Presentation is loading. Please wait.

Presentation is loading. Please wait.

0 1 Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.

Similar presentations


Presentation on theme: "0 1 Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs."— Presentation transcript:

1 0

2 1 Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs

3 2 Security Challenges How to securely authenticate devices? –Keycards, RFIDs, mobile phones –Genuine electronics vs. counterfeits How to protect sensitive IP on devices? –Digital content, personal information –Software on mobile/embedded systems How to securely communicate with devices? –Private and authentic communication channels

4 3 Traditional Solution: Authentication Example Each IC needs to be unique –Embed a unique secret key SK in on-chip non-volatile memory Use cryptography to authenticate an IC –A verifier sends a randomly chosen number –An IC signs the number using its secret key so that the verifier can ensure that the IC possesses the secret key Cryptographic operations can address other problems such as protecting IP or secure communication Sends a random number Sign the number with a secret key Only the ICs key can generate a valid signature IC with a secret key ICs Public Key

5 4 BUT… How to generate and store secret keys on ICs in a secure and inexpensive way? –Adversaries may physically extract secret keys from non-volatile memory –Trusted party must embed and test secret keys in a secure location –EEPROM adds additional complexity to manufacturing What if cryptography is NOT available? –Extremely resource (power) constrained systems such as passive RFIDs –Commodity ICs such as FPGAs

6 5 Physical Unclonable Functions (PUFs) Extract secrets from a complex physical system Because of random process variations, no two Integrated Circuits even with the same layouts are identical –Variation is inherent in fabrication process –Hard to remove or predict –Relative variation increases as the fabrication process advances Delay-Based Silicon PUF concept –Generate secret keys from unique delay characteristics of each processor chip Combinatorial Circuit Challenge c-bits Response n-bits

7 6 Why PUFs? PUF can generate a unique secret key / ID –Highly secure: volatile secrets, no need for trusted programming –Inexpensive: no special fabrication technique PUF can enable a secure, low-cost authentication w/o crypto –Use PUF as a function: challenge response –Only an authentic IC can produce a correct response for a challenge Questions –How to design a PUF circuit? –Does the concept work (reliable and secure)? –How to use the PUF for key generation and authentication? PUF n (Challenge)Response

8 7 Ring Oscillator Ring oscillators are widely used in ICs to generate clocks or characterize performance Each ring oscillator has a unique frequency even if many oscillators are fabricated from the same mask en_n out even number of inverters Ring Oscillator Module

9 8 PUF Circuit Using Ring Oscillators N oscillators MUX counter >? Output Input Compare frequencies of two oscillators The faster oscillator is randomly determined by manufacturing variations 0 or MHz2453MHz2519MHz TopBot.Out 120 1N1 2N1 1 2 N

10 9 Entropy: How Many Bits Do You Get? There are N! possible cases for ordering N oscillators based on their frequencies –Each ordering is equally likely –For example, 3 oscillators R0, R1, R2 have 6 possible orderings (R0, R1, R2), (R0, R2, R1), (R1, R0, R2), (R1, R2, R0), (R2, R0, R1), and (R2, R1, R0) N oscillators can produce log 2 (N!) independent bits A reasonable number of oscillators can express keys of long length –35 oscillators produce 133 bits –128 oscillators produce 716 bits –256 oscillators produce 1687 bits

11 10 Implementation Constraints All ring oscillators must be identical –Any ring oscillator design will work No additional constraints required –Everything is standard digital logic –No placement/routing constraint outside oscillators –Can be implemented even on standard FPGAs 1 2 N Challenge Output Identical layout No placement / routing constraint

12 11 Errors? Insight: Comparisons between ring oscillators with significant difference in frequency are stable even when the environment changes Use far apart oscillator pairs to produce bits –Mask bits indicate the selection Frequency Temperature Blue > Green Green > Blue Temperature Blue > Green Blue > Green Frequency PUF output bit may flip when environment changes significantly

13 12 Validation Goal Security: Show that different PUFs (ICs) generate different bits –Inter-chip variation: how many PUF bits (in %) are different between PUF A and PUF B? –Ideally, inter-chip variation should be close to 50% Reliability: Show that a given PUF (IC) can re-generate the same bits consistently –Intra-chip variation: how many bits flip when re-generated again from a single PUF –Environments (voltage, temperature, etc.) can change –Ideally, intra-chip variation should be 0%

