end to end design of a puf based privacy
play

End-to-end Design of a PUF based Privacy Preserving Authentication - PowerPoint PPT Presentation

Nov 17, 2022 •270 likes •595 views

End-to-end Design of a PUF based Privacy Preserving Authentication Protocol Aydin Aysu (Virginia Tech) Ege Gulcan (Virginia Tech) Daisuke Moriyama (NICT) Patrick Schaumont (Virginia Tech) Moti Yung (Google/Columbia University) 1 Motivation

  1. End-to-end Design of a PUF based Privacy Preserving Authentication Protocol Aydin Aysu (Virginia Tech) Ege Gulcan (Virginia Tech) Daisuke Moriyama (NICT) Patrick Schaumont (Virginia Tech) Moti Yung (Google/Columbia University) 1

  2. Motivation PUF is attractive in implementation and theory Implementation - Investigate new construction - Analyze PUF’s data - Check environmental effect 2

  3. Motivation PUF is attractive in implementation and theory Implementation Theory - Investigate new construction - Propose PUF-based protocol - Analyze PUF’s data - Provide security model - Check environmental effect 3

  4. Motivation PUF is attractive in implementation and theory Implementation Theory - Investigate new construction - Propose PUF-based protocol - Analyze PUF’s data - Provide security model - Check environmental effect Combine!!! Development for Realistic Usage 4

  5. PUF Protocol Design has a GAP Provide provable security Theory Propose protocol GAP! Program and evaluate Imple. 5

  6. PUF Protocol Design has a GAP Provide provable security Theory Propose protocol Question: How can we implement theoretically secure (provably secure) protocol? GAP! Question: Can the PUF-based protocol be worked in a resource-constrained device? Program and evaluate Imple. 6

  7. This talk Provide provable security Theory Propose protocol PRF, RNG, MAC, Extract building blocks Fuzzy extractor,… Investigate implementation-primitives AES, BCH, HMAC,… for computing elements Estimate bit length for each variable Program and evaluate Imple. 7

  8. First Step Provide provable security Theory Propose protocol Extract building blocks Investigate implementation-primitives for computing elements Estimate bit length for each variable Program and evaluate Imple. 8

  9. Theoretical Description (core part)… Device Server PUF PRFs If , Update to 9

  10. Secure Authentication Device (Stored data 1 and 2) (PUF DB, key DB) Server Stored data 1 PUF RNG RNG RNG Fuzzy extractor randomness PRF For each DB entries (contain all PUFs), helper data Stored data 2 Encrypt Key DB Decrypt helper data RNG PUF PUF DB Fuzzy extractor PRF randomness PRF , Accept! If , Accept! 10 Update stored data to Update DBs to

  11. Secure Authentication Device (Stored data 1 and 2) (PUF DB, key DB) Server Stored data 1 PUF RNG RNG PUF is evaluated twice RNG Fuzzy extractor - First data is used for authentication - Second data is encrypted and randomness PRF For each DB entries (contain all PUFs), used for next authentication helper data Stored data 2 Encrypt Key DB Decrypt helper data RNG PUF PUF DB Fuzzy extractor PRF randomness PRF , Accept! If , Accept! 11 Update stored data to Update DBs to

  12. Secure Authentication Device (Stored data 1 and 2) (PUF DB, key DB) Server Stored data 1 PUF RNG RNG PUF is evaluated twice RNG Fuzzy extractor - First data is used for authentication - Second data is encrypted and randomness PRF For each DB entries (contain all PUFs), used for next authentication helper data Stored data 2 Encrypt Support mutual authentication Key DB Decrypt helper data RNG PUF PUF DB Fuzzy extractor PRF randomness PRF , Accept! If , Accept! 12 Update stored data to Update DBs to

  13. Secure Authentication Device (Stored data 1 and 2) (PUF DB, key DB) Server Stored data 1 PUF RNG RNG Privacy preserving authentication RNG Fuzzy extractor - No identity in communication randomness - Server mounts exhaustive search PRF For each DB entries (contain all PUFs), helper data Stored data 2 Encrypt Key DB Decrypt helper data RNG PUF PUF DB Fuzzy extractor PRF randomness PRF , Accept! If , Accept! 13 Update stored data to Update DBs to

  14. Secure Authentication Device (Stored data 1 and 2) (PUF DB, key DB) Server Stored data 1 PUF RNG RNG Privacy preserving authentication RNG Fuzzy extractor - No identity in communication randomness - Server mounts exhaustive search PRF For each DB entries (contain all PUFs), helper data Forward secure authentication Stored data 2 Encrypt - Stored data is updated Key DB Decrypt helper data RNG PUF PUF DB Fuzzy extractor PRF randomness PRF , Accept! If , Accept! 14 Update stored data to Update DBs to

  15. Abstract Description Device Server Key/PUF DB Non-VM Memory RNG Fuzzy Extractor Protocol Protocol PRF Encrypt PUF 15

  16. Third Step Provide provable security Theory Propose protocol Extract building blocks Investigate implementation-primitives for computing elements Estimate bit length for each variable Program and evaluate Imple. 16

