nach oben

Journal of Cryptographic Engineering

Erschienen in:

21.03.2022 | Regular Paper

Programmable access-controlled and generic erasable PUF design and its applications

verfasst von: Chenglu Jin, Wayne Burleson, Marten van Dijk, Ulrich Rührmair

Erschienen in: Journal of Cryptographic Engineering | Ausgabe 4/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Physical unclonable functions (PUFs) have not only been suggested as a new key storage mechanism, but—in the form of so-called strong PUFs—also as cryptographic primitives in advanced schemes, including key exchange, oblivious transfer, or secure multi-party computation. This notably extends their application spectrum, and has led to a sequence of publications at leading venues such as IEEE S&P, CRYPTO, and EUROCRYPT in the past. However, one important unresolved problem is that adversaries can break the security of all these advanced protocols if they gain physical access to the employed strong PUFs after protocol completion. It has been formally proven that this issue cannot be overcome by techniques on the protocol side alone, but requires resolution on the hardware level—the only fully effective known countermeasure being so-called erasable PUFs. Building on this work, this paper is the first to describe a generic method of how any given silicon strong PUF with digital CRP-interface can be turned into an erasable PUF. We describe how the strong PUF can be surrounded with a trusted control logic that allows the blocking (or “erasure”) of single CRP. We implement our approach, which we call “GeniePUF,” on FPGA, reporting detailed performance data and practicality figures. Furthermore, we develop the first comprehensive definitional framework for erasable PUFs. Our work so re-establishes the effective usability of strong PUFs in advanced cryptographic applications, and in the realistic case, adversaries get access to the strong PUF after protocol completion. As an extension to earlier versions of this work, we also introduce a generalization of erasable PUFs in this paper, which we call programmable access-controlled PUFs (PAC PUFs). We detail their definition, and discuss various exemplary applications of theirs.

Vorheriger Artikel Secret-free security: a survey and tutorial

Nächster Artikel Differential fault analysis of NORX using variants of coupon collector problem

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Weak PUFs [4] are not suited for the application as cryptographic primitive in advanced protocols in the above sense: This scenario inevitably requires a large, inexhaustible CRP space with many possible challenges, numerically unpredictable responses, and a publicly accessible CRP-interface of the PUF, where every protocol participant and also adversaries can apply challenges and read-out responses freely [14, 15, 19]—or, in one term, a strong PUF [4].

We would like to mention that this article is a journal version of an earlier publication at the ASHES workshop [30]. Together with several smaller adaptions, the concept of a programmable access-controlled PUF has been added to this work; Sects. 6 and 7 are completely new.

We assume that the physical handover procedures in Step 1 and Step 3, as well as the choice and presentation of \(c^j\) in Step 4, are carried out in negligible time compared to the rest of the security game, i.e., we model them to take time of 0 \(\sec \), not causing any additional delays.

Note that \(\mathcal {A}\) may have potentially physically altered or even destroyed P.

As a self-balancing binary search tree, a RBT will adjust (rotate) its tree structure to maintain the balance of itself, when it is unbalanced. Detailed description of the rotations can be found in [46], and examples can be found in Appendix B.

At the time of our implementational work, this size of the iPUF was considered secure; we remark that this no longer holds due to some recent advances in iPUF modeling attacks [50, 54]. However, this does not affect our evaluation results, as we are mainly evaluating the interface design, not the underlying PUF. Since our GeniePUF technique is generic, it could also be implemented with larger iPUF sizes that are secure, PUFs whose security can be reduced to computational hardness assumptions [55, 56], or with alternative future secure implementations of strong PUFs, of course.

Count-limited access PUFs alone do not solve the reliability-based attacks on XOR PUFs, due to the existence of correlated CRPs in XOR PUFs.

Lofstrom, K., Daasch, W.R., Taylor, D.: IC identification circuit using device mismatch. In: 2000 IEEE International Solid-State Circuits Conference. Digest of Technical Papers (Cat. No. 00CH37056) (IEEE), pp. 372–373 (2000)

Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (ACM), pp. 148–160 (2002)

Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: American association for the advancement of science. Physical one-way functions. Science 297(5589), 2026–2030 (2002)

Rührmair, U., Holcomb, D.E.: PUFs at a glance. In: Proceedings of the Conference on Design, Automation and Test in Europe (European Design and Automation Association), p. 347 (2014)

Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Proceedings of the Conference on RFID Security, vol. 7 (2007)

