@Patent {18589, title = {Reconfigurable Logic Circuit}, number = {GB1719355.8}, year = {Submitted}, month = {11/2017}, type = {UK}, author = {Mentens, Nele and Charbon, Edoardo and Regazzoni, Francesco} } @article {18591, title = {Black-Hat High-Level Synthesis: Myth or Reality?}, journal = {IEEE Transactions on Very Large Scale Integration Systems}, year = {In Press}, doi = {10.1109/TVLSI.2018.2884742}, author = {Pilato, Christian and Basu, Kanad and Regazzoni, Francesco and Karri, Ramesh} } @article {18569, title = {Compact Circuits for Combined AES}, journal = {Journal of Cryptographic Engineering}, year = {In Press}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @article {18567, title = {Customized Instructions for Protection Against Memory Integrity Attacks}, journal = {IEEE Embedded Systems Letters}, year = {In Press}, author = {Roy, Debapriya Basu and Alam, Manaar and Bhattacharya, Sarani and Govindan, Vidya and Regazzoni, Francesco and Chakraborty, Rajat Subhra and Mukhopadhyay, Debdeep} } @article {18570, title = {On Practical Discrete Gaussian Samplers For Lattice-Based Cryptography}, journal = {IEEE Transaction on Computers}, year = {In Press}, author = {Howe, James and Khalid, Ayesha and Rafferty, Ciara and Regazzoni, Francesco and O{\textquoteright}Neill, Maire} } @article {18552, title = {TaintHLS: High-Level Synthesis For Dynamic Information Flow Tracking}, journal = {IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems}, year = {In Press}, doi = {10.1109/TCAD.2018.2834421}, author = {Pilato, Christian and Garg, Siddharth and Wu, Kaijie and Karri, Ramesh and Regazzoni, Francesco} } @article {18568, title = {Towards Low Energy Stream Ciphers}, journal = {IACR Transactions on Symmetric Cryptology}, year = {In Press}, author = {Banik, Subhadeep and Mikhalev, Vasily and Armknecht, Frederik and Isobe, Takanori and Meier, Willi and Bogdanov, Andrey and Watanabe, Yuhei and Regazzoni, Francesco} } @conference {18590, title = {High-Level Synthesis of Benevolent Trojans}, booktitle = {Proceedings of the IEEE Design, Automation and Test in Europe Conference (DATE)}, year = {2019}, author = {Pilato, Christian and Basu, Kanad and Shayan, Mohammed and Regazzoni, Francesco and Karri, Ramesh} } @conference {18595, title = {Power and Performance Optimized Hardware Classifiers for Eefficient On-device Malware Detection}, booktitle = {Cryptography and Security in Computing Systems}, year = {2019}, month = {01/2019}, publisher = {ACM}, organization = {ACM}, address = {Valencia, Spain}, author = {Wahab, Muhammad Abdul and Milosevic, Jelena and Regazzoni, Francesco and Ferrante, Alberto} } @conference {18573, title = {Compact, Scalable, and Efficient Gaussian Samplers for Lattice-Based Cryptography}, booktitle = {Proceedings of the IEEE International Symposium on Circuits and Systems (ISCAS) 2018}, year = {2018}, author = {Khalid, Ayesha and Howe, James and Rafferty, Ciara and Regazzoni, Francesco and O{\textquoteright}Neil, Maire} } @conference {18577, title = {Efficient Configurations for Block Ciphers with Unified ENC/DEC Paths}, booktitle = {Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST) 2017}, year = {2018}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18559, title = {Exploring the Vulnerability of R-LWE Encryption to Fault Attacks}, booktitle = {Workshop on Cryptography and Security in Computing Systems of the HiPEAC2018 Conference, CS2 {\textquoteright}18}, year = {2018}, publisher = {ACM}, organization = {ACM}, address = {New York, NY, USA}, author = {Valencia, Felipe and Oder, Tobias and G{\"u}neysu, Tim and Regazzoni, Francesco} } @conference {18574, title = {Inverse Gating for Low Energy Block Ciphers}, booktitle = {Proceedings of the IEEE International Symposium on Hardware Oriented Security and Trust (HOST)}, year = {2018}, author = {Banik, Subhadeep and Bogdanov, Andrey and Isobe, Takanori and Hiwatari, Harunaga and Akishita, Toru and Regazzoni, Francesco} } @conference {18546, title = {Moving Convolutional Neural Networks to Embedded Systems: The Alexnet and VGG-16 Case}, booktitle = {Proceedings of the 17th ACM/IEEE International Conference on Information Processing in Sensor Networks}, year = {2018}, publisher = {IEEE Press}, organization = {IEEE Press}, address = {Piscataway, NJ, USA}, keywords = {approximate computing, convolutional neural networks, deep learning, embedded systems}, isbn = {978-1-5386-5298-5}, doi = {10.1109/IPSN.2018.00049}, url = {https://doi.org/10.1109/IPSN.2018.00049}, author = {Alippi, Cesare and Disabato, Simone and Roveri, Manuel} } @conference {18585, title = {Quantum Era Challenges for Classical Computers}, booktitle = {Proceedings of the 18th International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation}, year = {2018}, publisher = {ACM}, organization = {ACM}, address = {New York, NY, USA}, isbn = {978-1-4503-6494-2}, doi = {10.1145/3229631.3264737}, url = {http://doi.acm.org/10.1145/3229631.3264737}, author = {Regazzoni, Francesco and Fowler, Austin and Polian, Ilia} } @conference {18575, title = {Rethinking Secure FPGAs: TowardsCryptography-friendly Configurable Cell Architecture and its Automated Design Flow}, booktitle = {Proceedings of FCCM}, year = {2018}, month = {05/2018}, author = {Mentens, Nele and Charbon, Edoardo and Regazzoni, Francesco} } @conference {18588, title = {SCA-Resistance for AES: How Cheap Can We Go?}, booktitle = {Progress in Cryptology {\textendash} AFRICACRYPT 2018}, year = {2018}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, address = {Cham}, abstract = {This paper introduces a novel AES structure capable of improving the robustness against power analysis attacks while allowing for a very compact structure with a potentially negligible area and performance impact. The proposed design is based on a low entropy masking scheme, where half of the time the true value and half of the time the complemented value are used to mask the power consumption variation. The obtained experimental results suggest that the area overhead for the protection against power analysis is as low as 5{\%} LUT increase with a performance degradation of about 10{\%}. When compared with the state of the art supported on FPGAs, efficiency improvements above 6 times and a throughput improvement of at least two times higher are achieved.}, isbn = {978-3-319-89339-6}, author = {Chaves, Ricardo and Chmielewski, {\L}ukasz and Regazzoni, Francesco and Batina, Lejla}, editor = {Joux, Antoine and Nitaj, Abderrahmane and Rachidi, Tajjeeddine} } @article {18554, title = {Securing Hardware Accelerators: a New Challenge for High-Level Synthesis}, journal = {IEEE Embedded Systems Letters}, volume = {3}, issue = {10}, year = {2018}, month = {11/2017}, pages = {77-80}, chapter = {77}, doi = {10.1109/LES.2017.2774800}, author = {Pilato, Christian and Garg, Siddharth and Karri, Ramesh and Regazzoni, Francesco} } @conference {18584, title = {Security: The Dark Side of Approximate Computing?}, booktitle = {Proceedings of the International Conference on Computer-Aided Design}, year = {2018}, month = {11/2018}, publisher = {ACM}, organization = {ACM}, address = {New York, NY, USA}, isbn = {978-1-4503-5950-4}, doi = {10.1145/3240765.3243497}, url = {http://doi.acm.org/10.1145/3240765.3243497}, author = {Regazzoni, Francesco and Alippi, Cesare and Polian, Ilia} } @conference {18555, title = {TAO: Techniques for Algorithmic Obscuration during High-Level Synthesis}, booktitle = {Proceedings of the ACM/IEEE Design Automation Conference (DAC)}, year = {2018}, doi = {10.1145/3195970.3196126}, author = {Pilato, Christian and Regazzoni, Francesco and Karri, Ramesh and Garg, Siddharth} } @conference {18581, title = {Cross-layer Design of Reconfigurable Cyber-Physical Systems}, booktitle = {Proceedings of Design, Automation and Test in Europe (DATE) 2017}, year = {2017}, author = {Masin, Michael and Palumbo, Francesca and Myrhaug, Hans and Filho, Julio A. de Oliv and Pastena, Max and Pelcat, Maxime and Raffo, Luigi and Regazzoni, Francesco and Sanchez, Angel A. and Toffetti, Antonella and de la Torre, Eduardo and Zedda, Katiuscia} } @conference {18560, title = {The design space of the number theoretic transform: {A} survey}, booktitle = {2017 International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation, {SAMOS} 2017, Pythagorion, Greece, July 17-20, 2017 (Invited)}, year = {2017}, doi = {10.1109/SAMOS.2017.8344640}, url = {https://doi.org/10.1109/SAMOS.2017.8344640}, author = {Valencia, Felipe and Khalid, Ayesha and O{\textquoteright}Sullivan, Elizabeth and Regazzoni, Francesco} } @conference {18539, title = {Detecting changes at the sensor level in cyber-physical systems: Methodology and technological implementation}, booktitle = {2017 International Joint Conference on Neural Networks (IJCNN)}, year = {2017}, month = {May}, keywords = {actuators, adaptation mechanisms, adaptive systems, Change detection, change-point method, Computational modeling, cyber-physical systems, datastreams, fault detection and diagnosis, fault tolerant computing, ICI-based change detection test, Intelligence for Embedded and Cyber-physical Systems, Mann-Whitney change-point method, Mathematical model, model-free change detection test, Predictive models, Random variables, self-adaptive CPS, self-adaptive cyber-physical systems, self-configuration, self-healing skills, self-management, sensor acquisitions, sensor level, sensors, signal detection, Smart Sensor Networks, ST STM32 Nucleo platform, time-variant environments, Training}, doi = {10.1109/IJCNN.2017.7966066}, author = {Alippi, Cesare and D{\textquoteright}Alto, Viviana and Falchetto, Mirko and Pau, Danilo and Roveri, Manuel} } @inbook {18571, title = {Fault Attacks, Injection Techniques and Tools for Simulation}, booktitle = {Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment}, year = {2017}, pages = {149-167}, publisher = {Springer}, organization = {Springer}, edition = {First edition; 2016}, author = {Piscitelli, Roberta and Bhasin, Shivam and Regazzoni, Francesco} } @inbook {18572, title = {Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment}, year = {2017}, publisher = {Springer}, organization = {Springer}, edition = {First edition; 2016}, author = {Sklavos, Nicolas and Chaves, Ricardo and Di Natale, Giorgio and Regazzoni, Francesco} } @article {18561, title = {An Investigation of Sources of Randomness Within Discrete Gaussian Sampling}, journal = {IACR Cryptology ePrint Archive}, volume = {2017}, year = {2017}, pages = {298}, author = {Brannigan, S{\'e}amus and Smyth, Neil and Oder, Tobias and Valencia, Felipe and O{\textquoteright}Sullivan, Elizabeth and G{\"u}neysu, Tim and Regazzoni, Francesco} } @conference {18541, title = {Learning in Nonstationary Environments: A Hybrid Approach}, booktitle = {Artificial Intelligence and Soft Computing}, year = {2017}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, address = {Cham}, abstract = {Solutions present in the literature to learn in nonstationary environments can be grouped into two main families: passive and active. Passive solutions rely on a continuous adaptation of the envisaged learning system, while the active ones trigger the adaptation only when needed. Passive and active solutions are somehow complementary and one should be preferred than the other depending on the nonstationarity rate and the tolerable computational complexity. The aim of this paper is to introduce a novel hybrid approach that jointly uses an adaptation mechanism (as in passive solutions) and a change detection triggering the need to retrain the learning system (as in active solutions).}, isbn = {978-3-319-59060-8}, author = {Alippi, Cesare and Qi, Wen and Roveri, Manuel}, editor = {Rutkowski, Leszek and Korytkowski, Marcin and Scherer, Rafa{\l} and Tadeusiewicz, Ryszard and Zadeh, Lotfi A. and Zurada, Jacek M.} } @conference {18537, title = {A lightweight and energy-efficient Internet-of-birds tracking system}, booktitle = {2017 IEEE International Conference on Pervasive Computing and Communications (PerCom)}, year = {2017}, month = {March}, keywords = {animal movement tracking, application server, Birds, cellular radio, cloud computing, energy assessment, energy conservation, energy consumption, energy efficient Internet-of-birds tracking system, GSM, GSM-based tracking device energy consumption reduction, Internet of Things, Internet-of-things vision, joint localization-transmission phase, Northern Italy, quality of service, Radar tracking, Receivers, Satellites, telecommunication power management, Tracking, Transmitters}, doi = {10.1109/PERCOM.2017.7917862}, author = {Alippi, Cesare and Ambrosini, Roberto and Longoni, Violetta and Cogliati, Dario and Roveri, Manuel} } @inbook {18466, title = {Malware Threats and Solutions for Trustworthy Mobile Systems Design}, booktitle = {Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment}, year = {2017}, pages = {149-167}, publisher = {Springer}, organization = {Springer}, edition = {First edition; 2016}, keywords = {malware, mobile systems, security metric, trusting}, doi = {https://doi.org/10.1007/978-3-319-44318-8_8}, author = {Milosevic, Jelena and Regazzoni, Francesco and Malek, Miroslaw} } @article {18531, title = {Model-Free Fault Detection and Isolation in Large-Scale Cyber-Physical Systems}, journal = {IEEE Transactions on Emerging Topics in Computational Intelligence}, volume = {1}, year = {2017}, month = {Feb}, pages = {61-71}, keywords = {Change detection algorithms, clustering methods, Computational modeling, cyber-physical systems, Fault detection, Hidden Markov models, monitoring, Sensor phenomena and characterization, Sensor systems}, doi = {10.1109/TETCI.2016.2641452}, author = {Alippi, Cesare and Ntalampiras, Stavros and Roveri, Manuel} } @article {18534, title = {The (Not) Far-Away Path to Smart Cyber-Physical Systems: An Information-Centric Framework}, journal = {Computer}, volume = {50}, year = {2017}, month = {April}, pages = {38-47}, keywords = {adaptive systems, autonomic computing, communication technologies, CPSs, cyber-physical systems, cybersecurity, embedded systems, Energy management, fault detection and diagnosis, Fault diagnosis, Green computing, homogeneous integrated framework, information-centric framework, intelligent functionalities, Intelligent sensors, Intelligent systems, Internet of Things, IoT, learning (artificial intelligence), low-cost sensors, security, smart cyber-physical systems, smart technology}, issn = {0018-9162}, doi = {10.1109/MC.2017.111}, author = {Alippi, Cesare and Roveri, Manuel} } @conference {18582, title = {Predictive Analytics: A Shortcut to Dependable Computing}, booktitle = {Software Engineering for Resilient Systems}, year = {2017}, publisher = {Springer International Publishing}, organization = {Springer International Publishing}, address = {Cham}, abstract = {The paper lists three major issues: complexity, time and uncertainty, and identifies dependability as the permanent challenge. In order to enhance dependability, the paradigm shift is proposed where focus is on failure prediction and early malware detection. Failure prediction methodology, including modeling and failure mitigation, is presented and two case studies (failure prediction for computer servers and early malware detection) are described in detail. The proposed approach, using predictive analytics, may increase system availability by an order of magnitude or so.}, isbn = {978-3-319-65948-0}, author = {Malek, Miroslaw}, editor = {Romanovsky, Alexander and Troubitsyna, Elena A.} } @conference {18576, title = {Special Session Paper: Efficient Arithmetic for lattice-based Cryptography}, booktitle = {Proceedings of the CODES+ISSS 2017}, year = {2017}, author = {O{\textquoteright}Sullivan, Elizabeth and Regazzoni, Francesco} } @conference {18488, title = {Adaptable AES implementation with power-gating support}, booktitle = {International Conference on Computing Frontiers CF{\textquoteright}16}, series = {Proceedings of the ACM International Conference on Computing Frontiers}, year = {2016}, month = {05/2016}, pages = {331-334}, publisher = {ACM Ney York, NY, USA}, organization = {ACM Ney York, NY, USA}, address = {Como, Italy}, abstract = {In this paper, we propose a reconfigurable design of the Advanced Encryption Standard capable of adapting at runtime to the requirements of the target application. Reconfiguration is achieved by activating only a specific subset of all the instantiated processing elements. Further, we explore the effectiveness of power gating and clock gating methodologies to minimize the energy consumption of the processing elements not involved in computation.