Physical Unclonable Functions and Applications

Slides:



Advertisements
Similar presentations
Trusted Design In FPGAs
Advertisements

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 SECURE-PARTIAL RECONFIGURATION OF FPGAs MSc.Fisnik KRAJA Computer Engineering Department, Faculty Of Information Technology, Polytechnic University of.
Trusted Design In FPGAs Steve Trimberger Xilinx Research Labs.
1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.
Physical Unclonable Functions
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
1 Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. O’Donnell, Ishan Sachdev,
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.
Fuzzy extractor based on universal hashes
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
Trusted Computing Initiative Beyond trustworthy. Trusted Computing  Five Key Concepts >Endorsement Key >Secure Input and Output >Memory Curtain / Protected.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
Oblivious Transfer based on the McEliece Assumptions
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
1 CIS 5371 Cryptography 9. Data Integrity Techniques.
HumanAUT Secure Human Identification Protocols Adam Bender Avrim Blum Manuel Blum Nick Hopper The ALADDIN Center Carnegie Mellon University.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
David Froot.  How do we transmit information and data, especially over the internet, in a way that is secure and unreadable by anyone but the sender.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···
8. Data Integrity Techniques
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Lecture 19 Page 1 CS 111 Online Symmetric Cryptosystems C = E(K,P) P = D(K,C) E() and D() are not necessarily the same operations.
Trusted Computing BY: Sam Ranjbari Billy J. Garcia.
8-1Network Security Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity, authentication.
A Few Simple Applications to Cryptography Louis Salvail BRICS, Aarhus University.
Security Keys, Signatures, Encryption. Slides by Jyrki Nummenmaa ‘
1 Architectural Support for Copy and Tamper Resistant Software David Lie, Chandu Thekkath, Mark Mitchell, Patrick Lincoln, Dan Boneh, John Mitchell and.
Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.
1 UCR Hardware Security Primitives with focus on PUFs Slide credit: Srini Devedas and others.
CS526: Information Security Prof. Sam Wagstaff September 16, 2003 Cryptography Basics.
Introduction1-1 Data Communications and Computer Networks Chapter 6 CS 3830 Lecture 31 Omar Meqdadi Department of Computer Science and Software Engineering.
Physically Unclonable Function– Based Security and Privacy in RFID Systems Leonid Bolotnyy and Gabriel Robins Dept. of Computer Science University of Virginia.
1 AEGIS: A Single-Chip Secure Processor G. Edward Suh Massachusetts Institute of Technology.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Secure Conjunctive Keyword Search Over Encrypted Data Philippe Golle Jessica Staddon Palo Alto Research Center Brent Waters Princeton University.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Private key
Design of Physically Unclonable Functions Using FPGAs
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.
Attacks on Public Key Encryption Algorithms
Reusable Fuzzy Extractors for Low-Entropy Distributions
Computer Communication & Networks
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
AEGIS: Secure Processor for Certified Execution
Protect Your Hardware from Hacking and Theft
Physical Unclonable Functions and Applications
刘振 上海交通大学 计算机科学与工程系 电信群楼3-509
presented by Fabian Schläfli
Presentation transcript:

Physical Unclonable Functions and Applications Srini Devadas Contributors: Dwaine Clarke, Blaise Gassend, Daihyun Lim, Jaewook Lee, Marten van Dijk

Problem: Storing digital information in a device in a way that is resistant to physical attack is difficult and expensive. IBM 4758 Tamper-proof package containing a secure processor which has a secret key and memory Tens of sensors, resistance, temperature, voltage, etc. Continually battery-powered ~ $3000 for a 99 MHz processor and 128MB of memory

Our Solution: Extract key information from a complex physical system.

Definition Based on a physical system A Physical Random Function or Physical Unclonable Function (PUF) is a function that is: Based on a physical system Easy to evaluate (using the physical system) Its output looks like a random function Unpredictable even for an attacker with physical access

Silicon PUF – Proof of Concept Because of process variations, no two Integrated Circuits are identical Experiments in which identical circuits with identical layouts were placed on different FPGAs show that path delays vary enough across ICs to use them for identification. Challenge Response Combinatorial Circuit

A Candidate Silicon PUF Challenge 1 if top path is faster, else 0 … ARBITER Rising Edge Here’s a simple circuit that is our candidate silicon PUF Even CS guys like A should be able to understand this, even though It’s not written in bluespec. Each challenge creates two paths through the circuit that are excited simultaneously. The digital response is based on a (timing) comparison of the path delays. Path delays in an IC are statistically distributed due to random manufacturing variations.

Distance between Chip X and Y Experiments Fabricated candidate PUF on multiple IC’s, 0.18m TSMC Apply 100 random challenges and observe response 100 bits of response Distance between Chip X and Y responses = 24 bits At 70C measurement noise for chip X = 2 Summarize a year’s worth of work in one slide. Measurement noise for Chip X = 0.5 Can identify individual ICs

Measurement Attacks and Software Attacks Can an adversary create a software clone of a given PUF chip? Distance between Chip X and Y responses = 24 Measurement noise for Chip X = 0.5 At 70C measurement noise for chip X = 2 Summarize a year’s worth of work in one slide.

