physical ly unclonable functions
play

Physical(ly) Unclonable Functions An introduction to Intrinsic PUFs - PDF document

Apr 02, 2023 •166 likes •352 views

Physical(ly) Unclonable Functions An introduction to Intrinsic PUFs Ingrid Verbauwhede Slide courtesy: Roel Maes COSIC K.U.Leuven Supported by: IWT and Introduction Goal of this talk try to answer the question: What is a PUF?

  1. Physical(ly) Unclonable Functions An introduction to Intrinsic PUFs Ingrid Verbauwhede Slide courtesy: Roel Maes COSIC – K.U.Leuven Supported by: IWT and Introduction Goal of this talk � try to answer the question: � What is a PUF? � What is it usage? � Can we use it as an unclonable device identifier? � P.U.F.? P.U.F. � Physical Unclonable Function � a physical function which is unclonable in every sense P.U.F. � Physical ly Unclonable Function � a function which is unclonable in a physical sense ECRYPT, ALBENA, MAY 2011 2 1

  2. Introduction (cont.) � Need for unique identification of devices or goods Example: RFID tags � Secure storage of a key bit string (non volatile memory, battery � backed up SRAM, fuses, etc.) � Problem: personalization step during fabrication Expensive, extra processing steps � Post-processing e.g. by blowing fuses � � Idea: use physical uniqueness of devices � Idea: use CMOS process variations for this Threshold voltage � Oxide thickness � Metal line shapes � ECRYPT, ALBENA, MAY 2011 3 Functional description of PUF � For use in crypto applications � PUF = (physical) function which is physically unclonable Challenge Response PUF � Very hard (“impossible”) to produce two PUFs with similar challenge-response behavior � Easy to construct and evaluate a random PUF ECRYPT, ALBENA, MAY 2011 4 2

  3. Basic properties of PUF Minimum requirements: � For two random PUFs, difference between expected responses to same challenge, should be large = manufacturing variability is ‘large’ � For single random PUF, difference between two measured responses to same challenge, should be small = noise, aging, temperature effects,… are limited � For single random PUF, uncertainty about response to challenge is large, when one does not have access to this PUF instance = unpredictability is large ECRYPT, ALBENA, MAY 2011 5 Intrinsic PUFs � Use inherent manufacturing variability present in CMOS fabrication � Keep measured PUF responses inside chip Useful for secure key storage! Requirements: � PUF + measurement circuit + post-processing inside chip � Standard processing, no extra processing steps ECRYPT, ALBENA, MAY 2011 6 3

  4. MOS Transistor � Gate voltage below “threshold” - No current (there is subthreshold current) � Gate voltage above “threshold” - current can flow � Threshold = f(doping concentration) ECRYPT, ALBENA, MAY 2011 7 Delay of gate � Time to charge or discharge capacitances at output � Delay t = C x � V / I � I = f (Cox, (V GS - V Th )) 0-1 � Process variations: transition Oxide thickness � Threshold voltage � Capacitance � ECRYPT, ALBENA, MAY 2011 8 4

  5. Outline � Introduction � A few examples of Intrinsic PUFs � PUF properties � PUF applications � Conclusion ECRYPT, ALBENA, MAY 2011 9 First example: Arbiter PUF Delay based intrinsic PUF 5

  6. Arbiter PUF: basic operation � Initial design [Lee et al, MIT 2004] switch block: e.g. two muxes � arbiter: e.g. a latch or a flip-flop � n switch blocks � 2 n “different” delays � Challenge 0 1 0 0 1 1 Response Arbiter 0/1 Switch Block 11 ECRYPT, ALBENA, MAY 2011 Arbiter PUF: experiments [Lee04] � Results: [L04] 10000 CRPs from 37 ASICs � 64-stage arbiter PUF � μ inter = 23% μ intra � 0.7% μ intra � 3.47% (voltage variation) μ intra � 4.82% (temperature variation) [Lee04] Results on FPGA [Lee at al 04] : μ inter = 1.05%, μ intra = 0.3% � 12 ECRYPT, ALBENA, MAY 2011 6

  7. Arbiter PUF: analysis � delay � additive ! leads to model-building attack (linear programming) � also machine-learning techniques (Artificial Neural Networks, Support Vector � Machines, …) � Attack results: ASIC : 3.55% prediction error with SVM trained with 5000 CRPs ( < μ intra !!! ) � FPGA : 0.6% prediction error with perceptron trained with 90000 CRPs � � Extensions [Ozturk et al 2008] tri-state buffer based delay circuit � comparable to switch-based � Simulation : prediction error < 3% for linear programming on 4000 CRPs � � Conclusion : (Improved) arbiter PUFs can be accurately modelled (= “cloned”) from polynomial # known CRPs ECRYPT, ALBENA, MAY 2011 13 Second example: Ring Oscillator PUF Delay based Intrinsic PUF 7

