FPGA-based true random number generation using circuit metastability with adaptive feedback control

13th International Workshop, Nara, Japan, September 28 – October 1, 2011. ProceedingsThe paper presents a novel and efficient method to generate true random numbers on FPGAs by inducing metastability in bi-stable circuit elements, e.g. flip-flops. Metastability is achieved by using precise programmable delay lines (PDL) that accurately equalize the signal arrival times to flip-flops. The PDLs are capable of adjusting signal propagation delays with resolutions higher than fractions of a pico second. In addition, a real time monitoring system is utilized to assure a high degree of randomness in the generated output bits, resilience against fluctuations in environmental conditions, as well as robustness against active adversarial attacks. The monitoring system employs a feedback loop that actively monitors the probability of output bits; as soon as any bias is observed in probabilities, it adjusts the delay through PDLs to return to the metastable operation region. Implementation on Xilinx Virtex 5 FPGAs and results of NIST randomness tests show the effectiveness of our approach

Reliability Enhancement Of Ring Oscillator Based Physically Unclonable Functions

Tez (Yüksek Lisans) -- İstanbul Teknik Üniversitesi, Fen Bilimleri Enstitüsü, 2012Thesis (M.Sc.) -- İstanbul Technical University, Institute of Science and Technology, 2012Bu çalışmada, halka osilatör tabanlı fiziksel klonlanamayan fonksiyon devrelerinin, çeşitli çevresel etkiler karşısında güvenilirliklerin artırılması amaçlanmıştır. Öncelikle, osilatör çiftlerinin ürettiği frekans farklılıklarını ve dinamik etkileri gözlemleyip modelleyebilmek için çeşitli sahada programlanabilir kapı dizilerinin (FPGA) farklı bölgelerinde osilatör çiftleri gerçeklenmiş ve frekans farklılıkları ölçülmüştür. Bu ölçümler sonucunda halka osilatör çiftlerinine ilişkin statik ve dinamik dağılımlar elde edilmiştir. Güvenilirliği artırmak amacıyla halka osilatörleri etiketleyen bir yöntem önerilmiştir. Bu çalışmada ayrıca, bir osilatör çiftinden birden fazla bit elde etme işlemi de incelenmiş ve dinamik etkilere karşı test edilmiştir. Etiketleme yönteminin etkinliğini ve bir osilatör çiftinden birden fazla bit elde etme işlemini gerçek devre üzerinde incelemek amacıyla, fiziksel klonlanamayan fonksiyon devresi FPGA üzerinde gerçeklenmiştir. Sıcaklık odası ile ortamın sıcaklığı 10 – 65 °C arasında değiştirilmiştir. Sonuç olarak, ortam sıcaklığının artmasıyla birlikte güvenilmez bit sayısının arttığı gözlenmiştir. Etiketleme yöntemi kullanıldığında güvenilmez bite rastlanmamıştır. Bir halka osilatör çiftinden birden fazla bit (iki ve üç bit bilgi) elde edilmesi de test edilmiştir. Elde edilen iki ve üç bitlik verilerin küçük bir farklılıkla birlikte eşit dağılımlı olduğu gözlenmiştir. Bir osilatör çiftinden elde edilen bit sayısı arttıkça, güvenilir olmayan bitlerin sayısı da artmıştır. Fakat bir osilatörden iki ve üç bit elde etmede tüm hataların komşu bölgede olduğu gözlenmiştir.In this thesis, it is aimed to enhance the reliability of ring oscillator based Physically Unclonable Functions (PUFs) under different environmental variations. In order to observe and model the frequency difference of ring oscillator pairs and dynamic effects, ring oscillators are realized and measured at different locations of different Field Programmable Gate Arrays (FPGAs). After the measurements, static and dynamic distributions of ring oscillator pairs are obtained. In order to increase the reliability, a new technique that is labeling ring oscillators, is proposed. Also, in this study, the process of obtaining multiple bits from a ring oscillator pair is observed and tested with respect to dynamic effects. In order to analyze the enhancement of labeling technique and multiple bit extraction at the circuit, the PUF circuit is implemented on an FPGA. The ambient temperature is changed between 10 – 65 °C with a temperature chamber. As a result, it is observed that with increasing ambient temperature, the number of unreliable bits are increased. When labeling technique is used, no unreliable bits are observed. Multiple bits extraction (two and three bits extraction) is also tested. It is observed that the distribution of two and three bit wide data are almost equally distributed. The number of unreliable bits are increased with the extracted bit numbers. However, it is seen that all erronous bits are caused by jumping to adjacent region.Yüksek LisansM.Sc