}, keywords = {AES implementation, power analysis attacks, power modeling}, isbn = {978-1-4503-4128-8}, doi = {10.1145/2903150.2903488}, url = {http://doi.acm.org/10.1145/2903150.2903488}, author = {Banik, Subhadeep and Bogdanov, Andrey and Fanni, Tiziana and Sau, Carlo and Raffo, Luigi and Palumbo, Francesca and Regazzoni, Francesco} } @conference {18578, title = {Atomic-AES: A Compact Implementation of the AES Encryption/Decryption Core}, booktitle = {Proceedings of 17th International Conference on Cryptology in India (INDOCRYPT) 2016}, year = {2016}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18447, title = {Change Detection in Multivariate Datastreams: Likelihood and Detectability Loss}, booktitle = {25th International Joint Conference on Artificial Intelligence (IJCAI-16)}, year = {2016}, month = {07/2016}, address = { New York, USA}, abstract = {We address the problem of detecting changes in multivariate datastreams, and we investigate the intrinsic difficulty that change-detection methods have to face when the data-dimension scales. In particular, we consider the general approach that detects changes by comparing the distribution of the log-likelihood of the datastream over different time windows. Despite the fact that this approach constitutes the frame for several change-detection methods, its effectiveness when the dimension of data scales has never been investigated, which is indeed the goal of our paper. We show that the magnitude of the change can be naturally measured by the symmetric Kullback-Leibler divergence between the pre- and post-change distributions, and that the detectability of a change of a given magnitude worsens when the data-dimension increases. This structural problem, which we refer to as detectability loss, is due to the linear relationship existing between the variance of the log-likelihood and the data dimension, and reveals to be harmful even at low data-dimensions (say, 10). We analytically derive the detectability loss on Gaussian-distributed datastreams, and empirically demonstrate that this problem holds also on real-world datasets.}, author = {Alippi, Cesare and Boracchi, Giacomo and Carrera, Diego and Roveri, Manuel} } @article {18511, title = {A Cloud to the Ground: The New Frontier of Intelligent and Autonomous Networks of Things}, journal = {IEEE Communication Magazine}, volume = {54}, issue = {12}, year = {2016}, month = {11/2016}, pages = {14 - 20}, chapter = {14}, abstract = {The Internet-of-Things (IoT) paradigm is supporting -and will support- an ever-increasing number of services and applications impacting on almost every aspect of our everyday life. The current trend is forecasting IoT to connect tens of billion objects by 2020 yielding a very-high volume of data to be acquired, transmitted and processed. IoT typically relies on Cloud Computing to process, analyze and store the data acquired by IoT entities. Unfortunately, the need to transmit all data from the information producing objects to the Cloud for a subsequent processing/analysis phase would require a large bandwidth and increase the latency in the {\textquotedblleft}decision-making process{\textquotedblright} whenever decisions/reactions must be promptly taken by the IoT units. The Fog Computing (FC) paradigm aims at addressing these problems by extending Cloud Computing towards the edge of the network. In this direction, this paper introduces a novel FC-IoT paradigm designed to move computing, storage and applications/services close to IoT objects so as to reduce communication bandwidth and energy consumption as well as {\textquotedblleft}decision-making{\textquotedblright} latency. The proposed IoT-based solution has been designed to have intelligent and autonomous IoT objects that are integrated with a FC and Fog Networking approach. The distinguishing features of the intelligent FC-IoT platform are low-latency, self-adaptation, low energy consumption and spectrum efficiency. }, doi = { 10.1109/MCOM.2016.1600541CM}, author = {Alippi, Cesare and Fantacci, Romano and Marabissi, Dania and Roveri, Manuel} } @conference {18485, title = {Evaluating the Impact of Environmental Factors on Physically Unclonable Functions}, booktitle = {International Symposium on Field-Programmable Gate Arrays FPGA 2016}, series = {Proceedings of the 2016 ACM/SIGDA}, year = {2016}, month = {02/2016}, pages = {279}, publisher = {ACM New York, NY, USA}, organization = {ACM New York, NY, USA}, address = {Monterey, CA, USA}, abstract = {Fabrication process introduces some inherent variability to the attributes of transistors (in particular length, widths, oxide thickness). As a result, every chip is physically unique. Physical uniqueness of microelectronics components can be used for multiple security applications. Physically Unclonable Functions (PUFs) are built to extract the physical uniqueness of microelectronics components and make it usable for secure applications. However, the microelectronics components used by PUFs designs suffer from external, environmental variations that impact the PUF behavior. Variations of temperature gradients during manufacturing can bias the PUF responses. Variations of temperature or thermal noise during PUF operation change the behavior of the circuit, and can introduce errors in PUF responses. Detailed knowledge of the behavior of PUFs operating over various environmental factors is needed to reliably extract and demonstrate uniqueness of the chips. In this work, we present a detailed and exhaustive analysis of the behavior of two PUF designs, a ring oscillator PUF and a timing path violation PUF. We have implemented both PUFs using FPGA fabricated by Xilinx, and analyzed their behavior while varying temperature and supply voltage. Our experiments quantify the robustness of each design, demonstrate their sensitivity to temperature and show the impact which supply voltage has on the uniqueness of the analyzed PUFs. }, isbn = {978-1-4503-3856-1}, doi = {10.1145/2847263.2847308}, url = {http://doi.acm.org/10.1145/2847263.2847308}, author = {Bellon, Sebastien and Favi, Claudio and Malek, Miroslaw and Macchetti, Marco and Regazzoni, Francesco} } @conference {18513, title = {An improved Hilbert-Huang Transform for non-linear and time-variant signals}, booktitle = {26th Italian Workshop on Neural Networks (WIRN 2016)}, year = {2016}, month = {05/2016}, pages = {1-8}, address = {Vietri sul Mare, Salerno, Italy}, abstract = {Learning in non-stationary/evolving environments requires methods able to process and deal with non-stationary streams. In this paper we propose a novel algorithm providing a time-frequency decomposition of time-variant signals. Outcoming signals can be used to identify anomalous events/patterns or extract features associated with the time variance of the signal, precious information for any consequent learning action. The paper extends the Hilbert-Huang Transform notoriously used to deal with time-variant signals by introducing (i) a new Empirical Mode Decomposition that identies the number of frequency modes of the signal and (ii) an extension of the Hilbert Transform that eliminates negative frequency-values in the time-frequency spectrum. The effectiveness of the proposed Transform has been tested on both synthetic and real time-variant signals acquired by a real-world intelligent system for landslide monitoring. }, author = {Alippi, Cesare and Wen, Qi and Roveri, Manuel} } @conference {18486, title = {Instruction Set Extensions for secure applications}, booktitle = {Design, Automation Test in Europe Conference DATE 2016}, year = {2016}, month = {03/2016}, pages = {1529-1534}, publisher = {IEEE}, organization = {IEEE}, address = {Dresden, Germany}, abstract = {The main goal of this paper is to expose the community to past achievements and future possible uses of Instruction Set Extension (ISE) in security applications. Processor customization has proven to be an effective way for achieving high performance with limited area and energy overhead for several applications, ranging from signal processing to graphical computation. Concerning cryptographic algorithms, a large body of work exists on speeding up block ciphers and asymmetric cryptography with specific ISEs. These algorithms often mix non-standard operations with regular ones, thus representing an ideal target for being accelerated with dedicated instructions. Tools supporting automatic generations of ISEs demonstrated to be useful for algorithm exploration, while secure instructions can increase the robustness against side channels attacks of software routines. In this paper, we discuss how processor customization and the relative tool chains can be used by designers to address security problems and we highlight possible research directions}, keywords = {asymmetric cryptography, block ciphers, cryptographic algorithms protection, instruction set, security applications}, isbn = {978-3-9815-3707-9}, url = {http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=7459556}, author = {Regazzoni, Francesco and Ienne, Paolo} } @conference {18562, title = {Lattice-based cryptography: From reconfigurable hardware to {ASIC}}, booktitle = {2016 International Symposium on Integrated Circuits (ISIC)}, year = {2016}, month = {12/2016}, publisher = {IEEE}, organization = {IEEE}, doi = {10.1109/isicir.2016.7829689}, url = {https://doi.org/10.1109/isicir.2016.7829689}, author = {Oder, Tobias and G{\"u}neysu, Tim and Valencia, Felipe and Khalid, Ayesha and O{\textquoteright}Neill, Maire and Regazzoni, Francesco} } @conference {18450, title = {Online Model-free Sensor Fault Identification and Dictionary Learning in Cyber-Physical Systems}, booktitle = {IEEE-INNS International Joint Conference on Neural Networks (IJCNN16)}, year = {2016}, month = {07/2016}, address = {Vancouver, Canada}, abstract = {This paper presents a model-free method for the online identification of sensor faults and learning of their fault dictionary. The method, designed having in mind Cyber-Physical Systems (CPSs), takes advantage of functional relationships among the datastreams acquired by CPS sensing units. Existing model-free change detection mechanisms are proposed to detect faults and identify the fault type thanks to a fault dictionary which is built over time. The main features of the proposed algorithm are its ability to operate without requiring any a priori information about the system under inspection or the nature of the possibly occurring faults. As such, the method follows the model-free approach, characterized by the fact the fault dictionary is constructed online once faults are detected. Whenever available, humans can be considered in the loop to label a fault or a fault class in the dictionary as well as introduce fault instances generated thanks to a priori information. Experimental results on both synthetic and real datasets corroborate the effectiveness of the proposed fault diagnosis system. }, author = {Alippi, Cesare and Ntalampiras, Stavros and Roveri, Manuel} } @conference {18580, title = {Physical Attacks and Beyond}, booktitle = {Proceedings of the Selected Areas in Cryptography: 23nd International Conference (SAC) 2016}, year = {2016}, author = {Regazzoni, Francesco} } @conference {18484, title = {Round gating for low energy block ciphers}, booktitle = {2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST}, year = {2016}, month = {05/2016}, pages = {55-60}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {McLean, VA, USA}, abstract = {Pushed by the pervasive diffusion of devices operated by battery or by the energy harvested, energy has become one of the most important parameter to be optimized for embedded systems. Particularly relevant would be to optimize the energy consumption of security primitives. In this paper we explore design techniques for implementing block ciphers in a low energy fashion. We concentrate on round based implementation and we discuss how gating, applied at round level can affect and improve the energy consumption of the most common lightweight block cipher currently used in the internet of things. Additionally, we discuss how to needed gating wave can be generated. Experimental results show that our technique is able to reduce the energy consumption in most block ciphers by over 60\% while incurring only a minimal overhead in hardware}, keywords = {algorithm design and analysis, ciphers, clocks, computer architecture, energy consumption}, isbn = {978-1-4673-8826-9}, doi = {10.1109/HST.2016.7495556}, url = {http://dx.doi.org/10.1109/HST.2016.7495556}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco and Isobe, Takanori and Hiwatari, Harunaga and Akishita, Toru} } @conference {18489, title = {Secure architectures of future emerging cryptography}, booktitle = {International Conference on Computing Frontiers CF{\textquoteright}16}, series = {Proceedings of the ACM International Conference on Computing Frontiers}, year = {2016}, month = {05/2016}, pages = {315-322}, publisher = {ACM New York}, organization = {ACM New York}, address = {Como, italy}, abstract = {Funded under the European Union{\textquoteright}s Horizon 2020 research and innovation programme, SAFEcrypto will provide a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems, services and applications. The project will focus on the remarkably versatile field of Lattice-based cryptography as the source of computational hardness, and will deliver optimised public key security primitives for digital signatures and authentication, as well identity based encryption (IBE) and attribute based encryption (ABE). This will involve algorithmic and design optimisations, and implementations of lattice-based cryptographic schemes addressing cost, energy consumption, performance and physical robustness. As the National Institute of Standards and Technology (NIST) prepares for the transition to a post-quantum cryptographic suite B, urging organisations that build systems and infrastructures that require long-term security to consider this transition in architectural designs; the SAFEcrypto project will provide Proof-of-concept demonstrators of schemes for three practical real-world case studies with long-term security requirements, in the application areas of satellite communications, network security and cloud. The goal is to affirm Lattice-based cryptography as an effective replacement for traditional number-theoretic public-key cryptography, by demonstrating that it can address the needs of resource-constrained embedded applications, such as mobile and battery-operated devices, and of real-time high performance applications for cloud and network management infrastructures}, keywords = {identity based encryption, lattice-based cryptography, physical attacks, public-key cryptography}, isbn = {978-1-4503-4128-8}, doi = {10.1145/2903150.2907756}, url = {http://doi.acm.org/10.1145/2903150.2907756}, author = {O{\textquoteright}Neill, Maire and O{\textquoteright}Sullivan, Elizabeth and McWilliams, Gavin and Saarinen, Markku-Juhani and Moore, Ciara and Khalid, Ayesha and Howe, James and Del Pino, Rafael and Abdalla, Michel and Regazzoni, Francesco and Valencia, Andres Felipe and G{\"u}neysu, Tim and Oder, Tobias and Waller, Adrian and Jones, Glyn and Barnett, Anthony and Griffin, Robert and Byrne, Andrew and Ammar, Bassem and Lund, David} } @conference {18487, title = {Standard lattices in hardware}, booktitle = {Proceedings of the 53rd Annual Design Automation Conference DAC 2016}, series = {Proceedings of DAC }, year = {2016}, month = {06/2016}, pages = {162}, publisher = {ACM}, organization = {ACM}, address = {Austin, TX, USA}, abstract = {Lattice-based cryptography has gained credence recently as a replacement for current public-key cryptosystems, due to its quantum-resilience, versatility, and relatively low key sizes. To date, encryption based on the learning with errors (LWE) problem has only been investigated from an ideal lattice standpoint, due to its computation and size efficiencies. However, a thorough investigation of standard lattices in practice has yet to be considered. Standard lattices may be preferred to ideal lattices due to their stronger security assumptions and less restrictive parameter selection process. In this paper, an area-optimised hardware architecture of a standard lattice-based cryptographic scheme is proposed. The design is implemented on a FPGA and it is found that both encryption and decryption fit comfortably on a Spartan-6 FPGA. This is the first hardware architecture for standard lattice-based cryptography reported in the literature to date, and thus is a benchmark for future implementations. Additionally, a revised discrete Gaussian sampler is proposed which is the fastest of its type to date, and also is the first to investigate the cost savings of implementing with λ/2-bits of precision. Performance results are promising compared to the hardware designs of the equivalent ring-LWE scheme, which in addition to providing stronger security proofs; generate 1272 encryptions per second and 4395 decryptions per second. }, keywords = {encryption, hardware design, lattice-based cryptography, physical attack}, isbn = {978-1-4503-4236-0}, doi = {10.1145/2897937.2898037}, url = {http://doi.acm.org/10.1145/2897937.2898037}, author = {Howe, James and Moore, Ciara and O{\textquoteright}Neill, Maire and Regazzoni, Francesco and G{\"u}neysu, Tim and Beeden, K.