112 research outputs found
A secure arbiter physical unclonable functions (PUFs) for device authentication and identification
Recent fourth industrial revolution, industry4.0 results in lot of automation of industrial processes and brings intelligence in many home appliances in the form of IoT, enhances M2M / D2D communication where electronic devices play a prominent role. It is very much necessary to ensure security of those devices. To provide reliable authentication and identification of each device and to abort the counterfeiting from the unauthorized foundries Physical Unclonable Functions (PUFs) emerged as a one of the promising cryptographic hardware security solution. PUF is function, mathematically modeled by using uncontrollable/ unavoidable random variances of the fabrication process of the ICs. These variances can generate unpredictable, random responses can be used to overcome the difficulties such as storing the keys in non-volatile memories (NVMs) in the classical cryptography. A wide variety of PUF architectures such as Arbiter PUFs, Ring oscillator PUFs, SRAM PUFs proposed by authors. But due to its design complexity and low cost, Delay based Arbiter PUFs (D-PUFs) are considering to be a one of the security primitives in authentication applications such as low-cost IoT devices for secure key generation. This paper presents a review on the different types of Delay based PUF architectures proposed by the various authors, sources to exhibit the physical disorders in ICs, methods to estimate the Performance metrics and applications of PUF in different domains
Physical Unclonable Function Reliability on Reconfigurable Hardware and Reliability Degradation with Temperature and Supply Voltage Variations
A hardware security solution using a Physical Unclonable Function (PUF) is a promising approach to ensure security for physical systems. PUF utilizes the inherent instance-specific parameters of physical objects and it is evaluated based on the performance parameters such as uniqueness, reliability, randomness, and tamper evidence of the Challenge and Response Pairs (CRPs). These performance parameters are affected by operating conditions such as temperature and supply voltage variations. In addition, PUF implementation on Field Programmable Gate Array (FPGA) platform is proven to be more complicated than PUF implementation on Application-Specific Integrated Circuit (ASIC) technologies. The automatic placement and routing of logic cells in FPGA can affect the performance of PUFs due to path delay imbalance.
In this work, the impact of power supply and temperature variations, on the reliability of an arbiter PUF is studied. Simulation results are conducted to determine the effects of these varying conditions on the CRPs. Simulation results show that ± 10% of power supply variation can affect the reliability of an arbiter PUF by about 51%, similarly temperature fluctuation between -40 0C and +60 0C reduces the PUF reliability by 58%. In addition, a new methodology to implement a reliable arbiter PUF on an FPGA platform is presented. Instead of using an extra delay measurement module, the Chip Planner tool for FPGA is used for manually placement to minimize the path delay misalignment to less than 8 ps
FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis
Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives deep into the universe of FPGA-based PUF designs but also offers a comprehensive overview coupled with a discerning comparative analysis. PUFs are the bedrock of device authentication and key generation and the fortification of secure cryptographic protocols. Unleashing the potential of FPGA technology expands the horizons of PUF integration across diverse hardware systems. We set out to understand the fundamental ideas behind PUF and how crucially important it is to current security paradigms. Different FPGA-based PUF solutions, including static, dynamic, and hybrid systems, are closely examined. Each design paradigm is painstakingly examined to reveal its special qualities, functional nuances, and weaknesses. We closely assess a variety of performance metrics, including those related to distinctiveness, reliability, and resilience against hostile threats. We compare various FPGA-based PUF systems against one another to expose their unique advantages and disadvantages. This study provides system designers and security professionals with the crucial information they need to choose the best PUF design for their particular applications. Our paper provides a comprehensive view of the functionality, security capabilities, and prospective applications of FPGA-based PUF systems. The depth of knowledge gained from this research advances the field of hardware security, enabling security practitioners, researchers, and designers to make wise decisions when deciding on and implementing FPGA-based PUF solutions.publishedVersio
Secure Split Test for Preventing IC Piracy by Un-Trusted Foundry and Assembly
