A secure arbiter physical unclonable functions (PUFs) for device authentication and identification

Recent fourth industrial revolution, industry4.0 results in lot of automation of industrial processes and brings intelligence in many home appliances in the form of IoT, enhances M2M / D2D communication where electronic devices play a prominent role. It is very much necessary to ensure security of those devices. To provide reliable authentication and identification of each device and to abort the counterfeiting from the unauthorized foundries Physical Unclonable Functions (PUFs) emerged as a one of the promising cryptographic hardware security solution. PUF is function, mathematically modeled by using uncontrollable/ unavoidable random variances of the fabrication process of the ICs. These variances can generate unpredictable, random responses can be used to overcome the difficulties such as storing the keys in non-volatile memories (NVMs) in the classical cryptography. A wide variety of PUF architectures such as Arbiter PUFs, Ring oscillator PUFs, SRAM PUFs proposed by authors. But due to its design complexity and low cost, Delay based Arbiter PUFs (D-PUFs) are considering to be a one of the security primitives in authentication applications such as low-cost IoT devices for secure key generation. This paper presents a review on the different types of Delay based PUF architectures proposed by the various authors, sources to exhibit the physical disorders in ICs, methods to estimate the Performance metrics and applications of PUF in different domains

Physical Unclonable Function Reliability on Reconfigurable Hardware and Reliability Degradation with Temperature and Supply Voltage Variations

A hardware security solution using a Physical Unclonable Function (PUF) is a promising approach to ensure security for physical systems. PUF utilizes the inherent instance-specific parameters of physical objects and it is evaluated based on the performance parameters such as uniqueness, reliability, randomness, and tamper evidence of the Challenge and Response Pairs (CRPs). These performance parameters are affected by operating conditions such as temperature and supply voltage variations. In addition, PUF implementation on Field Programmable Gate Array (FPGA) platform is proven to be more complicated than PUF implementation on Application-Specific Integrated Circuit (ASIC) technologies. The automatic placement and routing of logic cells in FPGA can affect the performance of PUFs due to path delay imbalance. In this work, the impact of power supply and temperature variations, on the reliability of an arbiter PUF is studied. Simulation results are conducted to determine the effects of these varying conditions on the CRPs. Simulation results show that ± 10% of power supply variation can affect the reliability of an arbiter PUF by about 51%, similarly temperature fluctuation between -40 0C and +60 0C reduces the PUF reliability by 58%. In addition, a new methodology to implement a reliable arbiter PUF on an FPGA platform is presented. Instead of using an extra delay measurement module, the Chip Planner tool for FPGA is used for manually placement to minimize the path delay misalignment to less than 8 ps

FPGA-Based PUF Designs: A Comprehensive Review and Comparative Analysis

Field-programmable gate arrays (FPGAs) have firmly established themselves as dynamic platforms for the implementation of physical unclonable functions (PUFs). Their intrinsic reconfigurability and profound implications for enhancing hardware security make them an invaluable asset in this realm. This groundbreaking study not only dives deep into the universe of FPGA-based PUF designs but also offers a comprehensive overview coupled with a discerning comparative analysis. PUFs are the bedrock of device authentication and key generation and the fortification of secure cryptographic protocols. Unleashing the potential of FPGA technology expands the horizons of PUF integration across diverse hardware systems. We set out to understand the fundamental ideas behind PUF and how crucially important it is to current security paradigms. Different FPGA-based PUF solutions, including static, dynamic, and hybrid systems, are closely examined. Each design paradigm is painstakingly examined to reveal its special qualities, functional nuances, and weaknesses. We closely assess a variety of performance metrics, including those related to distinctiveness, reliability, and resilience against hostile threats. We compare various FPGA-based PUF systems against one another to expose their unique advantages and disadvantages. This study provides system designers and security professionals with the crucial information they need to choose the best PUF design for their particular applications. Our paper provides a comprehensive view of the functionality, security capabilities, and prospective applications of FPGA-based PUF systems. The depth of knowledge gained from this research advances the field of hardware security, enabling security practitioners, researchers, and designers to make wise decisions when deciding on and implementing FPGA-based PUF solutions.publishedVersio

