164 research outputs found
SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices
The simplicity of deployment and perpetual operation of energy harvesting
devices provides a compelling proposition for a new class of edge devices for
the Internet of Things. In particular, Computational Radio Frequency
Identification (CRFID) devices are an emerging class of battery-free,
computational, sensing enhanced devices that harvest all of their energy for
operation. Despite wireless connectivity and powering, secure wireless firmware
updates remains an open challenge for CRFID devices due to: intermittent
powering, limited computational capabilities, and the absence of a supervisory
operating system. We present, for the first time, a secure wireless code
dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic
hardware security primitive Static Random Access Memory Physical Unclonable
Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i)
overcomes the resource-constrained and intermittently powered nature of the
CRFID devices; ii) is fully compatible with existing communication protocols
employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is
built upon a standard and industry compliant firmware compilation and update
method realized by extending a recent framework for firmware updates provided
by Texas Instruments. We build an end-to-end SecuCode implementation and
conduct extensive experiments to demonstrate standards compliance, evaluate
performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin
Securing IEEE P1687 On-chip Instrumentation Access Using PUF
As the complexity of VLSI designs grows, the amount of embedded instrumentation in system-on-a-chip designs increases at an exponential rate. Such structures serve various purposes throughout the life-cycle of VLSI circuits, e.g. in post-silicon validation and debug, production test and diagnosis, as well as during in-field test and maintenance. Reliable access mechanisms for embedded instruments are therefore key to rapid chip development and secure system maintenance. Reconfigurable scan networks defined by IEEE Std. P1687 emerge as a scalable and cost-effective access medium for on-chip instrumentation. The accessibility offered by reconfigurable scan networks contradicts security and safety requirements for embedded instrumentation. Embedded instrumentation is an integral system component that remains functional throughout the lifetime of a chip. To prevent harmful activities, such as tampering with safety-critical systems, and reduce the risk of intellectual property infringement, the access to embedded instrumentation requires protection. This thesis provides a novel, Physical Unclonable Function (PUF) based secure access method for on-chip instruments which enhances the security of IJTAG network at low hardware cost and with less routing congestion
Segurança de computadores por meio de autenticação intrínseca de hardware
Orientadores: Guido Costa Souza de Araújo, Mario Lúcio Côrtes e Diego de Freitas AranhaTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Neste trabalho apresentamos Computer Security by Hardware-Intrinsic Authentication (CSHIA), uma arquitetura de computadores segura para sistemas embarcados que tem como objetivo prover autenticidade e integridade para código e dados. Este trabalho está divido em três fases: Projeto da Arquitetura, sua Implementação, e sua Avaliação de Segurança. Durante a fase de projeto, determinamos como integridade e autenticidade seriam garantidas através do uso de Funções Fisicamente Não Clonáveis (PUFs) e propusemos um algoritmo de extração de chaves criptográficas de memórias cache de processadores. Durante a implementação, flexibilizamos o projeto da arquitetura para fornecer diferentes possibilidades de configurações sem comprometimento da segurança. Então, avaliamos seu desempenho levando em consideração o incremento em área de chip, aumento de consumo de energia e memória adicional para diferentes configurações. Por fim, analisamos a segurança de PUFs e desenvolvemos um novo ataque de canal lateral que circunvê a propriedade de unicidade de PUFs por meio de seus elementos de construçãoAbstract: This work presents Computer Security by Hardware-Intrinsic Authentication (CSHIA), a secure computer architecture for embedded systems that aims at providing authenticity and integrity for code and data. The work encompassed three phases: Design, Implementation, and Security Evaluation. In design, we laid out the basic ideas behind CSHIA, namely, how integrity and authenticity are employed through the use of Physical Unclonable Functions (PUFs), and we proposed an algorithm to extract cryptographic keys from the intrinsic memories of processors. In implementation, we made CSHIA¿s design more flexible, allowing different configurations without compromising security. Then, we evaluated CSHIA¿s performance and overheads, such as area, energy, and memory, for multiple configurations. Finally, we evaluated security of PUFs, which led us to develop a new side-channel-based attack that enabled us to circumvent PUFs¿ uniqueness property through their architectural elementsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação2015/06829-2; 2016/25532-3147614/2014-7FAPESPCNP
A PUF-based cryptographic security solution for IoT systems on chip
The integration of multicore processors and peripherals from multiple intellectual property core providers as hardware components of IoT multiprocessor systems-on-chip (SoC) represents a source of security vulnerabilities for the in-chip communication. This paper describes the concept and the practical results of a SoC security implementation that is illustrative for IoT applications. The mechanism employed in this approach uses physically unclonable functions (PUF) and symmetric cryptography in order to encrypt the transferred messages within the SoC between the microprocessor and its peripherals. The mechanism is experimentally validated at FPGA level, the paper describing also an implementation scenario for an IoT ARM based device
ERIC: An Efficient and Practical Software Obfuscation Framework
Modern cloud computing systems distribute software executables over a network
to keep the software sources, which are typically compiled in a
security-critical cluster, secret. We develop ERIC, a new, efficient, and
general software obfuscation framework. ERIC protects software against (i)
static analysis, by making only an encrypted version of software executables
available to the human eye, no matter how the software is distributed, and (ii)
dynamic analysis, by guaranteeing that an encrypted executable can only be
correctly decrypted and executed by a single authenticated device. ERIC
comprises key hardware and software components to provide efficient software
obfuscation support: (i) a hardware decryption engine (HDE) enables efficient
decryption of encrypted hardware in the target device, (ii) the compiler can
seamlessly encrypt software executables given only a unique device identifier.
