117 research outputs found
Securing IEEE P1687 On-chip Instrumentation Access Using PUF
As the complexity of VLSI designs grows, the amount of embedded instrumentation in system-on-a-chip designs increases at an exponential rate. Such structures serve various purposes throughout the life-cycle of VLSI circuits, e.g. in post-silicon validation and debug, production test and diagnosis, as well as during in-field test and maintenance. Reliable access mechanisms for embedded instruments are therefore key to rapid chip development and secure system maintenance. Reconfigurable scan networks defined by IEEE Std. P1687 emerge as a scalable and cost-effective access medium for on-chip instrumentation. The accessibility offered by reconfigurable scan networks contradicts security and safety requirements for embedded instrumentation. Embedded instrumentation is an integral system component that remains functional throughout the lifetime of a chip. To prevent harmful activities, such as tampering with safety-critical systems, and reduce the risk of intellectual property infringement, the access to embedded instrumentation requires protection. This thesis provides a novel, Physical Unclonable Function (PUF) based secure access method for on-chip instruments which enhances the security of IJTAG network at low hardware cost and with less routing congestion
New Family of Stream Ciphers as Physically Clone-Resistant VLSI-Structures
A new large class of possible stream ciphers as keystream
generators KSGs, is presented. The sample cipher-structure-concept is based on
randomly selecting a set of 16 maximum-period Nonlinear Feedback Shift
Registers (NLFSRs). A non-linear combining function is merging the 16 selected
sequences. All resulting stream ciphers with a total state-size of 223 bits are
designed to result with the same security level and have a linear complexity
exceeding and a period exceeding . A Secret Unknown Cipher
(SUC) is created randomly by selecting one cipher from that class of
ciphers. SUC concept was presented recently as a physical security anchor to
overcome the drawbacks of the traditional analog Physically Unclonable
Functions (PUFs). Such unknown ciphers may be permanently self-created within
System-on-Chip SoC non-volatile FPGA devices to serve as a digital
clone-resistant structure. Moreover, a lightweight identification protocol is
presented in open networks for physically identifying such SUC structures in
FPGA-devices. The proposed new family may serve for lightweight realization of
clone-resistant identities in future self-reconfiguring SoC non-volatile FPGAs.
Such self-reconfiguring FPGAs are expected to be emerging in the near future
smart VLSI systems. The security analysis and hardware complexities of the
resulting clone-resistant structures are evaluated and shown to exhibit