Jaeger, C., Algasinger, M., Rührmair, U., Csaba, G., Stutzmann, M.: Random pn-junctions for physical cryptography. Appl. Phys. Lett. 96(17), 172103 (2010)CrossRef

Xiong, W., Schaller, A., Anagnostopoulos, N.A., Saleem, M.U., Gabmeyer, S., Katzenbeisser, S., Szefer, J.: Run-time accessible DRAM PUFs in commodity devices. In: International Conference on Cryptographic Hardware and Embedded Systems (Springer), pp. 432–453 (2016)

Kumar, S.S., Guajardo, J., Maes, R., Schrijen, G.J., Tuyls, P.:The butterfly PUF protecting IP on every FPGA. In: 2008 IEEE International Workshop on Hardware-Oriented Security and Trust (IEEE), pp. 67–70 (2008)

Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)MathSciNetCrossRef

10.

Simons, P., vander Sluis, E., vander Leest, V.: In: Buskeeper PUFs, a promising alternative to D flip-flop PUFs. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust (IEEE), pp. 7–12 (2012)

11.

Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: International Workshop on Cryptographic Hardware and Embedded Systems (Springer), pp. 302–319 (2012)

12.

Maes, R., Van DerLeest, V., Van DerSluis, E., Willems, F.: Secure key generation from biased PUFs. In: International Workshop on Cryptographic Hardware and Embedded Systems (Springer), pp. 517–534 (2015)

13.

Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference (ACM), pp. 9–14 (2007)

14.

Brzuska, C., Fischlin, M., Schröder, H., Katzenbeisser, S.: Physically uncloneable functions in the universal composition framework. In: Advances in Cryptology CRYPTO 2011 (Springer), pp. 51–70 (2011)

15.

Ostrovsky, R., Scafuro, A., Visconti, I., Wadia, A.: Universally composable secure computation with (malicious) physically uncloneable functions. In: Advances in Cryptology–EUROCRYPT 2013 (Springer), pp. 702–718 (2013)

16.

Damgård, I., Scafuro, A.: Unconditionally secure and universally composable commitments from physical assumptions. In: International Conference on the Theory and Application of Cryptology and Information Security (Springer), pp. 100–119 (2013)

17.

Dachman-Soled, D., Fleischhacker, N., Katz, J., Lysyanskaya, A., Schröder, D.: Feasibility and infeasibility of secure computation with malicious PUFs. In: Advances in Cryptology CRYPTO 2014 (Springer), pp. 405–420 (2014)

18.

Badrinarayanan, S., Khurana, D., Ostrovsky, R., Visconti, I.: Unconditional UC-secure computation with (stronger-malicious) PUFs. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques (Springer), pp. 382–411 (2017)

19.

Rührmair, U.: Oblivious transfer based on physical unclonable functions. In: Trust and Trustworthy Computing (Springer), pp. 430–440 (2010)

20.

Fischlin, M., Mazaheri, S.: Self-guarding cryptographic protocols against algorithm substitution attacks. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF) (IEEE), pp. 76–90 (2018)

21.

Chen, L., Chen, L., Jordan, S., Liu, Y.K., Moody, D., Peralta, R., Perlner, R., Smith-Tone, D.: Report on post-quantum cryptography. US Department of Commerce, National Institute of Standards and Technology (2016)CrossRef

22.

Perlman, R.J., Hanna, S.R.: Methods and systems for establishing a shared secret using an authentication token (2001). US Patent 6,173,400 (2001)

23.

Rührmair, U., van Dijk, M.: Pufs in security protocols: attack models and security evaluations. In: Security and Privacy (SP), 2013 IEEE Symposium on (IEEE), pp. 286–300 (2013)

24.

van Dijk, M., Rührmair, U.: Physical unclonable functions in cryptographic protocols: security proofs and impossibility results. IACR Cryptol. ePrint Archive 2012, 228 (2012)

25.

Rührmair, U., Jaeger, C., Algasinger, M.: An attack on PUF-based session key exchange and a hardware-based countermeasure: Erasable PUFs. In: Financial Cryptography and Data Security (Springer), pp. 190–204 (2011)

26.

Katzenbeisser, S., Kocabaş, Ü., van DerLeest, V., Sadeghi, A.R., Schrijen, G.J., Wachsmann, C.: Recyclable pufs: logically reconfigurable pufs. J. Cryptographic Eng. 1(3), 177–186 (2011)CrossRef

27.