Secure Split Test for Preventing IC Piracy by Un-Trusted Foundry and Assembly

In the era of globalization, integrated circuit design and manufacturing is spread across different continents. This has posed several hardware intrinsic security issues. The issues are related to overproduction of chips without knowledge of designer or OEM, insertion of hardware Trojans at design and fabrication phase, faulty chips getting into markets from test centers, etc. In this thesis work, we have addressed the problem of counterfeit IC‟s getting into the market through test centers. The problem of counterfeit IC has different dimensions. Each problem related to counterfeiting has different solutions. Overbuilding of chips at overseas foundry can be addressed using passive or active metering. The solution to avoid faulty chips getting into open markets from overseas test centers is secure split test (SST). The further improvement to SST is also proposed by other researchers and is known as Connecticut Secure Split Test (CSST). In this work, we focus on improvements to CSST techniques in terms of security, test time and area. In this direction, we have designed all the required sub-blocks required for CSST architecture, namely, RSA, TRNG, Scrambler block, study of benchmark circuits like S38417, adding scan chains to benchmarks is done. Further, as a security measure, we add, XOR gate at the output of the scan chains to obfuscate the signal coming out of the scan chains. Further, we have improved the security of the design by using the PUF circuit instead of TRNG and avoid the use of the memory circuits. This use of PUF not only eliminates the use of memory circuits, but also it provides the way for functional testing also. We have carried out the hamming distance analysis for introduced security measure and results show that security design is reasonably good.Further, as a future work we can focus on: • Developing the circuit which is secuered for the whole semiconductor supply chain with reasonable hamming distance and less area overhead

Certification of IoT elements using the blockchain

[Abstract]: The non-fungible tokens have been widely used to prove ownership of art and gaming collectibles and used as utility tokens. The use of this tokens in this work is to represent the ownership of the internet of things devices from the manufacturing phase, in the distributed and decentralized public ledger. This physical devices will have attached a token that represent them in the blockchain and the possession of an owner by an unique identifier. Hence, the devices are identified by their public blockchain address and their token that associates them to their owner. Besides, this address allow the Internet of Things devices to participate in the network and establish a shared secret between owner and device. This work, proposes to use the physical unclonable functions to establish a noose between the physical world and the blockchain by deriving the private key of the blockchain address from the physical unclonable functions response. This link is difficult to tamper and can be traced during the lifetime of the token. Moreover, there is no need of using a security module or similar to store the key since the physical unclonable functions response is generated each the private key is needed so that it not stored in a non volatile memory. Once we have the shared secret this are used to cipher the certificates that will be deployed by the owner of the devices on a decentralized storage blockchain like FileCoin or the InterPlanetary File System. This certificates are used to communicate with other devices using standard protocols like Transport Layer Security or Datagram Transport Layer Security. An API called Powergate, is part of the infrastructure of certification of the Internet of Things elements, providing communication with the decentralized storage blockchains.[Resumo]: Os tokens non funxibles utlízanse amplamente para demostrar a propiedade de obxectos de colección de arte e xogos e utilizanse como ”utility tokens”. O uso destes tokens neste traballo é para representar na rede distribuído e descentralizado que é a blockchain, a propiedade dos dispositivos Internet of Things desde o mesmo momento da súa creación, é dicir. durante o proceso de manufactura. A estes dispositivos físicos achégaselles un token que os identifica na blockchain e permite representar a posesión dun propietario mediante un identificador único. Polo tanto, os dispositivos identifícanse pola súa dirección pública na cadea de bloques e o seu token é o que os asocia ao seu propietario. Ademais, esta dirección permite aos dispositivos da Internet of Things participar na rede e establecer un secreto compartido entre propietario e dispositivo. Este traballo, propón utilizar as funcións físicas non clonables para establecer un lazo entre o mundo físico e a blockchain derivando a clave privada da dirección do blockchain a partir da resposta das funcións físicas non clonables. Este vínculo é difícil de manipular e pode ser rastrexado durante a vida do token. Ademais, non é necesario utilizar un módulo de seguridade ou similar para almacenar a clave, xa que a resposta da función física non clonable é xerada durante o proceso de arranque e é guardada nunha memoria non volátil. Unha vez que teñamos o secreto compartido, este utilizarase para cifrar os certificados que serán despregados polo propietario dos dispositivos nunha blockchain de almacenamento descentralizado como FileCoin ou InterPlanetary File System. Estes certificados utilizaranse para comunicarse con outros dispositivos utilizando protocolos estándar como son Datagram Transport Layer Security y Transport Layer Security. Unha API compoñerá a infraestrutura de certificación dos elementos do Internet of Things proporcionando comunicación coas blockchains de almacenamento descentralizadas.Traballo fin de grao (UDC.FIC). Enxeñaría Informática. Curso 2021/202

