Spanish National Research Council · University of Seville
esp    ing
IMSE-CNM in Digital.CSIC


In all publications
Author: Tena Sánchez , Erica
Year: Since 2002
All publications
Benchmarking of nanometer technologies for DPA-resilient DPL-based cryptocircuits
E. Tena-Sánchez, I.M. Delgado-Lozano, J. Nuñez and A.J. Acosta
Conference - Conference on Design of Circuits and Integrated Systems DCIS 2018
The design of cryptographic circuits is requiring greater performance restrictions due to the constrained environments for IoT applications in which they are included. Focusing on the countermeasures based on dual-precharge logic styles, power, area and delay penalties are some of their major drawbacks when compared to their static CMOS single-ended counterparts. In this paper, we propose a initial study where scaled CMOS technnology and FinFET emerging technology are considered to foresee the relationship between ultra low power consumption, reduced delay, and security. As demonstration vehicle, we measure the performance and the security level achieved by different Substitution Boxes, implemented in different technologies. As main results, nanometer CMOS technologies maintains considerable security levels at reasonable power and delay figures, while FinFETs outperform CMOS in power and delay reduction, but with a non negligible degradation in security.

Logic minimization and wide fan-in issues in DPL-based cryptocircuits against power analysis attacks
E. Tena-Sánchez and A.J. Acosta
Journal Paper - International Journal of Circuit Theory and Applications, first online, 2018
JOHN WILEY & SONS    DOI: 10.1002/cta.2587    ISSN: 0098-9886    » doi
This paper discusses the use of logic minimization techniques and wide fan-in primitives and how the design and evaluation of combinational blocks for full-custom dual-precharge-logic-based cryptocircuits affect security, power consumption, and hardware resources. Generalized procedures for obtaining optimized solutions were developed and applied to the gate-level design of substitution boxes, widely used in block ciphers, using sense-amplifier-based logic in a 90-nm technology. The security of several proposals was evaluated with simulation-based correlation power analysis attacks, using the secret key measurements to disclosure metric. The simulation results showed increased security-power-delay figures for our proposals and, surprisingly, indicated that those solutions which minimized area occupation were both the most secure and the most power-efficient.

Effect of temperature variation in experimental DPA and DEMA attacks
E. Tena-Sánchez and A.J. Acosta
Conference - Int. Symposium on Power and Timing Modeling, Optimization and Simulation PATMOS 2018
Side-Channels attacks are usually performed to measure the vulnerability of cryptocircuits against malicious attacks. The conditions in which the attacks are carried out have influence in their effectivity. In this sense, temperature variations should be considered to assess the complete vulnerability of a system, but they have not been deeply considered in the literature. For this purpose, experimental DPA and DEMA attacks are carried out over one of the widest used and studied block cipher, namely AES algorithm, implemented in a Spartan-6 FPGA. The effectivity of DPA and DEMA attacks under different temperatures: 10, 25, 50 and 70°C have been studied experimentally. The attacks have been made over the 128 bits of two randomly chosen keys. The security achieved for each attack is measured using the Measurements to Disclose (MTD) the key, which determines the minimum number of patterns needed to retrieve the secret key. From the results we can obtain interesting conclusions: DPA attack is more effective than the DEMA attack over the AES implementation on FPGA. On the other hand, we conclude that the key has influence on the MTD value, but the variability between keys is of the same magnitude as the variability between temperatures, meaning that temperature variation is not a decisive factor in the effectiveness of an attack.

