Secret-free security: a survey and tutorial

Classical keys, i.e., secret keys stored permanently in digital form in nonvolatile memory, appear indispensable in modern computer security-but also constitute an obvious attack target in any hardware containing them. This contradiction has led to perpetual battle between key extractors and key protectors over the decades. It is long known that physical unclonable functions (PUFs) can at least partially overcome this issue, since they enable secure hardware without the above classical keys. Unfortunately, recent research revealed that many standard PUFs still contain other types of secrets deeper in their physical structure, whose disclosure to adversaries breaks security as well: Examples include the manufacturing variations in SRAM PUFs, the power-up states of SRAM PUFs, or the signal delays in Arbiter PUFs. Most of these secrets have already been extracted in viable attacks in the past, breaking PUF-security in practice. A second generation of physical security primitives now shows potential to resolve this remaining problem, however. In certain applications, so-called Complex PUFs, SIMPLs/PPUFs, and UNOs are able to realize not just hardware that is free of classical keys in the above sense, but completely secret-free instead. In the resulting hardware systems, adversaries could hypothetically be allowed to inspect every bit and every atom, and learn any information present in any form in the system, without being able to break security. Secret-free hardware would hence promise to be innately and permanently immune against any physical or malware-based key-extraction: There simply is no security-critical information to extract anymore. Our survey and tutorial paper takes the described situation as starting point, and categorizes, formalizes, and overviews the recently evolving area of secret-free security. We propose the attempt of making hardware completely secret-free as promising endeavor in future hardware designs, at least in those application scenarios where this is logically possible. In others, we suggest that secret-free techniques could be combined with standard PUFs and classical methods to construct hybrid systems with notably reduced attack surfaces

On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols

In recent years, PUF-based schemes have been suggested not only for the basic tasks of tamper-sensitive key storage or the identification of hardware systems, but also for more complex protocols like oblivious transfer (OT) or bit commitment (BC), both of which possess broad and diverse applications. In this paper, we continue this line of research. We first present an attack on two recent OT and BC protocols which have been introduced by Brzuska et al. (CRYPTO, LNCS 6841, pp 51–70, Springer 2011). The attack quadratically reduces the number of CRPs which malicious players must read out to cheat, and fully operates within the original communication model of Brzuska et al. (CRYPTO, LNCS 6841, pp 51–70, Springer 2011). In practice, this leads to insecure protocols when electrical PUFs with a medium challenge-length are used (e.g., 64 bits), or whenever optical PUFs are employed. These two PUF types are currently among the most popular designs of so-called Strong PUFs. Secondly, we show that the same attack applies to a recent OT protocol of Ostrovsky et al. (IACR Cryptol. ePrint Arch. 2012:143, 2012), leading to exactly the same consequences. Finally, we discuss countermeasures. We present a new OT protocol with better security properties, which utilizes interactive hashing as a substep and is based on an earlier protocol by Rührmair (TRUST, LNCS 6101, pp 430–440, Springer 2010). We then closely analyze its properties, including its security, security amplification, and practicality

Virtual Proofs of Reality

In this paper, we discuss the question how physical statements can be proven remotely over digital communication channels, but without using classical secret keys, and without assuming tamper-resistant and trusted measurement hardware in the location of the prover. Examples for the considered physical statements are: (i) “the temperature of a certain object is X °C”, (ii) “two certain objects are positioned at distance X”, or (iii) “a certain object has been irreversibly altered or destroyed”. In lack of an established name, we would like to call the corresponding security protocols ”virtual proofs of reality” (VPs). While a host of variants seems conceivable, this paper focuses on VPs in which the verifier has handed over one or more specific physical objects O_i to the prover at some point prior to the VP. These “witness objects” assist the prover during the proof, but shall not contain classical digital keys nor be assumed tamper-resistant in the classical sense. The prover is allowed to open, inspect and alter these objects in our adversarial model, only being limited by current technology, while he shall still be unable to prove false claims to the verifier. In order to illustrate our concept, we give example protocols built on temperature sensitive integrated circuits, disordered optical scattering media, and quantum systems. These protocols prove the temperature, destruction/modification, or relative position of witness objects in the prover’s location. Full experimental realizations of these schemes are beyond the scope of this paper. But the protocols utilize established technologies from the areas of physical unclonable functions and quantum cryptography, and hence appear plausible also without such proof. Finally, we also discuss potential advancements of our method in theory, for example “public virtual proofs” that function without exchanging witness objects Oi between the verifier and the prover. Our work touches upon and partly extends several established cryptographic and security concepts, including physical unclonable functions, quantum cryptography, and interactive proof systems