A Physical Unclonable Function Based on Inter-Metal Layer Resistance Variations and an Evaluation of its Temperature and Voltage Stability

Keying material for encryption is stored as digital bistrings in non-volatile memory (NVM) on FPGAs and ASICs in current technologies. However, secrets stored this way are not secure against a determined adversary, who can use probing attacks to steal the secret. Physical Unclonable functions (PUFs) have emerged as an alternative. PUFs leverage random manufacturing variations as the source of entropy for generating random bitstrings, and incorporate an on-chip infrastructure for measuring and digitizing the corresponding variations in key electrical parameters, such as delay or voltage. PUFs are designed to reproduce a bitstring on demand and therefore eliminate the need for on-chip storage. In this dissertation, I propose a kind of PUF that measures resistance variations in inter-metal layers that define the power grid of the chip and evaluate its temperature and voltage stability. First, I introduce two implementations of a power grid-based PUF (PG-PUF). Then, I analyze the quality of bit strings generated without considering environmental variations from the PG-PUFs that leverage resistance variations in: 1) the power grid metal wires in 60 copies of a 90 nm chip and 2) in the power grid metal wires of 58 copies of a 65 nm chip. Next, I carry out a series of experiments in a set of 63 chips in IBM\u27s 90 nm technology at 9 TV corners, i.e., over all combination of 3 temperatures: -40oC, 25oC and 85oC and 3 voltages: nominal and +/-10% of the nominal supply voltage. The randomness, uniqueness and stability characteristics of bitstrings generated from PG-PUFs are evaluated. The stability of the PG-PUF and an on-chip voltage-to-digital (VDC) are also evaluated at 9 temperature-voltage corners. I introduce several techniques that have not been previously described, including a mechanism to eliminate voltage trends or \u27bias\u27 in the power grid voltage measurements, as well as a voltage threshold, Triple-Module-Redundancy (TMR) and majority voting scheme to identify and exclude unstable bits

SECURE AND LIGHTWEIGHT HARDWARE AUTHENTICATION USING ISOLATED PHYSICAL UNCLONABLE FUNCTION

As embedded computers become ubiquitous, mobile and more integrated in connectivity, user dependence on integrated circuits (ICs) increases massively for handling security sensitive tasks as well as processing sensitive information. During this process, hardware authentication is important to prevent unauthorized users or devices from gaining access to secret information. An effective method for hardware authentication is by using physical unclonable function (PUF), which is a hardware design that leverages intrinsic unique physical characteristics of an IC, such as propagation delay, for security authentication in real time. However, PUF is vulnerable to modeling attacks, as one can design an algorithm to imitate PUF functionality at the software level given a sufficient set of challenge-response pairs (CRPs). To address the problem, we employ hardware isolation primitives (e.g., ARM TrustZone) to protect PUF. The key idea is to physically isolate the system resources that handle security-sensitive information from the regular ones. This technique can be implemented by isolating and strictly controlling any connection between the secure and normal resources. We design and implement a ring oscillator (RO)-based PUF with hardware isolation protection using ARM TrustZone. Our PUF design heavily limits the number of CRPs a potential attacker has access to. Therefore, the modeling attack cannot be performed accurately enough to guess the response of the PUF to a challenge. Furthermore, we develop and demonstrate a brand new application for the designed PUF, namely multimedia authentication, which is an integral part of multimedia signal processing in many real-time and security sensitive applications. We show that the PUF-based hardware security approach is capable of accomplishing the authentication for both the hardware device and the multimedia stream while introducing minimum overhead. Finally, we evaluate the hardware-isolated PUF design using a prototype implementation on a Xilinx system on chip (SoC). Particularly, we conduct functional evaluation (i.e., randomness, uniqueness, and correctness), security analysis against modeling attacks, as well as performance and overhead evaluation (i.e., response time and resource usages). Our experimental results on the real hardware demonstrate the high security and low overhead of the PUF in real time authentication. Advisor: Sheng We