New Family of Stream Ciphers as Physically Clone-Resistant VLSI-Structures

A new large class of $2^{100}$ possible stream ciphers as keystream generators KSGs, is presented. The sample cipher-structure-concept is based on randomly selecting a set of 16 maximum-period Nonlinear Feedback Shift Registers (NLFSRs). A non-linear combining function is merging the 16 selected sequences. All resulting stream ciphers with a total state-size of 223 bits are designed to result with the same security level and have a linear complexity exceeding $2^{81}$ and a period exceeding $2^{161}$. A Secret Unknown Cipher (SUC) is created randomly by selecting one cipher from that class of $2^{100}$ ciphers. SUC concept was presented recently as a physical security anchor to overcome the drawbacks of the traditional analog Physically Unclonable Functions (PUFs). Such unknown ciphers may be permanently self-created within System-on-Chip SoC non-volatile FPGA devices to serve as a digital clone-resistant structure. Moreover, a lightweight identification protocol is presented in open networks for physically identifying such SUC structures in FPGA-devices. The proposed new family may serve for lightweight realization of clone-resistant identities in future self-reconfiguring SoC non-volatile FPGAs. Such self-reconfiguring FPGAs are expected to be emerging in the near future smart VLSI systems. The security analysis and hardware complexities of the resulting clone-resistant structures are evaluated and shown to exhibit scalable security levels even for post-quantum cryptography.Comment: 24 pages, 7 Figures, 3 Table

FPGA Time-Bounded Unclonable Authentication

Abstract. This paper introduces a novel technique for extracting the unique tim-ing signatures of the FPGA configurable logic blocks in a digital form over the space of possible challenges. A new class of physical unclonable functions that enables inputs challenges such as timing, digital, and placement challenges can be built upon the delay signatures. We introduce a suite of new authentication protocols that take into account non-triviality of bitstream reverse-engineering in addition to the FPGA’s unprecedented speed in responding to challenges. Our technique is secure against various attacks and robust to fluctuations in opera-tional conditions. Proof of concept implementation of the signature extraction and evaluations of the proposed methods are demonstrated on Xilinx Virtex 5 FPGAs. Experimental results demonstrate practicality of the proposed techniques.

Dynamic Security-aware Routing for Zone-based data Protection in Multi-Processor System-on-Chips

In this work, we propose a NoC which enforces the encapsulation of sensitive traffic inside the asymmetrical security zones while using minimal and non-minimal paths. The NoC routes guarantee that the sensitive traffic is communicated only through the trusted nodes which belong to the security zone. As the shape of the zones may change during operation, the sensitive traffic must be routed through low-risk paths. We test our proposal and we show that our solution can be an efficient and scalable alternative for enforce the data protection inside the MPSoC

PRIVACY-AWARE AND HARDWARE-BASED ACCLERATION AUTHENTICATION SCHEME FOR INTERNET OF DRONES

Drones are becoming increasingly present into today’s society through many different means such as outdoor sports, surveillance, delivery of goods etc. With such a rapid increase, a means of control and monitoring is needed as the drones become more interconnected and readily available. Thus, the idea of Internet of drones (IoD) is formed, an infrastructure in place to do those types of things. However, without an authentication system in place anyone could gain access or control to real time data to multiple drones within an area. This is a problem that I choose to tackle using a Field Programmable Gate Array (FPGA) that accelerates the k-Nearest Neighbor (kNN) encryption algorithm making it a hardware component. This will allow me to synthesis and implement the three parts of my privacy-aware and hardware-based authentication scheme for internet of drones. I use Vivado and Vivado HLS to obtain results for my authentication scheme. My scheme was able to perform large computational expensive tasks faster than other proposed IoD schemes

Tree Parity Machine Rekeying Architectures

The necessity to secure the communication between hardware components in embedded systems becomes increasingly important with regard to the secrecy of data and particularly its commercial use. We suggest a low-cost (i.e. small logic-area) solution for flexible security levels and short key lifetimes. The basis is an approach for symmetric key exchange using the synchronisation of Tree Parity Machines. Fast successive key generation enables a key exchange within a few milliseconds, given realistic communication channels with a limited bandwidth. For demonstration we evaluate characteristics of a standard-cell ASIC design realisation as IP-core in 0.18-micrometer CMOS-technology