Ponencias (Instituto de Microelectrónica de Sevilla (IMSE-CNM))
URI permanente para esta colecciónhttps://hdl.handle.net/11441/10971
Examinar
Envíos recientes
Ponencia A High-Level-of-Assurance EUDI Wallet with a Remote WSCD Supporting Biometrics and Passkeys(Springer Nature, 2025-08-10) Franco, Claudia; Lancha, Carlos; Flores, Daniel; Arjona, Rosario; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Ciencia, Innovación y Universidades (MICIU). España; European Union (UE)The European Digital Identity (EUDI) Wallet is a user-controlled digital environment that is being developed to be used by all citizens of the European Union. The Architecture and Reference Framework (ARF) of the EUDI Wallet is a set of specifications designed to ensure their interoperability and security. Among specifications, a Wallet Secure Cryptographic Device (WSCD) with a high Level of Assurance must be used. A high LoA is achieved through the multifactor authentication of the Wallet User and the use of secure hardware for implementing the needed cryptographic and biometric algorithms. Also, EUDI Wallets should include a functionality to generate and manage user-chosen pseudonyms, to authenticate Users when accessing online services. This paper describes a high LoA EUDI Wallet using a remote WSCD, which is the most inclusive, userfriendly and scalable type of WSCD. User authentication is done through something you know (a password), something you have (a smartphone), and who you are (with facial biometrics). As secure hardware for the remote WSCD, we use an Intel SGX enclave. The WSCD allows the generation and management of Passkeys, which are a kind of pseudonyms following the W3C WebAuthn specification. A demonstrator has been developed using a Samsung Galaxy A52 as User device with the Wallet Instance, and a laptop with an Intel® Core ™ i7-10750H at 2.60 GHz and 16 GB RAM with Ubuntu 20.04.6 LTS, Intel SGX1 and disabled hyper-threading to implement the remote WSCD. The experimental results show that the WSCD needs 128MB of RAM and takes 374.2 ms to be bound to a User, 375.2 ms to authenticate the User and create a new Passkey, and 373.8 ms to authenticate the User and sign with an already existing Passkey.Ponencia A Cloud-Based Multifactor Authentication Scheme Using Post-Quantum Cryptography and Trusted Execution Environments(Springer Nature, 2025-08-10) Franco, Claudia; Arjona, Rosario; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Ciencia, Innovación y Universidades (MICIU). España; European Union (UE)Since online transactions increase every day (banking, health services, etc.), authenticating the users in the cloud with a high level of assurance is a big concern. We propose a multifactor authentication scheme using post-quantum cryptography and trusted execution environments (TEEs). Three authentication factors are considered: what the user has (a device storing a secret), what the user knows (a password) and who the user is (with face biometrics). CRYSTALS-Kyber post-quantum public-key encryption is executed in an enclave of a TEE to encrypt a combination of the three factors mentioned. Instead of using the closed TEE solutions available in some personal devices, we propose an open solution that implements each personal enclave (linked to each personal device) in a biometric server. Instead of using a local authentication to unlock a personal device, we propose the use of another server (an authentication server), with another enclave, to authenticate each user in the cloud. The sensitive information concerning biometrics is always protected in a post-quantum manner, not only because it is obtained and encrypted inside an enclave on a biometric server but also because it is communicated, stored, and processed at the authentication server without being decrypted, thanks to the homomorphic property of Kyber. Our proposal is scalable for many users and secure against malicious adversaries. Experimental results using Intel SGX1 enclaves disabling hyper-threading and a facial recognition system show that the time to perform the crypto-biometric operations (excluding the feature extraction) is 1.55 ms and the accuracy considering only the biometric factor is 99.2% with an EER of 1.18%, which are competitive results compared to the state-of-the-art.Ponencia Multimodal IoT Device Authentication using Behavioral and Physical Unclonable Functions and Kyber Public Key Encryption(Institute of Electrical and Electronics Engineers (IEEE), 2025-06-29) Román Hajderek, Roberto; Arjona, Rosario; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Ciencia, Innovación y Universidades (MICIU). España; European Union (UE)Proper device identity management and authentication is a must for many Internet of Things (IoT) applications. Physical Unclonable Functions (PUFs) are a wellknown solution for identifying IoT devices. However, they can be attacked using both intrusive and non-intrusive physical attacks. In this work, we propose a multimodal device authentication scheme using Behavioral and Physical Unclonable Functions (BPUFs), which is a more secure option than PUFs. Adequate server-side security is achieved because BPUF responses are processed in the encrypted domain using homomorphic encryption. Furthermore, helper data attacks are avoided and the solution is quantum-safe. The proposal has been evaluated on an ESP32 microcontroller considering the security against false acceptance attacks and the security level of the Kyber public key encryption used. Fixing the first security to more than 192 bits for the behavioral and physical functions, the execution times of the cryptographic operations range from 41.30 to 205.70 ms, working at 160 MHz, with communication bandwidths from 3,840 to 15,680 bytes, and non-volatile memory occupation from 800 to 1,568 bytes.