} } @conference {18579, title = {Trojans in Early Design Steps - An Emerging Threat}, booktitle = {TRUDEVICE Final Conference (FCTRU{\^a}€™16)}, year = {2016}, author = {Polian, Ilia and Becker, Georg and Regazzoni, Francesco} } @conference {18478, title = {200 MS/s ADC implemented in a FPGA employing TDCs}, booktitle = {FPGA International Symposium on Field-Programmable Gate Arrays ACM/SIGDA 2015}, series = {Proceedings of the 2015 ACM/SIGDA}, year = {2015}, month = {02/2015}, pages = {228-235}, publisher = {ACM}, organization = {ACM}, address = {Monterey, CA, USA}, abstract = {Analog signals are used in many applications and systems, such as cyber physical systems, sensor networks and automotive applications. These are also applications where the use of FPGAs is continuously growing. To date, however there is no direct integration between FPGAs, which are digital, and the analog world (except for the newest generation of FPGAs). Currently, an external analog-to-digital converter (ADC) has to be added to the system, thus limiting its overall compactness and flexibility. To address this issue we propose a novel architecture implementing a high speed ADC in reconfigurable devices. The system exploits picosecond resolution time-to-digital converters (TDCs) to reach a conversion as fast as its clock speed. The resulting analog-through-time-to-digital converter (ATDC) can achieve a sampling rate of 200 MS/s with a 7 bit resolution for signals ranging from 0 to 2.5 V. Except for the external resistor needed for the analog reference ramp, the system is fully integrated inside the target FPGA. Moreover, our design can be easily scaled for multichannel ADCs, proving the suitability of reconfigurable devices for applications requiring a deep integration between analog and digital world. }, keywords = {analog-through time to digital convertor, FPGA-based design, reference voltage}, isbn = {978-1-4503-3315-3}, doi = {10.1145/2684746.2689070}, url = {http://doi.acm.org/10.1145/2684746.2689070}, author = {Homulle, Harald and Regazzoni, Francesco and Charbon, Edoardo} } @article {18482, title = {Automatic Application of Power Analysis Countermeasures}, journal = {IEEE Transactions on Computers }, volume = {64}, issue = {2}, year = {2015}, month = {02/2015}, pages = {329-341}, type = {journal}, chapter = {329}, abstract = {We introduce a compiler that automatically inserts software countermeasures to protect cryptographic algorithms against power-based side-channel attacks. The compiler first estimates which instruction instances leak the most information through side-channels. This information is obtained either by dynamic analysis, evaluating an information theoretic metric over the power traces acquired during the execution of the input program, or by static analysis. As information leakage implies a loss of security, the compiler then identifies (groups of) instruction instances to protect with a software countermeasure such as random precharging or Boolean masking. As software protection incurs significant overhead in terms of cryptosystem runtime and memory usage, the compiler protects the minimum number of instruction instances to achieve a desired level of security. The compiler is evaluated on two block ciphers, AES and Clefia; our experiments demonstrate that the compiler can automatically identify and protect the most important instruction instances. To date, these software countermeasures have been inserted manually by security experts, who are not necessarily the main cryptosystem developers. Our compiler offers significant productivity gains for cryptosystem developers who wish to protect their implementations from side-channel attacks}, keywords = {cryptographic algorithms protection, cryptography, data protection, power analysis attacks, program compilers, side-channel attacks}, issn = {0018-9340}, doi = {10.1109/TC.2013.219}, url = {http://dx.doi.org/10.1109/TC.2013.219}, author = {Bayrak, Ali Galip and Regazzoni, Francesco and Novo, David and Brisk, Philip and Standaert, Fran{\c c}ois-Xavier and Ienne, Paolo} } @conference {18477, title = {Challenges in designing trustworthy cryptographic co-processors}, booktitle = {IEEE International Symposium on Circuits and Systems (ISCAS) 2015}, year = {2015}, month = {09/2015}, pages = {2009-2012}, publisher = {IEEE}, organization = {IEEE}, address = {Lisbon, Portugal}, abstract = {Security is becoming ubiquitous in our society. However, the vulnerability of electronic devices that implement the needed cryptographic primitives has become a major issue. This paper starts by presenting a comprehensive overview of the existing attacks to cryptography implementations. Thereafter, the state-of-the-art on some of the most critical aspects of designing cryptographic co-processors are presented. This analysis starts by considering the design of asymmetrical and symmetrical cryptographic primitives, followed by the discussion on the design and online testing of True Random Number Generation. To conclude, techniques for the detection of Hardware Trojans are also discussed}, keywords = {asymmetrical cryptographic primitives, cryptography, hardware Trojan detection techniques}, issn = {0271-4302 }, doi = {10.1109/ISCAS.2015.7169070}, url = {http://dx.doi.org/10.1109/ISCAS.2015.7169070}, author = {Regazzoni, Francesco and Graves, Ricardo and Di Natale, Giorgio and Batina, Lejla and Bhasin, Shivam and Ege, Baris and Fournaris, Apostolos P. and Mentens, Nele and Picek, Stjepan and Rozic, Vladimir and Sklavos, Nicolas and Yang, Bohan} } @conference {18481, title = {Design methodologies for securing cyber-physical systems}, booktitle = {2015 International Conference on Hardware/Software Codesign and System Synthesis CODES+ISSS}, year = {2015}, month = {10/2015}, pages = {30-36}, publisher = {IEEE}, organization = {IEEE}, address = {Amsterdam, Netherlands}, abstract = {Cyber-Physical Systems (CPS) are in most cases safety- and mission-critical. Standard design techniques used for securing embedded systems are not suitable for CPS due to the restricted computation and communication budget available in the latter. In addition, the sensitivity of sensed data and the presence of actuation components further increase the security requirements of CPS. To address these issues, it is necessary to provide new design methods in which security is considered from the beginning of the whole design flow and addressed in a holistic way. In this paper, we focus on the design of secure CPS as part of the complete CPS design process, and provide insights into new requirements on platform-aware design of control components, design methodologies and architectures posed by CPS design. We start by discussing methods for the multi-disciplinary modeling, simulation, tools, and software synthesis challenges for CPS. We also present a framework for design of secure control systems for CPS, while taking into account properties of the underlying computation and communication platforms. Finally, we describe the security challenges in the computing hardware that is used in CPS}, keywords = {cyber-physical system security, design flow, embedded systems, platform-aware design, safety-critical system, security of data, sensed data sensitivity}, isbn = {978-1-4673-8321-9}, doi = {10.1109/CODESISSS.2015.7331365}, url = {http://dx.doi.org/10.1109/CODESISSS.2015.7331365}, author = {Faruque, Mohammad Abdullah A and Regazzoni, Francesco and Pajic, Miroslav} } @article {18473, title = {Exploring Energy Efficiency of Lightweight Block Ciphers}, journal = {(IACR) Cryptology ePrint Archive}, volume = {2015}, year = {2015}, month = {09/2015}, chapter = {847}, abstract = {In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. One of the metrics that define a good lightweight design is the energy consumed per unit operation of the algorithm. For block ciphers, this operation is the encryption of one plaintext. By studying the energy consumption model of a CMOS gate, we arrive at the conclusion that the total energy consumed during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. We then apply our model to 9 well known lightweight block ciphers, and thereby try to predict the optimal value of r at which an r-round unrolled architecture for a cipher is likely to be most energy efficient. We also try to relate our results to some physical design parameters like the signal delay across a round and algorithmic parameters like the number of rounds taken to achieve full diffusion of a difference in the plaintext/key. }, keywords = {implementation AES, lightweight block cipher, Low Power Energy Circuits}, url = {http://eprint.iacr.org/2015/847}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18474, title = {Exploring Energy Efficiency of Lightweight Block Ciphers}, booktitle = {Selected Areas in Cryptography: 22nd International Conference (SAC)2015}, series = {Lecture Notes in Computer Science}, volume = {9566}, year = {2015}, month = {08/2015}, pages = {178-194}, publisher = {Springer}, organization = {Springer}, address = {Sackville, NB, Canada}, abstract = {In the last few years, the field of lightweight cryptography has seen an influx in the number of block ciphers and hash functions being proposed. One of the metrics that define a good lightweight design is the energy consumed per unit operation of the algorithm. For block ciphers, this operation is the encryption of one plaintext. By studying the energy consumption model of a CMOS gate, we arrive at the conclusion that the energy consumed per cycle during the encryption operation of an r-round unrolled architecture of any block cipher is a quadratic function in r. We then apply our model to 9 well known lightweight block ciphers, and thereby try to predict the optimal value of r at which an r-round unrolled architecture for a cipher is likely to be most energy efficient. We also try to relate our results to some physical design parameters like the signal delay across a round and algorithmic parameters like the number of rounds taken to achieve full diffusion of a difference in the plaintext/key.}, keywords = {AES, lightweight block cipher, Low Power Energy Circuits}, isbn = {978-3-319-31300-9}, issn = {0302-9743}, doi = {10.1007/978-3-319-31301-6}, url = {http://dx.doi.org/10.1007/978-3-319-31301-6}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18475, title = {Exploring the energy consumption of lightweight blockciphers in FPGA}, booktitle = {International Conference on ReConFigurable Computing and FPGAs, ReConFig 2015}, year = {2015}, month = {02/2016}, pages = {1-6}, publisher = {IEEE}, organization = {IEEE}, edition = {2015}, address = {Rivera Maya, Mexico City}, abstract = {Internet of things and cyber-physical systems requiring security functionality has pushed for the design of a number of block ciphers and hash functions specifically developed for being implemented in resource constrained devices. Initially the optimization was mainly on area and power consumption, but, nowadays the attention is more on the energy consumption. In this paper, for the first time, we look at energy consumption of lightweight block ciphers implemented in reconfigurable devices, and we analyze the effects that round unrolling might have on the energy consumed during the encryption. Concentrating on applications that require a number of parallel encryptions, we instantiate several designs on the target FPGA and we analyze how the energy consumption varies in each algorithm when changing the amount of unrolled rounds. Our results, obtained on the Xc6slx45t device of the Spartan6 family, demonstrate that Present is the most energy efficient algorithm and that the relation between the energy consumption and the number of unrolled rounds measured on FPGA is similar to the one measured on dedicated hardware.}, keywords = {cryptography, cyber-physical systems, encryption, lightweight block cipher}, isbn = {978-1-4673-9406-2}, doi = {10.1109/ReConFig.2015.7393308}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7390332}, author = {Banik, Subhadeep and Bogdanov, Andrey and Regazzoni, Francesco} } @conference {18480, title = {Fault attacks, injection techniques and tools for simulation}, booktitle = {10th International Conference on Design Technology of Integrated Systems in Nanoscale Era DTIS 2015}, year = {2015}, month = {04/2015}, pages = {1-6}, publisher = {IEEE}, organization = {IEEE}, address = {Naples, Italy}, abstract = {Faults attacks are a serious threat to secure devices, because they are powerful and they can be performed with extremely cheap equipment. Resistance against fault attacks is often evaluated directly on the manufactured devices, as commercial tools supporting fault evaluation do not usually provide the level of details needed to assert the security of a device. Early identification of weak points would instead be very useful as it would allow to immediately apply the appropriate countermeasures directly at design time. Moving towards this goal, in this work, we survey existing fault attacks and techniques for injecting faults, and we analyze the suitability of existing electronic design automaton commodities for estimating resistance against fault attacks. Our exploration, which includes the type of attacks that can be simulated and the limitations of each considered simulation approach, is an initial step towards the development of a complete framework for asserting fault attack robustness}, keywords = {fault attacks robustness, fault resilience, injection techniques, secure devices, security, security of data}, isbn = {978-1-4799-1999-4}, doi = {10.1109/DTIS.2015.7127352}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7118811}, author = {Piscitelli, Roberta and Bhasin, Shivam and Regazzoni, Francesco} } @conference {18483, title = {Midori: A Block Cipher for Low Energy}, booktitle = {21st International Conference on the Theory and Application of Cryptology and Information Security ASIACRYPT 2015}, series = {Lecture Notes in Computer Science}, volume = {9453}, year = {2015}, month = {11/2015}, pages = {411-436}, publisher = {Springer Berlin Heidelberg}, organization = {Springer Berlin Heidelberg}, address = {Auckland, New Zealand}, abstract = {In the past few years, lightweight cryptography has become a popular research discipline with a number of ciphers and hash functions proposed. The designers{\textquoteright} focus has been predominantly to minimize the hardware area, while other goals such as low latency have been addressed rather recently only. However, the optimization goal of low energy for block cipher design has not been explicitly addressed so far. At the same time, it is a crucial measure of goodness for an algorithm. Indeed, a cipher optimized with respect to energy has wide applications, especially in constrained environments running on a tight power/energy budget such as medical implants. This paper presents the block cipher Midori (The name of the cipher is the Japanese translation for the word Green.) that is optimized with respect to the energy consumed by the circuit per bt in encryption or decryption operation. We deliberate on the design choices that lead to low energy consumption in an electrical circuit, and try to optimize each component of the circuit as well as its entire architecture for energy. An added motivation is to make both encryption and decryption functionalities available by small tweak in the circuit that would not incur significant area or energy overheads. We propose two energy-efficient block ciphers Midori128 and Midori64 with block sizes equal to 128 and 64 bits respectively. These ciphers have the added property that a circuit that provides both the functionalities of encryption and decryption can be designed with very little overhead in terms of area and energy. We compare our results with other ciphers with similar characteristics: it was found that the energy consumptions of Midori64 and Midori128 are by far better when compared ciphers like PRINCE and NOEKEON. }, keywords = {lightweight block cipher, low energy circuits}, isbn = {978-3-662-48799-0}, issn = {0302-9743}, doi = {10.1007/978-3-662-48800-3_17}, url = {http://dx.doi.org/10.1007/978-3-662-48800-3_17}, author = {Banik, Subhadeep and Bogdanov, Andrey and Isobe, Takanori and Shibutani, Kyoji and Hiwatari, Harunaga and Akishita, Toru and Regazzoni, Francesco} } @article {18472, title = {Midori: (A) Block Cipher for Low Energy (Extended Version)}, journal = {(IACR) Cryptology ePrint Archive}, volume = {2015}, year = {2015}, month = {12/2015}, chapter = {1142}, abstract = {In the past few years, lightweight cryptography has become a popular research discipline with a number of ciphers and hash functions proposed. The designers{\textquoteright} focus has been predominantly to minimize the hardware area, while other goals such as low latency have been addressed rather recently only. However, the optimization goal of low energy for block cipher design has not been explicitly addressed so far. At the same time, it is a crucial measure of goodness for an algorithm. Indeed, a cipher optimized with respect to energy has wide applications, especially in constrained environments running on a tight power/energy budget such as medical implants. This paper presents the block cipher Midori that is optimized with respect to the energy consumed by the circuit per bit in encryption or decryption operation. We deliberate on the design choices that lead to low energy consumption in an electrical circuit, and try to optimize each component of the circuit as well as its entire architecture for energy. An added motivation is to make both encryption and decryption functionalities available by small tweak in the circuit that would not incur significant area or energy overheads. We propose two energy-efficient block ciphers Midori128 and Midori64 with block sizes equal to 128 and 64 bits respectively. These ciphers have the added property that a circuit that provides both the functionalities of encryption and decryption can be designed with very little overhead in terms of area and energy. We compare our results with other ciphers with similar characteristics: it was found that the energy consumptions of Midori64 and Midori128 are by far better when compared ciphers like PRINCE and NOEKEON. }, keywords = {AES, lightweight block cipher, low energy circuits, secret-key cryptography}, url = {http://eprint.iacr.org/2015/1142}, author = {Regazzoni, Francesco and Banik, Subhadeep and Bogdanov, Andrey and Isobe, Takanori and Shibutani, Kyoji and Hiwatari, Harunaga and Akishita, Toru} } @conference {18479, title = {Physical attacks, introduction and application to embedded processors}, booktitle = {10th International Conference on Design Technology of Integrated Systems in Nanoscale Era DTIS 2015}, year = {2015}, month = {06/2015}, pages = {1}, publisher = {IEEE}, organization = {IEEE}, address = {Napoli, Italy}, abstract = {Physical attacks exploit the physical weaknesses of cryptographic devices to reveal the secret information stored on them. Successful attacks demonstrated in the past were both active, when the adversary tampers with the device to alter its normal behavior, or passive, when the adversary monitors side channels to infer the secret key. In view of this increasingly relevant problem, this talk introduces the most powerful physical attacks presented in the past and highlights state of the art countermeasures, focusing in particular on the embedded systems{\textquoteright} scenario.