Professional Documents
Culture Documents
Vlsid 2015 Tutorial Iitkgp Seal
Vlsid 2015 Tutorial Iitkgp Seal
Education
Retail
IoT
Applications
IoTs can revolutionize quality of
Food Logistics life
Pharmaceuticals
Applications of IoT:
Indian Context
Sensor technologies can monitor
vulnerable environments and prevent or
limit natural disasters.
E-governance:
◦ Warehouse, management
Inventory control
◦ Port management
ETAs, ETDs
Ships, boats, containers, etc.
• 50 Billion Devices
to be connected by
2020!
• Devices need to
trust the owner and
also each other.
• Devices connected
through
heterogeneous
network, and are
resource
constrained.
8
Whom can you Trust?
What do we know about the device?
◦ Is it running the correct software?
◦ Is it genuine?
We need to guarantee:
◦ Integrity
◦ Privacy
◦ Quality
IoT endpoints operate under resource
constraints:
◦ CPU
◦ Memory
◦ Energy
◦ Communications
Trust is a major enabler
Traditional Security features do not for IoT
scale down!
◦ The Trusted Computing Base (TCB) must be as
small as possible!
Are there more optimal solutions for the
hardware root of trust?
PUF in the context of IoT
Response3
Challenge
Response1
Response2
11
An Example with a simple SR-Latch
in
◦ y=0, y’=1
12
From Theory to Practice
FPGAs are ideal for security implementations
◦ In-house and high-performance
◦ Programmability is an added feature
◦ But careful implementation is needed.
Q
The non-determinism and
hence the randomness is
gone!
13
Another Attempt
module SR(in, Q, Qbar
);
input in; Qbar
in OR
output Q, Qbar;
(* KEEP = "TRUE" *) wire w1, w2; w1
nand N1(Q, ~in, w1);
nand N2(Qbar, ~in, w2); w2
assign w1 = Qbar;
assign w2 = Q; Q
endmodule OR
Difference in
routing delays of (x6,y6) (x7,y7) (x8,y8) (x9,y9) (x10,y10)
the feedback path
◦ a Latch cell will give
(x11,y11) (x12,y12) (x13,y13) (x14,y14) (x15,y15)
either 0 or 1 as
output.
◦ Depends on the (x16,y16) (x17,y17) (x18,y18) (x19,y19) (x20,y20)
ICISS 2011
15
Advantage PUF!!
Authentic
Untrusted ??? Is this the
Device A
Supply Chain / authentic
PUF PUF Device A?
Environments
Challenge Response
Challenge Response
1001010 010101
1011000 101101 =?
0111001 000110
Database for Device A IC rejected if Response’ does not
match the enrolled Response 17
An IoT Test-Bed
Typically comprise of
sensor nodes, micro-
processors, embedded
processors, network
gateways, and finally
the cloud.
19
Threats from Side Channel Attacks
Data output
00111…
Power supply
Power
consumption
Secret
information 0 0 1 1 1
Lightweight PUFs and PUF Composition
Layers of PUF
I O
N U
P T
U P
Challenge
T U
Response
T
L Combiners
A L
Y A
E Y
R E
R
ML Attacker
Side
Channel
Attacker
21
A Side Channel and Machine
Learning Resistant Ideal
PUF Composition.
Reference: Composite PUF: A new design paradigm for Physically
Unclonable Functions on FPGA. IEEE HOST 2014: 50-55
iPUF design proposal is selected as finalist in “CyberSEED
Hardware Challenge”, 2014 (http://www.csi.uconn.edu/cybersecurity-
week)
Security Analysis for the
IoT Testbed
Secured Implementation
of ciphers
PUFs/IC s
for ciphers
leaked
Information
PUFs
Mallory
Outline
Part-I: PUF Fundamentals
PUF Fundamentals
Applications of PUF
Part-II: Lightweight PUF Design
Approach 1: Lightweight PUF Primitives
Approach 2: Combining PUF Primitives and Crypto
Primitives
Approach 3: Combining PUF Primitives
Part-III: Attacks and iPUF Design
Machine Learning based Modeling Attacks
Side Channel based Modeling Attacks
Cryptanalysis
iPUF: secure and lightweight PUF
Part-IV: Authentication Protocols
Reverse Fuzzy Extractor Protocol
Slender PUF Protocols 24
Part I:
PUF Fundamentals
25
Physically Unclonable Function (PUF)?
Fingerprint of Devices
26
PUF Properties
Evaluatable: given PUF and x, it is easy to evaluate y = PUF(x).
Uniqueness Reliability
r1 r2 r3 r1 r2 r3
Devices Time
C C
28
PUF Examples: Optical PUF
Optical PUF was proposed by Pappu et al. with the
original name “Physical One-Way Functions
(POWFs)”
29
Silicon PUFs
We are interested in PUF circuits, i.e. Silicon PUFs
FPGA 1 FPGA 2
FPGA 3 FPGA 4
33
Why are PUFs Important?
34
PUF in Use: Low-cost HW
Authentication
Protect against IC/FPGA substitution and counterfeits
without using cryptographic operations
Challenge Response
1001010 010101
1011000 101101 =?
