277 research outputs found
A formal definition and a new security mechanism of physical unclonable functions
The characteristic novelty of what is generally meant by a "physical
unclonable function" (PUF) is precisely defined, in order to supply a firm
basis for security evaluations and the proposal of new security mechanisms. A
PUF is defined as a hardware device which implements a physical function with
an output value that changes with its argument. A PUF can be clonable, but a
secure PUF must be unclonable. This proposed meaning of a PUF is cleanly
delineated from the closely related concepts of "conventional unclonable
function", "physically obfuscated key", "random-number generator", "controlled
PUF" and "strong PUF". The structure of a systematic security evaluation of a
PUF enabled by the proposed formal definition is outlined. Practically all
current and novel physical (but not conventional) unclonable physical functions
are PUFs by our definition. Thereby the proposed definition captures the
existing intuition about what is a PUF and remains flexible enough to encompass
further research. In a second part we quantitatively characterize two classes
of PUF security mechanisms, the standard one, based on a minimum secret
read-out time, and a novel one, based on challenge-dependent erasure of stored
information. The new mechanism is shown to allow in principle the construction
of a "quantum-PUF", that is absolutely secure while not requiring the storage
of an exponentially large secret. The construction of a PUF that is
mathematically and physically unclonable in principle does not contradict the
laws of physics.Comment: 13 pages, 1 figure, Conference Proceedings MMB & DFT 2012,
Kaiserslautern, German
A new Definition and Classification of Physical Unclonable Functions
A new definition of "Physical Unclonable Functions" (PUFs), the first one
that fully captures its intuitive idea among experts, is presented. A PUF is an
information-storage system with a security mechanism that is
1. meant to impede the duplication of a precisely described
storage-functionality in another, separate system and
2. remains effective against an attacker with temporary access to the whole
original system.
A novel classification scheme of the security objectives and mechanisms of
PUFs is proposed and its usefulness to aid future research and security
evaluation is demonstrated. One class of PUF security mechanisms that prevents
an attacker to apply all addresses at which secrets are stored in the
information-storage system, is shown to be closely analogous to cryptographic
encryption. Its development marks the dawn of a new fundamental primitive of
hardware-security engineering: cryptostorage. These results firmly establish
PUFs as a fundamental concept of hardware security.Comment: 6 pages, 3 figures; Proceedings "CS2 '15 Proceedings of the Second
Workshop on Cryptography and Security in Computing Systems", Amsterdam, 2015,
ACM Digital Librar
Secret-free security: a survey and tutorial
Classical keys, i.e., secret keys stored permanently in digital form in nonvolatile memory, appear indispensable in modern computer security-but also constitute an obvious attack target in any hardware containing them. This contradiction has led to perpetual battle between key extractors and key protectors over the decades. It is long known that physical unclonable functions (PUFs) can at least partially overcome this issue, since they enable secure hardware without the above classical keys. Unfortunately, recent research revealed that many standard PUFs still contain other types of secrets deeper in their physical structure, whose disclosure to adversaries breaks security as well: Examples include the manufacturing variations in SRAM PUFs, the power-up states of SRAM PUFs, or the signal delays in Arbiter PUFs. Most of these secrets have already been extracted in viable attacks in the past, breaking PUF-security in practice. A second generation of physical security primitives now shows potential to resolve this remaining problem, however. In certain applications, so-called Complex PUFs, SIMPLs/PPUFs, and UNOs are able to realize not just hardware that is free of classical keys in the above sense, but completely secret-free instead. In the resulting hardware systems, adversaries could hypothetically be allowed to inspect every bit and every atom, and learn any information present in any form in the system, without being able to break security. Secret-free hardware would hence promise to be innately and permanently immune against any physical or malware-based key-extraction: There simply is no security-critical information to extract anymore. Our survey and tutorial paper takes the described situation as starting point, and categorizes, formalizes, and overviews the recently evolving area of secret-free security. We propose the attempt of making hardware completely secret-free as promising endeavor in future hardware designs, at least in those application scenarios where this is logically possible. In others, we suggest that secret-free techniques could be combined with standard PUFs and classical methods to construct hybrid systems with notably reduced attack surfaces
Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack
In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up
Quantum Lock: A Provable Quantum Communication Advantage
Physical unclonable functions(PUFs) provide a unique fingerprint to a
physical entity by exploiting the inherent physical randomness. Gao et al.
discussed the vulnerability of most current-day PUFs to sophisticated machine
learning-based attacks. We address this problem by integrating classical PUFs
and existing quantum communication technology. Specifically, this paper
proposes a generic design of provably secure PUFs, called hybrid locked
PUFs(HLPUFs), providing a practical solution for securing classical PUFs. An
HLPUF uses a classical PUF(CPUF), and encodes the output into non-orthogonal
quantum states to hide the outcomes of the underlying CPUF from any adversary.
Here we introduce a quantum lock to protect the HLPUFs from any general
adversaries. The indistinguishability property of the non-orthogonal quantum
states, together with the quantum lockdown technique prevents the adversary
from accessing the outcome of the CPUFs. Moreover, we show that by exploiting
non-classical properties of quantum states, the HLPUF allows the server to
reuse the challenge-response pairs for further client authentication. This
result provides an efficient solution for running PUF-based client
authentication for an extended period while maintaining a small-sized
challenge-response pairs database on the server side. Later, we support our
theoretical contributions by instantiating the HLPUFs design using accessible
real-world CPUFs. We use the optimal classical machine-learning attacks to
forge both the CPUFs and HLPUFs, and we certify the security gap in our
numerical simulation for construction which is ready for implementation.Comment: Replacement of paper "Hybrid PUF: A Novel Way to Enhance the Security
of Classical PUFs" (arXiv:2110.09469
- …