scalable security levels even for post-quantum cryptography.Comment: 24 pages, 7 Figures, 3 Table
FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis
Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives deep into the universe of FPGA-based PUF designs but also offers a comprehensive overview coupled with a discerning comparative analysis. PUFs are the bedrock of device authentication and key generation and the fortification of secure cryptographic protocols. Unleashing the potential of FPGA technology expands the horizons of PUF integration across diverse hardware systems. We set out to understand the fundamental ideas behind PUF and how crucially important it is to current security paradigms. Different FPGA-based PUF solutions, including static, dynamic, and hybrid systems, are closely examined. Each design paradigm is painstakingly examined to reveal its special qualities, functional nuances, and weaknesses. We closely assess a variety of performance metrics, including those related to distinctiveness, reliability, and resilience against hostile threats. We compare various FPGA-based PUF systems against one another to expose their unique advantages and disadvantages. This study provides system designers and security professionals with the crucial information they need to choose the best PUF design for their particular applications. Our paper provides a comprehensive view of the functionality, security capabilities, and prospective applications of FPGA-based PUF systems. The depth of knowledge gained from this research advances the field of hardware security, enabling security practitioners, researchers, and designers to make wise decisions when deciding on and implementing FPGA-based PUF solutions.publishedVersio
Physically unclonable functions based on a controlled ring oscillator
Π Π΅ΡΠ°Π΅ΡΡΡ Π·Π°Π΄Π°ΡΠ° ΠΏΠΎΡΡΡΠΎΠ΅Π½ΠΈΡ Π½ΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΡΠ° ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈ Π½Π΅ΠΊΠ»ΠΎΠ½ΠΈΡΡΠ΅ΠΌΡΡ
ΡΡΠ½ΠΊΡΠΈΠΉ (Π€ΠΠ€) Π½Π° Π±Π°Π·Π΅ ΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌΠΎΠ³ΠΎ ΠΊΠΎΠ»ΡΡΠ΅Π²ΠΎΠ³ΠΎ ΠΎΡΡΠΈΠ»Π»ΡΡΠΎΡΠ° (Π£ΠΠ). ΠΠΊΡΡΠ°Π»ΡΠ½ΠΎΡΡΡ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ Π£ΠΠΠ€ΠΠ€ ΡΠ²ΡΠ·Π°Π½Π° Ρ Π°ΠΊΡΠΈΠ²Π½ΡΠΌ ΡΠ°Π·Π²ΠΈΡΠΈΠ΅ΠΌ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΎΠΉ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΠΈ, ΠΏΡΠΈΠΌΠ΅Π½ΡΠ΅ΠΌΠΎΠΉ Π΄Π»Ρ ΡΠ΅Π»Π΅ΠΉ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΠΈ ΡΠ»Π΅ΠΊΡΡΠΎΠ½Π½ΡΡ
ΠΈΠ·Π΄Π΅Π»ΠΈΠΉ ΠΈ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΡ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΡ
ΠΊΠ»ΡΡΠ΅ΠΉ. ΠΠΎΠΊΠ°Π·Π°Π½ΠΎ, ΡΡΠΎ ΠΊΠ»Π°ΡΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈ Π½Π΅ΠΊΠ»ΠΎΠ½ΠΈΡΡΠ΅ΠΌΡΠ΅ ΡΡΠ½ΠΊΡΠΈΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ ΠΊΠΎΠ»ΡΡΠ΅Π²ΡΡ
