Top

Journal of Cryptographic Engineering

Published in:

02-04-2019 | Regular Paper

On the feasibility of deriving cryptographic keys from MEMS sensors

Authors: Oliver Willers, Christopher Huth, Jorge Guajardo, Helmut Seidel, Peter Deutsch

Published in: Journal of Cryptographic Engineering | Issue 1/2020

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

One of the main challenges in the internet of things (IoT) will be to guarantee the security of products and services enabled by it. A fundamental assumption in any cryptosystem is that secret-key material remains securely stored and unknown to attackers. To this end, physical unclonable functions have been proposed to store cryptographic secrets without the need to use non-volatile memory. In this work, we show that microelectromechanical systems (MEMS) sensors, ubiquitous in the IoT, can be used to generate a stable nearly fully entropic bit string that can be used as a secret or private key in a cryptographic algorithm. We provide experimental evidence of the stability of our methods by analyzing data from 468 off-the-shelf 3-axis MEMS gyroscopes subjected to different temperatures in the range typically required for consumer applications and standardized aging tests. The investigations are carried out on module level so that packaging influences are considered. We derive unique fingerprints from the sensors based on their characteristics, and we show that the false rejection rate (FRR) and the false acceptance rate (FAR) are below \(1 \times 10^{-6}\) for all applied test conditions. By adding up the values of FRR and the FAR, the highest probability for an authentication error is \(4.1 \times 10^{-6}\). Furthermore, we extract stable keys from the fingerprints. The extracted key length lies in a range between 27 and 150 bits depending on the applied test conditions and the used entropy estimation method.

previous article How to reveal the secrets of an obscure white-box implementation

next article Deep learning mitigates but does not annihilate the need of aligned traces and a generalized ResNet model for side-channel attacks

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

The error probability is calculated from the Poisson fit of the intra-Hamming distance distribution (\(\lambda = 1.92\)) in [68] using an \([n=63, k=18, t=10]\)-BCH code.

We assume that, for example, an HMAC with SHA-256, provides security \(\varepsilon \approx 2^{256}\) which is reasonable given our knowledge of the state of the art.

It has to be noted that Fig. 2 shows a simplified layer stack meaning that process flows and layer stacks are more complex in practice (see, e.g., [41]).

MEMS sensors are manufactured with the objective of minimal variability. Since the number of bits that can be derived correlates with the extent of the manufacturing variations, an increase in the key length while decreasing the structure size can very likely be achieved by building a dedicated MEMS PUF without sensor functionality, as discussed in [68].

The order of the fingerprints within the entire bit string was varied as well. However, the effect was negligible.

We used algorithms 3 and 4 from [15] which apply to linear codes.

Asokan, N., Brasser, F.F., Ibrahim, A., Sadeghi, A., Schunter, M., Tsudik, G., Wachsmann, C.: SEDA: Scalable embedded device attestation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security—CCS 2015, pp. 964–975 (2015)

Aysu, A., Ghalaty, N.F., Franklin, Z., Yali, M.P., Schaumont, P.: Digital fingerprints for low-cost platforms using MEMS sensors. In: Proceedings of the Workshop on Embedded Systems Security—WESS 2013. ACM (2013)

Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a PUF-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems—CHES, LNCS 2015, vol. 9293, pp. 556–576. Springer, Berlin (2015)CrossRef

Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) Proceedings of the 1st ACM Conference on Computer and Communications Security—CCS 1993, pp. 62–73. ACM (1993)

Boehm, C.: Physical Unclonable Functions in Theory and Practice. Springer, Berlin (2013)CrossRef

Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identification via sensor fingerprinting. CoRR arxiv: abs/1408.1416 (2014)

Bowman, A.W., Azzalini, A.: Applied Smoothing Techniques for Data Analysis. Oxford University Press Inc, New York (1997)MATH

Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.D.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT, 2005, LNCS, vol. 3494, pp. 147–163. Springer, Berlin (2005)CrossRef

Brasser, F.F., Mahjoub, B.E., Sadeghi, A., Wachsmann, C., Koeberl, P.: TyTAN: tiny trust anchor for tiny devices. In: Proceedings of the 52nd Annual Design Automation Conference—DAC 2015, pp. 34:1–34:6. ACM (2015)

10.

Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRef

11.

Chang, Y.J., Zhang, W., Chen, T.: Biometrics-based cryptographic key generation. In: IEEE International Conference on Multimedia and Expo (ICME), vol. 3 (2004)

12.

Chen, C., Veldhuis, R.N.J., Kevenaar, T.A.M., Akkermans, A.H.M.: Multi-bits biometric string generation based on the likelihood ratio. In: First IEEE International Conference on Biometrics: Theory, Applications, and Systems, pp. 1–6 (2007)

13.

Cigada, A., Leo, E., Vanali, M.: Electrical method to measure the dynamic behaviour and the quadrature error of a MEMS gyroscope sensor. Sens. Actuat. A Phys. 134(1), 88–97 (2007)CrossRef

14.

Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, New York (2006)MATH

15.

Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., Yu, M.M.: Efficient fuzzy extraction of PUF-induced secrets: theory and applications. In: Gierlichs, B., Poschmann, A.Y. (eds.) Cryptographic Hardware and Embedded Systems—CHES, 2016, LNCS, vol. 9813, pp. 412–431. Springer, Berlin (2016)CrossRef

16.

Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M.K. (ed.) Advances in Cryptology—CRYPTO, 2004, LNCS, vol. 3152, pp. 494–510. Springer, Berlin (2004)CrossRef

17.

Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) Advances in Cryptology—CRYPTO 2006, pp. 232–250. Springer, Berlin (2006)

18.

Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. An extended abstract appears in [19]. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRef

19.

Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) Advances in cryptology—EUROCRYPT 2004, pp. 523–540. Springer, Berlin (2004)

20.

Dodis, Y., Yu, Y.: Overcoming weak expectations. In: Sahai, A. (ed.) Theory of Cryptography—10th Theory of Cryptography Conference (TCC), LNCS, vol. 7785, pp. 1–22. Springer, Berlin (2013)

21.

Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: SMART: secure and minimal architecture for (establishing dynamic) root of trust. In: 19th Network and Distributed System Security (NDSS) Symposium. The Internet Society, Reston (2012)

22.

Franken, E., Peeters, M.: Context tree weighting implementation version 0.1. Technical report, Eindhoven University of Technology (2002)

23.

Fraux, R.: Bosch BMI160 vs ST LSM6DSM. Reverse Costing and Technology Analysis. System Plus Consulting, Nantes (2017)

24.

Ganji, F., Tajik, S., Fäßler, F., Seifert, J.: Having no mathematical model may not secure PUFs. J. Cryptogr. Eng. 7(2), 113–128 (2017)CrossRef

25.

Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security—CCS 2002, pp. 148–160. ACM (2002)

26.

Github: SP800-90B Entropy Assessment. https://github.com/usnistgov/SP800-90B_EntropyAssessment. Accessed 05 March 2018

27.

Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007, LNCS, vol. 4727, pp. 63–80. Springer, Berlin (2007)

28.

Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: International Conference on Field Programmable Logic and Applications (FPL), pp. 189–195 (2007)

29.

Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRef

30.

Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning physically unclonable functions. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6 (2013)

31.

Hodges, J.L., Cam, L.L.: The Poisson approximation to the Poisson binomial distribution. Ann. Math. Stat. 31(3), 737–740 (1960)MathSciNetCrossRef

32.

Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)MathSciNetCrossRef

33.

Hsu, W.T., Brown, A.R.: Frequency trimming for MEMS resonator oscillators. In: IEEE International Frequency Control Symposium Joint with the 21st European Frequency and Time Forum, pp. 1088–1091 (2007)

34.

Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the secrecy-rate of physical unclonable functions with the context-tree weighting method. In: IEEE International Symposium on Information Theory, pp. 499–503 (2006)

35.

Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the secrecy-rate of physical unclonable functions with the context-tree weighting method. In: 2006 IEEE International Symposium on Information Theory, pp. 499–503. IEEE (2006)

36.

JEDEC Solid State Technology Association Standard—JESD22-A103E: High Temperature Storage Life (2015). Revision of JESD22-A103D (2010)

37.

JEDEC Solid State Technology Association Standard—JESD22-A104D: Temperature Cycling (2009). Revision of JESD22-A104C (2005)

38.

Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012, pp. 283–301. Springer, Berlin (2012)CrossRef

39.

Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) Advances in Cryptology—CRYPTO 2010, LNCS, vol. 6223, pp. 631–648. Springer, Berlin (2010)

40.

Laermer, F., Schilp, A.: Method of Anisotropically Etching Silicon, US patent (1996)

41.

Lahrach, A.: Bosch IMU in iPhone X. Reverse Costing and Technology Analysis. System Plus Consulting, Nantes (2018)

42.

Lee, J., Lim, D., Gassend, B., Suh, G., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: 2004 Symposium on VLSI Circuits, Digest of Technical Papers, pp. 176–179 (2004)

43.

Lindroos, V., Tilli, M., Lehto, A., Motooka, T.: Handbook of Silicon Based MEMS Materials and Technologies. Elsevier Inc, Amsterdam (2010)

44.

Linnartz, J.M.G., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) Proceedings of the 4th International Conference on Audio-and Video-Based Biometrie Person Authentication—AVBPA 2003, LNCS, vol. 2688, pp. 393–402. Springer, Berlin (2003)

45.

Maes, R.: Physically Unclonable Functions: Constructions. Properties and Applications. Springer, Berlin (2013)CrossRef

46.

Maes, R., van der Leest, V., van der Sluis, E., Willems, F.M.J.: Secure key generation from biased PUFs: extended version. J. Cryptogr. Eng. 6(2), 121–137 (2016)CrossRef

47.

Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: A fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012, LNCS, vol. 7428, pp. 302–319. Springer, Berlin (2012)

48.

Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: IEEE/ACM International Conference on Computer-Aided Design—ICCAD 2008, pp. 670–673 (2008)

49.

May, G.S., Spanos, C.J.: Statistical process control. In: Fundamentals of Semiconductor Manufacturing and Process Control, chap. 6, pp. 181–227. Wiley, New York (2006)

50.

Mgc.co.jp: Non-haloganated low CTE BT resin laminate for IC plastic packages. http://www.mgc.co.jp/eng/products/lm/btprint/lineup/hfbt.html. Accessed 24 July 2017

51.

Nedospasov, D., Seifert, J.P., Helfmeier, C., Boit, C.: Invasive PUF analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography—FDTC 2013, pp. 30–38. IEEE (2013)

52.

Neul, R., Gomez, U., Kehr, K., Bauer, W., Classen, J., Doring, C., Esch, E., Gotz, S., Hauer, J., Kuhlmann, B., Lang, C., Veith, M., Willig, R.: Micromachined gyros for automotive applications. In: IEEE Sensors, pp. 527–530 (2005)

53.

Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996)MathSciNetCrossRef

54.

Orshansky, M., Nassif, S.R., Boning, D.: Front end variability. In: Design for Manufacturability and Statistical Design: A Constructive Approach, chap. 2, pp. 11–41. Springer, Berlin (2008)

55.

Reyzin, L.: Entropy Loss is Maximal for Uniform Inputs. Technical Report BUCS-TR-2007-011. Boston University, Boston (2007)

56.

Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security—CCS 2010, pp. 237–249. ACM (2010)

57.

Samyde, D., Skorobogatov, S.P., Anderson, R.J., Quisquater, J.: On a new way to read data from memory. In: Proceedings of the First International IEEE Security in Storage Workshop – SISW 2002, pp. 65–69. IEEE Computer Society (2002)

58.

Skorobogatov, S.P.: Data remanence in flash memory devices. In: J.R. Rao, B. Sunar (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, Lecture Notes in Computer Science, vol. 3659, pp. 339–353. Springer, Berlin (2005)

59.

Suh, G., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th Design Automation Conference—DAC 2007, pp. 9–14 (2007)

60.

Sumibe.co.jp: Epoxy resin molding compounds for encapsulation of semiconductor devices. http://www.sumibe.co.jp/english/product/it-materials/epoxy/sumikon-eme/. Accessed 24 July 2017

61.

Tanner, D.M., Owen, A.C., Rodriguez, F.: Resonant frequency method for monitoring MEMS fabrication. Proc. SPIE 4980, 4980 (2003)

62.

Tatar, E., Alper, S., Akin, T.: Quadrature-error compensation and corresponding effects on the performance of fully decoupled MEMS gyroscopes. J. Microelectromech. Syst. 21(3), 656–667 (2012)CrossRef

63.

Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.: Recommendation for the entropy sources used for random bit generation (second draft). Special publication 800-90b, National Institute of Standards and Technology (2016)

64.

Tuyls, P., Schrijen, G.J., Skoric, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, LNCS, vol. 4249, pp. 369–383. Springer, Berlin (2006)

65.

Willems, F.M.J., Shtarkov, Y.M., Tjalkens, T.J.: The context-tree weighting method: basic properties. IEEE Trans. Inf. Theory 41(3), 653–664 (1995)CrossRef

66.

Willems, F.M.J., Shtarkov, Y.M., Tjalkens, T.J.: Context weighting for general finite-context sources. IEEE Trans. Inf. Theory 42(5), 1514–1520 (1996)CrossRef

67.

Willers, O., Curcic, M., Seidel, H.: Fingerprinting MEMS gyroscopes. In: Proceedings of the 11th Smart Systems Integration (SSI), pp. 133–140 (2017)

68.

Willers, O., Huth, C., Guajardo, J., Seidel, H.: MEMS gyroscopes as physical unclonable functions. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security—CCS 2016, pp. 591–602. ACM (2016)

Title: On the feasibility of deriving cryptographic keys from MEMS sensors
Authors: Oliver Willers
Christopher Huth
Jorge Guajardo
Helmut Seidel
Peter Deutsch
Publication date: 02-04-2019
Publisher: Springer Berlin Heidelberg
Published in: Journal of Cryptographic Engineering / Issue 1/2020
Print ISSN: 2190-8508
Electronic ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-019-00208-4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 1/2020

Improved parallel mask refreshing algorithms: generic solutions with parametrized non-interference and automated optimizations

How to reveal the secrets of an obscure white-box implementation

Deep learning mitigates but does not annihilate the need of aligned traces and a generalized ResNet model for side-channel attacks

Improving side-channel attacks against pairing-based cryptography

Same value analysis on Edwards curves

Premium Partner