the need for hardware roots of trust
play

The need for hardware roots of trust Ingrid Verbauwhede KU Leuven, - PDF document

Sep 08, 2023 •481 likes •799 views

Ingrid Verbauwhede 6/21/19 The need for hardware roots of trust Ingrid Verbauwhede KU Leuven, ESAT - COSIC ibenik June 21, 2019 Slides credit: Milo Gruji , Jeroen Delvaux, Kent Chuang, Adriaan Peetermans, Roel Maes and other PhD

  1. Ingrid Verbauwhede 6/21/19 The need for hardware roots of trust Ingrid Verbauwhede KU Leuven, ESAT - COSIC Š ibenik June 21, 2019 Slides credit: Milo š Gruji ć , Jeroen Delvaux, Kent Chuang, Adriaan Peetermans, Roel Maes and other PhD students Outline Ø Implementation Challenges Ø Hardware roots of trust Ø PUFs Ø TRNG Ø Conclusions 2 1 Sibenik, Croatia, June 21, 2019

  2. Ingrid Verbauwhede 6/21/19 Internet of Everything – IOT – Industry4.0 E-… • Internet of things • E-health, e-commerce • E-voting, e-… • Smart grid • Big data [IMEC, HUMAN++] Anything E- or Smart needs security 3 How the crypto protocol paper sees it: Some calculations are on the arrows? 4 Source: J.Hermans, et al., “Proper RFID Privacy: Model and Protocols,” IEEE Trans on Mobile computing, 2014 2 Sibenik, Croatia, June 21, 2019

  3. Ingrid Verbauwhede 6/21/19 Protocol relies on secrets and random numbers 5 Source: J.Hermans, et al., “Proper RFID Privacy: Model and Protocols,” IEEE Trans on Mobile computing, 2014 Root of Trust DESIGN METHODS: DECOMPOSE IN COMPONENTS • Application: secure communication • Algorithms: public key, secret key, relies on secret key, post-quantum Confidentiality Confidentiality Integrity Integrity Integrity Identification Identification Identification • Architecture: Hardware/Software platform, Sancus Cipher Design, Biometrics • Micro-architecture: crypto co- Java Java processors, instruction set extension, JCA JCA JVM KVM • Logic circuits and (secure) memory CPU CPU • TRNGs and PUFs Crypto MEM MEM Vcc Vcc D D Mem Q Q PUF CLK CLK [DATE2007] “A root of trust is a component at a lower abstraction layer, upon which the system relies for its security.” 6 3 Sibenik, Croatia, June 21, 2019

  4. Ingrid Verbauwhede 6/21/19 How to store a secret? Permanently: e.g. for a master key • Fuses: large, visible, limited numbers • Non-volatile memory: extra processing • Battery-backed SRAM, cumbersome, battery can die • PUFs: physically unclonable functions = a cost-efficient replacement technology for secure non-volatile memory (NVM) [PhD Jeroen Delvaux] 7 Silicon PUF: An unique fingerprint of a chip • PUF can be viewed as an unique fingerprint of a chip • Comes from random process variations • Various implementations and applications Key generation “0” “1” “1” “0” Anti-counterfeit 501.1 MHz 498.2 MHz 01011 ... 010 Digital ID IP protection ··· Chip fingerprint Entity authentication “0” “1” “1” “0” 8 4 Sibenik, Croatia, June 21, 2019

  5. Ingrid Verbauwhede 6/21/19 Silicon PUFs - Variability Silicon Biometrics ● Variability in transistors and interconnect ● In general undesired, except for PUFs ● Random dopant fluctuation ● Tox ● Line edge/width roughness ● Crucial design challenge with CMOS down scaling (Moore‘s law) ● Pelgrom‘s law: σ 2 ~ 1/WL (Marcel Pelgrom, Dutch engineer) MOSFET 9 More opportunities brought by scaling • Even more challenging to manufacture identical devices in scaled technologies o Moore’s Law o 40nm à 28nm à 16nm à 7nm à ... • More variability comes from: o More processing steps o Decreased size (e.g. 2nm difference à 5% in 40nm and 30% in 7nm) o New materials Gate Source Source: imec Source: imec Drain More variability Planar Gate all-around FinFET to be expected Transistor design roadmap 10 5 Sibenik, Croatia, June 21, 2019

