Presentation is loading. Please wait.

Presentation is loading. Please wait.

Physically Unclonable Function: a Promising Security Primitive for Internet of Things Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, Phuong Ha Nguyen.

Similar presentations


Presentation on theme: "Physically Unclonable Function: a Promising Security Primitive for Internet of Things Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, Phuong Ha Nguyen."— Presentation transcript:

1 Physically Unclonable Function: a Promising Security Primitive for Internet of Things
Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, Phuong Ha Nguyen and Durga Prasad Sahoo Secured Embedded Architecture Laboratory (SEAL) Department of Computer Science and Engineering Indian Institute of Technology Kharagpur Kharagpur, West Bengal, INDIA – {debdeep.mukhopadhyay,rschakraborty,

2 An Overview

3 Definition of Internet of Things (IoT)
The term Internet of Things was first used by Kevin Ashton in 1999. Refers to uniquely identifiable objects (things) and their virtual representations in an Internet-like structure Management Education Food Pharmaceuticals IoT Applications Retail Logistics IoTs can revolutionize quality of life

4 Applications of IoT: Indian Context
Sensor technologies can monitor vulnerable environments and prevent or limit natural disasters. E-governance: Warehouse, management Inventory control Port management ETAs, ETDs Ships, boats, containers, etc. Pharmaceuticals: Intelligent tags for drugs Drug usage tracking, Pharmaceuticals: Product websites RFIDs can be used to track the origin of safe drugs thereby reducing counterfeits. --> Enable the emergency treatment to be given faster and more correct. Nano-sensors can be used to monitor water quality at reduced cost Nano-membranes can assist in the treatment of waste-water. Food Control: Control geographical origin, Food production management, Nutrition calculations

5 Security for IoT… Source: Patrick Koeberl – Security Architect at Intel Labs, Intel Corporation, IDF14

6 Hardware Root of Trust Just enough security for each end points
Source: Patrick Koeberl – Security Architect at Intel Labs, Intel Corporation, IDF14

7 Trustworthy Handling of large Number of Devices
Source: Patrick Koeberl – Security Architect at Intel Labs, Intel Corporation, IDF14

8 Trust in IoT 50 Billion Devices to be connected by 2020!
Devices need to trust the owner and also each other. Devices connected through heterogeneous network, and are resource constrained.

9 Whom can you Trust? What do we know about the device?
Is it running the correct software? Is it genuine? We need to guarantee: Integrity Privacy Quality IoT endpoints operate under resource constraints: CPU Memory Energy Communications Traditional Security features do not scale down! The Trusted Computing Base (TCB) must be as small as possible! Trust is a major enabler for IoT Are there more optimal solutions for the hardware root of trust?

10 PUF in the context of IoT
Response3 Challenge Response1 Response2 The responses have to be unpredictable. Should not be able to modeled using mathematical analysis. The responses should also be unique and independent. That is knowledge of one response, should not leak information of the others!

11 What is a PUF? Fingerprint of Devices
A challenge-response mechanism in which the mapping between an applied input (“challenge”) and the corresponding observed output (“response”) is dependent on the complex and variable nature of a physical material The challenge-response mapping is unclonable (ideally) and instance-specific (depends on manufacturing process variations evident in ASICs) n-bit Challenge(C) PUF n-bit Response (R)

12 An Example with a simple SR-Latch
in Make the input in=1, y=1, y’=1. Make the input in=0, both of the following states are possible: y=1, y’=0 y=0, y’=1 Source of randomness!

13 From Theory to Practice
FPGAs are ideal for security implementations In-house and high-performance Programmability is an added feature But careful implementation is needed. module SR(in , Q, Qbar); input in; output Q, Qbar; nand N1(Q, ~in, Qbar); nand N2(Qbar, ~in, Q); endmodule in Qbar AND OR LUT2 LUT1 Q The non-determinism and hence the randomness is gone!

14 Another Attempt This design has the non-determinism as expected!
module SR(in, Q, Qbar ); input in; output Q, Qbar; (* KEEP = "TRUE" *) wire w1, w2; nand N1(Q, ~in, w1); nand N2(Qbar, ~in, w2); assign w1 = Qbar; assign w2 = Q; endmodule Qbar in OR w1 w2 Q OR This design has the non-determinism as expected! We can also design using NAND primitives.

