run-time accessible dram pufs in commodity devices … · run-time accessible dram pufs in...

Run-timeAccessibleDRAMPUFsinCommodityDevices

WenjieXiong1,AndréSchaller2,NikolaosA.Anagnostopoulos2,MuhammadUmairSaleem2,SebastianGabmeyer2,

StefanKatzenbeisser2,andJakubSzefer1

1.YaleUniversity,USA2.Technische UniversitätDarmstadtandCASED,Germany

Aug18,2016

PhysicallyUnclonable Functions(PUF)

• Afunction,whichisembeddedintoaphysicalobjectWhenqueriedwithachallengex,thePUFgenerates aresponsey,whichdependson1)Challengexand2)specialphysicalpropertiesoftheobject

• SiliconPUFsusethemanufacturingprocessvariationse.g.ArbiterPUFs,SRAM-PUFsItisalmostimpossibletoclone,evenforthemanufacturer

• Authenticationandidentification

2CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.

Intrinsic PUF• NoextrachipsneededforPUF• Exploit hardwarewhichison-boardanyway

e.g.startupvaluesofSRAM

IsitpossibletoexploitDRAMasaPUF?• MostcomputingdevicesholdDRAM• ExploitintrinsicDRAMPUFtoderiveaunique

fingerprint&deriveakey• DRAMhaslargercapacitythanSRAM• RuntimePUFratherthanboot-uptime

IntrinsicDRAMPUF

Experimentalplatforms:PandaBoard(top)andIntelGalileo(bottom).

Outline/Contributions• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity

devices duringrun-timeofthe Linuxsystem• IntroducenewmetricsforevaluatingDRAMPUFs,basedontheJaccard

index• Throughextensiveexperiments,weshowthatDRAMPUFsexhibit

robustness,uniqueness,andstability• Designprotocolsfordeviceauthenticationandsecurechannel

establishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells

SS 2013 | Seminar: Physically Unclonable Functions and its Applications | André Schaller & Prof. Dr. Stefan Katzenbeisser |

CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.

DRAMCellDecay• ADRAMcellconsistsofa

capacitorandatransistor• Bitisstoredascharge• DRAMaccessprocess• Chargeleakage

– DRAMrefresh– Accessawordwillrefresh

thewholerow• Duetothemanufacturing

variationsamongDRAMcells,somecellsdecayfasterthanothers,whichcanbeexploitedasaPUF

SchematicofaDRAMarray;arrowsindicateleakagepathsfor

dissipationofchargesthatleadtoPUFbehavior.

DRAMPUFAccess

(1)DRAMforordinaryuse

(2)PUFregion(ingrey)isinitializedandtheDRAM

(3)PUFcellsdecayfortimet

(4)ReadouttheDRAMtoextractthePUFmeasurement

(5)DRAMreturntonormalusage

DRAMPUFchallenge:LogicalPUF(addr andsize),initialvalue (0or1),decaytime

OS & App memory

sizeaddr

LogicalPUF

OS & App memory

refreshisdisabled

• Twoapproaches– Firmware

• DRAMisnotusedbyfirmware,sothewholeDRAMrefreshcanbedisabled

– Kernelmodule• SelectiveDRAMrefresh

– ReadawordineachDRAMrow,andthus,refreshtheDRAMusedbythesystemandapplications

• Twoplatforms– PandaboardESRevisionB3:TIOMAP4460,1GBELPIDADDR2– IntelGalileoGen2:IntelQuarkX1000,two128MBMicronDDR3

Implementations

devicesduringrun-timeoftheLinuxsystem• IntroducenewmetricsforevaluatingDRAMPUFs,basedontheJaccard

robustness,uniqueness,andstability• Designprotocolsfordeviceauthenticationandsecurechannel

DRAMPUFCharacteristics

Iftx ≤tx+1andaddrx =addrx+1,sizex =sizex+1,weobservemx⊆mx+1,uptonoise.

Wemeasuredtwo 32KBlogicalPUFson4 PandaBoardsand5 IntelGalileos.EachlogicalPUFwasmeasuredatfive decaytimeswith50measurementseach.

AveragedecayrateofDRAMmodulesof(blue)PandaBoardand(purple)IntelGalileo.

120 180 240 300 3600

Decay time (sec)

t1 t2 t3t0

DRAMPUFCharacteristics• PUFmeasurement:Astringof0’sand1’s

->Asetofbitflips• Hammingdistance->Jaccardindex

• IntraJaccardIndex:– PUFmeasurementsofthesame PUFchallenge.– Ideally,themeasurementsarethesame. Jintra ≈1.

• InterJaccardIndex:– PUFmeasurementsofdifferent PUFchallenges.– Ideally, themeasurementsarecompletelydifferent.Jinter ≈0.

