys), nonces and salts. In the paper the results of evaluation of such a circuit utilized for TRNG purpose are presented.

### A Design of Ring Oscillator Based PUF on FPGA

Authors

Year

2015

Published

Design and Diagnostics of Electronic Circuits & Systems (DDECS), 2015 IEEE 18th International Symposium on. Piscataway: IEEE, 2015. p. 37-42. ISBN 978-1-4799-6780-3.

Type

Proceedings paper

Departments

Annotation

This paper deals with design of Physical Unclonable Functions (PUFs) based on FPGA. The goal was to propose a cheap, efficient and secure device identification or even a cryptographic key generation based on PUFs. Therefore, a proposal of a ring oscillator (RO) based PUF producing more output bits from one RO pair is presented. 24 Digilent Basys 2 FPGA boards were tested and statistically evaluated indicating suitability of the proposed design for device identification.

### Linear Cryptanalysis of Baby Rijndael

Authors

Year

2015

Published

The Fourth International Conference on e-Technologies and Networks for Development (ICeND2015). Lodz: Lodz University of Technology, 2015. pp. 28-33. ISBN 978-1-4799-8450-3.

Type

Proceedings paper

Departments

Annotation

We present results of linear cryptanalysis of Baby Rijndael, a reduced-size model of Rijndael. The results were obtained using exhaustive search of all approximations and all keys and show some curious properties of both linear cryptanalysis and Baby Rijndael, particularly the existence of different classes of linear approximations with significantly different success rates of recovery of the cipher’s key.

### Optimization of Elliptic Curve Operations for ECM using Double & Add Algorithm

Authors

Kobrle, D.; Lórencz, R.

Year

2015

Published

The Fourth International Conference on e-Technologies and Networks for Development (ICeND2015). Lodz: Lodz University of Technology, 2015. p. 34-37. ISBN 978-1-4799-8450-3.

Type

Proceedings paper

Departments

Annotation

Nowadays the security becomes more and more important and as a need for secure data encryption grows, we
have to be sure that the algorithms we are using are safe. But it is not always just about algorithm itself as about settings, for example key length. RSA, the most popular asymmetric cipher is a perfect example, because it fully depends on hardness of large numbers factorization.
In this paper, we propose a novel approach for Elliptic Curve Method (ECM) which speeds-up the factorization time in affine
coordinates, thanks to optimizing the calculation steps for need of a Double & Add algorithm. However, proposed equations could
be used also in general Elliptic Curve Cryptography (ECC) or Elliptic Curve Digital Signature Algorithm (ECDSA), where the same principle is used and thus can make the operations faster.

### An ASIC Linear Congruence Solver Synthesized with Three Cell Libraries

Authors

Year

2014

Published

Proceedings of the 21st IEEE International Conference on Electronics Circuits and Systems. Monterey: IEEE Circuits and Systems Society, 2014. pp. 706-709. ISBN 978-1-4799-4242-8.

Type

Proceedings paper

Annotation

The paper describes an ASIC implementation of a linear congruence solver, part of a parallel system for solution of linear equations, and presents
synthesis results for three different standard cell libraries. The
previous VHDL design was adapted to three ASIC technologies
(130 nm, 110 nm, and 55 nm) from two different vendors and
the synthesized results were mutually compared. The comparison results were
further used to obtain a view of design properties in higher
density technologies.

### System Design of an FPGA Linear Solver

Authors

Year

2014

Published

Proceedings of the Work in Progress Session held in connection with the 40th EUROMICRO Conference on Software Engineering and Advanced Applications and the 17th EUROMICRO Conference on Digital System Design. Linz: Johannes Kepler University, 2014, ISBN 978-3-902457-40-0.

Type

Proceedings paper

Annotation

The work is focused on design of a Modular System performing error-free solution of dense linear systems using residue arithmetic in Xilinx FPGA. The designed system shall use a set of Residual Processors (RP)s for linear system solution in Residue Number System and reconstruct the set's solution afterwards. The currently proposed system's architecture has a single RP, a large DDR memory used for data transfer in between a PC and the system, and a built-in MicroBlaze processor. Future work will focus on extending the architecture to implement the entire Modular System consisting of multiple RPs and performing the backward transformation from residue representation into the rational number set.

### System on Chip Design of a Linear System Solver

Authors

Year

2014

Published

2014 International Symposium on System-on-Chip Proceedings. Piscataway: IEEE, 2014. ISBN 9781479968909.

Type

Proceedings paper

Annotation

This paper is focused on hardware error-free solution of dense linear systems using residual arithmetic on a System on Chip Modular System. The designed Modular System
uses Residual Processors (RP)s for solving independent linear
systems in residue arithmetic and combines RP solutions into
solution of the linear system. A System on Chip architecture of the Modular System with
several RPs is designed, each with a large memory unit used for
data transfer and storage. A Xilinx FPGA architecture with a MicroBlaze processor is used to verify the proposed architecture.
The experimental results are obtained for an evaluation FPGA
board with Virtex 6 and a 1GiB DDR memory and serve for
further theoretical analysis of the system performance for various
linear system sizes and the architecture of the system.