15 The Silicon Space Mismatch in driving capabilities of the gates
Values of Q Mismatch in driving capabilities of the gates Difference in routing delays of the feedback path a Latch cell will give either 0 or 1 as output. Depends on the (x,y) position of the silicon area. 1 1 1 (x1,y1) (x2,y2) (x3,y3) (x4,y4) (x5,y5) (x6,y6) (x7,y7) (x8,y8) (x9,y9) (x10,y10) (x11,y11) (x12,y12) (x13,y13) (x14,y14) (x15,y15) (x16,y16) (x17,y17) (x18,y18) (x19,y19) (x20,y20) (x21,y21) (x22,y22) (x23,y23) (x24,y24) (x25,y25) ICISS 2011

16 Advantage PUF!! World without PUF World with PUF
Trusted party embeds and tests secret keys in a secure non-volatile memory (NVM) EEPROM adds additional complexity to manufacturing Adversaries may physically extract secret key from non-volatile memory World with PUF Intrinsic properties of device is used to generate secret key. Key never leaves the IC’s cryptographic boundary, nor be stored in a non-volatile memory. Key is deleted after usage in de- or encryption process It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

17 PUFs for Identification
Protect against ASIC substitution and counterfeits without using cryptographic operations Authentic Device A PUF Untrusted Supply Chain / Environments ??? Challenge Response Is this the authentic Device A? =? Response’ Database for Device A Record It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF. IC rejected if Response’ does not match the enrolled Response

18 An IoT Test-Bed Typically comprise of sensor nodes, micro-processors, embedded processors, network gateways, and finally the cloud. RFID tag prototypes interfaced with an FPGA (like Nexys-2) RFID reader acts as a translator from IPv6 to a tag-specific communication interface (IPv6 makes ubiquitous computing feasible by providing unique identifiers to all connected objects)

19 Threats from Model Building Attacks
Threats from machine learning algorithms: Attempt to develop a model from the observed Challenge-Response Pairs (CRPs)

20 Threats from Side Channel Attacks
Data input Terminal IC chip Data output 00111… Power supply Measure power consumption Guess secret information stored on IC chip memory With side channel attacks it is possible to break implementations of cryptosystems even though no mathematical attack is known to solve the underlying problem. With SPA, one power trace is sufficient to reveal the secret. Power consumption 1 1 1 1 Secret information

21 Lightweight PUFs and PUF Composition
Layers of PUF I N P U T L A Y E R O U T P L A Y E R Combiners Challenge Response ML Attacker Side Channel Attacker

22 A Side Channel and Machine Learning Resistant Ideal PUF Composition.
 Reference: Composite PUF: A new design paradigm for Physically Unclonable Functions on FPGA. IEEE HOST 2014: 50-55  iPUF design proposal is selected as finalist in “CyberSEED Hardware Challenge”, 2014 (

23 Security Analysis for the IoT Testbed
Secured Implementation of ciphers PUFs/IC s for ciphers leaked Information Mallory PUFs Side Channels in the IoT

24 Outline Part-I: PUF Fundamentals Part-II: Lightweight PUF Design
Applications of PUF Part-II: Lightweight PUF Design Approach 1: Lightweight PUF Primitives Approach 2: Combining PUF Primitives and Crypto Primitives Approach 3: Combining PUF Primitives Part-III: Attacks and iPUF Design Machine Learning based Modeling Attacks Side Channel based Modeling Attacks Cryptanalysis iPUF: secure and lightweight PUF Part-IV: Authentication Protocols Reverse Fuzzy Extractor Protocol Slender PUF Protocols

25 Part I: PUF Fundamentals

26 Physically Unclonable Function (PUF)?
Fingerprint of Devices A challenge-response mechanism in which the mapping between an applied input (“challenge”) and the corresponding observed output (“response”) is dependent on the complex and variable nature of a physical material The challenge-response mapping is unclonable (ideally) and instance-specific n-bit Challenge(C) PUF n-bit Response (R)

27 PUF Properties Evaluatable: given PUF and x, it is easy to evaluate y = PUF(x). Unique: PUF(x) contains some information about the identity of the physical entity embedding PUF. Reproducible: y = PUF(x) is reproducible up to a small error. Unclonable: given PUF, it is hard to construct a procedure PUF’ up to a small error. Unpredictable: given only a set, , it is hard to predict yc = PUF(xc) up to a small error, for xc a random challenge such that One-way: given only y and the corresponding PUF instance, it is hard to find x such that PUF(x) = y. Tamper-evident: altering the physical entity embedding PUF transforms PUF →PUF’ such that with high probability .

