i-LINK 2019
Advancing in cybersecurity technologies
Reference: LINKA20216
Funding Body: Consejo Superior de Investigaciones Científicas (budget: 23.738€)
Consortium: Microelectronics Institute of Seville (CSIC/Univ. Seville, Spain), Institute for Physical and Information Technologies (CSIC, Spain), University of Tampere (Finland), University of Michigan (USA)
Summary of the project:
In current digitalized socities, cybersecurity is crucial to protect and preserve the growing social and economic benefits of Information Communication Technlology (ICT) systems. The rapid implantation and proliferation of these systems, as well as society’s overwhelming reliance on them, has exposed its fragility and vulnerabilities against attacks. New solutions of cyber-defense require multidisciplinary research groups that analyze hardware, software, networks and data security, not as isolated elements, but taking into account that they interrelate with each other and, therefore, trusted chains must be provided for the entire system.
The main objective of this proposal is to develop, deploy and integrate novel cybersecurity technologies that ensure the integrity, resilience and reliability of ICT systems. To achieve this goal, the consortium integrates three complementary research teams specialized in network and software security (University of Tampere, Finland), system security (University of Michigan, USA), and cryptography and hardware security (CSIC). This project encourages the collaboration by means of the participation in seminars that promote the exchange of ideas, medium-term stays of researchers to validate the proposed techniques, and the definition of a strategic plan to hold this collaboration over time submitting project proposals to international competitive calls, as well as analyzing agreements with foreign institutions involved in this project to facilitate collaboration.
HARDBLOCK
Hardware-based Security for Blockchain Technologies
Reference: RTC-20176595-7
Funding Body: Ministerio de Ciencia, Innovación y Universidades (budget: 175.170€)
Objectives of the project:
- The main objective of HardBlock project is to develop a blockchain technology able to reduce the scalability problems of public blockchains.
- The new concepts of Proofs of Physical Existence and Proofs of Physical Presence will be exploited to reduce the highly maintenance costs of Proofs of Work.
- New hardware elements will be designed and implemented to support the Proofs of Physical Existence, providing the unique identification of things and avoiding tampering and counterfeiting.
- New hardware elements will be designed and implemented to support the Proofs of Physical Presence using biometrics. The objective is the user authentication with the highest authentication level (AAL3 according to NIST SP 800-63): using a compact and tamper-resistant device, under the control of the user, and with template protection.
- HardBlock will provide secure key exchange without using trusted third parties and avoiding man-in-the-middle attacks, and will exploit the use of post-quantum algorithms mainly based on lattice cryptography.
- The project will explore new application fields such as the combination of Internet of Things (IoT) with blockchain technologies.
HW-IDENTIoTY
Design of hardware solutions to manage people and things identities with trust, security, and privacy in IoT ecosystem
Reference: TEC2017-83557-R
Funding Body: Ministerio de Ciencia, Innovación y Universidades (budget: 139.150€)
Abstract: In the Internet of Things (IoT) ecosystem, people will be surrounded by a growing number of smart devices with sensors and actuators, which capture information about our environments and act upon them autonomously (our cities, homes, cars or bycicles and even our body). As a matter of fact, people already interact more with or through these devices instead of interacting directly. The IoT infraestructure is aimed at improving our quality of life, but if it is not trust, secure and does not guarantee our privacy, the consequences can be catastrophic.
A first challenging aspect is to ensure that individuals and devices are trusted and authentic and, hence, that their identities are resistant to impersonation and counterfeiting. Since the physical nature of an IoT device lies in the hardware it is made of, HW-IDENTIoTY project will design hardware solutions based on physical unclonable functions (PUFs) to generate inherent identities of devices. Since the unique features of a person can be captured by a biometric recognition system, HW-IDENTIoTY project will design hardware solutions to implement lightweight biometric recognition techniques that could be implemented in a wearable, so that the digital identity of the person is generated locally by a trusted device under the supervision of the identity owner.
A second critical issue is to guarantee privacy. For this purpose, the digital identities will be transformed in such a way that the resulting data cannot be attributed to a specific individual or device without the use of additional information. HW-IDENTIoTY project will design hardware solutions to implement Helper Data algorithms in the case of devices and template protection techniques in the case of individuals.
The third aspect addressed will be the design of hardware solutions robust against attacks to implement cryptographic primitives paradigm. They will be related to symmetric and lightweight cryptography in the case of wearables (with constrained resources and low-power consumption requirements) and to elliptic curve cryptography in the case of embedded systems. The availability of counterfeit-resistant identities will be exploited to address problems associated with digital chains of custody and traceability in IoT.
