silicon pufs and puf based key storage
play

Silicon PUFs and PUF-based Key Storage Roel Maes Intrinsic-ID, - PowerPoint PPT Presentation

Mar 24, 2024 •465 likes •749 views

Silicon PUFs and PUF-based Key Storage Roel Maes Intrinsic-ID, Eindhoven (NL) June 6, 2014 Summerschool: Design and security of cryptographic algorithms and devices for real-world applications ibenik , Croatia Roots of Trust Entity Data

  1. Silicon PUFs and PUF-based Key Storage Roel Maes Intrinsic-ID, Eindhoven (NL) June 6, 2014 Summerschool: Design and security of cryptographic algorithms and devices for real-world applications Šibenik , Croatia

  2. Roots of Trust Entity Data security … Authentication Information Security Objectives Symmetric Public Key Hash / MAC Protocols … Ciphers Crypto Crypto Primitives Secure Randomness Key Storage … Computation Generation Execution Primitives Secure Shielded Intrusion Logistic PUFs TRNGs … Logic Storage Detection Control Physical Primitives

  3. Physical Key Storage Key Storage “Shielded” Storage ROM Fuses Flash Anti-fuses • Alternative to NVM-based key storage: Key Storage PUF-based key storage • Main advantages: PUF • Key not present when device is powered down • Key depends on device intrinsic randomness

  4. PUFs: Physically Unclonable Functions • On many levels, PUFs are more like fingerprints than like programmed keys: Human Fingerprint PUF Programmed Key No guarantee of Unique per person Unique per device uniqueness Inherent from Programmed after Inherent from birth production production Impossible to Infeasible to Easy to program “clone” humans with “clone” devices with many devices with the same fingerprints the same PUF the same key

  5. Silicon PUFs: classification & advantages • Many PUF(- like) proposals in myriad of materials, techniques, … Non-silicon PUFs, e.g. impedance variations, RF- based, … Based on process variations in standard silicon circuits: Electronic Silicon PUFs • delay-based PUFs PUFs • memory-based • … Non-electronic PUFs, e.g. paper- based, optical PUFs, … • Advantages of silicon PUFs: • Standard manufacturing with implicitly present randomness “Intrinsic PUFs” • Completely embedded in evaluating device • Easy integration with digital circuits → crypto implementations

  6. Silicon PUFs: process variations What you aim for… What you get: Silicon Process Variations What you get: e.g. speed, power, … What you design for…

  7. Silicon PUF Constructions: general idea • Silicon PUF construction = a silicon circuit whose response ( y ) is mainly determined by process variations ( PV ) and the applied challenge ( x ) • Ideal silicon PUF: y = f (PV, x) • Silicon PUFs in practice: PUF behavior y = f (PV, x; … Temp, V dd , Noise, Device age, … Unreliable Deterministic offset, Structural bias …) Biased

  8. Delay-based silicon PUFs • Silicon process variations randomly affect delay of digital circuits Process variations Digital Digital Digital Digital Circuit Circuit (1) Circuit (2) Circuit (3) • Arbiter PUF exploits race conditions between identically designed delay lines Challenge: Response: 0 1 0 1 1 0 Arbiter 0/1 Switch Block

  9. Delay-based silicon PUFs • Ring Oscillator PUFs exploit frequency variability amongst identically designed ring oscillator circuits f 1 0 , if f 1 < f 2 ? ≥ f 2 1 , if f 1 ≥ f 2 (many variants possible…) • Glitch PUF exploits variability in glitch behavior of identically designed combinatorial circuits #glitches = even ⇨ Response = 0 Combinatorial Input Toggle Logic Register Flip-flop #glitches = odd e.g. AES S-box ⇨ Response = 1 Glitch waveform Challenge = input (transition)

  10. Bi-stable memory based PUFs: SRAM PUF • Silicon process variations cause device “mismatch” Matched circuit Circuit (1) Circuit (2) Circuit (3) Process variations = < < > • SRAM PUF based on mismatch between “matched” invertors in SRAM cell V V DD A V Stable(A=1) DD (Power-up behavior) I 1 < I 2 A B I 1 Metastable I 1 > I 2 I 2 V Power up B Stable(A=0)

  11. Bi-stable memory based PUFs: SRAM PUF • Silicon process variations cause device “mismatch” Matched circuit Circuit (1) Circuit (2) Circuit (3) Process variations = < < > • SRAM PUF based on mismatch between “matched” invertors in SRAM cell V V DD A Stable(A=1) I 1 < I 2 Typical Metastable SRAM array Power-up Pattern I 1 > I 2 V Power up B Stable(A=0)

