Physically Unclonable Functions
|
|
- Rudolph Watkins
- 5 years ago
- Views:
Transcription
1 Physically Unclonable Functions Rajat Subhra Chakraborty Associate Professor Department of Computer Science and Engineering IIT Kharagpur ISEA Workshop IIT Kharagpur, October 2016
2 Security Threats: Overview DARPA s Model of Hardware Security Threats* Third-party Offshore Not really Trusted!! * 2
3 What is PUF? Fingerprint of Devices A challenge-response mechanism in which the mapping between an applied input ( challenge ) and the corresponding observed output ( response ) is dependent on the complex and variable nature of a physical material The challenge-response mapping is unclonable (ideally) and instance-specific n-bit Challenge(C) PUF n-bit Response (R) 3
4 PUF Properties Evaluatable: given PUF and x, it is easy to evaluate y = PUF(x). Unique: PUF(x) contains some information about the identity of the physical entity embedding PUF. Reproducible: y = PUF(x) is reproducible up to a small error. Unclonable: given PUF, it is hard to construct a procedure PUF PUF' PUF and x C PUF'( x) PUF( x) up to a small error. Unpredictable: given only a set, Q {( x, it is hard to i, yi PUF ( xi )} predict y c = PUF(x c ) up to a small error, for x c a random challenge such that ( x c,.) Q. One-way: given only y and PUF, it is hard to find x such that PUF(x) = y. Tamper-evident: altering the physical entity embedding PUF transforms PUF PUF such that with high probability x C PUF( x) PUF'( x) not even up to a small error. 4
5 PUF Taxonomy 5
6 PUF Taxonomy 6
7 Arbiter PUF Arbiter R = 0/1 C = 0 C = 1 C = 1 Compare two paths with an identical delay in design. Random process variation determines which path is faster. An arbiter (usually a latch) outputs 1-bit digital response. D 1 clk C = 1 C = 0 Switching Component Operation D 0 clk Arbiter Operation 7
8 Ring Oscillator PUF MHz 2519MHz MUX counter >? Response (0 / 1) N oscillators N counter 2453MHz Compare frequencies of two oscillators Challenge The faster oscillator is randomly determined by manufacturing variations Disadvantage: exponential hardware requirement 8
9 Silicon PUFs Family Latch PUF cell SRAM PUF cell Butterfly PUF cell Bi-stable Ring PUF Loop PUF FF PUF cell 9
10 Metrics for Quality Measurement Uniformity: Estimates how uniform the proportion of 0's and `1's is in the response bits of a PUF. For truly random PUF responses, this proportion must be 50%. uniformity n i r i, l n l1 where r i,l is the l-th binary bit of an n-bit response from a chip i. 1 10
11 Metrics for Quality Measurement (cont.) Uniqueness: represents the ability of a PUF to uniquely distinguish a particular chip among a group of chips of the same type. Ideal value is 50% uniqueness k( k k1 2 1) k i1 ji1 HD( R i n, R j ) 100% where: HD(R i, R j ) is Hamming Distance between n-bit signature of chip i and j. K is the number of chip containing PUF under interest. 11
12 Metrics for Quality Measurement (cont.) Reliability: How efficient a PUF is in reproducing the response bits. Employ intra-chip HD among several samples of PUF response bits to evaluate it. The same n-bit response is extracted at a different operating condition (different ambient temperature or different supply voltage) Ideal value is 100% reliability 1 HD( R, R ) m n m i i, t (1 ) 100% t1 Where: R i is n-bit response of PUF instance i at normal operating conditions. R i,t is the t-th sample of R i. 12
13 The Advantages World without PUF World with PUF Trusted party embeds and tests secret keys in a secure nonvolatile memory (NVM) EEPROM adds additional complexity to manufacturing Intrinsic properties of device is used to generate secret key. Key never leaves the IC s cryptographic boundary, nor be stored in a non-volatile memory. Adversaries may physically extract secret key from nonvolatile memory Key is deleted after usage in de- or encryption process 13
14 Low-Cost Authentication Applications (1/2) Protect against IC/FPGA substitution and counterfeits without using cryptographic operations Authentic Device A PUF Untrusted Supply Chain / Environments??? PUF Is this the authentic Device A? Challenge Response Record Challenge Response Challenge Response Database for Device A =? 14
15 Applications (2/2) Private/Public Key Pair Generation Private key ECC + PUF Seed Key Generation Public key PUF response is used as a random seed to a private/ public key generation algorithm No secret needs to be handled by a manufacturer A device generates a key pair on-chip, and outputs a public key 15
16 Security Parameters of PUF Unclonability: - Cannot be achieved using traditional cryptographic techniques. - Two types of unclonability: - Physical Unclonability - A PUF is physically unclonable if a physical copy of the PUF with similar challenge/response behaviour cannot be made, even by the manufacturer. - Mathematical Unclonability - it is not possible to construct a mathematical approximator which models the original PUF behaviour up to some small error. Unpredictability: - Adversary can t predict response of a new challenge form a known set of CRPs
17 Cloning of PUF Creating a physical clone of the PUF is considered infeasible The creation of a mathematical clone requires that the raw PUF response(s) be predicted with sufficient accuracy Non-invasive attack methods using side channel analysis on the PUF Invasive attack involving mechanical probing of r Attackers with access to contactless probing equipment can use a semi-invasive methodology to obtain the data of interest
18 Brute Force: PUF Attacks To save every Challenge Response Pairs (CRPs) Physical Access to PUF is required Replay Attack: Eavesdropping CRPs and play them back Modelling Attack (or Machine Learning Attack): Take the advantage between relationship between challenge the challenge/response Build a PUF model using Machine Learning (ML) methods: - Support vector machine - Artificial Neural network - Logistic regression - Evolutionary Computing Set of CRPs needed to train ML algorithm
19 ML Attack on Arbiter PUF Modeling Attacks by Machine Learning (Rührmair et al.) Logistic Regression technique : success rate Arbiter 99.9% using 18K CRPs in 0.6 sec. (64 taps) XOR Arbiter 99% using 12K CRPs in 3 min 42 secs (4 XOR, 64 taps). Lightweight Arbiters 99% using 12K CRPs in 1 hour and 28 mins (4 XORs, 64 taps). Feed-forward Arbiters 99% using 5K CRPs in 47 mins and 7 secs (7 FF, 64 taps).