In the era of globalization, integrated circuit design and manufacturing is spread across different continents. This has posed several hardware intrinsic security issues. The issues are related to overproduction of chips without knowledge of designer or OEM, insertion of hardware Trojans at design and fabrication phase, faulty chips getting into markets from test centers, etc. In this thesis work, we have addressed the problem of counterfeit IC‟s getting into the market through test centers. The problem of counterfeit IC has different dimensions. Each problem related to counterfeiting has different solutions. Overbuilding of chips at overseas foundry can be addressed using passive or active metering. The solution to avoid faulty chips getting into open markets from overseas test centers is secure split test (SST). The further improvement to SST is also proposed by other researchers and is known as Connecticut Secure Split Test (CSST). In this work, we focus on improvements to CSST techniques in terms of security, test time and area. In this direction, we have designed all the required sub-blocks required for CSST architecture, namely, RSA, TRNG, Scrambler block, study of benchmark circuits like S38417, adding scan chains to benchmarks is done. Further, as a security measure, we add, XOR gate at the output of the scan chains to obfuscate the signal coming out of the scan chains. Further, we have improved the security of the design by using the PUF circuit instead of TRNG and avoid the use of the memory circuits. This use of PUF not only eliminates the use of memory circuits, but also it provides the way for functional testing also. We have carried out the hamming distance analysis for introduced security measure and results show that security design is reasonably good.Further, as a future work we can focus on: • Developing the circuit which is secuered for the whole semiconductor supply chain with reasonable hamming distance and less area overhead
Certification of IoT elements using the blockchain
[Abstract]: The non-fungible tokens have been widely used to prove ownership of art and gaming collectibles
and used as utility tokens. The use of this tokens in this work is to represent the
ownership of the internet of things devices from the manufacturing phase, in the distributed
and decentralized public ledger. This physical devices will have attached a token that represent
them in the blockchain and the possession of an owner by an unique identifier. Hence,
the devices are identified by their public blockchain address and their token that associates
them to their owner. Besides, this address allow the Internet of Things devices to participate
in the network and establish a shared secret between owner and device. This work, proposes
to use the physical unclonable functions to establish a noose between the physical world
and the blockchain by deriving the private key of the blockchain address from the physical
unclonable functions response. This link is difficult to tamper and can be traced during the
lifetime of the token. Moreover, there is no need of using a security module or similar to
store the key since the physical unclonable functions response is generated each the private
key is needed so that it not stored in a non volatile memory. Once we have the shared secret
this are used to cipher the certificates that will be deployed by the owner of the devices on
a decentralized storage blockchain like FileCoin or the InterPlanetary File System. This certificates
are used to communicate with other devices using standard protocols like Transport
Layer Security or Datagram Transport Layer Security. An API called Powergate, is part of the
infrastructure of certification of the Internet of Things elements, providing communication
with the decentralized storage blockchains.[Resumo]: Os tokens non funxibles utlízanse amplamente para demostrar a propiedade de obxectos
de colección de arte e xogos e utilizanse como ”utility tokens”. O uso destes tokens neste traballo
é para representar na rede distribuído e descentralizado que é a blockchain, a propiedade
dos dispositivos Internet of Things desde o mesmo momento da súa creación, é dicir. durante
o proceso de manufactura. A estes dispositivos físicos achégaselles un token que os identifica
na blockchain e permite representar a posesión dun propietario mediante un identificador
único. Polo tanto, os dispositivos identifícanse pola súa dirección pública na cadea de bloques
e o seu token é o que os asocia ao seu propietario. Ademais, esta dirección permite aos
dispositivos da Internet of Things participar na rede e establecer un secreto compartido entre
propietario e dispositivo. Este traballo, propón utilizar as funcións físicas non clonables para
establecer un lazo entre o mundo físico e a blockchain derivando a clave privada da dirección
do blockchain a partir da resposta das funcións físicas non clonables. Este vínculo é difícil de
manipular e pode ser rastrexado durante a vida do token. Ademais, non é necesario utilizar
un módulo de seguridade ou similar para almacenar a clave, xa que a resposta da función
física non clonable é xerada durante o proceso de arranque e é guardada nunha memoria non
volátil. Unha vez que teñamos o secreto compartido, este utilizarase para cifrar os certificados
que serán despregados polo propietario dos dispositivos nunha blockchain de almacenamento
descentralizado como FileCoin ou InterPlanetary File System. Estes certificados utilizaranse
para comunicarse con outros dispositivos utilizando protocolos estándar como son Datagram
Transport Layer Security y Transport Layer Security. Unha API compoñerá a infraestrutura
de certificación dos elementos do Internet of Things proporcionando comunicación coas
blockchains de almacenamento descentralizadas.Traballo fin de grao (UDC.FIC). Enxeñaría Informática. Curso 2021/202
A Physical Unclonable Function Based on Inter-Metal Layer Resistance Variations and an Evaluation of its Temperature and Voltage Stability
