Printed Electronics-Based Physically Unclonable Functions for Lightweight Security in the Internet of Things

Die moderne Gesellschaft strebt mehr denn je nach digitaler Konnektivität - überall und zu jeder Zeit - was zu Megatrends wie dem Internet der Dinge (Internet of Things, IoT) führt. Bereits heute kommunizieren und interagieren „Dinge“ autonom miteinander und werden in Netzwerken verwaltet. In Zukunft werden Menschen, Daten und Dinge miteinander verbunden sein, was auch als Internet von Allem (Internet of Everything, IoE) bezeichnet wird. Milliarden von Geräten werden in unserer täglichen Umgebung allgegenwärtig sein und über das Internet in Verbindung stehen. Als aufstrebende Technologie ist die gedruckte Elektronik (Printed Electronics, PE) ein Schlüsselelement für das IoE, indem sie neuartige Gerätetypen mit freien Formfaktoren, neuen Materialien auf einer Vielzahl von Substraten mit sich bringt, die flexibel, transparent und biologisch abbaubar sein können. Darüber hinaus ermöglicht PE neue Freiheitsgrade bei der Anpassbarkeit von Schaltkreisen sowie die kostengünstige und großflächige Herstellung am Einsatzort. Diese einzigartigen Eigenschaften von PE ergänzen herkömmliche Technologien auf Siliziumbasis. Additive Fertigungsprozesse ermöglichen die Realisierung von vielen zukunftsträchtigen Anwendungen wie intelligente Objekte, flexible Displays, Wearables im Gesundheitswesen, umweltfreundliche Elektronik, um einige zu nennen. Aus der Sicht des IoE ist die Integration und Verbindung von Milliarden heterogener Geräte und Systeme eine der größten zu lösenden Herausforderungen. Komplexe Hochleistungsgeräte interagieren mit hochspezialisierten, leichtgewichtigen elektronischen Geräten, wie z.B. Smartphones mit intelligenten Sensoren. Daten werden in der Regel kontinuierlich gemessen, gespeichert und mit benachbarten Geräten oder in der Cloud ausgetauscht. Dabei wirft die Fülle an gesammelten und verarbeiteten Daten Bedenken hinsichtlich des Datenschutzes und der Sicherheit auf. Herkömmliche kryptografische Operationen basieren typischerweise auf deterministischen Algorithmen, die eine hohe Schaltungs- und Systemkomplexität erfordern, was sie wiederum für viele leichtgewichtige Geräte ungeeignet macht. Es existieren viele Anwendungsbereiche, in denen keine komplexen kryptografischen Operationen erforderlich sind, wie z.B. bei der Geräteidentifikation und -authentifizierung. Dabei hängt das Sicherheitslevel hauptsächlich von der Qualität der Entropiequelle und der Vertrauenswürdigkeit der abgeleiteten Schlüssel ab. Statistische Eigenschaften wie die Einzigartigkeit (Uniqueness) der Schlüssel sind von großer Bedeutung, um einzelne Entitäten genau unterscheiden zu können. In den letzten Jahrzehnten hat die Hardware-intrinsische Sicherheit, insbesondere Physically Unclonable Functions (PUFs), eine große Strahlkraft hinsichtlich der Bereitstellung von Sicherheitsfunktionen für IoT-Geräte erlangt. PUFs verwenden ihre inhärenten Variationen, um gerätespezifische eindeutige Kennungen abzuleiten, die mit Fingerabdrücken in der Biometrie vergleichbar sind. Zu den größten Potenzialen dieser Technologie gehören die Verwendung einer echten Zufallsquelle, die Ableitung von Sicherheitsschlüsseln nach Bedarf sowie die inhärente Schlüsselspeicherung. In Kombination mit den einzigartigen Merkmalen der PE-Technologie werden neue Möglichkeiten eröffnet, um leichtgewichtige elektronische Geräte und Systeme abzusichern. Obwohl PE noch weit davon entfernt ist, so ausgereift und zuverlässig wie die Siliziumtechnologie zu sein, wird in dieser Arbeit gezeigt, dass PE-basierte PUFs vielversprechende Sicherheitsprimitiven für die Schlüsselgenerierung zur eindeutigen Geräteidentifikation im IoE sind. Dabei befasst sich diese Arbeit in erster Linie mit der