20 Linear Delay Model of Arbiter PUF d d 1Ci i 1) 2 1 C 1 i1 ( p 1 d ( i)) ( s d ( )) 2 i i top i bottom top ( 1 1Ci i 1) 2 1 C 1 i1 ( q 1 d ( i)) ( r d ( )) 2 i i top i bottom bottom( 1 where C i {1,1} denotes the challenge bit of the i-th stage
21 Linear Delay Model of Arbiter PUF (contd.) d top d bottom n ) ( ) ( 1) ( i i i i C i C i 2 n n n n n s r q p 2 n n n n n s r q p
22 Linear Delay Model of Arbiter PUF Let p k be the parity of challenge bits: n p C and p i i n ik 1 1 ( n) p ( ) p ( ) p p where n n1 n1 n n P, D P ( p, p,, p ) and D (,,,, ) 0 1 n n n1 n An Arbiter PUF is a linear classifier of random challenge vectors in n-dimensional space, where n is the total number of challenge bits Apply Support Vector Machine (SVM) using: Parity vectors X are n-dimensional feature vectors Constant vector d is the normal to the hyperplane that classifies challenges into two classes
23 Reported Experimental Results [D. Lim, M.S. Thesis, MIT, 2002] Worked on computer simulation model of Arbiter PUF Claimed 100% modeling accuracy by applying SVM (PUF size and training set size not mentioned) [Maes et al, IEEE WIFS 12] Silicon (ASIC) data ASIC fabricated in 65 nm CMOS technology 64-bit Arbiter PUF 500 CRPs as training set Claims ~90% prediction accuracy using SVM [CSE Dept., IIT-KGP] Silicon (FPGA Data) 64-bit Arbiter PUF 5000 CRPs as training set ~96% prediction accuracy using SVM
24 Cryptanalytic Attack on PUF Machine learning based modeling attack are considered successful if modeling accuracy is extremely high (e.g. > 95%) However, cryptographic notions of security are different Any computational technique that reduces a given PUF instance from being a random Boolean mapping to being a predictable mapping, with success rate better than ½, can be considered successful cryptanalysis: Let P be an arbitrary PUF instance with m-bit challenge, and 1- bit response. Then, the PUF instance P is considered to be secure if and only if there is no efficient algorithm which can predict for a given challenge c, the corresponding response r, with a probability of success greater than 1/2 Such a notion has important implications on PUF security
25 Alternative to Classic ROPUF: Enhanced ROPUF [Maity et al, IEEE TC, 2012] Main Goals Avoid the exponential hardware overhead of ROPUF Retain the robustness to machine learning attack resistance To improve reliability by having inherent error-correction capabilities at low hardware footprint Main Ideas Have only n ROs (in place of 2 n ROs for classical ROPUF) Select multiple ROs for a given challenge (no. of ROs selected = Hamming Weight of the challenge) Output is a complex non-linear function of the chosen RO frequencies Retain auxiliary information called Helper Data, along with the response, to enable to error correction
26 Response and Helper Data Generation - e ( 1), q: real numbers, chosen security parameters A quantity Q is calculated based on the frequencies of the selected ROs Range of Q values assigned alternately 0/1 labels over intervals of size q : this gives the response r W (real number between -q and q) is the helper data An incorrect response due to noisy Q can be corrected based on the value of W
27 Example: Response Generation Corresponding value of W: W = (2n 0.5) q Q = (2 X 6 0.5) X = 0.7
28 Example: Response Correction During decoding phase: assume Q is the observed value Then, correct response is given by: Note: the decoding scheme uses exactly opposite parity as the encoding scheme with respect to Q The scheme works if Q - Q q/2 Thus, if Q (= 10.8) changes to 10.3 Q 11.3 for q = 1, correction is possible, otherwise not Hence, choice of q is crucial, and depends on the expected deviation levels of the RO frequencies of the particular implementation
29 Cryptanalysis of Enhanced ROPUF [DATE 15] This is a chosen challenge attack It is a divide-and-conquer approach that tries to recover individual terms in the expression of Q Let q = 1, and Q = n + ᵟ, where 0 ᵟ < 1 and n = floor(q). Then, we have the following observations: r n (mod 2) ᵟ = W if W < 0, otherwise ᵟ = 1 - W 0.5 If an adversary can recover the value of ᵟij corresponding to Q ij = w ij f i - f j e by setting only two challenge bits to 1 and the others to 0, then eventually she can recover the value of r by recovering one ᵟij value per chosen challenge Two variants of the attack are possible, differing in complexity and probability of success
30 Attack-1: All W ij, r ij and c ij Values Available Algorithm can be easily modified to recover the value of r for any challenge of arbitrary form Data complexity: O(m 2 ) Time complexity: O(t 2 ) if Hamming Weight of challenge is t Probability of success: 1