Power and energy issues on lightweight cryptography
A.J. Acosta, E. Tena-Sánchez, C.J. Jiménez and J.M. Mora
Journal Paper - Journal of Low Power Electronics, vol. 13, no. 3, pp 326-337, 2017
AMERICAN SCIENTIFIC PUBLISHERS    DOI: 10.1166/jolpe.2017.1490    ISSN: 1546-1998    » doi
Portable devices such as smartphones, smart cards and other embedded devices require encryption technology to guarantee security. Users store private data in electronic devices on a daily basis. Cryptography exploits reliable authentication mechanisms in order to ensure data confidentiality. Typical encryption security is based on algorithms that are mathematically secure. However, these algorithms are also costly in terms of computational and energy resources. The implementation of security mechanisms on dedicated hardware has been shown as a first-order solution to meet prescribed security standards at low power consumption with limited resources. These are the guidelines of the so-called lightweight cryptography. Upcoming Internet of Thing (IoT) is extensively demanding solutions in this framework. Interestingly, physical realizations of encryption algorithms can leak side-channel information that can be used by an attacker to reveal secret keys or private data. Such physical realizations must therefore be holistically addressed. Algorithm, circuit and layout aspects are to be considered in order to achieve secure hardware against active and passive attacks. In order to address the challenges raised by the IoT, both academia and industry are these days devoting significant efforts to the implementation of secure lightweight cryptography. This paper is a survey of (i) lightweight cryptography algorithms; (ii) techniques to reduce power applied to cryptohardware implementations; (iii) vulnerability analysis of low-power techniques against sidechannel attacks; and (iv) possibilities opened to emerging technologies and devices in the "More than Moore" scenario.

Embedded electronic circuits for cryptography, hardware security and true random number generation: an overview
A.J. Acosta, T. Addabbo and E. Tena-Sánchez
Journal Paper - International Journal of Circuit Theory and Applications, vol. 45, no. 2, pp 145-169, 2017
JOHN WILEY & SONS    DOI: 10.1002/cta.2296    ISSN: 0098-9886    » doi
We provide an overview of selected crypto-hardware devices, with a special reference to the lightweight electronic implementation of encryption/decryption schemes, hash functions, and true random number generators. In detail, we discuss the hardware implementation of the chief algorithms used in private-key cryptography, public-key cryptography, and hash functions, discussing some important security issues in electronic crypto-devices, related to side-channel attacks (SCAs), fault injection attacks, and the corresponding design countermeasures that can be taken. Finally, we present an overview about the hardware implementation of true random number generators, discussing the chief electronic sources of randomness and the types of post-processing techniques used to improve the statistical characteristics of the generated random sequences.

Vulnerability Evaluation and Secure Design Methodology of Cryptohardware for ASIC-embedded Secure Applications to Prevent Side-Channel Attacks
E. Tena-Sánchez, I. Durán, S. Canas and A. J. Acosta
Conference - Workshop on Trustworthy Manufacturing and Utilization of Secure Devices TRUDEVICE 2016
This poster presents the state of the art in the research performed by our group in designing and testing cryptohardware for ASIC-embedded secure applications. Implementations of both block-ciphers (Kasumi-Sbox9, AES-128) and stream-ciphers (Trivium) are explored at a circuit and transistor level, to increase their security figures. Analysis of vulnerability is made via Correlation Power Analysis (CPA) attacks, by implementing Correlation Electromagnetic Analysis attacks (CEMA), and using t-test leakage detection analysis, which are made at simulation and experimental level

A low-cost FPGA-based platform to perform fast Power/Electromagnetic Attacks on cryptographic circuits
S. Canas, E. Tena-Sánchez and A.J. Acosta
Conference - Conference on Design of Circuits and Integrated Systems DCIS 2016
In this paper, we propose a general purpose low-cost FPGA-based platform to acquire traces faster than a high performance logic analyzer from any kind of cryptographic device in order to use them to perform Power Analysis (PA) and Electromagnetic Analysis (EMA) attacks. The proposed platform can be easily customized to capture traces from any cryptocircuit to attack it, removing pattern generators (like expensive logic analyzers) to produce test patterns. We have tested and verified the functionality, speed and improvement over a logic analyzer-based setup measuring the power and electromagnetic traces to be used in a PA or EMA attack over an ASIC with an implementation of Trivium stream cipher and over a SBOX-9 (Kasumi) FPGA implementation. In the case of Trivium(ASIC implementation), the time needed to generate input patterns is reduced to 5% of the total time of measurement, being 4% for the SBOX-9 (FPGA implementation). The measurement time is compared to existing instrument-based alternatives.

