Segurança de computadores por meio de autenticação intrínseca de hardware

Orientadores: Guido Costa Souza de Araújo, Mario Lúcio Côrtes e Diego de Freitas AranhaTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Neste trabalho apresentamos Computer Security by Hardware-Intrinsic Authentication (CSHIA), uma arquitetura de computadores segura para sistemas embarcados que tem como objetivo prover autenticidade e integridade para código e dados. Este trabalho está divido em três fases: Projeto da Arquitetura, sua Implementação, e sua Avaliação de Segurança. Durante a fase de projeto, determinamos como integridade e autenticidade seriam garantidas através do uso de Funções Fisicamente Não Clonáveis (PUFs) e propusemos um algoritmo de extração de chaves criptográficas de memórias cache de processadores. Durante a implementação, flexibilizamos o projeto da arquitetura para fornecer diferentes possibilidades de configurações sem comprometimento da segurança. Então, avaliamos seu desempenho levando em consideração o incremento em área de chip, aumento de consumo de energia e memória adicional para diferentes configurações. Por fim, analisamos a segurança de PUFs e desenvolvemos um novo ataque de canal lateral que circunvê a propriedade de unicidade de PUFs por meio de seus elementos de construçãoAbstract: This work presents Computer Security by Hardware-Intrinsic Authentication (CSHIA), a secure computer architecture for embedded systems that aims at providing authenticity and integrity for code and data. The work encompassed three phases: Design, Implementation, and Security Evaluation. In design, we laid out the basic ideas behind CSHIA, namely, how integrity and authenticity are employed through the use of Physical Unclonable Functions (PUFs), and we proposed an algorithm to extract cryptographic keys from the intrinsic memories of processors. In implementation, we made CSHIA¿s design more flexible, allowing different configurations without compromising security. Then, we evaluated CSHIA¿s performance and overheads, such as area, energy, and memory, for multiple configurations. Finally, we evaluated security of PUFs, which led us to develop a new side-channel-based attack that enabled us to circumvent PUFs¿ uniqueness property through their architectural elementsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação2015/06829-2; 2016/25532-3147614/2014-7FAPESPCNP

MEMS sensors as physical unclonable functions

A fundamental requirement of any crypto system is that secret-key material remains securely stored so that it is robust in withstanding attacks including physical tampering. In this context, physical unclonable functions (PUFs) have been proposed to store cryptographic secrets in a particularly secure manner. In this thesis, the feasibility of using microelectromechanical systems (MEMS) sensors for secure key storage purposes is evaluated for the first time. To this end, we investigated an off-the-shelf 3-axis MEMS gyroscope design and used its properties to derive a unique fingerprint from each sensor. We thoroughly examined the robustness of the derived fingerprints against temperature variation and aging. We extracted stable keys with nearly full entropy from the fingerprints. The security level of the extracted keys lies in a range between 27 bits and 150 bits depending on the applied test conditions and the used entropy estimation method. Moreover, we provide experimental evidence that the extractable key length is higher in practice when multiple wafers are considered. In addition, it is shown that further improvements could be achieved by using more precise measurement techniques and by optimizing the MEMS design. The robustness of a MEMS PUF against tampering and malicious read-outs was tested by three different types of physical attacks. We could show that MEMS PUFs provide a high level of protection due to the sensitivity of their characteristics to disassembly.Eine grundlegende Anforderung jedes Kryptosystems ist, dass der verwendete geheime Schlüssel sicher und geschützt aufbewahrt wird. Vor diesem Hintergrund wurden physikalisch unklonbare Funktionen (PUFs) vorgeschlagen, um kryptographische Geheimnisse besonders sicher zu speichern. In dieser Arbeit wird erstmals die Verwendbarkeit von mikroelektromechanischen Systemen (MEMS) für die sichere Schlüsselspeicherung anhand eines 3-achsigen MEMS Drehratensensor gezeigt. Dabei werden die Eigenschaften der Sensoren zur Ableitung eines eindeutigen Fingerabdrucks verwendet. Die Temperatur- und Langzeitstabilität der abgeleiteten Fingerabdrücke wurde ausführlich untersucht. Aus den Fingerabdrücken wurden stabile Schlüssel mit einem Sicherheitsniveau zwischen 27 Bit und 150 Bit, abhängig von den Testbedingungen und der verwendeten Entropie-Schätzmethode, extrahiert. Außerdem konnte gezeigt werden, dass die Schlüssellänge ansteigt, je mehr Wafer betrachtet werden. Darüber hinaus wurde die Verwendung einer präziseren Messtechnik und eine Optimierung des MEMS-Designs als potentielle Verbesserungsmaßnahmen identifiziert. Die Robustheit einer MEMS PUF gegen Manipulationen und feindseliges Auslesen durch verschiedene Arten von physikalischen Angriffen wurde untersucht. Es konnte gezeigt werden, dass MEMS PUFs aufgrund der Empfindlichkeit ihrer Eigenschaften hinsichtlich einer Öffnung des Mold-Gehäuses eine hohe Widerstandsfähigkeit gegenüber invasiven Angriffen aufweisen

