www.unique-project.eu
Exchange of security-critical data Computing Device Computing Device generates, stores and processes security-critical information 2 PUFs: Myth, Fact or Busted? CHES 2012
However: Cryptographic secrets can be leaked by physical attacks Invasive Attacks Side-Channel Analysis (mechanical probing, FIB, etc.) (SPA, DPA, timing, fault injection, etc.) Algorithmic Requires physical protection mechanisms countermeasures exist 3 PUFs: Myth, Fact or Busted? CHES 2012
4 PUFs: Myth, Fact or Busted? CHES 2012
Challenge Response Integrated circuit Hardware Fingerprint (contains PUF) (unique intrinsic device identifier) PUFs exploit random variations of manufacturing process that make each individual sample of a device unique on the physical level 5 PUFs: Myth, Fact or Busted? CHES 2012
Word line 1 0/1 0 SRAM cell Bit line 𝑹 Bit line 𝑹 SRAM cell: pair of cross-coupled inverters • Inverters designed identically SRAM block • Identical inverters mean state 0 and 1 is equiprobable (array of SRAM cells) at power-up (when bit lines are undefined) Manufacturing variations affect properties of inverters challenge = memory address • Most cells are biased towards 0 or 1 at SRAM power-up response = memory content 6 PUFs: Myth, Fact or Busted? CHES 2012
• Unclonability PUF is unique due to unpredictable variations of manufacturing process • Robustness PUF always returns similar PUF responses when queried with the same challenge • Unpredictability Fundamental for PUF-based PUF’s challenge/response behavior is pseudo-random crypto/security primitives • Tamper-evidence Physical analysis of PUF changes its challenge/response behavior 7 PUFs: Myth, Fact or Busted? CHES 2012
• Device identification/authentication (e.g., anti-counterfeiting) • Secure key-storage • Binding hardware and software (e.g., IP protection) • Building block in cryptographic and security solutions (e.g., encryption/attestation) 8 PUFs: Myth, Fact or Busted? CHES 2012
• No secure memory required Cryptographic secret derived from the PUF response when needed • Intrinsic protection against invasive hardware attacks Physical modifications of the (PUF) circuit assumed to change device fingerprint 9 PUFs: Myth, Fact or Busted? CHES 2012
Gap between PUF implementations and PUF models in the literature • Often idealized / not all properties of PUF implementations reflected • Include security parameters that cannot be determined in practice Existing analysis results of PUF implementations difficult to compare • Varying test conditions (different technologies, test cases) • Different analysis methods (theoretical, empirical, different metrics) • Unavailability of test data sets 10 PUFs: Myth, Fact or Busted? CHES 2012
11 PUFs: Myth, Fact or Busted? CHES 2012
• First large scale evaluation of real PUF implementations in ASIC 96 ASICs with multiple instantiations of most common PUF types • PUF evaluation framework for the most important PUF properties Empirical assessment of the robustness and unpredictability property 12 PUFs: Myth, Fact or Busted? CHES 2012
Noise: Emulation Attacks: Varying operating conditions Some PUFs can be emulated in software affect PUF response if large number of challenge/response pairs are known Power Corrected Challenge 𝑦 Response 𝑧 Response 𝑠 Fingerprint 𝑔 Error Crypto PUF Correction Algorithm Fundamental questions: • How big is the impact of noise? • How unpredictable are PUF responses when other responses are known? 13 PUFs: Myth, Fact or Busted? CHES 2012