31 Attack-2: Only r ij and c ij Values Available Cryptanalysis is considerably more difficult when helper data is not available Main insight: Since Q = Q ij = (n ij + ᵟij ), the parity of n = floor(q), and the parity of the sum of the ᵟij quantities leak information about the value of the response r For sake of explanation, assume c 1 =c 2 =c 3 =1, c i = 0 for i > 3. Thus the challenge is c = (1,1,1,0,0,,0). Q = Q 12 + Q 13 + Q 23 = n 12 + n 13 + n 23 + (ᵟ 12 + ᵟ 13 + ᵟ 23 ) = n + (let) Adversary computes: p(n ) n (mod 2) and tries to guess p( ) (mod 2) Note that: Pr[p( ) = 0] = 2/3!, and hence the if the adversary knows p(n ), she can predict the actual response with a success probability > ½!
32 Attack-2: Algorithm: r ij and c ij Values Available Data complexity: O(t) Time complexity: O(t) Probability of Success t even: (1 + 1/t)/2, t > 4 t odd: (1 + 1/ (3t-5))/2 Attack not possible if t = 4
33 Experimental Results Virginia Tech. Dataset for FPGA implementation of Enhanced ROPUF downloaded from: Good agreement between theoretical and experimental bias
34 Thank You for Your Attention! 34
Formal Design of Composite Physically Unclonable Function
Formal Design of Composite Physically Unclonable Function Durga Prasad Sahoo Debdeep Mukhopadhyay Rajat Subhra Chakraborty Computer Science and Engineering Indian Institute of Technology, Kharagpur, India
More informationMXPUF: Secure PUF Design against State-of-the-art Modeling Attacks
MXPUF: Secure PUF Design against State-of-the-art Modeling Attacks Phuong Ha Nguyen 1, Durga Prasad Sahoo 2, Chenglu Jin 1, Kaleel Mahmood 1, and Marten van Dijk 1 1 University of Connecticut, USA, 2 Robert
More informationSINCE the introduction of Arbiter Physically Unclonable
A Multiplexer based Arbiter PUF Composition with Enhanced Reliability and Security Durga Prasad Sahoo, Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, and Phuong Ha Nguyen Abstract Arbiter Physically Unclonable
More informationEVALUATION OF PHYSICAL UNCLONABLE FUNCTIONS
EVALUATION OF PHYSICAL UNCLONABLE FUNCTIONS ECE 646 PROJECT PRESENTATION DEC 11, 2012 YAMINI RAVISHANKAR PHYSICAL UNCLONABLE FUNCTIONS A challenge-response mechanism in which the mapping between a challenge
More informationExtracting Secret Keys from Integrated Circuits
Extracting Secret Keys from Integrated Circuits Daihyun Lim April 5, 005 Abstract Modern cryptographic protocols are based on the premise that only authorized participants can obtain secret keys and access
More informationTrapdoor Computational Fuzzy Extractors
1 Trapdoor Computational Fuzzy Extractors Charles Herder, Ling Ren, Marten van Dijk, Meng-Day (Mandel) Yu, Srinivas Devadas cherder@mit.edu, renling@mit.edu, vandijk@engr.uconn.edu, myu@verayo.com, devadas@mit.edu
More informationMulti-valued Arbiters for Quality Enhancement of PUF Responses on FPGA Implementation
Multi-valued Arbiters for Quality Enhancement of PUF Responses on FPGA Implementation Siarhei S. Zalivaka 1, Alexander V. Puchkov 2, Vladimir P. Klybik 2, Alexander A. Ivaniuk 2, Chip-Hong Chang 1 1 School
More informationPolicy Gradients for Cryptanalysis
Policy Gradients for Cryptanalysis Frank Sehnke 1, Christian Osendorfer 1, Jan Sölter 2, Jürgen Schmidhuber 3,4, and Ulrich Rührmair 1 1 Faculty of Computer Science, Technische Universität München, Germany
More informationEindhoven University of Technology MASTER. Entropy analysis of physical unclonable functions. van den Berg, R. Award date: Link to publication
Eindhoven University of Technology MASTER Entropy analysis of physical unclonable functions van den Berg, R. Award date: 2012 Link to publication Disclaimer This document contains a student thesis (bachelor's
More informationLecture 1: Introduction to Public key cryptography
Lecture 1: Introduction to Public key cryptography Thomas Johansson T. Johansson (Lund University) 1 / 44 Key distribution Symmetric key cryptography: Alice and Bob share a common secret key. Some means
More informationPHYSICAL UNCLONEABLE FUNCTION HARDWARE KEYS UTILIZING KIRCHHOFF-LAW- JOHNSON-NOISE SECURE KEY EXCHANGE AND NOISE-BASED LOGIC
July 26, 2013; second version. PHYSICAL UNCLONEABLE FUNCTION HARDWARE KEYS UTILIZING KIRCHHOFF-LAW- JOHNSON-NOISE SECURE KEY EXCHANGE AND NOISE-BASED LOGIC LASZLO B. KISH (1), CHIMAN KWAN (2) (1) Texas
More informationPower and Timing Side Channels for PUFs and their Efficient Exploitation