28 Quality Metrics for PUF
Uniqueness Reliability PUF 1 PUF 3 PUF 2 C Devices r2 r3 r1 PUF 1 C Time r2 r3 r1 Uniformity: ratio of 0’s and 1’s in response Bit-dependency: autocorrelation coefficient of response

29 PUF Examples: Optical PUF
Optical PUF was proposed by Pappu et al. with the original name “Physical One-Way Functions (POWFs)” Made of transparent optical medium containing bubbles. Shining a laser beam through the medium produces a speckle pattern (response) that depends on the exact position/direction of incoming beam It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

30 Silicon PUFs We are interested in PUF circuits, i.e. Silicon PUFs
The dominant device for IC design is MOSFET Silicon PUFs utilize the unavoidable and unpredictable manufacturing process variation effects of modern deep-submicron MOSFET devices Usually, from CMOS circuit design perspective, process variation is a challenge, but is useful for PUF design Impact of process variation becomes more pronounced at advanced technology nodes It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

31 Source of Variations in MOSFETs
Scaling in CMOS deep submicron process technology ( < 100nm channel length) Lack of efficiency in fabrication process Introduces variations in MOS device’s physical parameters: Gate length (L) Gate width (W) Threshold Voltage (Vth) Oxide thickness (tox) CMOS scaling  Limitation in fabrication process  Variation in MOS device’s physical parameters  Variation in Circuit parameters (e.g., propagation delay, leakage current, etc)  Existence of randomness

32 Distinguishable Variations in CMOS Circuit Behavior
Ring Oscillator Oscillating Frequency FPGA 1 FPGA 2 FPGA 3 FPGA 4 FPGA-specific behavior  FPGA fingerprint

33 Applications of PUF

34 Why are PUFs Important? Security without PUF Security with PUF
Trusted party embeds and tests secret keys in a secure location (NVM) EEPROM adds additional complexity to manufacturing Adversaries may physically extract secret key from non-volatile memory Security with PUF Intrinsic properties of device is used to generate secret key. Key never leaves the IC’s cryptographic boundary, nor be stored in a non-volatile memory. Key is deleted after usage in de- or encryption process It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

35 PUF in Use: Low-cost HW Authentication
Protect against IC/FPGA substitution and counterfeits without using cryptographic operations Authentic Device A PUF Untrusted Supply Chain / Environments ??? Challenge Response Is this the authentic Device A? =? Response’ Database for Device A Record

36 PUF in Use: Private/Public Key Pair Generation
Seed Public key ECC + PUF Private key Key Generation PUF response is used as a random seed to a private/ public key generation algorithm No secret needs to be handled by a manufacturer A device generates a key pair on-chip, and outputs a public key The public key can be endorsed at any time

37 PUF in Use: PUF based Pseudo Random Function
A randomized 3-round Luby-Rackoff cipher. Round functions are replaced PUF instances. This is a keyless cipher. [ Armknecht et al., ASIACRYPT 2009 ]

38 Part-II: Lightweight PUF Design

39 Classification of PUF (1/3) Based on entropy source:
PUFs using explicitly-introduced randomness Optical PUF Coating PUF PUFs using intrinsic randomness Delay PUF SRAM PUF Butterfly PUF Bistable ring PUF Magnetic PUF Metal Based PUF

40 Classification of PUF (2/3) Based on embedding device Physics:
Optical PUF Coating PUF Silicon PUF Magnetic PUF Metal Based PUF Acoustic PUF

41 Classification of PUF (3/3)
Based on security of challenge-response behavior: Strong PUF It must have a very large challenge set, since otherwise the adversary can simply query all challenges and no unknown challenges are, and it is infeasible to built an accurate model of the PUF based on observed challenge-response pairs (CRPs), or in other words the PUF is unpredictable. Weak PUF It has small challenge-response set or Easy to build an accurate model based on observed CRPs.

42 PUF Taxonomy Lightweight PUFs are composed of different types of PUF building blocks

43 PUF Primitive 1: Arbiter PUF (APUF)
Composed of n two-port switching stages, for an n-bit challenge size n-bit challenge => 2n possible paths Unique path selected by a challenge Accumulated delay at the end of the path is compared by an arbiter circuit (usually, an edge-triggered D flip-flop) Arbiter gives 1-bit decision Advantages: Simple structure, low hardware overhead (each stage is two 2:1 MUXes) Disadvantage: susceptible to modeling attacks

44 PUF Primitive 2: Feed Forward Arbiter PUF
It is possible to have a linear model for classical Arbiter PUF that results in easy modeling attack on it Feed Forward Arbiter is used to introduce non-linearity

45 PUF Primitive 3: Ring Oscillator PUF (ROPUF)
An n-bit applied challenge selects two different ROs from a bank of 2n ROs Process variation implies ROs have different oscillation frequencies Compare frequencies of two oscillators using counters Comparator gives decision Advantage: Difficult to model Disadvantage: Exponential hardware requirement

46 PUF Example 4: SRAM PUF SRAM PUF cell structure Power-up initial value of SRAM cell can be used response, cell address is the challenge SRAM fabrication compatible with digital logic process in regular ICs FPGA implementation of SRAM PUF is very difficult (since SRAM modules are cleared by default on power-up)