  12. Bi-stable memory based PUFs: other elements • Similar PUF behavior in other memory cells (Power-up behavior) Response Reset Latch Latch Latch PUF D Flip-flop PUF (Power-up behavior) preset Response Latch Latch clear “Butterfly” PUF Buskeeper PUF

  13. Name Fingerprint Basic PUF properties: reproducibility Alice Database Alice Chip PUF response 1 0 1 1 0 1 1 0 A 0 0 1 0 1 0 1 0 1 0 1 1 0 0 1 0 PUF 1 0 1 1 1 0 0 0 1 0 1 1 0 1 1 0 1 0 1 1 0 1 1 0 1 0 1 1 0 1 1 0 A 0 0 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 1 0 1 1 1 1 0 0 1 0 1 1 1 1 0 0 1 0 1 0 1 1 0 0 1 0 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 Intra -distance = 2 bit = 6.25% Database

  14. Basic PUF properties: uniqueness Alice Bob PUF PUF 1 0 1 1 0 1 1 0 1 1 1 0 1 1 0 0 1 1 1 0 1 1 0 0 A B 0 0 1 0 1 0 0 0 0 1 1 0 1 0 1 1 0 1 1 0 1 0 1 1 1 1 1 1 0 0 1 0 1 1 0 0 0 1 1 1 1 1 0 0 0 1 1 1 1 0 1 1 1 0 0 0 0 1 1 0 1 0 1 0 0 1 1 0 1 0 1 0 Inter -distance = 15 bit = 46.88%

  15. Basic PUF properties: unpredictability Insight Chip PUF response + PUF 1 0 1 1 0 1 1 0 Guessing A 0 0 1 0 1 0 1 0 A 1 0 1 1 0 0 1 0 1 0 1 1 1 0 0 0 1 1 0 1 1 1 1 0 1 1 0 1 1 1 1 0 1 0 1 1 0 1 1 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 0 0 0 0 1 0 1 0 1 0 0 1 0 1 1 0 0 1 0 1 0 1 1 0 0 1 1 0 1 1 0 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 1 1 0 0 0 Accurate Prediction = 20 bits = 62.5% Database Eve • Complete (100%) unpredictability = guessing every bit → 50% prediction accuracy • Use entropy to express unpredictability: – 50% accuracy → 100% entropy → 100% “guessing” and 0% “insight” – 62.5% accuracy → 95.4% entropy → 95.4% “guessing” and 4.6% “insight” Unpredictability → 95.4% entropy

  16. Basic PUF properties: “physical unclonability ” • Technical infeasibility/impossibility to create “non - unique” PUF instantiations • Due to uncontrollable random process variations Silicon Process variations variability PUF developer Minimize Regular Chip designer Chip manufacturer

  17. Silicon PUF-based applications • Device identification PUF response = PUF device ID • Device authentication PUF challenge • Some variant of: PUF PUF response = authentication secret • Cryptographic key generation CRYPTO: Key PUF Encryption, PUF response = Generator Signing, “static” source of entropy Key wrapping, for key generation … Embedded on chip

  18. Key generation/storage with Silicon PUFs • Discrepancy between PUF response and crypto key: PUF Key Generator ??? PUF Response Secure Key  Reproducible:  Reproducible: e.g. 3% intra-distance 0% failure rate  Unpredictable:  Unpredictable: e.g. 70% entropy 100% entropy • Key Generator: 1. Improves reproducibility by taking care of intra-distance of response = correct bit errors 2. Improves unpredictability by extracting unpredictable part of response = compress & accumulate entropy

  19. PUF-based key generation: Error correction • Intra-distance = 1 bit • Entropy = 70% = 22.4 bit 1 0 1 1 0 1 1 0 1 0 1 1 0 1 1 0 1 1 0 0 0 0 1 0 1 0 0 0 1 0 1 0 1 0 0 1 PUF PUF Response PUF Response 1 1 1 1 1 0 0 1 0 1 1 1 0 0 1 0 1 1 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 0 0 1 1 1 1 0 0 1 1 0 0 1 1 0 0 1 0 1 0 1 1 0 1 0 1 0 0 1 Helper Data 0