Power and Timing Side Channels for PUFs and their Efficient Exploitation Ulrich Rührmair, Xiaolin Xu, Jan Sölter, Ahmed Mahmoud, Farinaz Koushanfar, Wayne Burleson Abstract We discuss the first power and
More informationFrom Statistics to Circuits: Foundations for Future Physical Unclonable Functions
From Statistics to Circuits: Foundations for Future Physical Unclonable Functions Inyoung Kim, Abhranil Maiti, Leyla Nazhandali, Patrick Schaumont, Vignesh Vivekraja, and Huaiye Zhang 1 Introduction Identity
More informationA Formal Foundation for the Security Features of Physical Functions
2011 IEEE Symposium on Security and Privacy A Formal Foundation for the Security Features of Physical Functions Frederik Armknecht, Roel Maes, Ahmad-Reza Sadeghi, François-Xavier Standaert, and Christian
More informationUniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches
Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches Dai Yamamoto 1, Kazuo Sakiyama 2, Mitsugu Iwamoto 2, Kazuo Ohta 2, Takao Ochiai 1, Masahiko Takenaka 1 and
More informationFault Injection Modeling Attacks on 65nm Arbiter and RO Sum PUFs via Environmental Changes
Fault Injection Modeling Attacks on 65nm Arbiter and RO Sum PUFs via Environmental Changes Jeroen Delvaux and Ingrid Verbauwhede ESAT/SCD-COSIC and iminds, KU Leuven Kasteelpark Arenberg, B-3 Leuven-Heverlee,
More informationSecurity Implications of Quantum Technologies
Security Implications of Quantum Technologies Jim Alves-Foss Center for Secure and Dependable Software Department of Computer Science University of Idaho Moscow, ID 83844-1010 email: jimaf@cs.uidaho.edu
More informationPublic Key Exchange by Neural Networks
Public Key Exchange by Neural Networks Zahir Tezcan Computer Engineering, Bilkent University, 06532 Ankara zahir@cs.bilkent.edu.tr Abstract. This work is a survey on the concept of neural cryptography,
More informationExtracting Secret Keys from Integrated Circuits
Extracting Secret Keys from Integrated Circuits by Daihyun Lim Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Master
More informationarxiv: v2 [cs.cr] 19 Jan 2019
New Family of Stream Ciphers as Physically Clone-Resistant VLSI-Structures Ayoub Mars and Wael Adi IDA, Institute of Computer and Network Engineering Technical University of Braunschweig, Germany a.mars@tu-bs.de,w.adi@tu-bs.de
More informationThis is an accepted version of a paper published in Elsevier Information Fusion. If you wish to cite this paper, please use the following reference:
This is an accepted version of a paper published in Elsevier Information Fusion. If you wish to cite this paper, please use the following reference: T. Murakami, T. Ohki, K. Takahashi, Optimal sequential
More informationSecure Goods Supply Chain and Key Exchange with Virtual Proof of Reality
Secure Goods Supply Chain and Key Exchange with Virtual Proof of Reality Yansong Gao 1,2, Damith C. Ranasinghe 2, Said F. Al-Sarawi 1, and Derek Abbott 1 1 School of Electrical and Electronic Engineering,
More informationAsymmetric Cryptography
Asymmetric Cryptography Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman General idea: Use two different keys -K and +K for encryption and decryption Given a
More informationChapter 4 Asymmetric Cryptography
Chapter 4 Asymmetric Cryptography Introduction Encryption: RSA Key Exchange: Diffie-Hellman [NetSec/SysSec], WS 2008/2009 4.1 Asymmetric Cryptography General idea: Use two different keys -K and +K for
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@ece.orst.edu Electrical & Computer Engineering Oregon State University Corvallis, Oregon 97331 Technical Report December 9, 2002 Version 1.5 1 1 Introduction
More informationEntropy Evaluation for Oscillator-based True Random Number Generators
Entropy Evaluation for Oscillator-based True Random Number Generators Yuan Ma DCS Center Institute of Information Engineering Chinese Academy of Sciences Outline RNG Modeling method Experiment Entropy
More informationEECS150 - Digital Design Lecture 26 - Faults and Error Correction. Types of Faults in Digital Designs
EECS150 - Digital Design Lecture 26 - Faults and Error Correction April 25, 2013 John Wawrzynek 1 Types of Faults in Digital Designs Design Bugs (function, timing, power draw) detected and corrected at
More informationA Physical Unclonable Function derived from the power distribution system of an integrated circuit
University of New Mexico UNM Digital Repository Electrical and Computer Engineering ETDs Engineering ETDs 2-8-2011 A Physical Unclonable Function derived from the power distribution system of an integrated