47 Approach 2: Combination of Crypto Primitives and Insecure PUFs
Controlled PUF – Hash PUF [Gassend et al ] N-bit challenges, 1-bit response N-bit hash functions as input and output networks N Arbiter PUFs

48 Approach 2: Combination of Crypto Primitives and Insecure PUFs (Contd
Lightweight Secure PUF [Majzoobi et al. 2010] N-bit challenges, k-bit response Lightweight input and output networks

49 Approach 3: Combination of PUFs
k-XOR PUF [Lee 2005] N-bit challenges, 1-bit response k Arbiter PUFs

50 Design 3: Combination of PUFs (Contd.)
Composite PUF [Sahoo et al. 2014] Multiple levels of PUF primitives are used N-bit challenges, 1-bit response

51 Part-III: Security Analysis, secure and lightweight PUF-iPUF

52 Security Evaluation of PUF
Unclonability: - Cannot be achieved using traditional cryptographic techniques - Two types of unclonability: - Physical unclonability - A PUF is physically unclonable if a physical copy of the PUF with similar challenge/response behaviour cannot be made, even by the manufacturer (existential unclonabiliy). - Mathematical unclonability - it is not possible to construct a mathematical approximator which can predict the response to an arbitrary challenge applied to a given PUF instance, with a large probability of success Unpredictability: - Adversary can’t predict response of a new challenge form a known set of CRPs It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

53 PUF Attack Overview Contactless Probing Mechanical Probing
Side channel Probing Mathematical Clone Physical Clone Clone PUF Four paths leading to a PUF cloning attack Creating a physical clone of the PUF is considered infeasible The creation of a mathematical clone requires that the raw PUF response(s) Non-invasive attack methods using side channel analysis on the PUF Invasive attack involving mechanical probing of r’ Attackers with access to contactless probing equipment can use a semi-invasive methodology to obtain the data of interest It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

54 PUF Attacks Brute Force: Replay Attack:
To save every Challenge Response Pairs (CRPs) Physical Access to PUF is required Replay Attack: Eavesdropping CRPs and play them back Modelling Attack (or Machine Learning Attack): Take the advantage between relationship between challenge the challenge/response Build a PUF model using Machine Learning (ML) methods: - Support Vector Machine (SVM) - Artificial Neural Network (ANN) - Logistic Regression (LR) - Evolution Computing Set of CRPs needed to train ML algorithm It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

55 Security Notion A PUF P with n-bit challenge and m-bit response is considered as secure if it satisfies the following conditions: No algorithm to predict the response R produced by an arbitrary PUF instance when an arbitrary challenge with probability of success greater than 2-m No algorithm to predict the response R for an arbitrary challenge with high probability of success, with sub- exponential time and space complexity No algorithm to predict the response R for an arbitrary challenge with high probability of success, with sub- exponential data complexity. “Data” in this context is the challenge-response pair (CRP) database

56 Linear Delay Model of Arbiter PUF [D. Lim, M.S. Thesis, MIT, 2002]
It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF. denotes the challenge bit of the i-th stage

57 Linear Delay Model of Arbiter PUF (contd.)
It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

58 Linear Delay Model of Arbiter PUF
Let pk be the parity of challenge bits: where An Arbiter PUF is a linear classifier of random challenge vectors in n-dimensional space, where n is the total number of challenge bits It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF. Apply Support Vector Machine (SVM) using: Parity vectors X are n-dimensional feature vectors Constant vector d is the normal to the hyperplane that classifies challenges into two classes

59 Reported Modeling Attack Results
Modeling Attacks by Machine Learning (Rührmair et al.) Logistic Regression success rate Arbiter 99.9% using 18K CRPs in 0.6 sec. (64 taps) XOR Arbiter 99% using 12K CRPs in 3 min 42 secs (4 XOR, 64 taps). Lightweight Arbiters 99% using 12K CRPs in 1 hour and 28 mins (4 XORs, 64 taps). Feed-forward Arbiters 99% using 5K CRPs in 47 mins and 7 secs (7 FF, 64 taps). It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

60 Reported Modeling Attack Results (contd.)
[D. Lim, M.S. Thesis, MIT, 2002] Worked on computer simulation model of Arbiter PUF Claimed 100% modeling accuracy by applying SVM (PUF size and training set size not mentioned) [Maes et al, IEEE WIFS’12] Silicon (ASIC) data ASIC fabricated in 65 nm CMOS technology 64-bit Arbiter PUF 500 CRPs as training set Claims ~90% prediction accuracy using SVM [CSE Dept., IIT-KGP] Silicon (FPGA Data) 5000 CRPs as training set ~96% prediction accuracy using SVM It is reducing costs and raising security. But, how ? Consider two worlds : 1) Without PUF and 2) with PUF.

