2. Outline  Introduction  Related Work  PUF-Based Tag Identification Algorithm  PUF-Based MAC Protocols  PUF Vs. Digital Hash Functions  Building PUFs  Conclusion

3. Purpose  What problem are we solving?  Privacy and Security in RFID Systems  Current cryptographic solutions are too expensive  Privacy-preserving tag identification  Secure message authentication codes  Comparisons  Directions for future research

4.  What is RFID?   In general  uses radio signals for identity verification  Low-cost  Analogous to sensor networks  PICTURE  What is a PUF?  Remember “not easy to find random generator”?? A Familiar Subject…

5. Physically Unclonable Functions  “Random number function that can only be evaluated by a specific instance of the underlying hardware”  Hardware based function  Easy evaluation  Hard characterization  Reliable and unpredictable  What makes it unclonable?

6. Unclonability  Physical  Inherent random components  Wire/gate delays, manufacturing variations  Hard to define  Even with identical hardware  Challenges mapped to responses = Unpredictable  Mathematical  Hard to compute responses given exact parameters/CRPs  Response = Complex interactions of random components  Modeling with known random values  Oodles of computational effort  Combination of the two = extremely unclonable

7. Related Work  Physical one-Way Functions [16]  Origination – optical PUFs  Controlled Physical Random Functions [7] & Extracting Secret Keys From Integrated Circuits [12]  Silicon prototype  Reliable, can tolerate varying environmental conditions  Variability  PUF circuits across multiple chips  Accurate model difficult (w/polynomially-many i/o pairs)  RFID-Tags for Anti-Counterfeiting [17]  Off-line reader authentication algorithm based on PUFs using public key cryptography  Still too much for low-cost RFID tags

8. More Related Work  Security and Privacy: Modest Proposals for Low-Cost RFID Systems [15]  Identification/authentication algo based on Silicon Physical Random Functions [8]  No state maintenance/random responses = easy tracking  No access control = easy identification by adversaries  Abundant challenges  more ID time/power consumption  Therefore  Only use challenge-response algos for authentication  Send ID to reader first  less communication & query more challenges  Tag tracking still possible

9. Assumptions  Cannot recover PUF model given polynomial # of i/o pairs  τ is constant and independent of the # of identical responses from other tags  Hardware tampering = new function  Secure against side-channel attacks  Random function

10. PUF-Based Tag Identification Algorithm  Single-use 1-step identification algo to maintain privacy in face of passive adversaries  Pseudonyms and one-time-pads  Privacy-preserving

11. Other Tag ID Algorithms  “Minimalist” approach  Uses readers to generate pseudonyms  Using PUFs requires fewer updates  Hash-chains  Tags must compute 2 expensive cryptographic hash functions  PUF = only 1

12. Authors’ Tag ID Algorithm  Interrogation by reader  response with ID from tag  tag updates ID with p(ID)  Back-end keeps list of ID values i.e.  Pseudonyms exhausted  new seed ID  Multiple executions and Parallel PUFs  Why? ID Request Database ID 1, p(ID 1 ), p 2 (ID 1 ), …, p k (ID 1 )... ID n, p n (ID n ), p n 2 (ID n ), …, p n k (ID n ) p(ID) ID

13. Multiple Executions & Parallel PUFs  Reason  increase reliability of output  Parallel PUFs  each produces sub-signature  Sub-signatures contain n PUF compositions  Early invalid results reflect heavily on later compositions  PUF is run several times for each input in each sub-signature  Number of valid sub-signatures must be above a threshold

14. Multiple Executions  Averages values for greater reliability  R  Reliability of last value where:  μ =.02  probability of unreliable value  k = 100  compositions  N  executions at each stage  For 1 execution, R =.49  For 5 executions, R =.992268

15. Parallel PUFs  Tuple response, any one accepted, also increases reliability  S  Successful consecutive identifications where:  q  tuple size  For q = 2, S ≈ 73  For q = 3, S ≈ 90  More PUFs = few gates  One PUF can simulate many  Combination possible

