Using physical unclonable functions for internet-of-thing security cameras

This paper proposes a low-cost solution to develop IoT security cameras. Integrity and confidentiality of the image data are achieved by cryptographic modules that implement symmetric key-based techniques which are usually available in the hardware of the IoT cameras. The novelty of this proposal is that the secret key required is not stored but reconstructed from the start-up values of a SRAM in the camera hardware acting as a PUF (Physical Unclonable Function), so that the physical authenticity of the camera is also ensured. The start-up values of the SRAM are also exploited to change the IV (Initialization Vector) in the encryption algorithm. All the steps for enrollment and normal operation can be included in a simple firmware to be executed by the camera. There is no need to include specific hardware but only a SRAM is needed which could be powered down and up by firmware.Ministerio de Economía y Competitividad del Gobierno de España y fondos europeos FEDER-TEC2014-57971-RConsejo Superior de Investigaciones Científicas (CSIC)-HW-SEEDS 201750E010V Plan Propio de Investigación de la Universidad de Sevill

Subwavelength Engineering of Silicon Photonic Waveguides

The dissertation demonstrates subwavelength engineering of silicon photonic waveguides in the form of two different structures or avenues: (i) a novel ultra-low mode area v-groove waveguide to enhance light-matter interaction; and (ii) a nanoscale sidewall crystalline grating performed as physical unclonable function to achieve hardware and information security. With the advancement of modern technology and modern supply chain throughout the globe, silicon photonics is set to lead the global semiconductor foundries, thanks to its abundance in nature and a mature and well-established industry. Since, the silicon waveguide is the heart of silicon photonics, it can be considered as the core building block of modern integrated photonic systems. Subwavelength structuring of silicon waveguides shows immense promise in a variety of field of study, such as, tailoring electromagnetic near fields, enhancing light-matter interactions, engineering anisotropy and effective medium effects, modal and dispersion engineering, nanoscale sensitivity etc. In this work, we are going to exploit the boundary conditions of modern silicon photonics through subwavelength engineering by means of novel ultra-low mode area v-groove waveguide to answer long-lasting challenges, such as, fabrication of such sophisticated structure while ensuring efficient coupling of light between dissimilar modes. Moreover, physical unclonable function derived from our nanoscale sidewall crystalline gratings should give us a fast and reliable optical security solution with improved information density. This research should enable new avenues of subwavelength engineered silicon photonic waveguide and answer to many unsolved questions of silicon photonics foundries

Implementação fotónica de funções fisicamente não clonáveis

This dissertation aimed to study and develop optical Physically Unclonable Functions, which are physical devices characterized by having random intrinsic variations, thus being eligible towards high security systems due to their unclonability, uniqueness and randomness. With the rapid expansion of technologies such as Internet of Things and the concerns around counterfeited goods, secure and resilient cryptographic systems are in high demand. Moreover the development of digital ecosystems, mobile applications towards transactions now require fast and reliable algorithms to generate secure cryptographic keys. The statistical nature of speckle-based imaging creates an opportunity for these cryptographic key generators to arise. In the scope of this work, three different tokens were implemented as physically unclonable devices: tracing paper, plastic optical fiber and an organic-inorganic hybrid. These objects were subjected to a visible light laser stimulus and produced a speckle pattern which was then used to retrieve the cryptographic key associated to each of the materials. The methodology deployed in this work features the use of a Discrete Cosine Transform to enable a low-cost and semi-compact 128-bit key encryption channel. Furthermore, the authentication protocol required the analysis of multiple responses from different samples, establishing an optimal decision threshold level that maximized the robustness and minimized the fallibility of the system. The attained 128-bit encryption system performed, across all the samples, bellow the error probability detection limit of 10-12, showing its potential as a cryptographic key generator.Nesta dissertação pretende-se estudar e desenvolver Funções Fisicamente Não Clonáveis, dispositivos caracterizados por terem variações aleatórias intrínsecas, sendo, portanto, elegíveis para sistemas de alta segurança devido à sua impossibilidade de clonagem, unicidade e aleatoriedade. Com a rápida expansão de tecnologias como a Internet das Coisas e as preocupações com produtos falsificados, os sistemas criptográficos seguros e resilientes são altamente requisitados. Além disso, o desenvolvimento de ecossistemas digitais e de aplicações móveis para transações comerciais requerem algoritmos rápidos e seguros de geração de chaves criptográficas. A natureza estatística das imagens baseadas no speckle cria uma oportunidade para o aparecimento desses geradores de chaves criptográficas. No contexto deste trabalho, três dispositivos diferentes foram implementados como funções fisicamente não clonáveis, nomeadamente, papel vegetal, fibra ótica de plástico e um híbrido orgânico-inorgânico. Estes objetos foram submetidos a um estímulo de luz coerente na região espectral visível e produziram um padrão de speckle o qual foi utilizado para recuperar a chave criptográfica associada a cada um dos materiais. A metodologia implementada neste trabalho incorpora a Transformada Discreta de Cosseno, o que possibilita a criação de um sistema criptográfico de 128 bits caracterizado por ser semi-compacto e de baixo custo. O protocolo de autenticação exigiu a análise de múltiplas respostas de diferentes Physically Unclonable Functions (PUFs), o que permitiu estabelecer um nível de limite de decisão ótimo de forma a maximizar a robustez e minimizar a probabilidade de erro por parte do sistema. O sistema de encriptação de 128 bits atingiu valores de probabilidade de erro abaixo do limite de deteção, 10-12, para todas as amostras, mostrando o seu potencial como gerador de chaves criptográficas.Mestrado em Engenharia Físic