Both the hardware and software components are ISA-independent, making ERIC
general. The key idea of ERIC is to use physical unclonable functions (PUFs),
unique device identifiers, as secret keys in encrypting software executables.
Malicious parties that cannot access the PUF in the target device cannot
perform static or dynamic analyses on the encrypted binary. We develop ERIC's
prototype on an FPGA to evaluate it end-to-end. Our prototype extends RISC-V
Rocket Chip with the hardware decryption engine (HDE) to minimize the overheads
of software decryption. We augment the custom LLVM-based compiler to enable
partial/full encryption of RISC-V executables. The HDE incurs minor FPGA
resource overheads, it requires 2.63% more LUTs and 3.83% more flip-flops
compared to the Rocket Chip baseline. LLVM-based software encryption increases
compile time by 15.22% and the executable size by 1.59%. ERIC is publicly
available and can be downloaded from https://github.com/kasirgalabs/ERICComment: DSN 2022 - The 52nd Annual IEEE/IFIP International Conference on
Dependable Systems and Network
Barrel Shifter Physical Unclonable Function Based Encryption
Physical Unclonable Functions (PUFs) are circuits designed to extract
physical randomness from the underlying circuit. This randomness depends on the
manufacturing process. It differs for each device enabling chip-level
authentication and key generation applications. We present a protocol utilizing
a PUF for secure data transmission. Parties each have a PUF used for encryption
and decryption; this is facilitated by constraining the PUF to be commutative.
This framework is evaluated with a primitive permutation network - a barrel
shifter. Physical randomness is derived from the delay of different shift
paths. Barrel shifter (BS) PUF captures the delay of different shift paths.
This delay is entangled with message bits before they are sent across an
insecure channel. BS-PUF is implemented using transmission gates; their
characteristics ensure same-chip reproducibility, a necessary property of PUFs.
Post-layout simulations of a common centroid layout 8-level barrel shifter in
0.13 {\mu}m technology assess uniqueness, stability and randomness properties.
BS-PUFs pass all selected NIST statistical randomness tests. Stability similar
to Ring Oscillator (RO) PUFs under environment variation is shown. Logistic
regression of 100,000 plaintext-ciphertext pairs (PCPs) failed to successfully
model BS- PUF behavior
Investigating SRAM PUFs in large CPUs and GPUs
Physically unclonable functions (PUFs) provide data that can be used for
cryptographic purposes: on the one hand randomness for the initialization of
random-number generators; on the other hand individual fingerprints for unique
identification of specific hardware components. However, today's off-the-shelf
personal computers advertise randomness and individual fingerprints only in the
form of additional or dedicated hardware.
This paper introduces a new set of tools to investigate whether intrinsic
PUFs can be found in PC components that are not advertised as containing PUFs.
In particular, this paper investigates AMD64 CPU registers as potential PUF
sources in the operating-system kernel, the bootloader, and the system BIOS;
investigates the CPU cache in the early boot stages; and investigates shared
memory on Nvidia GPUs. This investigation found non-random non-fingerprinting
behavior in several components but revealed usable PUFs in Nvidia GPUs.Comment: 25 pages, 6 figures. Code in appendi
Public-Key Based Authentication Architecture for IoT Devices Using PUF
Nowadays, Internet of Things (IoT) is a trending topic in the computing
world. Notably, IoT devices have strict design requirements and are often
referred to as constrained devices. Therefore, security techniques and
primitives that are lightweight are more suitable for such devices, e.g.,
Static Random-Access Memory (SRAM) Physical Unclonable Functions (PUFs) and
Elliptic Curve Cryptography (ECC). SRAM PUF is an intrinsic security primitive
that is seeing widespread adoption in the IoT segment. ECC is a public-key
algorithm technique that has been gaining popularity among constrained IoT
devices. The popularity is due to using significantly smaller operands when
compared to other public-key techniques such as RSA (Rivest Shamir Adleman).
This paper shows the design, development, and evaluation of an
application-specific secure communication architecture based on SRAM PUF
technology and ECC for constrained IoT devices. More specifically, it
introduces an Elliptic Curve Diffie-Hellman (ECDH) public-key based
cryptographic protocol that utilizes PUF-derived keys as the root-of-trust for
silicon authentication. Also, it proposes a design of a modular hardware
architecture that supports the protocol. Finally, to analyze the practicality
as well as the feasibility of the proposed protocol, we demonstrate the
solution by prototyping and verifying a protocol variant on the commercial
Xilinx Zynq-7000 APSoC device
A Novel PUF-Based Encryption Protocol for Embedded System On Chip
This paper presents a novel security mechanism for sensitive data stored, acquired or processed by a complex electronic circuit implemented as System-on-Chip (SoC) on an FPGA reconfigurable device. Such circuits are increasingly used in embedded or cyber systems employed in civil and military applications. Managing security in the overarching SoC presents a challenge as part of the process of securing such systems. The proposed new method is based on encrypted and authenticated communications between the microprocessor cores, FPGA fabric and peripherals inside the SoC. The encryption resides in a key generated with Physically Unclonable Function (PUF) circuits and a pseudorandom generator. The conceptual design of the security circuit was validated through hardware implementation, testing and analysis of results
- …