16. Tag ID Specific Assumptions and Requirements  No DOS attacks (only passive)  ID not overwritable by adversary w/o altering PUF circuits  Back-end must contain significantly more i/o values than # of tags  PUF must be able to produce many unique IDs  Tags should not yield same outputs  If ID repeats, new ID is sent along with power to perform write operations

17. Adversarial Model  Observe reader communication with multiple tags, single out two of them  Randomly select one and runs ID algo  Adversary is successful if they can determine which tag was selected with much greater accuracy than ½ (better than guessing)

18. Theorem 3.1  **Given a random oracle assumption for PUFs, and adversary has no advantage in attempting to compromise a tag’s privacy  Proof sketch:  Observe output of two tags  Obtain next output from one  Adversary cannot determine which tag it came from b/c PUF is assumed to be random

19. PUF-Based MAC Protocols  Three-tuple (K, T, V)  K = generation algo  generates key used in T and V  T = tagging algo  takes input message m and outputs signature σ  V = verification algo  verifies signature σ for message m is authentic  Secure if resistant to forgeries  Adversary is successful if they can determine signature from message

20. Other MAC Protocols  Various implementations:  Standard cryptographic hash function  Block cipher  One-time signature scheme  list of secrets that are 0 or 1  Oodles of memory usage  “Minimalistic” approach  Each secret is a single bit  Longer message size and shorter message space

21. Authors’ MAC Protocols  PUF acts like a public key:  PUF computation algo (schematic) is known  Private key (PUF’s i/o behavior) remains unknown  Seller possesses a tag, but cannot predict PUF computations  Resistant to forgery even when verifier is offline  Defense against hardware alterations  Physically locating tag’s verification password storage circuitry under PUF’s circuitry/wires  Multiple executions/Parallel PUFs can be used

22. Comparisons  Vs. tag authentication  Tag signs/authenticates message instead of reader  Signed message is input, output is signature/MAC  Key used to sign is PUF itself  Vs. standard cryptographic MAC algos  Keys are larger  Physical presence of tag required  Cannot sign arbitrary messages  Back-end computation  keeps tag costs down

23. Components of the Protocol  Key Generation  Verifier creates table of values  Occurs before deployment  Can be disabled/passworded  Large key required for verification w/o tag presence  Tagging algo signs message  Verification algo verifies signature

24. Key Generation Algorithm  Input: Message set M; tag/PUF identifiers set P; # of needed signatures k; # of sub-signatures q for each PUF p ∈ P do for i = 1 to |M| do for c = 1 to k · q do Key[p,m i, c] = {c, p c (m i ),..., p (n) c (m i )} end

25. Tagging Algorithm  Input: Message m; # of sub-signatures q  Side effect: c = c + q

26. Verification Algorithm  Input: Key K; PUF p; # of needed signatures k; # of sub-signatures q; allowed number t of incorrect PUF responses; verify that 1 ≤ c ≤ k ∙ q v = 0 for each sub-signature σ c do σ* = K[p, m, c] if σ c agrees with σ* in at least n − t terms then v = v + 1 if v ≥ threshold then accept else reject

27. Large Message Spaces  Signature verification only possible when tag is in range  b/c of size of key  Unique token c (counter)  Substitute for timestamp in passive tags  Natural total ordering  Info leak possible  tells state of tag  Multiple executions  forgery resistance

28. Quantifying Auth. Reliability and Forgery Difficulty  prob v  valid signature detection probability  prob f  forgery non-recognition probability  τ =.4  PUF 1 output = PUF 2 output probability  µ =.02  output deviation probability  n = 30  # of responses  t = 3  # of deviations allowed  prob v =.997107  prob f =.000313  Tweak n and t to get better results if necessary

29. Theorem 4.1  Given a random oracle assumption for PUF p, the probability that an adversary can forge a signature σ for a message m is bounded from above by β.  Proof sketch:  To forge a signature:  Find n distinct numbers r 1,..., r n  Find unused counter value c  Compute correct PUF values p c (r i,m) for at least n – t of them  p is assumed to be random and c was never inputted into p  adversary must rely on the tag(s) in their possession