Photonic Physical Unclonable Functions: From the Concept to Fully Functional Device Operating in the Field

The scope of this paper is to demonstrate a fully working and compact photonic Physical Unclonable Function (PUF) device capable of operating in real life scenarios as an authentication mechanism and random number generator. For this purpose, an extensive experimental investigation of a Polymer Optical Fiber (POF) and a diffuser as PUF tokens is performed and the most significant properties are evaluated using the proper mathematical tools. Two different software algorithms, the Random Binary Method (RBM) and Singular Value Decomposition (SVD), were tested for optimized key extraction and error correction codes have been incorporated for enhancing key reproducibility. By taking into consideration the limitations and overall performance derived by the experimental evaluation of the system, the designing details towards the implementation of a miniaturized, energy efficient and low-cost device are extensively discussed. The performance of the final device is thoroughly evaluated, demonstrating a long-term stability of 1 week, an operating temperature range of 50C, an exponentially large pool of unique Challenge-Response Pairs (CRPs), recovery after power failure and capability of generating NIST compliant true random numbers

Physical key-protected one-time pad

We describe an encrypted communication principle that forms a secure link between two parties without electronically saving either of their keys. Instead, random cryptographic bits are kept safe within the unique mesoscopic randomness of two volumetric scattering materials. We demonstrate how a shared set of patterned optical probes can generate 10 gigabits of statistically verified randomness between a pair of unique 2 mm^3 scattering objects. This shared randomness is used to facilitate information-theoretically secure communication following a modified one-time pad protocol. Benefits of volumetric physical storage over electronic memory include the inability to probe, duplicate or selectively reset any bits without fundamentally altering the entire key space. Our ability to securely couple the randomness contained within two unique physical objects can extend to strengthen hardware required by a variety of cryptographic protocols, which is currently a critically weak link in the security pipeline of our increasingly mobile communication culture

Functional mobile-based two-factor authentication by photonic physical unclonable functions

Given the rapid expansion of the Internet of Things and because of the concerns around counterfeited goods, secure and resilient cryptographic systems are in high demand. Due to the development of digital ecosystems, mobile applications for transactions require fast and reliable methods to generate secure cryptographic keys, such as Physical Unclonable Functions (PUFs). We demonstrate a compact and reliable photonic PUF device able to be applied in mobile-based authentication. A miniaturized, energy-efficient, and low-cost token was forged of flexible luminescent organic–inorganic hybrid materials doped with lanthanides, displaying unique challenge–response pairs (CRPs) for two-factor authentication. Under laser irradiation in the red spectral region, a speckle pattern is attained and accessed through conventional charge-coupled cameras, and under ultraviolet light-emitting diodes, it displays a luminescent pattern accessed through hyperspectral imaging and converted to a random intensity-based pattern, ensuring the two-factor authentication. This methodology features the use of a discrete cosine transform to enable a low-cost and semi-compact encryption system suited for speckle and luminescence-based CRPs. The PUF evaluation and the authentication protocol required the analysis of multiple CRPs from different tokens, establishing an optimal cryptographic key size (128 bits) and an optimal decision threshold level that minimizes the error probability.publishe

