Authentication Algorithm for Portable Embedded Systems using PUFs

Physical Unclonable Functions (PUFs) are circuits that exploit chip-unique features to be used as signatures which can be used as good silicon biometrics. These signatures are based on semiconductor fabrication variations that are very difficult to control or reproduce. These chipunique signatures together with strong challenge-response authentication algorithm can be used to authenticate and secure chips. This paper expands the security avenues covered by PUF and FPGAs by introducing a new class of concept called 201C;Soft PUFs.201D; This scheme propose robust challenge- response authentication solution based on a PUF device that provides stronger security guarantees to the user than what previously could be achieved. By exploiting the silicon uniqueness of each FPGA device and incorporating a special authentication algorithms in existing FPGA fabric, FPGA based embedded systems can be used for new security-oriented and network- oriented applications that were not previously possible or thought of

Using physical unclonable functions for hardware authentication: a survey

Physical unclonable functions (PUFs) are drawing a crescent interest in hardware oriented security due to their special characteristics of simplicity and safety. However, their nature as well as early stage of study makes them constitute currently a diverse and non-standardized set for designers. This work tries to establish one organization of existing PUF structures, giving guidelines for their choice, conditioning, and adaptation depending on the target application. In particular, it is described how using PUFs adequately could enlighten significantly most of the security primitives, making them very suitable for authenticating constrained resource platforms.Junta de Andalucía P08-TIC-03674Comunidad Europea FP7-INFSO-ICT-248858Ministerio de Ciencia y Tecnología TEC2008-04920, DPI2008-03847 y TEC2007-6510

Trusted IP solution in multi-tenant cloud FPGA platform

Because FPGAs outperform traditional processing cores like CPUs and GPUs in terms of performance per watt and flexibility, they are being used more and more in cloud and data center applications. There are growing worries about the security risks posed by multi-tenant sharing as the demand for hardware acceleration increases and gradually gives way to FPGA multi-tenancy in the cloud. The confidentiality, integrity, and availability of FPGA-accelerated applications may be compromised if space-shared FPGAs are made available to many cloud tenants. We propose a root of trust-based trusted execution mechanism called \textbf{TrustToken} to prevent harmful software-level attackers from getting unauthorized access and jeopardizing security. With safe key creation and truly random sources, \textbf{TrustToken} creates a security block that serves as the foundation of trust-based IP security. By offering crucial security characteristics, such as secure, isolated execution and trusted user interaction, \textbf{TrustToken} only permits trustworthy connection between the non-trusted third-party IP and the rest of the SoC environment. The suggested approach does this by connecting the third-party IP interface to the \textbf{TrustToken} Controller and running run-time checks on the correctness of the IP authorization(Token) signals. With an emphasis on software-based assaults targeting unauthorized access and information leakage, we offer a noble hardware/software architecture for trusted execution in FPGA-accelerated clouds and data centers

A PUF-based cryptographic security solution for IoT systems on chip

The integration of multicore processors and peripherals from multiple intellectual property core providers as hardware components of IoT multiprocessor systems-on-chip (SoC) represents a source of security vulnerabilities for the in-chip communication. This paper describes the concept and the practical results of a SoC security implementation that is illustrative for IoT applications. The mechanism employed in this approach uses physically unclonable functions (PUF) and symmetric cryptography in order to encrypt the transferred messages within the SoC between the microprocessor and its peripherals. The mechanism is experimentally validated at FPGA level, the paper describing also an implementation scenario for an IoT ARM based device

物理複製不能関数における安全性の評価と向上に関する研究

In this thesis, we focus on Physically Unclonable Functions (PUFs), which are expected as one of the most promising cryptographic primitives for secure chip authentication. Generally, PUFbased authentication is achieved by two approaches: (A) using a PUF itself, which has multiple challenge (input) and response (output) pairs, or (B) using a cryptographic function, the secret key of which is generated from a PUF with a single challenge-response pair (CRP). We contribute to:(1) evaluate the security of Approach (A), and (2) improve the security of Approach (B). (1) Arbiter-based PUFs were the most feasible type of PUFs, which was used to construct Approach (A). However, Arbiter-based PUFs have a vulnerability; if an attacker knows some CRPs, she/he can predict the remaining unknown CRPs with high probability. Bistable Ring PUF (BR-PUF) was proposed as an alternative, but has not been evaluated by third parties. In this thesis, in order to construct Approach (A) securely, we evaluate the difficulty of predicting responses of a BR-PUF experimentally. As a result, the same responses are frequently generated for two challenges with small Hamming distance. Also, particular bits of challenges have a great impact on the responses. In conclusion, BR-PUFs are not suitable for achieving Approach (A)securely. In future work, we should discuss an alternative PUF suitable for secure Approach (A).(2) In order to achieve Approach (B) securely, a secret key ? generated from a PUF response?should have high entropy. We propose a novel method of extracting high entropy from PUF responses. The core idea is to effectively utilize the information on the proportion of ‘1’s including in repeatedly-measured PUF responses. We evaluate its effectiveness by fabricated test chips. As a result, the extracted entropy is about 1.72 times as large as that without the proposed method.Finally, we organize newly gained knowledge in this thesis, and discuss a new application of PUF-based technologies.電気通信大学201

PUF for the Commons: Enhancing Embedded Security on the OS Level

Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.Comment: 18 pages, 12 figures, 3 table

Electromagnetic Transmission of Intellectual Property Data to Protect FPGA Designs

International audienceOver the past 10 years, the designers of intellectual properties(IP) have faced increasing threats including cloning, counterfeiting, andreverse-engineering. This is now a critical issue for the microelectronicsindustry. The design of a secure, efficient, lightweight protection scheme fordesign data is a serious challenge for the hardware security community. In thiscontext, this chapter presents two ultra-lightweight transmitters using sidechannel leakage based on electromagnetic emanation to send embedded IPidentity discreetly and quickl