  20. PUF-based key generation: Error correction • Intra-distance = 1 bit • Intra-distance = 0 bit • Entropy = 70% = 22.4 bit • Entropy Left = 10.4 bit 1 0 1 1 0 1 1 0 1 0 1 1 0 1 1 0 1 1 1 1 0 1 1 0 1 1 0 0 0 0 0 1 0 1 0 1 0 1 0 0 0 1 1 0 1 1 0 0 0 1 0 1 0 0 0 PUF Correct PUF Response PUF Response 1 1 1 1 1 0 0 1 0 1 1 1 0 0 1 0 1 1 1 1 1 1 1 0 0 1 0 1 0 1 1 1 0 0 0 1 0 1 1 1 0 0 0 0 0 0 1 0 1 1 1 0 0 0 1 1 1 1 1 1 0 0 0 1 1 1 0 0 0 1 1 1 1 0 0 1 0 0 1 0 1 1 0 1 0 1 0 0 • Entropy Loss = 12 bit 1 Helper Data 0 • Result: reproducibility improves drastically, but unpredictability decreases due to helper data leakage

  21. PUF-based key generation: Entropy extraction 1 1 1 0 1 1 0 0 0 1 1 0 1 0 1 1 1 1 0 0 0 1 1 1 1 0 0 1 1 0 1 0 1 0 0 1 1 0 1 0 1 0 0 1 0 0 1 1 0 1 0 0 1 0 1 1 0 1 1 0 0 1 1 1 1 0 0 0 1 0 0 0 1 0 1 0 0 0 1 1 1 1 0 0 1 0 1 0 1 1 1 0 0 0 Corrected PUF Response Secure Key 0 0 0 0 1 1 1 0 Compress 1 1 0 0 1 1 0 1 1 1 0 0 1 0 1 1 0 0 1 1 1 1 0 1 Key Length: 30 bit PUF Response Length: 96 bit Accumulated Entropy: 31.2 bit • Result: Sufficient unpredictability achieved by accumulating and compressing response bits • Extracted key length ≤ total accumulated entropy

  22. PUF-based key generation: Fuzzy Extractor • Combination of error correction and entropy extraction: Key Generator 1 0 1 1 0 1 1 0 1 0 0 1 0 1 0 0 0 0 1 1 1 1 0 0 1 0 1 PUF 1 0 1 1 1 0 0 0 0 1 1 0 1 0 1 0 0 1 0 1 1 0 1 0 1 0 0 1 Helper Data 0

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sili Silicon Valley Silicon Valley ll Energy Storage Symposium Energy Storage Symposium gy g

Sili Silicon Valley Silicon Valley ll Energy Storage Symposium Energy Storage Symposium gy g

Sili Silicon Valley Silicon Valley ll Energy Storage Symposium Energy Storage Symposium gy g y p May 30, 2012 Microsoft Auditorium Mountain View, California , Media Partners Media Partners Event Partners Event Partners Exhibitors

1.07k views • 76 slides
PV Technology Based on Crystalline Silicon Wafers Manufacturing of Crystalline Silicon Week 4.2

PV Technology Based on Crystalline Silicon Wafers Manufacturing of Crystalline Silicon Week 4.2

PV Technology Based on Crystalline Silicon Wafers Manufacturing of Crystalline Silicon Week 4.2 Arno Smets Monocrystalline Multicrystalline The processing of silicon Quartzite Metallurgical silicon Movie 1 The processing of silicon

580 views • 18 slides
The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES, September 16 th ,

The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES, September 16 th ,

The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES, September 16 th , 2015 Georg T. Becker Horst Grtz Institute for IT-Security, Ruhr University Bochum 1 Agenda The Promise Strong PUFs: A lightweight, secure

726 views • 37 slides
Depletable Storage Systems Vijayan Prabhakaran Mahesh Balakrishnan, John Davis, Ted Wobber

Depletable Storage Systems Vijayan Prabhakaran Mahesh Balakrishnan, John Davis, Ted Wobber

Depletable Storage Systems Vijayan Prabhakaran Mahesh Balakrishnan, John Davis, Ted Wobber Microsoft Research, Silicon Valley Depletable Storage Systems Traditional disk based storage systems Space is the primary resource constraint

379 views • 10 slides
Stretchable and Flexible Stretchable and Flexible Silicon Silicon- -based Solar Cell Arrays

Stretchable and Flexible Stretchable and Flexible Silicon Silicon- -based Solar Cell Arrays

Stretchable and Flexible Stretchable and Flexible Silicon Silicon- -based Solar Cell Arrays based Solar Cell Arrays Y. Huang Depts. of Civil and Environmental Eng. and Mechanical Eng. Northwestern University Collaborator: J.A. Rogers

599 views • 24 slides
Security Evaluation and Enhancement of Bistable Ring PUFs RFIDSec, June 23, 2015 (1) , Ulrich