Entwicklung, Untersuchung und Bewertung von PE-basierten PUFs, um Sicherheitsfunktionen für ressourcenbeschränkte gedruckte Geräte und Systeme bereitzustellen. Im ersten Beitrag dieser Arbeit stellen wir das skalierbare, auf gedruckter Elektronik basierende Differential Circuit PUF (DiffC-PUF) Design vor, um sichere Schlüssel für Sicherheitsanwendungen für ressourcenbeschränkte Geräte bereitzustellen. Die DiffC-PUF ist als hybride Systemarchitektur konzipiert, die siliziumbasierte und gedruckte Komponenten enthält. Es wird eine eingebettete PUF-Plattform entwickelt, um die Charakterisierung von siliziumbasierten und gedruckten PUF-Cores in großem Maßstab zu ermöglichen. Im zweiten Beitrag dieser Arbeit werden siliziumbasierte PUF-Cores auf Basis diskreter Komponenten hergestellt und statistische Tests unter realistischen Betriebsbedingungen durchgeführt. Eine umfassende experimentelle Analyse der PUF-Sicherheitsmetriken wird vorgestellt. Die Ergebnisse zeigen, dass die DiffC-PUF auf Siliziumbasis nahezu ideale Werte für die Uniqueness- und Reliability-Metriken aufweist. Darüber hinaus werden die Identifikationsfähigkeiten der DiffC-PUF untersucht, und es stellte sich heraus, dass zusätzliches Post-Processing die Identifizierbarkeit des Identifikationssystems weiter verbessern kann. Im dritten Beitrag dieser Arbeit wird zunächst ein Evaluierungsworkflow zur Simulation von DiffC-PUFs basierend auf gedruckter Elektronik vorgestellt, welche auch als Hybrid-PUFs bezeichnet werden. Hierbei wird eine Python-basierte Simulationsumgebung vorgestellt, welche es ermöglicht, die Eigenschaften und Variationen gedruckter PUF-Cores basierend auf Monte Carlo (MC) Simulationen zu untersuchen. Die Simulationsergebnisse zeigen, dass die Sicherheitsmetriken im besten Betriebspunkt nahezu ideal sind. Des Weiteren werden angefertigte PE-basierte PUF-Cores für statistische Tests unter verschiedenen Betriebsbedingungen, einschließlich Schwankungen der Umgebungstemperatur, der relativen Luftfeuchtigkeit und der Versorgungsspannung betrieben. Die experimentell bestimmten Resultate der Uniqueness-, Bit-Aliasing- und Uniformity-Metriken stimmen gut mit den Simulationsergebnissen überein. Der experimentell ermittelte durchschnittliche Reliability-Wert ist relativ niedrig, was durch die fehlende Passivierung und Einkapselung der gedruckten Transistoren erklärt werden kann. Die Untersuchung der Identifikationsfähigkeiten basierend auf den PUF-Responses zeigt, dass die Hybrid-PUF ohne zusätzliches Post-Processing nicht für kryptografische Anwendungen geeignet ist. Die Ergebnisse zeigen aber auch, dass sich die Hybrid-PUF zur Geräteidentifikation eignet. Der letzte Beitrag besteht darin, in die Perspektive eines Angreifers zu wechseln. Um die Sicherheitsfähigkeiten der Hybrid-PUF beurteilen zu können, wird eine umfassende Sicherheitsanalyse nach Art einer Kryptoanalyse durchgeführt. Die Analyse der Entropie der Hybrid-PUF zeigt, dass seine Anfälligkeit für Angriffe auf Modellbasis hauptsächlich von der eingesetzten Methode zur Generierung der PUF-Challenges abhängt. Darüber hinaus wird ein Angriffsmodell eingeführt, um die Leistung verschiedener mathematischer Klonangriffe auf der Grundlage von abgehörten Challenge-Response Pairs (CRPs) zu bewerten. Um die Hybrid-PUF zu klonen, wird ein Sortieralgorithmus eingeführt und mit häufig verwendeten Classifiers für überwachtes maschinelles Lernen (ML) verglichen, einschließlich logistischer Regression (LR), Random Forest (RF) sowie Multi-Layer Perceptron (MLP). Die Ergebnisse zeigen, dass die Hybrid-PUF anfällig für modellbasierte Angriffe ist. Der Sortieralgorithmus profitiert von kürzeren Trainingszeiten im Vergleich zu den ML-Algorithmen. Im Falle von fehlerhaft abgehörten CRPs übertreffen die ML-Algorithmen den Sortieralgorithmus

Improved Generation of Identifiers, Secret Keys, and Random Numbers From SRAMs

This paper presents a method to simultaneously improve the quality of the identifiers, secret keys, and random numbers that can be generated from the start-up values of standard static random access memories (SRAMs). The method is based on classifying memory cells after evaluating their start-up values at multiple measurements in a registration phase. The registration can be done without unplugging the device from its application context, and with no need for a complex laboratory setup. The method has been validated experimentally with standard low-power SRAM modules in two different application specific integrated circuits (ASICs) fabricated with the 90-nm TSMC technology. The results show that with a simple registration the length of the identifiers can be reduced by 45%, the worst case bit error probability (which defines the complexity of the error correcting code needed to recover a secret key) can be reduced by 64%, and the worst case minimum entropy value is improved, thus reducing the number of bits that have to be processed to obtain full entropy by 81%. The method can be applied to standard digital designs by controlling the external power supply to the SRAM using software or by incorporating simple circuitry in the design. In the latter case, a module for implementing the method in an ASIC designed in the 90-nm TSMC technology occupies an active area of 42, $025~mu text{m}^{mathrm {mathbf {2}}}

HARDWARE ATTACK DETECTION AND PREVENTION FOR CHIP SECURITY

Hardware security is a serious emerging concern in chip designs and applications. Due to the globalization of the semiconductor design and fabrication process, integrated circuits (ICs, a.k.a. chips) are becoming increasingly vulnerable to passive and active hardware attacks. Passive attacks on chips result in secret information leaking while active attacks cause IC malfunction and catastrophic system failures. This thesis focuses on detection and prevention methods against active attacks, in particular, hardware Trojan (HT). Existing HT detection methods have limited capability to detect small-scale HTs and are further challenged by the increased process variation. We propose to use differential Cascade Voltage Switch Logic (DCVSL) method to detect small HTs and achieve a success rate of 66% to 98%. This work also presents different fault tolerant methods to handle the active attacks on symmetric-key cipher SIMON, which is a recent lightweight cipher. Simulation results show that our Even Parity Code SIMON consumes less area and power than double modular redundancy SIMON and Reversed-SIMON, but yields a higher fault -detection-failure rate as the number of concurrent faults increases. In addition, the emerging technology, memristor, is explored to protect SIMON from passive attacks. Simulation results indicate that the memristor-based SIMON has a unique power characteristic that adds new challenges on secrete key extraction

Segurança de computadores por meio de autenticação intrínseca de hardware

Orientadores: Guido Costa Souza de Araújo, Mario Lúcio Côrtes e Diego de Freitas AranhaTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: Neste trabalho apresentamos Computer Security by Hardware-Intrinsic Authentication (CSHIA), uma arquitetura de computadores segura para sistemas embarcados que tem como objetivo prover autenticidade e integridade para código e dados. Este trabalho está divido em três fases: Projeto da Arquitetura, sua Implementação, e sua Avaliação de Segurança. Durante a fase de projeto, determinamos como integridade e autenticidade seriam garantidas através do uso de Funções Fisicamente Não Clonáveis (PUFs) e propusemos um algoritmo de extração de chaves criptográficas de memórias cache de processadores. Durante a implementação, flexibilizamos o projeto da arquitetura para fornecer diferentes possibilidades de configurações sem comprometimento da segurança. Então, avaliamos seu desempenho levando em consideração o incremento em área de chip, aumento de consumo de energia e memória adicional para diferentes configurações. Por fim, analisamos a segurança de PUFs e desenvolvemos um novo ataque de canal lateral que circunvê a propriedade de unicidade de PUFs por meio de seus elementos de construçãoAbstract: This work presents Computer Security by Hardware-Intrinsic Authentication (CSHIA), a secure computer architecture for embedded systems that aims at providing authenticity and integrity for code and data. The work encompassed three phases: Design, Implementation, and Security Evaluation. In design, we laid out the basic ideas behind CSHIA, namely, how integrity and authenticity are employed through the use of Physical Unclonable Functions (PUFs), and we proposed an algorithm to extract cryptographic keys from the intrinsic memories of processors. In implementation, we made CSHIA¿s design more flexible, allowing different configurations without compromising security. Then, we evaluated CSHIA¿s performance and overheads, such as area, energy, and memory, for multiple configurations. Finally, we evaluated security of PUFs, which led us to develop a new side-channel-based attack that enabled us to circumvent PUFs¿ uniqueness property through their architectural elementsDoutoradoCiência da ComputaçãoDoutor em Ciência da Computação2015/06829-2; 2016/25532-3147614/2014-7FAPESPCNP

Within-Die Delay Variation Measurement And Analysis For Emerging Technologies Using An Embedded Test Structure

Both random and systematic within-die process variations (PV) are growing more severe with shrinking geometries and increasing die size. Escalation in the variations in delay and power with reductions in feature size places higher demands on the accuracy of variation models. Their availability can be used to improve yield, and the corresponding profitability and product quality of the fabricated integrated circuits (ICs). Sources of within-die variations include optical source limitations, and layout-based systematic effects (pitch, line-width variability, and microscopic etch loading). Unfortunately, accurate models of within-die PVs are becoming more difficult to derive because of their increasingly sensitivity to design-context. Embedded test structures (ETS) continue to play an important role in the development of models of PVs and as a mechanism to improve correlations between hardware and models. Variations in path delays are increasing with scaling, and are increasingly affected by neighborhood\u27 interactions. In order to fully characterize within-die variations, delays must be measured in the context of actual core-logic macros. Doing so requires the use of an embedded test structure, as opposed to traditional scribe line test structures such as ring oscillators (RO). Accurate measurements of within-die variations can be used, e.g., to better tune models to actual hardware (model-to-hardware correlations). In this research project, I propose an embedded test structure called REBEL (Regional dELay BEhavior) that is designed to measure path delays in a minimally invasive fashion; and its architecture measures the path delays more accurately. Design for manufacture-ability (DFM) analysis is done on the on 90 nm ASIC chips and 28nm Zynq 7000 series FPGA boards. I present ASIC results on within-die path delay variations in a floating-point unit (FPU) fabricated in IBM\u27s 90 nm technology, with 5 pipeline stages, used as a test vehicle in chip experiments carried out at nine different temperature/voltage (TV) corners. Also experimental data has been analyzed for path delay variations in short vs long paths. FPGA results on within-die variation and die-to-die variations on Advanced Encryption System (AES) using single pipelined stage are also presented. Other analysis that have been performed on the calibrated path delays are Flip Flop propagation delays for both rising and falling edge (tpHL and tpLH), uncertainty analysis, path distribution analysis, short versus long path variations and mid-length path within-die variation. I also analyze the impact on delay when the chips are subjected to industrial-level temperature and voltage variations. From the experimental results, it has been established that the proposed REBEL provides capabilities similar to an off-chip logic analyzer, i.e., it is able to capture the temporal behavior of the signal over time, including any static and dynamic hazards that may occur on the tested path. The ASIC results further show that path delays are correlated to the launch-capture (LC) interval used to time them. Therefore, calibration as proposed in this work must be carried out in order to obtain an accurate analysis of within-die variations. Results on ASIC chips show that short paths can vary up to 35% on average, while long paths vary up to 20% at nominal temperature and voltage. A similar trend occurs for within-die variations of mid-length paths where magnitudes reduced to 20% and 5%, respectively. The magnitude of delay variations in both these analyses increase as temperature and voltage are changed to increase performance. The high level of within-die delay variations are undesirable from a design perspective, but they represent a rich source of entropy for applications that make use of \u27secrets\u27 such as authentication, hardware metering and encryption. Physical unclonable functions (PUFs) are a class of primitives that leverage within-die-variations as a means of generating random bit strings for these types of applications, including hardware security and trust. Zynq FPGAs Die-to-Die and within-die variation study shows that on average there is 5% of within-Die variation and the range of die-to-Die variation can go upto 3ns. The die-to-Die variations can be explored in much further detail to study the variations spatial dependance. Additionally, I also carried out research in the area data mining to cater for big data by focusing the work on decision tree classification (DTC) to speed-up the classification step in hardware implementation. For this purpose, I devised a pipelined architecture for the implementation of axis parallel binary decision tree classification for meeting up with the requirements of execution time and minimal resource usage in terms of area. The motivation for this work is that analyzing larger data-sets have created abundant opportunities for algorithmic and architectural developments, and data-mining innovations, thus creating a great demand for faster execution of these algorithms, leading towards improving execution time and resource utilization. Decision trees (DT) have since been implemented in software programs. Though, the software implementation of DTC is highly accurate, the execution times and the resource utilization still require improvement to meet the computational demands in the ever growing industry. On the other hand, hardware implementation of DT has not been thoroughly investigated or reported in detail. Therefore, I propose a hardware acceleration of pipelined architecture that incorporates the parallel approach in acquiring the data by having parallel engines working on different partitions of data independently. Also, each engine is processing the data in a pipelined fashion to utilize the resources more efficiently and reduce the time for processing all the data records/tuples. Experimental results show that our proposed hardware acceleration of classification algorithms has increased throughput, by reducing the number of clock cycles required to process the data and generate the results, and it requires minimal resources hence it is area efficient. This architecture also enables algorithms to scale with increasingly large and complex data sets. We developed the DTC algorithm in detail and explored techniques for adapting it to a hardware implementation successfully. This system is 3.5 times faster than the existing hardware implementation of classification.\u2

On Improving Robustness of Hardware Security Primitives and Resistance to Reverse Engineering Attacks

The continued growth of information technology (IT) industry and proliferation of interconnected devices has aggravated the problem of ensuring security and necessitated the need for novel, robust solutions. Physically unclonable functions (PUFs) have emerged as promising secure hardware primitives that can utilize the disorder introduced during manufacturing process to generate unique keys. They can be utilized as \textit{lightweight} roots-of-trust for use in authentication and key generation systems. Unlike insecure non-volatile memory (NVM) based key storage systems, PUFs provide an advantage -- no party, including the manufacturer, should be able to replicate the physical disorder and thus, effectively clone the PUF. However, certain practical problems impeded the widespread deployment of PUFs. This dissertation addresses such problems of (i) reliability and (ii) unclonability. Also, obfuscation techniques have proven necessary to protect intellectual property in the presence of an untrusted supply chain and are needed to aid against counterfeiting. This dissertation explores techniques utilizing layout and logic-aware obfuscation. Collectively, we present secure and cost-effective solutions to address crucial hardware security problems

Recognizing Patterns in Transmitted Signals for Identification Purposes

The ability to identify and authenticate entities in cyberspace such as users, computers, cell phones, smart cards, and radio frequency identification (RFID) tags is usually accomplished by having the entity demonstrate knowledge of a secret key. When the entity is portable and physically accessible, like an RFID tag, it can be difficult to secure given the memory, processing, and economic constraints. This work proposes to use unique patterns in the transmitted signals caused by manufacturing differences to identify and authenticate a wireless device such as an RFID tag. Both manufacturer identification and tag identification are performed on a population of 300 tags from three different manufacturers. A methodology to select features for identifying signals with high accuracy is developed and applied to passive RFID tags. The classifier algorithms K-Nearest Neighbors, Parzen Windows, and Support Vector Machines are investigated. The tag\u27s manufacturer can be identified with 99.93\% true positive rate. An individual tag is identified with 99.8\% accuracy, which is better than previously published work. Using a Hidden Markov Model with framed timing and power data, the tag manufacturer can be identified with 97.37\% accuracy and has a compact representation. An authentication system based on unique features of the signals is proposed assuming that the readers that interrogate the tags may be compromised by a malicious adversary. For RFID tags, a set of timing-only features can provide an accuracy of 97.22\%, which is better than previously published work, is easier to measure, and appears to be more stable than power features