Algebraic Security Analysis of Key Generation with Physical - - PowerPoint PPT Presentation

algebraic security analysis of key generation
SMART_READER_LITE
LIVE PREVIEW

Algebraic Security Analysis of Key Generation with Physical - - PowerPoint PPT Presentation

Oct 21, 2023 756 likes •966 views

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions Matthias Hiller 1 , Michael Pehl 1 , Gerhard Kramer 2 and Georg Sigl 1,3 1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2

slide-1
SLIDE 1

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions

Matthias Hiller1, Michael Pehl1, Gerhard Kramer2 and Georg Sigl1,3

1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2 Technical University of Munich 3 Fraunhofer AISEC

PROOFS 20.08.2016 Santa Barbara

slide-2
SLIDE 2

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions

Matthias Hiller1, Michael Pehl1, Gerhard Kramer2 and Georg Sigl1,3

1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2 Technical University of Munich 3 Fraunhofer AISEC

PROOFS 20.08.2016 Santa Barbara

slide-3
SLIDE 3

Introduction PUFs

3 Algebraic Security Analysis of Key Generation with PUFs 20.08.2016

slide-4
SLIDE 4

Example: SRAM PUF

4

Guajardo et al. (CHES 2007)

Algebraic Security Analysis of Key Generation with PUFs 20.08.2016

slide-5
SLIDE 5

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions

Matthias Hiller1, Michael Pehl1, Gerhard Kramer2 and Georg Sigl1,3

1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2 Technical University of Munich 3 Fraunhofer AISEC

PROOFS 20.08.2016 Santa Barbara

slide-6
SLIDE 6

Secret Key Generation 2-part approach Secret PUF Response & Public Helper Data

Algebraic Security Analysis of Key Generation with PUFs 6

Syndrome Coding

20.08.2016

slide-7
SLIDE 7

Secret Key Generation (2)

Algebraic Security Analysis of Key Generation with PUFs 7

Need for Error Correction

520 Bit - Secret + Redundancy Reproduction with 15% Bit Error Probability

20.08.2016

slide-8
SLIDE 8

Motivation

Initial Problem: Find a simple and generic representation of PUF key generation Main Contribution: New representation shows if helper data can leak key information (upper bound, qualitative result) For quantitative results see e.g. Delvaux et al., CHES 2016

8 Algebraic Security Analysis of Key Generation with PUFs 20.08.2016

slide-9
SLIDE 9

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions

Matthias Hiller1, Michael Pehl1, Gerhard Kramer2 and Georg Sigl1,3

1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2 Technical University of Munich 3 Fraunhofer AISEC

PROOFS 20.08.2016 Santa Barbara

slide-10
SLIDE 10

Algebraic Core

10 Algebraic Security Analysis of Key Generation with PUFs

y y

Random Number R PUF Response X Helper Data W Secret S Algebraic Core A

20.08.2016

𝐁𝑀 𝐁𝑆

slide-11
SLIDE 11

Algebraic Core See paper for the algebraic cores of several key generation schemes

20.08.2016 11 Algebraic Security Analysis of Key Generation with PUFs

𝑇 𝑋 = 𝑆 𝑌 𝐁

R X S W 𝐁𝑀 𝐁𝑆

slide-12
SLIDE 12

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions

Matthias Hiller1, Michael Pehl1, Gerhard Kramer2 and Georg Sigl1,3

1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2 Technical University of Munich 3 Fraunhofer AISEC

PROOFS 20.08.2016 Santa Barbara

slide-13
SLIDE 13

Generic Security Criterion

13 Algebraic Security Analysis of Key Generation with PUFs

𝑇 = 𝑆 𝑌 𝐁𝑀 𝑋 = 𝑆 𝑌 𝐁𝑆

R X S W

20.08.2016

𝐁𝑀 𝐁𝑆

slide-14
SLIDE 14

Generic Security Criterion We define the rank loss Δ as Result without proof: No leakage between S and W if Δ = 0 S and W can only be linearly independent iff

14 Algebraic Security Analysis of Key Generation with PUFs

𝑠𝑏𝑜𝑙(𝐁) = 𝑠𝑏𝑜𝑙(𝐁𝑀) + 𝑠𝑏𝑜𝑙(𝐁𝑆) Δ = 𝑠𝑏𝑜𝑙(𝐁𝑀) + 𝑠𝑏𝑜𝑙(𝐁𝑆) − 𝑠𝑏𝑜𝑙(𝐁)

20.08.2016

R X S W 𝐁𝑀 𝐁𝑆

slide-15
SLIDE 15

Analysis of the State of the Art 𝑇 = 𝑌 W = R G + X 𝐁 = 𝟏 𝐇 𝐉 𝐉

20.08.2016 Algebraic Security Analysis of Key Generation with PUFs 15

Example: Code-Offset Fuzzy Extractor (Dodis et al., Eurocrypt 2004) (n,k,d) code with generator Matrix G

R X S W 𝐁𝑀 𝐁𝑆 𝐇 𝟏 𝐉 𝐉

slide-16
SLIDE 16

Analysis of the State of the Art 𝑠𝑏𝑜𝑙(𝐁𝑀) = 𝑜 𝑠𝑏𝑜𝑙(𝐁𝑆) = 𝑜 𝑠𝑏𝑜𝑙 𝐁 = 𝑜 + 𝑙 Δ = 𝑠𝑏𝑜𝑙(𝐁𝑀) + 𝑠𝑏𝑜𝑙(𝐁𝑆) − 𝑠𝑏𝑜𝑙 𝐁 = 2𝑜 − 𝑜 + 𝑙 = 𝑜 − 𝑙

20.08.2016 Algebraic Security Analysis of Key Generation with PUFs 16

Example: Code-Offset Fuzzy Extractor (Dodis et al., Eurocrypt 2004) (n,k,d) code with generator Matrix G

𝐁𝑀 𝐁𝑆 𝐇 𝟏 𝐉 𝐉 n n n k

slide-17
SLIDE 17

Analysis of the State of the Art Result consistent with previous work but easier to obtain (e.g. Delvaux et al., CHES 2016)

17

Example: Code-Offset Fuzzy Extractor

Algebraic Security Analysis of Key Generation with PUFs 20.08.2016

slide-18
SLIDE 18

Analysis of the State of the Art

Approach Δ Fuzzy Commitment (CCS 1999) Code Offset Fuzzy Extractor (Eurocrypt 2004) n-k Syndrome Construction (Eurocrypt 2004) n-k Parity Construction (S&P 1998) 2k-n Systematic Low Leakage Coding (ASIACCS 2015)

18 Algebraic Security Analysis of Key Generation with PUFs 20.08.2016

slide-19
SLIDE 19

Take Home Message

  • Algebraic representation of key generation for PUFs
  • Rank loss enables first security check
  • Some state-of-the-art approaches enable zero leakage

Long-term vision

  • Develop and characterize more complex approaches

19 Algebraic Security Analysis of Key Generation with PUFs 20.08.2016