  6. Ingrid Verbauwhede 6/21/19 The ideal PUF? Chip-dependent binary func8on with 128b 128b noisy output 1CA7 3402 F640 B545 0A13 AF01 A758 3C58 Evalua8on 1 3F5A 5B76 5889 3425 5245 EF32 154B 4467 ≈ 1-15% noise IC 1 1BA7 3402 F642 B545 Evalua8on 2 3F5A 5BA6 5889 3435 128b 128b 34D2 1CF0 3492 1F52 Evalua8on 1 0A13 AF01 A758 3C58 A078 265D 1C03 2604 5245 EF32 154B 4467 IC 2 34D0 1CE0 3492 1F72 Evalua8on 2 ≈ 1-15% noise A078 665D 1C03 260A IDEAL PUF is without noise 11 Two design methodologies Dream 1: IDEAL PUFS don‘t exist.. Strong PUF Weak PUF r 11 r 12 r 13 c 1 r 1 r 21 r 22 r 23 r 31 r 32 r 33 # outcomes # outcomes exponential linear # elements # elements 12 6 Sibenik, Croatia, June 21, 2019

  7. Ingrid Verbauwhede 6/21/19 Weak PUF An array of identically designed circuit elements ● Each producing 1 (or a few) response bit(s) ● High-quality response bits, i.e., high entropy ● Limited number of bits, e.g., a few 1000s ● Weak because of limited response size, but the best in reality ● E.g., SRAM PUF, spot-break-down PUF ● IC Typical application: key generation ● E.g. 128-bit AES 13 SRAM PUF – a classic weak PUF • 2D array of 1-bit memory cells • Variability: mismatch between the cross-coupled inverters • Volatile: data is cleared after power-off I 1 “1” “0” I 2 Two possible outcomes after power-up I 1 “0” “1” I 2 I 2 I 1 6T-SRAM cell Bi-stable states 14 7 Sibenik, Croatia, June 21, 2019

  8. Ingrid Verbauwhede 6/21/19 Transistor variations determines PUF bits • Assume one of the transistors is much weaker than others • Four extreme cases “0” “1” “1” “0” “0” “1” “1” “0” 15 Strong PUF Finite number of physical building blocks combined with mathematical operations ● E.g., sum of delays, currents, voltages etc. ● Can produce a gazillion of response bits (2 128 ) è Strong ● Low-quality bits: highly correlated, low-entropy ● IC E.g., arbiter PUF ● + Typical application: ● IC authentication + >0 + response r = + 01100110 16 8 Sibenik, Croatia, June 21, 2019

  9. Ingrid Verbauwhede 6/21/19 Arbiter PUF – based on timing differences Arbiter ··· 0/1 Response “1” “0” “0” “1” Challenge N-bit challenge 0 à 2 N possible CRPs (Strong PUF) 1 1 [Lee, VLSIC 2004] 0 [Gassend, 2004] 17 Arbiter PUF is not an ideal strong PUF • Linear additive structure: sum of delays • Similar challenges à similar responses Arbiter ··· 0/1 “1” “0” “0” “1” C 1 : Δ t 1,1 + Δ t 2,0 + + Δ t N-1,0 + Δ t N,0 = Δ t 1 Change only “1” “0” “1” “1” C 2 : one bit Not likely to Δ t 1,1 + Δ t 2,0 + + Δ t N-1,1 + Δ t N,0 = Δ t 1 - Δ t N-1,0 + Δ t N-1,1 change sign Addition of N elements >> Difference of one element 18 9 Sibenik, Croatia, June 21, 2019

  10. Ingrid Verbauwhede 6/21/19 Strong PUF problem: responses easily predicted • CRPs are highly correlated: low entropy à Prone to machine learning (ML) attacks Experimental results on 65 nm CMOS: only a few 1000 CRPs are sufficient to model the PUF with high accuracy [Hospodar, WIFS 2012] [Ruhrmair, ACM CCS 2010] 19 Arbiter PUFs: XOR Variant • Arbiter PUF: original MIT work • UNIQUE project result 3% Challenge: 47% 0 1 0 1 1 0 Arbiter 0/1 ≈7% 46% Switch Block Temp./Volt. variation 0 1 0 1 1 0 Arbiter 6% Response: 49% 0/1 Arbiter Arbiter 20 UNIQUE ASIC results 10 Sibenik, Croatia, June 21, 2019

