44 research outputs found
Hardware authentication based on PUFs and SHA-3 2nd round candidates
Security features are getting a growing interest in microelectronics. Not only entities have to authenticate in the context of a high secure communication but also the hardware employed has to be trusted. Silicon Physical Unclonable Functions (PUFs) or Physical Random Functions, which exploits manufacturing process variations in integrated circuits, have been used to authenticate the hardware in which they are included and, based on them, several cryptographic protocols have been reported. This paper describes the hardware implementation of a symmetric-key authentication protocol in which a PUF is one of the relevant blocks. The second relevant block is a SHA-3 2nd round candidate, a Secure Hash Algorithm (in particular Keccak), which has been proposed to replace the SHA-2 functions that have been broken no long time ago. Implementation details are discussed in the case of Xilinx FPGAs.Junta de AndalucĂa P08-TIC-03674Comunidad Europea FP7-INFSO-ICT-248858Ministerio de Ciencia y TecnologĂa TEC2008-04920 y DPI2008-0384
Performance Metrics and Empirical Results of a PUF Cryptographic Key Generation ASIC
We describe a PUF design with integrated error correction that is robust to various layout implementations and achieves excellent and consistent results in each of the following four areas: Randomness, Uniqueness, Bias and Stability. 133 PUF devices in 0.13 μm technology encompassing seven circuit layout implementations were tested. The PUF-based key generation design achieved less than 0.58 ppm failure rates with 50%+ stability safety margin. 1.75M error correction blocks ran error-free under worst-case V/T corners (±10% V, 125°C/-65°C) and under voltage extremes of ±20% V. All PUF devices demonstrated excellent NIST-random behavior (99 cumulative percentile), a criterion used to qualify random sources for use as keying material for cryptographic-grade applications
Maximum-likelihood decoding of device-specific multi-bit symbols for reliable key generation
We present a PUF key generation scheme that uses the provably optimal method of maximum-likelihood (ML) detection on symbols derived from PUF response bits. Each device forms a noisy, device-specific symbol constellation, based on manufacturing variation. Each detected symbol is a letter in a codeword of an error correction code, resulting in non-binary codewords. We present a three-pronged validation strategy: i. mathematical (deriving an optimal symbol decoder), ii. simulation (comparing against prior approaches), and iii. empirical (using implementation data). We present simulation results demonstrating that for a given PUF noise level and block size (an estimate of helper data size), our new symbol-based ML approach can have orders of magnitude better bit error rates compared to prior schemes such as block coding, repetition coding, and threshold-based pattern matching, especially under high levels of noise due to extreme environmental variation. We demonstrate environmental reliability of a ML symbol-based soft-decision error correction approach in 28nm FPGA silicon, covering -65°C to 105°C ambient (and including 125°C junction), and with 128bit key regeneration error probability ≤ 1 ppm.Bavaria California Technology Center (Grant 2014-1/9
Slender PUF Protocol: A lightweight, robust, and secure authentication by substring matching
We introduce Slender PUF protocol, an efficient
and secure method to authenticate the responses
generated from a Strong Physical Unclonable Function
(PUF). The new method is lightweight, and suitable for
energy constrained platforms such as ultra-low power embedded
systems for use in identification and authentication
applications. The proposed protocol does not follow the
classic paradigm of exposing the full PUF responses (or
a transformation of the full string of responses) on the
communication channel. Instead, random subsets of the
responses are revealed and sent for authentication. The
response patterns are used for authenticating the prover
device with a very high probability.We perform a thorough
analysis of the method’s resiliency to various attacks
which guides adjustment of our protocol parameters for
an efficient and secure implementation. We demonstrate
that Slender PUF protocol, if carefully designed, will be
resilient against all known machine learning attacks. In
addition, it has the great advantage of an inbuilt PUF error
tolerance. Thus, Slender PUF protocol is lightweight and
does not require costly additional error correction, fuzzy
extractors, and hash modules suggested in most previously
known PUF-based robust authentication techniques. The
low overhead and practicality of the protocol are confirmed
by a set of hardware implementation and evaluations