Slender PUF Protocol: A lightweight, robust, and secure authentication by substring matching

We introduce Slender PUF protocol, an efficient and secure method to authenticate the responses generated from a Strong Physical Unclonable Function (PUF). The new method is lightweight, and suitable for energy constrained platforms such as ultra-low power embedded systems for use in identification and authentication applications. The proposed protocol does not follow the classic paradigm of exposing the full PUF responses (or a transformation of the full string of responses) on the communication channel. Instead, random subsets of the responses are revealed and sent for authentication. The response patterns are used for authenticating the prover device with a very high probability.We perform a thorough analysis of the method’s resiliency to various attacks which guides adjustment of our protocol parameters for an efficient and secure implementation. We demonstrate that Slender PUF protocol, if carefully designed, will be resilient against all known machine learning attacks. In addition, it has the great advantage of an inbuilt PUF error tolerance. Thus, Slender PUF protocol is lightweight and does not require costly additional error correction, fuzzy extractors, and hash modules suggested in most previously known PUF-based robust authentication techniques. The low overhead and practicality of the protocol are confirmed by a set of hardware implementation and evaluations

Modeling attack resistant strong physical unclonable functions : design and applications

Physical unclonable functions (PUFs) have great promise as hardware authentication primitives due to their physical unclonability, high resistance to reverse engineering, and difficulty of mathematical cloning. Strong PUFs are distinguished by an exponentially large number of challenge-response pairs (CRPs), in contrast with weak PUFs that have a smaller CRP set. Because the adversary cannot create an enumeration clone by recording all CRPs even when in physical possession of a PUF, strong PUFs enable secure direct authentication, that does not require cryptography and are thus attractive to low-energy and IoT applications. The first contribution of this dissertation is the design of a strong silicon PUF resistant to machine learning (ML) attacks. For a strong PUF to be an effective security primitive, the CRPs need to be unpredictable: given a set of known CRPs, it should be difficult to predict the unobserved CRPs. Otherwise, an adversary can succeed in an attack based on building a model of the PUF. Early strong PUFs have shown vulnerability to ML based attacks. We take advantage of the strongly nonlinear I -- V property of MOSFETs operating in subthreshold region to introduce a highly unpredictable PUF. The PUF, termed the subthreshold current array PUF (SCA-PUF), consists of a pair of two-dimensional transistor arrays, a circuit stabilizing the PUF output, and a low-offset comparator. The proposed 65-bit SCA-PUF is fabricated in a 130nm process and allows 2⁶⁵ CRPs. It consumes 68nW and 11pJ/bit while exhibiting high uniqueness, uniformity, and randomness. It achieves bit error rate (BER) of 5.8% for the temperature range of -20 to +80°C and supply voltage variation of ±10%. A calibration-based CRP selection method is developed to improve BER to 0.4% with a 42% loss of CRPs. When subjected to ML attacks, the prediction