Barrel Shifter Physical Unclonable Function Based Encryption

Physical Unclonable Functions (PUFs) are circuits designed to extract physical randomness from the underlying circuit. This randomness depends on the manufacturing process. It differs for each device enabling chip-level authentication and key generation applications. We present a protocol utilizing a PUF for secure data transmission. Parties each have a PUF used for encryption and decryption; this is facilitated by constraining the PUF to be commutative. This framework is evaluated with a primitive permutation network - a barrel shifter. Physical randomness is derived from the delay of different shift paths. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates; their characteristics ensure same-chip reproducibility, a necessary property of PUFs. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13 {\mu}m technology assess uniqueness, stability and randomness properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environment variation is shown. Logistic regression of 100,000 plaintext-ciphertext pairs (PCPs) failed to successfully model BS- PUF behavior

Cryptographic application of physical unclonable functions (PUFs)

Physical Unclonable Functions (PUFs) are circuits designed to extract physical randomness from the underlying circuit. This randomness depends on the manufacturing process. It differs for each device enabling chip-level authentication and key generation applications. This thesis has performed research work about PUF based encryption and low power PUFs. First, we present a protocol utilizing a PUF for secure data transmission. Each party has a PUFused for encryption and decryption; this is facilitated by constraining the PUF to be commutative. This framework is evaluated with a primitive permutation network - a barrel shifter. Physical randomness is derived from the delay of different shift paths. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates; their characteristics ensure same-chip physical commutativity, a necessary property of PUFs designed for encryption. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13μm technology assess uniqueness, stability and randomness properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environment variation is shown. Logistic regression of 100,000 plaintext-ciphertext pairs (PCPs) failed to successfully modelBS-PUF behavior. Then we generalize this encryption protocol to work with PUFs other than theBSPUFs. On the other hand, we further explore some low power techniques for building PUFs. Asymmetric layout improved unit path delay variation by as much as 73.2% and uniqueness problem introduced by asymmetric layout is proved to be solvable through Multi-Block entanglement pat-tern. By adopting these 2 techniques, power and area consumption of PUF can be reduced by as much as 44.29% and 39.7%

Development of a lightweight centralized authentication mechanism for the internet of things driven by fog

The rapid development of technology has made the Internet of Things an integral element of modern society. Modern Internet of Things’ implementations often use Fog computing, an offshoot of the Cloud computing that offers localized processing power at the network’s periphery. The Internet of Things serves as the inspiration for the decentralized solution known as Fog computing. Features such as distributed computing, low latency, location awareness, on-premise installation, and support for heterogeneous hardware are all facilitated by Fog computing. End-to-end security in the Internet of Things is challenging due to the wide variety of use cases and the disparate resource availability of participating entities. Due to their limited resources, it is out of the question to use complex cryptographic algorithms for this class of devices. All Internet of Things devices, even those connected to servers online, have constrained resources such as power and processing speed, so they would rather not deal with strict security measures. This paper initially examines distributed Fog computing and creates a new authentication framework to support the Internet of Things environment. The following authentication architecture is recommended for various Internet of Things applications, such as healthcare systems, transportation systems, smart buildings, smart energy, etc. The total effectiveness of the method is measured by considering factors such as the cost of communication and the storage overhead incurred by the offered integrated authentication protocol. It has been proven that the proposed technique will reduce communication costs by at least 11%

