Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas.

Published byAshlynn McCracken Modified over 9 years ago

Similar presentations

Presentation on theme: "1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas."— Presentation transcript:

1 1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas Chen, Anup Jadhav

2 2 U NIVERSITY OF M ICHIGAN Outline  Motivation & Security Challenges  Problem & Previous Approaches  Physical Unclonable Functions (PUF)  PUF-based Key Generation Using Pattern Matching  Results  Conclusion  References

3 3 U NIVERSITY OF M ICHIGAN Motivation  Secure computing  Devices are becoming:  Distributed  Unsupervised  Physically exposed  Prone to physical tampering  Need protection at the hardware level

4 4 U NIVERSITY OF M ICHIGAN Problem & Previous Approaches  Making a device tamper proof is difficult and expensive  IBM 4758 cryptographic coprocessor ($3000)  Battery powered sensors  Anti-tamper package  Attackers can  Extract keys from NVM while processor is off  Depackage,etch, and polish down to poly to read off fuse bits ROMFusesFlashAnti-fuses

5 5 U NIVERSITY OF M ICHIGAN Physical Unclonable Function (PUF)  Silicon “fingerprint”  Unique per instance  Reproducible/repeatable  Usefulness  Random key generation  Low-cost key “storage”  Tamper resistant  Extract keys from complex physical system Variability Sensitive Circuit Challenge Response C R1R1 R2R2 R3R3 !=

6 6 U NIVERSITY OF M ICHIGAN PUF-based Key Generation  Use PUF to generate fixed size of secret bits  Can use as symmetric key bits or seed for asymmetric key  But…  Some bits may be “noisy”- need error correction  Need to use helper data/syndrome to correct PUFKey Generator ResponseKey … D C Q C0C0 C1C1 C2C2 CnCn Arbiter Path-swapping switch

7 7 U NIVERSITY OF M ICHIGAN Reproducibility  Intra-distance metric (use fractional Hamming distance)  Ideally HD intra =0  Mean intra-distance varies with voltage, temperature  Can reduce unstable bits by:  pre/post selection, temporal majority voting, compensation, etc.  Typically >5%, <20% over region of operation (before corr.) PUF A 10110110 00101000 11110010 10111000 Stored PUF A response 10110110 00101010 10110010 10111000 2 bits -> 6.25% 10110110 00101000 11110010 10111000

8 8 U NIVERSITY OF M ICHIGAN Uniqueness  Inter-distance metric  Use fractional Hamming distance  Ideally, HD inter of 50% -> no correlation between chips PUF A 10110110 00101000 11110010 10111000 PUF B 10110110 00101000 11110010 10111000 11101100 01101011 11000111 01101010 15 bits -> 46.875%

9 9 U NIVERSITY OF M ICHIGAN Error Correction & Entropy  Key must be 100% reproducible (HD intra =0)  Often use BCH codes  Increase reproducibility  But helper data leaks information, reduces unpredictability  Need bigger response then compress  Extracted key length <= Total accumulated entropy 10110110 00101000 11110010 10111000 Correction 10110110 00101010 10110010 10111000 10010110 1 1 0 0 Helper Data

10 10 U NIVERSITY OF M ICHIGAN Pattern Matching Key Generator(PMKG) Architecture

11 11 U NIVERSITY OF M ICHIGAN Key Generation Scheme  Major Difference  Instead of making challenge public, make response public  Provisioning and Regeneration  Happens over a number of rounds  Regeneration  Involves matching the patterns provisioned to recreate key

12 12 U NIVERSITY OF M ICHIGAN Pattern Matching  Provisioning  In each round select an index I  Starting at that index store a pattern of length W  Regeneration  Match against known patterns to obtain index 1110100110 10 bits Index=sub-key PUF generated bit stream: XX710 Pattern Storage 011 000 101

13 13 U NIVERSITY OF M ICHIGAN Key Generator Architecture

14 14 U NIVERSITY OF M ICHIGAN Security  Public helper data does not leak information about key  Index based key  Key mixer  Post process key bits  LFSR forking  Fork the next round of challenge generator based on key index  Fixed number of comparisons against helper patterns

