Important Hardware Security Primitive Rajat Subhra Chakraborty - - PowerPoint PPT Presentation
Physically Unclonable Function: an Important Hardware Security Primitive Rajat Subhra Chakraborty Department of Computer Science and Engineering Indian Institute of Technology Kharagpur, West Bengal, INDIA - 721302 E-mail:
Department of Computer Science and Engineering Indian Institute of Technology Kharagpur, West Bengal, INDIA - 721302 E-mail: rschakraborty@gmail.com 3rd NKN Workshop 2014
PUF Fundamentals
Example PUF Designs
Attacks on PUFs
2
4
and instance-specific n-bit Challenge(C) PUF n-bit Response (R)
between an applied input (“challenge”) and the corresponding observed output (“response”) is dependent
5
PUFs utilize the unavoidable and unpredictable manufacturing process variation effects
modern deep-submicron MOSFET devices
process variation is a challenge, but is useful for PUF design
process variation becomes more pronounced at advanced technology nodes
Uniqueness Reliability
PUF 1 PUF 3 PUF 2
C
Devices
PUF 1 PUF 1 PUF 1
C
Time
tamper-evidence
6
Securit curity y with thout t PUF
secret keys in a secure location (NVM)
complexity to manufacturing
extract secret key from non- volatile memory
7
Securit curity y with th PUF
are used to generate secret key.
cryptographic boundary, nor be stored in a non-volatile memory
without using cryptographic operations
Authentic Device A PUF Untrusted Supply Chain / Environments ??? Challenge Response Is this the authentic Device A? =? PUF Challenge Response’ Challenge Response Database for Device A 1001010 010101 1011000 101101 0111001 000110 Record
8
public key generation algorithm
public key
Seed Public key ECC + PUF Private key Key Generation
9
10
[ Armknecht et al., ASIACRYPT 2009 ]
challenge size
by an arbiter circuit (usually, an edge-triggered D flip- flop)
(each stage is two 2:1 MUXes)
11
bank of 2n ROs
frequencies
12
response, cell address is the challenge
in regular ICs
(since SRAM modules are cleared by default on power- up)
13
SRAM PUF cell structure
inapplicable or infeasible to design PUFs
Accurate simulation of process variation is difficult Design, especially interconnect routing has to be carefully controlled to eliminate design bias (design bias adversely affects statistical quality of PUFs) FPGA implementation of SRAM PUF is very difficult (since SRAM modules are cleared by default on power-up)
14
response(s)
PUF
a semi-invasive methodology to obtain the data of interest Contactless Probing Mechanical Probing Side channel Probing Mathematical Clone Physical Clone Clone PUF
16
A PUF P with n-bit challenge and m-bit
response is considered as secure if it satisfies the following conditions:
1.
No algorithm to predict the response R produced by an arbitrary PUF instance when an arbitrary challenge with probability of success greater than 2-m
2.
No algorithm to predict the response R for an arbitrary challenge with high probability of success, with sub- exponential time and space complexity
3.
No algorithm to predict the response R for an arbitrary challenge with high probability of success, with sub- exponential data complexity. “Data” in this context is the challenge-response pair (CRP) database
[D. Lim, M.S. Thesis, MIT, 2002]
)) ( ( 2 1 )) ( ( 2 1 ) 1 (
1 1 1 1
i d s C i d p C i d
bottom i i top i i top
)) ( ( 2 1 )) ( ( 2 1 ) 1 (
1 1 1 1
i d r C i d q C i d
bottom i i top i i bottom
i
denotes the challenge bit of the i-th stage
bottom top
1 1 1 1
i i i i
n n n n n
n n n n n
Let pk be the parity of challenge bits:
1
n i i n i k
1 2 1 2 1 1
n n n n n
1 1 2 1 1
( , , , ) and ( , , , , )
n n n n
P p p p D
where
Apply Support Vector Machine (SVM) using:
classifies challenges into two classes
An Arbiter PUF is a linear classifier of random challenge vectors in n-dimensional space, where n is the total number of challenge bits
Modeling Attacks by Machine Learning (Rührmair et al.)
99.9% using 18K CRPs in 0.6 sec. (64 taps)
99% using 12K CRPs in 3 min 42 secs (4 XOR, 64 taps)
99% using 12K CRPs in 1 hour and 28 mins (4 XORs, 64 taps)
size and training set size not mentioned)
23