Secure Cryptographic Hardware Implementation Issues for High-Performance Applications
E. Tena-Sánchez, A.J. Acosta and J. Nuñez
Conference - Int. Workshop on Power and Timing Modeling, Optimization and Simulation PATMOS 2016
In this paper the effect of high-performance techniques for high speed applications in secure cryptographic implementations is studied. The use of dual precharge logic styles with fine-grained pipelining with an overlapping three-phase clock scheme is studied, also including a correct distribution of the clock signal in the cryptographic implementation. To make this study, four different implementations of the Sbox-9 of the Kasumi algorithm have been implemented using an 90nm TSMC technology. Simulation-based DPA attacks have been carried out, showing how the proper synchronization of data signals gives better results in terms of power consumption and operating frequency, but affects negatively the security against side channel attacks, decreasing the number of input patterns needed to disclosure the secret key.

Application specific integrated circuit solution for multi-input multi-output piecewise-affine functions
P. Brox, M.C. Martínez-Rodríguez, E. Tena-Sánchez, I. Baturone and A.J. Acosta
Journal Paper - International Journal of Circuit Theory and Applications, vol. 44, no. 1, pp. 4-20, 2015
JOHN WILEY & SONS    DOI: 10.1002/cta.2058    ISSN: 0098-9886    » doi
This paper presents a fully digital architecture and its application specific integrated circuit implementation for computing multi-input multi-output (MIMO) piecewise-affine (PWA) functions. The work considers both PWA functions defined over regular hyperrectangular and simplicial partitions of the input domains and also lattice PWA representations. The proposed architecture is able to implement PWA functions following different realization strategies, using a common structure with a minimized number of blocks, thus reducing power consumption and hardware resources. Experimental results obtained with application specific integrated circuit (ASIC) integrated in a 90-nm complementary metal-oxide semiconductor standard technology are provided. The proposed architecture is compared with other digital architectures in the state of the art habitually used to implement model predictive control applications. The proposal is superior in power consumption (saving up to 86%) and economy of hardware resources (saving up to 40% in comparison with a mere replication of the three representations) to other proposals described in literature, being ready to be used in applications where high-performance and minimum unitary cost are required.

Optimized DPA attack on Trivium stream cipher using correlation shape distinguishers
E. Tena and A. Acosta
Conference - Conference on Design of Circuits and Integrated Systems DCIS 2015
Trivium is a hardware oriented stream cipher finalist of the eSTREAM project. In this work, an optimized Differential Power Analysis (DPA) attack on Trivium using correlation shape distinguishers is presented. Unlike in the previous reported attacks, we are able to retrieve the whole 80-bit key without making any hypothesis during the attack using the proposed method. The theoretical vulnerability analysis is presented and then checked developing a simulation-based DPA attack on a standard CMOS Trivium implementation in a 90nm TSMC technology. The results show that our simulation-based attack is successful for random keys, improving the previously-reported attacks at least in 91.25% in terms of number of patterns needed to recover the key.

Design and Characterization of Cryptohardware for ASIC-embedded Secure Applications to Prevent Power Analysis Attacks
E. Tena-Sánchez and A.J. Acosta
Conference - Workshop on Cryptographic Hardware and Embedded Systems CHES 2015
Information leakaged by cryptosystems can be used to reveal critical information using Side Channel Attacks. Differential Power Analysis (DPA) uses the power consumption dependence on the processed data to reveal the secret key. Countermeasures against DPA.

DPA Vulnerability Analysis on Trivium Stream Cipher using an Optimized Power Model
E. Tena-Sánchez and A.J. Acosta
Conference - IEEE International Symposium on Circuits and Systems ISCAS 2015
In this paper, a Differential Power Analysis (DPA) vulnerability analysis on Trivium stream cipher is presented. Compared to the two previously presented DPA attacks on Trivium, we retrieve the whole key without making any hypothesis during the attack. An optimized power model is proposed allowing the power trace acquisition without making any algorithmic noise removement thus simplifying the attack strategy considerably. The theoretical vulnerability analysis is presented and then checked developing a simulation-based DPA attack on a standard CMOS Trivium implementation in a 90nm TSMC technology. The results show that our attack is successful for random keys, saving in computer resources and time respecting to previously reported attacks. The attack is independent on technology used for the implementation of Trivium and can be used to measure the security of novel Trivium implementations.

