Improving Security and Reliability of Physical Unclonable Functions Using Machine Learning

Physical Unclonable Functions (PUFs) are promising security primitives for device authenti-cation and key generation. Due to the noise influence, reliability is an important performance metric of PUF-based authentication. In the literature, lots of efforts have been devoted to enhancing PUF reliability by using error correction methods such as error-correcting codes and fuzzy extractor. Ho-wever, one property that most of these prior works overlooked is the non-uniform distribution of PUF response across different bits. This wok proposes a two-step methodology to improve the reliability of PUF under noisy conditions. The first step involves acquiring the parameters of PUF models by using machine lear-ning algorithms. The second step then utilizes these obtained parameters to improve the reliability of PUFs by selectively choosing challenge-response pairs (CRPs) for authentication. Two distinct algorithms for improving the reliability of multiplexer (MUX) PUF, i.e., total delay difference thresholding and sensitive bits grouping, are presented. It is important to note that the methodology can be easily applied to other types of PUFs as well. Our experimental results show that the relia-bility of PUF-based authentication can be significantly improved by the proposed approaches. For example, in one experimental setting, the reliability of an MUX PUF is improved from 89.75% to 94.07% using total delay difference thresholding, while 89.30% of generated challenges are stored. As opposed to total delay difference thresholding, sensitive bits grouping possesses higher efficiency, as it can produce reliable CRPs directly. Our experimental results show that the reliability can be improved to 96.91% under the same setting, when we group 12 bits in the challenge vector of a 128-stage MUX PUF. Besides, because the actual noise varies greatly in different conditions, it is hard to predict the error of of each individual PUF response bit. This wok proposes a novel methodology to improve the efficiency of PUF response error correction based on error-rates. The proposed method first obtains the PUF model by using machine learning techniques, which is then used to predict the error-rates. Intuitively, we are inclined to tolerate errors in PUF response bits with relatively higher error-rates. Thus, we propose to treat different PUF response bits with different degrees of error tolerance, according to their estimated error-rates. Specifically, by assigning optimized weights, i.e., 0, 1, 2, 3, and infinity to PUF response bits, while a small portion of high error rates responses are truncated; the other responses are duplicated to a limited number of bits according to error-rates before error correction and a portion of low error-rates responses bypass the error correction as direct keys. The hardware cost for error correction can also be reduced by employing these methods. Response weighting is capable of reducing the false negative and false positive simultaneously. The entropy can also be controlled. Our experimental results show that the response weighting algorithm can reduce not only the false negative from 20.60% to 1.71%, but also the false positive rate from 1.26 × 10−21 to 5.38 × 10−22 for a PUF-based authentication with 127-bit response and 13-bit error correction. Besides, three case studies about the applications of the proposed algorithm are also discussed. Along with the rapid development of hardware security techniques, the revolutionary gro-wth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this wok presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly im-prove the learning efficiency of PUF modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our ex-perimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mis-labeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs. At last, it is critical to design secure PUF, which can mitigate the countermeasures or modeling attacking from intelligent and adaptive adversaries. Previously, researchers devoted to hiding PUF information by pre- or post processing of PUF challenge/response. However, these methods are still subject to side-channel analysis based hybrid attacks. Methods for increasing the non-linearity of PUF structure, such as feedforward PUF, cascade PUF and subthreshold current PUF, have also been proposed. However, these methods significantly degrade the reliability. Based on the previous work, this work proposes a novel concept, noisy PUF, which achieves modeling attack resistance while maintaining a high degree of reliability for selected CRPs. A possible design of noisy PUF along with the corresponding experimental results is also presented