Zhang, L., Kong, Z.H., Chang, C.H., Cabrini, A., Torelli, G.: Exploiting process variations and programming sensitivity of phase change memory for reconfigurable physical unclonable functions. IEEE Trans. Inf. Forensics Secur. 9(6), 921–932 (2014)CrossRef

28.

Kursawe, K., Sadeghi, A.R., Schellekens, D., Skoric, B., Tuyls, P.: Reconfigurable physical unclonable functions-enabling technology for tamper-resistant storage, In: Hardware-Oriented Security and Trust, 2009. HOST’09. IEEE International Workshop on (IEEE), pp. 22–29 (2009)

29.

Eichhorn, I., Koeberl, P., vander Leest, V.: Logically reconfigurable PUFs: memory-based secure key storage. In: Proceedings of the Sixth ACM Workshop on Scalable Trusted Computing (ACM), pp. 59–64 (2011)

30.

Jin, C., Burleson, W., van Dijk, M., Rührmair, U.: Erasable PUFs: formal treatment and generic design. In: Proceedings of the 4th ACM Workshop on Attacks and Solutions in Hardware Security, pp. 21–33 (2020)

31.

Rührmair, U., Jaeger, C., Bator, M., Stutzmann, M., Lugli, P., Csaba, G.: Applications of high-capacity crossbar memories in cryptography. IEEE Trans. Nanotechnol. 10(3), 489–498 (2011)CrossRef

32.

Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled physical random functions. In: Computer Security Applications Conference, 2002. Proceedings. 18th Annual (IEEE), pp. 149–160 (2002)

33.

Gassend, B., Dijk, M.V., Clarke, D., Torlak, E., Devadas, S., Tuyls, P.: Controlled physical random functions and applications. ACM Trans. Inf. Syst. Secur. 10(4), 3 (2008)CrossRef

34.

Rostami, M., Majzoobi, M., Koushanfar, F., Wallach, D.S., Devadas, S.: Robust and reverse-engineering resilient puf authentication and key-exchange by substring matching. IEEE Trans. Emerg. Top. Comput. 2(1), 37–49 (2014)CrossRef

35.

Yu, M.D., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., Verbauwhede, I.: A lockdown technique to prevent machine learning on pufs for lightweight authentication. IEEE Trans. Multi-Scale Comput. Syst. 2(3), 146–159 (2016)CrossRef

36.

Majzoobi, M., Koushanfar, F., Potkonjak, M.: Techniques for design and implementation of secure reconfigurable pufs. ACM Trans. Reconfigurable Technol. Syst. 2(1), 1–33 (2009)CrossRef

37.

Rührmair, U., van Dijk, M.: On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols. J. Crypt. Eng. 3(1), 17–28 (2013)CrossRef

38.

Rührmair, U., Sölter, J., Sehnke, F.: On the foundations of physical unclonable functions. IACR Cryptol. ePrint Arch. 2009, 277 (2009)

39.

Rührmair, U., Busch, H., Katzenbeisser, S.: Strong PUFs: models, constructions, and security proofs. In: Towards Hardware-intrinsic Security (Springer), pp. 79–96 (2010)

40.

Armknecht, F., Moriyama, D., Sadeghi, A.R., Yung, M.: Towards a unified security model for physically unclonable functions. In: Cryptographers’Track at the RSA Conference (Springer), pp. 271–287 (2016)

41.

Rührmair, U.: Physical turing machines and the formalization of physical cryptography. IACR Cryptol. ePrint Arch. 2011, 188 (2011)

42.

Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (ACM), pp. 237–249 (2010)

43.

Rührmair, U., Sölter, J.: PUF modeling attacks: an introduction and overview. In: 2014 Design, Automation and Test in Europe Conference and Exhibition (DATE) (IEEE), pp. 1–6 (2014)

44.

Herder, C., Yu, M.D., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014)CrossRef

45.

Buldas, A., Laud, P., Lipmaa, H.: Accountable certificate management using undeniable attestations. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (ACM), pp. 9–17 (2000)

46.

Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C., et al.: Introduction to Algorithms, vol. 2. MIT Press, Cambridge (2001)MATH

47.

Rührmair, U.: SoK: Towards secret-free security, In: 2020 Workshop on Attacks and Solutions in Hardware Security (ASHES@ CCS 2020) (2020)

48.