Keying material for encryption is stored as digital bistrings in non-volatile memory (NVM) on FPGAs and ASICs in current technologies. However, secrets stored this way are not secure against a determined adversary, who can use probing attacks to steal the secret. Physical Unclonable functions (PUFs) have emerged as an alternative. PUFs leverage random manufacturing variations as the source of entropy for generating random bitstrings, and incorporate an on-chip infrastructure for measuring and digitizing the corresponding variations in key electrical parameters, such as delay or voltage. PUFs are designed to reproduce a bitstring on demand and therefore eliminate the need for on-chip storage. In this dissertation, I propose a kind of PUF that measures resistance variations in inter-metal layers that define the power grid of the chip and evaluate its temperature and voltage stability. First, I introduce two implementations of a power grid-based PUF (PG-PUF). Then, I analyze the quality of bit strings generated without considering environmental variations from the PG-PUFs that leverage resistance variations in: 1) the power grid metal wires in 60 copies of a 90 nm chip and 2) in the power grid metal wires of 58 copies of a 65 nm chip. Next, I carry out a series of experiments in a set of 63 chips in IBM\u27s 90 nm technology at 9 TV corners, i.e., over all combination of 3 temperatures: -40oC, 25oC and 85oC and 3 voltages: nominal and +/-10% of the nominal supply voltage. The randomness, uniqueness and stability characteristics of bitstrings generated from PG-PUFs are evaluated. The stability of the PG-PUF and an on-chip voltage-to-digital (VDC) are also evaluated at 9 temperature-voltage corners. I introduce several techniques that have not been previously described, including a mechanism to eliminate voltage trends or \u27bias\u27 in the power grid voltage measurements, as well as a voltage threshold, Triple-Module-Redundancy (TMR) and majority voting scheme to identify and exclude unstable bits
SECURE AND LIGHTWEIGHT HARDWARE AUTHENTICATION USING ISOLATED PHYSICAL UNCLONABLE FUNCTION
As embedded computers become ubiquitous, mobile and more integrated in connectivity, user dependence on integrated circuits (ICs) increases massively for handling security sensitive tasks as well as processing sensitive information. During this process, hardware authentication is important to prevent unauthorized users or devices from gaining access to secret information. An effective method for hardware authentication is by using physical unclonable function (PUF), which is a hardware design that leverages intrinsic unique physical characteristics of an IC, such as propagation delay, for security authentication in real time. However, PUF is vulnerable to modeling attacks, as one can design an algorithm to imitate PUF functionality at the software level given a sufficient set of challenge-response pairs (CRPs).
To address the problem, we employ hardware isolation primitives (e.g., ARM TrustZone) to protect PUF. The key idea is to physically isolate the system resources that handle security-sensitive information from the regular ones. This technique can be implemented by isolating and strictly controlling any connection between the secure and normal resources. We design and implement a ring oscillator (RO)-based PUF with hardware isolation protection using ARM TrustZone. Our PUF design heavily limits the number of CRPs a potential attacker has access to. Therefore, the modeling attack cannot be performed accurately enough to guess the response of the PUF to a challenge.
Furthermore, we develop and demonstrate a brand new application for the designed PUF, namely multimedia authentication, which is an integral part of multimedia signal processing in many real-time and security sensitive applications. We show that the PUF-based hardware security approach is capable of accomplishing the authentication for both the hardware device and the multimedia stream while introducing minimum overhead.
Finally, we evaluate the hardware-isolated PUF design using a prototype implementation on a Xilinx system on chip (SoC). Particularly, we conduct functional evaluation (i.e., randomness, uniqueness, and correctness), security analysis against modeling attacks, as well as performance and overhead evaluation (i.e., response time and resource usages). Our experimental results on the real hardware demonstrate the high security and low overhead of the PUF in real time authentication.
Advisor: Sheng We
SECURE AND LIGHTWEIGHT HARDWARE AUTHENTICATION USING ISOLATED PHYSICAL UNCLONABLE FUNCTION
As embedded computers become ubiquitous, mobile and more integrated in connectivity, user dependence on integrated circuits (ICs) increases massively for handling security sensitive tasks as well as processing sensitive information. During this process, hardware authentication is important to prevent unauthorized users or devices from gaining access to secret information. An effective method for hardware authentication is by using physical unclonable function (PUF), which is a hardware design that leverages intrinsic unique physical characteristics of an IC, such as propagation delay, for security authentication in real time. However, PUF is vulnerable to modeling attacks, as one can design an algorithm to imitate PUF functionality at the software level given a sufficient set of challenge-response pairs (CRPs).