INTERVALO
Integration and validation in laboratory of countermeasures against side-channel attacks in microelectronic cryptocircuits
Reference: TEC2016-80549-R
Funding Body: Ministerio de Economía, Industria y Competitividad (budget: 104.544€)
Abstract: Security and privacy in communication are certainly one major right for institutions and people in general, being those factors of strategic interest in our society. Nowadays there are many electronic devices in which security is a must and most of these systems use cryptographic techniques to achieve confidentiality and inviolability in private data management. Many secure electronic systems include cryptographic devices implementing mathematical algorithms that are directed to hide sensitive information. However, due to their specific implementation as a circuit, side channel attacks can be successfully performed and information extracted. Therefore, paying special attention to the physic implementation of cryptographic devices is a crucial point to minimize the leak of information under side channel attacks. Hence, hardware implementations in the case of cryptographic algorithms require an adequate and correct realization of algorithms from the functional point of view as much as the inclusion of robust security mechanisms in order to diminish vulnerability. Most of portable security applications (RFID keys, USB memories, smart cards, etc.) use symmetric encryption that has to be integrated in very low power hardware (lightweight cryptography) what has to be required in the new environments resulting of the Internet of things. This Project aims to obtain a set of countermeasures libraries to be included in high performance hardware implementations (ASICs) in CMOS nanometer technology. The focus will be to increase the security of portable systems against side attacks facing secure (de)ciphering problems. Countermeasures will be proposed at a variety of abstraction levels, going from architecture to layout. These will be ready to be used in any stream or block cipher for any kind of application. Different strategies of passive attacks based on power analysis (DPA), electromagnetic emissions (DEMA) and active non-invasive attacks based on fault injection (clock signal, power supply, temperature) and invasive (light source or pulsed laser) will be considered. Hardware implementations (ASIC) will be developed, including area, frequency and power consumption optimization as well as side channel attacks security improvement. The main concern will be to optimize the systems performance accomplishing security increases with no penalties for this performance. To this aim, vulnerability measures, both experimental and simulated will be very important to qualify the countermeasures and the designed hardware.
The three primary targets of the Project are:
- To develop automatic experimental mechanisms to analyze the vulnerability of hardware implementations of ciphering circuits and its application on real implementations.
To propose, design and test hardware countermeasures of different categories to diminish vulnerability in crypto circuits.- To design, integrate and test an ASIC with ciphers including the proposed countermeasures and include the ASIC in a IoT system to evaluate the improvements in security in real systems.
ID-EO
Design of crypto-biometric hardware for video encryption and authentication
Reference: TEC2014-57971-R
Funding Body: Ministerio de Economía y Competitividad (budget: 187.550€)
Abstract: As more and more individuals and devices (Iaptops, tablets, smartphones, cameras, etc.) are interconnected through public networks, it is essential to ensure that the information exchanged (multimedia many times) really comes from individuals and devices that must generate, store, or process it. The generation of cryptographic keys from the intrinsic nature of devices or individuals not only ensures their digital identity when they access or provide information but also allow the encryption and authentication of such information, bonding it to the counterfeit-resistant identities.
Since a cryptographic system is as secure as its secret key, there is a growing interest in increasing the security of cryptographic key storage by using specific hardware, rather than just having software solutions. This is the reason why digital hardware (crypto-modules) will be designed in ID-EO project to generate the keys when needed instead of storing them, always involving the authentic device or individual designated to generate them. Moreover, they will be able to generate truly random numbers and identifíers. The modules will offer diversification, because they can generate different keys from the same identity, and revocability, because if one key is compromised, a new one can be generated at a new registration process.
The design of crypto-modules that could provide such functionality would find a very wide range of applications. In particular, a natural application domain is embedded vision systems that would become 'chains of trust', ensuring the authenticity of the system ítself and the confidentiality, privacy and integrity of the video captured and processed by the system. Nowadays, the proliferation of communications and web technologies has created an environment in which the security of the images and videos that are transmitted or stored in open channels is questioned. This is the reason why trust embedded vision systems will be designed in the ID-EO project, capable of real-time video selective encryption and authentication with constrained resources and low-power consumption.
I-COOP+ 2016
Hardware Implementation of Cryptographic Protocols Based on Elliptic Curves for Protection of Information Exchange Systems
Reference: COOPA20141
Funding Body: CSIC (budget: 19.000€)
Abstract: This project addresses the development and implementation of hardware modules to accelerate the calculation of bilinear pairings on ordinary elliptic curves in the context of cryptographic protocols used in electronic information exchange systems. The factors that affect the computational cost of the calculation of bilinear pairings on elliptic curves can be grouped into four levels: the arithmetic of finite fields; the arithmetic of curve points; the types of pairings; and the integration of pairings in the context of a specific cryptographic protocol. Considering these aspects, appropriate methods for the design of hardware architectures for the operations involved in each level will be identified in order to achieve an efficient implementation in terms of response speed, resources consumption and efficiency of the calculation of the pairings. The results of the work will have direct applicability in the project "Mechanisms of protection in systems of exchange of information" that is developed in the CUJAE and can result of great socioeconomic impact in Cuba.