Ponencia An Educational Innovation Project Focused on the Implementation of Biometrics in Portable Devices(Institute of Electrical and Electronics Engineers, 2024-08-01) Arjona, Rosario; López González, Paula; Arcenegui Almenara, Javier; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Ciencia, Innovación y Universidades (MICIU). EspañaThis work describes an educational project that explains how to extract biometric features from biometric samples acquired with microelectronic sensors suitable for portable devices (wearables and mobile phones) by satisfying low cost and reduced size. Specifically, fingerprints, ECG (electrocardiogram) and pulse signals, faces and veins are considered as biometric traits. Acquisition methods associated with this are fingerprint sensors, ECG electrodes and pulse sensors for wearables (in this work, a Raspberry Pi), and cameras for the acquisition of faces and veins in mobile phones. Then, it is explained how features are extracted and compared using biometric recognition algorithms selected to be implemented in portable devices: the feature QFingerMap16 (QFM16) for fingerprints, ECG and pulse waves, FaceNet embeddings for faces, and SIFT (Scale Invariant Feature Transform) for veins. Finally, it is explained how the features extracted are extensively evaluated by using public databases that contain samples acquired with sensors suitable for portable devices. Theoretical and experimental material for this research line and application field are distributed in four sessions lasting 4 hours and 30 minutesPonencia Exploring Vein Biometrics on Ordinary Smartphones Using CNNs and Transfer Learning with Open and Closed Sets(Institute of Electrical and Electronics Engineers, 2024-12-11) López González, Paula; Arjona, Rosario; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Ciencia, Innovación y Universidades (MICIU). EspañaThis paper explores the feasibility of using vein recognition for biometric authentication on ordinary smartphones. A new dataset, USE-V2, consisting of 6600 vein images from dorsal hands and wrists, was collected under three different ambient conditions. Instead of designing a Convolutional Neural Network (CNN) from scratch, we used transfer learning with a pre-trained FaceNet model for extracting vein features and evaluated its performance in both open-set and closed-set scenarios with USE-V2 dataset. The recognition performance is acceptable when an open-set scenario with selection of ambient condition is considered (average EER of 5.18% for dorsal hands and 5.88% for wrists), and quite competitive for a closed-set scenario (average EER of 0.6% for dorsal hands and 0.75% for wrists). This approach paves the way for an efficient multimodal system integrating facial and vein recognition on smartphones, sharing most of the CNN layers.Ponencia Post-quantum Secure Communication with IoT Devices Using Kyber and SRAM Behavioral and Physical Unclonable Functions (Extended Abstract)(Springer nature, 2022-12-11) Román Hajderek, Roberto; Arjona, Rosario; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Ciencia e Innovación (MICIN). EspañaFor a secure Internet-of-Things (IoT) ecosystem, not only the establishment of secure communication channels but also the authentication of devices is crucial. Authenticated key exchange protocols establish shared cryptographic keys between the parties and, in addition, authenticate their identities. Usually, the identities are based on a pair of private and public keys. Physical Unclonable Functions (PUFs) are widely used recently to bind physically the private key to a device. However, since PUFs are vulnerable to attacks, even non-invasive attacks without accessing the device, this paper proposes the use of Behavioral and Physical Unclonable Functions (BPUFs), which allow multimodal authentication and are more difficult to be virtually or physically cloned. In order to resist attacks from classic and quantum computers, this paper considers a Kyber key exchange protocol. Recently, Kyber has been selected by the Post-Quantum Cryptography standardization process of the National Institute of Standards and Technology (NIST) for key establishment protocols. In this work, we propose to strengthen a Kyber key exchange protocol with BPUFs extracted from SRAMs included in IoT devices. Experimental results prove the feasibility of the proposal in WiPy boards.Ponencia A Quantum-Resistant and Fast Secure Boot for IoT Devices Using Hash-Based Signatures and SRAM PUFs(Springer Nature, 2022-06-12) Román Hajderek, Roberto; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. España; Junta de AndalucíaSecure boot is a key security feature of trusted IoT devices. In this paper, a two-stage secure boot is proposed with two benefits: quantum-resistance and fast execution. In the verification of the first stage, an HMAC is used with a secret key reconstructed from an on-chip SRAM Physical Unclonable Function (PUF) and non-sensitive Helper Data (HD). Since the SRAM cells are classified conveniently in a registration phase, a simple repetition error correcting code is employed along with small-sized Helper Data. In the second-stage verification, the IoT device verifies the application firmware with a Winternitz One-Time