Nano-intrinsic security primitives for internet of everything

With the advent of Internet-enabled electronic devices and mobile computer systems, maintaining data security is one of the most important challenges in modern civilization. The innovation of physically unclonable functions (PUFs) shows great potential for enabling low-cost low-power authentication, anti-counterfeiting and beyond on the semiconductor chips. This is because secrets in a PUF are hidden in the randomness of the physical properties of desirably identical devices, making it extremely difficult, if not impossible, to extract them. Hence, the basic idea of PUF is to take advantage of inevitable non-idealities in the physical domain to create a system that can provide an innovative way to secure device identities, sensitive information, and their communications. While the physical variation exists everywhere, various materials, systems, and technologies have been considered as the source of unpredictable physical device variation in large scales for generating security primitives. The purpose of this project is to develop emerging solid-state memory-based security primitives and examine their robustness as well as feasibility. Firstly, the author gives an extensive overview of PUFs. The rationality, classification, and application of PUF are discussed. To objectively compare the quality of PUFs, the author formulates important PUF properties and evaluation metrics. By reviewing previously proposed constructions ranging from conventional standard complementary metal-oxide-semiconductor (CMOS) components to emerging non-volatile memories, the quality of different PUFs classes are discussed and summarized. Through a comparative analysis, emerging non-volatile redox-based resistor memories (ReRAMs) have shown the potential as promising candidates for the next generation of low-cost, low-power, compact in size, and secure PUF. Next, the author presents novel approaches to build a PUF by utilizing concatenated two layers of ReRAM crossbar arrays. Upon concatenate two layers, the nonlinear structure is introduced, and this results in the improved uniformity and the avalanche characteristic of the proposed PUF. A group of cell readout method is employed, and it supports a massive pool of challenge-response pairs of the nonlinear ReRAM-based PUF. The non-linear PUF construction is experimentally assessed using the evaluation metrics, and the quality of randomness is verified using predictive analysis. Last but not least, random telegraph noise (RTN) is studied as a source of entropy for a true random number generation (TRNG). RTN is usually considered a disadvantageous feature in the conventional CMOS designs. However, in combination with appropriate readout scheme, RTN in ReRAM can be used as a novel technique to generate quality random numbers. The proposed differential readout-based design can maintain the quality of output by reducing the effect of the undesired noise from the whole system, while the controlling difficulty of the conventional readout method can be significantly reduced. This is advantageous as the differential readout circuit can embrace the resistance variation features of ReRAMs without extensive pre-calibration. The study in this thesis has the potential to enable the development of cost-efficient and lightweight security primitives that can be integrated into modern computer mobile systems and devices for providing a high level of security

Design, implementation, and analysis of efficient tools based on PUFs for hardware security applications

A Physical Unclonable Function (PUF) is a physical system that leverages manufacturing process variations to generate unclonable and inherent instance-specific measurements of physical objects. PUF is equivalent to human biometrics in many ways where each human has a unique fingerprint. PUF can securely generate unique and unclonable signatures that allow PUF to bootstrap the implementation of various physical security issues. In this thesis, we discuss PUFs, extend it to a novel SW-PUF, and explore some techniques to utilize it in security applications. We first present the SW-PUF - basic building block of this thesis, a novel PUF design that measures processor chip ALU silicon biometrics in a manner similar to all PUFs. Additionally, it composes the silicon measurement with the data-dependent delay of a particular program instruction in a way that is difficult to decompose through a mathematical model. We then implement the proposed PUF to solve various security issues for applications such as Software Protection and Trusted Computing. We prove that the SW-PUF can provide a more robust root of trust for measurement than the existing trusted platform module (TPM). Second, we present the Reversible SW-PUF , a novel PUF design based on the SW-PUF that is capable of computing partial inputs given its outputs. Given the random output signature of specific instruction in a specific basic block of the program, only the computing platform that originally computed the instruction can accurately regenerate the inputs of the instruction correctly within a certain number of bits. We then implement the Reversible SW-PUF to provide a verifiable computation method. Our scheme links the outsourced software with the cloud-node hardware to provide proof of the computational integrity and the resultant correctness of the results with high probability. Finally, we employ the SW-PUF and the Reversible SW-PUF to provide a trust attribute for data on the Internet of Thing (IoT) systems by combining data provenance and privacy-preserving methods. In our scheme, an IoT server can ensure that the received data comes from the IoT device that owns it. In addition, the server can verify the integrity of the data by validating the provenance metadata for data creation and modification