  8. Ring Oscillator PUF: basic operation � Initial design [Gassend et al 2003] Challenge Edge Counter Response ~ f Delay ++ detector f f A � Compensation Response ÷ r = f A / f B To eliminate (scaling) f B � environmental influence � One-bit compensation f A � Response [Suh 2007] 0 if f A < f B f B 1 if f A � f B To avoid costly division � 15 ECRYPT, ALBENA, MAY 2011 Ring Oscillator PUF: experiments � Results [Suh2007]: measurements on 15 FPGAs, 1024 � loops/FPGA and 1 out of 8 masking μ inter = 46.15% μ intra = 0.48% (with temp./volt. var.) 16 ECRYPT, ALBENA, MAY 2011 8

  9. Ring Oscillator PUF: analysis � Modelling attacks? � same as arbiter PUFs for basic design � not for fixed delay circuit as in [Suh 2007] � but much less challenges! [N/2 < #challenges < log 2 (N!)] � inefficient area use ECRYPT, ALBENA, MAY 2011 17 SRAM PUF Memory based Intrinsic PUF 9

  10. SRAM PUF: basic operation � SRAM cell: (6T-CMOS) Q Q Q Q 0 1 � Which state right after power-up? 1 0 depends on physical mismatch between M 2 and M 4 � power-up state = � 2 possible stable states measure for manufacturing variability � 1-bit storage ECRYPT, ALBENA, MAY 2011 19 SRAM PUF: basic operation � SRAM PUF challenge = SRAM address � response = power-up state of addressed cell(s) � power-up state: � Guajardo et al 2007 Q Q Q = 0 SRAM on FPGA � Q Q Q = 1 � Holcomb et al 2007 COTS SRAM � SRAM on embedded micro-controller � ECRYPT, ALBENA, MAY 2011 20 10

  11. SRAM PUF: experiments � Results [Guarjado et al CHES 2007] measurements on FPGA, 8190 bytes from different SRAM blocks � � intra = 3.57% , � intra = 0.13% � inter = 49.97% , � inter = 0.3% � ECRYPT, ALBENA, MAY 2011 21 SRAM PUF: experiments � Results [Holcomb, Burleson, Fu 2009] measurements on two types of devices � COTS SRAM chip: 5120 64-bit blocks on 8 ICs � Embedded SRAM in � C: 15 64-bit blocks on 3 ICs � μ inter = 43.16% μ inter = 49.34% μ intra = 3.8% μ intra = 6.5% SRAM chip Embedded SRAM ECRYPT, ALBENA, MAY 2011 22 11

  12. Outline � Introduction � Examples of Intrinsic PUFs � PUF properties � PUF applications � Conclusion ECRYPT, ALBENA, MAY 2011 23 Quick overview � Evaluatable: y = PUF (x) is easy � Unique: PUF(x) contains some unique information � Reproducible: PUF() has only small error � Unclonable: hard to make PUF’(x) given PUF(x) � Unpredictable: hard to find y N =PUF(x N ) given other x, y pairs � One-way: given y and PUF(), cannot find x � Tamper evident: tampering changes PUF() ECRYPT, ALBENA, MAY 2011 24 12

Recommend

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical Unclonable Functions and Applications: A Tutorial http://ieeexplore.ieee.org/document/6823677/ Edge Devices 1000s of them expected to be deployed Low

1.94k views • 90 slides
Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical

Hardware Security Chester Rebeiro IIT Madras 1 Physically Unclonable Functions Physical Unclonable Func1ons and Applica1ons: A Tutorial h8p://ieeexplore.ieee.org/document/6823677/ Edge Devices 1000s of them expected to be deployed Low power

1.06k views • 71 slides
HOST Physical Unclonable Functions I ECE 525 Introduction We discussed the basic tenets of

HOST Physical Unclonable Functions I ECE 525 Introduction We discussed the basic tenets of

HOST Physical Unclonable Functions I ECE 525 Introduction We discussed the basic tenets of information security, including confidentiality, data integrity, authentication and non-repudiation Algorithms have been developed that provide these