}, keywords = {cryptography, embedded processors, embedded systems, microprocessors chips, physical attacks}, isbn = {978-1-4799-1999-4}, doi = {10.1109/DTIS.2015.7127356}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7118811}, author = {Regazzoni, Francesco} } @conference {18462, title = {Security Challenges for Hardware Designers of Mobile Systems}, booktitle = {2015 Mobile Systems Technologies Workshop (MST)}, year = {2015}, month = {May}, keywords = {cryptographic capabilities, cryptographic primitives, cryptography, hardware, hardware design flow, hardware designers, hardware trojan, Hardware Trojans, Integrated optics, malware, mobile communication, mobile computing, mobile device, mobile devices, Mobile handsets, mobile systems, Optical device fabrication, pervasive mobile devices, physical attack, physical attacks, security, security challenges, software malware, telecommunication security, Trojan horses}, doi = {10.1109/MST.2015.11}, author = {Milosevic, Jelena and Ferrante, Alberto and Regazzoni, Francesco} } @conference {18360, title = {Simulation and Analysis of Negative-Bias Temperature Instability Aging on Power Analysis Attacks}, booktitle = {IEEE Int. Symposium on Hardware-Oriented Security and Trust}, year = {2015}, month = {05/2015}, address = {McLean, VA, USA}, author = {Guo, Xiaofei and Karimi, Nagmeh and Regazzoni, Francesco and Jin, Chenglu and Karri, Ramesh} } @conference {18476, title = {A survey on hardware trojan detection techniques}, booktitle = {IEEE International Symposium on Circuits and Systems (ISCAS) 2015}, year = {2015}, month = {08/2015}, pages = {2021-2024}, publisher = {IEEE}, organization = {IEEE}, edition = {2015}, address = {Lisbon, Portugal}, abstract = {Hardware Trojans recently emerged as a serious issue for computer systems, especially for those used in critical applications such as medical or military. Trojan proposed so far can affect the reliability of a device in various ways. Proposed effects range from the leakage of secret information to the complete malfunctioning of the device. A crucial point for securing the overall operation of a device is to guarantee the absence of hardware Trojans. In this paper, we survey several techniques for detecting malicious modification of circuit introduced at different phases of the design flow. We also highlight their capabilities limitations in thwarting hardware Trojans.}, keywords = {hardware Trojan detection techniques, integrated circuit reliability}, isbn = {978-1-4799-8391-9}, issn = {0271-4302}, doi = {10.1109/ISCAS.2015.7169073}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=7152138}, author = {Bhasin, Shivam and Regazzoni, Francesco} } @conference {18469, title = {Accelerating differential power analysis on heterogeneous systems}, booktitle = {The 9th Workshop on Embedded Systems Security (WESS) 2014}, year = {2014}, month = {10/2014}, publisher = {ACM}, organization = {ACM}, address = {New Delhi, India}, abstract = {Differential Power Analysis (DPA) attacks allows discovering the secret key stored into secure embedded systems by exploiting the correlation between the power consumed by a device and the data being processed. The computation involved is generally relatively simple, however, if the used power traces are composed by a large number of points, the processing time can be long. In this paper we aim at speeding up the so called correlation power analysis (CPA). To do so, we used the OpenCL framework to distribute the workload of the attack over an heterogeneous platform composed by a CPU and multiple accelerators. We concentrate in the computation of the Pearson{\textquoteright}s correlation coefficients, as they cover approximately 80\% of the overall execution time, and we further optimize the attack by minimizing the data transfers between the host processor and the GPUs. Our results show performance improvements of up to 9x when compared with the reference parallel implementation}, keywords = {heterogeneous systems, power analysis}, isbn = {978-1-4503-2932-3}, doi = {10.1145/2668322.2668326}, url = {http://doi.acm.org/10.1145/2668322.2668326}, author = {Amaral, Joao and Regazzoni, Francesco and Tomas, Pedro and Chaves, Ricardo} } @article {18058, title = {A Combined Design-Time/Test-Time Study of the Vulnerability of Sub-Threshold Devices to Low Voltage Fault Attacks}, journal = {IEEE Transactions on Emerging Topics in Computing}, volume = {PP}, issue = {99}, year = {2014}, month = {04/2014}, abstract = {The continuous scaling of VLSI technology and the possibility to run circuits in subthreshold voltage range make it possible to implement standard cryptographic primitives within the very limited circuit and power budget of RFID devices. However, such cryptographic implementations raise concerns regarding their vulnerability to both active and passive side-channel attacks. In particular, when focusing on RFID targeted designs, it is important to evaluate their resistance against low cost physical attacks. A low cost fault injection attack can be mounted, for example, by lowering the supply voltage of the chip with the goal of causing setup time violations. In this paper, we provide an in-depth characterization of a chip implementation of the AES cipher. The chip has been designed using a 65nm low power standard cell library and operates in a subthreshold voltage range. We first show that it is possible to inject faults (through lowering the supply voltage) compliant with the fault models required to perform attacks against the AES cipher. We then investigate the possibility of predicting, at design time, which parts of the chip are more likely to be sensitive to such fault injection attacks and produce the desirable (from the point of view of the attacker) faulty behavior. Identifying such sensitive logic signals allows us to suggest to the designer a tailored countermeasure strategy for thwarting these attacks, with a minimal impact on the circuit{\textquoteright}s performance.}, issn = {2168-6750}, doi = {10.1109/TETC.2014.2316509}, author = {Barenghi, Alessandro and Hocquet, C{\'e}dric and Bol, David and Standaert, Fran{\c c}ois-Xavier and Regazzoni, Francesco and Koren, Israel} } @conference {18464, title = {Embedded Systems Education: Job Market Expectations}, booktitle = {Workshop on Embedded and Cyber-Physical Systems Education (WESE) }, year = {2014}, month = {10/2014}, publisher = {ACM}, organization = {ACM}, address = {New Delhi, India}, abstract = {In the fifteen years since the first Embedded Systems Design Master studies were proposed the embedded systems world has radically changed. The spectrum of application areas has increased beyond any expectation, and the increasing presence of embedded systems in the physical world has led to "cyber-physical systems." Devices tend to become a commodity in many cases, while sensors and IPs acquire a larger share of the market. The whole industrial ecosystem is changing as well, with "application" companies becoming increasingly present and SMEs emerging as major players. It becomes mandatory to reconsider the competences and capacities that should be provided in a Master of Science course oriented to Embedded Systems Design, so as to meet new and diverse requests that come from job market and prospective employers. Within the frame of the Nano-Tera Swiss Federal program (www.nano-tera.ch), the educational project Future Embedded Systems Education (FESTE) aimed at identifying requests coming from the job market, so as to outline the renewed professional profile for young Embedded Systems Designers. The results indicate that programming, networking, real time and system architecture know-how combined with soft skills such as teamwork and communication are in demand and frequently come under disguised names such as automation or control engineering.}, keywords = {Cyber-Physical Systems Education, embedded systems, Nano Tera program}, isbn = {978-1-4503-3090-9}, url = {http://doi.acm.org/10.1145/2829957.2829961}, author = {Sami, Mariagiovanna and Malek, Miroslaw and Bondi, Umberto and Regazzoni, Francesco} } @conference {18088, title = {Malicious Wave: a Survey on Actively Tampering Using Electromagnetic Glitch}, booktitle = {International Symposium on Electromagnetic Compatibility 2014}, year = {2014}, month = {08/2014}, author = {Bhasin, Shivam and Maistri, Paolo and Regazzoni, Francesco} } @inbook {18024, title = {Modeling Responsiveness of Decentralized Service Discovery in Wireless Mesh Networks}, booktitle = {MMB \& DFT}, series = {Lecture Notes in Computer Science}, volume = {8376}, year = {2014}, pages = {88-102}, publisher = {Springer International Publishing Switzerland}, organization = {Springer International Publishing Switzerland}, abstract = {In modern service networks, discovery plays a crucial role as a layer where providing instances of a given service can be published and enumerated. Since successful discovery is mandatory for service usage, comprehensive service dependability assessment needs to incorporate the dependability of the discovery layer. This work focuses on the responsiveness of the discovery layer, the probability to operate successfully within a deadline, even in the presence of faults. It proposes a hierarchy of stochastic models for decentralized discovery and uses it to describe the discovery of a single service using three well-known discovery protocols: domain name system based service discovery (DNS-SD), simple service discovery protocol (SSDP) and service location protocol (SLP). Further, a methodology to use the model hierarchy in wireless mesh networks is introduced. Given a pair service requester and provider, a discovery protocol and a deadline, it estimates packet loss probabilities and transmission time distributions for each link on the communication paths between the pair, generates specific model instances and calculates the expected responsiveness. Finally, the paper introduces a new metric, the expected responsiveness distance d_er to estimate the maximum distance from a provider where requesters are still able to discover it with a required responsiveness. The models and their methodology are demonstrated using monitoring data from the distributed embedded systems (DES) testbed at Freie Universit{\"a}t Berlin. It is shown how the responsiveness and d_er of the protocols change depending on the position of requester and provider and the overall link quality in the network.}, keywords = {fault tolerance, Markov Models, Real time systems, Responsiveness, Service Discovery, Wireless mesh networks}, isbn = {978-3-319-05358-5}, issn = {0302-9743}, doi = {10.1007/978-3-319-05359-2_7}, url = {http://andreas-dittrich.eu/2013/12/modeling-responsiveness-of-decentralized-service-discovery-in-wireless-mesh-networks}, author = {Dittrich, Andreas and Lichtblau, Bj{\"o}rn and Rezende, Rafael and Malek, Miroslaw}, editor = {Fischbach, K. and Krieger, U. R.} } @conference {18227, title = {Risk Assessment of Atrial Fibrillation: a Failure Prediction Approach}, booktitle = {41st Computing in Cardiology Conference (CinC)}, year = {2014}, month = {09/2014}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Cambridge, MA, USA}, abstract = {We present a methodology for identifying patients who have experienced Paroxysmal Atrial Fibrillation (PAF) among a given subjects population. Our work is intended as an initial step towards the design of an unobtrusive system for concurrent detection and monitoring of chronic cardiac conditions. Our methodology comprises two stages: off-line training and on-line analysis. During training the most significant features are selected using machine-learning methods, without relying on a manual selection based on previous knowledge. Analysis is based on two phases: feature extraction and detection of PAF patients. Light-weight algorithms are employed in the feature extraction phase, allowing the on-line implementation of this step on wearable and resource-constrained sensor nodes. The detection phase employs techniques borrowed from the field of failure prediction. While these algorithms have found extensive applications in diverse scenarios, their application to automated cardiac analysis has not been sufficiently investigated. Obtained results, in terms of performance, are comparable to similar efforts in the field. Nonetheless, the proposed method employs computationally simpler and more efficient algorithms, which are compatible with the computational constraints of state-of-the-art body sensor nodes.}, url = {http://andreas-dittrich.eu/2014/06/risk-assessment-of-atrial-fibrillation-a-failure-prediction-approach}, author = {Milosevic, Jelena and Dittrich, Andreas and Ferrante, Alberto and Malek, Miroslaw and Rojas Quiros, Camilo and Braojos, Rub{\'e}n and Ansaloni, Giovanni and Atienza, David} } @inbook {18065, title = {Security IPs and IP Security with FPGAs}, booktitle = {Secure Smart Embedded Devices Platform and Applications}, year = {2014}, author = {Durvaux, Fran{\c c}ois and Kerckhof, St{\'e}phanie and Regazzoni, Francesco and Standaert, Fran{\c c}ois-Xavier}, editor = {Markantonakis, Konstantinos} } @article {18467, title = {Simulation-Time Security Margin Assessment against Power-Based Side Channel Attacks}, journal = {(IACR) Cryptology ePrint Archive}, volume = {2014}, year = {2014}, month = {05/2014}, chapter = {307}, abstract = {A sound design time evaluation of the security of a digital device is a goal which has attracted a great amount of research effort lately. Common security metrics for the attack consider either the theoretical leakage of the device, or assume as a security metric the number of measurements needed in order to be able to always recover the secret key. In this work we provide a combined security metric taking into account the computational effort needed to lead the attack, in combination with the quantity of measurements to be performed, and provide a practical lower bound for the security margin which can be employed by a secure hardware designer. This paper represents a first exploration of a design-time security metric incorporating the computational effort required to lead a power- based side channel attack in the security level assessment of the device. We take into account in our metric the possible presence of masking and hiding schemes, and we assume the best measurement conditions for the attacker, thus leading to a conservative estimate of the security of the device. We provide a practical validation of our security metric through an analysis of transistor-level accurate power simulations of a 128-bit AES core implemented on a 65 nm library.}, keywords = {AES, implementation, Side-channel analysis}, author = {Barenghi, Alessandro and Pelosi, Gerardo and Regazzoni, Francesco} } @conference {18470, title = {Single-Photon Avalanche Diodes (SPADs) for quantum random number generators and beyond}, booktitle = {19th Asia and South Pacific Design Automation Conference (ASP-DAC) 2014}, year = {2014}, month = {01/2014}, publisher = {IEEE}, organization = {IEEE}, address = {Singapore}, abstract = {Single-Photon Avalanche Diodes (SPADs) are solid-state photo-detectors capable of detecting single photons by exploiting the avalanche effect that occurs in the breakdown of a p-n junction biased above breakdown voltage. By this effect, a SPAD translates an incoming photon to a macroscopic current pulse. These devices are currently used for building medical devices characterized by a very high time resolution. An appealing application of SPAD is to use them as a basic block for building the entropy source of true random number generators. In this paper we focus on such application, and we explore the design challenges behind the realization of a quantum random number generator based on a massively parallel array of SPADs. The matrix under investigation comprises 512{\texttimes}128 independent cells that convert photons onto a raw bit-stream, which, as ensured by the properties of quantum physics, is characterized by a very high level of randomness. The sequences are read out in a 128-bit parallel bus, concatenated, and pipelined onto a de-biasing filter. Subsequently, we fabricated the proposed chip using a standard CMOS process. Our results, achieved on the manufactured device and coupling two matrices, show that our architecture can reach up to 5 Gbit/s while consuming 25pJ/bit, thus demonstrating scalability and performance for any random number generators based on SPADs}, keywords = {quantum physics, random number generators, SPAD}, isbn = {978-1-4799-2816-3}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6736726}, author = {Regazzoni, Francesco and Burri, Samuel and Stucki, Damien and Maruyama, Yuki and Bruschini, Claudio and Charbon, Edoardo} } @article {18059, title = {Stealthy Dopant-Level Hardware Trojans: Extended Version}, journal = {Journal of Cryptographic Engineering}, volume = {4}, issue = {1}, year = {2014}, month = {04/2014}, pages = {19-31}, abstract = {In recent years, hardware Trojans have drawn the attention of governments and industry as well as the scientific community. One of the main concerns is that integrated circuits, e.g., for military or critical-infrastructure applications, could be maliciously manipulated during the manufacturing process, which often takes place abroad. However, since there have been no reported hardware Trojans in practice yet, little is known about how such a Trojan would look like and how difficult it would be in practice to implement one. In this paper we propose an extremely stealthy approach for implementing hardware Trojans below the gate level, and we evaluate their impact on the security of the target device. Instead of adding additional circuitry to the target design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against {\textquotedblleft}golden chips{\textquotedblright}. We demonstrate the effectiveness of our approach by inserting Trojans into two designs{\textemdash}a digital post-processing derived from Intel{\textquoteright}s cryptographically secure RNG design used in the Ivy Bridge processors and a side-channel resistant SBox implementation{\textemdash}and by exploring their detectability and their effects on security.