Trusted Cameras on Mobile Devices Based on SRAM Physically Unclonable Functions

Nowadays, there is an increasing number of cameras placed on mobile devices connected to the Internet. Since these cameras acquire and process sensitive and vulnerable data in applications such as surveillance or monitoring, security is essential to avoid cyberattacks. However, cameras on mobile devices have constraints in size, computation and power consumption, so that lightweight security techniques should be considered. Camera identification techniques guarantee the origin of the data. Among the camera identification techniques, Physically Unclonable Functions (PUFs) allow generating unique, distinctive and unpredictable identifiers from the hardware of a device. PUFs are also very suitable to obfuscate secret keys (by binding them to the hardware of the device) and generate random sequences (employed as nonces). In this work, we propose a trusted camera based on PUFs and standard cryptographic algorithms. In addition, a protocol is proposed to protect the communication with the trusted camera, which satisfies authentication, confidentiality, integrity and freshness in the data communication. This is particularly interesting to carry out camera control actions and firmware updates. PUFs from Static Random Access Memories (SRAMs) are selected because cameras typically include SRAMs in its hardware. Therefore, additional hardware is not required and security techniques can be implemented at low cost. Experimental results are shown to prove how the proposed solution can be implemented with the SRAM of commercial Bluetooth Low Energy (BLE) chips included in the communication module of the camera. A proof of concept shows that the proposed solution can be implemented in low-cost cameras.España, Ministerio de Ciencia e Innovación TEC2014-57971-R TEC2017-83557-

More Lessons: Analysis of PUF-based Authentication Protocols for IoT

Authentication constitutes the foundation and vertebrae of all security properties. It is the procedure in which communicating parties prove their identities to each other, and generally establish and derive secret keys to enforce other services, such as confidentiality, data integrity, non-repudiation, and availability. PUFs (Physical Unclonable Functions) has been the subject of many subsequent publications on lightweight, lowcost, and secure-by-design authentication protocols. This has turned our attention to investigate the most recent PUF-based authentication protocols for IoT. In [1], we reviewed the security of some PUF-based authentication protocols that were proposed between 2016 and October 2020, and drew important security lessons to consider by future authentication protocol designers. In this paper, we extend our previous work by reviewing the security of fifteen PUF-based authentication protocols that were recently published during the past two years (2020 and 2021). We first provide the necessary background on PUFs and how they are used for authentication. Then, we analyze the security of these authentication protocols to identify and report common security issues and design flaws. We draw lessons and recommendations for future authentication protocol designer