Physical Unclonability Framework for the Internet of Things

Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading secrets among several parties also expands the attack surface. This conflict is in part due to the difficulty in differentiating between instances of the same hardware, which leads to treating physically distinct devices as identical. Harnessing the uniqueness of each connected device and injecting it into security protocols can provide solutions to several common issues of the IoT. Secrets can be generated directly from this uniqueness without the need to manually embed them into devices, reducing both the risk of exposure and the cost of managing great numbers of devices. Uniqueness can then lead to the primitive of unclonability. Unclonability refers to ensuring the difficulty of producing an exact duplicate of an entity via observing and measuring the entity’s features and behaviour. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions that extract the inherent unclonable features of objects and compound them into a usable form, often that of binary data. PUFs are also exceptionally useful in IoT applications since they are low-cost, easy to integrate into existing designs, and have the potential to replace expensive cryptographic operations. Thus, a great number of solutions have been developed to integrate PUFs in various security scenarios. However, methods to expand unclonability into a complete security framework have not been thoroughly studied. In this work, the foundations are set for the development of such a framework through the formulation of an unclonability stack, in the paradigm of the OSI reference model. The stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices, network links and eventually unclonable systems. Those layers are introduced, and work towards the design of protocols and methods for several of the layers is presented. A collection of protocols based on one or more unclonable tokens or authority devices is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods. The role of the authority devices is that of a consolidated, observable root of ownership, whose physical state can be verified. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships, without the need of continued interaction with the authority device. Building on this introduction scheme, methods for establishing and maintaining unclonable links between pairs of nodes are introduced. These pairwise links are essential for the construction of relationships among multiple network nodes, in a variety of topologies. Those topologies and the resulting relationships are formulated and discussed. While the framework does not depend on specific PUF hardware, SRAM PUFs are chosen as a case study since they are commonly used and based on components that are already present in the majority of IoT devices. In the context of SRAM PUFs and with a view to the proposed framework, practical issues affecting the adoption of PUFs in security protocols are discussed. Methods of improving the capabilities of SRAM PUFs are also proposed, based on experimental data.School of Engineering Newcastle Universit