}, keywords = {Hardware Trojans, Layout modifications, Malicious hardware, Trojan side-channel}, issn = {2190-8516}, doi = {10.1007/s13389-013-0068-0}, author = {Becker, Georg and Regazzoni, Francesco and Paar, Christof and Burleson, Wayne} } @conference {18468, title = {(THOR) - The hardware onion router}, booktitle = {24th International Conference on Field Programmable Logic and Applications, (FPL) 2014}, year = {2014}, month = {09/2014}, publisher = {IEEE}, organization = {IEEE}, address = {Munich, Germany}, abstract = {Security and privacy of data traversing internet have always been a major concern for all users. In this context, The Onion Routing (Tor) is the most successful protocol to anonymize global Internet traffic and is widely deployed as software on many personal computers or servers. In this paper, we explore the potential of modern reconfigurable devices to efficiently realize the Tor protocol on embedded devices. In particular, this targets the acceleration of the complex cryptographic operations involved in the handshake of routing nodes and the data stream encryption. Our hardware-based implementation on the Xilinx Zynq platform outperforms previous embedded solutions by more than a factor of 9 with respect to the cryptographic handshake - ultimately enabling quite inexpensive but highly efficient routers. Hence, we consider our work as a further milestone towards the development and the dissemination of low-cost and high performance onion relays that hopefully ultimately leads again to a more private Internet.}, keywords = {cyptographic protocol, encryption, hardware, onion routing protocol, security, THOR}, url = {http://ieeexplore.ieee.org/xpl/mostRecentIssue.jsp?punumber=6913605}, author = {G{\"u}neys, Tim and Regazzoni, Francesco and Sasdrich, Pascal and Wojcik, Marcin} } @article {18060, title = {Automatic Application of Power Analysis Countermeasures}, journal = {IEEE Transactions on Computers}, volume = {PP}, issue = {99}, year = {2013}, month = {12/2013}, abstract = {We introduce a compiler that automatically inserts software countermeasures to protect cryptographic algorithms against power-based side-channel attacks. The compiler first estimates which instruction instances leak the most information through side-channels. This information is obtained either by dynamic analysis, evaluating an information theoretic metric over the power traces acquired during the execution of the input program, or by static analysis. As information leakage implies a loss of security, the compiler then identifies (groups of) instruction instances to protect with a software countermeasure such as random precharging or Boolean masking. As software protection incurs significant overhead in terms of cryptosystem runtime and memory usage, the compiler protects the minimum number of instruction instances to achieve a desired level of security. The compiler is evaluated on two block ciphers, AES and Clefia; our experiments demonstrate that the compiler can automatically identify and protect the most important instruction instances. To date, these software countermeasures have been inserted manually by security experts, who are not necessarily the main cryptosystem developers. Our compiler offers significant productivity gains for cryptosystem developers who wish to protect their implementations from side-channel attacks.}, issn = {0018-9340}, doi = {10.1109/TC.2013.219}, author = {Bayrak, Ali Galip and Regazzoni, Francesco and Novo Bruna, David and Brisk, Philip and Standaert, Fran{\c c}ois-Xavier and Ienne, Paolo} } @conference {18069, title = {Comparison of Two Cameras based on Single Photon Avalanche Diodes (SPADS) for Fluorescence Lifetime Imaging Application with Picosecond Resolution}, booktitle = {International Image Sensor Workshop (IISW)}, year = {2013}, month = {June}, address = {Snowbird Resort, Utah, USA}, author = {Powolny, Fran{\c c}ois and Burri, Samuel and Bruschini, Claudio and Michalet, Xavier and Regazzoni, Francesco and Charbon, Edoardo} } @conference {18072, title = {An eda-friendly protection scheme against side-channel attacks}, booktitle = {Design, Automation and Test in Europe (DATE)}, year = {2013}, month = {March}, address = {Grenoble, France}, author = {Bayrak, Ali Galip and Velickovic, Nikola and Regazzoni, Francesco and Novo Bruna, David and Brisk, Philip and Ienne, Paolo} } @article {18061, title = {A Fast ULV Logic Synthesis Flow in Many-Vt CMOS Processes for Minimum Energy under Timing Constraints}, journal = {IEEE Transactions on Circuits and Systems II}, volume = {59}, issue = {12}, year = {2013}, pages = {947-951}, abstract = {Ultra-low-voltage (ULV) logic offers the opportunity to operate at the minimum-energy point (MEP) for applications with low-to-medium speed requirements. Unfortunately, the critical design constraint of achieving a reliable timing closure at the target frequency of the application becomes very complex in the wide design space of ULV including supply (Vdd) and threshold (Vt) voltage selection as well as netlist optimizations from the synthesis. In this paper, we propose a fast synthesis flow to accurately predict the Vdd/Vt MEP under strict timing constraints. Compared to an exhaustive search for the MEP under timing constraints based on numerous library recharacterizations and synthesis steps for all Vdd/Vt pairs, the proposed ULV flow dramatically speeds up the design process. Indeed, it requires a single library recharacterization and only three synthesis steps. Results obtained for several ITC{\textquoteright}99 benchmarks under a wide range of timing constraints from 0.1 to 30 MHz in 65-nm LP/GP CMOS demonstrate that the proposed flow has a less than 10\% energy penalty with respect to the absolute MEP computed with an exhaustive search and energy savings enhanced up to 2.4{\texttimes} compared to a conventional flow with Vdd scaling only.}, issn = {1549-7747}, doi = {10.1109/TCSII.2012.2231034}, author = {Bol, David and Hocquet, C{\'e}dric and Regazzoni, Francesco} } @conference {18068, title = {Jailbreak Imagers: Transforming a Single-Photon Image Sensor into a True Random Number Generator}, booktitle = {International Image Sensor Workshop (IISW)}, year = {2013}, month = {June}, address = {Snowbird Resort, Utah, USA}, author = {Burri, Samuel and Stucki, Damien and Maruyama, Yuki and Bruschini, Claudio and Charbon, Edoardo and Regazzoni, Francesco} } @conference {18071, title = {Lightweight AES-Based Authenticated Encryption}, booktitle = {Fast Software Encryption (FSE)}, year = {2013}, month = {March}, address = {Singapore}, author = {Bogdanov, Andrey and Mendel, Florian and Regazzoni, Francesco and Rijmen, Vincent and Tischhauser, Elmar} } @conference {17730, title = {A Low Overhead Self-adaptation Technique for KPN Applications on NoC-based MPSoCs}, booktitle = {Proceedings of the 3rd International Conference on Pervasive and Embedded Computing and Communication Systems (PECCS) - Special Session on Self-Adaptive Networked Embedded Systems (SANES)}, year = {2013}, month = {February 19-21}, address = {Barcelona, Spain}, abstract = {Self-adaptive systems are able to adapt themselves to mutating internal/external conditions so as to meet their goals. One of the challenges to be tackled when designing such systems is the overhead introduced in making the system monitorable and adaptable. A large overhead can easily compensate the benefits of adaptation. In this work, we are addressing this challenge within the context of KPN applications on NoC-based MPSoCs. In particular, parametric adaptations at the application level are considered. We present a low overhead technique for the implementation of the monitor-controller-adapter loop, which is present in self-adaptive systems. The technique is fundamentally based on an extended network interface which provides the ability to interrupt remote tiles on a NoC-based multiprocessor platform. Results from the MJPEG case study show that the proposed interrupt-based approach incurs an overhead as low as 0.4\% without compromising the quality of the adaptation control. Our new technique provides an improvement of approximately 6.25\% compared to another state-of-the-art technique that interacts with the application using KPN semantics (i.e., blocking channels). Moreover, the sensitivity of the overhead to the complexity of the adaptation controller is much lower in case of our interrupt-based technique as compared to the blocking channel based scheme.}, keywords = {event-based control, kahn process networks (KPN), network-on-chip (NoC), self-adaptivity}, author = {Derin, Onur and Ramankutty, Prasanth Kuncheerat and Meloni, Paolo and Tuveri, Giuseppe} } @conference {17729, title = {A Model for the Evaluation of User-Perceived Service Properties}, booktitle = {International Symposium on Parallel Distributed Processing, Workshops and Phd Forum (IPDPSW)}, year = {2013}, month = {May}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Boston, Massachusetts, USA}, abstract = {An ever-increasing number of both functional and non-functional requirements has resulted in growing system complexity which demands new solutions in system modeling and evaluation. As a remedy, service-oriented architecture (SOA) offers services as basic building elements of system design. Service dependability is highly dependent on the properties of the underlying information and communications technology (ICT) infrastructure. This is especially true for the user-perceived dependability of a specific pair service client and provider as every pair may utilize different ICT components. We provide a model for the description of ICT components and their non-functional properties based on the Unified Modeling Language (UML). Given a service description, a network topology model and a pair service client and provider, we propose a methodology to automatically identify relevant ICT components and generate a user-perceived service infrastructure model (UPSIM). We demonstrate the feasibility of the methodology by applying it to parts of the service network infrastructure at Universit{\`a} della Svizzera italiana, Switzerland. We then show how this methodology can be used to facilitate user-perceived service dependability analysis.}, keywords = {availability, design engineering, metamodeling, modeling, object oriented modeling, quality of service (QoS), service dependability, service network management, service networks}, isbn = {978-0-7695-4979-8}, doi = {10.1109/IPDPSW.2013.163}, url = {http://andreas-dittrich.eu/2013/03/a-model-for-the-evaluation-of-user-perceived-service-properties}, author = {Dittrich, Andreas and Kaitovi{\'c}, Igor and Murillo, Cristina and Rezende, Rafael} } @inbook {17731, title = {Model-Driven Evaluation of User-Perceived Service Availability}, booktitle = {Dependable Computing}, series = {Lecture Notes in Computer Science}, volume = {7869}, year = {2013}, month = {May}, pages = {39-53}, publisher = {Springer Berlin Heidelberg}, organization = {Springer Berlin Heidelberg}, abstract = {Service-oriented architecture (SOA), which proposes services as basic building elements of system design, has emerged as an approach to master growing system complexity. However, it remains difficult to evaluate dependability of such distributed and heterogeneous functionality as it depends highly on the properties of the enabling information and communications technology (ICT) infrastructure. Moreover, every specific pair service client and provider can utilize different ICT components, constituting for the user-perceived view of a service. We provide a model-driven methodology to automatically create reliability block diagrams of such views. Given a service description, a network topology model and a pair service client and provider, it identifies relevant ICT components and generates a user-perceived service availability model (UPSAM). We then use this UPSAM to calculate the steady-state availability of different views on an examplary mail service deployed in the network infrastructure of University of Lugano.}, keywords = {availability, design engineering, modeling, object oriented modeling, quality of service (QoS), service dependability, service network management, service networks}, issn = {978-3-642-38788-3}, doi = {10.1007/978-3-642-38789-0_4}, url = {http://andreas-dittrich.eu/2013/04/model-driven-evaluation-of-user-perceived-service-availability}, author = {Dittrich, Andreas and Rezende, Rafael}, editor = {Vieira, Marco and Cunha, Jo{\~a}o Carlos} } @inbook {17996, title = {Self-Organizing Real-Time Services in Mobile Ad Hoc Networks}, booktitle = {Self-Organization in Embedded Real-Time Systems}, year = {2013}, pages = {55-74}, publisher = {Springer New York}, organization = {Springer New York}, isbn = {978-1-4614-1968-6}, doi = {10.1007/978-1-4614-1969-3_3}, url = {http://dx.doi.org/10.1007/978-1-4614-1969-3_3}, author = {Kakuda, Yoshiaki and Ohta, Tomoyuki and Malek, Miroslaw}, editor = {Higuera-Toledano, Teresa and Brinkschulte, Uwe and Rettberg, Achim} } @conference {18070, title = {Single-Photon Image Sensors}, booktitle = {Special Session, 50th Design Automation Conference (DAC)}, year = {2013}, month = {June}, address = {Austin, Texas, USA}, author = {Charbon, Edoardo and Regazzoni, Francesco} } @conference {18066, title = {Sleuth: Automated Verification of Software Power Analysis Countermeasures}, booktitle = {Workshop on Cryptographic Hardware and Embedded Systems (CHES)}, year = {2013}, month = {August}, address = {Santa Barbara, California, USA}, author = {Bayrak, Ali Galip and Regazzoni, Francesco and Novo Bruna, David and Ienne, Paolo} } @conference {18067, title = {Stealthy Dopant-Level Hardware Trojans}, booktitle = {Workshop on Cryptographic Hardware and Embedded Systems (CHES)}, year = {2013}, month = {August}, address = {Santa Barbara, California, USA}, author = {Becker, Georg and Regazzoni, Francesco and Paar, Christof and Burleson, Wayne} } @conference {18054, title = {STRATOS: open System for TRAcTOrs{\textquoteright} autonomous OperationS}, booktitle = {EFITA Internation Conference on Sustainable Agriculture through ICT Innovation }, year = {2013}, month = {06/2013}, publisher = {European Federation for Information Technology in Agriculture, Food and the Environment}, organization = {European Federation for Information Technology in Agriculture, Food and the Environment}, address = {Torino, Italy}, abstract = {This paper describes the objectives and final results of the STRATOS project (System for TRAcTOrs{\textquoteright} autonomous OperationS), within the framework of ICT-AGRI ERA-NET (Coordination of European Research within ICT and Robotics in Agriculture and related Environmental Issues). The main objective of the STRATOS project was the development of an open ICT hardware-software infrastructure enabling the acquisition of geo-referenced information on soil and terrain parameters. In more detail, STRATOS project target was to develop and demonstrate new functions enabled by ISOBUS technology (ISO 11783) that support a substantial improvement of the quality of the farming jobs. In particular the idea is to develop a technology based on ISOBUS compliant, wireless self-powered sensor network for the real time measurement of soil and harvester conditions. In this way, Task Controller (an ICT component defined by ISOBUS specification which supervises actively the farming job performed by the tractor) can optimize the whole tractor and implement operational modes to improve the farming job quality and safety of the overall systems. The project lasted from 1st April, 2011 to31st March, 2013, and this paper reports about the project achievements.}, keywords = {agriculture, ICT, model-driven approach, precision farming, Safety}, author = {Fantuzzi, Cesare and Gutman, Per-Olof and Kaitovi{\'c}, Igor and Larcher, Luca and Marzani, Stefano and Ruggeri, Massimiliano and Zagurskis, Valerijs} } @article {18050, title = {A system-level approach to adaptivity and fault-tolerance in NoC-based MPSoCs: The MADNESS project.