20 research outputs found

    Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions

    Get PDF
    We present a fuzzy extractor whose security can be reduced to the hardness of Learning Parity with Noise (LPN) and can efficiently correct a constant fraction of errors in a biometric source with a ``noise-avoiding trapdoor. Using this computational fuzzy extractor, we present a stateless construction of a cryptographically-secure Physical Unclonable Function. Our construct requires no non-volatile (permanent) storage, secure or otherwise, and its computational security can be reduced to the hardness of an LPN variant under the random oracle model. The construction is ``stateless,\u27\u27 because there is \emph{no} information stored between subsequent queries, which mitigates attacks against the PUF via tampering. Moreover, our stateless construction corresponds to a PUF whose outputs are free of noise because of internal error-correcting capability, which enables a host of applications beyond authentication. We describe the construction, provide a proof of computational security, analysis of the security parameter for system parameter choices, and present experimental evidence that the construction is practical and reliable under a wide environmental range

    Secure Boot and Remote Attestation in the Sanctum Processor

    Get PDF
    During the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process. Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor. We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA

    Efficient and Secure Group Key Management in IoT using Multistage Interconnected PUF

    Full text link
    Secure group-oriented communication is crucial to a wide range of applications in Internet of Things (IoT). Security problems related to group-oriented communications in IoT-based applications placed in a privacy-sensitive environment have become a major concern along with the development of the technology. Unfortunately, many IoT devices are designed to be portable and light-weight; thus, their functionalities, including security modules, are heavily constrained by the limited energy resources (e.g., battery capacity). To address these problems, we propose a group key management scheme based on a novel physically unclonable function (PUF) design: multistage interconnected PUF (MIPUF) to secure group communications in an energy-constrained environment. Our design is capable of performing key management tasks such as key distribution, key storage and rekeying securely and efficiently. We show that our design is secure against multiple attack methods and our experimental results show that our design saves 47.33% of energy globally comparing to state-of-the-art Elliptic-curve cryptography (ECC)-based key management scheme on average.Comment: 6 pages, 4 figures, International Symposium on Low Power Electronics and Desig

    On the Limitations of Computational Fuzzy Extractors

    Get PDF
    We present a negative result of fuzzy extractors with computational security. Specifically, we show that, under a certain computational condition, the existence of a computational fuzzy extractor implies the existence of an information-theoretic fuzzy extractor with slightly weaker parameters. The condition is that the generation procedure of the fuzzy extractor is efficiently invertible by an injective function. Our result implies that to circumvent the limitations of information-theoretic fuzzy extractors, we need to employ computational fuzzy extractors that are not invertible by injective functions

    Continuous-Source Fuzzy Extractors: Source uncertainty and security

    Get PDF
    Fuzzy extractors (Dodis et al., Eurocrypt 2004) convert repeated noisy readings of a high-entropy source into the same uniformly distributed key. The functionality of a fuzzy extractor outputs the key when provided with a value close to the original reading of the source. A necessary condition for security, called fuzzy min-entropy, is that the probability of every ball of values of the noisy source is small. Many noisy sources are best modeled using continuous metric spaces. To build continuous-source fuzzy extractors, prior work assumes that the system designer has a good model of the distribution (Verbitskiy et al., IEEE TIFS 2010). However, it is impossible to build an accurate model of a high entropy distribution just by sampling from the distribution. Model inaccuracy may be a serious problem. We demonstrate a family of continuous distributions V that is impossible to secure. No fuzzy extractor designed for V extracts a meaningful key from an average element of V. This impossibility result is despite the fact that each element W in V has high fuzzy min-entropy. We show a qualitatively stronger negative result for secure sketches, which are used to construct most fuzzy extractors. Our results are for the Euclidean metric and are information-theoretic in nature. To the best of our knowledge all continuous-source fuzzy extractors argue information-theoretic security. Fuller, Reyzin, and Smith showed comparable negative results for a discrete metric space equipped with the Hamming metric (Asiacrypt 2016). Continuous Euclidean space necessitates new techniques

    Improving Security and Reliability of Physical Unclonable Functions Using Machine Learning

