A Reliable Low-area Low-power PUF-based Key Generator

This paper reports the implementation of a lowarea low-power 128-bit PUF-based key generation module which exploits a novel Two-Stage IDentification (TSID) cell showing a higher noise immunity then a standard SRAM cell. In addition, the pre-selection technique introduced in [1] is applied. This results in a stable PUF response in spite of process and environmental variations thus requiring a low cost error correction algorithm in order to generate a reliable key. The adopted PUF cell array includes 1056 cells and shows a power consumption per bit of 4:2 W at 100MHz with an area per bit of 2:4 m2. In order to evaluate reliability and unpredictability of the generated key, extensive tests have been performed both on the raw PUF data and on the final key. The raw PUF data after pre-selection show a worst case intra-chip Hamming distance below 0:7%. After a total of more than 5 109 key reconstructions, no single fail has been detected

PUF for the Commons: Enhancing Embedded Security on the OS Level

Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.Comment: 18 pages, 12 figures, 3 table

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosen-challenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1,000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework

Maximum-likelihood decoding of device-specific multi-bit symbols for reliable key generation

We present a PUF key generation scheme that uses the provably optimal method of maximum-likelihood (ML) detection on symbols derived from PUF response bits. Each device forms a noisy, device-specific symbol constellation, based on manufacturing variation. Each detected symbol is a letter in a codeword of an error correction code, resulting in non-binary codewords. We present a three-pronged validation strategy: i. mathematical (deriving an optimal symbol decoder), ii. simulation (comparing against prior approaches), and iii. empirical (using implementation data). We present simulation results demonstrating that for a given PUF noise level and block size (an estimate of helper data size), our new symbol-based ML approach can have orders of magnitude better bit error rates compared to prior schemes such as block coding, repetition coding, and threshold-based pattern matching, especially under high levels of noise due to extreme environmental variation. We demonstrate environmental reliability of a ML symbol-based soft-decision error correction approach in 28nm FPGA silicon, covering -65°C to 105°C ambient (and including 125°C junction), and with 128bit key regeneration error probability ≤ 1 ppm.Bavaria California Technology Center (Grant 2014-1/9

Secure key storage with PUFs

Nowadays, people carry around devices (cell phones, PDAs, bank passes, etc.) that have a high value. That value is often contained in the data stored in it or lies in the services the device can grant access to (by using secret identification information stored in it). These devices often operate in hostile environments and their protection level is not adequate to deal with that situation. Bank passes and credit cards contain a magnetic stripe where identification information is stored. In the case of bank passes, a PIN is additionally required to withdraw money from an ATM (Automated Teller Machine). At various occasions, it has been shown that by placing a small coil in the reader, the magnetic information stored in the stripe can easily be copied and used to produce a cloned card. Together with eavesdropping the PIN (by listening to the keypad or recording it with a camera), an attacker can easily impersonate the legitimate owner of the bank pass by using the cloned card in combination with the eavesdropped PIN