J(v1,v2 ) =v1∩v2v1∪v2

Maxfractionalintra-HD

Minfractionalinter-HD

0.0045 0.0038

0.0003 0.0012

0.0083 0.0139

0.0005 0.0032

0.0101 0.0244

0.0020 0.0057

0.0123 0.0238

0.0013 0.0080

0.0206 0.0279

0.0022 0.0124

DRAMPUFCharacteristicsRobustnessandUniqueness

• Robustness:ForthesamePUF,thesamechallengexshouldalwaysproducealmostthesameresponsey. Jintra ≈1

• Uniqueness:FordifferentPUF,thesamechallengexshouldalwaysproduceverydifferentresponsey. Jinter ≈0

• JaccardindexisbetteratdistinguishingDRAMPUFmeasurements.Decaytime

device MinJintra

MaxJinter

120sPandaBoard 0.4634 0.0102

Galileo 0.7712 0.0038

180sPandaBoard 0.4382 0.0168

Galileo 0.8361 0.0044

240sPandaBoard 0.4087 0.0258

Galileo 0.6261 0.0049

300sPandaBoard 0.4222 0.0405

Galileo 0.7944 0.0055

360sPandaBoard 0.3484 0.0342

Galileo 0.8276 0.0072 11

Jaccard index between pairs of measurements0 0.2 0.4 0.6 0.8 1

Jinter

Jintra

Jinter

Jintra

DRAMPUFCharacteristicsRobustnessandUniqueness

DistributionofJintra and Jinter valuesfor(left)PandaBoardand(right)IntelGalileo.

• Robustness:ForthesamePUF,thesamechallengexshouldalwaysproducealmostthesameresponsey. Jintra ≈1

• Uniqueness:FordifferentPUF,thesamechallengexshouldalwaysproduceverydifferentresponsey. Jinter ≈0

• ThereisacleargapbetweenJintra and Jinter.->Uniqueness

TemperatureDependency• DRAMdecayalsodependsontheambienttemperature.• WeconductedtemperatureexperimentswithaheaterontopoftheDRAM.

Temperature-dependentdecayof(left)PandaBoardand(right)IntelGalileo.

40 60 800

Temperature (◦C)

t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s

40 60 800

Temperature (◦C)

t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s

TemperatureDependency

120 180 240 300 3600

Decay time (sec)

120 180 240 300 3600

Decay time (sec)

Temperature-dependentdecayof(left)PandaBoardand(right)IntelGalileo.

40 60 800

Temperature (◦C)

t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s

40 60 800

Temperature (◦C)

t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s

• HightemperaturespeedsuptheDRAMcelldecay.t’T’=t*e-0.0662*(T’-T)

• Underdifferenttemperature,withequivalent decaytimethesamedecaycanbeobserved.

• ThetemperaturedependencydoesnotaffecttherobustnessofthePUF.

t1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 540/C 50/C 60/C

TemperatureDependency

Jintra (i.e.similarity)ofenrollmentmeasurementstakenat40oCandmeasurementsatT’={40oC,50oC,60oC}onIntelGalileo.

Stability• WetookmeasurementsfromsamePUF4monthsapart.• TheminimumJaccardindexisnoworsethanJintra.

->ThePUFisstableover4months.

Jaccard index between pairs of measurements0.75 0.8 0.85 0.9 0.95

DistributionofJaccardindexofmeasurementstakenfromthesamelogicalPUFonIntelGalileoover4monthswithdecaytime200s.

devicesduringrun-timeoftheLinuxsystem• IntroducenewmetricsforevaluatingDRAMPUFs,basedontheJaccard

robustness,uniqueness,andstability.• Designprotocolsfordeviceauthenticationandsecurechannel

ProtocolforAuthentication• Threatmodel:Apassiveattacker,whoisabletoobservethenetworktraffic• Enrollment:A definedsetofdecaytimes

T={t0,t1,...,tn}MeasurementsforeachlogicalPUF

M={mid,0,mid,1,...,mid,n }

• Authentication:Theserverchoosesthesmallestdecaytimetx notpreviouslyusedforthelogicalPUFid.

Client C Server S

D T ,M,W,Kauthreq, id

m0id,x

d = J(m0id,x

,mid,x

d > ✏

: auth

: noauth

>:auth / noauth

SecureChannelEstablishment

Client C Server S

D T ,M,W,Kchannelreq, id

, wid,x

m0id,x

IfthereexistsasecurefuzzyextractorforourDRAMPUF.• EnrollmentAdefinedsetofdecaytimes

T={t0,t1,...,tn}MeasurementsforeachlogicalPUF

M={mid,0,mid,1,...,mid,n }Asetofrandomkeys

K={kid,0,kid,1,...,kid,n }Helperdata

W={wid,0,wid,1,...,wid,n }

Time Dependent Decay• HowtochoosethesetofdecaytimesT={t0,t1,...,tn}?