Signature (WOTS+), which forms part of an eXtended Merkle Signature Scheme (XMSS). The full XMSS signature can be verified externally by the user of the device. Simple instances of tweakable hash functions proposed in SPHINCS+ are used for WOTS+ and XMSS schemes. The proposal is evaluated on the ESP32 microcontroller taking advantage of its available SHA accelerator. Working at 160 MHz, the first-stage verification takes only 6.04 ms. Excluding the message hashing, the second-stage verification takes from 5.12 to 25.83 ms depending on signature parameters. Compared with the XMSS RFC8391 reference implementation, from 304 to 608 bytes are not needed to be stored in the device. For a security of 128 bits, the proposal is from 17.25 to 39.77 times faster in cycles than the Elliptic Curve Digital Signature Algorithm (ECDSA) and saves 2992 bytes of flash memory.Ponencia Sealed storage for low-cost IoT Devices: An approach using SRAM PUFs and post-quantum cryptography(Association for Computing Machinery, 2021-11-22) Román Hajderek, Roberto; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. España; Junta de AndalucíaThe number of Internet of Things (IoT) devices is increasing since they can solve many problems, such as those found in healthcare or power grid. Since they are susceptible to be attacked, solutions must be explored to make them more trustworthy and, thus, increment the confidence of their users. It is common that trusted devices use secret keys to achieve confidentiality of data stored in non-volatile memory, data in transit, and to authenticate themselves to other parties. However, these keys can be compromised if an attacker takes control of the platform by exploiting some vulnerability. In this work, we propose to seal the secret keys to the platform and to a specific state, mainly associated with the memory content and determined in a development stage. The secret keys are encrypted with a Sealing Secret Key that is not stored in the device, but obfuscated with an SRAM PUF, making it more secure. When a secret key has to be sealed or unsealed, functions called seal() and unseal() are employed. They have atomic execution and are stored in a ROM memory. Their goal is to measure the state of the platform and recuperate the sealing secret key only if the measurement matches a valid one signed by the application developer. As quantum computers are emerging and future IoT devices must be resistant to attacks performed by them, we choose Dilithium and Saturnin as cryptographic primitives. Benchmarking results taken in an ESP32 microcontroller show the suitability of the proposal for an IoT device.Ponencia Rule Simplification Method Based on Covering Indexes for Fuzzy Classifiers(Institute of Electrical and Electronics Engineers Inc., 2021-08-05) Gersnoviez, Andrés; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. España; Junta de AndalucíaA large number of rules increases the complexity of fuzzy classifiers and reduces the linguistic interpretability of the classification. A tabular rule simplification method that extends the Quine-McCluskey algorithm of Boolean design to fuzzy logic is analyzed in detail in this paper. The method obtains a few compound rules from many initial atomic rules. The influence of membership functions as well as t-norms and s-norms operands, which can be even null if many atomic rules are used, becomes apparent in the classification regions (decision boundaries) induced by the compound rules. Since the compound rules can be ordered according to the covering indexes that measure the number of atomic rules covered, more or less generic classification rules and rules with particular indexes can be further identified, which could ease subsequent classification or decision-making.Ponencia Auto-calibrated ring oscillator TRNG based on jitter accumulation(Institute of Electrical and Electronics Engineers, 2020-09-28) Prada Delgado, Miguel Ángel; Martínez Gómez, Cristina; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. EspañaThis paper provides a mathematical model that describes how deterministic and Gaussian jitter of an oscillating signal accumulated during a time interval are related to the bits of the binary-coded count value of the oscillations. The model is employed to propose a robust TRNG that has a simple interface (an initialization signal as input and the random bits as output) and that features auto-calibration to certify high entropy of the raw bits provided as well as to work at the highest throughput allowed by the available local Gaussian noise. The mathematical analysis is confirmed with experimental results of ring oscillator (RO) TRNGs described in VHDL and implemented in the programmable logic of Zynq family Xilinx FPGAs, using either another RO or the clock of the FPGA board to control the time interval of oscillations.Ponencia Calibration of Ring Oscillator PUF and TRNG(Institute of Electrical and Electronics Engineers, 2020-10-09) Martínez Gómez, Cristina; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Junta de Andalucía; Agencia Estatal de Investigación. EspañaThis paper describes a circuit structure named RO-PUF-TRNG based on ring oscillators (ROs), which is able to be calibrated to perform as a physically