  11. Ingrid Verbauwhede 6/21/19 Arbiter PUF – XOR Variant XOR the response of multiple chains ● More resistant against machine learning ● # CRPs in training set ↑ ● Training time ↑ ● Unfortunately, noise amplification as well ● Example: Becker et al. at CHES 2015 ● 21 [Ruhrmair, IEEE TIFS 2013] Dream or future research? Wish a strong PUF: • Finite number of elements • Gazillion Challenge Response Pairs IC • Non-linear combination to resist modeling attacks: ideally cryptographic functions + • BUT: noise amplification makes output not useful + >0 + Dream: strong PUF from finite number of response r = + 01100110 elements, resistant to modeling, noise tolerant Maybe: computational security? 22 11 Sibenik, Croatia, June 21, 2019

  12. Ingrid Verbauwhede 6/21/19 Weak SRAM PUF: Basics 6T CMOS SRAM Cell <12% 3.8% 6.5% 50% 43.2% 49.3% Holcomb et al. 2009, Holcomb et al. 2007, Guajardo et al. 2007, Commercial SRAM Embedded SRAM FPGA SRAM temp./volt. var. 23 PUF behavior of SRAM in commodity micro-controller Black box approach (off the shelf micro-controllers) Within and between Average bit value (%) • PIC16F1825 class HD (%) • STM32F100R8 Within Class 24 [PhD Anthony VH] 12 Sibenik, Croatia, June 21, 2019

  13. Ingrid Verbauwhede 6/21/19 PUF behavior of SRAM in commodity micro-controller Black box approach (off the shelf micro-controllers) Within and between Average bit value (%) • PIC16F1825 class HD (%) • STM32F100R8 Between Class Needs post-processing to create key! 25 Reliability • PUF responses are not exactly reproducible o At different time o In different environment PUF response r 1 = #1: 10100100101010001... #2: 101 1 0100 0 01010001... #3: 101001 1 0101010001... 26 13 Sibenik, Croatia, June 21, 2019

  14. Ingrid Verbauwhede 6/21/19 Short-term reliability (data stability) • PUF response changed temporarily caused by: o Environment change (external) o Internal fluctuation External: Internal - Temperature - White noise - Supply voltage - Flicker noise - Humidity - Cross-talk - Radiation - Glitch - ... - ... How to improve the short-term reliability? 27 Good reliability is crucial • Error correction codes need to be stored à NVM needed • Why not just store the key in NVM? Key in NVM PUF-based key generator integrated circuit (IC) NVM Extraction Interface Readout (ROM/Flash) Entropy NVM 128-bit Secret key Error Correction n-bit k-bit CRYPTO No clear benefit Make it Need to go! in terms of cost stable 28 14 Sibenik, Croatia, June 21, 2019

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hardware is too important to trust U NTRUSTED C OMPUTING B ASE : blindly Detecting and Removing

Hardware is too important to trust U NTRUSTED C OMPUTING B ASE : blindly Detecting and Removing

Overcoming an Hardware is too important to trust U NTRUSTED C OMPUTING B ASE : blindly Detecting and Removing Malicious Hardware Automatically Rest of the system Matthew Hicks Murph Finnicum Samuel T. King University of Illinois

428 views • 9 slides
HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim

HOST Introduction ECE 525 Hardware-Oriented Security and Trust (HOST) Instructor: Prof. Jim Plusquellic Text: The Hardware Trojan War: Attacks, Myths, and Defenses, Chapter 10, J. Plusquellic and F. Saqib, &quot;Detecting Hardware

293 views • 6 slides
Roots Slide 4 / 180 The symbol for taking a square root is , it is a radical sign. The

Roots Slide 4 / 180 The symbol for taking a square root is , it is a radical sign. The

Slide 1 / 180 Radicals and Rational Exponents Slide 2 / 180 Roots and Radicals Table of Contents: Square Roots Intro to Cube Roots n th Roots Irrational Roots Rational Exponents Operations with Radicals Addition and Subtraction

1.18k views • 60 slides
TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone

TPM Genie Attacking the Hardware Root of Trust For Less Than $50 Introduction Jeremy Boone @uffeux Principal Consultant @ NCC Group Focus on hardware and embedded systems security Previously: 10 years product security @

1.41k views • 54 slides
Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient

Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient

/INFOMOV/ Optimization &amp; Vectorization J. Bikker - Sep-Nov 2018 - Lecture 12: Multithreading Welcome! Todays Agenda: Introduction Hardware Trust No One / An Efficient Pattern Experiments Final

517 views • 31 slides
Roots unrooted Pavel Caha The morphologists view: Roots vs. affixes 1/28 Roots: the

Roots unrooted Pavel Caha The morphologists view: Roots vs. affixes 1/28 Roots: the

Roots unrooted Pavel Caha The morphologists view: Roots vs. affixes 1/28 Roots: the morphologists view Aronoff (1994): A root is what is left when all morphological structure has been wrung out of a form. (1) Czech conjugation sg.

1.66k views • 66 slides
Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com

Hardware Trojans: A Threat for CyberSecurity Julien Francq julien.francq@cassidian.com Cassidian CyberSecurity 2013, July the 8th Introduction to Hardware Trojans Hardware Trojan Taxonomy HT Detection Methods Design for Hardware Trust

1.57k views • 74 slides
I : Newstead definitions Basic mob of unity in a study as subgroups of # roots of

I : Newstead definitions Basic mob of unity in a study as subgroups of # roots of

Roots of Unity Basics of Roots of Unity I : Newstead definitions Basic mob of unity in a study as subgroups of # roots of unity F roots of a field , then The Define If F is nth root of unity the called c- FIX ] - I &quot;

228 views • 10 slides
Scaling Outreach in Immigrant Communities Revolution English - Our Roots Who we are Our roots

Scaling Outreach in Immigrant Communities Revolution English - Our Roots Who we are Our roots

Scaling Outreach in Immigrant Communities Revolution English - Our Roots Who we are Our roots 2014-15: Labor &amp; immigrant rights organizations came together to engage &amp; mobilize a broad audience of immigrants Interviewed 500

149 views • 12 slides
From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi Technische Universitt

From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi Technische Universitt

Hardware-assisted Security: : From Trust Anchors to Melt ltdown of f Trust Ahmad-Reza Sadeghi Technische Universitt Darmstadt &amp; Intel Collaborative Research Institute for Collaborative &amp; Resilient Autonomous Systems His istorical

1.95k views • 178 slides
VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to

The Business of Making Strategies for Success from Startup to Exit Hardware and Robotic Startup Accelerator what hardware used to be . VC. VC. Hardware Startup The Hardware Revolu/on The Hardware Revolution Removing Barriers to Entry Open

604 views • 32 slides
Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security

SP SPACE ACE 201 2016 Sec Secure ure Hardware Hardware and Hardware and Hardware- En Enabled abled Security Security: : New Front New Frontiers iers Swarup Bhunia Professor Electrical &amp; Computer Engineering SPACE | Dec 2016 1

607 views • 29 slides
Community Theatre What are we evaluating? Counter-cultural roots The roots of community

Community Theatre What are we evaluating? Counter-cultural roots The roots of community

Community Theatre What are we evaluating? Counter-cultural roots The roots of community theatre are to be found in various forms of counter-cultural, radical, anti- and post- colonial, educational and liberational theatres of the 60s/70s.

684 views • 23 slides
FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust

FT Consultation An NHS Foundation Trust The Trust is applying to become an NHS Foundation Trust Your Local Mental Health NHS Trust Implementation of Involvement Agenda National accreditation for Memory Service Team (Bloxwich Hospital)

763 views • 14 slides
PGP web of trust Web of trust From:

PGP web of trust Web of trust From:

PGP web of trust Web of trust From: h2p://pgp.cs.uu.nl/plot/ The PGP web of trust can be viewed as a directed graph where the points are

558 views • 10 slides
7. Iterative Methods: Roots and Optima Citius, Altius, Fortius! 7. Iterative Methods: Roots and

7. Iterative Methods: Roots and Optima Citius, Altius, Fortius! 7. Iterative Methods: Roots and

Relaxation Methods Minimization Methods Non-Linear Equations Multigrid Applications 7. Iterative Methods: Roots and Optima Citius, Altius, Fortius! 7. Iterative Methods: Roots and Optima Numerical Programming I (for CSE), Hans-Joachim