To address the problem, we employ hardware isolation primitives (e.g., ARM TrustZone) to protect PUF. The key idea is to physically isolate the system resources that handle security-sensitive information from the regular ones. This technique can be implemented by isolating and strictly controlling any connection between the secure and normal resources. We design and implement a ring oscillator (RO)-based PUF with hardware isolation protection using ARM TrustZone. Our PUF design heavily limits the number of CRPs a potential attacker has access to. Therefore, the modeling attack cannot be performed accurately enough to guess the response of the PUF to a challenge.
Furthermore, we develop and demonstrate a brand new application for the designed PUF, namely multimedia authentication, which is an integral part of multimedia signal processing in many real-time and security sensitive applications. We show that the PUF-based hardware security approach is capable of accomplishing the authentication for both the hardware device and the multimedia stream while introducing minimum overhead.
Finally, we evaluate the hardware-isolated PUF design using a prototype implementation on a Xilinx system on chip (SoC). Particularly, we conduct functional evaluation (i.e., randomness, uniqueness, and correctness), security analysis against modeling attacks, as well as performance and overhead evaluation (i.e., response time and resource usages). Our experimental results on the real hardware demonstrate the high security and low overhead of the PUF in real time authentication.
Advisor: Sheng We
Design of hardware-based security solutions for interconnected systems
Among all the different research lines related to hardware security, there is a particular topic
that strikingly attracts attention. That topic is the research regarding the so-called Physical
Unclonable Functions (PUF). The PUFs, as can be seen throughout the Thesis, present the
novel idea of connecting digital values uniquely to a physical entity, just as human biometrics
does, but with electronic devices. This beautiful idea is not free of obstacles, and is the core
of this Thesis. It is studied from different angles in order to better understand, in particular,
SRAM PUFs, and to be able to integrate them into complex systems that expand their
potential.
During Chapter 1, the PUFs, their properties and their main characteristics are defined. In
addition, the different types of PUFs, and their main applications in the field of security are
also summarized.
Once we know what a PUF is, and the types of them we can find, throughout Chapter 2
an exhaustive analysis of the SRAM PUFs is carried out, given the wide availability of
SRAMs today in most electronic circuits (which dramatically reduces the cost of deploying
any solution). An algorithm is proposed to improve the characteristics of SRAM PUFs, both
to generate identifiers and to generate random numbers, simultaneously. The results of this
Chapter demonstrates the feasibility of implementing the algorithm, so in the following
Chapters it is explored its integration in both hardware and software systems.
In Chapter 3 the hardware design and integration of the algorithm introduced in Chapter 2
is described. The design is presented together with some examples of use that demonstrate
the possible practical realizations in VLSI designs.
In an analogous way, in Chapter 4 the software design and integration of the algorithm
introduced in Chapter 2 is described. The design is presented together with some examples
of use that demonstrate the possible practical realizations in low-power IoT devices. The
algorithm is also described as part of a secure firmware update protocol that has been
designed to be resistant to most current attacks, ensuring the integrity and trustworthiness of
the updated firmware.In Chapter 5, following the integration of PUF-based solutions into protocols, PUFs
are used as part of an authentication protocol that uses zero-knowledge proofs. The cryptographic
protocol is a Lattice-based post-quantum protocol that guarantees the integrity and
anonymity of the identity generated by the PUF. This type of architecture prevents any type of
impersonation or virtual copy of the PUF, since this is unknown and never leaves the device.
Specifically, this type of design has been carried out with the aim of having traceability of
identities without ever knowing the identity behind, which is very interesting for blockchain
technologies.
Finally, in Chapter 6 a new type of PUF, named as BPUF (Behavioral and Physical Unclonable
Function), is proposed and analyzed according to the definitions given in Chapter 1.
This new type of PUF significantly changes the metrics and concepts to which we were
used to in previous Chapters. A new multi-modal authentication protocol is presented in this
Chapter, taking advantage of the challenge-response tuples of BPUFs. An example of BPUFs
is illustrated with SRAMs.
A proposal to integrate the BPUFs described in Chapter 6 into the protocol of Chapter 5,
as well as the final remarks of the Thesis, can be found in Chapter 7
- …