15 15 U NIVERSITY OF M ICHIGAN Key Generation Parameters

16 16 U NIVERSITY OF M ICHIGAN Intra-distance and Inter-distance

17 17 U NIVERSITY OF M ICHIGAN Matching threshold and FAR,FRR  Tolerance match detector  Causes false positives and false negatives  Requires appropriate matching threshold  Requires sufficiently wide pattern  Otherwise use error correction scheme  For small pattern, additional logic required to prevent collision

18 18 U NIVERSITY OF M ICHIGAN False Negatives and False Positives

19 19 U NIVERSITY OF M ICHIGAN Trials Required For Key Regeneration

20 20 U NIVERSITY OF M ICHIGAN Conclusion  Main contribution  Expose PUF response, keep challenge hidden  Key regeneration via pattern matching  Key bits are not directly stored  Subkeys are indices of PUF responses  Avoid heavy error correction logic  But need to choose good threshold and pattern width  False positives, false negatives

21 21 U NIVERSITY OF M ICHIGAN Questions & Discussion Points  Is there enough process variation to identify between ICs?  Is setting a threshold a good enough approach?  Is the arbiter PUF a good choice?

22 22 U NIVERSITY OF M ICHIGAN References  [1] Paral, Z., and Srinivas Devadas. "Reliable and efficient PUF-based key generation using pattern matching." Hardware-Oriented Security and Trust (HOST), 2011 IEEE International Symposium on. IEEE, 2011.

Download ppt "1 U NIVERSITY OF M ICHIGAN Reliable and Efficient PUF- Based Key Generation Using Pattern Matching Srini Devadas and Zdenek Paral (MIT), HOST 2011 Thomas."

Similar presentations

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.

1+eps-Approximate Sparse Recovery Eric Price MIT David Woodruff IBM Almaden.
Trusted Design In FPGAs

Trusted Design In FPGAs
10/14/2005Caltech1 Reliable State Machines Dr. Gary R Burke California Institute of Technology Jet Propulsion Laboratory.

10/14/2005Caltech1 Reliable State Machines Dr. Gary R Burke California Institute of Technology Jet Propulsion Laboratory.
Biometry and Security: Secure Biometric Authentication for Weak Computational Devices Author: Zelenevskiy Vladimir Based on the research by M.J. Atallah.

Biometry and Security: Secure Biometric Authentication for Weak Computational Devices Author: Zelenevskiy Vladimir Based on the research by M.J. Atallah.
International Symposium on Low Power Electronics and Design Low-Power Sub-Threshold Design of Secure Physical Unclonable Functions 1 Lang Lin, 2 Dan Holcomb,

International Symposium on Low Power Electronics and Design Low-Power Sub-Threshold Design of Secure Physical Unclonable Functions 1 Lang Lin, 2 Dan Holcomb,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks Authors: Krishna K. Venkatasubramanian, Ayan Banerjee, Sandeep K.S. Gupta Presenter:Francis.

PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks Authors: Krishna K. Venkatasubramanian, Ayan Banerjee, Sandeep K.S. Gupta Presenter:Francis.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.

Hardware Cryptographic Coprocessor Peter R. Wihl Security in Software.
Physical Unclonable Functions

Physical Unclonable Functions
Fuzzy Stuff 6.857 Lecture 24, 2006. Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.

Fuzzy Stuff Lecture 24, Outline Motivation: Biometric Architectures Motivation: Biometric Architectures New Tool (for us): Error Correcting.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. O’Donnell, Ishan Sachdev,

1 Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. O’Donnell, Ishan Sachdev,
Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.

Slender PUF Protocol Authentication by Substring Matching M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas* International Workshop on.
Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu

Daniel E. Holcomb, Wayne P. Burleson and Kevin Fu
Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.

Nurbek Saparkhojayev and Dale R. Thompson, Ph.D., P.E. Computer Science and Computer Engineering Dept. University of Arkansas Matching Electronic Fingerprints.
Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.

Randomized Radon Transforms for Biometric Authentication via Fingerprint Hashing 2007 ACM Digital Rights Management Workshop Alexandria, VA (USA) October.
Fuzzy extractor based on universal hashes

Fuzzy extractor based on universal hashes
Limin Liu, Member, IEEE Zhen Li, Member, IEEE Edward J. Delp, Fellow, IEEE CSVT 2009.

Limin Liu, Member, IEEE Zhen Li, Member, IEEE Edward J. Delp, Fellow, IEEE CSVT 2009.

Similar presentations

Ads by Google