More informationCryptanalysis of Achterbahn
Cryptanalysis of Achterbahn Thomas Johansson 1, Willi Meier 2, and Frédéric Muller 3 1 Department of Information Technology, Lund University P.O. Box 118, 221 00 Lund, Sweden thomas@it.lth.se 2 FH Aargau,
More informationCold Boot Attacks in the Discrete Logarithm Setting
Cold Boot Attacks in the Discrete Logarithm Setting B. Poettering 1 & D. L. Sibborn 2 1 Ruhr University of Bochum 2 Royal Holloway, University of London October, 2015 Outline of the talk 1 Introduction
More informationA Trustworthy Key Generation Prototype Based on DDR3 PUF for Wireless Sensor Networks
Sensors 2014, 14, 11542-11556; doi:10.3390/s140711542 Article OPEN ACCESS sensors ISSN 1424-8220 www.mdpi.com/journal/sensors A Trustworthy Key Generation Prototype Based on DDR3 PUF for Wireless Sensor
More informationAIR FORCE INSTITUTE OF TECHNOLOGY
Digital Fingerprinting of Field Programmable Gate Arrays THESIS James W. Crouch, Captain, USAF AFIT/GE/ENG/08-06 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson
More informationUpper Bounds on The Min-Entropy of RO Sum, Arbiter, Feed-Forward Arbiter, and S-ArbRO PUFs
Upper Bounds on The Min-Entropy of RO Sum, Arbiter, Feed-Forward Arbiter, and S-ArbRO PUFs Jeroen Delvaux KU Leuven, ESAT/COSIC and iminds, Belgium, and Shanghai Jiao Tong Univeristy, CSE/LoCCS, China
More informationSecure and Effective Logic Locking for Machine Learning Applications
Secure and Effective Logic Locking for Machine Learning Applications Yuntao Liu, Yang Xie, Abhishek Charkraborty, and Ankur Srivastava University of Maryland, College Park Abstract. Logic locking has been
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationTHERE is a clear trend towards small, distributed, mobile
Fault Injection Modeling Attacks on 65nm Arbiter and RO Sum PUFs via Environmental Changes Jeroen Delvaux and Ingrid Verbauwhede, Fellow, IEEE Abstract Physically Unclonable Functions (PUFs) are emerging
More informationAdders, subtractors comparators, multipliers and other ALU elements
CSE4: Components and Design Techniques for Digital Systems Adders, subtractors comparators, multipliers and other ALU elements Instructor: Mohsen Imani UC San Diego Slides from: Prof.Tajana Simunic Rosing
More informationPractical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits
Practical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits Damien Vergnaud École normale supérieure CHES September, 15th 2015 (with Aurélie Bauer) Damien Vergnaud
More informationLecture 11: Hash Functions, Merkle-Damgaard, Random Oracle
CS 7880 Graduate Cryptography October 20, 2015 Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle Lecturer: Daniel Wichs Scribe: Tanay Mehta 1 Topics Covered Review Collision-Resistant Hash Functions
More informationSide Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents
Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents Santanu Sarkar and Subhamoy Maitra Leuven, Belgium 12 September, 2012 Outline of the Talk RSA Cryptosystem
More informationCryptanalysis of the Light-Weight Cipher A2U2 First Draft version
Cryptanalysis of the Light-Weight Cipher A2U2 First Draft version Mohamed Ahmed Abdelraheem, Julia Borghoff, Erik Zenner Technical University of Denmark, DK-2800 Kgs. Lyngby, Denmark {M.A.Abdelraheem,J.Borghoff,E.Zenner}@mat.dtu.dk
More informationCryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1
Cryptography CS 555 Topic 25: Quantum Crpytography CS555 Topic 25 1 Outline and Readings Outline: What is Identity Based Encryption Quantum cryptography Readings: CS555 Topic 25 2 Identity Based Encryption
More informationFAKULTÄT FÜR INFORMATIK. Side-Channel Analysis of Physical Unclonable Functions (PUFs)
FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN UNIVERSITÄT MÜNCHEN Diplomarbeit in Informatik Side-Channel Analysis of Physical Unclonable Functions (PUFs) Dieter Schuster FAKULTÄT FÜR INFORMATIK DER TECHNISCHEN
More informationA Pseudo-Random Encryption Mode
A Pseudo-Random Encryption Mode Moni Naor Omer Reingold Block ciphers are length-preserving private-key encryption schemes. I.e., the private key of a block-cipher determines a permutation on strings of
More informationHigh-Order Conversion From Boolean to Arithmetic Masking
High-Order Conversion From Boolean to Arithmetic Masking Jean-Sébastien Coron University of Luxembourg jean-sebastien.coron@uni.lu Abstract. Masking with random values is an effective countermeasure against
More informationSecure RAID Schemes from EVENODD and STAR Codes
