Physically Unclonable Functions

Similar documents
Formal Design of Composite Physically Unclonable Function

MXPUF: Secure PUF Design against State-of-the-art Modeling Attacks

SINCE the introduction of Arbiter Physically Unclonable

EVALUATION OF PHYSICAL UNCLONABLE FUNCTIONS

Extracting Secret Keys from Integrated Circuits

Trapdoor Computational Fuzzy Extractors

Multi-valued Arbiters for Quality Enhancement of PUF Responses on FPGA Implementation

Policy Gradients for Cryptanalysis

Eindhoven University of Technology MASTER. Entropy analysis of physical unclonable functions. van den Berg, R. Award date: Link to publication

Lecture 1: Introduction to Public key cryptography

PHYSICAL UNCLONEABLE FUNCTION HARDWARE KEYS UTILIZING KIRCHHOFF-LAW- JOHNSON-NOISE SECURE KEY EXCHANGE AND NOISE-BASED LOGIC

Power and Timing Side Channels for PUFs and their Efficient Exploitation

From Statistics to Circuits: Foundations for Future Physical Unclonable Functions

A Formal Foundation for the Security Features of Physical Functions

Uniqueness Enhancement of PUF Responses Based on the Locations of Random Outputting RS Latches

Fault Injection Modeling Attacks on 65nm Arbiter and RO Sum PUFs via Environmental Changes

Security Implications of Quantum Technologies

Public Key Exchange by Neural Networks

Extracting Secret Keys from Integrated Circuits

arxiv: v2 [cs.cr] 19 Jan 2019

This is an accepted version of a paper published in Elsevier Information Fusion. If you wish to cite this paper, please use the following reference:

Secure Goods Supply Chain and Key Exchange with Virtual Proof of Reality

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

Cryptographic Hash Functions

Entropy Evaluation for Oscillator-based True Random Number Generators

EECS150 - Digital Design Lecture 26 - Faults and Error Correction. Types of Faults in Digital Designs

A Physical Unclonable Function derived from the power distribution system of an integrated circuit

Cryptanalysis of Achterbahn

Cold Boot Attacks in the Discrete Logarithm Setting

A Trustworthy Key Generation Prototype Based on DDR3 PUF for Wireless Sensor Networks

AIR FORCE INSTITUTE OF TECHNOLOGY

Upper Bounds on The Min-Entropy of RO Sum, Arbiter, Feed-Forward Arbiter, and S-ArbRO PUFs

Secure and Effective Logic Locking for Machine Learning Applications

Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur

THERE is a clear trend towards small, distributed, mobile

Adders, subtractors comparators, multipliers and other ALU elements

Practical Key Recovery for Discrete-Logarithm Based Authentication Schemes from Random Nonce Bits

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Cryptanalysis of the Light-Weight Cipher A2U2 First Draft version

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

FAKULTÄT FÜR INFORMATIK. Side-Channel Analysis of Physical Unclonable Functions (PUFs)

A Pseudo-Random Encryption Mode

High-Order Conversion From Boolean to Arithmetic Masking

Secure RAID Schemes from EVENODD and STAR Codes

Efficient Power and Timing Side Channels for Physical Unclonable Functions

Physical Turing Machines and the Formalization of Physical Cryptography

Secure and Reliable Key Agreement with Physical Unclonable Functions

Unconditionally Secure and Universally Composable Commitments from Physical Assumptions

Integer weight training by differential evolution algorithms

Side Channel Analysis and Protection for McEliece Implementations

Computational security & Private key encryption

Quantitative and Statistical Performance Evaluation of Arbiter Physical Unclonable Functions on FPGAs

An Introduction. Dr Nick Papanikolaou. Seminar on The Future of Cryptography The British Computer Society 17 September 2009