ΠΎΡΡΠΈΠ»Π»ΡΡΠΎΡΠΎΠ² (ΠΠΠ€ΠΠ€) Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΠΈΠ·ΡΡΡΡΡ Π±ΠΎΠ»ΡΡΠΎΠΉ Π°ΠΏΠΏΠ°ΡΠ°ΡΡΡΠ½ΠΎΠΉ ΠΈΠ·Π±ΡΡΠΎΡΠ½ΠΎΡΡΡΡ ΠΈΠ·-Π·Π° Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎΡΡΠΈ ΡΠ΅Π°Π»ΠΈΠ·ΠΎΠ²ΡΠ²Π°ΡΡ Π±ΠΎΠ»ΡΡΠΎΠ΅ ΡΠΈΡΠ»ΠΎ ΠΠ, Π² ΡΠΈΠ»Ρ ΡΠΎΠ³ΠΎ ΡΡΠΎ, ΠΊΠ°ΠΆΠ΄ΡΠΉ Π±ΠΈΡ ΠΎΡΠ²Π΅ΡΠ° ΡΡΠ΅Π±ΡΠ΅Ρ Π½Π°Π»ΠΈΡΠΈΡ Π½Π΅Π·Π°Π²ΠΈΡΠΈΠΌΠΎΠΉ ΠΏΠ°ΡΡ ΡΠ΅Π°Π»ΡΠ½ΡΡ
ΠΠ. Π ΡΠΎΠΆΠ΅ Π²ΡΠ΅ΠΌΡ ΠΠΠ€ΠΠ€ Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΠΈΠ·ΡΡΡΡΡ Π»ΡΡΡΠΈΠΌΠΈ ΡΡΠ°ΡΠΈΡΡΠΈΡΠ΅ΡΠΊΠΈΠΌΠΈ ΡΠ²ΠΎΠΉΡΡΠ²Π°ΠΌΠΈ ΠΏΠΎ ΡΡΠ°Π²Π½Π΅Π½ΠΈΡ Ρ Π€ΠΠ€ ΡΠΈΠΏΠ° Π°ΡΠ±ΠΈΡΡ ΠΈ Π½Π΅ ΡΡΠ΅Π±ΡΡΡ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΡ ΠΈΠ΄Π΅Π°Π»ΡΠ½ΠΎΠΉ ΡΠΈΠΌΠΌΠ΅ΡΡΠΈΡΠ½ΠΎΡΡΠΈ ΠΈ ΠΈΠ΄Π΅Π½ΡΠΈΡΠ½ΠΎΡΡΠΈ ΡΠ΅Π°Π»ΠΈΠ·ΡΠ΅ΠΌΡΡ
ΠΠ. Π ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅ Π°Π»ΡΡΠ΅ΡΠ½Π°ΡΠΈΠ²Ρ ΠΠΠ€ΠΠ€ ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΡΡΡ Π½ΠΎΠ²ΡΠΉ ΠΊΠ»Π°ΡΡ ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΈ Π½Π΅ΠΊΠ»ΠΎΠ½ΠΈΡΡΠ΅ΠΌΡΡ
ΡΡΠ½ΠΊΡΠΈΠΉ, Π° ΠΈΠΌΠ΅Π½Π½ΠΎΠ£ΠΠΠ€ΠΠ€, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡΡΠΈΠΉ ΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌΡΠ΅ ΠΊΠΎΠ»ΡΡΠ΅Π²ΡΠ΅ ΠΎΡΡΠΈΠ»Π»ΡΡΠΎΡΡ, ΠΎΡΠ½ΠΎΠ²Π°Π½Π½ΡΠ΅ Π½Π° ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΠΈ ΡΠ°ΡΡΠΎΡΠΎΠΉ ΡΠΎΡΠΌΠΈΡΡΠ΅ΠΌΡΡ
ΠΈΠΌΠΏΡΠ»ΡΡΠΎΠ² Π±Π΅Π· ΠΈΠ·ΠΌΠ΅Π½Π΅Π½ΠΈΡ ΡΡΠ½ΠΊΡΠΈΠΎΠ½Π°Π»ΡΠ½ΠΎΡΡΠΈ ΠΈ ΡΡΡΡΠΊΡΡΡΡ ΠΎΡΡΠΈΠ»Π»ΡΡΠΎΡΠ°. ΠΠ°ΠΆΠ½ΡΠΌ Π΄ΠΎΡΡΠΎΠΈΠ½ΡΡΠ²ΠΎΠΌ Π£ΠΠ ΡΠ²Π»ΡΠ΅ΡΡΡ Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎΡΡΡ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π½Π° Π΅Π³ΠΎ ΠΎΡΠ½ΠΎΠ²Π΅ ΠΌΠ½ΠΎΠΆΠ΅ΡΡΠ²Π° ΠΠ,ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²ΠΎ ΠΊΠΎΡΠΎΡΡΡ
Π΄ΠΎΡΡΠΈΠ³Π°Π΅Ρ 2m, Π³Π΄Π΅ m Π΅ΡΡΡ ΠΊΠΎΠ»ΠΈΡΠ΅ΡΡΠ²ΠΎ ΡΠ°Π·ΡΡΠ΄ΠΎΠ² ΠΎΡΡΠΈΠ»Π»ΡΡΠΎΡΠ°, ΠΈ ΠΊΠ°ΠΆΠ΄ΡΠΉ ΠΈΠ· Π½ΠΈΡ
ΠΎΠΏΡΠ΅Π΄Π΅Π»ΡΠ΅ΡΡΡ ΠΏΠΎΠ΄Π°Π²Π°Π΅ΠΌΡΠΌ Π·Π°ΠΏΡΠΎΡΠΎΠΌ. Π ΡΡΠ°ΡΡΠ΅ ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°ΡΡΡΡ ΡΡΠΈ Π°Π»ΡΡΠ΅ΡΠ½Π°ΡΠΈΠ²Π½ΡΡ
ΡΡΡΡΠΊΡΡΡΡ ΠΏΡΠ΅Π΄Π»Π°Π³Π°Π΅ΠΌΡΡ
Π€ΠΠ€, Π° ΠΈΠΌΠ΅Π½Π½ΠΎ Π£ΠΠΠ€ΠΠ€1, Π£ΠΠΠ€ΠΠ€2 ΠΈ Π£ΠΠΠ€ΠΠ€3. ΠΠΎΠΊΠ°Π·ΡΠ²Π°ΡΡΡΡ ΠΈΡ
ΠΎΡΠ½ΠΎΠ²Π½ΡΠ΅ Π΄ΠΎΡΡΠΎΠΈΠ½ΡΡΠ²Π° ΠΈ Π½Π΅Π΄ΠΎΡΡΠ°ΡΠΊΠΈ, Π² ΡΠΎΠΌ ΡΠΈΡΠ»Π΅, Π² ΡΠ»ΡΡΠ°Π΅ Π΄Π²ΡΡ
Π²Π°ΡΠΈΠ°Π½ΡΠΎΠ² ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ, Π° ΠΈΠΌΠ΅Π½Π½ΠΎ Π½Π° ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ Π»ΠΎΠ³ΠΈΠΊΠ΅ (FPGA) ΠΈ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ»ΡΠ½ΠΎΠΉ Π»ΠΎΠ³ΠΈΠΊΠ΅ (ASIC). Π ΠΊΠ°ΡΠ΅ΡΡΠ²Π΅ Π±Π°Π·ΠΎΠ²ΠΎΠ³ΠΎ Π²Π°ΡΠΈΠ°Π½ΡΠ° Π΄Π»Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π½Π° FPGA ΡΠ°ΡΡΠΌΠ°ΡΡΠΈΠ²Π°Π΅ΡΡΡ Π£ΠΠΠ€ΠΠ€2 ΠΌΠ΅Π½Π΅Π΅ ΠΏΠΎΠ΄Π²Π΅ΡΠΆΠ΅Π½Π½ΡΠΉ ΠΌΠ΅ΠΆΠΊΡΠΈΡΡΠ°Π»ΡΠ½ΠΎΠΉ ΠΈ, ΡΡΠΎ Π±ΠΎΠ»Π΅Π΅ Π²Π°ΠΆΠ½ΠΎ, Π²Π½ΡΡΡΠΈΠΊΡΠΈΡΡΠ°Π»ΡΠ½ΠΎΠΉ Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ, Π²ΡΠ·Π²Π°Π½Π½ΠΎΠΉ ΡΠ΅Ρ
Π½ΠΎΠ»ΠΎΠ³ΠΈΡΠ΅ΡΠΊΠΈΠΌΠΈ ΠΎΡΠΎΠ±Π΅Π½Π½ΠΎΡΡΡΠΌΠΈ ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΡΡΠ²Π΅Π½Π½ΠΎΠ³ΠΎ ΠΏΡΠΎΡΠ΅ΡΡΠ°. ΠΡΠ°ΠΊΡΠΈΡΠ΅ΡΠΊΠΈΠ΅ ΠΈΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΈΡ ΠΏΡΠΎΠ²ΠΎΠ΄ΠΈΠ»ΠΈΡΡ ΠΏΡΡΠ΅ΠΌ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π½Π° ΡΠΎΠ²ΡΠ΅ΠΌΠ΅Π½Π½ΡΡ