Secure RAID Schemes from EVENODD and STAR Codes Wentao Huang and Jehoshua Bruck California Institute of Technology, Pasadena, USA {whuang,bruck}@caltechedu Abstract We study secure RAID, ie, low-complexity
More informationEfficient Power and Timing Side Channels for Physical Unclonable Functions
Efficient Power and Timing Side Channels for Physical Unclonable Functions Ulrich Rührmair,, Xiaolin Xu,, Jan Sölter, Ahmed Mahmoud, Mehrdad Majzoobi, Farinaz Koushanfar, and Wayne Burleson Technische
More informationPhysical Turing Machines and the Formalization of Physical Cryptography
Physical Turing Machines and the Formalization of Physical Cryptography Ulrich Rührmair Technische Universität München 80333 München, Germany ruehrmair@in.tum.de September 18, 2006 (With Revisions in Introduction
More informationSecure and Reliable Key Agreement with Physical Unclonable Functions
Article Secure and Reliable Key Agreement with Physical Unclonable Functions Onur Günlü 1, * ID, Tasnad Kernetzky 2 ID, Onurcan İşcan 3 ID, Vladimir Sidorenko 1 ID, Gerhard Kramer 1 ID, and Rafael F. Schaefer
More informationUnconditionally Secure and Universally Composable Commitments from Physical Assumptions
Unconditionally Secure and Universally Composable Commitments from Physical Assumptions Ivan Damgård Aarhus University, Denmark Alessandra Scafuro UCLA, USA Abstract We present a constant-round unconditional
More informationInteger weight training by differential evolution algorithms
Integer weight training by differential evolution algorithms V.P. Plagianakos, D.G. Sotiropoulos, and M.N. Vrahatis University of Patras, Department of Mathematics, GR-265 00, Patras, Greece. e-mail: vpp
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationComputational security & Private key encryption
Computational security & Private key encryption Emma Arfelt Stud. BSc. Software Development Frederik Madsen Stud. MSc. Software Development March 2017 Recap Perfect Secrecy Perfect indistinguishability
More informationQuantitative and Statistical Performance Evaluation of Arbiter Physical Unclonable Functions on FPGAs
Quantitative and Statistical Performance Evaluation of Arbiter Physical Unclonable Functions on FPGAs Yohei Hori, Takahiro Yoshida, Toshihiro atashita and Akashi Satoh Research Center for Information Security
More informationAn Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009
An Dr Nick Papanikolaou Research Fellow, e-security Group International Digital Laboratory University of Warwick http://go.warwick.ac.uk/nikos Seminar on The Future of Cryptography The British Computer
More informationMTJ-Based Nonvolatile Logic-in-Memory Architecture and Its Application
2011 11th Non-Volatile Memory Technology Symposium @ Shanghai, China, Nov. 9, 20112 MTJ-Based Nonvolatile Logic-in-Memory Architecture and Its Application Takahiro Hanyu 1,3, S. Matsunaga 1, D. Suzuki
More informationHELPER-LESS PHYSICALLY UNCLONABLE FUNCTIONS AND CHIP AUTHENTICATION. Riccardo Bernardini and Roberto Rinaldo
2014 IEEE International Conference on Acoustic, Speech and Signal Processing (ICASSP) HELPER-LESS PHYSICALLY UNCLONABLE FUNCTIONS AND CHIP AUTHENTICATION Riccardo Bernardini and Roberto Rinaldo DIEGM University
More informationarxiv:cs/ v1 [cs.cr] 20 Aug 2004
Authenticated tree parity machine key exchange arxiv:cs/0408046v1 [cs.cr] 20 Aug 2004 Markus Volkmer and André Schaumburg Hamburg University of Science and Technology Department of Computer Engineering
More informationAn Alternative to Error Correction for SRAM-Like PUFs
An Alternative to Error Correction for SRAM-Like PUFs Maximilian Hofer and Christoph Boehm Institute of Electronics, Graz University of Technology maximilian.hofer@tugraz.at, christoph.boehm@tugraz.at
More informationAn Easy-to-Design PUF based on a Single Oscillator: the Loop PUF
An Easy-to-Design PUF based on a Single Oscillator: the Loop PUF Zhoua Cherif Jouini, Jean-Luc Danger, Sylvain Guilley, Lilian Bossuet To cite this version: Zhoua Cherif Jouini, Jean-Luc Danger, Sylvain
More informationDigital Signal Processing for Embedded Communications and Biomedical Systems
igital Signal Processing for Embedded Communications and Biomedical Systems Keshab K. Parhi istinguished McKnight University Professor University of Minnesota, Minneapolis http://www.ece.umn.edu/users/parhi
More information5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes
5th March 2004 Unconditional Security of Quantum Key Distribution With Practical Devices Hermen Jan Hupkes The setting Alice wants to send a message to Bob. Channel is dangerous and vulnerable to attack.