}, journal = {Microprocessors and Microsystems - Embedded Hardware Design}, volume = {37}, issue = {6-7}, year = {2013}, pages = {515{\textendash}529}, doi = {10.1016/j.micpro.2013.07.007}, author = {Derin, Onur and Cannella, Emanuele and Tuveri, Giuseppe and Meloni, Paolo and Stefanov, Todor and Fiorin, Leandro and Raffo, Luigi and Sami, Mariagiovanna} } @conference {17846, title = {User-Perceived Instantaneous Service Availability Evaluation}, booktitle = {19th Pacific Rim International Symposium on Dependable Computing (PRDC)}, year = {2013}, month = {12/2013}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Vancouver, British Columbia, Canada}, abstract = {Today{\textquoteright}s businesses rely ever more on dependable service provision deployed on information and communications technology (ICT) infrastructures. Service dependability is highly influenced by the individual infrastructure component properties. Combining these properties for consistent dependability analysis is challenging as every service requester might use a different set of components during service usage, constituting the user-perceived view on a service. This paper presents a methodology to evaluate user-perceived instantaneous service availability. It uses three input models: (1) The ICT infrastructure, with failure rates, repair rates and deployment times of all components, (2) an abstract description of complex hierarchical services, (3) a mapping that contains concrete ICT components for the service pair requester and provider, as well as their existing replicas, and a duration of usage. The methodology then automatically generates an availability model from those parts of the ICT infrastructure needed during provision for the specified pair. To calculate instantaneous availability, the age of the ICT components, the order and time of their usage during service provision are taken into account. The methodology supports generation of different availability models, we demonstrate this by providing reliability block diagrams and fault-trees. We demonstrate the feasibility of the methodology by applying it to parts of the network infrastructure of Universit{\`a} della Svizzera italiana, Switzerland.}, keywords = {availability, Client-server systems, Distributed computing, fault tolerance, modeling}, doi = {10.1109/PRDC.2013.49}, url = {http://andreas-dittrich.eu/2013/08/user-perceived-instantaneous-service-availability-evaluation}, author = {Rezende, Rafael and Dittrich, Andreas and Malek, Miroslaw} } @conference {18075, title = {Compact Implementation and Performance Evaluation of Block Ciphers in ATtiny Devices}, booktitle = {Progress in Cryptology - Africacrypt}, year = {2012}, month = {July}, address = {Ifrance, Morocco}, author = {Eisenbarth, Thomas and Gong, Zheng and Gneysu, Tim and Heyse, Stefan and Indesteege, Sebastiaan and Kerckhof, St{\'e}phanie and Koeune, Francois and Nad, Tomislav and Plos, Thomas and Regazzoni, Francesco and Standaert, Fran{\c c}ois-Xavier and Oldenzeel, Loic Van Oldene} } @conference {18073, title = {Compact Implementation and Performance Evaluation of Hash Functions in ATtiny Devices}, booktitle = {11th Smart Card Research and Advanced Application Conference (CARDIS)}, year = {2012}, month = {November}, address = {Graz, Austria}, author = {Balasch, Josep and Ege, Baris and Eisenbarth, Thomas and Grard, Benot and Gong, Zheng and Gneysu, Tim and Heyse, Stefan and Kerckhof, St{\'e}phanie and Koeune, Francois and Plos, Thomas and Poppelmann, Thomas and Regazzoni, Francesco and Standaert, Fran{\c c}ois-Xavier and Van Assche, Gilles and Van Keer, Ronny and Oldenzeel, Loic Van Oldene and von Maurich, Ingo} } @article {18491, title = {A Fast ULV Logic Synthesis Flow in Many-Vt CMOS Processes for Minimum Energy Under Timing Constraints}, journal = {IEEE Transactions on Circuits and Systems II: Express Briefs }, volume = {59-II}, issue = {12}, year = {2012}, month = {02/2012}, pages = {947-951}, type = {journal}, chapter = {947}, abstract = {Ultra-low-voltage (ULV) logic offers the opportunity to operate at the minimum-energy point (MEP) for applications with low-to-medium speed requirements. Unfortunately, the critical design constraint of achieving a reliable timing closure at the target frequency of the application becomes very complex in the wide design space of ULV including supply (Vdd) and threshold (Vt) voltage selection as well as netlist optimizations from the synthesis. In this paper, we propose a fast synthesis flow to accurately predict the Vdd/Vt MEP under strict timing constraints. Compared to an exhaustive search for the MEP under timing constraints based on numerous library recharacterizations and synthesis steps for all Vdd/Vt pairs, the proposed ULV flow dramatically speeds up the design process. Indeed, it requires a single library recharacterization and only three synthesis steps. Results obtained for several ITC{\textquoteright}99 benchmarks under a wide range of timing constraints from 0.1 to 30 MHz in 65-nm LP/GP CMOS demonstrate that the proposed flow has a less than 10\% energy penalty with respect to the absolute MEP computed with an exhaustive search and energy savings enhanced up to 2.4{\texttimes} compared to a conventional flow with Vdd scaling only}, keywords = {circuit optimisation, CMOS logic circuits, fast ULV logic synthesis flow, Low power electronics}, issn = {1549-7747}, doi = {10.1109/TCSII.2012.2231034}, url = {http://dx.doi.org/10.1109/TCSII.2012.2231034}, author = {Bol, David and Hocquet, C{\'e}dric and Regazzoni, Francesco} } @inbook {18062, title = {Interaction between Fault Attack Countermeasures and the Resistance against Power Analysis Attacks}, booktitle = {Fault Analysis in Cryptography}, series = {Information Security and Cryptography Series, Springer}, year = {2012}, pages = {257-272}, publisher = {Springer Berlin Heidelberg}, organization = {Springer Berlin Heidelberg}, abstract = {Most of the countermeasures against fault attacks on cryptographic systems that have been developed so far are based on the addition of information redundancy. While these countermeasures have been evaluated with respect to their cost (implementation overhead) and efficiency (fault coverage), little attention has been devoted to the question of the impact their use has on the effectiveness of other types of side-channel attacks, in particular, power analysis attacks. This chapter presents an experimental study whose goal is to determine whether the added information redundancy can increase the vulnerability of a cryptographic circuit to power analysis attacks.}, isbn = {978-3-642-29656-7}, doi = {10.1007/978-3-642-29656-7_15}, author = {Regazzoni, Francesco and Breveglieri, Luca and Ienne, Paolo and Koren, Israel}, editor = {Joye, Marc and Tunstall, Michael} } @conference {18076, title = {LEXCOMM: A low energy, secure and flexible communication protocol for a heterogenous body sensor network}, booktitle = {IEEE-EMBS International Conference on Biomedical and Health Informatics}, year = {2012}, month = {January}, address = {Hong Kong, China}, author = {Lamichhane, Bishal and Mudda, Steven and Regazzoni, Francesco and Puiatti, Alessandro} } @conference {17732, title = {Model-driven approach to design ICT infrastructure for precision farming}, booktitle = {17th IEEE Conference on Emerging Technologies and Factory Automation (ETFA)}, year = {2012}, month = {09/2012}, publisher = {IEEE Industrial Electronics Society}, organization = {IEEE Industrial Electronics Society}, address = {Krak{\'o}w, Poland}, abstract = {Design of complex systems involving a number of experts from various fields necessarily includes modeling at different levels of abstraction. Modeling is particularly important in the initial phase of a joint project when all system requirements and constraints have to be clearly defined and understood by all the partners. Once an unambiguous structural model has been achieved and components interfaces fixed, design of components can be done independently. For the initial phase, a very simplified modeling methodology based on UML that can be easily understood and applied has been proposed. The application of the methodology has been presented through the design of full structural model of the infrastructure for precision farming. Modeled infrastructure is an open ICT hardware-software solution based on ISOBUS specification, that enables partial automation of tractors increasing safety and production efficiency. Model achieved through several steps presents a mutual understanding platform between the partners. Most importantly, a precise model has been achieved without the necessity of in deep study of UML by all the partners.}, keywords = {agriculture, ICT infrastructure Design, ISOBUS, model-driven approach, precision farming, Safety, Unified Modeling Language}, isbn = {978-1-4673-4736-5}, doi = {10.1109/ETFA.2012.6489709}, author = {Kaitovi{\'c}, Igor and Rezende, Rafael and Murillo, Cristina and Fantuzzi, Cesare} } @conference {17577, title = {Security Enhanced Linux on Embedded Systems: a Hardware-accelerated Implementation}, booktitle = {17th Asia and South Pacific Design Automation Conference, ASP-DAC 2012}, year = {2012}, month = {02/2012}, address = {Sydney, Australia}, abstract = {Security Enhanced Linux implements fine-grained mandatory access control. Despite its usefulness, the overhead of implementing it on embedded devices is prohibitive. Therefore, in the past it has been proposed to accelerate SELinux by means of dedicated hardware; in this work we demonstrate the feasibility of such an approach by implementing a hardware accelerator for SELinux on a FPGA-based platform. Our implementation obtains a huge reduction in the performance overhead and energy consumption of SELinux, yet employing a limited chip area.}, keywords = {authorisation, dedicated hardware, embedded systems, energy consumption, field programmable gate arrays, fine-grained mandatory access control, FPGA-based platform, hardware accelerator, hardware-accelerated implementation, linux, performance overhead reduction, security enhanced Linux}, doi = {10.1109/ASPDAC.2012.6164960}, author = {Fiorin, Leandro and Ferrante, Alberto and Padarnitsas, Konstantinos and Regazzoni, Francesco} } @conference {18074, title = {Simulation-Time Security Margin Assessment against power-based Side Channel Attacks}, booktitle = {7th Workshop on Embedded Systems Security (WESS)}, year = {2012}, month = {October}, address = {Tampere, Finland}, author = {Barenghi, Alessandro and Pelosi, Gerardo and Regazzoni, Francesco} } @conference {18140, title = {STRATOS: Open System For Tractors{\textquoteright} Autonomous Operations}, booktitle = {5th International Conference on Automation Technology for Off-road Equipment (ATOE)}, year = {2012}, month = {07/2012}, pages = {162-187}, publisher = {International Commission of Agricultural and Biosystems Engineering (CIGR)}, organization = {International Commission of Agricultural and Biosystems Engineering (CIGR)}, address = {Valencia, Spain}, abstract = {This paper describes the objectives and preliminary results of the STRATOS project (System for TRAcTOrs{\textquoteright} autonomous OperationS), within the framework of ICT-AGRI ERA-NET (Coordination of European Research within ICT and Robotics in Agriculture and related Environmental Issues). The main objective of the STRATOS project is to develop an open ICT hardware-software infrastructure enabling the partial automation of tractors and at the same time enhancing their operational safety and production efficiency, with the positive effects of reduced accident risk and environmental impact. In more detail, STRATOS project target is to develop and demonstrate new functions enabled by ISOBUS technology (ISO 11783) that support a substantial improvement of the quality of the farming jobs. In particular the idea is to develop a technology based on ISOBUS compliant, wireless self-powered sensor network for the real time measurement of soil and harvester conditions. In this way, Task Controller (an ICT component defined by ISOBUS specification which supervises actively the farming job performed by the tractor) can optimize the whole tractor and implement operational modes to improve the farming job quality and safety of the overall systems. The project started on 1 st April, 2011, and will end the 31 st March, 2013, This paper reports about some achievement gained so far.}, keywords = {agriculture, ICT infrastructure Design, model-driven approach, precision farming, Safety}, isbn = {84-615-9654-4}, author = {Fantuzzi, Cesare and Gutman, Per-Olof and Kaitovi{\'c}, Igor and Larcher, Luca and Marzani, Stefano and Ruggeri, Massimiliano and Zagurskis, Valerijs} } @conference {17737, title = {System Adaptivity and Fault-tolerance in NoC-based MPSoCs: the MADNESS Project Approach}, booktitle = {Proceedings of the 15th EUROMICRO Conference on Digital System Design Architectures, Methods and Tools (DSD{\textquoteright}12)}, year = {2012}, month = {September 5-8}, address = {Izmir, Turkey}, abstract = {Modern embedded systems increasingly require adaptive run-time management. The system may adapt the mapping of the applications in order to accommodate the current workload conditions, to balance load for efficient resource utilization, to meet quality of service agreements, to avoid thermal hot-spots and to reduce power consumption. As the possibility of experiencing run-time faults becomes increasingly relevant with deep-sub-micron technology nodes, in the scope of the MADNESS project, we focus particularly on the problem of graceful degradation by dynamic remapping in presence of run-time faults. In this paper, we summarize the major results achieved in the MADNESS project until now regarding the system adaptivity and fault tolerant processing. We report the first results of the integration between platform level and middleware level support for adaptivity and fault tolerance. A case study demonstrates the survival ability of the platform via a low-overhead process migration mechanism and a near-optimal online remapping heuristic.}, keywords = {fault tolerance, kahn process networks (KPN), middleware, network-on-chip (NoC), process migration, system adaptivity}, doi = {http://dx.doi.org/10.1109/DSD.2012.122}, author = {Meloni, Paolo and Tuveri, Giuseppe and Raffo, Luigi and Cannella, Emanuele and Stefanov, Todor and Derin, Onur and Fiorin, Leandro and Sami, Mariagiovanna} } @article {17738, title = {Towards Self-adaptive KPN Applications on NoC-based MPSoCs}, journal = {Advances in Software Engineering}, volume = {2012}, year = {2012}, month = {September}, pages = {16 pages}, abstract = {Self-adaptivity is the ability of a system to adapt itself dynamically to internal and external changes. Such a capability helps systems to meet the performance and quality goals, while judiciously using available resources. In this paper, we propose a framework to implement application level self-adaptation capabilities in KPN applications running on NoC-based MPSoCs. The monitor-controller-adapter mechanism is used at the application level. The monitor measures various parameters to check whether the system meets the assigned goals. The controller takes decisions to steer the system towards the goal, which are applied by the adapters. The proposed framework requires minimal modifications to the application code and offers ease of integration. It incorporates a generic adaptation controller based on fuzzy logic. We present the MJPEG encoder as a case study to demonstrate the effectiveness of the approach. Our results show that even if the parameters of the fuzzy controller are not tuned optimally, the adaptation convergence is achieved within reasonable time and error limits. Moreover, the incurred steady-state overhead due to the framework is 4\% for average frame-rate, 3.5\% for average bit-rate, and 0.5\% for additional control data introduced in the network.}, keywords = {kahn process networks (KPN), network-on-chip (NoC), quality of service (QoS), self-adaptivity}, doi = {http://dx.doi.org/10.1155/2012/172674}, author = {Derin, Onur and Ramankutty, Prasanth Kuncheerat and Meloni, Paolo and Cannella, Emanuele} } @inbook {141.aetherinbook.2011, title = {AETHER: Self-Adaptive Networked Entities: Autonomous Computing Elements for Future Pervasive Applications and Technologies}, booktitle = {Reconfigurable Computing: From FPGAs to Hardware/Software Codesign}, year = {2011}, pages = {149{\textendash}184}, publisher = {Springer}, organization = {Springer}, address = {New York, USA}, abstract = {The AETHER project has laid the foundation of a complete new framework for designing and programming computing resources that live in changing environments and need to re-configure their objectives in a dynamic way. This chapter contributes to a strategic research agenda in the field of self-adaptive computing systems. It brings inputs to the reconfigurable hardware community and proposes directions to go for reconfigurable hardware and research on self-adaptive computing; it tries to identify some of the most promising future technologies for reconfiguration, while pointing out the main foreseen Challenges for reconfigurable hardware. This chapter presents the main solutions the AETHER project proposed for some of the major concerns in trying to engineer a self-adaptive computing system. The text exposes the AETHER vision of self-adaptation and its requirements. It describes and discusses the proposed solutions for tackling self-adaptivity at the various levels of abstractions. It exposes how the developed technologies could be put together in a real methodology and how self-adaptation could then be used in potential applications. Finally and based on lessons learned from AETHER, we discuss open issues and research opportunities and put those in perspective along other investigations and roadmaps.