Security Aspects of Printed Electronics Applications

Gedruckte Elektronik (Printed Electronics (PE)) ist eine neu aufkommende Technologie welche komplementär zu konventioneller Elektronik eingesetzt wird. Dessen einzigartigen Merkmale führten zu einen starken Anstieg von Marktanteilen, welche 2010 \$6 Milliarden betrugen, \$41 Milliarden in 2019 und in 2027 geschätzt \$153 Milliarden. Gedruckte Elektronik kombiniert additive Technologien mit funktionalen Tinten um elektronische Komponenten aus verschiedenen Materialien direkt am Verwendungsort, kosteneffizient und umweltfreundlich herzustellen. Die dabei verwendeten Substrate können flexibel, leicht, transparent, großflächig oder implantierbar sein. Dadurch können mit gedruckter Elektronik (noch) visionäre Anwendungen wie Smart-Packaging, elektronische Einmalprodukte, Smart Labels oder digitale Haut realisiert werden. Um den Fortschritt von gedruckten Elektronik-Technologien voranzutreiben, basierten die meisten Optimierungen hauptsächlich auf der Erhöhung von Produktionsausbeute, Reliabilität und Performance. Jedoch wurde auch die Bedeutung von Sicherheitsaspekten von Hardware-Plattformen in den letzten Jahren immer mehr in den Vordergrund gerückt. Da realisierte Anwendungen in gedruckter Elektronik vitale Funktionalitäten bereitstellen können, die sensible Nutzerdaten beinhalten, wie zum Beispiel in implantierten Geräten und intelligenten Pflastern zur Gesundheitsüberwachung, führen Sicherheitsmängel und fehlendes Produktvertrauen in der Herstellungskette zu teils ernsten und schwerwiegenden Problemen. Des Weiteren, wegen den charakteristischen Merkmalen von gedruckter Elektronik, wie zum Beispiel additive Herstellungsverfahren, hohe Strukturgröße, wenige Schichten und begrenzten Produktionsschritten, ist gedruckte Hardware schon per se anfällig für hardware-basierte Attacken wie Reverse-Engineering, Produktfälschung und Hardware-Trojanern. Darüber hinaus ist die Adoption von Gegenmaßnahmen aus konventionellen Technologien unpassend und ineffizient, da solche zu extremen Mehraufwänden in der kostengünstigen Fertigung von gedruckter Elektronik führen würden. Aus diesem Grund liefert diese Arbeit eine Technologie-spezifische Bewertung von Bedrohungen auf der Hardware-Ebene und dessen Gegenmaßnahmen in der Form von Ressourcen-beschränkten Hardware-Primitiven, um die Produktionskette und Funktionalitäten von gedruckter Elektronik-Anwendungen zu schützen. Der erste Beitrag dieser Dissertation ist ein vorgeschlagener Ansatz um gedruckte Physical Unclonable Functions (pPUF) zu entwerfen, welche Sicherheitsschlüssel bereitstellen um mehrere sicherheitsrelevante Gegenmaßnahmen wie Authentifizierung und Fingerabdrücke zu ermöglichen. Zusätzlich optimieren wir die multi-bit pPUF-Designs um den Flächenbedarf eines 16-bit-Schlüssels-Generators um 31\% zu verringern. Außerdem entwickeln wir ein Analyse-Framework basierend auf Monte Carlo-Simulationen für pPUFs, mit welchem wir Simulationen und Herstellungs-basierte Analysen durchführen können. Unsere Ergebnisse haben gezeigt, dass die pPUFs die notwendigen Eigenschaften besitzen um erfolgreich als Sicherheitsanwendung eingesetzt zu werden, wie Einzigartigkeit der Signatur und ausreichende Robustheit. Der Betrieb der gedruckten pPUFs war möglich bis zu sehr geringen Betriebsspannungen von nur 0.5 V. Im zweiten Beitrag dieser Arbeit stellen wir einen kompakten Entwurf eines gedruckten physikalischen Zufallsgenerator vor (True Random Number Generator (pTRNG)), welcher unvorhersehbare Schlüssel für kryptographische Funktionen und zufälligen "Authentication Challenges" generieren kann. Der pTRNG Entwurf verbessert Prozess-Variationen unter Verwendung von einer Anpassungsmethode von gedruckten Widerständen, ermöglicht durch die individuelle Konfigurierbarkeit von gedruckten Schaltungen, um die generierten Bits nur von Zufallsrauschen abhängig zu machen, und damit ein echtes Zufallsverhalten zu erhalten. Die Simulationsergebnisse legen nahe, dass die gesamten Prozessvariationen des TRNGs um das 110-fache verbessert werden, und der zufallsgenerierte Bitstream der TRNGs die "National Institute of Standards and Technology Statistical Test Suit"-Tests bestanden hat. Auch hier können wir nachweisen, dass die Betriebsspannungen der TRNGs von mehreren Volt zu nur 0.5 V lagen, wie unsere Charakterisierungsergebnisse der hergestellten TRNGs aufgezeigt haben. Der dritte Beitrag dieser Dissertation ist die Beschreibung der einzigartigen Merkmale von Schaltungsentwurf und Herstellung von gedruckter Elektronik, welche sehr verschieden zu konventionellen Technologien ist, und dadurch eine neuartige Reverse-Engineering (RE)-Methode notwendig macht. Hierfür stellen wir eine robuste RE-Methode vor, welche auf Supervised-Learning-Algorithmen für gedruckte Schaltungen basiert, um die Vulnerabilität gegenüber RE-Attacken zu demonstrieren. Die RE-Ergebnisse zeigen, dass die vorgestellte RE-Methode auf zahlreiche gedruckte Schaltungen ohne viel Komplexität oder teure Werkzeuge angewandt werden kann. Der letzte Beitrag dieser Arbeit ist ein vorgeschlagenes Konzept für eine "one-time programmable" gedruckte Look-up Table (pLUT), welche beliebige digitale Funktionen realisieren kann und Gegenmaßnahmen unterstützt wie Camouflaging, Split-Manufacturing und Watermarking um Attacken auf der Hardware-Ebene zu verhindern. Ein Vergleich des vorgeschlagenen pLUT-Konzepts mit existierenden Lösungen hat gezeigt, dass die pLUT weniger Flächen-bedarf, geringere worst-case Verzögerungszeiten und Leistungsverbrauch hat. Um die Konfigurierbarkeit der vorgestellten pLUT zu verifizieren, wurde es simuliert, hergestellt und programmiert mittels Tintenstrahl-gedruckter elektrisch leitfähiger Tinte um erfolgreich Logik-Gatter wie XNOR, XOR und AND zu realisieren. Die Simulation und Charakterisierungsergebnisse haben die erfolgreiche Funktionalität der pLUT bei Betriebsspannungen von nur 1 V belegt