SECURE AND LIGHTWEIGHT HARDWARE AUTHENTICATION USING ISOLATED PHYSICAL UNCLONABLE FUNCTION

As embedded computers become ubiquitous, mobile and more integrated in connectivity, user dependence on integrated circuits (ICs) increases massively for handling security sensitive tasks as well as processing sensitive information. During this process, hardware authentication is important to prevent unauthorized users or devices from gaining access to secret information. An effective method for hardware authentication is by using physical unclonable function (PUF), which is a hardware design that leverages intrinsic unique physical characteristics of an IC, such as propagation delay, for security authentication in real time. However, PUF is vulnerable to modeling attacks, as one can design an algorithm to imitate PUF functionality at the software level given a sufficient set of challenge-response pairs (CRPs). To address the problem, we employ hardware isolation primitives (e.g., ARM TrustZone) to protect PUF. The key idea is to physically isolate the system resources that handle security-sensitive information from the regular ones. This technique can be implemented by isolating and strictly controlling any connection between the secure and normal resources. We design and implement a ring oscillator (RO)-based PUF with hardware isolation protection using ARM TrustZone. Our PUF design heavily limits the number of CRPs a potential attacker has access to. Therefore, the modeling attack cannot be performed accurately enough to guess the response of the PUF to a challenge. Furthermore, we develop and demonstrate a brand new application for the designed PUF, namely multimedia authentication, which is an integral part of multimedia signal processing in many real-time and security sensitive applications. We show that the PUF-based hardware security approach is capable of accomplishing the authentication for both the hardware device and the multimedia stream while introducing minimum overhead. Finally, we evaluate the hardware-isolated PUF design using a prototype implementation on a Xilinx system on chip (SoC). Particularly, we conduct functional evaluation (i.e., randomness, uniqueness, and correctness), security analysis against modeling attacks, as well as performance and overhead evaluation (i.e., response time and resource usages). Our experimental results on the real hardware demonstrate the high security and low overhead of the PUF in real time authentication. Advisor: Sheng We

Design of hardware-based security solutions for interconnected systems

Among all the different research lines related to hardware security, there is a particular topic that strikingly attracts attention. That topic is the research regarding the so-called Physical Unclonable Functions (PUF). The PUFs, as can be seen throughout the Thesis, present the novel idea of connecting digital values uniquely to a physical entity, just as human biometrics does, but with electronic devices. This beautiful idea is not free of obstacles, and is the core of this Thesis. It is studied from different angles in order to better understand, in particular, SRAM PUFs, and to be able to integrate them into complex systems that expand their potential. During Chapter 1, the PUFs, their properties and their main characteristics are defined. In addition, the different types of PUFs, and their main applications in the field of security are also summarized. Once we know what a PUF is, and the types of them we can find, throughout Chapter 2 an exhaustive analysis of the SRAM PUFs is carried out, given the wide availability of SRAMs today in most electronic circuits (which dramatically reduces the cost of deploying any solution). An algorithm is proposed to improve the characteristics of SRAM PUFs, both to generate identifiers and to generate random numbers, simultaneously. The results of this Chapter demonstrates the feasibility of implementing the algorithm, so in the following Chapters it is explored its integration in both hardware and software systems. In Chapter 3 the hardware design and integration of the algorithm introduced in Chapter 2 is described. The design is presented together with some examples of use that demonstrate the possible practical realizations in VLSI designs. In an analogous way, in Chapter 4 the software design and integration of the algorithm introduced in Chapter 2 is described. The design is presented together with some examples of use that demonstrate the possible practical realizations in low-power IoT devices. The algorithm is also described as part of a secure firmware update protocol that has been designed to be resistant to most current attacks, ensuring the integrity and trustworthiness of the updated firmware.In Chapter 5, following the integration of PUF-based solutions into protocols, PUFs are used as part of an authentication protocol that uses zero-knowledge proofs. The cryptographic protocol is a Lattice-based post-quantum protocol that guarantees the integrity and anonymity of the identity generated by the PUF. This type of architecture prevents any type of impersonation or virtual copy of the PUF, since this is unknown and never leaves the device. Specifically, this type of design has been carried out with the aim of having traceability of identities without ever knowing the identity behind, which is very interesting for blockchain technologies. Finally, in Chapter 6 a new type of PUF, named as BPUF (Behavioral and Physical Unclonable Function), is proposed and analyzed according to the definitions given in Chapter 1. This new type of PUF significantly changes the metrics and concepts to which we were used to in previous Chapters. A new multi-modal authentication protocol is presented in this Chapter, taking advantage of the challenge-response tuples of BPUFs. An example of BPUFs is illustrated with SRAMs. A proposal to integrate the BPUFs described in Chapter 6 into the protocol of Chapter 5, as well as the final remarks of the Thesis, can be found in Chapter 7