More informationOptimal XOR based (2,n)-Visual Cryptography Schemes
Optimal XOR based (2,n)-Visual Cryptography Schemes Feng Liu and ChuanKun Wu State Key Laboratory Of Information Security, Institute of Software Chinese Academy of Sciences, Beijing 0090, China Email:
More informationLecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures
Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures Boaz Barak November 27, 2007 Quick review of homework 7 Existence of a CPA-secure public key encryption scheme such that oracle
More informationEECS150 - Digital Design Lecture 26 Faults and Error Correction. Recap
EECS150 - Digital Design Lecture 26 Faults and Error Correction Nov. 26, 2013 Prof. Ronald Fearing Electrical Engineering and Computer Sciences University of California, Berkeley (slides courtesy of Prof.
More informationEntropy Extraction in Metastability-based TRNG
Entropy Extraction in Metastability-based TRNG Vikram B. Suresh Dept. of Electrical & Computer Engineering University of Massachusetts Amherst, USA vsuresh@ecs.umass.edu Wayne P. Burleson Dept. of Electrical
More informationCryptographic Hashing
Innovation and Cryptoventures Cryptographic Hashing Campbell R. Harvey Duke University, NBER and Investment Strategy Advisor, Man Group, plc January 30, 2017 Campbell R. Harvey 2017 2 Overview Cryptographic
More informationHardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow
Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow Cees J.A. Jansen Pijnenburg Securealink B.V. Vught, The Netherlands ISSE Conference, London 27 September,
More informationarxiv: v1 [cs.cr] 16 Dec 2015
A Note on Efficient Algorithms for Secure Outsourcing of Bilinear Pairings arxiv:1512.05413v1 [cs.cr] 16 Dec 2015 Lihua Liu 1 Zhengjun Cao 2 Abstract. We show that the verifying equations in the scheme
More informationTrapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 14, NO. 1, JANUARY/FEBRUARY 2017 65 Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions
More informationCIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography
CIS 6930/4930 Computer and Network Security Topic 5.2 Public Key Cryptography 1 Diffie-Hellman Key Exchange 2 Diffie-Hellman Protocol For negotiating a shared secret key using only public communication
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationError-Correcting Schemes with Dynamic Thresholds in Nonvolatile Memories
2 IEEE International Symposium on Information Theory Proceedings Error-Correcting Schemes with Dynamic Thresholds in Nonvolatile Memories Hongchao Zhou Electrical Engineering Department California Institute
More information10 - February, 2010 Jordan Myronuk
10 - February, 2010 Jordan Myronuk Classical Cryptography EPR Paradox] The need for QKD Quantum Bits and Entanglement No Cloning Theorem Polarization of Photons BB84 Protocol Probability of Qubit States
More informationHow to Encrypt with the LPN Problem
How to Encrypt with the LPN Problem Henri Gilbert, Matt Robshaw, and Yannick Seurin ICALP 2008 July 9, 2008 Orange Labs the context the authentication protocol HB + by Juels and Weis [JW05] recently renewed
More informationA Chaotic Encryption System Using PCA Neural Networks
A Chaotic Encryption System Using PCA Neural Networks Xiao Fei, Guisong Liu, Bochuan Zheng Computational Intelligence Laboratory, School of Computer Science and Engineering, University of Electronic Science
More informationFPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256
IMES FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256 Dorian Amiet 1, Andreas Curiger 2 and Paul Zbinden 1 1 HSR Hochschule für Technik, Rapperswil, Switzerland 2 Securosys SA, Zürich,
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary - Math Part
More informationAsymmetric Encryption
-3 s s Encryption Comp Sci 3600 Outline -3 s s 1-3 2 3 4 5 s s Outline -3 s s 1-3 2 3 4 5 s s Function Using Bitwise XOR -3 s s Key Properties for -3 s s The most important property of a hash function
More informationVidyalankar S.E. Sem. III [CMPN] Digital Logic Design and Analysis Prelim Question Paper Solution
. (a) (i) ( B C 5) H (A 2 B D) H S.E. Sem. III [CMPN] Digital Logic Design and Analysis Prelim Question Paper Solution ( B C 5) H (A 2 B D) H = (FFFF 698) H (ii) (2.3) 4 + (22.3) 4 2 2. 3 2. 3 2 3. 2 (2.3)
More informationII/IV B.Tech. DEGREE EXAMINATIONS, NOV/DEC-2017
CSE/IT 213 (CR) Total No. of Questions :09] [Total No. of Pages : 03 II/IV B.Tech. DEGREE EXAMINATIONS, NOV/DEC-2017 First Semester CSE/IT BASIC ELECTRICAL AND ELECTRONICS ENGINEERING Time: Three Hours
More informationA New Approach to Practical Secure Two-Party Computation. Jesper Buus Nielsen Peter Sebastian Nordholt Claudio Orlandi Sai Sheshank
A New Approach to Practical Secure Two-Party Computation Jesper Buus Nielsen Peter Sebastian Nordholt Claudio Orlandi Sai Sheshank Secure Two-Party Computation Alice has an input a {0,1} * Bob has an input
More informationPractical Attacks on HB and HB+ Protocols