846 views • 42 slides
Analysis of Network Flow Data Gonzalo Mateos Dept. of ECE and Goergen Institute for Data Science

Analysis of Network Flow Data Gonzalo Mateos Dept. of ECE and Goergen Institute for Data Science

Analysis of Network Flow Data Gonzalo Mateos Dept. of ECE and Goergen Institute for Data Science University of Rochester gmateosb@ece.rochester.edu http://www.ece.rochester.edu/~gmateosb/ April 26, 2016 Network Science Analytics Analysis of

1.02k views • 86 slides
1 Telecommunications Conference Deutsche Bank 2009 Media &amp; March 2-4, 2009 Safe Harbor

1 Telecommunications Conference Deutsche Bank 2009 Media &amp; March 2-4, 2009 Safe Harbor

1 1 Telecommunications Conference Deutsche Bank 2009 Media &amp; March 2-4, 2009 Safe Harbor Safe Harbor This presentation and managements public commentary contain certain forward-looking statements that are subject to risks and

591 views • 32 slides
Quantitative Genomics and Genetics BTRY 4830/6830; PBSB.5201.01 Lecture 26: Introduction to

Quantitative Genomics and Genetics BTRY 4830/6830; PBSB.5201.01 Lecture 26: Introduction to

Quantitative Genomics and Genetics BTRY 4830/6830; PBSB.5201.01 Lecture 26: Introduction to Bayesian MCMC and wrap-up (last class!) Jason Mezey jgm45@cornell.edu May 12, 2020 (T) 8:40-9:55 Announcements Reminder: Project due 11:59PM

1.03k views • 90 slides
Advisory Panel on Rare Disease Fall 2014 Meeting Washington, DC October 7, 2014 9:00 a.m. to

Advisory Panel on Rare Disease Fall 2014 Meeting Washington, DC October 7, 2014 9:00 a.m. to

Advisory Panel on Rare Disease Fall 2014 Meeting Washington, DC October 7, 2014 9:00 a.m. to 4:30 p.m. EST 1 Welcome and Plans for the Day Bryan Luce, PhD, MBA, Chief Science Officer, PCORI Marshall L. Summar, MD, Chair, Advisory Panel

716 views • 56 slides
Geoneutrino flux measurement with Borexino detector Oleg Smirnov, JINR, Dubna on behalf of

Geoneutrino flux measurement with Borexino detector Oleg Smirnov, JINR, Dubna on behalf of

Geoneutrino flux measurement with Borexino detector Oleg Smirnov, JINR, Dubna on behalf of Borexino collaboration International Workshop Neutrino Research and Thermal Evolution of the Earth October 25 27, 2016, Sendai, Japan Mnchen

477 views • 28 slides
Disclosures Clinical Approach: Evaluating Industry relationships: CTD-ILD for the

Disclosures Clinical Approach: Evaluating Industry relationships: CTD-ILD for the

11/5/2016 Disclosures Clinical Approach: Evaluating Industry relationships: CTD-ILD for the pulmonologist Actelion, aTyr Pharma, Boehringer-Ingelheim, Genentech- Roche, Gilead Aryeh Fischer, MD Associate Professor of Medicine Division

527 views • 13 slides
Disclosures Lung transplantation in occupational None and environmental lung diseases Jonathan

Disclosures Lung transplantation in occupational None and environmental lung diseases Jonathan

2/28/2017 Disclosures Lung transplantation in occupational None and environmental lung diseases Jonathan Singer, MD MS Assistant Professor of Medicine UCSF Lung Transplant Program Division of Pulmonary, Critical Care, Allergy, and Sleep

637 views • 15 slides
Vocal fold injection Joseph C. Sniezek, MD FACS COL, MC Tripler Army Medical Center 1 Medical

Vocal fold injection Joseph C. Sniezek, MD FACS COL, MC Tripler Army Medical Center 1 Medical

Vocal fold injection Joseph C. Sniezek, MD FACS COL, MC Tripler Army Medical Center 1 Medical Lectures: 1.Me 2.You Injection laryngoplasty 2 Sniezeks single 5 patients: 2/5 successful injection laryngoplasty in office 2/5 unsuccessful with

146 views • 14 slides

More recommend