Reliability Enhancement Of Ring Oscillator Based Physically Unclonable Functions

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2012Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2012Bu çalışmada, halka osilatör tabanlı fiziksel klonlanamayan fonksiyon devrelerinin, çeşitli çevresel etkiler karşısında güvenilirliklerin artırılması amaçlanmıştır. Öncelikle, osilatör çiftlerinin ürettiği frekans farklılıklarını ve dinamik etkileri gözlemleyip modelleyebilmek için çeşitli sahada programlanabilir kapı dizilerinin (FPGA) farklı bölgelerinde osilatör çiftleri gerçeklenmiş ve frekans farklılıkları ölçülmüştür. Bu ölçümler sonucunda halka osilatör çiftlerinine ilişkin statik ve dinamik dağılımlar elde edilmiştir. Güvenilirliği artırmak amacıyla halka osilatörleri etiketleyen bir yöntem önerilmiştir. Bu çalışmada ayrıca, bir osilatör çiftinden birden fazla bit elde etme işlemi de incelenmiş ve dinamik etkilere karşı test edilmiştir. Etiketleme yönteminin etkinliğini ve bir osilatör çiftinden birden fazla bit elde etme işlemini gerçek devre üzerinde incelemek amacıyla, fiziksel klonlanamayan fonksiyon devresi FPGA üzerinde gerçeklenmiştir. Sıcaklık odası ile ortamın sıcaklığı 10 – 65 °C arasında değiştirilmiştir. Sonuç olarak, ortam sıcaklığının artmasıyla birlikte güvenilmez bit sayısının arttığı gözlenmiştir. Etiketleme yöntemi kullanıldığında güvenilmez bite rastlanmamıştır. Bir halka osilatör çiftinden birden fazla bit (iki ve üç bit bilgi) elde edilmesi de test edilmiştir. Elde edilen iki ve üç bitlik verilerin küçük bir farklılıkla birlikte eşit dağılımlı olduğu gözlenmiştir. Bir osilatör çiftinden elde edilen bit sayısı arttıkça, güvenilir olmayan bitlerin sayısı da artmıştır. Fakat bir osilatörden iki ve üç bit elde etmede tüm hataların komşu bölgede olduğu gözlenmiştir.In this thesis, it is aimed to enhance the reliability of ring oscillator based Physically Unclonable Functions (PUFs) under different environmental variations. In order to observe and model the frequency difference of ring oscillator pairs and dynamic effects, ring oscillators are realized and measured at different locations of different Field Programmable Gate Arrays (FPGAs). After the measurements, static and dynamic distributions of ring oscillator pairs are obtained. In order to increase the reliability, a new technique that is labeling ring oscillators, is proposed. Also, in this study, the process of obtaining multiple bits from a ring oscillator pair is observed and tested with respect to dynamic effects. In order to analyze the enhancement of labeling technique and multiple bit extraction at the circuit, the PUF circuit is implemented on an FPGA. The ambient temperature is changed between 10 – 65 °C with a temperature chamber. As a result, it is observed that with increasing ambient temperature, the number of unreliable bits are increased. When labeling technique is used, no unreliable bits are observed. Multiple bits extraction (two and three bits extraction) is also tested. It is observed that the distribution of two and three bit wide data are almost equally distributed. The number of unreliable bits are increased with the extracted bit numbers. However, it is seen that all erronous bits are caused by jumping to adjacent region.Yüksek LisansM.Sc

Improving Security and Reliability of Physical Unclonable Functions Using Machine Learning