61 Side Channel Analysis Methodology
Using the side channel information to get more knowledge of the internal performance of algorithms The information are execution time, power consumption, electro-magnetic emission, etc. Side Channel Attack setup

62 Side Channel Analysis (contd.)
Example

63 Side Channel Based Modeling Attack-Attack on LSPUF
The attack is based on power analysis and machine learning based modeling attack The Lightweight Secure PUF is a study case

64 Attack on LSPUF (contd.)
The attack is based on power analysis and machine learning based modeling attack The Lightweight Secure PUF is a study case

65 Attack on LSPUF (contd.)
Power consumption is maximum

66 Attack on LSPUF (contd.)
Power consumption is maximum

67 Attack on LSPUF (contd.)
Power consumption is maximum

68 Attack on LSPUF (contd.)
Power consumption is minimum

69 Attack on LSPUF (contd.)
Power consumption is not minimum or maximum

70 Attack on LSPUF (contd.)
Power consumption is not minimum or maximum

71 Side Channel Based Modeling Attack-Attack on LSPUF (contd.)
Power consumption which is not minimum or maximum is not useful Power consumption which is maximum and minimum is useful because the intermediate values (r0,r1,r2,r3,r4,r5) are exposed via the power traces, i.e., all 1’s or 0’s The adversary collects the set of challenges of which the power consumption is maximum or minimum For each APUFi a set of CRPs (Ci,ri) is collected, i.e. (Ci,1) (max) or (Ci,0) (min). A model of each APUFi can be built by using the machine learning model attack LSPUF is not secure against SCA-based ML

72 Side Channel Based Modeling Attack-Attack on k-XOR PUF
The SCA-based ML does not work for k-XOR PUF All APUFi have the same set (C,0) or (C,1). Thus all the models are the same. This fact contradicts that all APUFi are different

73 Cryptanalysis Methodology
Analyzing the structure to find the flaw. After that, applying some algorithms to develop an algorithm to predict the response of a given challenge in efficient way Cryptanalysis-based Modeling Attack on LSPUF Cryptanalysis of Composite PUF

74 Cryptanalysis: LSPUF Security notion: no algorithm predicting the response (R0,R1,…, R3) with accuracy larger than 2-4

75 Cryptanalysis: LSPUF (contd.)
Fact 1: APUF can be modeled if a set of CRPs is provided

76 Cryptanalysis: LSPUF (contd.)
Fact 2: k-XOR PUF is secure against modeling attack (ML) if k > 6

77 Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw

78 Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw

79 Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw. The number of APUFs in Vi is only 2. Vi is known because Ri and Ri+1 is known

80 Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw. The number of APUFs in Vi is only 2. Vi is known because Ri and Ri+1 is known

81 Cryptanalysis: LSPUF (contd.)
Attack Steps: From R0, R1, …, R(n-1) we can construct V0, V1, …, V(n-2) All Vi depends on only two rj and rk. So, we can model all (n-1) Vi by using ML We need to make a guess on bit R0 and then combine that guess with all V0, …, V(n-2) to solve all response bits R1,..,R(n-1) The accuracy of the attack is 1/2 instead of 2-m

82 Cryptanalysis: Composite PUF
Security notion: no algorithm predicting the response R with accuracy larger than 1/2

83 Cryptanalysis: Composite PUF (contd.)
The challenge space C is divided into 16 classes: CL0, …., CL15 All the challenges in the same class has the same response. CL0 => R0, …, CL15=>R15 Algorithms to build those classes and their corresponding responses Algorithm to define the corresponding class for a given challenge C

84 Cryptanalysis: Composite PUF (contd.)

85 Cryptanalysis: Composite PUF (contd.)
1: How to define a class?

86 Cryptanalysis: Composite PUF (contd.)
1: How to define a class? 2: How to define the number of classes?

87 Cryptanalysis: Composite PUF (contd.)
1: How to define a class? 3: How to determine the class where c belongs to ? 2: How to define the number of classes?

88 Cryptanalysis: Composite PUF (contd.)
1: How to define a class? 3: How to determine the class where c belongs to ? 4: How to determine R0? 2: How to define the number of classes?

