reliable and efficient puf-based key generation using ......arbiter puf two delay paths, produces...
TRANSCRIPT
1UNIVERSITY OF MICHIGAN
Reliable and Efficient PUF-Based Key Generation Using Pattern Matching
Authors:
Zdenek (Sid) Paral and Srinivas Devadas
Presented by:
Sugandha Gupta and Vishishtha Bothra
2UNIVERSITY OF MICHIGAN
OUTLINE
▪ INTRODUCTION
▪ MOTIVATION
▪ SOLUTION
▪ INSIGHT TO PUF & WORKING
▪ PUF BASED KEY GENERATION
▪ PATTERN MATCHING KEY GENERATION (PMKG)
▪ BASICS
▪ PATTERN MATCHING
▪ ARCHITECTURE
▪ MAIN FEATURES
▪ RELIABILITY
▪ EVALUATION
▪ CONCLUSIONS
▪ REFERENCES
▪ DISCUSSION POINTS
3UNIVERSITY OF MICHIGAN
MOTIVATION
▪ Mobile and Embedded devices are used universally
▪ Important to protect critical application to prevent significant loss
▪ Need for Secure Computing
▪ Current practices
▪ Place secret key in EEPROM/ battery-backed SRAM
▪ Use hardware cryptographic operations
▪Digital signature
▪Encryption
High Design Area
High Power Consumption
Vulnerable to invasive attacks
4UNIVERSITY OF MICHIGAN
SOLUTION
PUF - Physical Unclonable Function
▪ Silicon “biometric” ▪Unique▪Robust▪Unclonable
▪ Based on a complex physical system ▪ Secret is derived from the physical “variabilities” of the IC
▪Gate delay▪Power on state of SRAM▪Voltage threshold
High Design Area
High Power Consumption
Vulnerable to invasive attacks
Less Area
Less Power
Invasive attacks are difficult to execute without modifying the physical characteristics
Input Output
5UNIVERSITY OF MICHIGAN
INSIGHT TO PUF
CHALLENGE
RESPONSE 1 RESPONSE 2 RESPONSE 4RESPONSE 3
SERVER CLIENT
▪Uniqueness
▪Same challenge input gives different responses
▪Robustness
▪Stable over time
▪Unclonability
▪Impractical and unreasonably expensive to clone
▪Working
6UNIVERSITY OF MICHIGAN
▪One of the major application of PUF
▪Generates fixed size secret bits – seed, asymmetric key
▪Caution!
▪The challenge response pair must be kept secret
▪Error correction needed for “noisy bits”
▪Helper data/ “syndrome”
▪Syndrome can further lead to leakage of data
PUF BASED KEY GENERATION
PUFKey
Generator Key
Arbiter PUFTwo delay paths, produces
output Y based on which is faster
7UNIVERSITY OF MICHIGAN
BASICS OF KEY GENERATION
▪Unconventional Approach
▪Challenge is kept secret instead of the response
▪Provisioning
▪Externally provided secret seed
▪Generates public helper data and secret key
▪Regeneration
▪Reproduce one of the earlier provisioned key using the helper data
8UNIVERSITY OF MICHIGAN
PATTERN MATCHINGPrivate
Challenge (seed)
PUF
Secret Index (I)
Public Pattern (W)
Non-volatile Memory
Block
▪Provisioning
Pattern
1011
1101
1111
0110111101101011Index
0
6
8 068
W
L
PUF
Comparison Logic
W from Non-Volatile Memory
Key Storage (Volatile Memory)
match
▪Regeneration
9UNIVERSITY OF MICHIGAN
PMKG ARCHITECTURAL PARAMETERS
10UNIVERSITY OF MICHIGAN
ARCHITECTURE
11UNIVERSITY OF MICHIGAN
MAIN FEATURES OF PMKG
▪Helper data/ Syndrome cannot leak key
▪Index based key generation
▪Forking in the challenge sequencer
▪Match signal is also used in the challenge sequencer
▪Subsequent challenge are less traceable after each iteration
▪Constant number of comparisons against helper pattern in each iterations
▪Avoids differential power and timing analysis attack
▪Key Mixer
▪During provisioning – comparisons between running index counter
and secret index of current round
SECURITY
12UNIVERSITY OF MICHIGAN
RELIABILITY
▪Threshold has to be selected very wisely
▪ Intra-PUF variability – measure of reproducibility of responses
▪ Inter-PUF variability – measure of uniqueness of responses
▪ Leads to Pattern Miss and Pattern Collision
Intra-PUF Variability (~5%)
Inter-PUF Variability(~50%)
13UNIVERSITY OF MICHIGAN
EVALUATION USING ASIC DATA
▪ Voltage variations in provisioning and regeneration at different temperatures
▪ But can’t be quantified
▪ Threshold = 80 code bits
▪ Pattern Size W = 256 bits
14UNIVERSITY OF MICHIGAN
CONCLUSIONS
▪ Viable method of PUF based Key Generation
▪ Key generation using index
▪ No storage of key directly
▪ Low clock latency
▪ Hardware requirements – minimal
▪ No error correction needed
▪ Select optimal Threshold (T) and Pattern Width (W)
▪ Improvements
▪ Can be made faster and secure by increasing number of PUF
▪ Future Work
▪ Use Delay PUF instead of Arbiter PUF
15UNIVERSITY OF MICHIGAN
REFERENCES
▪ Paral, Z.; Devadas, S., "Reliable and efficient PUF-based key generation using pattern matching," in Hardware-Oriented Security and Trust (HOST), 2011 IEEE International Symposium on , vol., no., pp.128-133, 5-6 June 2011
▪ Herder, C.; Meng-Day Yu; Koushanfar, F.; Devadas, S., "Physical Unclonable Functions and Applications: A Tutorial," in Proceedings of the IEEE , vol.102, no.8, pp.1126-1141, Aug. 2014
▪ Lecture Slides
▪ http://www.eecs.umich.edu/courses/eecs573/lectures/03%20-%20Security-Tutorial.pdf
▪ Web
▪ http://people.csail.mit.edu/rudolph/Teaching/Lectures/Security/Lecture-Security-PUFs-2.pdf
16UNIVERSITY OF MICHIGAN
QUESTIONS
17UNIVERSITY OF MICHIGAN
DISCUSSION Points
▪ Are the physical characteristics like process variation good enough to distinguish between ICs?
▪ Can PUF integrity be compromised with silicon wear out and extreme changes?
▪ Is setting threshold better or doing error correction?