694 views • 30 slides
HOST Physical Unclonable Functions II ECE 525 Weak PUF vs Strong PUF The distinction is rooted

HOST Physical Unclonable Functions II ECE 525 Weak PUF vs Strong PUF The distinction is rooted

HOST Physical Unclonable Functions II ECE 525 Weak PUF vs Strong PUF The distinction is rooted in the security properties of their challenge-response pairs One definition of a Strong PUF : Even after giving a adversary access to the PUF instance

446 views • 33 slides
New Insights to Key Derivation for Tamper-Evident Physical Unclonable Functions (PUFs) Vincent

New Insights to Key Derivation for Tamper-Evident Physical Unclonable Functions (PUFs) Vincent

New Insights to Key Derivation for Tamper-Evident Physical Unclonable Functions (PUFs) Vincent Immler, Karthik Uppund Conference on Cryptographic Hardware and Embedded Systems, Atlanta, Aug 26, 2019 PUF in a Nutshell: Biometrics of Objects PUF

403 views • 21 slides
Error Correction for Physical Unclonable Functions Using Generalized Concatenated Codes uelich

Error Correction for Physical Unclonable Functions Using Generalized Concatenated Codes uelich

Ulm University Communications Engineering Error Correction for Physical Unclonable Functions Using Generalized Concatenated Codes uelich , Sven Puchinger , Martin Bossert , Sven M Matthias Hiller , Georg Sigl Institute

372 views • 12 slides
Algebraic Security Analysis of Key Generation with Physical Unclonable Functions Matthias Hiller 1

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions Matthias Hiller 1

Algebraic Security Analysis of Key Generation with Physical Unclonable Functions Matthias Hiller 1 , Michael Pehl 1 , Gerhard Kramer 2 and Georg Sigl 1,3 1 Chair of Security in Information Technology 2 Chair of Communications Engineering 2

963 views • 19 slides
A Data Remanence based Approach to Generate 100% Stable Keys from an SRAM Physical Unclonable

A Data Remanence based Approach to Generate 100% Stable Keys from an SRAM Physical Unclonable

A Data Remanence based Approach to Generate 100% Stable Keys from an SRAM Physical Unclonable Function Muqing Liu, Chen Zhou, Qianying Tang, Keshab K. Parhi and Chris H. Kim University of Minnesota, Twin Cities liux3300@umn.edu International

494 views • 28 slides
Challenge Codes for Physically Unclonable Functions (PUFs) A Maximum Entropy Problem Alexander

Challenge Codes for Physically Unclonable Functions (PUFs) A Maximum Entropy Problem Alexander

Challenge Codes for Physically Unclonable Functions (PUFs) A Maximum Entropy Problem Alexander Schaub a , Olivier Rioul ab , Joseph Boutros c , Jean-Luc Danger ad &amp; Sylvain Guilley ad a LTCI, Tlcom ParisTech, Paris-Saclay Univ. b CMAP ,

693 views • 26 slides
LRR-DPUF: Learning Resilient and Reliable Digital Physical Unclonable Function Jin Miao 1 Meng Li

LRR-DPUF: Learning Resilient and Reliable Digital Physical Unclonable Function Jin Miao 1 Meng Li

LRR-DPUF: Learning Resilient and Reliable Digital Physical Unclonable Function Jin Miao 1 Meng Li 2 Subhendu Roy 1 Bei Yu 3 1 Cadence Design Systems 2 University of Texas at Austin 3 The Chinese University of Hong Kong 1 / 26 Outline

400 views • 26 slides
Analysis of the Strict Avalanche Criterion in variants of Arbiter-based Physically Unclonable

Analysis of the Strict Avalanche Criterion in variants of Arbiter-based Physically Unclonable

Analysis of the Strict Avalanche Criterion in variants of Arbiter-based Physically Unclonable Functions Akhilesh Anilkumar Siddhanti 1 , Srinivasu Bodapati 2 , Anupam Chattopadhyay 3 , Subhamoy Maitra 4 , Dibyendu Roy 5 and Pantelimon St a 6

678 views • 25 slides
Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der

Helper data schemes for privacy-preserving biometrics Boris kori TU Eindhoven van der Meulen seminar Leuven, December 2011 1 Outline Security with noisy data - biometrics &amp; privacy - Physical Unclonable Functions (PUFs)

828 views • 39 slides
Calculus 3 Differentiation and Integration of Functions of Many Variables for Physical Sciences

Calculus 3 Differentiation and Integration of Functions of Many Variables for Physical Sciences