MTJ-Based Nonvolatile Logic-in-Memory Architecture and Its Application

HELPER-LESS PHYSICALLY UNCLONABLE FUNCTIONS AND CHIP AUTHENTICATION. Riccardo Bernardini and Roberto Rinaldo

arxiv:cs/ v1 [cs.cr] 20 Aug 2004

An Alternative to Error Correction for SRAM-Like PUFs

An Easy-to-Design PUF based on a Single Oscillator: the Loop PUF

Digital Signal Processing for Embedded Communications and Biomedical Systems

5th March Unconditional Security of Quantum Key Distribution With Practical Devices. Hermen Jan Hupkes

Optimal XOR based (2,n)-Visual Cryptography Schemes

Lecture 18 - Secret Sharing, Visual Cryptography, Distributed Signatures

EECS150 - Digital Design Lecture 26 Faults and Error Correction. Recap

Entropy Extraction in Metastability-based TRNG

Cryptographic Hashing

Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow

arxiv: v1 [cs.cr] 16 Dec 2015

Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions

CIS 6930/4930 Computer and Network Security. Topic 5.2 Public Key Cryptography

Elliptic Curve Cryptography and Security of Embedded Devices

Error-Correcting Schemes with Dynamic Thresholds in Nonvolatile Memories

10 - February, 2010 Jordan Myronuk

How to Encrypt with the LPN Problem

A Chaotic Encryption System Using PCA Neural Networks

FPGA-BASED ACCELERATOR FOR POST-QUANTUM SIGNATURE SCHEME SPHINCS-256

Intro to Public Key Cryptography Diffie & Hellman Key Exchange

Asymmetric Encryption

Vidyalankar S.E. Sem. III [CMPN] Digital Logic Design and Analysis Prelim Question Paper Solution

II/IV B.Tech. DEGREE EXAMINATIONS, NOV/DEC-2017

A New Approach to Practical Secure Two-Party Computation. Jesper Buus Nielsen Peter Sebastian Nordholt Claudio Orlandi Sai Sheshank

Practical Attacks on HB and HB+ Protocols

Why Attackers Win: On the Learnability of XOR Arbiter PUFs

Using a Hopfield Network: A Nuts and Bolts Approach

Linear Cryptanalysis of Reduced-Round Speck

Side-channel attacks on PKC and countermeasures with contributions from PhD students

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

A Fourier Analysis Based Attack against Physically Unclonable Functions

I. Motivation & Examples

Novel Strong PUF based on Nonlinearity of MOSFET Subthreshold Operation

A Scalable and Provably Secure Hash-Based RFID Protocol

AES side channel attacks protection using random isomorphisms

Design and Implementation of Carry Adders Using Adiabatic and Reversible Logic Gates

Machine Learning Basics

All-Or-Nothing Transforms Using Quasigroups

Stream ciphers I. Thomas Johansson. May 16, Dept. of EIT, Lund University, P.O. Box 118, Lund, Sweden

Permutation Generators Based on Unbalanced Feistel Network: Analysis of the Conditions of Pseudorandomness 1

Chair for Network Architectures and Services Institute of Informatics TU München Prof. Carle. Network Security. Chapter 2 Basics

Chapter 7. Sequential Circuits Registers, Counters, RAM

Transcription:

Physically Unclonable Functions Rajat Subhra Chakraborty Associate Professor Department of Computer Science and Engineering IIT Kharagpur E-mail: rschakraborty@cse.iitkgp.ernet.in ISEA Workshop IIT Kharagpur, October 2016

Security Threats: Overview DARPA s Model of Hardware Security Threats* Third-party Offshore Not really Trusted!! *http://www.darpa.mil/mto/solicitations/baa07-24/index.html 2

What is PUF? Fingerprint of Devices A challenge-response mechanism in which the mapping between an applied input ( challenge ) and the corresponding observed output ( response ) is dependent on the complex and variable nature of a physical material The challenge-response mapping is unclonable (ideally) and instance-specific n-bit Challenge(C) PUF n-bit Response (R) 3