error stays over 40% on 10⁴ training points, which shows negligible loss in PUF unpredictability and about 100X higher resilience than the 65-bit arbiter PUF, 3-XOR PUF, and 3-XOR lightweight PUF. The second contribution is the application of a strong PUF in a secure key update scheme. Side-channel attacks on cryptographic implementations threaten system security via the loss of the secret key. The adversary can recover the key by analyzing side-channel analog behavior of a cryptographic device, such as power consumption. Fresh re-keying techniques aim to mitigate these attacks by regularly updating the key, so that the side-channel exposure of each key is minimized. Existing key update schemes generate fresh keys by processing a root key using arithmetic operations. Unfortunately, such techniques have been demonstrated to also be vulnerable to side-channel attacks. We propose a novel approach to fresh re-keying that replaces the arithmetic key update function with a strong PUF. We show that the security of our scheme hinges on the resilience of the PUF to a power side-channel attack and propose a realization based on the SCA-PUF. We show that the SCA-PUF is resistant to simple power analysis and a modeling attack that uses ML on the power side-channel. We target an insecure device and secure server encryption scenario for which we provide an efficient and scalable method of PUF enrollment. Finally, we develop an end-to-end encryption system with PUF-based fresh re-keying, using a reverse fuzzy extractor construction. The third contribution is the implementation of a strong PUF provably secure against ML attacks. The security is derived from cryptographic hardness of learning decryption functions of semantically secure public-key cryptosystems within the probably approximately correct framework. The proposed PUF, termed the lattice PUF, compactly realizes the decryption function of the learning-with-errors (LWE) public-key cryptosystem as the core block. The lattice PUF is lightweight and fully digital. It is constructed using a weak PUF, as a physically obfuscated key (POK), an LWE decryption function block, a pseudo-random number generator in the form of a linear-feedback shift register (LFSR), a self-incrementing counter, and a control block. The POK provides the secret key of the LWE decryption function. A fuzzy extractor is utilized to ensure stability of the POK. The proposed lattice PUF significantly improves upon a direct implementation of LWE decryption function in terms of challenge transfer cost by exploiting distributional relaxations allowed by recent work in space-efficient LWEs. Specifically, only a small challenge-seed is transmitted while the full-length challenge is re-generated by the LFSR resulting in a 100X reduction of communication cost. To prevent an active attack in which arbitrary challenges can be submitted, the value of a self-incrementing counter is embedded into the challenge seed. We construct a lattice PUF that realizes a challenge-response pair space of size 2¹³⁶, requires 1160 POK bits, and guarantees 128-bit ML resistance. Assuming a bit error rate of 5% for SRAM-based POK, 6.5K SRAM cells are needed. The PUF shows excellent uniformity, uniqueness, and reliability. We implement the PUF on a Spartan 6 FPGA. It requires only 45 slices for the lattice PUF proper and 233 slices for the fuzzy extractorElectrical and Computer Engineerin

