Download presentation

Presentation is loading. Please wait.

Published byAshlynn McCracken Modified about 1 year ago

1
1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas Chen, Anup Jadhav

2
2 U NIVERSITY OF M ICHIGAN Outline Motivation & Security Challenges Problem & Previous Approaches Physical Unclonable Functions (PUF) PUF-based Key Generation Using Pattern Matching Results Conclusion References

3
3 U NIVERSITY OF M ICHIGAN Motivation Secure computing Devices are becoming: Distributed Unsupervised Physically exposed Prone to physical tampering Need protection at the hardware level

4
4 U NIVERSITY OF M ICHIGAN Problem & Previous Approaches Making a device tamper proof is difficult and expensive IBM 4758 cryptographic coprocessor ($3000) Battery powered sensors Anti-tamper package Attackers can Extract keys from NVM while processor is off Depackage,etch, and polish down to poly to read off fuse bits ROMFusesFlashAnti-fuses

5
5 U NIVERSITY OF M ICHIGAN Physical Unclonable Function (PUF) Silicon “fingerprint” Unique per instance Reproducible/repeatable Usefulness Random key generation Low-cost key “storage” Tamper resistant Extract keys from complex physical system Variability Sensitive Circuit Challenge Response C R1R1 R2R2 R3R3 !=

6
6 U NIVERSITY OF M ICHIGAN PUF-based Key Generation Use PUF to generate fixed size of secret bits Can use as symmetric key bits or seed for asymmetric key But… Some bits may be “noisy”- need error correction Need to use helper data/syndrome to correct PUFKey Generator ResponseKey … D C Q C0C0 C1C1 C2C2 CnCn Arbiter Path-swapping switch

7
7 U NIVERSITY OF M ICHIGAN Reproducibility Intra-distance metric (use fractional Hamming distance) Ideally HD intra =0 Mean intra-distance varies with voltage, temperature Can reduce unstable bits by: pre/post selection, temporal majority voting, compensation, etc. Typically >5%, <20% over region of operation (before corr.) PUF A Stored PUF A response bits -> 6.25%

8
8 U NIVERSITY OF M ICHIGAN Uniqueness Inter-distance metric Use fractional Hamming distance Ideally, HD inter of 50% -> no correlation between chips PUF A PUF B bits -> %

9
9 U NIVERSITY OF M ICHIGAN Error Correction & Entropy Key must be 100% reproducible (HD intra =0) Often use BCH codes Increase reproducibility But helper data leaks information, reduces unpredictability Need bigger response then compress Extracted key length <= Total accumulated entropy Correction Helper Data

10
10 U NIVERSITY OF M ICHIGAN Pattern Matching Key Generator(PMKG) Architecture

11
11 U NIVERSITY OF M ICHIGAN Key Generation Scheme Major Difference Instead of making challenge public, make response public Provisioning and Regeneration Happens over a number of rounds Regeneration Involves matching the patterns provisioned to recreate key

12
12 U NIVERSITY OF M ICHIGAN Pattern Matching Provisioning In each round select an index I Starting at that index store a pattern of length W Regeneration Match against known patterns to obtain index bits Index=sub-key PUF generated bit stream: XX710 Pattern Storage

13
13 U NIVERSITY OF M ICHIGAN Key Generator Architecture

14
14 U NIVERSITY OF M ICHIGAN Security Public helper data does not leak information about key Index based key Key mixer Post process key bits LFSR forking Fork the next round of challenge generator based on key index Fixed number of comparisons against helper patterns

15
15 U NIVERSITY OF M ICHIGAN Key Generation Parameters

16
16 U NIVERSITY OF M ICHIGAN Intra-distance and Inter-distance

17
17 U NIVERSITY OF M ICHIGAN Matching threshold and FAR,FRR Tolerance match detector Causes false positives and false negatives Requires appropriate matching threshold Requires sufficiently wide pattern Otherwise use error correction scheme For small pattern, additional logic required to prevent collision

18
18 U NIVERSITY OF M ICHIGAN False Negatives and False Positives

19
19 U NIVERSITY OF M ICHIGAN Trials Required For Key Regeneration

20
20 U NIVERSITY OF M ICHIGAN Conclusion Main contribution Expose PUF response, keep challenge hidden Key regeneration via pattern matching Key bits are not directly stored Subkeys are indices of PUF responses Avoid heavy error correction logic But need to choose good threshold and pattern width False positives, false negatives

21
21 U NIVERSITY OF M ICHIGAN Questions & Discussion Points Is there enough process variation to identify between ICs? Is setting a threshold a good enough approach? Is the arbiter PUF a good choice?

22
22 U NIVERSITY OF M ICHIGAN References [1] Paral, Z., and Srinivas Devadas. "Reliable and efficient PUF-based key generation using pattern matching." Hardware-Oriented Security and Trust (HOST), 2011 IEEE International Symposium on. IEEE, 2011.

Similar presentations

© 2016 SlidePlayer.com Inc.

All rights reserved.

Ads by Google