Security Aspects of Printed Electronics Applications

Gedruckte Elektronik (Printed Electronics (PE)) ist eine neu aufkommende Technologie welche komplementär zu konventioneller Elektronik eingesetzt wird. Dessen einzigartigen Merkmale führten zu einen starken Anstieg von Marktanteilen, welche 2010 \$6 Milliarden betrugen, \$41 Milliarden in 2019 und in 2027 geschätzt \$153 Milliarden. Gedruckte Elektronik kombiniert additive Technologien mit funktionalen Tinten um elektronische Komponenten aus verschiedenen Materialien direkt am Verwendungsort, kosteneffizient und umweltfreundlich herzustellen. Die dabei verwendeten Substrate können flexibel, leicht, transparent, großflächig oder implantierbar sein. Dadurch können mit gedruckter Elektronik (noch) visionäre Anwendungen wie Smart-Packaging, elektronische Einmalprodukte, Smart Labels oder digitale Haut realisiert werden. Um den Fortschritt von gedruckten Elektronik-Technologien voranzutreiben, basierten die meisten Optimierungen hauptsächlich auf der Erhöhung von Produktionsausbeute, Reliabilität und Performance. Jedoch wurde auch die Bedeutung von Sicherheitsaspekten von Hardware-Plattformen in den letzten Jahren immer mehr in den Vordergrund gerückt. Da realisierte Anwendungen in gedruckter Elektronik vitale Funktionalitäten bereitstellen können, die sensible Nutzerdaten beinhalten, wie zum Beispiel in implantierten Geräten und intelligenten Pflastern zur Gesundheitsüberwachung, führen Sicherheitsmängel und fehlendes Produktvertrauen in der Herstellungskette zu teils ernsten und schwerwiegenden Problemen. Des Weiteren, wegen den charakteristischen Merkmalen von gedruckter Elektronik, wie zum Beispiel additive Herstellungsverfahren, hohe Strukturgröße, wenige Schichten und begrenzten Produktionsschritten, ist gedruckte Hardware schon per se anfällig für hardware-basierte Attacken wie Reverse-Engineering, Produktfälschung und Hardware-Trojanern. Darüber hinaus ist die Adoption von Gegenmaßnahmen aus konventionellen Technologien unpassend und ineffizient, da solche zu extremen Mehraufwänden in der kostengünstigen Fertigung von gedruckter Elektronik führen würden. Aus diesem Grund liefert diese Arbeit eine Technologie-spezifische Bewertung von Bedrohungen auf der Hardware-Ebene und dessen Gegenmaßnahmen in der Form von Ressourcen-beschränkten Hardware-Primitiven, um die Produktionskette und Funktionalitäten von gedruckter Elektronik-Anwendungen zu schützen. Der erste Beitrag dieser Dissertation ist ein vorgeschlagener Ansatz um gedruckte Physical Unclonable Functions (pPUF) zu entwerfen, welche Sicherheitsschlüssel bereitstellen um mehrere sicherheitsrelevante Gegenmaßnahmen wie Authentifizierung und Fingerabdrücke zu ermöglichen. Zusätzlich optimieren wir die multi-bit pPUF-Designs um den Flächenbedarf eines 16-bit-Schlüssels-Generators um 31\% zu verringern. Außerdem entwickeln wir ein Analyse-Framework basierend auf Monte Carlo-Simulationen für pPUFs, mit welchem wir Simulationen und Herstellungs-basierte Analysen durchführen können. Unsere Ergebnisse haben gezeigt, dass die pPUFs die notwendigen Eigenschaften besitzen um erfolgreich als Sicherheitsanwendung eingesetzt zu werden, wie Einzigartigkeit der Signatur und ausreichende Robustheit. Der Betrieb der gedruckten pPUFs war möglich bis zu sehr geringen Betriebsspannungen von nur 0.5 V. Im zweiten Beitrag dieser Arbeit stellen wir einen kompakten Entwurf eines gedruckten physikalischen Zufallsgenerator vor (True Random Number Generator (pTRNG)), welcher unvorhersehbare Schlüssel für kryptographische Funktionen und zufälligen "Authentication Challenges" generieren kann. Der pTRNG Entwurf verbessert Prozess-Variationen unter Verwendung von einer Anpassungsmethode von gedruckten Widerständen, ermöglicht durch die individuelle Konfigurierbarkeit von gedruckten Schaltungen, um die generierten Bits nur von Zufallsrauschen abhängig zu machen, und damit ein echtes Zufallsverhalten zu erhalten. Die Simulationsergebnisse legen nahe, dass die gesamten Prozessvariationen des TRNGs um das 110-fache verbessert werden, und der zufallsgenerierte Bitstream der TRNGs die "National Institute of Standards and Technology Statistical Test Suit"-Tests bestanden hat. Auch hier können wir nachweisen, dass die Betriebsspannungen der TRNGs von mehreren Volt zu nur 0.5 V lagen, wie unsere Charakterisierungsergebnisse der hergestellten TRNGs aufgezeigt haben. Der dritte Beitrag dieser Dissertation ist die Beschreibung der einzigartigen Merkmale von Schaltungsentwurf und Herstellung von gedruckter Elektronik, welche sehr verschieden zu konventionellen Technologien ist, und dadurch eine neuartige Reverse-Engineering (RE)-Methode notwendig macht. Hierfür stellen wir eine robuste RE-Methode vor, welche auf Supervised-Learning-Algorithmen für gedruckte Schaltungen basiert, um die Vulnerabilität gegenüber RE-Attacken zu demonstrieren. Die RE-Ergebnisse zeigen, dass die vorgestellte RE-Methode auf zahlreiche gedruckte Schaltungen ohne viel Komplexität oder teure Werkzeuge angewandt werden kann. Der letzte Beitrag dieser Arbeit ist ein vorgeschlagenes Konzept für eine "one-time programmable" gedruckte Look-up Table (pLUT), welche beliebige digitale Funktionen realisieren kann und Gegenmaßnahmen unterstützt wie Camouflaging, Split-Manufacturing und Watermarking um Attacken auf der Hardware-Ebene zu verhindern. Ein Vergleich des vorgeschlagenen pLUT-Konzepts mit existierenden Lösungen hat gezeigt, dass die pLUT weniger Flächen-bedarf, geringere worst-case Verzögerungszeiten und Leistungsverbrauch hat. Um die Konfigurierbarkeit der vorgestellten pLUT zu verifizieren, wurde es simuliert, hergestellt und programmiert mittels Tintenstrahl-gedruckter elektrisch leitfähiger Tinte um erfolgreich Logik-Gatter wie XNOR, XOR und AND zu realisieren. Die Simulation und Charakterisierungsergebnisse haben die erfolgreiche Funktionalität der pLUT bei Betriebsspannungen von nur 1 V belegt