89 Cryptanalysis: Define a class

90 Cryptanalysis: Defining a Class
Equal

91 Cryptanalysis: Defining a Class
We define a class based on the output of Level 1 or the input of Level 2 Equal Equal

92 Cryptanalysis: Number of Classes
We define a class based on the output of Level 1 or the input of Level 2 The number of different values of output of Level 1 is the number of classes Since we have 4 output bits of Level 1, there are 24 = 16 classes: CL0, …, CL15

93 Cryptanalysis: Assumptions
Assumption 1: For each space of sub-challenge Ci, we can divide it into two subsets S(i,0) and S(i,1) according to the output of PUFi – ri. If two Ci and Ci’ belong same S(i,0) or S(i,1) then PUFi(Ci)=PUFi(Ci’) Assumption 2:, we can construct all S(i,0)s and S(i,1)s then we have 8 sets, i.e., S(0,0), S(0,1) S(1,0), S(1,1) S(2,0), S(2,1) S(3,0), S(3,1) Let i=(i0,i1,i2,i3) then we can define the class CLi , i=0,..,15, is the sets of all challenge C=(C0,C1,C2,C3) such that C0 in S(0,i0) C1 in S(1,i1) C2 in S(2,i2) C3 in S(3,i3)

94 Cryptanalysis: Assumptions

95 Cryptanalysis: Assumptions (contd.)
Assumption 3: all S(i,0)s and S(i,1)s are constructed, i.e., S(0,0), S(0,1), S(1,0), S(1,1), S(2,0), S(2,1), S(3,0), S(3,1) and all 16 classes CL0, CL1,…, CL15 are defined based on those sets already. Class determination: now, for a given challenge C=(C0,C1,C2,C3) we can determine the class CLi where C belongs as follows: C0 in S(0,0) or S(0,1) => i0 C1 in S(1,0) or S(1,1) => i1 C2 in S(2,0) or S(2,1) => i2 C3 in S(3,0) or S(3,0) => i3 Then i=(i0,i1,i2,i3) is the class index.

96 Cryptanalysis: Assumptions (contd.)
Assumption 3: all S(i,0)s and S(i,1)s are constructed, i.e., S(0,0), S(0,1) , S(1,0), S(1,1), S(2,0), S(2,1), S(3,0), S(3,1) and all 16 classes CL0, CL1,…, CL15 are defined based on those sets already. Determination of response Ri of a class CLi : since all S(i,0) and S(i,1) are given and i=(i0,i1,i2,i3), Ci=(C0, C1, C2, C3) where Take one C0 in S(0,i0) Take one C1 in S(1,i1) Take one C2 in S(2,i2) Take one C3 in S(3,i3) Response Ri of CLi is :=PUF(Ci). Hence all the assumptions will be valid if we can construct an algorithm to construct all the sets S(0,0), S(0,1), …, S(3,0), S(3,1).

97 Cryptanalysis: S(0,0) and S(0,1)
We show an algorithm to construct the sets S(0,0) and S(0,1) for PUF0 first Then all the remaining sets can be constructed in a similar way Definition of S(0,0) (or S(0,1)): this is the set of all sub challenge C0s such that the outputs of PUF0 are the same

98 Cryptanalysis: S(0,0) and S(0,1) (contd.)

99 Cryptanalysis: S(0,0) and S(0,1) (contd.)
Equal

100 Cryptanalysis: S(0,0) and S(0,1) (contd.)
Pr(R= R’)=1 Equal

101 Cryptanalysis: S(0,0) and S(0,1) (contd.)
Not Equal

102 Cryptanalysis: S(0,0) and S(0,1) (contd.)
Not Equal Pr(R = R’)=1/2

103 Cryptanalysis: S(0,0) and S(0,1) (contd.)
If C and C’ belong to same set, S(0,0), then their response Pr(R=R’)=1 If C and C’ belong to different sets, then their response Pr(R=R’)= 1/2 We fix C0 and C0’, try K different values (C1, C2, C3): If C and C’ belong to same set, then Pr(R=R’) =1 If C and C’ belong to different sets, then Pr(R=R’) =1/2^K Thus if K is big, we can determine whether C and C’ belong to the same or not with very high accuracy. This fact means that the sets S(0,0) and S(0,1) can be constructed by observing the response R.

104 Cryptanalysis: S(0,0) and S(0,1) (contd.)
If C and C’ belong to same set, S(0,0), then their response Pr(R=R’)=1 If C and C’ belong to different sets, then their response Pr(R=R’)= 1/2 We fix C0 and C0’, try K different values (C1, C2, C3): If C and C’ belong to same set, then Pr(R=R’) =1 If C and C’ belong to different sets, then Pr(R=R’) =1/2K Thus if K is big, we can determine whether C and C’ belong to the same or not with very high accuracy. This fact means that the sets S(0,0) and S(0,1) can be constructed by observing the response R When all S(i,0), S(i,1) are constructed, then all classes CLi are defined and their corresponding Ri can be determined Finally, a response of a given challenge C can be predicted with 100% accuracy

105 Summary for Lightweight PUFs
Crypt. Attack ML SCA-ML Attack HW Multiple outputs APUF Yes No Light HASHPUF Unknown Heavy LSPUF XORPUF Composite PUF

106 iPUF: secure and lightweight PUF
As mentioned previous, all the existing lightweight and secure PUFs are not secure or not lightweight. Thus, a new PUF design is developed based on the cryptanalysis of composite PUF. The new design is called iPUF

107 iPUF: PUF qualities

108 iPUF: security analysis and design features
iPUF is proved such as: It is secure against Cryptanalytic Attacks. It is secure against Side Channel Attacks. Moreover, iPUF is: lightweight. able to produce multiple outputs by modifying the structure.