Security Evaluation and Enhancement of Bistable Ring PUFs RFIDSec, June 23, 2015 (1) , Ulrich

Security Evaluation and Enhancement of Bistable Ring PUFs RFIDSec, June 23, 2015 (1) , Ulrich Rhrmair (2) Xiaolin Xu (1) and Wayne Burleson (1) Daniel Holcomb (1) UMass Amherst (2) HGI, U Bochum This material is based upon work supported

257 views • 23 slides
PUFs using a Single Enrollment Vincent van der Leest (Intrinsic-ID) Bart Preneel (KU Leuven and

PUFs using a Single Enrollment Vincent van der Leest (Intrinsic-ID) Bart Preneel (KU Leuven and

Soft Decision Error Correction for Compact Memory-Based PUFs using a Single Enrollment Vincent van der Leest (Intrinsic-ID) Bart Preneel (KU Leuven and IBBT) Erik van der Sluis (Intrinsic-ID) CHES workshop 2012, Leuven Tuesday, September 11,

335 views • 15 slides
Secure Key Generation from Biased PUFs Roel Maes, Vincent van der Leest, Erik van der Sluis

Secure Key Generation from Biased PUFs Roel Maes, Vincent van der Leest, Erik van der Sluis

Secure Key Generation from Biased PUFs Roel Maes, Vincent van der Leest, Erik van der Sluis (Intrinsic-ID) Frans Willems (TU Eindhoven) Introduction PUF-based key generation Key Response Key PUF Generation Helper Data Noisy Key Key

496 views • 16 slides
A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage

. . A Simulation-based Evaluation of a Hybrid Storage System combining P2P, F2F, and Cloud storage with a Distributed Reputation System Anders Skoglund andsk668@student.liu.se November 04, 2013 . Cloud storage P2P storage F2F storage

660 views • 36 slides
Silicon Valley Advanced Water Purification Center Product Water Inter-Process Storage Tank

Silicon Valley Advanced Water Purification Center Product Water Inter-Process Storage Tank

Silicon Valley Advanced Water Purification Center Product Water Inter-Process Storage Tank Chemical Tank Storage Process Building | Advanced water purification technology San Jose/Santa Clara WPCP Secondary Effluent (TDS = 750 ppm)

348 views • 15 slides
Dynamic Storage Dynamic Storage Federation Federation based on open protocols based on open

Dynamic Storage Dynamic Storage Federation Federation based on open protocols based on open

EGI Community Forum 2013 Dynamic Storage Dynamic Storage Federation Federation based on open protocols based on open protocols Oliver Keeble Adrien Devresse Ricardo Brito da Rocha (presenter) Alejandro Alvarez Fabrizio Furano Patrick

444 views • 21 slides
Silicon Labs Corporate Overview J A N U A R Y 2 0 2 0 The leader in silicon, software and

Silicon Labs Corporate Overview J A N U A R Y 2 0 2 0 The leader in silicon, software and

Silicon Labs Corporate Overview J A N U A R Y 2 0 2 0 The leader in silicon, software and solutions for a smarter, more connected world. Silicon Labs REVENUE FOUNDED IN 1996 $868M $838M A leading provider of silicon, software $698M $769M and

624 views • 27 slides
Error Correcting Codes for DNA based Data Storage Shubham Chandak Stanford University ISMB/ECCB

Error Correcting Codes for DNA based Data Storage Shubham Chandak Stanford University ISMB/ECCB

Error Correcting Codes for DNA based Data Storage Shubham Chandak Stanford University ISMB/ECCB 2019 Outline Motivation DNA storage setup Illumina sequencing-based DNA storage Nanopore sequencing-based DNA storage

858 views • 59 slides
Enabling Silicon-as-a-Service ENABLING SILICON-AS-A-SERVICE Algodone at a Glance When/Where

Enabling Silicon-as-a-Service ENABLING SILICON-AS-A-SERVICE Algodone at a Glance When/Where

Adding SALT TM to Product Lifecycle Management (PLM) for IP tracking and Silicon Configuration Enabling Silicon-as-a-Service ENABLING SILICON-AS-A-SERVICE Algodone at a Glance When/Where Founders Vision Technology Jrme Rampon Founded

712 views • 16 slides
Bridging Pre- and Post-silicon Debugging with BiPeD Andrew DeOrio Jialin Li and Valeria Bertacco

Bridging Pre- and Post-silicon Debugging with BiPeD Andrew DeOrio Jialin Li and Valeria Bertacco