AEGIS : a single-chip secure processor

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (p. 225-240).Trust in remote interaction is a fundamental challenge in distributed computing environments. To obtain a remote party's trust, computing systems must be able to guarantee the privacy of intellectual property and the integrity of program execution. Unfortunately, traditional platforms cannot provide such guarantees under physical threats that exist in distributed environments. The AEGIS secure processor enables a physically secure computing platform to be built with a main processor as the only trusted hardware component. AEGIS empowers a remote party to authenticate the platform and guarantees secure execution even under physical threats. To realize the security features of AEGIS with only a single chip, this thesis presents a secure processor architecture along with its enabling security mechanisms. The architecture suggests a technique called suspended secure processing to allow a secure part of an application to be protected separately from the rest. Physical random functions provide a cheap and secure way of generating a unique secret key on each processor, which enables a remote party to authenticate the processor chip.(cont.) Memory encryption and integrity verification mechanisms guarantee the privacy and the integrity of off-chip memory content, respectively. A fully-functional RTL implementation and simulation studies demonstrate that the overheads associated with this single-chip approach is reasonable. The security components in AEGIS consumes about 230K logic gates. AEGIS, with its off-chip protection mechanisms, is slower than traditional processors by 26% on average for large applications and by a few percent for embedded applications. This thesis also shows that using AEGIS requires only minor modifications to traditional operating systems and compilers.by Gookwon Edward Suh.Ph.D

Implementação de uma arquitetura para execução segura de código utilizando PUFs

Orientador: Guido Costa Souza de AraújoDissertação (mestrado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: As técnicas padrões de design para proteger a execução de código são baseadas em mecanismos criptográficos bem conhecidos e em recursos de (micro) arquitetura para codificar transações de barramento ou isolar o código seguro em plataformas confiáveis, entre outras. Embora essas técnicas geralmente forneçam níveis adequados de segurança, a maioria delas é ineficiente, consideravelmente impacta o projeto da (micro) arquitetura, requer mudanças extensas na cadeia de ferramentas de programação ou é tão complicada que pode criar brechas de segurança inesperadas. Com o objetivo de resolver esses problemas de segurança na execução de códigos, a Segurança de Computadores por Autenticação Intrínseca ao Hardware (CSHIA) foi proposta para autenticar todos os blocos de uma memória externa usando uma chave exclusiva extraída de Funções Físicas não Clonáveis (PUFs). Com base na implementação em FPGA do processador Leon3 da Gaisler, este trabalho apresenta uma prova de conceito do CSHIA, apresentando os detalhes e uma descrição detalhada da implementação do hardware, os compromissos do design e a integração entre a arquitetura e um processador real. Mostramos os recursos do FPGA, uma avaliação de desempenho com benchmarks padrão da indústria e estimativas de energia e área. A versão final do CSHIA forneceu um design robusto e melhoria de segurança para o processador selecionado, à custa de 2,76% a 5,77% de sobrecarga de desempenho, dependendo da solução adotada com um aumento da área lógica de 34% para a configuração selecionada. A implementação final do CSHIA tornou-se uma plataforma altamente configurável que oferece várias opções de design e recursos de segurança a um usuário final, onde este trabalho contribuiu para fornecer um chassi que pode ser usado por qualquer sistema AMBA2Abstract: Standard design techniques to secure code execution are based on well-known cryptographic mechanisms and (micro) architecture features to encode bus transactions, or isolate secure code into trusted platforms, among others. Although such techniques usually provide proper levels of security, most of them are either inefficient, considerably impact processor (micro) architecture design, require extensive changes in the programming tool-chain, or are so complicated that may create unexpected security loopholes. Aiming to address this security issues in code execution the Computer Security by Hardware-Intrinsic Authentication (CSHIA) was proposed to provide authenticity by authenticating all memory blocks of an external memory using a unique key extracted from Physical Unclonable Functions (PUFs). Based on Gaisler's Leon3 FPGA implementation, this work presents a proof-of-concept of CSHIA, presenting the details and an in-depth description of the hardware implementation, the design tradeoffs, and the integration between the architecture and a real processor. We show the FPGA resources, a performance evaluation with industry standard benchmarks and power and area estimations. The final CSHIA version provided a robust design and security improvement to the selected processor at the expense of 2.76% to 5.77% of performance overhead depending on the solution adopted with logic area overhead of 34% for the selected configuration. The final CSHIA implementation became a highly configurable platform that offers several design choices and security features to an end user, where this work contributed to provide a chassis that can be used by any AMBA2 systemMestradoCiência da ComputaçãoMestre em Ciência da Computaçã