30. Small Message Spaces  Outputs can be computed ahead of time  Can verify signature w/o tag’s presence  Tokens generated on tag ≠ random  Counters can be used just like large MS

31. Theorem 4.2  Given a random oracle assumption for a PUF p, the probability that an adversary could forge a signature σ for a message m is bounded from above by q · β.  Proof sketch:  Adversary finds next counter value c  PUF is random  accurate modeling not possible  Must use other tags for impersonation  Success of forging a sub-signature  bounded by β  Success of forging whole signature  bounded by q · β

32. Attacks on MAC Protocols - Impersonation  Manufacture tag duplicate  forge signatures  Obtain multiple tags  use responses to impersonate  PUF = random  duplicating or selecting equivalent tag = improbable (“unclonable”)  Tweaking n and t  Raise valid signature detection probability prob v  Lower forgery non-recognition probability prob f  Makes impersonation more improbable originalclone

33. Attacks on MAC Protocols - Modeling  Attempt to model PUF using signature/message pairs  PUFs determined by unreliable factors  modeling is very difficult  Attempt to measure wire delays  This in itself will alter wire delays  Likely disrupt/damage overlying circuitry  Alters functionality of PUF

34. Attacks on MAC Protocols – Side-channel  Attempt to learn secret info using timing and power analyses attacks  PUF-based secrets are difficult to represent correctly in digital form  Therefore hard to model

35. Attacks on MAC Protocols – Hardware Tampering  Attempt to physically probe wires  High risk of altering/destroying PUF’s behavior  Attempt to physically read-off or alter digital key/password  Likely damage overlying wires and alter tag behavior  Detection is possible by precompiling information about tag

36. PUF Vs. Digital Hash Functions  Much less hardware required  Drawbacks to low hardware complexity:  Probabilistic consistency with expected output  Tag copies = similar computational behavior  Back-end must store all challenge/response pairs for each tag MD4 7350 MD5 8400 SHA-256 10868 Yuksel 1701 PUF 545 AES 3400 algorithm # of gates

37. More Comparisons to DHF  Modeling PUF vs. determining key  Difficult to represent accurately in concise form  Difficult to model  random components  More resistant to side-channel attacks/physical tampering  Even with physical measurements, PUF is difficult to duplicate  Reliance upon physical characteristics makes security difficult to guarantee/characterize analytically

38. Building PUFs  First prototype of silicon PUF:  Silicon Physical Random Functions  B. Gassend, D. Clarke, M. van Dijk, and S. Devadas  Oscillating counter circuit used to measure intrinsic delays  Slow counting mechanism  slowed manufacturing process  increased overall cost

39. More Building of PUFs  Delay values for different challenges tend towards Gaussian distribution  Certain challenges should be avoided  Identical/similar outputs even when signals travel different paths  Filtered out of database at creation  Response reliability is low  More computation rounds  Still risking producing noise

40. Avoiding Drawbacks  Use sub-threshold voltage techniques to compare gate polarizations  Fast w/o using oscillating counter  Separates PUF values better and avoids highly skewed distributions of responses  Still preserves reliability/unpredictability  Variable non-linear delays can be added to keep modeling difficult

41. Future Research  Characterization of security of PUFs  Thorough testing of RFID tags with PUFs satisfying current RFID standards  Sub-threshold voltage-based PUFs  Conditional testing  environmental and operational  Behavior testing under varying levels of motion, acceleration, vibration, temperature, noise, etc.  τ and μ should be characterized as functions of operational environment

42. More Future Research  Adaptations for various applications  Multi-tag regimes  Ownership transfer algos  Tree-based identification protocols  PUFs in readers can be used to combat rogue readers

43. Conclusion  Full-fledged cryptographic security mechanisms are too costly for low-cost RFID tags  enter PUF approach  Exponential # of keys  no key distribution problem  Protects from cloning, even with physical access to tags and circuit schematics  Valuable in access control and authenticity verification  MAC protocols require few hardware resources  keeps tag costs down  Comparison to digital counterparts  Possible improvements in PUF design  Outline of future research

44. Questions?

45. GO HOME!!