Standaert, F.X.: Introduction to side-channel attacks. In: Secure Integrated Circuits and Systems (Springer), pp. 27–42 (2010)

49.

Wang, H., Forte, D., Tehranipoor, M.M., Shi, Q.: Probing attacks on integrated circuits: challenges and research opportunities. IEEE Des. Test 34(5), 63–71 (2017)CrossRef

50.

Wisiol, N., Mühl, C., Pirnay, N., Nguyen, P.H. , Margraf, M., Seifert, J.P., van Dijk, M., ührmair, U.R.: Splitting the interpose puf: a novel modeling attack strategy. IACR Trans. Cryptographic Hardware Embedded Syst. pp. 97–120 (2020)

51.

Tajik, S., Dietz, E., Frohmann, S., Seifert, J.P., Nedospasov, D., Helfmeier, C., Boit, C., Dittrich, H.: Physical characterization of arbiter pufs. In: Cryptographic Hardware and Embedded Systems—CHES 2014 (Springer), pp. 493–509 (2014)

52.

Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault injection attacks on cryptographic devices: theory, practice, and countermeasures. Proc. IEEE 100(11), 3056–3076 (2012)CrossRef

53.

Nguyen, P.H., Sahoo, D.P., Jin, C., Mahmood, K., Rührmair, U., van Dijk, M.: The interpose puf: Secure puf design against state-of-the-art machine learning attacks. IACR Trans, Cryptographic Hardware Embedded Syst (2019)

54.

Tobisch, J., Aghaie, A., Becker, G.T.: Combining optimization objectives: new machine-learning attacks on strong pufs. IACR Cryptol. ePrint Arch. 2020, 957 (2020)

55.

Herder, C., Ren, L., VanDijk, M., Yu, M.D., Devadas, S.: Trapdoor computational fuzzy extractors and stateless cryptographically-secure physical unclonable functions. IEEE Trans. Depend. Secure Comput. 14(1), 65–82 (2016)CrossRef

56.

Jin, C., Herder, C., Ren, L., Nguyen, P.H., Fuller, B., Devadas, S., van Dijk, M.: Fpga implementation of a cryptographically-secure puf based on learning parity with noise. Cryptography 1(3), 23 (2017)CrossRef

57.

Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography (CRC Press, 1996)

58.

AES, NIST, Advanced encryption standard. Federal Information Processing Standard, FIPS-197, 12 (2001)

59.

Tuyls, P., Škorić, B.: Strong authentication with physical unclonable functions. In: Security, Privacy, and Trust in Modern Data Management (Springer), pp. 133–148 (2007)

60.

Kilian, J.: Founding crytpography on oblivious transfer. In: Proceedings of the Twentieth Annual ACM Symposium on Theory of computing (ACM), pp. 20–31 (1988)

61.

Becker, G.T.: The gap between promise and reality: On the insecurity of XOR arbiter PUFs. In: Cryptographic Hardware and Embedded Systems–CHES 2015 (Springer), pp. 535–555 (2015)

62.

Liu, Q., Safavi-Naini, R., Sheppard, N.P.:The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Proceedings of the Australasian Information Security Workshop Conference on ACSW Frontiers 2003-Vol. 21 (Citeseer), pp. 49–58 (2003)

63.

Sarmenta, L.F., van Dijk, M., O’Donnell, C.W. , Rhodes, J., Devadas, S.: Virtual monotonic counters and count-limited objects using a TPM without a trusted OS. In: Proceedings of the First ACM Workshop on Scalable Trusted Computing (ACM), pp. 27–42 (2006)

64.

Bayer, R.: Symmetric binary b-trees: data structure and maintenance algorithms. Acta Inform. 1(4), 290–306 (1972)MathSciNetCrossRef

Titel: Programmable access-controlled and generic erasable PUF design and its applications
verfasst von: Chenglu Jin
Wayne Burleson
Marten van Dijk
Ulrich Rührmair
Publikationsdatum: 21.03.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: Journal of Cryptographic Engineering / Ausgabe 4/2022
Print ISSN: 2190-8508
Elektronische ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-022-00284-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2022

Differential fault analysis of NORX using variants of coupon collector problem

The ASHES 2020 special issue at JCEN

Development of the RISC-V entropy source interface

A comprehensive survey of physical and logic testing techniques for Hardware Trojan detection and prevention

Fault analysis of the PRINCE family of lightweight ciphers

A framework for leaking secrets to past instructions

Premium Partner