    Get PDF
    Physical Unclonable Functions (PUFs) are promising security primitives for device authenti-cation and key generation. Due to the noise influence, reliability is an important performance metric of PUF-based authentication. In the literature, lots of efforts have been devoted to enhancing PUF reliability by using error correction methods such as error-correcting codes and fuzzy extractor. Ho-wever, one property that most of these prior works overlooked is the non-uniform distribution of PUF response across different bits. This wok proposes a two-step methodology to improve the reliability of PUF under noisy conditions. The first step involves acquiring the parameters of PUF models by using machine lear-ning algorithms. The second step then utilizes these obtained parameters to improve the reliability of PUFs by selectively choosing challenge-response pairs (CRPs) for authentication. Two distinct algorithms for improving the reliability of multiplexer (MUX) PUF, i.e., total delay difference thresholding and sensitive bits grouping, are presented. It is important to note that the methodology can be easily applied to other types of PUFs as well. Our experimental results show that the relia-bility of PUF-based authentication can be significantly improved by the proposed approaches. For example, in one experimental setting, the reliability of an MUX PUF is improved from 89.75% to 94.07% using total delay difference thresholding, while 89.30% of generated challenges are stored. As opposed to total delay difference thresholding, sensitive bits grouping possesses higher efficiency, as it can produce reliable CRPs directly. Our experimental results show that the reliability can be improved to 96.91% under the same setting, when we group 12 bits in the challenge vector of a 128-stage MUX PUF. Besides, because the actual noise varies greatly in different conditions, it is hard to predict the error of of each individual PUF response bit. This wok proposes a novel methodology to improve the efficiency of PUF response error correction based on error-rates. The proposed method first obtains the PUF model by using machine learning techniques, which is then used to predict the error-rates. Intuitively, we are inclined to tolerate errors in PUF response bits with relatively higher error-rates. Thus, we propose to treat different PUF response bits with different degrees of error tolerance, according to their estimated error-rates. Specifically, by assigning optimized weights, i.e., 0, 1, 2, 3, and infinity to PUF response bits, while a small portion of high error rates responses are truncated; the other responses are duplicated to a limited number of bits according to error-rates before error correction and a portion of low error-rates responses bypass the error correction as direct keys. The hardware cost for error correction can also be reduced by employing these methods. Response weighting is capable of reducing the false negative and false positive simultaneously. The entropy can also be controlled. Our experimental results show that the response weighting algorithm can reduce not only the false negative from 20.60% to 1.71%, but also the false positive rate from 1.26 × 10−21 to 5.38 × 10−22 for a PUF-based authentication with 127-bit response and 13-bit error correction. Besides, three case studies about the applications of the proposed algorithm are also discussed. Along with the rapid development of hardware security techniques, the revolutionary gro-wth of countermeasures or attacking methods developed by intelligent and adaptive adversaries have significantly complicated the ability to create secure hardware systems. Thus, there is a critical need to (re)evaluate existing or new hardware security techniques against these state-of-the-art attacking methods. With this in mind, this wok presents a novel framework for incorporating active learning techniques into hardware security field. We demonstrate that active learning can significantly im-prove the learning efficiency of PUF modeling attack, which samples the least confident and the most informative challenge-response pair (CRP) for training in each iteration. For example, our ex-perimental results show that in order to obtain a prediction error below 4%, 2790 CRPs are required in passive learning, while only 811 CRPs are required in active learning. The sampling strategies and detailed applications of PUF modeling attack under various environmental conditions are also discussed. When the environment is very noisy, active learning may sample a large number of mis-labeled CRPs and hence result in high prediction error. We present two methods to mitigate the contradiction between informative and noisy CRPs. At last, it is critical to design secure PUF, which can mitigate the countermeasures or modeling attacking from intelligent and adaptive adversaries. Previously, researchers devoted to hiding PUF information by pre- or post processing of PUF challenge/response. However, these methods are still subject to side-channel analysis based hybrid attacks. Methods for increasing the non-linearity of PUF structure, such as feedforward PUF, cascade PUF and subthreshold current PUF, have also been proposed. However, these methods significantly degrade the reliability. Based on the previous work, this work proposes a novel concept, noisy PUF, which achieves modeling attack resistance while maintaining a high degree of reliability for selected CRPs. A possible design of noisy PUF along with the corresponding experimental results is also presented
    corecore