}, isbn = {978-1-4614-0061-5}, author = {Gamrat, Christian and Philippe, Jean-Marc and Jesshope, Chris and Shafarenko, Alex and Bisdounis, Labros and Bondi, Umberto and Ferrante, Alberto and Cabestany, Joan and Huebner, Michael and Parsinnen, Juha and Kadlec, Jiri and Danek, Martin and Tain, Benoit and Eisenbach, Susan and Auguin, Michel and Diguet, Jean-Philippe and Lenormand, Eric and Roux, Jean-Luc}, editor = {Cardoso, Joao Manuel Pai and Huebner, Michael} } @conference {18079, title = {Exploring the Feasibility of Low Cost Fault Injection Attacks on Sub-Threshold Devices through an Example of a 65nm AES Implementation}, booktitle = {7th Workshop on RFID Security and Privacy (RFIDSec)}, year = {2011}, month = {June}, address = {Amherst, Massachussets, USA}, author = {Barenghi, Alessandro and Hocquet, C{\'e}dric and Bol, David and Standaert, Fran{\c c}ois-Xavier and Regazzoni, Francesco and Koren, Israel} } @conference {18080, title = {A First Step Towards Automatic Application of Power Analysis Countermeasures}, booktitle = {48th Design Automation Conference (DAC)}, year = {2011}, month = {June}, address = {San Diego, Califorina}, author = {Bayrak, Ali Galip and Regazzoni, Francesco and Brisk, Philip and Standaert, Fran{\c c}ois-Xavier and Ienne, Paolo} } @conference {18086, title = {FPGA Implementations of the AES Masked Against Power Analysis Attacks}, booktitle = {2nd International Workshop on Constructive Side-Channel Analysis and Secure Design (COSADE)}, year = {2011}, month = {February}, address = {Darmstadt, Germany}, author = {Regazzoni, Francesco and Yi, Wang and Standaert, Fran{\c c}ois-Xavier} } @conference {18077, title = {Fresh Re-Keying II: Securing Multiple Parties against Side-Channel and Fault Attacks}, booktitle = {10th Smart Card Research and Advanced Application Conference (CARDIS)}, year = {2011}, month = {September}, address = {Leuven, Belgium}, author = {Medwed, Marcel and Petit, Christophe and Regazzoni, Francesco and Renauld, Mathieu and Standaert, Fran{\c c}ois-Xavier} } @article {18063, title = {Harvesting the potential of nano-CMOS for lightweight cryptography: An ultra-low-voltage 65 nm AES coprocessor for passive RFID tags}, journal = {Springer Journal of Cryptographic Engineering}, volume = {1}, issue = {1}, year = {2011}, author = {Hocquet, C{\'e}dric and Kamel, Dina and Regazzoni, Francesco and Legat, Jean-Didier and Flandre, Denis and Bol, David and Standaert, Fran{\c c}ois-Xavier} } @conference {18078, title = {Low Cost FPGA Implementations of the SHA-3 Finalists}, booktitle = {10th Smart Card Research and Advanced Application Conference (CARDIS)}, year = {2011}, month = {September}, address = {Leuven, Belgium}, author = {Kerckhof, St{\'e}phanie and Durvaux, Fran{\c c}ois and Veyrat-Charvillon, Nicolas and Regazzoni, Francesco and de Dormale, Guerric Meurice and Standaert, Fran{\c c}ois-Xavier} } @inbook {143.RiKaTuPaSiZaMa.2011, title = {Optimization Algorithms for Embedded System Design Space Exploration}, booktitle = {Multi-objective design space exploration of multiprocessor SoC architectures: the MULTICUBE approach}, year = {2011}, publisher = {Springer}, organization = {Springer}, address = {New York, USA}, abstract = {This paper is dedicated to the optimization algorithms developed in the MULTICUBE project and to their surrounding environment. Two software design space exploration (DSE) tools host the algorithms: Multicube Explorer and mode-FRONTIER. The description of the proposed algorithms is the central part of the paper. The focus will be on newly developed algorithms and on ad-hoc extensions of existing techniques in order to face with discrete and categorical design space parameters that are very common when working with embedded systems design. This paper will also provide some fundamental guidelines to build a strategy for testing the performance and accuracy of such algorithms. The aim is mainly to build confidence in optimization techniques, rather than to simply compare one algorithm versus another one. The no-free-lunch theorem for optimization has to be taken into consideration and therefore the analysis will look forward to robustness and industrial reliability of the results.}, author = {Rigoni, Enrico and Kavka, Carlos and Turco, Alessandro and Palermo, Gianluca and Silvano, Cristina and Zaccaria, Vittorio and Mariani, Giovanni} } @conference {18081, title = {Power-Gated MOS Current Mode Logic (PG-MCML): A Power-Aware DPA-Resistant Standard Cell Library}, booktitle = {48th Design Automation Conference (DAC)}, year = {2011}, month = {June}, address = {San Diego, Califorina}, author = {Cevrero, Alessandro and Regazzoni, Francesco and Schwander, Michael and Badel, St{\'e}phane and Ienne, Paolo and Leblebici, Yusuf} } @inbook {142.PaSiZaRiKaTuMa.2011, title = {Response Surface Modeling for Embedded System Design Space Exploration}, booktitle = {Multi-objective design space exploration of multiprocessor SoC architectures: the MULTICUBE approach}, year = {2011}, publisher = {Springer}, organization = {Springer}, address = {New York, USA}, abstract = {A typical design space exploration flow involves an event-based simulator in the loop, often leading to an actual evaluation time that can exceed practical limits for realistic applications. Chip multi-processor architectures further exacerbate this problem given that the actual simulation speed decreases by increasing the number of cores of the chip. Traditional design space exploration lacks of efficient techniques that reduce the number of architectural alternatives to be analyzed. In this chapter, we introduce a set of statistical and machine learning techniques that can be used to predict system level metrics by using closed-form analytical expressions instead of lengthy simulations; the latter are called Response Surface Models (RSM). The principle of RSM is to exploit a set of simulations generated by one or more Design of Experiments strategies to build a surrogate model to predict the system-level metrics. The response model has the same input and output features of the original simulation based model but offers significant speed-up by leveraging analytical, closed-form functions which are tuned during model training. The techniques presented in this chapter can be used to improve the performance of traditional design space exploration algorithms such as those presented in Chap. 3.}, author = {Palermo, Gianluca and Silvano, Cristina and Zaccaria, Vittorio and Rigoni, Enrico and Kavka, Carlos and Turco, Alessandro and Mariani, Giovanni} } @conference {17694, title = {WAMS - an adaptive system for knowledge acquisition and decision support: the case of Scaphoideus titanus}, booktitle = {IOBC/WPRS European Meeting}, year = {2011}, month = {10/2011}, pages = {57-64}, publisher = {Working Group on Integrated Protection and Production in Viticulture}, organization = {Working Group on Integrated Protection and Production in Viticulture}, address = {Lacanau, France}, author = {Prevostini, Mauro and Taddeo, Antonio Vincenzo and Bala{\'c}, Katarina and Rigamonti, Ivo and Baumg{\"a}rtner, Johann and Jermini, Mauro} } @conference {18083, title = {Fresh Re-Keying: Security against Side-Channel and Fault Attacks for Low-Cost Devices}, booktitle = {Proceedings of Progress in Cryptology - Africacrypt}, year = {2010}, month = {May}, address = {Stellenbosch, South Africa}, author = {Medwed, Marcel and Standaert, Fran{\c c}ois-Xavier and Gro{\ss}sch{\"a}dl, Johann and Regazzoni, Francesco} } @conference {18082, title = {Hardware Trojans for Inducing or Amplifying Side-Channel Leakage of Cryptographic Software}, booktitle = {2nd International Conference on Trusted Systems (INTRUST)}, year = {2010}, month = {December}, address = {Beijing, China}, author = {Gallais, Jean-Francois and Gro{\ss}sch{\"a}dl, Johann and Hanley, Neil and Kasper, Markus and Medwed, Marcel and Regazzoni, Francesco and Schmidt, Joern-Marc and Tillich, Stefan and Wojcik, Marcin} } @conference {18087, title = {Low Cost Software Countermeasures Against Fault Attacks: Implementation and Performances Trade Offs}, booktitle = {5th Workshop on Embedded Systems Security (WESS)}, year = {2010}, month = {October}, address = {Scottsdale, Arizona, USA}, author = {Barenghi, Alessandro and Breveglieri, Luca and Koren, Israel and Pelosi, Gerardo and Regazzoni, Francesco} } @conference {116.TuRePaFeSc10, title = {A Reconfigurable Multiprocessor Architecture for a Reliable Face Recognition Implementation}, booktitle = {Proceedings of Design, Automation and Test in Europe (DATE) Conference}, year = {2010}, month = {March}, address = {Dresden, Germany}, abstract = {Face Recognition techniques are solutions used to quickly screen a huge number of persons without being intrusive in open environments or to substitute id cards in companies or research institutes. There are several reasons that require to systems implementing these techniques to be reliable. This paper presents the design of a reliable face recognition system implemented on Field Programmable Gate Array (FPGA). The proposed implementation uses the concepts of multiprocessor architecture, parallel software and dynamic reconfiguration to satisfy the requirement of a reliable system. The target multiprocessor architecture is extended to support the dynamic reconfiguration of the processing unit to provide reliability to processors fault. The experimental results show that, due to the multiprocessor architecture, the parallel face recognition algorithm can achieve a speed up of 63\% with respect to the sequential version. Results regarding the overhead in maintaining a reliable architecture are also shown}, author = {Tumeo, Antonino and Regazzoni, Francesco and Palermo, Gianluca and Ferrandi, Fabrizio and Sciuto, Donatella} } @article {18492, title = {Breaking ECC2K-130}, journal = {IACR Cryptology ePrint Archive}, volume = {2009}, year = {2009}, month = {11/2009}, pages = {541}, abstract = {Elliptic-curve cryptography is becoming the standard public-key primitive not only for mobile devices but also for high-security applications. Advantages are the higher cryptographic strength per bit in comparison with RSA and the higher speed in implementations. To improve understanding of the exact strength of the elliptic-curve discrete-logarithm problem, Certicom has published a series of challenges. This paper describes breaking the ECC2K-130 challenge using a parallelized version of Pollard{\textquoteright}s rho method. This is a major computation bringing together the contributions of several clusters of conventional computers, PlayStation~3 clusters, computers with powerful graphics cards and FPGAs. We also give /preseestimates for an ASIC design. In particular we present * our choice and analysis of the iteration function for the rho method; * our choice of finite field arithmetic and representation; * detailed descriptions of the implementations on a multitude of platforms: CPUs, Cells, GPUs, FPGAs, and ASICs; * details about running the attack. }, keywords = {Attacks, automorphisms, binary fields, Certicom challenges, DLP, ECC, implementation, Koblitz curves, parallelized Pollard rho}, url = {http://eprint.iacr.org/2009/541}, author = {Bailey, Daniel V. and Batina, Lejla and Bernstein, Daniel J. and Birkner, Peter and Bos, Joppe W. and Chen, Hsieh - Chung and Cheng, Chen - Mou and van Damme, Gauthier and G{\"u}neysu, Tim and Gurkaynak, Frank and Kleinjung, Thorsten and Paar, Christof and Regazzoni, Francesco and Niederhagen, Ruben and Schwabe, Peter and Uhsadel, Leif and Van Herrewege, Anthony} } @conference {18084, title = {The Certicom Challenges ECC2-X}, booktitle = {Workshop on Special Purpose Hardware for Attacking Cryptographic Systems (SHARCS)}, year = {2009}, month = {September}, address = {Lausanne, Switzerland}, author = {Bailey, Daniel V. and Baldwin, Brian and Batina, Lejla and Bernstein, Daniel J. and Birkner, Peter and Bos, Joppe W. and van Damme, Gauthier and de Meulenaer, Giacomo and Fan, Junfeng and Gurkaynak, Frank and G{\"u}neys, Tim and Kleinjung, Thorsten and Lange, Tanja and Mentens, Nele and Paar, Christof and Regazzoni, Francesco and Schwabe, Peter and Uhsadel, Leif} } @inbook {18085, title = {A Design Flow and Evaluation Framework for DPA-resistant Instruction Set Extensions}, booktitle = {Cryptographic Hardware and Embedded Systems (CHES)}, series = {Lecture Notes in Computer Science}, volume = {5747}, year = {2009}, month = {September}, pages = {205-219}, publisher = {Springer Berlin Heidelberg}, organization = {Springer Berlin Heidelberg}, address = {Lausanne, Switzerland}, abstract = {Power-based side channel attacks are a significant security risk, especially for embedded applications. To improve the security of such devices, protected logic styles have been proposed as an alternative to CMOS. However, they should only be used sparingly, since their area and power consumption are both significantly larger than for CMOS. We propose to augment a processor, realized in CMOS, with custom instruction set extensions, designed with security and performance as the primary objectives, that are realized in a protected logic. We have developed a design flow based on standard CAD tools that can automatically synthesize and place-and-route such hybrid designs. The flow is integrated into a simulation and evaluation environment to quantify the security achieved on a sound basis. Using MCML logic as a case study, we have explored different partitions of the PRESENT block cipher between protected and unprotected logic. This experiment illustrates the tradeoff between the type and amount of application-level functionality implemented in protected logic and the level of security achieved by the design. Our design approach and evaluation tools are generic and could be used to partition any algorithm using any protected logic style.}, isbn = {978-3-642-04137-2}, doi = {10.1007/978-3-642-04138-9_15}, author = {Regazzoni, Francesco and Cevrero, Alessandro and Standaert, Fran{\c c}ois-Xavier and Badel, St{\'e}phane and Kluter, Theo and Brisk, Philip and Leblebici, Yusuf and Ienne, Paolo} } @article {18064, title = {Evaluating Resistance of MCML Technology to Power Analysis Attacks Using a Simulation-Based Methodology}, journal = {Springer Transactions on Computational Science}, volume = {5430}, year = {2009}, month = {February}, pages = {230{\textendash}243}, author = {Regazzoni, Francesco and Eisenbarth, Thomas and Poschmann, Axel and Groschdl, Johann and Gurkaynak, Frank and Macchetti, Marco and Toprak, Zeynep and Pozzi, Laura and Paar, Christof and Leblebici, Yusuf and Ienne, Paolo} } @conference {82.BeBrFaRe08, title = {A 640 Mbit/s 32-bit Pipelined Implementation of the AES Algorithm}, booktitle = {SECRYPT}, year = {2008}, month = {July 26}, address = {Porto, Portugal}, abstract = {Due to the diffusion of cryptography in real time applications, performances in cipher and decipher operations are nowadays more important than in the past. On the other side, while facing the problem for embedded systems, additional constraints of area and power consumption must be considered. Many optimized software implementations, instruction set extensions and co-processors, were studied in the past with the aim to either increase performances or to keep the cost low. This paper presents a co-processor that aims to be an intermediate solution, suitable for such applications that require a throughput in the Megabit range and where the die size is a bit relaxed as constraint. To achieve this goal, the core is designed to operate at 32 bits and the throughput is guaranteed by a 2 stage pipeline with data forwarding. The obtained results synthesizing our coprocessor by means of the CMOS $0.18$ $μ$m standard cell library show that the throughput reaches 640 Mbit/s while the circuit size is of only 20 K equivalent gates. }, keywords = {cryptography, security}, author = {Bertoni, Guido Marco and Breveglieri, Luca and Farina, Roberto and Regazzoni, Francesco} } @conference {89.ReEiBrIeKo, title = {Can knowledge regarding the presence of countermeasures against fault attacks simplify power attacks on cryptographic devices?}, booktitle = {Proceedings of 23rd IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFTS 08)}, year = {2008}, month = {October 1-3}, abstract = {Side-channel attacks are nowadays a serious concern when implementing cryptographic algorithms. Powerful ways for gaining information about the secret key as well as various countermeasures against such attacks have been recently developed. Although it is well known that such attacks can exploit information leaked from different sources, most prior works have only addressed the problem of protecting a cryptographic device against a single type of attack. Consequently, there is very little knowledge on how a scheme for protecting a device against one type of side-channel attack may affect its vulnerability to other types of side-channel attacks. In this paper we focus on devices that include protection against fault injection attacks (using different error detection schemes) and explore whether the presence of such fault detection circuits affects the resistance against attacks based on power analysis. Using the AES S-Box as an example, we performed attacks on the unprotected implementation as well as modified implementations with parity check circuits or residue check circuits (mod3 and mod7). In particular, we focus on the question whether the knowledge of the presence of error detection circuitry in the cryptographic device can help an attacker who attempts to mount a power attack on the device. Our results show that the presence of error detection circuitry helps the attacker even if he is unaware of this circuitry, and that the benefit to the attacker increases with the number of check bits used for the purpose of error detection.