Modélisation et caractérisation des fonctions non clonables physiquement

Physically Unclonable Functions, or PUFs, are innovative technologies devoted to solve some security and identification issues. Similarly to a human fingerprint, PUFs allows to identify uniquely electronic devices as they produce an instance-specific signature. Applications as authentication or key generation can take advantage of this embedded function. The main property that we try to obtain from a PUF is the generation of a unique response that varies randomly from one physical device to another without allowing its prediction. Another important property of these PUF is to always reproduce the same response for the same input challenge even in a changing environment. Moreover, the PUF system should be secure against attacks that could reveal its response. In this thesis, we are interested in silicon PUF which take advantage of inherent process variations during the manufacturing of CMOS integrated circuits. We present several PUF constructions, discuss their properties and the implementation techniques to use them in security applications. We first present two novel PUF structures. The first one, called “Loop PUF” is a delay based PUF which relies on the comparison of delay measurements of identical serial delay chains. The major contribution brought by the use of this structure is its implementation simplicity on both ASIC and FPGA platforms, and its flexibility as it can be used for reliable authentication or key generation. The second proposed structure is a ring-oscillator based PUF cells “TERO PUF”. It exploits the oscillatory metastability of cross-coupled elements, and can also be used as True Random Number Generator (TRNG). More precisely, the PUF response takes advantage from the introduced oscillatory metastability of an SR flip-flop when the S and R inputs are connected to the same input signal. Experimental results show the high performance of these two proposed PUF structures. Second, in order to fairly compare the quality of different delay based PUFs, we propose a specific characterization method. It is based on statistical measurements on basic delay elements. The main benefit of this method is that it allows the designer to be sure that the PUF will meet the expected performances before its implementation and fabrication. Finally, Based on the unclonability and unpredictability properties of the PUFs, we present new techniques to perform “loop PUF” authentication and cryptographic key generation. Theoretical and experimental results show the efficiency of the introduced techniques in terms of complexity and reliabilityLes fonctions non clonables physiquement, appelées PUF (Physically Unclonable Functions), représentent une technologie innovante qui permet de résoudre certains problèmes de sécurité et d’identification. Comme pour les empreintes humaines, les PUF permettent de différencier des circuits électroniques car chaque exemplaire produit une signature unique. Ces fonctions peuvent être utilisées pour des applications telles que l’authentification et la génération de clés cryptographiques. La propriété principale que l’on cherche à obtenir avec les PUF est la génération d’une réponse unique qui varie de façon aléatoire d’un circuit à un autre, sans la possibilité de la prédire. Une autre propriété de ces PUF est de toujours reproduire, quel que soit la variation de l’environnement de test, la même réponse à un même défi d’entrée. En plus, une fonction PUF doit être sécurisée contre les attaques qui permettraient de révéler sa réponse. Dans cette thèse, nous nous intéressons aux PUF en silicium profitant des variations inhérentes aux technologies de fabrication des circuits intégrés CMOS. Nous présentons les principales architectures de PUF, leurs propriétés, et les techniques mises en œuvre pour les utiliser dans des applications de sécurité. Nous présentons d’abord deux nouvelles structures de PUF. La première structure appelée “Loop PUF” est basée sur des chaînes d’éléments à retard contrôlés. Elle consiste à comparer les délais de chaînes à retard identiques qui sont mises en série. Les points forts de cette structure sont la facilité de sa mise en œuvre sur les deux plates-formes ASIC et FPGA, la grande flexibilité pour l’authentification des circuits intégrés ainsi que la génération de clés de chiffrement. La deuxième structure proposée “TERO PUF” est basée sur le principe de cellules temporairement oscillantes. Elle exploite la métastabilité oscillatoire d’éléments couplés en croix, et peut aussi être utilisée pour un générateur vrai d’aléas (TRNG). Plus précisément, la réponse du PUF profite de la métastabilité oscillatoire introduite par une bascule SR lorsque les deux entrées S et R sont connectées au même signal d’entrée. Les résultats expérimentaux montrent le niveau de performances élevé des deux structures de PUF proposées. Ensuite, afin de comparer équitablement la qualité des différentes PUF à retard, nous proposons une méthode de caractérisation spécifique. Elle est basée sur des mesures statistiques des éléments à retard. Le principal avantage de cette méthode vient de sa capacité à permettre au concepteur d’être sûr que la fonction PUF aura les performances attendues avant sa mise en œuvre et sa fabrication. Enfin, en se basant sur les propriétés de non clonabilité et de l’imprévisibilité des PUF, nous présentons de nouvelles techniques d’authentification et de génération de clés de chiffrement en utilisant la “loop PUF” proposée. Les résultats théoriques et expérimentaux montrent l’efficacité des techniques introduites en termes de complexité et de fiabilit