PUF Properties Evaluatable: given PUF and x, it is easy to evaluate y = PUF(x). Unique: PUF(x) contains some information about the identity of the physical entity embedding PUF. Reproducible: y = PUF(x) is reproducible up to a small error. Unclonable: given PUF, it is hard to construct a procedure PUF PUF' PUF and x C PUF'( x) PUF( x) up to a small error. Unpredictable: given only a set, Q {( x, it is hard to i, yi PUF ( xi )} predict y c = PUF(x c ) up to a small error, for x c a random challenge such that ( x c,.) Q. One-way: given only y and PUF, it is hard to find x such that PUF(x) = y. Tamper-evident: altering the physical entity embedding PUF transforms PUF PUF such that with high probability x C PUF( x) PUF'( x) not even up to a small error. 4

PUF Taxonomy 5

PUF Taxonomy 6

Arbiter PUF Arbiter R = 0/1 C = 0 C = 1 C = 1 Compare two paths with an identical delay in design. Random process variation determines which path is faster. An arbiter (usually a latch) outputs 1-bit digital response. D 1 clk C = 1 C = 0 Switching Component Operation D 0 clk Arbiter Operation 7

Ring Oscillator PUF 1 2 2467MHz 2519MHz MUX counter >? Response (0 / 1) N oscillators N counter 2453MHz Compare frequencies of two oscillators Challenge The faster oscillator is randomly determined by manufacturing variations Disadvantage: exponential hardware requirement 8

Silicon PUFs Family Latch PUF cell SRAM PUF cell Butterfly PUF cell Bi-stable Ring PUF Loop PUF FF PUF cell 9

Metrics for Quality Measurement Uniformity: Estimates how uniform the proportion of 0's and `1's is in the response bits of a PUF. For truly random PUF responses, this proportion must be 50%. uniformity n i r i, l n l1 where r i,l is the l-th binary bit of an n-bit response from a chip i. 1 10

Metrics for Quality Measurement (cont.) Uniqueness: represents the ability of a PUF to uniquely distinguish a particular chip among a group of chips of the same type. Ideal value is 50% uniqueness k( k k1 2 1) k i1 ji1 HD( R i n, R j ) 100% where: HD(R i, R j ) is Hamming Distance between n-bit signature of chip i and j. K is the number of chip containing PUF under interest. 11

Metrics for Quality Measurement (cont.) Reliability: How efficient a PUF is in reproducing the response bits. Employ intra-chip HD among several samples of PUF response bits to evaluate it. The same n-bit response is extracted at a different operating condition (different ambient temperature or different supply voltage) Ideal value is 100% reliability 1 HD( R, R ) m n m i i, t (1 ) 100% t1 Where: R i is n-bit response of PUF instance i at normal operating conditions. R i,t is the t-th sample of R i. 12

The Advantages World without PUF World with PUF Trusted party embeds and tests secret keys in a secure nonvolatile memory (NVM) EEPROM adds additional complexity to manufacturing Intrinsic properties of device is used to generate secret key. Key never leaves the IC s cryptographic boundary, nor be stored in a non-volatile memory. Adversaries may physically extract secret key from nonvolatile memory Key is deleted after usage in de- or encryption process 13

Low-Cost Authentication Applications (1/2) Protect against IC/FPGA substitution and counterfeits without using cryptographic operations Authentic Device A PUF Untrusted Supply Chain / Environments??? PUF Is this the authentic Device A? Challenge Response Record Challenge Response Challenge Response 1001010 010101 1011000 101101 0111001 000110 Database for Device A =? 14

Applications (2/2) Private/Public Key Pair Generation Private key ECC + PUF Seed Key Generation Public key PUF response is used as a random seed to a private/ public key generation algorithm No secret needs to be handled by a manufacturer A device generates a key pair on-chip, and outputs a public key 15