FPGA Π£ΠΠΠ€ΠΠ€2, ΠΎΡΠ΅Π½ΠΊΠΈ Π΅Π΅ ΡΠ°Π±ΠΎΡΠΎΡΠΏΠΎΡΠΎΠ±Π½ΠΎΡΡΠΈ ΠΈ ΠΎΡΠ½ΠΎΠ²Π½ΡΡ
Π΅Π΅ Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΠΈΡΡΠΈΠΊ. ΠΠΊΡΠΏΠ΅ΡΠΈΠΌΠ΅Π½ΡΠ°Π»ΡΠ½ΠΎ ΠΏΠΎΠ΄ΡΠ²Π΅ΡΠΆΠ΄Π΅Π½Π° ΡΠ°Π±ΠΎΡΠΎΡΠΏΠΎΡΠΎΠ±Π½ΠΎΡΡΡ Π½ΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠ»Π°ΡΡΠ° Π€ΠΠ€ ΠΏΡΠΈ ΠΈΡ
ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π½Π° ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠΈΡΡΠ΅ΠΌΠΎΠΉ Π»ΠΎΠ³ΠΈΠΊΠ΅, Π° ΡΠ°ΠΊΠΆΠ΅ Π²ΡΡΠΎΠΊΠΈΠ΅ ΠΏΠΎΠΊΠ°Π·Π°ΡΠ΅Π»ΠΈ ΠΈΡ
ΠΎΡΠ½ΠΎΠ²Π½ΡΡ
ΡΡΠ°ΡΠΈΡΡΠΈΡΠ΅ΡΠΊΠΈΡ
Ρ
Π°ΡΠ°ΠΊΡΠ΅ΡΠΈΡΡΠΈΠΊ
Design of Discrete-time Chaos-Based Systems for Hardware Security Applications
Security of systems has become a major concern with the advent of technology. Researchers are proposing new security solutions every day in order to meet the area, power and performance specifications of the systems. The additional circuit required for security purposes can consume significant area and power. This work proposes a solution which utilizes discrete-time chaos-based logic gates to build a system which addresses multiple hardware security issues. The nonlinear dynamics of chaotic maps is leveraged to build a system that mitigates IC counterfeiting, IP piracy, overbuilding, disables hardware Trojan insertion and enables authentication of connecting devices (such as IoT and mobile). Chaos-based systems are also used to generate pseudo-random numbers for cryptographic applications.The chaotic map is the building block for the design of discrete-time chaos-based oscillator. The analog output of the oscillator is converted to digital value using a comparator in order to build logic gates. The logic gate is reconfigurable since different parameters in the circuit topology can be altered to implement multiple Boolean functions using the same system. The tuning parameters are control input, bifurcation parameter, iteration number and threshold voltage of the comparator. The proposed system is a hybrid between standard CMOS logic gates and reconfigurable chaos-based logic gates where original gates are replaced by chaos-based gates. The system works in two modes: logic locking and authentication. In logic locking mode, the goal is to ensure that the system achieves logic obfuscation in order to mitigate IC counterfeiting. The secret key for logic locking is made up of the tuning parameters of the chaotic oscillator. Each gate has 10-bit key which ensures that the key space is large which exponentially increases the computational complexity of any attack. In authentication mode, the aim of the system is to provide authentication of devices so that adversaries cannot connect to devices to learn confidential information. Chaos-based computing system is susceptible to process variation which can be leveraged to build a chaos-based PUF. The proposed system demonstrates near ideal PUF characteristics which means systems with large number of primary outputs can be used for authenticating devices