unclonable function (PUF) and a true random number generator (TRNG) with high uniqueness, entropy, and throughput. The calibration is based on a mathematical model that describes how the PUF and TRNG response bits are related to the intrinsic variations of the fabrication process and bitstream generation (in the case of FPGAs) as well as to the Gaussian noise. The results obtained with the proposed calibration are illustrated with the large dataset of RO frequencies from 90-nm FPGAs provided in [1].Ponencia How to implement a fingerprint recognition algorithm into a wearable device(Institute of Electrical and Electronics Engineers, 2020-08-11) Arjona, Rosario; Arcenegui Almenara, Javier; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. España; Junta de AndalucíaThis work describes how to implement a fingerprint recognition algorithm into an ARM Cortex-M3 microcontroller included in a Texas Instruments LaunchPad CC2650 evaluation kit. The application context is the realization of a wearable device for biometrics security. On the one hand, the students become familiar with wearable devices whose basic component is a low power microcontroller. On the other hand, the students learn about a security application based on fingerprint recognition, which employs typical operations of image processing.Ponencia Using simulink HDL Coder to implement a fingerprint recognition algorithm into an FPGA(Institute of Electrical and Electronics Engineers, 2020-08-11) Arjona, Rosario; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. España; Junta de AndalucíaThis work describes a model-based hardware design flow which uses Simulink HDL Coder and Xilinx tools to implement a fingerprint recognition algorithm into a Virtex-6 FPGA. Students can learn how this automated hardware design flow reduces the time to create a prototype since only the high-level description is required. In addition, the fingerprint recognition application allows illustrating how typical processing blocks employed for image processing are used in the context of biometrics security.Ponencia Hierarchical fuzzy controllers for explicit MPC control laws: Adaptive cruise control example(Institute of Electrical and Electronics Engineers, 2020-08-26) Gersnoviez, Andres; Brox Jiménez, María; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Junta de Andalucía; Agencia Estatal de Investigación. EspañaThis paper presents a methodology to approximate explicit Model Predictive Control (MPC) laws by hierarchical fuzzy systems, particularly piecewise-affine hierarchical (PWAH) systems. These hierarchical controllers provide high operation speed with low cost in computational and memory resources because they are formed only by single-input and single-output (SISO) fuzzy modules connected in cascade. The methodology employs the CAD tools of Xfuzzy environment to describe, adjust, verify, and implement the controllers in a Field Programmable Gate Array (FPGA). The methodology is illustrated with the design and FPGA implementation of a hierarchical controller for a car adaptive cruise control (ACC) system. The resulting controller is better in terms of speed and FPGA resource consumption than other solutions reported in the literature.Ponencia CMOS digital design of a trusted virtual sensor(Institute of Electrical and Electronics Engineers, 2017-11-30) Martínez Rodríguez, Macarena Cristina; Prada Delgado, Miguel Ángel; Brox Jiménez, Piedad; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Economía y Competitividad (MINECO). España; Consejo Superior de Investigaciones Científicas (CSIC)This work presents the digital design of a trusted virtual sensor. The virtual sensor implements a piecewise-affine (PWA)-based model to estimate the sensed variable. The measurement is authenticated with the keyed-hash message authentication code (HMAC) standard. To ensure the integrity of the sensor, the static random access memory (SRAM) required by the sensor is also used as physical unclonable function (PUF). Implementation results of the design in a 90-nm CMOS technology show that the security blocks occupy 5.1% of the area occupied by the required PWA blocks and consume 15.4% of the power consumed by the required PWA blocks. The sensor is able to provide trusted outputs in 106.3 microseconds when working at 100 MHz.Ponencia Trustworthy firmware update for Internet-of-Thing Devices using physical unclonable functions(Institute of Electrical and Electronics Engineers, 2017-08-24) Prada Delgado, Miguel Ángel; Vázquez Reyes, A.; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Economía y Competitividad (MINECO). EspañaConnected devices that are part of the so-called Internet of Things (IoT) need to update their firmware over their lifetime. The problem is that updates can be used by attackers to inject malicious code. This work presents a lightweight protocol to update each device in a secure way. The cryptographic keys employed are fresh and are not stored but reconstructed by exploiting the Physical Unclonable Functions (PUFs) of the device hardware. The feasibility of the proposal is illustrated with experimental results of IoT devices that use the SRAM PUFs in their Bluetooth Low Energy (BLE) system on chips.Ponencia Physical unclonable keys