Measurement Attacks and Software Attacks Can an adversary create a software clone of a given PUF chip? Distance between Chip X and Y responses = 24 “Best” model for Chip X has error = 10 At 70C measurement noise for chip X = 2 Measurement noise for Chip X = 0.5 Summarize a year’s worth of work in one slide. Model-building appears hard even for simple circuits

Physical Attacks Make PUF delays depend on overlaid metal layers and package Invasive attack (e.g., package removal) changes PUF delays and destroys PUF Non-invasive attacks are still possible To find wire delays need to find precise relative timing of transient signals as opposed to looking for 0’s and 1’s Wire delay is not a number but a function of challenge bits and adjacent wire voltages

Using a PUF as an Unclonable Key A Silicon PUF can be used as an unclonable key. The lock has a database of challenge-response pairs. To open the lock, the key has to show that it knows the response to one or more challenges. ? PUF

Private/Public Keys EPublic Key(Secret) Chip If a remote chip stores a private key, Alice can share a secret with the chip since she knows the public key corresponding to the stored private key Encrypt Secret using chip’s public key Only the chip can decrypt Secret using the stored private key EPublic Key(Secret) Decrypt Secret Private Key Chip

Applications Anonymous Computation Software Licensing Alice wants to run computations on Bob’s computer, and wants to make sure that she is getting correct results. A certificate is returned with her results to show that they were correctly executed. Software Licensing Alice wants to sell Bob a program which will only run on Bob’s chip (identified by a PUF). The program is copy-protected so it will not run on any other chip. How can we enable the above applications by trusting only a single-chip processor that contains a silicon PUF?

Sharing a Secret with a Silicon PUF Suppose Alice wishes to share a secret with the silicon PUF She has a challenge response pair that no one else knows, which can authenticate the PUF She asks the PUF for the response to a challenge Anyone can see challenge and ask PUF for the response Anyone can see response if it is not encrypted 1. Challenge, Task PUF Alice 2. Response

Restricting Access to the PUF To prevent the attack, the man in the middle must be prevented from finding out the response. Alice’s program must be able to establish a shared secret with the PUF, the attacker’s program must not be able to get the secret. Combine response with hash of program. The PUF can only be accessed via the GetSecret function: Alice knows the response because she had the challenge-response pair, but the man in the middle doesn’t know response since he can’t predict PUF(challenge). So Alice can compute secret Hash(Program) Secret Hash Challenge PUF Response Add this to PUF

Getting a Challenge-Response Pair Now Alice can use a Challenge-Response pair to generate a shared secret with the PUF equipped device. But Alice can’t get a Challenge-Response pair in the first place since the PUF never releases responses directly. An extra function that can return responses is needed.

Getting a Challenge-Response Pair - 2 Let Alice use a Pre-Challenge. Use program hash to prevent eavesdroppers from using the pre-challenge. The PUF has a GetResponse function Bootstrapping – need to be in direct contact with the PUF. Else if PUF is remote, Alice already has a challenge-response pair, and uses the old response to encrypt the new response. Hash(Program) Hash PUF Challenge Response Pre-Challenge Add this to PUF

Controlled PUF Implementation Hash Hash(Program) Pre-Challenge PUF Challenge Response GetResponse Hash GetSecret Secret Hash(Program)

Challenge-Response Pair Management: Bootstrapping When a CPUF has just been produced, the manufacturer wants to generate a challenge-response pair. Manufacturer provides Pre-challenge and Program. CPUF produces Response. Manufacturer gets Challenge by computing Hash(Hash(Program), PreChallenge). Manufacturer has (Challenge, Response) pair where Challenge, Program, and Hash(Program) are public, but Response is not known to anyone since Pre-challenge is thrown away Manufacturer CPUF

Software Licensing Program (Ecode, Challenge) Secret = GetSecret( Challenge ) Code = Decrypt( Ecode, Secret ) Run Code Ecode has been encrypted with Secret by Manufacturer Hash(Program)

Software Licensing Program (Ecode, Challenge) Secret = GetSecret( Challenge ) Code = Decrypt( Ecode, Secret ) Run Code Ecode has been encrypted with Secret by Manufacturer Secret is known to the manufacturer because he knows Response to Challenge and can compute Secret = Hash(Hash(Program), Response) Hash(Program)

Software Licensing Program (Ecode, Challenge) Secret = GetSecret( Challenge ) Code = Decrypt( Ecode, Secret ) Run Code Ecode has been encrypted with Secret by Manufacturer Secret is known to the manufacturer because he knows Response to Challenge and can compute Secret = Hash(Hash(Program), Response) Adversary cannot determine Secret because he does not know Response or Pre-Challenge If adversary tries a different program, a different secret will be generated because Hash(Program) is different Hash(Program)

Summary PUFs provide secret “key” and CPUFs enable sharing a secret with a hardware device CPUFs are not susceptible to model-building attack if we assume physical attacks cannot discover the PUF response Control protects PUF by obfuscating response, and PUF protects the control from attacks by “covering up” the control logic Shared secrets are volatile Lots of open questions…