• Securityisinthenewlyflippedbitsintx+1comparedtotx.• Security parameterεbits :numberofnewlyflippedbits.

Knowingmx,theprobabilityofarandomguessofmx+1 beingsuccessfulissmallerthan2-128.

tx tx+1

120 180 240 300 3600

Decay time (sec)

120 180 240 300 3600

Decay time (sec)

Redlinesindicatepossibledecaytimechallenges.IntelGalileocanprovide7challenges,andPandaBoardcanprovide2challengeswith32KBlogicalPUFanddecaytimet<360s.

Conclusions• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity

devices.– Twoplatforms:thePandaBoard andtheIntelGalileo– Twoapproaches:acustomizedfirmware,andakernelmodule

• IntroducednewmetricsforevaluatingDRAMPUFs,basedontheJaccardindex.

• ShowedthatDRAMPUFsexhibitrobustness,uniqueness,andstabilitywiththedecaytimeaspartofthePUFchallenge.

• Designedprotocolsfordeviceauthenticationandsecurechannelestablishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells.

Futurework• Construct fuzzy extractor forDRAMPUF

– Jaccard index– BiasedPUF

• BetterunderstandDRAMPUFcharacteristics– Temperature dependency– Voltagedependency

• Improveread out time– Intheorderofminutes

Acknowledgements

Thisworkhasbeenco-fundedbytheDFGaspartofprojectP3withintheCRC1119CROSSING,andpartlyfundedbyCASED.

ThankstoKevinRyanandEthanWeinbergerfortheirhelpwithbuildingtheheatersetup.

ThankstoIntelfordonatingtheIntelGalileoboardsusedinthiswork.

ThankstoanonymousCHESreviewers,andespeciallyourshepherd,RoelMaes.

Q&A• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity

devices.– Twoplatforms:thePandaBoard andtheIntelGalileo– Twoapproaches:acustomizedfirmware,andakernelmodule

• IntroducednewmetricsforevaluatingDRAMPUFs,basedontheJaccardindex.

• ShowedthatDRAMPUFsexhibitrobustness,uniqueness,andstabilitywiththedecaytimeaspartofthePUFchallenge.

• Designedprotocolsfordeviceauthenticationandsecurechannelestablishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells.

DRAMcelldecay

Figure1:SchematicofaDRAMarray;arrowsindicateleakage

pathsfordissipationofchargesthatleadtoPUFbehavior.

RobustnessandUniqueness

Maxfractionalintra-HD

Minfractionalinter-HD

0.0045 0.0038

0.0003 0.0012

0.0083 0.0139

0.0005 0.0032

0.0101 0.0244

0.0020 0.0057

0.0123 0.0238

0.0013 0.0080

0.0206 0.0279

0.0022 0.0124

Decaytime

device MinJintra

MaxJinter

120sPandaBoard 0.4634 0.0102

Galileo 0.7712 0.0038

180sPandaBoard 0.4382 0.0168

Galileo 0.8361 0.0044

240sPandaBoard 0.4087 0.0258

Galileo 0.6261 0.0049

300sPandaBoard 0.4222 0.0405

Galileo 0.7944 0.0055

360sPandaBoard 0.3484 0.0342

Galileo 0.8276 0.0072

Jinter

Jintra

Jinter

Jintra

Figure3:DistributionofJintra and Jinter valuesfor(left)Pandaboardand(right)IntelGalileo.

• HightemperaturespeedsuptheDRAMcelldecay.t’T’=t*e-0.0662*(T’-T)

• Underdifferenttemperature,withequivalent decaytimethesamedecaycanbeobserved.

• ThetemperaturedependencydoesnotaffecttherobustnessofthePUF.

t1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 540/C 50/C 60/C

Temperaturedependency

Figure5:Jintra (i.e.similarity)ofenrollmentmeasurementstakenat40oCandmeasurementsatT’={40oC,50oC,60oC}onIntelGalileo.

run-time accessible dram pufs in commodity devices … · run-time accessible dram pufs in...

Documents

dram lecture2

nda: near-dram acceleration architecture leveraging ... ·...

lecture05 dram

embedded dram

proactivedram: a dram-initiated retention management...

intrinsic rowhammer pufs: leveraging the rowhammer effect...

d-range: using commodity dram devices to …hardware to...

lecture10 – more on physically unclonable functions (pufs)

optical pufs reloaded - cryptology eprint archive pufs...

dram - mouser

some results about the aging impact on delay...

scalable many-core memory systems topic 1: dram basics...

pufs – an extensive survey

1 multi-core systems core 0core 1core 2core 3 l2 cache l2...

fine-grained dram: energy-efficient dram for extreme...

unclonable physical functions...

high speed dram interface -...

silicon pufs and puf-based key storage...pufs: physically...

ddr3 synchronous dram memory - … · ddr3 synchronous dram...

architectural techniques to enhance dram...