14 13 FPGA Testing 15 FPGAs (Xilinx) with 1 PUF on each FPGA +/- 10% voltage variation experiments -20C to 120C temperature variation in test chambers Combined voltage and temperature variation tests Aging of FPGAs performed and experiments re-run –Did not change PUF outputs at all

15 14 RO PUF Characteristics 8000 bits from 1024 oscillators (paper shows results for 128 bits) Average 46.6% Maximum 0.6%

16 15 Key Generation: Initialization To initialize the circuit, an error correcting syndrome is generated from the reference PUF circuit output –Syndrome/error mask is public information –Can be stored on-chip, off-chip, or on a remote server For example, BCH(127,64,21) code will correct up to 10 errors out of 127 bits –Failure probability < PUF Circuit Encoding m n Before First Use: Initialization Syndrome/Mask (public information)

17 16 Random Symmetric Key Generation In the field, the syndrome will be used to re-generate the same PUF reference output from the circuit –This output is unique and unpredictable for each chip –Can be directly used as a symmetric key In the Field: Key Generation PUF Circuit Syndrome/ Mask Decoding Hash k m n n ECC PUF

18 17 Private/Public Key Pair Generation PUF response is used as a random seed to a private/ public key generation algorithm –No secret needs to be handled by a manufacturer A device generates a key pair on-chip, and outputs a public key –The public key can be endorsed at any time Seed Private key Public key Key Generation ECC PUF

19 18 Low-Cost Authentication Protect against IC/FPGA substitution and counterfeits without using cryptographic operations Authentic Device A PUF Untrusted Supply Chain / Environments ??? ChallengeResponse Is this the authentic Device A? =? PUF ChallengeResponse ChallengeResponse Database for Device A Record

20 19 Challenge-Response Pairs What if an attacker obtains all responses and put them into a fake chip with memory? There must be LOTS of challenge-response-pairs –Use different parts on FPGAs –Use configurable delay paths on ASICs Challenge 1 FPGA Challenge 2Response 1Response 2 (left-bottom, 5 inv, etc.)(right-middle, 3 inv, etc.) PUF Oscillators

21 20 An Arbiter-Based Silicon PUF Compare two paths with an identical delay in design –Random process variation determines which path is faster –An arbiter outputs 1-bit digital response Multiple bits can be obtained by either duplicate the circuit or use different challenges –Each challenge selects a unique pair of delay paths … c-bit Challenge Rising Edge 1 if top path is faster, else 0 DQ G Response

22 21 Arbiter PUF Experiments Fabricated 200 identical chips with PUFs in TSMC 0.18 on 5 different wafer runs Security –Inter-chip variation: 24.8% on average –Careful layout results in 50% inter-chip variation (recent RFID PUF) Reliability –Intra-chip variation: 3.5% when temperature changes from 20C to 120C, 4% for +/-10% voltage changes

23 22 Summary Process variations can be turned into a feature rather than a problem PUFs can reliably generate unique and unpredictable secrets for each IC –Highly secure: volatile keys –Inexpensive: standard digital logic PUF can be applied to –Generation of both symmetric and asymmetric keys for cryptographic operations –Secure authentication of ICs without cryptographic operations PUF has been demonstrated on FPGAs and ASICs –Even on passive RFIDs

24 23 Back-Up Slides

25 24 Security Discussion What does it take to find PUF secrets? Open the chip, completely characterize PUF delays –Invasive attacks are likely to change delays Read on-chip register with a digital secret from PUF while the processor is powered up –More difficult proposition than reading non-volatile memory Still, this only reveals ONE secret from PUF –Use two keys with only one key present on-chip at any time PUF is a cheap way of generating more secure secrets

26 25 ECC Security Discussion Suppose we choose a (n, k, d) code Code word length = Length of PUF response Dimension of Code Number of code words = 2 k Minimum distance = 2t + 1 –Syndrome = n – k bits public, reveal information about responses –Security parameter is k At least k bits remain secret after revealing the syndrome –BCH (255, 107, 45) will correct 22 errors out of 255 response bits and effectively produce 107-bit secret key –Can get arbitrary size keys –Theoretical study in fuzzy extractor [Smith et al]


Download ppt "0 1 Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs."

Similar presentations


Ads by Google