### Architecture of a Parallel MOSFET Parameter Extraction System

Authors

Zahradnický, T.; Lórencz, R.

Year

2013

Published

Proceedings of 2013 26th International Conference on Architecture of Computing Systems (ARCS). Berlin: VDE VERLAG GMBH Berlin, 2013, pp. 329-340. ISSN 0302-9743. ISBN 978-3-642-36423-5. Available from: http://www.springer.com/computer/communication+networks/book/978-3-642-36423-5

Type

Proceedings paper

Departments

Annotation

The paper first describes an existing parameter estimation approach used to estimate MOSFET mathematical model parameters. Next, all of the presented algorithms are analyzed with respect to the current multiple core processor architecture design. The parallel equivalents of the presented algorithms are given, including their computational complexities. The presented approach is specific that is uses the multiple-modulus arithmetic of the Residue Number System for solution of sets of linear equations. Finally, the paper shows the scalability of the presented approach and compares the obtained results to the original approach.

### Arithmetic Unit for Computations in GF(p) with the Left-Shifting Multiplicative Inverse Algorithm

Authors

Hlaváč, J.; Lórencz, R.

Year

2013

Published

Proceedings of 2013 26th International Conference on Architecture of Computing Systems (ARCS). Berlin: VDE VERLAG GMBH Berlin, 2013. p. 268-279. ISSN 0302-9743. ISBN 978-3-642-36423-5.

Type

Proceedings paper

Departments

Annotation

We present the hardware architecture of an arithmetic unit intended for computing basic operations over a Galois field GF(p). The arithmetic unit supports addition, subtraction, multiplication, and multiplicative inverse modulo a prime p. To compute the multiplicative inverse, we use the promising left-shifting algorithm that is based on the extended Euclidean algorithm. We discuss the potential applications of the arithmetic unit, including elliptic curve cryptography.

### Clock Math - a System for Solving SLEs Exactly

Authors

Hladík, J.; Lórencz, R.; Šimeček, I.

Year

2013

Published

Acta Polytechnica. 2013, 53(ě), 70-74. ISSN 1210-2709.

Type

Article

Departments

Annotation

In this paper, we present a GPU-accelerated hybrid system that solves ill-conditioned systems of linear equations exactly. Exactly means without rounding errors due to using integer arithmetics. First, we scale floating-point numbers up to integers, then we solve dozens of SLEs within different modular arithmetics and then we assemble sub-solutions back using the Chinese remainder theorem. This approach effectively bypasses current CPU floating-point limitations. The system is capable of solving Hilbert’s matrix without losing a single bit of precision, and with a significant speedup compared to existing CPU solvers.

### Comparison of FPGA and ASIC Implementation of a Linear Congruence Solver

Authors

Year

2013

Published

Proceedings of 16th Euromicro Conference on Digital System Design. Piscataway: IEEE Service Center, 2013. p. 284-287. ISBN 978-0-7695-5074-9.

Type

Proceedings paper

Departments

Annotation

Residual processor (RP) is a dedicated hardware for solution of sets of linear congruences. RPs are parts of a larger modular system for error-free solution of linear equations in residue arithmetic. We present new FPGA and ASIC RP implementations, focusing mainly on their memory units being a bottleneck of the calculation and therefore determining the efficiency of the system. First, we choose an FPGA to easily test the functionality of our implementation, then we do the same in ASIC, and finally we compare both implementations together. The experimental FPGA results are obtained for Xilinx Virtex 6, while the ASIC results are obtained from Synopsys tools with a 130 nm standard cell library. Results also present a maximum matrix dimension fitting directly into the FPGA and achieved speed as a function of the dimension.

### Special Issue: Trustworthy Manufacturing and Utilization of Secure Devices

Authors

Platonov, M.; Hlaváč, J.; Lórencz, R.

Year

2013

Published

First Workshop on Trustworthy Manufacturing and Utilization of Secure Devices. 2013.

Type

Proceedings paper

Departments

Annotation

Secret keys are usually stored in an nonvolatile memory, which can be hard to secure. An alternative is to generate the keys “on-the-fly” by using the inherent uniqueness
of a device based on the manufacturing process variations. This is realized by physical unclonable functions (PUFs). A promising approach is to construct an intrinsic PUF based
on SRAM memory, since many electronic devices have embedded SRAM. However, using a SRAM as PUF requires the stability of the SRAM fingerprint under a wide variety of conditions,
and the SRAM fingerprint must be unique. In this paper, we show that a 16Kbyte SRAM fingerprint contains sufficient entropy to uniquely identify each chip. In addition,
if a postprocessing error correction is applied, the fingerprint can be used to generate a stable 4Kbit key.

