Password based Hardware Authentication using PUFs
Transcript of Password based Hardware Authentication using PUFs
![Page 1: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/1.jpg)
1ECE Department
Password based Hardware Authentication using PUFs
Raghavan Kumar
Wayne Burleson
Department of Electrical and Computer Engineering
University of Massachusetts Amherst
![Page 2: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/2.jpg)
2ECE Department
Outline
Introduction
Problem Statement
Proposed Solution
Results
Conclusion
![Page 3: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/3.jpg)
3ECE Department
Outline
Introduction
Problem Statement
Proposed Solution
Results
Conclusion
![Page 4: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/4.jpg)
4ECE Department
Introduction
Key Security Challenges
• Secure authentication of devices [4]
- keycards, RFIDs, mobile phones
- counterfeit detection
• Protection of sensitive IP on devices
- digital content, personal information
- software on mobile/embedded systems
• Secure communication among devices
![Page 5: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/5.jpg)
5ECE Department
Introduction
Traditional Solution
• Key/Signature stored in non-volatile memory
• Use the Key/Signature for authentication and also other security operations like IP protection
sends a random challenge
sends back response (challenge signed with the secret key)
Trusted authority
IC with secret key
![Page 6: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/6.jpg)
6ECE Department
Introduction
Problems with key storage [1]
• Vulnerable to attacks (active and passive)
• EEPROM adds complexity to system
• Non-Volatile memory may be expensive in resource constrained platforms
Key question: “How to generate inexpensive, secure and unique keys/signatures in an IC?”
[1] G. Edward Suh and Srinivas Devadas. Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th annual Design Automation Conference (DAC '07). ACM, New York, NY, USA
![Page 7: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/7.jpg)
7ECE Department
Introduction
Physical Unclonable Functions (PUF) [1,4,5]
• Extracts secret keys from inherent manufacturing/process variations
• Due to process variations, no two integrated circuits with same layout is identical
- Variations are random and hard to predict
- Relative variations are increasing with shrinking of gate dimensions
![Page 8: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/8.jpg)
8ECE Department
Introduction
Arbiter PUF (delay-based)
• Generate secret keys using unique delay characteristics of each processor chip
• Delay differences arise from variations in gate dimensions, threshold voltage and interconnects
Combinatorial Circuit
Challengec-bits
Responsen-bits
![Page 9: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/9.jpg)
9ECE Department
Outline
Introduction
Problem Statement
Proposed Solution
Results
Conclusion
![Page 10: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/10.jpg)
10ECE Department
Problem Statement
• Arbiter PUFs are vulnerable to machine learning attacks [2]
- Arbiter PUFs are essentially linear classifiers of challenges and responses in n-dimensional space (n-number of CRP pairs)
• Also, existing PUF based authentication protocols authenticate only the device
- Even an adversary possessing trusted hardware can use the features
AuthenticDevice A
PUF
UntrustedSupply Chain /
Environments
UntrustedSupply Chain /
Environments
???
Challenge Response
Is this theauthenticDevice A?
=?