}, author = {Regazzoni, Francesco and Eisenbarth, Thomas and Breveglieri, Luca and Ienne, Paolo and Koren, Israel} } @Patent {78.pat20080134187PATENT, title = {Hardware scheduled SMP architectures}, number = {US 11/947,278}, year = {2008}, month = {06/2008}, type = {Application}, chapter = {US 20080134187 A1}, abstract = {A symmetric multiprocessor system employing a hardware constituted real-time operating system.}, issn = {US 20080134187 A1}, author = {Lajolo, Marcello and Nacul, Andre Costi and Regazzoni, Francesco} } @conference {48.Giaconia2007, title = {Area and Power Efficient Synthesis of DPA-Resistant Cryptographic SBoxes}, booktitle = {International Conference on VLSI Design \& Embedded Systems}, year = {2007}, month = {January 6-10}, address = {Bangalore, India}, abstract = {This paper presents a novel design methodology for the hardware implementation of non-linear bijective functions, commonly used in most symmetric-key cryptographic algorithms and known as substitution boxes (S-boxes). The proposed technique thwarts a particularly relevant class of side-channel attacks against cryptographic hardware, that of differential power analysis attacks (DPA). In the proposed approach, the cost of the countermeasure is kept low in terms of silicon process overheads (standard CMOS gates used), area requirement, power consumption and latency, when compared to existing countermeasures. Its effectiveness is proven by showing resistance to simulated DPA attacks using power curves derived with SPICE simulation.}, keywords = {differential power analysis (DPA), low power design, side channel attacks}, doi = {http://dx.doi.org/10.1109/VLSID.2007.44}, author = {Giaconia, Matteo and Macchetti, Marco and Regazzoni, Francesco and Schramm, Kai} } @conference {53.CoReLa07, title = {HardwareScheduling Support in SMP Architecture}, booktitle = {Design, Automation and Test in Europe(DATE)}, year = {2007}, month = {April 16-20}, address = {Nice, France}, abstract = {In this paper the authors propose a hardware real time operating system (HW-RTOS) that implements the OS layer in a dual-processor SMP architecture. Intertask communication is specified by means of dedicated APIs and the HW-RTOS takes care of the communication requirements of the application and also implements the task scheduling algorithm. The HW-RTOS allows to have smaller footprints, since it avoids the need to link to the final executables traditional software RTOS libraries. Moreover, the HW-RTOS is able to exploit the easy task migration feature provided by an SMP architecture much more efficiently than a traditional software RTOS, due to its faster execution and the authors show how this significantly overcomes the performance achievable with optimal static task partitioning among two processors. Preliminary results show that the hardware overhead in a dual processor architecture is less than 20K gates.}, keywords = {HW/SW co-design, multiprocessor system-on-chip (MPSoC), real time operating systems}, doi = {http://dx.doi.org/10.1109/DATE.2007.364666}, author = {Nacul, Andre Costi and Regazzoni, Francesco and Lajolo, Marcello} } @conference {67.ReEiGr07, title = {Power Attacks Resistance of Cryptographic S-boxes with added Error Detection Circuits}, booktitle = {proceedings of: {\textquoteright}22nd IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT{\textquoteright}07)}, year = {2007}, month = {September 26-28}, address = {Rome, Italy}, abstract = {Many side-channel attacks on implementations of cryptographic algorithms have been developed in recent years demonstrating the ease of extracting the secret key. In response, various schemes to protect cryptographic devices against such attacks have been devised and some implemented in practice. Almost all of these protection schemes target an individual side-channel attack and consequently, it is not obvious whether a scheme for protecting the device against one type of side-channel attacks may make the device more vulnerable to another type of side-channel attacks. We examine in this paper the possibility of such a negative impact for the case where fault detection circuitry is added to a device (to protect it against fault injection attacks) and analyze the resistance of the modified device to power attacks. To simplify the analysis we focus on only one component in the cryptographic device (namely, the S-box in the AES and Kasumi ciphers), and perform power attacks on the original implementation and on a modified implementation with an added parity check circuit. Our results show that the presence of the parity check circuitry has a negative impact on the resistance of the device to power analysis attacks.}, keywords = {cryptography, fault tolerance, reliable applications, side channel attacks}, author = {Regazzoni, Francesco and Eisenbarth, Thomas and Gro{\ss}sch{\"a}dl, Johann and Breveglieri, Luca and Ienne, Paolo and Koren, Israel and Paar, Christof} } @conference {73.OtReLa07, title = {Rapid Creation of Application Models from Bandwidth Aware Core Graphs}, booktitle = {Proceedings of: IP Based SoC Design 2007}, year = {2007}, month = {December 5-6}, address = {Grenoble, France}, abstract = {We present a methodology that allows rapid creation of application models from bandwidth aware core graphs that are available in the literature for a wide range of applications and we discuss their applicability to the rapid exploration of multiple Networks on Chip (NoCs) layout organizations. In a bandwidth aware core graph, each node represents a core and the numbers on the edges represent the bandwidth requirements between cores. We describe core graphs in a UML object model diagram and we then have an automatic code generation tool which produces a SystemC description whose behaviour results in a packet generation on every output connection that respects the bandwidth requirements specified in the core graph. We can then rapidly derive a NoC mapping in which a specific floorplan of the cores can be evaluated and compared with alternate floorplan options for rapid design space exploration.}, keywords = {network-on-chip (NoC), rapid prototyping}, author = {Otero, Jo{\~a}o and Regazzoni, Francesco and Lajolo, Marcello} } @conference {59.ReBaEi07, title = {Simulation-based Methodology for Evaluating DPA-Resistance of Cryptographic Functional Units with Application to CMOS and MCML Technologies}, booktitle = {International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation (SAMOS IC 07)}, year = {2007}, month = {July 16-19}, address = {Samos, Greece}, abstract = {This paper explores the resistance of MOS Current Mode Logic (MCML) against Differential Power Analysis (DPA) attacks. Circuits implemented in MCML, in fact, have unique characteristics both in terms of power consumption and the dependency of the power profile from the input signal pattern. Therefore, MCML is suitable to protect cryptographic hardware from DPA and similar side-channel attacks. In order to demonstrate the effectiveness of different logic styles against power analysis attacks, the non-linear bijective function of the Kasumi algorithm (known as substitution box S7) was implemented with CMOS and MCML technology, and a set of attacks was performed using power traces derived from SPICE-level simulations. Although all keys were discovered for CMOS, only very few attacks to MCML were successful.}, keywords = {current mode logic (CML), differential power analysis (DPA), power simulation, side channel attacks}, author = {Regazzoni, Francesco and Badel, St{\'e}phane and Eisenbarth, Thomas and Gro{\ss}sch{\"a}dl, Johann and Poschmann, Axel and Toprak, Zeynep and Macchetti, Marco and Pozzi, Laura and Paar, Christof and Leblebici, Yusuf and Ienne, Paolo} } @conference {46.ReBoDjMa07, title = {Tairona, an Open Source Platform for Worldwide Meeting and Tutoring}, booktitle = {World Conference on Educational Multimedia, Hypermedia and Telecommunications 7 (ED-MEDIA 07)}, year = {2007}, address = {Vancouver, Canada}, abstract = {Tairona is a web-based platform for real time meeting and tutoring. It aims to provide a solution for face to face synchronous communication between the tutor and the students in remote faculties and similar environments where a life meeting in not possible. In particular the application is tailored on needs of a scenario that is very unique: in the considered institution in fact, teachers and students meet themselves only for the week necessary to complete the course. In this paper we present the requirements that led us to design and implement Taiorna.}, keywords = {java, learning, remote application, voice over IP (VoIP)}, author = {Regazzoni, Francesco and Bonesana, Ivano and Djakov, Maksim and Mattiuz, Amanda} } @conference {40.1127983, title = {Hardware/software partitioning of operating systems: a behavioral synthesis approach}, booktitle = {GLSVLSI {\textquoteright}06: Proceedings of the 16th ACM Great Lakes symposium on VLSI}, year = {2006}, pages = {324{\textendash}329}, publisher = {ACM Press, New York, USA}, organization = {ACM Press, New York, USA}, address = {Philadelphia, PA, USA}, abstract = {In this paper we propose a hardware real time operating system(HW-RTOS) solution that makes use of a dedicated hardware in order to replace the standard support provided by the POSIX layer of a general purpose RTOS for implementing task synchronization and scheduling. By redefining only the I/O APIs of the tasks, the HW-RTOS then takes care of the communication requirements of the original application and also implements the task scheduling algorithm. The new software application can then be compiled without any need for POSIX support. The main advantages are smaller and faster executables. We present results that show how a small hardware area, less than 10K gates, can result in a 15X performance improvement when the original software scheduler is replaced by a dedicated HW-RTOS.}, keywords = {HW/SW co-design, real time operating systems, system-on-chip (SoC)}, isbn = {1-59593-347-6}, doi = {http://doi.acm.org/10.1145/1127908.1127983}, author = {Chandra, Satish and Regazzoni, Francesco and Lajolo, Marcello} } @conference {39.1169233, title = {Speeding Up AES By Extending a 32 bit Processor Instruction Set}, booktitle = {ASAP {\textquoteright}06: Proceedings of the IEEE 17th International Conference on Application-specific Systems, Architectures and Processors (ASAP{\textquoteright}06)}, year = {2006}, pages = {275-282}, publisher = {IEEE Computer Society}, organization = {IEEE Computer Society}, address = {Washington, DC, USA}, abstract = {Nowadays the need of speed in cipher and decipher operations is more important than in the past. This is due to the diffusion of real time applications, which fact involves the use of cryptography. Many co-processors for cryptography were studied and presented in the past, but only few works were addressed to the enhancement of the instruction set architecture (ISA) of the embedded processor. This paper presents an extension of the ISA of a 32 bit processor, that aims at speeding up the software implementations of the AES algorithm. After the identification of the most frequently executed and the most time consuming sections of the algorithm, a set of dedicated instructions is designed in order to improve the performances of the cipher operations. We validate our instruction set extension by measuring the speed up for different optimized implementations of AES using an ARM processor simulator, but the enhancements we propose are general enough to be applied to almost all 32 bit processors.}, keywords = {cryptography, HW/SW co-design, instruction set extension}, isbn = {0-7695-2682-9}, doi = {http://dx.doi.org/10.1109/ASAP.2006.62}, author = {Bertoni, Guido Marco and Breveglieri, Luca and Farina, Roberto and Regazzoni, Francesco} } @conference {36.RegNacLaj2005, title = {Automatic Synthesis of the Hardware/Software Interface in Multiprocessor Architectures}, booktitle = {FDL{\textquoteright}05 - Forum on Specification and Design Languages}, year = {2005}, month = {September 27-30}, address = {Lausanne, Switzerland}, abstract = {Although Moore{\textquoteright}s Law, in principle, enables a huge number of components to be integrated into a single chip, design methods that will allow system architects to put the components together to achieve cost, power and time-to-market targets are severely lacking. System-level design and optimization techniques can significantly reduce the design gap by providing solutions that achieve correct-by-construction rather than the correct-by-iteration approach. This paper presents a programmatic interface generation tool for automating the generation of the hardware/software interfaces in the context of multiprocessor Systems-On-Chips. The solutions that we present are of crucial importance in a platform based design environment for building a flexible system with reusable IPs and CPU cores.}, keywords = {HW/SW co-design, system-on-chip (SoC)}, author = {Regazzoni, Francesco and Nacul, Andre Costi and Lajolo, Marcello} } @conference {37.RegLaj2005, title = {Hardware/Software Partitioning and Interface Synthesis in Networks On Chip}, booktitle = {IP Based SoC Design 2005}, year = {2005}, month = {December 7-8}, address = {Grenoble, France}, abstract = {With deep sub-micron technology, chip designers are expected to create System-On-Chip (SOC) solutions by connecting different Intellectual Property (IP) blocks using efficient and reliable interconnection schemes. On chip networks are quite compelling because, by applying networking techniques to on-chip communication, they allow to implement a fully distributed communication pattern with little or no global coordination. This avoids the problems due to the difficulty of implementing future chips with one single clock source and negligible skew. On the other hand, in order to benefit from the NOC communication paradigm, designers should perform a careful functional mapping for taking advantage of spatial locality, by placing the blocks that communicate more frequently closer together. This reduces the use of long global paths and the corresponding energy dissipation. In this work we show how a tile based NOC architecture can be exploited in order to support a flexible hardware/software partitioning of a system-level specification and we present a methodology for the automatic synthesis of the hardware/software interfaces.}, keywords = {HW/SW co-design, network-on-chip (NoC), system-on-chip (SoC)}, author = {Regazzoni, Francesco and Lajolo, Marcello} } @conference {35.MacRiv2005, title = {Small-scale Variants of the Secure Hash Standard}, booktitle = {ECRYPT workshop on RFID and lightweight cryptography}, year = {2005}, month = {July 14-15}, address = {Graz, Austria}, abstract = {In this paper we present effective small scale formulations of the Secure Hash Standard; we focus on the SHA-2 family of algo- rithms, introducing new compact instances baptized SHA-16, SHA-32, and SHA-64. These may be useful for computing hashes and Message Authentication Codes (MACs) on small platforms where only 8-bit pro- cessors are available, such as in the case of Radio Frequency Identifi- cation (RFID) devices and embedded systems. To prove the soundness of our scaling approach, we analyze the cryptographic properties of the proposed constructions in terms of adherence to the Strict Avalanche Criterion (SAC) and of robustness to birthday attacks, by also compar- ing the results with the expected values from random functions. As an additional contribution, we complete the theoretical results for the bal- ance property of random functions, thereby also calculating the expected robustness of the original SHA-2 family versus birthday attacks. Keywords: hash functions, balance, SAC, small scale, RFID.}, keywords = {balance, hash functions, RFID, SAC, small scale}, author = {Macchetti, Marco and Rivard, Philippe} } @conference {29.SaMaRe2005, title = {Speeding Security on the Intel StrongARM}, booktitle = {Embedded Intel Solutions}, year = {2005}, pages = {31-33}, abstract = {With the increasing use of portable and wireless devices in the business and daily life, protecting sensitive information via encryption is becoming more and more crucial. ALaRI (Advanced Learning and Research Institute) has been conducting research aimed at improving the execution of security algorithms in embedded systems. Thanks to a donation from Intel, ALaRI has been able to develop several recommendations for implementing security efficiently on the Intel StrongARM architecture.}, keywords = {embedded processors, instruction set extension, security}, author = {Sami, Mariagiovanna and Macchetti, Marco and Regazzoni, Francesco} } @conference {27.RegLaj2004, title = {Interface Synthesis in Multiprocessing Systems-on-Chips}, booktitle = {IP Based SoC Design 2004}, year = {2004}, month = {December}, address = {Grenoble}, abstract = {Although Moore{\textquoteright}s Law, in principle, enables a huge number of components to be integrated into a single chip, design methods that will allow system architects to put the components together to achieve cost, power and time-to-market targets are severely lacking. System-level design and optimization techniques can significantly reduce the design gap by providing solutions that achieve correct-by-construction approach rather than the correct-by-iteration approach. This paper presents a programmatic interface generation tool for automating the generation of the hardware/software interfaces in the context of multi-processor Systems-On-Chips. The solutions that we present are of crucial importance in a platform based design environment for building a flexible system with reusable IPs and CPU cores.}, keywords = {HW/SW co-design, system-on-chip (SoC)}, author = {Regazzoni, Francesco and Lajolo, Marcello} }