Physical Unclonability Framework for the Internet of Things

Ph. D. ThesisThe rise of the Internet of Things (IoT) creates a tendency to construct unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading secrets among several parties also expands the attack surface. This conflict is in part due to the difficulty in differentiating between instances of the same hardware, which leads to treating physically distinct devices as identical. Harnessing the uniqueness of each connected device and injecting it into security protocols can provide solutions to several common issues of the IoT. Secrets can be generated directly from this uniqueness without the need to manually embed them into devices, reducing both the risk of exposure and the cost of managing great numbers of devices. Uniqueness can then lead to the primitive of unclonability. Unclonability refers to ensuring the difficulty of producing an exact duplicate of an entity via observing and measuring the entity’s features and behaviour. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs). PUFs are constructions that extract the inherent unclonable features of objects and compound them into a usable form, often that of binary data. PUFs are also exceptionally useful in IoT applications since they are low-cost, easy to integrate into existing designs, and have the potential to replace expensive cryptographic operations. Thus, a great number of solutions have been developed to integrate PUFs in various security scenarios. However, methods to expand unclonability into a complete security framework have not been thoroughly studied. In this work, the foundations are set for the development of such a framework through the formulation of an unclonability stack, in the paradigm of the OSI reference model. The stack comprises layers propagating the primitive from the unclonable PUF ICs, to devices, network links and eventually unclonable systems. Those layers are introduced, and work towards the design of protocols and methods for several of the layers is presented. A collection of protocols based on one or more unclonable tokens or authority devices is proposed, to enable the secure introduction of network nodes into groups or neighbourhoods. The role of the authority devices is that of a consolidated, observable root of ownership, whose physical state can be verified. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships, without the need of continued interaction with the authority device. Building on this introduction scheme, methods for establishing and maintaining unclonable links between pairs of nodes are introduced. These pairwise links are essential for the construction of relationships among multiple network nodes, in a variety of topologies. Those topologies and the resulting relationships are formulated and discussed. While the framework does not depend on specific PUF hardware, SRAM PUFs are chosen as a case study since they are commonly used and based on components that are already present in the majority of IoT devices. In the context of SRAM PUFs and with a view to the proposed framework, practical issues affecting the adoption of PUFs in security protocols are discussed. Methods of improving the capabilities of SRAM PUFs are also proposed, based on experimental data.School of Engineering Newcastle Universit

RISC-Vコンピュータシステムに基づくシリコンレベルの信頼ルートを有する信頼できる実行環境

電気通信大学202

A Salad of Block Ciphers

This book is a survey on the state of the art in block cipher design and analysis. It is work in progress, and it has been for the good part of the last three years -- sadly, for various reasons no significant change has been made during the last twelve months. However, it is also in a self-contained, useable, and relatively polished state, and for this reason I have decided to release this \textit{snapshot} onto the public as a service to the cryptographic community, both in order to obtain feedback, and also as a means to give something back to the community from which I have learned much. At some point I will produce a final version -- whatever being a ``final version\u27\u27 means in the constantly evolving field of block cipher design -- and I will publish it. In the meantime I hope the material contained here will be useful to other people

Barrel Shifter Physical Unclonable Function Based Encryption

Physical Unclonable Functions (PUFs) are designed to extract physical randomness from the underlying silicon. This randomness depends on the manufacturing process. It differs for each device. This enables chip-level authentication and key generation applications. We present an encryption protocol using PUFs as primary encryption/decryption functions. Each party has a PUF used for encryption and decryption. This PUF is constrained to be invertible and commutative. The focus of the paper is an evaluation of an invertible and commutative PUF based on a primitive shifting permutation network—a barrel shifter. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates for physical commutativity. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13 μ m technology assess uniqueness, stability, randomness and commutativity properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environmental variation is shown. Logistic regression of 100,000 plaintext–ciphertext pairs (PCPs) fails to successfully model BS-PUF behavior