  17. PUF & RNG Construction We select SRAM PUF and evaluated with SASEBO-GII (SRAM PUF is area efficient) x100 RNG part SRAM PUF part To avoid bias, 2-XORed is performed 8-XORed SRAM data passed NIST random test Min-entropy rate: 26% Noise rate : 10% 17

  18. Implement Fuzzy Extractor ECC part: Code-offset with (63,16,23)-BCH code Correct noise up to 11-bit in 63-bit 63-bit Original PUF data Encode randomness BCH.Encode Helper data (device side) 63-bit 16-bit Helper data 63-bit Decode Noisy PUF data Original PUF data (server side) BCH.Decode 63-bit 18

  19. Implement Fuzzy Extractor ECC part: Code-offset with (63,16,23)-BCH code 4x63-bit (=252- bit) PUF’s data Min-entropy rate: 26% 128-bit entropy in 8x63-bit PUF data Remark: 10% noise rate Correct one block (63-bit): 97.62% Need modification Correct eight blocks (8x63-bit): 82.61% 19

  20. Implement Fuzzy Extractor ECC part: Code-offset with (63,16,23)-BCH code 4x63-bit (=252- bit) PUF’s data Novelty: Apply code-offset for left- rotated PUF’s data 20

  21. Implement Fuzzy Extractor ECC part: Code-offset with (63,16,23)-BCH code Novelty: Apply code-offset for left- rotated PUF’s data -6 Correctness is improved (> 1 - 10 ) Security is also analyzed 21

  22. Implement Fuzzy Extractor Randomness extraction part: CBC-MAC based PRF + randomness 504-bit Input data + 256-bit randomness Secret key (seed) 128-bit output data PRF and this part are performed by same code We selected SIMON for the encryption algorithm 22

  23. Final Step Provide provable security Theory Propose protocol Extract building blocks Investigate implementation-primitives for computing elements Estimate bit length for each variable Program and evaluate Imple. 23

  24. Architecture Design We provide two versions: Soft-core mapping MSP430 in FPGA MSP430 w/ Micro-coded hardware implementation 24

  25. Implementation Results 64-bit 128-bit 128-bit Category Unit SW (MSP430) SW (MSP430) HW Text size 6,862 8,104 4,920 Bytes Time 562,632 1,859,754 240,814 Cycles • Fit in real MSP430 (8KB) • Cycle count includes all procedures – In SW, BCH encoding is heavy – In HW, write/read from memory is heavy 25

  26. Comparison with related works PUFKY Slender Reverse-FE This work (CHES 2012) (S&P 2012) (FC 2012) Application Key Gen Protocol Protocol Protocol Privacy No No No Yes Security No Yes (ePrint Yes (ePrint No flaws 2014/977) 2014/977) Cycle 55,310 - - 1,859,754 (SW) count 240,814 (HW) Logic cost 120 Slices 144 LUT, 658 LUT, 1221 LUT, 274 Register 496 Register 442 Register PUF RO-PUF XOR-Arbiter - SRAM PUF PUF 26

  27. Conclusions • We demonstrated how to bridge theory and implementation • Implementing secure protocol requires many steps • The proposed protocol can fit in microcontroller MSP 430: text size < 8KB (further optimization is still possible) 27

  28. Thank you for your attention! 28

  29. Appendix: Process of our code-offset ECC part: Code-offset with (63,16,23)-BCH code Noise < 12bit Noise >= 12bit 4x63-bit (=252- bit) PUF’s data 47-bit among 63-bit has been noiseless Novelty: Apply code-offset for left- rotated PUF’s data 29

  30. Appendix: Implementation Cost 64-bit 128-bit 128-bit Category Unit SW (MSP430) SW (MSP430) HW HW abstraction 1,022 1,022 1,398 Bytes Communication 496 644 628 Bytes SIMON 1604 2,440 0 Bytes Text BCH encoding 1,214 1,214 0 Bytes PUF + Fuzzy 562 646 590 Bytes RNG 396 456 396 Bytes Protocol 1,568 1,682 1,908 Bytes Total text 6,862 8,104 4,920 Bytes Variables 424 656 656 Bytes Data Constants 197 197 73 Bytes Total data 621 853 729 Bytes Fit into real MSP430 (8KB memory space) 30

  31. Appendix: Performance details 64-bit 128-bit 128-bit Category Unit SW (MSP430) SW (MSP430) HW Read stored data 31,356 61,646 61,646 Cycles RNG (SRAM) 11,552 23,341 22,981 Cycles SRAM PUF 4,384 9,082 8,741 Cycles BCH encoding 268,820 485,094 Cycles Fuzzy extractor 28,691 205,080 Cycles First PRF 39,583 299,724 18,597 Cycles Encrypt 44,355 252,829 Cycles Second PRF 57,601 394,129 Cycles Write updated data 76,290 128,829 128,849 Cycles Total cycles 562,632 1,859,754 240,814 Cycles Expensive part in SW: BCH encoding Expensive part in HW: read/write data 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government

Privacy by Design Deirdre K. Mulligan Privacy by design, why now? Legal Drivers E- Government Act of 2002 and OMB Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002 Resolution on Privacy by Design, Data Protection

556 views • 41 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by

Privacy by Design Principles of Privacy-Aware Ubiquitous Systems Marc Langheinrich Privacy by Design ETH Zurich, Switzerland www.inf.ethz.ch/~langhein Ubicomp 2001, Atlanta Contents Ubicomp 2001, Atlanta ! Privacy primer Does privacy

680 views • 22 slides
Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 17, 2015 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving

Back to the Drawing Board: Revisiting the Design of Optimal Location Privacy-preserving Mechanisms Simon Oya, Carmela Troncoso, Fernando Prez-Gonzlez 1 Motivation. Obfuscation-Based Location Privacy. Location information is sensitive.