Secure and Unclonable Integrated Circuits
Semiconductor manufacturing is increasingly reliant in offshore foundries, which has raised concerns with counterfeiting, piracy, and unauthorized overproduction by the contract foundry. The recent shortage of semiconductors has aggravated such problems, with the electronic components market being flooded by recycled, remarked, or even out-of-spec, and defective parts. Moreover, modern internet connected applications require mechanisms that enable secure communication, which must be protected by security countermeasures to mitigate various types of attacks. In this thesis, we describe techniques to aid counterfeit prevention, and mitigate secret extraction attacks that exploit power consumption information.
Counterfeit prevention requires simple and trustworthy identification. Physical unclonable functions (PUFs) harvest process variation to create a unique and unclonable digital fingerprint of an IC. However, learning attacks can model the PUF behavior, invalidating its unclonability claims. In this thesis, we research circuits and architectures to make PUFs more resilient to learning attacks. First, we propose the concept of non-monotonic response quantization, where responses not always encode the best performing circuit structure. Then, we explore the design space of PUF compositions, assessing the trade-off between stability and resilience to learning attacks. Finally, we introduce a lightweight key based challenge obfuscation technique that uses a chip unique secret to construct PUFs which are more resilient to learning attacks.
Modern internet protocols demand message integrity, confidentiality, and (often) non-repudiation. Adding support for such mechanisms requires on-chip storage of a secret key. Even if the key is produced by a PUF, it will be subject to key extraction attacks that use power consumption information. Secure integrated circuits must address power analysis attacks with appropriate countermeasures. Traditional mitigation techniques have limited scope of protection, and impose several restrictions on how sensitive data must be manipulated. We demonstrate a bit-serial RISC-V microprocessor implementation with no plain-text data in the clear, where all values are protected using Boolean masking and differential domino logic. Software can run with little to no countermeasures, reducing code size and performance overheads. Our methodology is fully automated and can be applied to designs of arbitrary size or complexity. We also provide details on other key components such as clock randomizer, memory protection, and random number generator
- β¦