Calculus 3 Differentiation and Integration of Functions of Many Variables for Physical Sciences and Engineering Hu` ynh Qang V u Faculty of Mathematics and Computer Science, University of Science, Ho Chi Minh City 05/2014 Vector functions

974 views • 85 slides
Physical Layer (Part 2) Srinidhi Varadarajan Fourier Series Even and Odd functions: Even

Physical Layer (Part 2) Srinidhi Varadarajan Fourier Series Even and Odd functions: Even

Physical Layer (Part 2) Srinidhi Varadarajan Fourier Series Even and Odd functions: Even functions mirror around the Y-axis (cos ) Odd functions invert around the Y axis (sin ) A Fourier series expresses a time-domain

559 views • 12 slides
Formal Design of Composite Physically Unclonable Function Durga Prasad Sahoo Debdeep

Formal Design of Composite Physically Unclonable Function Durga Prasad Sahoo Debdeep

Formal Design of Composite Physically Unclonable Function Durga Prasad Sahoo Debdeep Mukhopadhyay Rajat Subhra Chakraborty Computer Science and Engineering Indian Institute of Technology, Kharagpur, India Workshop on Security Proofs for

783 views • 21 slides
More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions

More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions

More on Functions Thomas Schwarz, SJ Marquette University Functions of Functions Functions are full-fledged objects in Python This means you can pass functions as parameters Example: Calculate the average of the values of a function at

332 views • 12 slides
The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in obvious ways, add, subtract, multiply and divide these functions. For example, the function f + g is defined simply by Elementary Functions ( f + g )(

404 views • 5 slides
PHYSICAL FUNCTIONS : THE COMMON FACTOR OF SIDE-CHANNEL AND FAULT ATTACKS ? Proofs 2014, Busan,

PHYSICAL FUNCTIONS : THE COMMON FACTOR OF SIDE-CHANNEL AND FAULT ATTACKS ? Proofs 2014, Busan,

PHYSICAL FUNCTIONS : THE COMMON FACTOR OF SIDE-CHANNEL AND FAULT ATTACKS ? Proofs 2014, Busan, Korea Bruno Robisson, Hlne Le Bouder Secure Architecture and Systems Laboratory Joint team between CEA and Ecole des Mines de Saint-Etienne

883 views • 28 slides
Appetitive augmental functions and common physical properties in metaphor effect: An extended

Appetitive augmental functions and common physical properties in metaphor effect: An extended

Appetitive augmental functions and common physical properties in metaphor effect: An extended replication Rosina Pendrous, Lee Hulbert-Williams, Kevin Hochard, &amp; Nick Hulbert-Williams Contextual Behavioural Science Lab, University of Chester

176 views • 5 slides
Why Invariant Functions . . . Clayton &amp; Gumbel Copulas: Not All Physical . . . Why Scalings

Why Invariant Functions . . . Clayton &amp; Gumbel Copulas: Not All Physical . . . Why Scalings

Copulas Are Needed Most Efficient . . . Why Clayton and . . . Why Symmetries Why Invariant Functions . . . Clayton &amp; Gumbel Copulas: Not All Physical . . . Why Scalings Can Be . . . A Symmetry-Based Answer to the Main . . . Answer to

168 views • 16 slides
Properties of (functions may return functions) Functions may be passed as parameter

Properties of (functions may return functions) Functions may be passed as parameter

Functions as first class citizens Function may be a value of an expression Properties of (functions may return functions) Functions may be passed as parameter functional Functions may be stored in data structures languages

306 views • 11 slides
Post-processing functions for a biased physical random number generator Patrick Lacharme

Post-processing functions for a biased physical random number generator Patrick Lacharme

Overview Statistical model Linear corrector Non linear corrector Systematic construction Conclusion Post-processing functions for a biased physical random number generator Patrick Lacharme Universit de Toulon, Institut de Mathmatique

282 views • 27 slides
Functions Declarations vs Definitions Inline Functions Class Member functions

Functions Declarations vs Definitions Inline Functions Class Member functions

2/21/2017 Functions in C++ Functions Declarations vs Definitions Inline Functions Class Member functions Overloaded Functions For : COP 3330. Pointers to functions Object oriented Programming (Using C++) Recursive

184 views • 6 slides
Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions

Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions

Functions How to make the person run? (See: runForest.cpp) Functions You can also use functions that return bool types in an if statement or loop This is commonly used if you have complex logic as it is normally easier to write a function

260 views • 10 slides

More recommend