Physical Unclonable Functions (PUFs) are promising security primitives for device authenti-cation and key generation. Due to the noise influence, reliability is an important performance metric of PUF-based authentication. In the literature, lots of efforts have been devoted to enhancing PUF reliability by using error correction methods such as error-correcting codes and fuzzy extractor. Ho-wever, one property that most of these prior works overlooked is the non-uniform distribution of PUF response across different bits. This wok proposes a two-step methodology to improve the reliability of PUF under noisy conditions. The first step involves acquiring the parameters of PUF models by using machine lear-ning algorithms. The second step then utilizes these obtained parameters to improve the reliability of PUFs by selectively choosing challenge-response pairs (CRPs) for authentication. Two distinct algorithms for improving the reliability of multiplexer (MUX) PUF, i.e., total delay difference thresholding and sensitive bits grouping, are presented. It is important to note that the methodology can be easily applied to other types of PUFs as well. Our experimental results show that the relia-bility of PUF-based authentication can be significantly improved by the proposed approaches. For example, in one experimental setting, the reliability of an MUX PUF is improved from 89.75% to 94.07% using total delay difference thresholding, while 89.30% of generated challenges are stored. As opposed to total delay difference thresholding, sensitive bits grouping possesses higher efficiency, as it can produce reliable CRPs directly. Our experimental results show that the reliability can be improved to 96.91% under the same setting, when we group 12 bits in the challenge vector of a 128-stage MUX PUF. Besides, because the actual noise varies greatly in different conditions, it is hard to predict the error of of each individual PUF response bit. This wok proposes a novel methodology to improve the efficiency of PUF response error correction based on error-rates. The proposed method first obtains the PUF model by using machine learning techniques, which is then used to predict the error-rates. Intuitively, we are inclined to tolerate errors in PUF response bits with relatively higher error-rates. Thus, we propose to treat different PUF response bits with different degrees of error tolerance, according to their estimated error-rates. Specifically, by assigning optimized weights, i.e., 0, 1, 2, 3, and infinity to PUF response bits, while a small portion of high error rates responses are truncated; the other responses are duplicated to a limited number of bits according to error-rates before error correction and a portion of low error-rates responses bypass the error correction as direct keys. The hardware cost for error correction can also be reduced by employing these methods. Response weighting is capable of reducing the false negative and false positive simultaneously. The entropy can also be controlled. Our experimental results show that the response weighting algorithm can reduce not only the false negative from 20.60% to 1.71%, but also the false positive rate from 1.26 × 10−21 to 5.38 × 10−22 for a PUF-based authentication with 127-bit response and 13-bit error correction. Besides, three case studies about the applications of the proposed algorithm are also discussed. Along with the rapid development of hardware security techniques, the revolutionary gro-wth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this wok presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly im-prove the learning efficiency of PUF modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our ex-perimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mis-labeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs. At last, it is critical to design secure PUF, which can mitigate the countermeasures or modeling attacking from intelligent and adaptive adversaries. Previously, researchers devoted to hiding PUF information by pre- or post processing of PUF challenge/response. However, these methods are still subject to side-channel analysis based hybrid attacks. Methods for increasing the non-linearity of PUF structure, such as feedforward PUF, cascade PUF and subthreshold current PUF, have also been proposed. However, these methods significantly degrade the reliability. Based on the previous work, this work proposes a novel concept, noisy PUF, which achieves modeling attack resistance while maintaining a high degree of reliability for selected CRPs. A possible design of noisy PUF along with the corresponding experimental results is also presented

Model Building and Security Analysis of PUF-Based Authentication

In the context of hardware systems, authentication refers to the process of confirming the identity and authenticity of chip, board and system components such as RFID tags, smart cards and remote sensors. The ability of physical unclonable functions (PUF) to provide bitstrings unique to each component can be leveraged as an authentication mechanism to detect tamper, impersonation and substitution of such components. However, authentication requires a strong PUF, i.e., one capable of producing a large, unique set of bits per device, and, unlike secret key generation for encryption, has additional challenges that relate to machine learning attacks, protocol attacks and constraints on device resources. We describe the requirements for PUF-based authentication, and present a PUF primitive and protocol designed for authentication in resource constrained devices. Our experimental results are derived from a 28 nm Xilinx FPGA. In the authentication scenario, strong PUFs are required since the adversary could collect a subset of challenges and response pairsto build a model and predict the responses for unseen challenges. Therefore, strong PUFs need to provide exponentially large challenge space and be resilient to model building attacks. We investigate the security properties of a Hardware-embedded Delay PUF called HELP which leverages within-die variations in path delays within a hardware-implemented macro (functional unit) as the entropy source. Several features of the HELP processing engine significantly improve its resistance to model-building attacks. We also investigate a novel technique that significantly improves the statistically quality of the generated bitstring for HELP. Stability across environmental variations such as temperature and voltage, is critically important for Physically Unclonable Functions (PUFs). Nearly all existing PUF systems to date need a mechanism to deal with “bit flips” when exact regeneration of the bitstring is required, e.g., for cryptographic applications. Error correction (ECC) and error avoidance schemes have been proposed but both of these require helper data to be stored for the regeneration process. Unfortunately, helper data adds time and area overhead to the PUF system and provides opportunities for adversaries to reverse engineer the secret bitstring. We propose a non-volatile memory-based (NVM) PUF that is able to avoid bit flips without requiring any type of helper data. We describe the technique in the context of emerging nano-devices, in particular, resistive random access memory (Memristor) cells, but the methodology is applicable to any type of NVM including Flash