Programmable ASICs for Model Predictive Control
M.C. Martínez-Rodríguez, P. Brox, E. Tena, A.J. Acosta and I. Baturone
Conference - IEEE International Conference on Industrial Technology ICIT 2015
Two configurable and programmable ASICs that implement piecewise-affine (PWA) functions have been designed in TSMC 90-nm technology in response to industry demands for embedded, fast response time, and low power solutions for Model Predictive Control (MPC). An automated model-based design flow can extract the parameters necessary for the configuration and the programming of both ASICs. Two application examples in the automotive field illustrate the design flow and the behavior of the ASICs.

Design and test of a low-power 90nm XOR/XNOR gate for cryptographic applications
E. Tena-Sánchez, J. Castro and A. Acosta
Conference - Int. Workshop on Power and Timing Modeling, Optimization and Simulation PATMOS 2014
In this paper, the design of a XOR/XNOR gate for low-power cryptographic applications is presented. The proposed gate optimizes the SABL (Sense Amplifier Based Logic) gate, widely used in cryptocircuit implementations, by removing residual charge in the pull-down circuit and simplifying the pull-up. The resulting gate improves SABL in terms of area, power consumption, propagation delay and resilience against Differential Power Analysis (DPA) attacks. To demonstrate the gain in performances, both gates have been designed, physically implemented and experimentally characterized, in a 90nm TSMC technology. Experimental results show a reduction of 15% in area, 12% in power consumption, and 40% in delay in the proposed gate. To demonstrate the gain in security of the proposal, simulation-based DPA attacks have been performed on respective Kasumi Sbox9 implementations, being our proposal suitable for inmediate application in high-performance secure cryptographic applications.

Low-Power Differential Logic Gates for DPA Resistant Circuits
E. Tena-Sanchez, J. Castro and A.J. Acosta
Conference - Euromicro Conference on Digital System Design DSD 2014
Information leakaged by cryptosistems can be used by third parties to reveal critical information using Side Channel Attacks (SCAs). Differential Power Analysis (DPA) is a SCA that uses the power consumption dependence on the processed data. Designers widely use differential logic styles with constant power consumption to protect devices against DPA. However, the right use of such circuits needs a fully symmetric structure and layout, and to remove any memory effect that could leak information. In this paper we propose improved low-power gates that provide excellent results against DPA attacks. Simulation based DPA attacks on Sbox9 are used to validate the effectiveness of the proposals.

A Methodology for Optimized Design of Secure Differential Logic Gates for DPA Resistant Circuits
E. Tena-Sánchez, J. Castro and A.J. Acosta
Journal Paper - IEEE Journal on Emerging and Selected Topics in Circuits and Systems, vol. 4, no. 2, pp 203-215, 2014
IEEE    DOI: 10.1109/JETCAS.2014.2315878    ISSN: 2156-3357    » doi
Cryptocircuits can be attacked by third parties using differential power analysis (DPA), which uses power consumption dependence on data being processed to reveal critical information. To protect security devices against this issue, differential logic styles with (almost) constant power dissipation are widely used. However, to use such circuits effectively for secure applications it is necessary to eliminate any energy-secure flaw in security in the shape of memory effects that could leak information. This paper proposes a design methodology to improve pull-down logic configuration for secure differential gates by redistributing the charge stored in internal nodes and thus, removing memory effects that represent a significant threat to security. To evaluate the methodology, it was applied to the design of AND/NAND and XOR/XNOR gates in a 90 nm technology, adopting the sense amplifier based logic (SABL) style for the pull-up network. The proposed solutions leak less information than typical SABL gates, increasing security by at least two orders of magnitude and with negligible performance degradation. A simulation-based DPA attack on the Sbox9 cryptographic module used in the Kasumi algorithm, implemented with complementary metal-oxide-semiconductor, SABL and proposed gates, was performed. The results obtained illustrate that the number of measurements needed to disclose the key increased by much more than one order of magnitude when using our proposal. This paper also discusses how the effectivenness of DPA attacks is influenced by operating temperature and details how to insure energy-secure operations in the new proposals.