Unclonability and quantum cryptanalysis: from foundations to applications

The impossibility of creating perfect identical copies of unknown quantum systems is a fundamental concept in quantum theory and one of the main non-classical properties of quantum information. This limitation imposed by quantum mechanics, famously known as the no-cloning theorem, has played a central role in quantum cryptography as a key component in the security of quantum protocols. In this thesis, we look at \emph{Unclonability} in a broader context in physics and computer science and more specifically through the lens of cryptography, learnability and hardware assumptions. We introduce new notions of unclonability in the quantum world, namely \emph{quantum physical unclonability}, and study the relationship with cryptographic properties and assumptions such as unforgeability, randomness and pseudorandomness. The purpose of this study is to bring new insights into the field of quantum cryptanalysis and into the notion of unclonability itself. We also discuss applications of this new type of unclonability as a cryptographic resource for designing provably secure quantum protocols. First, we study the unclonability of quantum processes and unitaries in relation to their learnability and unpredictability. The instinctive idea of unpredictability from a cryptographic perspective is formally captured by the notion of \emph{unforgeability}. Intuitively, unforgeability means that an adversary should not be able to produce the output of an \emp{unknown} function or process from a limited number of input-output samples of it. Even though this notion is almost easily formalized in classical cryptography, translating it to the quantum world against a quantum adversary has been proven challenging. One of our contributions is to define a new unified framework to analyse the unforgeability property for both classical and quantum schemes in the quantum setting. This new framework is designed in such a way that can be readily related to the novel notions of unclonability that we will define in the following chapters. Another question that we try to address here is "What is the fundamental property that leads to unclonability?" In attempting to answer this question, we dig into the relationship between unforgeability and learnability, which motivates us to repurpose some learning tools as a new cryptanalysis toolkit. We introduce a new class of quantum attacks based on the concept of `emulation' and learning algorithms, breaking new ground for more sophisticated and complicated algorithms for quantum cryptanalysis. Second, we formally represent, for the first time, the notion of physical unclonability in the quantum world by introducing \emph{Quantum Physical Unclonable Functions (qPUF)} as the quantum analogue of Physical Unclonable Functions (PUF). PUF is a hardware assumption introduced previously in the literature of hardware security, as physical devices with unique behaviour, due to manufacturing imperfections and natural uncontrollable disturbances that make them essentially hard to reproduce. We deliver the mathematical model for qPUFs, and we formally study their main desired cryptographic property, namely unforgeability, using our previously defined unforgeability framework. In light of these new techniques, we show several possibility and impossibility results regarding the unforgeability of qPUFs. We will also discuss how the quantum version of physical unclonability relates to randomness and unknownness in the quantum world, exploring further the extended notion of unclonability. Third, we dive deeper into the connection between physical unclonability and related hardware assumptions with quantum pseudorandomness. Like unclonability in quantum information, pseudorandomness is also a fundamental concept in cryptography and complexity. We uncover a deep connection between Pseudorandom Unitaries (PRU) and quantum physical unclonable functions by proving that both qPUFs and the PRU can be constructed from each other. We also provide a novel route towards realising quantum pseudorandomness, distinct from computational assumptions. Next, we propose new applications of unclonability in quantum communication, using the notion of physical unclonability as a new resource to achieve provably secure quantum protocols against quantum adversaries. We propose several protocols for mutual entity identification in a client-server or quantum network setting. Authentication and identification are building-block tasks for quantum networks, and our protocols can provide new resource-efficient applications for quantum communications. The proposed protocols use different quantum and hybrid (quantum-classical) PUF constructions and quantum resources, which we compare and attempt in reducing, as much as possible throughout the various works we present. Specifically, our hybrid construction can provide quantum security using limited quantum communication resources that cause our protocols to be implementable and practical in the near term. Finally, we present a new practical cryptanalysis technique concerning the problem of approximate cloning of quantum states. We propose variational quantum cloning (\VQC), a quantum machine learning-based cryptanalysis algorithm which allows an adversary to obtain optimal (approximate) cloning strategies with short depth quantum circuits, trained using the hybrid classical-quantum technique. This approach enables the end-to-end discovery of hardware efficient quantum circuits to clone specific families of quantum states, which has applications in the foundations and cryptography. In particular, we use a cloning-based attack on two quantum coin-flipping protocols and show that our algorithm can improve near term attacks on these protocols, using approximate quantum cloning as a resource. Throughout this work, we demonstrate how the power of quantum learning tools as attacks on one hand, and the power of quantum unclonability as a security resource, on the other hand, fight against each other to break and ensure security in the near term quantum era