for smart lock systems using Bluetooth Low Energy(Institute of Electrical and Electronics Engineers, 2016-12-22) Prada Delgado, Miguel Ángel; Vázquez Reyes, A.; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Ministerio de Economía y Competitividad (MINECO). EspañaNowadays, several smart lock systems use Bluetooth Low Energy (BLE) to stablish a wireless communication between the physical key (key fob, card, smartphone, etc.) and the lock. Security is based on creating and storing secret digital keys to establish a cryptographically secure communication. The problem is that several attacks can break such security, particularly the copy of the physical key. In order to increase the difficulty of the attacks, the physical keys described in this paper do not store the secret cryptographic keys but reconstruct them when they are needed and remove them when they are not used. Only the trusted physical keys are able to reconstruct the secrets with the public data stored in them. This is possible by using the start-up values of the SRAM in the BLE chip of the physical key, which acts as a physical unclonable function (PUF), so that if the physical key is copied, the lock cannot be opened. The idea has been proven with the development of a smart lock system with key fobs based on the CC2541 BLE system on chip from Texas Instruments. Experimental results are included to illustrate the performance.Ponencia Programmable ASICs for model predictive control(Institute of Electrical and Electronics Engineers, 2015-06-18) Martínez Rodríguez, Macarena Cristina; Brox Jiménez, Piedad; Tena Sánchez, Erica; Acosta Jiménez, Antonio José; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Tecnología Electrónica; Ministerio de Economía y Competitividad (MINECO). España; Consejo Superior de Investigaciones Científicas (CSIC)Two configurable and programmable ASICs that implement piecewise-affine (PWA) functions have been designed in TSMC 90-nm technology in response to industry demands for embedded, fast response time, and low power solutions for Model Predictive Control (MPC). An automated model-based design flow can extract the parameters necessary for the configuration and the programming of both ASICs. Two application examples in the automotive field illustrate the design flow and the behavior of the ASICs.Ponencia Combining CRYSTALS-Kyber Homomorphic Encryption with Garbled Circuits for Biometric Authentication(Institute of Electrical and Electronics Engineers, 2024-12-11) Arjona, Rosario; Franco Moreno, Claudia; Román Hajderek, Roberto; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. EspañaBiometric data are sensitive according to personal data regulations and ISO/IEC 24745. In a biometric recognition system, biometric data should be protected from their generation to their comparison. In this work, we combine postquantum homomorphic encryption using CRYSTALS-Kyber (the base post-quantum algorithm of the FIPS 203 standard for module-lattice-based key-encapsulation mechanism, recently approved by the NIST) with Garbled Circuits, which allow different parties to compute the result of an operation from private inputs. We propose a protected biometric authentication scheme in which homomorphic encryption with CRYSTALS-Kyber public-key encryption computes the difference between the reference and a query, and a Garbled Circuit (GC) performs the comparison with a threshold. Two GC frameworks, TinyGarble (based on Verilog) and TinyGarble2 (based on C++), are employed to design a privacy-preserving face authentication system with FaceNet embeddings. The two frameworks are compared in terms of design and computation costs. In any case, the authentication takes, approximately, 0.5 seconds.Ponencia Hardware Security for eXtended Merkle Signature Scheme Using SRAM-based PUFs and TRNGs(Institute of Electrical and Electronics Engineers Inc., 2020-12-18) Román Hajderek, Roberto; Arjona, Rosario; Arcenegui Almenara, Javier; Baturone Castillo, María Iluminada; Electrónica y Electromagnetismo; Agencia Estatal de Investigación. España; Junta de AndalucíaDue to the expansion of the Internet of Things (IoT), there is an increasing number of interconnected devices around us. Integrity, authentication and non-repudiation of data exchanged between them is becoming a must. This can be achieved by means of digital signatures. In recent years, the eXtended Merkle Signature Scheme (XMSS) has gained popularity in embedded systems because of its simple implementation, post-quantum security, and minimal security assumptions. From a hardware point of view, the security of digital signatures strongly depends on how the private keys are generated and stored. In this work, we propose the use of SRAMs as True Random Generators (TRNGs) and Physically Unclonable Functions (PUFs) to generate and reconstruct XMSS keys in a trusted way. We achieve a low-cost solution that only adds lightweight operations to the signature itself, such as repetition decoding and XORing, and does not require additional hardware (like secure non-volatile memories) since the manufacturing variations of the SRAM inside the IoT device are exploited. As a proof of concept, the solution was implemented in an IoT board based on the ESP32 microcontroller.