### Using Power-Up SRAM State of Atmel ATmega1284P Microcontrollers as Physical Unclonable Function for Key Generation and Chip Identification

Authors

Platonov, M.; Hlaváč, J.; Lórencz, R.

Year

2013

Published

Information Security Journal: A Global Perspective. 2013, 22(5-6), 244-250. ISSN 1939-3555.

Type

Article

Departments

Annotation

Secret keys are usually stored in a nonvolatile memory, which can be hard to secure. An alternative is to generate the keys "on-the-fly" by using the inherent uniqueness of a device based on the manufacturing process variations. This is realized by physical unclonable functions (PUFs). A promising approach is to construct an intrinsic PUF based on SRAM memory, since many electronic devices have embedded SRAM. However, using a SRAM as PUF requires the stability of the SRAM fingerprint under a wide variety of conditions, and the SRAM fingerprint must be unique.
In this paper, we show that a 16Kbyte SRAM fingerprint contains sufficient entropy to uniquely identify each chip. In addition, if a postprocessing error correction is applied, the fingerprint can be used to generate a stable 4Kbit key.

### Dedicated Hardware Implementation of a Linear Congruence Solver in FPGA

Authors

Year

2012

Published

The 19th IEEE International Conference on Electronics, Circuits, and Systems, ICECS 2012. Monterey: IEEE Circuits and Systems Society, 2012. p. 689-692. ISBN 978-1-4673-1261-5.

Type

Proceedings paper

Departments

Annotation

The residual processor is a dedicated hardware for solving sets of linear congruences. It is a part of the modular system for solving sets of linear equations without rounding errors using Residue Number System. We present a new FPGA implementation of the residual processor, focusing mainly on the memory unit that forms a bottleneck of the calculation, and therefore determines the effectivity of the system. FPGA has been chosen, as it allows us to optimally implement the designed architecture depending on the size of the problem. The proposed memory architecture of the modular system is implemented using the internal FPGA block RAM. Experimental results are obtained for the Xilinx Virtex 6 family. Results present the maximum matrix dimension fitting directly into the FPGA, and achieved speed as a function of the dimension.

### Security analysis of contactless smartcards

Authors

Lórencz, R.; Přívozník, L.

Year

2011

Published

Workshop 2011. Praha: České vysoké učení technické v Praze, 2011. pp. 1-5.

Type

Proceedings paper

Departments

Annotation

The project aims to analyze the security of contactless smart cards with regard to the published attacks on the widely used MIFARE Classic contactless card.

### FPU-Supported Running Error Analysis

Authors

Zahradnický, T.; Lórencz, R.

Year

2010

Published

Acta Polytechnica. 2010, 50(2), 30-36. ISSN 1210-2709.

Type

Article

Departments

Annotation

A-posteriori forward rounding error analyses tend to give sharper error estimates than a-priori ones, as they use actual data quantities. One of such a-posteriori analysis --- running error analysis --- uses expressions consisting of two parts; one generates the error and the other propagates input errors to the output. This paper suggests replacing the error generating term with an FPU-extracted rounding error estimate, which produces a sharper error bound.

### True Random Number Generation on an Atmel AVR Microcontroller

Authors

Hlaváč, J.; Hadáček, M.; Lórencz, R.

Year

2010

Published

2010 2nd International Conference on Computer Engineering and Technology. Piscataway: IEEE, 2010. p. 493-495. ISBN 978-1-4244-6350-3.

Type

Proceedings paper

Departments

Annotation

The paper presents a method of generating true random numbers on an Atmel AVR microcontroller. The jitter of the built-in RC oscillator is used as the source of entropy to generate 8 random bits per second. When implemented on the AVR Butterfly demo board, no external components are needed; otherwise, only an external oscillator is needed. The generated random bitstream has been tested using the "sts" test suite by NIST.

### System Optimization of Solving a Set of Linear Congruencies

Authors

Vondra, L.; Zahradnický, T.; Lórencz, R.

Year

2009

Published

Acta Electrotechnica et Informatica. 2009, 9(3), 3-7. ISSN 1335-8243.

Type

Article

Departments

Annotation

Solving a set of linear equations is a common problem and often it is transformed into a task of solving a set of linear congruencies. Solving a set of linear congruencies also appears frequently in cryptography and therefore effective solving algorithms are needed. All algorithms solving this task have their bottlenecks in calculating modular reduction as they need to divide. The problem with division or floating point remainder instruction is that these instructions have high latencies and are not pipelined. This paper compares several approaches that can be used to perform modular reduction after multiplication in integer and floating point arithmetic and its purpose is to offer a highly system optimized algorithm for modular multiplication with reduction using SIMD processor extensions.