Automatic and Systematic Test Toolset for Digital ASICs
E. Tena-Sánchez, J. Castro-Ramirez and A.J. Acosta-Jimenez
Conference - Conference on the Design of Circuits and Integrated Systems DCIS 2013
Abstract not available

Automatic and Systematic Control of Experimental Data Measurements on ASICs
E. Tena, J. Castro and A.J. Acosta
Conference - Symposium IMEKO TC 4 Symposium and IWADC Workshop 2013
This paper presents a methodology to perform automatic and systematic characterization test on application specific integrated circuits (ASICs). The proposed methodology is based on the automatic control of all laboratory equipment and the data processing with Matlab. The ASIC, or integrated system, is connected to controllable test equipment to generate patterns and collect the output data provided by the ASIC. The methodology that provides the Matlab script controlling the equipment, test process, making the analysis of the results and supervising the whole process, can be easily adapted to different experiments and ASIC features. The test of a piecewise affine (PWA) ASIC controller has been used to experimentally prove the automatic control in both open-loop as well as in closed-loop configurations, reducing the risk of manual measurement errors.

A programmable and configurable ASIC to generate piecewise-affine functions defined over general partitions
P. Brox, R. Castro-Ramirez, M.C. Martinez-Rodriguez, E. Tena, C.J. Jimenez, I. Baturone and A.J. Acosta
Journal Paper - IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 60, no. 12, pp 3182-3194, 2013
IEEE    DOI: 10.1109/TCSI.2013.2265962    ISSN: 1549-8328    » doi
This paper presents a programmable and configurable architecture and its inclusion in an Application Specific Integrated Circuit (ASIC) to generate Piecewise-Affine (PWA) functions. A Generic PWA form (PWAG) has been selected for integration, because of its suitability to implement any PWA function without resorting to approximation. The design of the ASIC in a 90 nm TSMC technology, its integration, test and characterization through different examples are detailed in the paper. Furthermore, the ASIC verification using an ASIC-in-the-loop methodology for embedded control applications is presented. To assess the characteristics of this verification, the double-integrator, a usual control application example has been considered. Experimental results validate the proposed architecture and the ASIC implementation.

Reducing bit flipping problems in SRAM physical unclonable functions for chip identification
S. Eiroa, J. Castro, M.C. Martínez-Rodríguez, E. Tena, P. Brox and I. Baturone
Conference - IEEE International Conference on Electronics, Circuits, and Systems ICECS 2012
Physical Unclonable functions (PUFs) have appeared as a promising solution to provide security in hardware. SRAM PUFs offer the advantage, over other PUF constructions, of reusing resources (memories) that already exist in many designs. However, their intrinsic noisy nature produces the so called bit flipping effect, which is a problem in circuit identification and secret key generation. The approaches reported to reduce this effect usually resort to the use of pre- and post-processing steps (such as Fuzzy Extractor structures combined with Error Correcting Codes), which increase the complexity of the system. This paper proposes a pre-processing step that reduces bit flipping problems without increasing the hardware complexity. The proposal has been verified experimentally with 90-nm SRAMs included in digital application specific integrated circuits (ASICs).

ASIC-in-the-loop methodology for verification of piecewise affine controllers
M. Martínez-Rodríguez, P. Brox, J. Castro, E. Tena, A. Acosta and I. Baturone
Conference - IEEE International Conference on Electronics, Circuits, and Systems ICECS 2012
This paper exposes a hardware-in-the-loop metho- dology to verify the performance of a programmable and confi- gurable application specific integrated circuit (ASIC) that imple- ments piecewise affine (PWA) controllers. The ASIC inserted into a printed circuit board (PCB) is connected to a logic analyzer that generates the input patterns to the ASIC (in particular, the values to program the memories, configuration parameters, and values of the input signals). The output provided by the ASIC is also taken by the logic analyzer. A Matlab program controls the logic analyzer to verify the PWA controller implemented by the ASIC in open-loop as well as in closed-loop configurations.

Scopus access Wok access