www.unique-project.eu UNIQUE ASIC • 96 ASICs manufactured in TSMC 65 nm CMOS multi-project wafer run • Includes 5 most common intrinsic PUFs (see table) and noise generator • PUFs designed by our partners Intrinsic ID and KU Leuven in UNIQUE project PUF Class PUF Type No. of PUF instances per ASIC Delay-based Arbiter 256 Ring Oscillator 16 Memory-based SRAM 4 (8 kB each) Flip-flop 4 (1 kB each) Latch 4 (1 kB each) Test setup • ASIC test board of Sirrix AG • Xilinx Virtex 5 FPGA • PC / Matlab (not shown) 14 PUFs: Myth, Fact or Busted? CHES 2012
15 PUFs: Myth, Fact or Busted? CHES 2012
16 PUFs: Myth, Fact or Busted? CHES 2012
Common metric for robustness: bit error rate (BER) Nominal operating conditions (25°C, nominal supply voltage, noise generator off) Bit error rate (BER): Number of bits that Fixed test 𝑍 0 challenge set 𝑌 are different in 𝑍 0 and 𝑍 𝐹 • Full challenge space of memory PUFs • Random subset of the exponential Test case challenge space of (-40°C to +85°C, 10% supply voltage, noise core on/off) the Arbiter PUF 𝑍 𝐹 17 PUFs: Myth, Fact or Busted? CHES 2012
PUF-Type Average Bit Error Rate Test Cases (over all test cases) • Temperature: -40°C to +85°C SRAM < 7% • Supply Voltage: ±10% VDD Ring oscillator < 6% • Noise core: On/Off Arbiter < 6% Flip-Flop and < 15% BER Latch (impractical in some applications) 18 PUFs: Myth, Fact or Busted? CHES 2012
Arbiter PUF, Ring See paper for Nominal Voltage (1.2V) 1.32V Oscillator (RO) and graphs of other Latch PUF sensitive test cases. to supply voltage variations Flip-Flop (DFF) and SRAM PUF not affected by supply voltage variations 19 PUFs: Myth, Fact or Busted? CHES 2012
20 PUFs: Myth, Fact or Busted? CHES 2012
21 PUFs: Myth, Fact or Busted? CHES 2012
We use Shannon entropy as metric for unpredictability Test case (-40°C to +85°C, 10% supply voltage, noise core on/off) Fixed test 𝑍 𝐹 Entropy estimation challenge set 𝑌 We are interested in the average uncertainty in a response 𝑍(𝑦) We are interested in the average uncertainty in a response 𝑍(𝑦) in case all other responses 𝑋 in case all other responses 𝑋 𝑦 are known. 𝑦 are known. That is, we are interested in the conditional entropy: 𝑰 𝑍 𝑋 = − 𝑄𝑠 𝑍 𝑦 , 𝑋 ⋅ log 2 𝑄𝑠 𝑍 𝑦 |𝑋 𝑦 𝑦 𝑦∈𝑌 SRAM-PUF Computationally infeasible to determine the underlying probability distributions 22 PUFs: Myth, Fact or Busted? CHES 2012
Observation: • Typical electronic PUF structure: Array of electronic components (memory cells, ring oscillators, switch blocks) • Common assumption: Distant components do not significantly affect each other ⇒ Entropy estimation only considers responses from neighboring components Hence, we estimate 𝑰 𝑍 𝑋 with: 𝑰 𝑍 𝑋′ = − 𝑄𝑠 𝑍 𝑦 , 𝑋 𝑦 ′ ⋅ log 2 𝑄𝑠 𝑍 𝑦 |𝑋 𝑦 ′ 𝑦∈𝑌 Further, we estimate the corresponding conditional min-entropy: 𝑰 ∞ 𝑍 𝑋′ = − log 2 max 𝑦∈𝑌 𝑄𝑠 𝑍 𝑦 |𝑋 𝑦 ′ SRAM-PUF Similar assumptions hold for Flip-Flop, Latch, Ring Oscillator and Arbiter PUFs 23 PUFs: Myth, Fact or Busted? CHES 2012
PUF-Type Unpredictability Test Cases SRAM Entropy and min-entropy > 80% • Temperature: -40°C to +85°C (almost ideal) • Supply Voltage: ±10% VDD Ring Entropy ≈75%; min-entropy < 2% oscillator (too low for some applications) • Noise core: On/Off Arbiter Entropy and min-entropy < 1% (far too low; model building possible) Flip-Flop Strongly dependent on temperature and Latch (may enable attacks) 24 PUFs: Myth, Fact or Busted? CHES 2012
We presented • First large-scale evaluation of real PUF implementations in ASIC • PUF evaluation framework for the robustness and unpredictability properties Current and future work • Extension of the evaluation framework www.unique-project.eu • More test cases (e.g., aging tests) • Other PUF properties (e.g., tamper-evidence, unclonability) • Analysis of other PUF types 25 PUFs: Myth, Fact or Busted? CHES 2012
www.unique-project.eu
Recommend
More recommend