Hardware security design from circuits to systems

The security of hardware implementations is of considerable importance, as even the most secure and carefully analyzed algorithms and protocols can be vulnerable in their hardware realization. For instance, numerous successful attacks have been presented against the Advanced Encryption Standard, which is approved for top secret information by the National Security Agency. There are numerous challenges for hardware security, ranging from critical power and resource constraints in sensor networks to scalability and automation for large Internet of Things (IoT) applications. The physically unclonable function (PUF) is a promising building block for hardware security, as it exposes a device-unique challenge-response behavior which depends on process variations in fabrication. It can be used in a variety of applications including random number generation, authentication, fingerprinting, and encryption. The primary concerns for PUF are reliability in presence of environmental variations, area and power overhead, and process-dependent randomness of the challenge-response behavior. Carbon nanotube field-effect transistors (CNFETs) have been shown to have excellent electrical and unique physical characteristics. They are a promising candidate to replace silicon transistors in future very large scale integration (VLSI) designs. We present the Carbon Nanotube PUF (CNPUF), which is the first PUF design that takes advantage of unique CNFET characteristics. CNPUF achieves higher reliability against environmental variations and increases the resistance against modeling attacks. Furthermore, CNPUF has a considerable power and energy reduction in comparison to previous ultra-low power PUF designs of 89.6% and 98%, respectively. Moreover, CNPUF allows a power-security tradeoff in an extended design, which can greatly increase the resilience against modeling attacks. Despite increasing focus on defenses against physical attacks, consistent security oriented design of embedded systems remains a challenge, as most formalizations and security models are concerned with isolated physical components or a high-level concept. Therefore, we build on existing work on hardware security and provide four contributions to system-oriented physical defense: (i) A system-level security model to overcome the chasm between secure components and requirements of high-level protocols; this enables synergy between component-oriented security formalizations and theoretically proven protocols. (ii) An analysis of current practices in PUF protocols using the proposed system-level security model; we identify significant issues and expose assumptions that require costly security techniques. (iii) A System-of-PUF (SoP) that utilizes the large PUF design-space to achieve security requirements with minimal resource utilization; SoP requires 64% less gate-equivalent units than recently published schemes. (iv) A multilevel authentication protocol based on SoP which is validated using our system-level security model and which overcomes current vulnerabilities. Furthermore, this protocol offers breach recognition and recovery. Unpredictability and reliability are core requirements of PUFs: unpredictability implies that an adversary cannot sufficiently predict future responses from previous observations. Reliability is important as it increases the reproducibility of PUF responses and hence allows validation of expected responses. However, advanced machine-learning algorithms have been shown to be a significant threat to the practical validity of PUFs, as they can accurately model PUF behavior. The most effective technique was shown to be the XOR-based combination of multiple PUFs, but as this approach drastically reduces reliability, it does not scale well against software-based machine-learning attacks. We analyze threats to PUF security and propose PolyPUF, a scalable and secure architecture to introduce polymorphic PUF behavior. This architecture significantly increases model-building resistivity while maintaining reliability. An extensive experimental evaluation and comparison demonstrate that the PolyPUF architecture can secure various PUF configurations and is the only evaluated approach to withstand highly complex neural network machine-learning attacks. Furthermore, we show that PolyPUF consumes less energy and has less implementation overhead in comparison to lightweight reference architectures. Emerging technologies such as the Internet of Things (IoT) heavily rely on hardware security for data and privacy protection. The outsourcing of integrated circuit (IC) fabrication introduces diverse threat vectors with different characteristics, such that the security of each device has unique focal points. Hardware Trojan horses (HTH) are a significant threat for IoT devices as they process security critical information with limited resources. HTH for information leakage are particularly difficult to detect as they have minimal footprint. Moreover, constantly increasing integration complexity requires automatic synthesis to maintain the pace of innovation. We introduce the first high-level synthesis (HLS) flow that produces a threat-targeted and security enhanced hardware design to prevent HTH injection by a malicious foundry. Through analysis of entropy loss and criticality decay, the presented algorithms implement highly resource-efficient targeted information dispersion. An obfuscation flow is introduced to camouflage the effects of dispersion and reduce the effectiveness of reverse engineering. A new metric for the combined security of the device is proposed, and dispersion and obfuscation are co-optimized to target user-supplied threat parameters under resource constraints. The flow is evaluated on existing HLS benchmarks and a new IoT-specific benchmark, and shows significant resource savings as well as adaptability. The IoT and cloud computing rely on strong confidence in security of confidential or highly privacy sensitive data. As (differential) power attacks can take advantage of side-channel leakage to expose device-internal secrets, side-channel leakage is a major concern with ongoing research focus. However, countermeasures typically require expert-level security knowledge for efficient application, which limits adaptation in the highly competitive and time-constrained IoT field. We address this need by presenting the first HLS flow with primary focus on side-channel leakage reduction. Minimal security annotation to the high-level C-code is sufficient to perform automatic analysis of security critical operations with corresponding insertion of countermeasures. Additionally, imbalanced branches are detected and corrected. For practicality, the flow can meet both resource and information leakage constraints. The presented flow is extensively evaluated on established HLS benchmarks and a general IoT benchmark. Under identical resource constraints, leakage is reduced between 32% and 72% compared to the baseline. Under leakage target, the constraints are achieved with 31% to 81% less resource overhead