Security Parameters of PUF Unclonability: - Cannot be achieved using traditional cryptographic techniques. - Two types of unclonability: - Physical Unclonability - A PUF is physically unclonable if a physical copy of the PUF with similar challenge/response behaviour cannot be made, even by the manufacturer. - Mathematical Unclonability - it is not possible to construct a mathematical approximator which models the original PUF behaviour up to some small error. Unpredictability: - Adversary can t predict response of a new challenge form a known set of CRPs

Cloning of PUF Creating a physical clone of the PUF is considered infeasible The creation of a mathematical clone requires that the raw PUF response(s) be predicted with sufficient accuracy Non-invasive attack methods using side channel analysis on the PUF Invasive attack involving mechanical probing of r Attackers with access to contactless probing equipment can use a semi-invasive methodology to obtain the data of interest

Brute Force: PUF Attacks To save every Challenge Response Pairs (CRPs) Physical Access to PUF is required Replay Attack: Eavesdropping CRPs and play them back Modelling Attack (or Machine Learning Attack): Take the advantage between relationship between challenge the challenge/response Build a PUF model using Machine Learning (ML) methods: - Support vector machine - Artificial Neural network - Logistic regression - Evolutionary Computing Set of CRPs needed to train ML algorithm

ML Attack on Arbiter PUF Modeling Attacks by Machine Learning (Rührmair et al.) Logistic Regression technique : success rate Arbiter 99.9% using 18K CRPs in 0.6 sec. (64 taps) XOR Arbiter 99% using 12K CRPs in 3 min 42 secs (4 XOR, 64 taps). Lightweight Arbiters 99% using 12K CRPs in 1 hour and 28 mins (4 XORs, 64 taps). Feed-forward Arbiters 99% using 5K CRPs in 47 mins and 7 secs (7 FF, 64 taps).

Linear Delay Model of Arbiter PUF d d 1Ci i 1) 2 1 C 1 i1 ( p 1 d ( i)) ( s d ( )) 2 i i top i bottom top ( 1 1Ci i 1) 2 1 C 1 i1 ( q 1 d ( i)) ( r d ( )) 2 i i top i bottom bottom( 1 where C i {1,1} denotes the challenge bit of the i-th stage

Linear Delay Model of Arbiter PUF (contd.) d top d bottom n ) ( 1 1 1 1 ) ( 1) ( i i i i C i C i 2 n n n n n s r q p 2 n n n n n s r q p

Linear Delay Model of Arbiter PUF Let p k be the parity of challenge bits: n p C and p i i n ik 1 1 ( n) p ( ) p ( ) p p where 1 0 2 1 2 n n1 n1 n n P, D P ( p, p,, p ) and D (,,,, ) 0 1 n 1 2 1 n n1 n An Arbiter PUF is a linear classifier of random challenge vectors in n-dimensional space, where n is the total number of challenge bits Apply Support Vector Machine (SVM) using: Parity vectors X are n-dimensional feature vectors Constant vector d is the normal to the hyperplane that classifies challenges into two classes

Reported Experimental Results [D. Lim, M.S. Thesis, MIT, 2002] Worked on computer simulation model of Arbiter PUF Claimed 100% modeling accuracy by applying SVM (PUF size and training set size not mentioned) [Maes et al, IEEE WIFS 12] Silicon (ASIC) data ASIC fabricated in 65 nm CMOS technology 64-bit Arbiter PUF 500 CRPs as training set Claims ~90% prediction accuracy using SVM [CSE Dept., IIT-KGP] Silicon (FPGA Data) 64-bit Arbiter PUF 5000 CRPs as training set ~96% prediction accuracy using SVM

Cryptanalytic Attack on PUF Machine learning based modeling attack are considered successful if modeling accuracy is extremely high (e.g. > 95%) However, cryptographic notions of security are different Any computational technique that reduces a given PUF instance from being a random Boolean mapping to being a predictable mapping, with success rate better than ½, can be considered successful cryptanalysis: Let P be an arbitrary PUF instance with m-bit challenge, and 1- bit response. Then, the PUF instance P is considered to be secure if and only if there is no efficient algorithm which can predict for a given challenge c, the corresponding response r, with a probability of success greater than 1/2 Such a notion has important implications on PUF security