Bridging Pre- and Post-silicon Debugging with BiPeD Andrew DeOrio Jialin Li and Valeria Bertacco University of Michigan ICCAD Simulation - based Verification Session November 2012 Verification Opportunities Pre-Silicon Post-Silicon -

409 views • 29 slides
Silicon Europe - your connection to innovative European SMEs! www.silicon-europe.eu Silicon

Silicon Europe - your connection to innovative European SMEs! www.silicon-europe.eu Silicon

Silicon Europe - your connection to innovative European SMEs! www.silicon-europe.eu Silicon Europe Alliance: Our ambition In the context of the European Commission actions towards the digital single market, our ambition is to foster cooperation

149 views • 13 slides
Using Thymeleaf as a Templating Language for Java Web MVC Jay Aisenbrey Broadleaf Commerce Open

Using Thymeleaf as a Templating Language for Java Web MVC Jay Aisenbrey Broadleaf Commerce Open

Using Thymeleaf as a Templating Language for Java Web MVC Jay Aisenbrey Broadleaf Commerce Open source, Java-based eCommerce framework Enterprise features Order Management System Content Management System Multi-Tenant

417 views • 29 slides
Disclosures I have no disclosures. CNS INFECTIONS: PEARLS AND PERILS Felicia Chow, MD, MAS

Disclosures I have no disclosures. CNS INFECTIONS: PEARLS AND PERILS Felicia Chow, MD, MAS

3/12/2019 Disclosures I have no disclosures. CNS INFECTIONS: PEARLS AND PERILS Felicia Chow, MD, MAS Assistant Professor University of California, San Francisco March 28, 2019

392 views • 17 slides
Welcome Submit questions / comments via the webcast Comment cards RA-PDBIKEPEDPA@pa.gov

Welcome Submit questions / comments via the webcast Comment cards RA-PDBIKEPEDPA@pa.gov

Statewide Bicycle and Pedestrian Master Plan Welcome Submit questions / comments via the webcast Comment cards RA-PDBIKEPEDPA@pa.gov Statewide Bicycle and Pedestrian Master Plan Statewide Bicycle and Pedestrian Master Plan Statewide Bicycle

629 views • 24 slides
L0: INTRODUCTION 18-545: ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA 18-545:

L0: INTRODUCTION 18-545: ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA 18-545:

L0: INTRODUCTION 18-545: ADVANCED DIGITAL DESIGN PROJECT FALL 2015 BRANDON LUCIA 18-545: Advanced Digital Design Project Digital system capstone design project Spend the entire semester working on a single project Work in teams of 3 people

976 views • 50 slides
Creating transcription helper f u nctions SP OK E N L AN G U AG E P R OC E SSIN G IN P YTH ON

Creating transcription helper f u nctions SP OK E N L AN G U AG E P R OC E SSIN G IN P YTH ON

Creating transcription helper f u nctions SP OK E N L AN G U AG E P R OC E SSIN G IN P YTH ON Daniel Bo u rke Machine Learning Engineer / Yo u T u be Creator E x ploring a u dio files # Import os module import os # Check the folder of

816 views • 46 slides
The BIST History of FPGAs FPGAs The BIST History of The BISTory BISTory of of FPGAs FPGAs

The BIST History of FPGAs FPGAs The BIST History of The BISTory BISTory of of FPGAs FPGAs

The BIST History of FPGAs FPGAs The BIST History of The BISTory BISTory of of FPGAs FPGAs The Chuck Stroud Chuck Stroud Electrical and Computer Engineering Electrical and Computer Engineering Auburn University Auburn University 1

685 views • 42 slides
Imaging biomarkers in oncologic liver disease Bernard Van Beers Laboratory of Imaging Biomarkers

Imaging biomarkers in oncologic liver disease Bernard Van Beers Laboratory of Imaging Biomarkers

Imaging biomarkers in oncologic liver disease Bernard Van Beers Laboratory of Imaging Biomarkers INSERM UMR1149 University Paris Diderot Department of Radiology Beaujon University Hospital Paris Nord Imaging biomarkers Imaging

711 views • 25 slides
Adversarial Networks : When fake never looked so real Evan Ntavelis 1,2 Dr. Iason Kastanis 1

Adversarial Networks : When fake never looked so real Evan Ntavelis 1,2 Dr. Iason Kastanis 1

Generative Adversarial Networks : When fake never looked so real Evan Ntavelis 1,2 Dr. Iason Kastanis 1 Philipp Schmid 1 {ens, iks, psd}@csem.ch 1. Robotics &amp; Machine Learning CSEM SA 2. Computer Vision Lab ETH Zrich CSEM at a glance

475 views • 18 slides

More recommend