Low Power Memory/Memristor Devices and Systems

This reprint focusses on achieving low-power computation using memristive devices. The topic was designed as a convenient reference point: it contains a mix of techniques starting from the fundamental manufacturing of memristive devices all the way to applications such as physically unclonable functions, and also covers perspectives on, e.g., in-memory computing, which is inextricably linked with emerging memory devices such as memristors. Finally, the reprint contains a few articles representing how other communities (from typical CMOS design to photonics) are fighting on their own fronts in the quest towards low-power computation, as a comparison with the memristor literature. We hope that readers will enjoy discovering the articles within

Hardware-Based Authentication for the Internet of Things

Entity authentication is one of the most fundamental problems in computer security. Implementation of any authentication protocol requires the solution of several sub-problems, such as the problems regarding secret sharing, key generation, key storage and key verification. With the advent of the Internet-of-Things(IoT), authentication becomes a pivotal concern in the security of IoT systems. Interconnected components of IoT devices normally contains sensors, actuators, relays, and processing and control equipment that are designed with the limited budget on power, cost and area. As a result, incorporating security protocols in such resource constrained IoT components can be rather challenging. To address this issue, in this dissertation, we design and develop hardware oriented lightweight protocols for the authentication of users, devices and data. These protocols utilize physical properties of memory components, computing units, and hardware clocks on the IoT device. Recent works on device authentication using physically uncloneable functions can render the problem of entity authentication and verification based on the hardware properties tractable. Our studies reveal that non-linear characteristics of resistive memories can be useful in solving several problems regarding authentication. Therefore, in this dissertation, first we explore the ideas of secret sharing using threshold circuits and non-volatile memory components. Inspired by the concepts of visual cryptography, we identify the promises of resistive memory based circuits in lightweight secret sharing and multi-user authentication. Furthermore, the additive and monotonic properties of non-volatile memory components can be useful in addressing the challenges of key storage. Overall, in the first part of this dissertation, we present our research on design of low-cost, non-crypto based user authentication schemes using physical properties of a resistive memory based system. In the second part of the dissertation, we demonstrate that in computational units, the emerging voltage over-scaling (VOS)-based computing leaves a process variation dependent error signature in the approximate results. Current research works in VOS focus on reducing these errors to provide acceptable results from the computation point of view. Interestingly, with extreme VOS, these errors can also reveal significant information about the underlying physical system and random variations therein. As a result, these errors can be methodically profiled to extract information about the process variation in a computational unit. Therefore, in this dissertation, we also employ error profiling techniques along with the basic key-based authentication schemes to create lightweight device authentication protocols. Finally, intrinsic properties of hardware clocks can provide novel ways of device fingerprinting and authentication. The clock signatures can be used for real-time authentication of electromagnetic signals where some temporal properties of the signal are known. In the last part of this dissertation, we elaborate our studies on data authentication using hardware clocks. As an example, we propose a GPS signature authentication and spoofing detection technique using physical properties such as the frequency skew and drift of hardware clocks in GPS receivers