Alternative to Classic ROPUF: Enhanced ROPUF [Maity et al, IEEE TC, 2012] Main Goals Avoid the exponential hardware overhead of ROPUF Retain the robustness to machine learning attack resistance To improve reliability by having inherent error-correction capabilities at low hardware footprint Main Ideas Have only n ROs (in place of 2 n ROs for classical ROPUF) Select multiple ROs for a given challenge (no. of ROs selected = Hamming Weight of the challenge) Output is a complex non-linear function of the chosen RO frequencies Retain auxiliary information called Helper Data, along with the response, to enable to error correction

Response and Helper Data Generation - e ( 1), q: real numbers, chosen security parameters A quantity Q is calculated based on the frequencies of the selected ROs Range of Q values assigned alternately 0/1 labels over intervals of size q : this gives the response r W (real number between -q and q) is the helper data An incorrect response due to noisy Q can be corrected based on the value of W

Example: Response Generation Corresponding value of W: W = (2n 0.5) q Q = (2 X 6 0.5) X 1 10.8 = 0.7

Example: Response Correction During decoding phase: assume Q is the observed value Then, correct response is given by: Note: the decoding scheme uses exactly opposite parity as the encoding scheme with respect to Q The scheme works if Q - Q q/2 Thus, if Q (= 10.8) changes to 10.3 Q 11.3 for q = 1, correction is possible, otherwise not Hence, choice of q is crucial, and depends on the expected deviation levels of the RO frequencies of the particular implementation

Cryptanalysis of Enhanced ROPUF [DATE 15] This is a chosen challenge attack It is a divide-and-conquer approach that tries to recover individual terms in the expression of Q Let q = 1, and Q = n + ᵟ, where 0 ᵟ < 1 and n = floor(q). Then, we have the following observations: r n (mod 2) ᵟ = W + 0.5 if W < 0, otherwise ᵟ = 1 - W 0.5 If an adversary can recover the value of ᵟij corresponding to Q ij = w ij f i - f j e by setting only two challenge bits to 1 and the others to 0, then eventually she can recover the value of r by recovering one ᵟij value per chosen challenge Two variants of the attack are possible, differing in complexity and probability of success

Attack-1: All W ij, r ij and c ij Values Available Algorithm can be easily modified to recover the value of r for any challenge of arbitrary form Data complexity: O(m 2 ) Time complexity: O(t 2 ) if Hamming Weight of challenge is t Probability of success: 1

Attack-2: Only r ij and c ij Values Available Cryptanalysis is considerably more difficult when helper data is not available Main insight: Since Q = Q ij = (n ij + ᵟij ), the parity of n = floor(q), and the parity of the sum of the ᵟij quantities leak information about the value of the response r For sake of explanation, assume c 1 =c 2 =c 3 =1, c i = 0 for i > 3. Thus the challenge is c = (1,1,1,0,0,,0). Q = Q 12 + Q 13 + Q 23 = n 12 + n 13 + n 23 + (ᵟ 12 + ᵟ 13 + ᵟ 23 ) = n + (let) Adversary computes: p(n ) n (mod 2) and tries to guess p( ) (mod 2) Note that: Pr[p( ) = 0] = 2/3!, and hence the if the adversary knows p(n ), she can predict the actual response with a success probability > ½!

Attack-2: Algorithm: r ij and c ij Values Available Data complexity: O(t) Time complexity: O(t) Probability of Success t even: (1 + 1/t)/2, t > 4 t odd: (1 + 1/ (3t-5))/2 Attack not possible if t = 4

Experimental Results Virginia Tech. Dataset for FPGA implementation of Enhanced ROPUF downloaded from: http://rijndael.ece.vt.edu/puf/download.html Good agreement between theoretical and experimental bias

Thank You for Your Attention! 34

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback