Securing IEEE P1687 On-chip Instrumentation Access Using PUF

As the complexity of VLSI designs grows, the amount of embedded instrumentation in system-on-a-chip designs increases at an exponential rate. Such structures serve various purposes throughout the life-cycle of VLSI circuits, e.g. in post-silicon validation and debug, production test and diagnosis, as well as during in-field test and maintenance. Reliable access mechanisms for embedded instruments are therefore key to rapid chip development and secure system maintenance. Reconfigurable scan networks defined by IEEE Std. P1687 emerge as a scalable and cost-effective access medium for on-chip instrumentation. The accessibility offered by reconfigurable scan networks contradicts security and safety requirements for embedded instrumentation. Embedded instrumentation is an integral system component that remains functional throughout the lifetime of a chip. To prevent harmful activities, such as tampering with safety-critical systems, and reduce the risk of intellectual property infringement, the access to embedded instrumentation requires protection. This thesis provides a novel, Physical Unclonable Function (PUF) based secure access method for on-chip instruments which enhances the security of IJTAG network at low hardware cost and with less routing congestion

New Family of Stream Ciphers as Physically Clone-Resistant VLSI-Structures

A new large class of $2^{100}$ possible stream ciphers as keystream generators KSGs, is presented. The sample cipher-structure-concept is based on randomly selecting a set of 16 maximum-period Nonlinear Feedback Shift Registers (NLFSRs). A non-linear combining function is merging the 16 selected sequences. All resulting stream ciphers with a total state-size of 223 bits are designed to result with the same security level and have a linear complexity exceeding $2^{81}$ and a period exceeding $2^{161}$. A Secret Unknown Cipher (SUC) is created randomly by selecting one cipher from that class of $2^{100}$ ciphers. SUC concept was presented recently as a physical security anchor to overcome the drawbacks of the traditional analog Physically Unclonable Functions (PUFs). Such unknown ciphers may be permanently self-created within System-on-Chip SoC non-volatile FPGA devices to serve as a digital clone-resistant structure. Moreover, a lightweight identification protocol is presented in open networks for physically identifying such SUC structures in FPGA-devices. The proposed new family may serve for lightweight realization of clone-resistant identities in future self-reconfiguring SoC non-volatile FPGAs. Such self-reconfiguring FPGAs are expected to be emerging in the near future smart VLSI systems. The security analysis and hardware complexities of the resulting clone-resistant structures are evaluated and shown to exhibit scalable security levels even for post-quantum cryptography.Comment: 24 pages, 7 Figures, 3 Table

FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis

Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives deep into the universe of FPGA-based PUF designs but also offers a comprehensive overview coupled with a discerning comparative analysis. PUFs are the bedrock of device authentication and key generation and the fortification of secure cryptographic protocols. Unleashing the potential of FPGA technology expands the horizons of PUF integration across diverse hardware systems. We set out to understand the fundamental ideas behind PUF and how crucially important it is to current security paradigms. Different FPGA-based PUF solutions, including static, dynamic, and hybrid systems, are closely examined. Each design paradigm is painstakingly examined to reveal its special qualities, functional nuances, and weaknesses. We closely assess a variety of performance metrics, including those related to distinctiveness, reliability, and resilience against hostile threats. We compare various FPGA-based PUF systems against one another to expose their unique advantages and disadvantages. This study provides system designers and security professionals with the crucial information they need to choose the best PUF design for their particular applications. Our paper provides a comprehensive view of the functionality, security capabilities, and prospective applications of FPGA-based PUF systems. The depth of knowledge gained from this research advances the field of hardware security, enabling security practitioners, researchers, and designers to make wise decisions when deciding on and implementing FPGA-based PUF solutions.publishedVersio

Physically unclonable functions based on a controlled ring oscillator

Решается задача построения нового класса физически неклонируемых функций (ФНФ) на базе управляемого кольцевого осциллятора (УКО). Актуальность создания УКОФНФ связана с активным развитием физической криптографии, применяемой для целей идентификации электронных изделий и формирования криптографических ключей. Показано, что классические физически неклонируемые функции на основе кольцевых осцилляторов (КОФНФ) характеризуются большой аппаратурной избыточностью из-за необходимости реализовывать большое число КО, в силу того что, каждый бит ответа требует наличия независимой пары реальных КО. В тоже время КОФНФ характеризуются лучшими статистическими свойствами по сравнению с ФНФ типа арбитр и не требуют обеспечения идеальной симметричности и идентичности реализуемых КО. В качестве альтернативы КОФНФ предлагается новый класс физически неклонируемых функций, а именноУКОФНФ, использующий управляемые кольцевые осцилляторы, основанные на управлении частотой формируемых импульсов без изменения функциональности и структуры осциллятора. Важным достоинством УКО является возможность реализации на его основе множества КО,количество которых достигает 2m, где m есть количество разрядов осциллятора, и каждый из них определяется подаваемым запросом. В статье рассматриваются три альтернативных структуры предлагаемых ФНФ, а именно УКОФНФ1, УКОФНФ2 и УКОФНФ3. Показываются их основные достоинства и недостатки, в том числе, в случае двух вариантов реализации, а именно на программированной логике (FPGA) и произвольной логике (ASIC). В качестве базового варианта для реализации на FPGA рассматривается УКОФНФ2 менее подверженный межкристальной и, что более важно, внутрикристальной зависимости, вызванной технологическими особенностями производственного процесса. Практические исследования проводились путем реализации на современных FPGA УКОФНФ2, оценки ее работоспособности и основных ее характеристик. Экспериментально подтверждена работоспособность нового класса ФНФ при их реализации на программируемой логике, а также высокие показатели их основных статистических характеристик

Design of Discrete-time Chaos-Based Systems for Hardware Security Applications

Security of systems has become a major concern with the advent of technology. Researchers are proposing new security solutions every day in order to meet the area, power and performance specifications of the systems. The additional circuit required for security purposes can consume significant area and power. This work proposes a solution which utilizes discrete-time chaos-based logic gates to build a system which addresses multiple hardware security issues. The nonlinear dynamics of chaotic maps is leveraged to build a system that mitigates IC counterfeiting, IP piracy, overbuilding, disables hardware Trojan insertion and enables authentication of connecting devices (such as IoT and mobile). Chaos-based systems are also used to generate pseudo-random numbers for cryptographic applications.The chaotic map is the building block for the design of discrete-time chaos-based oscillator. The analog output of the oscillator is converted to digital value using a comparator in order to build logic gates. The logic gate is reconfigurable since different parameters in the circuit topology can be altered to implement multiple Boolean functions using the same system. The tuning parameters are control input, bifurcation parameter, iteration number and threshold voltage of the comparator. The proposed system is a hybrid between standard CMOS logic gates and reconfigurable chaos-based logic gates where original gates are replaced by chaos-based gates. The system works in two modes: logic locking and authentication. In logic locking mode, the goal is to ensure that the system achieves logic obfuscation in order to mitigate IC counterfeiting. The secret key for logic locking is made up of the tuning parameters of the chaotic oscillator. Each gate has 10-bit key which ensures that the key space is large which exponentially increases the computational complexity of any attack. In authentication mode, the aim of the system is to provide authentication of devices so that adversaries cannot connect to devices to learn confidential information. Chaos-based computing system is susceptible to process variation which can be leveraged to build a chaos-based PUF. The proposed system demonstrates near ideal PUF characteristics which means systems with large number of primary outputs can be used for authenticating devices

Secure and Unclonable Integrated Circuits

Semiconductor manufacturing is increasingly reliant in offshore foundries, which has raised concerns with counterfeiting, piracy, and unauthorized overproduction by the contract foundry. The recent shortage of semiconductors has aggravated such problems, with the electronic components market being flooded by recycled, remarked, or even out-of-spec, and defective parts. Moreover, modern internet connected applications require mechanisms that enable secure communication, which must be protected by security countermeasures to mitigate various types of attacks. In this thesis, we describe techniques to aid counterfeit prevention, and mitigate secret extraction attacks that exploit power consumption information. Counterfeit prevention requires simple and trustworthy identification. Physical unclonable functions (PUFs) harvest process variation to create a unique and unclonable digital fingerprint of an IC. However, learning attacks can model the PUF behavior, invalidating its unclonability claims. In this thesis, we research circuits and architectures to make PUFs more resilient to learning attacks. First, we propose the concept of non-monotonic response quantization, where responses not always encode the best performing circuit structure. Then, we explore the design space of PUF compositions, assessing the trade-off between stability and resilience to learning attacks. Finally, we introduce a lightweight key based challenge obfuscation technique that uses a chip unique secret to construct PUFs which are more resilient to learning attacks. Modern internet protocols demand message integrity, confidentiality, and (often) non-repudiation. Adding support for such mechanisms requires on-chip storage of a secret key. Even if the key is produced by a PUF, it will be subject to key extraction attacks that use power consumption information. Secure integrated circuits must address power analysis attacks with appropriate countermeasures. Traditional mitigation techniques have limited scope of protection, and impose several restrictions on how sensitive data must be manipulated. We demonstrate a bit-serial RISC-V microprocessor implementation with no plain-text data in the clear, where all values are protected using Boolean masking and differential domino logic. Software can run with little to no countermeasures, reducing code size and performance overheads. Our methodology is fully automated and can be applied to designs of arbitrary size or complexity. We also provide details on other key components such as clock randomizer, memory protection, and random number generator