109 PUF-based Authentication Protocols
Part IV: PUF-based Authentication Protocols

110 Protocols We consider the following authentication protocols:
Naïve authentication Reverse Fuzzy Extractor Authentication Slender PUF Protocol

111 Authentication Protocol
Authentication Protocol is a process with can allow two parties to authenticate to each others. The protocols are based on the following things What do you know: password, secret key What do you have: token, identity card Who are you: bio-authentication, your finger print etc.

112 Naïve Authentication

113 Naïve Authentication Limitations: The bare CRPs are used.
If adversary can collect the CRPs, then she can imitate a legal client.

114 Reverse Fuzzy Extractor Protocol
The helper data concept is used. R is reference response Helper data h=Gen(R). For a noisy response R’, we have R=Reprod(h,R’). Gen is not an expensive operation Reprod is an expensive operation

115 Reverse Fuzzy Extractor Protocol (contd.)

116 Slender PUF Protocol A model of weak PUF is made and the host keeps it
The information of CRP is hidden

117 Slender PUF Protocol (contd.)

118 Slender PUF Protocol New contribution:
Instead of storing CRPs, we use a WEAK PUF which we can model. However, the security of this protocol is still not clear.

119 References Daihyun Lim. Extracting Secret Keys from Integrated Circuits. Master's thesis,MIT, USA, 2004 Ahmed Mahmoud, Ulrich Ruhrmair, Mehrdad Majzoobi, and Farinaz Koushanfar. Combined Modeling and Side Channel Attacks on Strong PUFs. IACR Cryptology ePrint Archive, 2013:632, 2013. Mehrdad Majzoobi, Farinaz Koushanfar, and Miodrag Potkonjak. Lightweight secure PUFs. In Proc. of the 2008 IEEE/ACM International Conference on Computer-Aided Design(ICCAD), pages 670{673, Piscataway, NJ, USA, IEEE Press Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis attacks revealing the secrets of smart cards. Springer, 2007. Durga Prasad Sahoo, Phuong Ha Nguyen, Debdeep Mukhopadhyay, and Rajat Subhra Chakraborty. A Case of Lighweight PUF Constructions: Cryptanalysis and Machine Learning Attacks under submission. Durga Prasad Sahoo, Sayandeep Saha, Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, and Hitesh Kapoor. Composite PUF: A New Design Paradigm for Physically Unclonable Functions on FPGA. In IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2014.

120 References (contd.) Ulrich Ruhrmair, Frank Sehnke, Jan Solter, Gideon Dror, Srinivas Devadas, and Jurgen Schmidhuber. Modeling attacks on physical unclonable functions. In Proc. of 17th ACM conference on Computer and communications security(CCS), pages 237{249, New York, NY, USA, ACM. A. Herrewege, S. Katzenbeisser, R. Maes, R. Peeters, A.-R.Sadeghi, I. Verbauwhede, and C. Wachsmann. Reverse fuzzy extractors: Enabling lightweight mutual authentication for pufenabled rfids. In Financial Cryptography and Data Security, volume 7397 of Lecture Notes in Computer Science, pages 374–389. Springer Berlin Heidelberg, M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas. Slender puf protocol: A lightweight, robust, and secure authentication by substring matching. In Security and Privacy Workshops (SPW), IEEE Symposium on, pages 33–44, May 2012. Blaise Gassend, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. Controlled Physical Random Functions. In Proc. of 18th Annual Computer Security Applications Conference( ACSAC ), page 149, Washington, DC, USA, IEEE Computer Society.

121 Demonstration – Arbiter PUF
Part V: Demonstration – Arbiter PUF on Xilinx Artix-7 FPGA

122 PUF Lab Setup

123 Arbiter PUF Composed of n two-port switching stages, for an n-bit challenge size n-bit challenge => 2n possible paths Unique path selected by a challenge Arbiter gives 1-bit decision Advantages: Simple structure, low hardware overhead (each stage is designed two 2:1 MUXes)

124 PicoBlaze Microcontroller
Design Overview 128-bit Arbiter PUF PicoBlaze Microcontroller PC FPGA controls challenge response

125 Switch Design switch_2to2 (inT, inB, cT,cB, outT, outB);
input inT; // Upper input signal input inB; // lower input signal input cT; // Control input input cB; // Control input output outT; // Upper output signal output outB; // Lower output signal (*LOCK_PINS = "all"*) mux_21 MUXT( .ins({inB,inT}), .ctrls(cT), .out(outT) ); mux_21 MUXB( .ins({inT,inB}), .ctrls(cB), .out(outB) endmodule

126 Parallel Paths module switchChain #( parameter nStage = 16)( inT, inB, cT, cB, outT, outB ); input inT,inB; input [nStage-1:0] cT, cB; output outT, outB; wire [nStage:0] netT; wire [nStage:0] netB; assign outT = netT[nStage]; // Output signal from upper and lower paths assign outB = netB[nStage]; assign netT[0] = inT; // Input trigger signal for puf assign netB[0] = inB; // Generate chain of switches genvar i; generate for(i = 0; i < nStage; i = i + 1) begin:STAGE (*KEEP_HIERARCHY = "TRUE"*) switch_2to2 SW ( .inT(netT[i]), .inB(netB[i]), .cT(cT[i]), .cB(cB[i]), .outT(netT[i+1]), .outB(netB[i+1]) ); end endgenerate endmodule

127 Arbiter D 1 clk Arbiter Operation module arbiter (clk,din,dout);
input clk; input din; output reg dout; clk) begin dout <= din; end endmodule clk D 1 Arbiter Operation

128 APUF Design module apufClassic #(parameter nStage = 128)( clk, tigSignal, c,respReady,respBit); input clk, tigSignal; input [nStage-1:0] c; // Challenge for upper and lower paths output respReady, respBit; wire pathT; wire pathB; reg tigReg; assign respReady = (pathT & pathB); // status of response clk) // to reduce the bias in trigger signal tigReg <= tigSignal; // Chain of switches (*KEEP_HIERARCHY = "TRUE"*) switchChain #(.nStage(nStage) ) SWITCH_CHAIN( .inT(tigReg), .inB(tigReg), .cT(c), .cB(c), .outT(pathT), // to arbiter .outB(pathB) // to arbiter ); // Arbiter arbiter A( .din(pathT), .clk(pathB), .dout(respBit) endmodule

129 Ideal Arbiter PUF Path-pair selected by a challenge should symmetric
Nominal delay difference should be 0 It is difficult to achieve in FPGA But, we can reduce delay bias by manual placement of Switches and Arbiter

130 Placement of 128-bit APUF INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXU/Mmux_out11" BEL = A6LUT; INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXL/Mmux_out11" BEL = B6LUT; INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXU/Mmux_out11" LOC = SLICE_X2Y2; INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXL/Mmux_out11" LOC = SLICE_X2Y2; INST "APUF/SWITCH_CHAIN/STAGE[1].SW/MUXU/Mmux_out11" BEL = A6LUT; INST "APUF/SWITCH_CHAIN/STAGE[1].SW/MUXL/Mmux_out11" BEL = B6LUT; INST "APUF/SWITCH_CHAIN/STAGE[1].SW/MUXU/Mmux_out11" LOC = SLICE_X2Y3; INST "APUF/SWITCH_CHAIN/STAGE[1].SW/MUXL/Mmux_out11" LOC = SLICE_X2Y3; INST "APUF/SWITCH_CHAIN/STAGE[127].SW/MUXU/Mmux_out11" BEL = A6LUT; INST "APUF/SWITCH_CHAIN/STAGE[127].SW/MUXL/Mmux_out11" BEL = B6LUT; INST "APUF/SWITCH_CHAIN/STAGE[127].SW/MUXU/Mmux_out11" LOC = SLICE_X2Y129; INST "APUF/SWITCH_CHAIN/STAGE[127].SW/MUXL/Mmux_out11" LOC = SLICE_X2Y129; INST "APUF/tigReg" BEL = AFF; INST "APUF/tigReg" LOC = SLICE_X2Y1; INST "APUF/tigSignal_inv1_INV_0" BEL = B6LUT; INST "APUF/tigSignal_inv1_INV_0" LOC = SLICE_X3Y1; INST "APUF/ARBITER/dout" BEL = BFF; INST "APUF/ARBITER/dout" LOC = SLICE_X1Y130; INST "APUF/respReady1" BEL = A6LUT; INST "APUF/respReady1" LOC = SLICE_X1Y130;

131 Quality Metrics r2 r3 r1 r2 r3 r1 Uniqueness Reliability
PUF 1 PUF 3 PUF 2 C Devices r2 r3 r1 PUF 1 C Time r2 r3 r1 Uniformity: ratio of 0’s and 1’s in response

132 Thank You for Your Attention!


Download ppt "Physically Unclonable Function: a Promising Security Primitive for Internet of Things Debdeep Mukhopadhyay, Rajat Subhra Chakraborty, Phuong Ha Nguyen."

Similar presentations


Ads by Google