Practical Attacks on HB and HB+ Protocols Zbigniew Gołębiewski 1, Krzysztof Majcher 2, Filip Zagórski 3, and Marcin Zawada 3 1 Institute of Computer Science, Wrocław University 2 Mathematical Institute,
More informationWhy Attackers Win: On the Learnability of XOR Arbiter PUFs
Why Attackers Win: On the Learnability of XOR Arbiter PUFs Fatemeh Ganji (B), Shahin Tajik, and Jean-Pierre Seifert Security in Telecommunications, Technische Universität Berlin and Telekom Innovation
More informationUsing a Hopfield Network: A Nuts and Bolts Approach
Using a Hopfield Network: A Nuts and Bolts Approach November 4, 2013 Gershon Wolfe, Ph.D. Hopfield Model as Applied to Classification Hopfield network Training the network Updating nodes Sequencing of
More informationLinear Cryptanalysis of Reduced-Round Speck
Linear Cryptanalysis of Reduced-Round Speck Tomer Ashur Daniël Bodden KU Leuven and iminds Dept. ESAT, Group COSIC Address Kasteelpark Arenberg 10 bus 45, B-3001 Leuven-Heverlee, Belgium tomer.ashur-@-esat.kuleuven.be
More informationSide-channel attacks on PKC and countermeasures with contributions from PhD students
basics Online Side-channel attacks on PKC and countermeasures (Tutorial @SPACE2016) with contributions from PhD students Lejla Batina Institute for Computing and Information Sciences Digital Security Radboud
More informationWinter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2
0368.3049.01 Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod Assignment #2 Published Sunday, February 17, 2008 and very slightly revised Feb. 18. Due Tues., March 4, in Rani Hod
More informationA Fourier Analysis Based Attack against Physically Unclonable Functions
A Fourier Analysis Based Attack against Physically Unclonable Functions Fatemeh Ganji, Shahin Tajik, Jean-Pierre Seifert Security in Telecommunications Technische Universität Berlin Germany {fganji,stajik,jpseifert}@sec.t-labs.tu-berlin.de
More informationI. Motivation & Examples
I. Motivation & Examples Output depends on current input and past history of inputs. State embodies all the information about the past needed to predict current output based on current input. State variables,
More informationNovel Strong PUF based on Nonlinearity of MOSFET Subthreshold Operation
Novel trong PUF based on Nonlinearity of MOFET ubthreshold Operation Mukund Kalyanaraman and Michael Orshansky Department of Electrical and Computer Engineering The University of Texas at Austin email:{mukundkm,orshansky}@utexas.edu
More informationA Scalable and Provably Secure Hash-Based RFID Protocol
PerSec 05 A Scalable and Provably Secure Hash-Based RFID Protocol EPFL, Lausanne, Switzerland ÉCOLE POLYTECHNIQUE FÉDÉRALE DE LAUSANNE Outline A Brief Introduction to the RFID Technology A Brief Introduction
More informationAES side channel attacks protection using random isomorphisms
Rostovtsev A.G., Shemyakina O.V., St. Petersburg State Polytechnic University AES side channel attacks protection using random isomorphisms General method of side-channel attacks protection, based on random
More informationDesign and Implementation of Carry Adders Using Adiabatic and Reversible Logic Gates
Design and Implementation of Carry Adders Using Adiabatic and Reversible Logic Gates B.BharathKumar 1, ShaikAsra Tabassum 2 1 Research Scholar, Dept of ECE, Lords Institute of Engineering & Technology,
More informationMachine Learning Basics
Security and Fairness of Deep Learning Machine Learning Basics Anupam Datta CMU Spring 2019 Image Classification Image Classification Image classification pipeline Input: A training set of N images, each
More informationAll-Or-Nothing Transforms Using Quasigroups
All-Or-Nothing Transforms Using Quasigroups Stelios I Marnas, Lefteris Angelis, and George L Bleris Department of Informatics, Aristotle University 54124 Thessaloniki, Greece Email: {marnas,lef,bleris}@csdauthgr
More informationStream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden
Dept. of EIT, Lund University, P.O. Box 118, 221 00 Lund, Sweden thomas@eit.lth.se May 16, 2011 Outline: Introduction to stream ciphers Distinguishers Basic constructions of distinguishers Various types
More informationPermutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1
Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1 Kwangsu Lee A Thesis for the Degree of Master of Science Division of Computer Science, Department
More informationChair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 2 Basics
Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle Network Security Chapter 2 Basics 2.4 Random Number Generation for Cryptographic Protocols Motivation It is
More informationChapter 7. Sequential Circuits Registers, Counters, RAM
Chapter 7. Sequential Circuits Registers, Counters, RAM Register - a group of binary storage elements suitable for holding binary info A group of FFs constitutes a register Commonly used as temporary storage
More information