Physical Turing Machines and the Formalization of Physical Cryptography

We introduce an extension of the standard Turing machine model, so-called Physical Turing machines, and apply them in a reductionist security proof for a standard scheme from physical cryptography

On the Security of PUF Protocols under Bad PUFs and PUFs-inside-PUFs Attacks

We continue investigations on the use of so-called Strong PUFs as a cryptographic primitive in realistic attack models, in particular in the “Bad/Malicious PUF Model”. We obtain the following results: – Bad PUFs and Simplification: As a minor contribution, we simplify a recent OT-protocol for malicious PUFs by Dachman-Soled et al. [4] from CRYPTO 2014. We can achieve the same security properties under the same assumptions, but use only one PUF instead of two. – PUFs-inside-PUFs, Part I: We propose the new, realistic adversarial models of PUF modifications and PUFs-inside-PUF attacks, and show that the earlier protocol of Dachman-Soled et al. [4] is vulnerable against PUFs-inside-PUFs attacks (which lie outside the original framework of [4]). – PUFs-inside-PUFs, Part II: We construct a new PUF-based OT-protocol, which is secure against PUFs-inside-PUFs attacks if the used bad PUFs are stateless. Our protocol introduces the technique of interleaved challenges. – PUFs-inside-PUFs, Part III: In this context, we illustrate why the use of interactive hashing in our new protocol appears necessary, and why a first protocol attempt without interactive hashing fails

SIMPL Systems: On a Public Key Variant of Physical Unclonable Functions

This paper theoretically discusses a novel security tool termed {\it SIMPL system}, which can be regarded as a public key version of physical unclonable functions (PUFs). Like the latter, a SIMPL system $S$ is physically unique and non-reproducible, and implements an individual function $F_S$. In opposition to a PUF, however, a SIMPL system $S$ possesses a publicly known numerical description $D(S)$, which allows its digital simulation and prediction. At the same time, it is required that any digital simulation of a SIMPL system $S$ must work at a detectably lower speed than its real-time behavior. In other words, the holder of a SIMPL system $S$ can evaluate a publicly known, publicly computable function $F_S$ faster than anyone else. This feature, so we argue in this paper, allows a number of improved practicality and security features. Once implemented successfully, SIMPL systems would have specific advantages over PUFs, certificates of authenticity, physically obfuscated keys, and also over standard mathematical cryptotechniques

Towards Secret-Free Security

While digital secret keys appear indispensable in modern cryptography and security, they also routinely constitute a main attack point of the resulting hardware systems. Some recent approaches have tried to overcome this problem by simply avoiding keys and secrets in vulnerable systems. To start with, physical unclonable functions (PUFs) have demonstrated how “classical keys”, i.e., permanently stored digital secret keys, can be evaded, realizing security devices that might be called “classically key-free”. Still, most PUFs induce certain types of physical secrets deep in the hardware, whose disclosure to adversaries breaks security as well. Examples include the manufacturing variations that determine the power-up states of SRAM PUFs, or the signal runtimes of Arbiter PUFs, both of which have been extracted from PUF-hardware in practice, breaking security. A second generation of physical security primitives, such a SIMPLs/PPUFs and Unique Objects, recently has shown promise to overcome this issue, however. Perhaps counterintuitively, they would enable completely “secret-free” hardware, where adversaries might inspect every bit and atom, and learn any information present in any form in the hardware, without being able to break security. This concept paper takes this situation as starting point, and categorizes, formalizes, and surveys the currently emerging areas of key-free and, more importantly, secret-free security. Our treatment puts keys, secrets, and their respective avoidance into the center of the currently emerging physical security methods. It so aims to lay the foundations for future, secret-free security hardware, which would be innately and provably immune against any physical probing and key extraction