521 views • 20 slides
Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy

PR eparing I ndustry to P rivacy-by-design by supporting its A pplication in RE search Privacy by Design A technical perspective Carmela Troncoso Gradiant The usual privacy scenario Protect personal data from third parties Data

359 views • 9 slides
Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van

Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van

Interaction-Based Privacy Threat Elicitation Laurens Sion , Kim Wuyts, Koen Yskout, Dimitri Van Landuyt, Wouter Joosen 27 th April 2018 IWPE2018 London, United Kingdom Importance of Considering Privacy by Design Number of Data Breaches

1.05k views • 62 slides
From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer

From Privacy Protection to Interface Design: Implementing Information Privacy in Human-Computer Interactions Andrew S. Patrick Steve Kenny Independent Consultant National Research Council of Canada stephen_mh_kenny@yahoo.com

407 views • 22 slides
Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design -

1.48k views • 63 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy &amp; Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Privacy as a tool for Robust Mechanism Design in Large Markets Aaron

Privacy as a tool for Robust Mechanism Design in Large Markets Aaron

Privacy as a tool for Robust Mechanism Design in Large Markets Aaron Roth Based on joint works with: Rachel Cummings, Jus;n Hsu, Zhiyi Huang, Sampath

644 views • 30 slides
CS4491-02 Fog Computing Life Cycles 1 Questions What is the life cycle of IoT systems and

CS4491-02 Fog Computing Life Cycles 1 Questions What is the life cycle of IoT systems and

CS4491-02 Fog Computing Life Cycles 1 Questions What is the life cycle of IoT systems and components? What is the impact of the application domain on these life cycles? 2 Life cycle The life cycle of a product or system is the

313 views • 14 slides
Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players

Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players

Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players Sensitivity Of Quake3 Players To Netw ork Latency and Jitter To Netw ork Latency and Jitter To Netw ork Latency and Jitter To Netw ork Latency and

218 views • 9 slides
Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing

5/7/08 Serverless networking (peer-to-peer computing) Peer-to-peer models Client-server computing servers provide special services to clients clients request service from a server Pure peer-peer computing all systems have equivalent

586 views • 20 slides
The ALMA Observing Tool, experiences from Cycle 0 Alan Bridger UK Astronomy Technology Centre

The ALMA Observing Tool, experiences from Cycle 0 Alan Bridger UK Astronomy Technology Centre

The ALMA Observing Tool, experiences from Cycle 0 Alan Bridger UK Astronomy Technology Centre Stewart McLay, Stewart Williams (UKATC) Hiroshi Yatagai (NAOJ) Marcus Schilling, Rodrigo Tobar, Andy Biggs, Rein Warmels (ESO) Overview 1. ALMA

829 views • 26 slides
1 SPEC CPU Benchmark Other SPEC Benchmarks SPEC: Standard Performance Evaluation SPECviewperf

1 SPEC CPU Benchmark Other SPEC Benchmarks SPEC: Standard Performance Evaluation SPECviewperf

What Does Performance Mean? Response time Lecture 2: Performance Evaluation A simulation program finishes in 5 minutes Methods Throughput A web server serves 5 million request per Performance definition, benchmark, second summarizing

341 views • 4 slides
301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it

301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it

301AA - Advanced Programming Lecturer: Andrea Corradini andrea@di.unipi.it http://pages.di.unipi.it/corradini/ AP-08-EE : Java EE &amp; Enterprise Java Beans Overview Java EE Multi-tier applications Components in Java EE:

656 views • 50 slides
Introductory Queueing Theory Tutorial Mor Harchol-Balter Computer Science Dept, Carnegie Mellon

Introductory Queueing Theory Tutorial Mor Harchol-Balter Computer Science Dept, Carnegie Mellon

Introductory Queueing Theory Tutorial Mor Harchol-Balter Computer Science Dept, Carnegie Mellon Univ. 1 Outline I. Basic Vocabulary Avg arrival rate, l Response time, T o o Littles Law Avg service rate, o o Exponential vs.

589 views • 47 slides
Lecture 2: Performance Todays topics: Performance trends and equations Reminders:

Lecture 2: Performance Todays topics: Performance trends and equations Reminders:

Lecture 2: Performance Todays topics: Performance trends and equations Reminders: YouTube videos, canvas, and class webpage: http://www.cs.utah.edu/~rajeev/cs3810/ 1 Important Trends Historical contributions to performance:

324 views • 21 slides

More recommend