PUF
Challenge Response’
Challenge Response
Database for Device A
010001 010101 101101 100011011101 000110
Record
![Page 11: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/11.jpg)
11ECE Department
Outline
Introduction
Problem Statement
Proposed Solution
Results
Conclusion
![Page 12: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/12.jpg)
12ECE Department
Proposed Solution
Password based Hardware Authentication using PUFs(PHAP)
Decoder
LCD (Logic Completion
Detector)
MUX PUF Block
LFSR interweave
CLOCK
Cuser
CLFSR
Si S0
shared secret key
Ruser
Rinter
Rpadded
64 bit bus
32 bit bus
Signal Description
Length
Cuser External challenge
64
Rinter Intermediate PUF
response
32
Rpadded Padded PUF
response with
password
64
CLFSR New PUF challenge generated by LFSR
64
Ruser Final PUF response
32
![Page 13: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/13.jpg)
13ECE Department
Proposed Solution
Timing Diagram
Authentication Protocol
![Page 14: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/14.jpg)
14ECE Department
Proposed Solution
• Simulation algorithm for PUF block can be made public
• Trusted authority can obtain response after authentication is initiated
- Eliminates cumbersome “enrollment” process
- Similar in properties to SIMPL systems [3]
• Trusted Authority’s database can be built dynamically
Sample Trusted Authority’s database
[3] U. Ru hrmair, “Simpl systems, or: can we design cryptographic hardware without secret key information?” in Proceedings of the 37th international conference on Current trends in theory and practice of computer science, ser. SOFSEM’11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 26– 45
![Page 15: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/15.jpg)
15ECE Department
Outline
Introduction
Problem Statement
Proposed Solution
Results
Conclusion
![Page 16: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/16.jpg)
16ECE Department
Results
• Uniqueness is one of the major performance metrics of a PUF
- Computed by analyzing hamming distance (HD) distribution
- Monte-carlo simulations were run to capture process variations
• Mean Hamming distance = 16 (50% uniqueness)
![Page 17: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/17.jpg)
17ECE Department
Results
Sensitivity to various session passwords
•Around 100 random session passwords were chosen for the experiment
•LFSR rounds was set to 50,000
- Different number of rounds can be set in runtime
•Mean uniqueness of 41%
![Page 18: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/18.jpg)
18ECE Department
Results
• Sensitivity to Rpadded varying by 1 bit
- Analysis done by carefully picking challenge (Cuser) and session password
• PHAP produces an average of 42% output bit flips for 1 bit change in Rpadded
![Page 19: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/19.jpg)
19ECE Department
Results
• Sensitivity to Rpadded varying from 1 to 40 bits
- Analysis done by carefully picking challenge (Cuser) and session password
• PHAP produces an average of 38% output bit flips for 1 bit change in Rpadded
![Page 20: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/20.jpg)
20ECE Department
Results
• Simulation time vs. attack probability
- Attack probability of lower than 10-5 %, even after 250 rounds
• Authentication interrupted after tmax is elapsed
![Page 21: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/21.jpg)
21ECE Department
Outline
Introduction
Problem Statement
Proposed Solution
Results
Conclusion
![Page 22: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/22.jpg)
22ECE Department
Conclusion
• PUF based authentication protocol presented
• Authentication of both user and hardware
• Uniqueness of system is not compromised
• Future Work:
- Analysis of reliability under noise
- Machine learning vulnerabilities
![Page 23: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/23.jpg)
23ECE Department
References
[1] G. Edward Suh and Srinivas Devadas. Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th annual Design Automation Conference (DAC '07). ACM, New York, NY, USA
[2] Ulrich Rührmair, Frank Sehnke, Jan Sölter, Gideon Dror, Srinivas Devadas, and JürgenSchmidhuber. 2010. Modeling attacks on physical unclonable functions. In Proceedings of the 17th ACM conference on Computer and communications security (CCS '10). ACM, New York, NY, USA, 237-249.
[3] U. Ruhrmair, “Simpl systems, or: can we design cryptographic hardware without secret key information?” in Proceedings of the 37th international conference on Current trends in theory and practice of computer science, ser. SOFSEM’11. Berlin, Heidelberg: Springer-Verlag, 2011, pp. 26– 45.
[4] Leonid Bolotnyy and Gabriel Robins. 2007. Physically Unclonable Function-Based Security and Privacy in RFID Systems. In Proceedings of the Fifth IEEE International Conference on Pervasive Computing and Communications (PERCOM '07). IEEE Computer Society, Washington, DC, USA, 211-220.
[5] L. Lin, D. Holcomb, D. K. Krishnappa, P. Shabadi, and W. Burleson, “Low-power sub-threshold design of secure physical unclonable functions,” in Proceedings of the 16th ACM/IEEE international symposium on Low power electronics and design, ser. ISLPED ’10.
![Page 24: Password based Hardware Authentication using PUFs](https://reader036.fdocuments.in/reader036/viewer/2022062812/62b8fa9d0703304df92620b7/html5/thumbnails/24.jpg)
24ECE Department
Thank You