Erasable PUFs: Formal treatment and generic design

Physical Unclonable Functions (PUFs) have not only been suggested as new key storage mechanism, but - in the form of so-called "Strong PUFs"- also as cryptographic primitives in advanced schemes, including key exchange, oblivious transfer, or secure multi-party computation. This notably extends their application spectrum, and has led to a sequence of publications at leading venues such as IEEE S&P, CRYPTO, and EUROCRYPT in the past[3,6,10,11,29, 41]. However, one important unresolved problem is that adversaries can break the security of all these advanced protocols if they gain physical access to the employed Strong PUFs after protocol completion [41]. It has been formally proven[49] that this issue cannot be overcome by techniques on the protocol side alone, but requires resolution on the hardware level - the only fully effective known countermeasure being so-called Erasable PUFs. Building on this work, this paper is the first to describe a generic method how any given silicon Strong PUF with digital CRP-interface can be turned into an Erasable PUFs[36]. We describe how the Strong PUF can be surrounded with a trusted control logic that allows the blocking (or "erasure") of single CRPs. We implement our approach, which we call "GeniePUF", on FPGA, reporting detailed performance data and practicality figures. Furthermore, we develop the first comprehensive definitional framework for Erasable PUFs. Our work so re-establishes the effective usability of Strong PUFs in advanced cryptographic applications, and in the realistic case adversaries get access to the Strong PUF after protocol completion

Physical Unclonable Functions in Cryptographic Protocols: Security Proofs and Impossibility Results

We investigate the power of physical unclonable functions (PUFs) as a new primitive in cryptographic protocols. Our contributions split into three parts. Firstly, we focus on the realizability of PUF-protocols in a special type of stand-alone setting (the “stand-alone, good PUF setting”) under minimal assumptions. We provide new PUF definitions that require only weak average security properties of the PUF, and prove that these definitions suffice to realize secure PUF-based oblivious transfer (OT), bit commitment (BC) and key exchange (KE) in said setting. Our protocols for OT, BC and KE are partly new, and have certain practicality and security advantages compared to existing schemes. In the second part of the paper, we formally prove that there are very sharp limits on the usability of PUFs for OT and KE {\em beyond} the above stand-alone, good PUF scenario. We introduce two new and realistic attack models, the so-called posterior access model (PAM) and the bad PUF model, and prove several impossibility results in these models. First, OT and KE protocols whose security is solely based on PUFs are generally impossible in the PAM. More precisely, one-time access of an adversary to the PUF after the end of a single protocol (sub-)session makes all previous (sub-)sessions provably insecure. Second, OT whose security is solely based on PUFs is impossible in the bad PUF model, even if only a stand alone execution of the protocol is considered (i.e., even if no adversarial PUF access after the protocol is allowed). Our impossibility proofs do not only hold for the weak PUF definition of the first part of the paper, but even apply if ideal randomness and unpredictability is assumed in the PUF, i.e., if the PUF is modeled as a random permutation oracle. In the third part, we investigate the feasibility of PUF-based bit commitment beyond the stand-alone, good PUF setting. For a number of reasons, this case is more complicated than OT and KE. We first prove that BC is impossible in the bad PUF model if players have got access to the PUF between the commit and the reveal phase. Again, this result holds even if the PUF is “ideal” and modeled as a random permutation oracle. Secondly, we sketch (without proof) two new BC-protocols, which can deal with bad PUFs or with adversarial access between the commit and reveal phase, but not with both. We hope that our results can contribute to a clarification of the usability of PUFs in cryptographic protocols. They show that new hardware properties such as offline certifiability and the erasure of PUF responses would be required in order to make PUFs a broadly applicable cryptographic tool. These features have not yet been realized in practical PUF-implementations and generally seem hard to achieve at low costs. Our findings also show that the question how PUFs can be modeled comprehensively in a UC-setting must be considered at least partly open

Design of Novel Analog Compute Paradigms with Ark

Previous efforts on reconfigurable analog circuits mostly focused on specialized analog circuits, produced through careful co-design, or on highly reconfigurable, but relatively resource inefficient, accelerators that implement analog compute paradigms. This work deals with an intermediate point in the design space: Specialized reconfigurable circuits for analog compute paradigms. This class of circuits requires new methodologies for performing co-design, as prior techniques are typically highly specialized to conventional circuit classes (e.g., filters, ADCs). In this context, we present Ark, a programming language for describing analog compute paradigms. Ark enables progressive incorporation of analog behaviors into computations, and deploys a validator and dynamical system compiler for verifying and simulating computations. We use Ark to codify the design space for three different exemplary circuit design problems, and demonstrate that Ark helps exploring design trade-offs and evaluating the impact of nonidealities to the computation