0111001 000110
Database for Device A
35
PUF in Use: Private/Public Key
Pair Generation
Private key
Seed
Key Public key
ECC + PUF
Generation
36
PUF in Use: PUF based Pseudo
Random Function
38
Classification of PUF (1/3)
Based on entropy source:
39
Classification of PUF (2/3)
Based on embedding device Physics:
Optical PUF
Coating PUF
Silicon PUF
Magnetic PUF
Metal Based PUF
Acoustic PUF
40
Classification of PUF (3/3)
Based on security of challenge-response behavior:
Strong PUF
It must have a very large challenge set,
since otherwise the adversary can simply
query all challenges and no unknown
challenges are, and
it is infeasible to built an accurate model of
the PUF based on observed challenge-
response pairs (CRPs), or in other words
the PUF is unpredictable.
Weak PUF
It has small challenge-response set or
Easy to build an accurate model based on
observed CRPs.
41
PUF Taxonomy
Lightweight PUFs are composed of different
types of PUF building blocks
42
PUF Primitive 1: Arbiter PUF
(APUF)
47
Approach 2: Combination of Crypto
Primitives and Insecure PUFs (Contd.)
48
Approach 3: Combination of PUFs
k-XOR PUF [Lee 2005]
N-bit challenges, 1-bit response
k Arbiter PUFs
49
Design 3: Combination of PUFs
(Contd.)
Composite PUF [Sahoo et al. 2014]
Multiple levels of PUF primitives are used
N-bit challenges, 1-bit response
50
Part-III: Security Analysis,
secure and lightweight PUF-
iPUF
51
Security Evaluation of PUF
Unclonability:
- Cannot be achieved using traditional cryptographic techniques
- Two types of unclonability:
- Physical unclonability
- A PUF is physically unclonable if a physical copy of the
PUF with similar challenge/response behaviour cannot
be made, even by the manufacturer (existential
unclonabiliy).
- Mathematical unclonability
- it is not possible to construct a mathematical
approximator which can predict the response
to an arbitrary challenge applied to a given PUF instance,
with a large probability of success
Unpredictability:
- Adversary can’t predict response of a new challenge form a
known set of CRPs
PUF Attack Overview
Clone PUF
Mathematical Physical
Clone Clone
Replay Attack:
Eavesdropping CRPs and play them back
55
Linear Delay Model of Arbiter PUF
[D. Lim, M.S. Thesis, MIT, 2002]
1 Ci 1 1 Ci 1
d top (i 1) ( pi 1 d top (i )) ( si 1 d bottom(i ))
2 2
1 Ci 1 1 Ci 1
d bottom(i 1) (qi 1 d top (i )) (ri 1 d bottom(i ))
2 2
where Ci {1,1} denotes the challenge bit of the i-th stage
Linear Delay Model of Arbiter PUF
(contd.)
61
Side Channel Analysis (contd.)
Example
62
Side Channel Based Modeling Attack-
Attack on LSPUF
The attack is based on power analysis and
machine learning based modeling attack
The Lightweight Secure PUF is a study case
63
Attack on LSPUF (contd.)
The attack is based on power analysis and
machine learning based modeling attack
The Lightweight Secure PUF is a study case
64
Attack on LSPUF (contd.)
Power consumption is maximum
65
Attack on LSPUF (contd.)
Power consumption is maximum
66
Attack on LSPUF (contd.)
Power consumption is maximum
67
Attack on LSPUF (contd.)
Power consumption is minimum
68
Attack on LSPUF (contd.)
Power consumption is not minimum or maximum
69
Attack on LSPUF (contd.)
Power consumption is not minimum or maximum
70
Side Channel Based Modeling Attack-
Attack on LSPUF (contd.)
Power consumption which is not minimum or
maximum is not useful
Power consumption which is maximum and
minimum is useful because the intermediate values
(r0,r1,r2,r3,r4,r5) are exposed via the power traces,
i.e., all 1’s or 0’s
The adversary collects the set of challenges of
which the power consumption is maximum or
minimum
For each APUFi a set of CRPs (Ci,ri) is collected, i.e.
(Ci,1) (max) or (Ci,0) (min). A model of each APUFi
can be built by using the machine learning model
attack
LSPUF is not secure against SCA-based ML
71
Side Channel Based Modeling Attack-
Attack on k-XOR PUF
The SCA-based ML does not work for k-XOR PUF
All APUFi have the same set (C,0) or (C,1). Thus all
the models are the same. This fact contradicts that
all APUFi are different
72
Cryptanalysis
Methodology
Analyzing the structure to find the flaw. After that,
applying some algorithms to develop an algorithm to
predict the response of a given challenge in efficient
way
Cryptanalysis-based Modeling Attack on LSPUF
Cryptanalysis of Composite PUF
73
Cryptanalysis: LSPUF
Security notion: no algorithm predicting the response
(R0,R1,…, R3) with accuracy larger than 2-4
74
Cryptanalysis: LSPUF (contd.)
Fact 1: APUF can be modeled if a set of CRPs is
provided
75
Cryptanalysis: LSPUF (contd.)
Fact 2: k-XOR PUF is secure against modeling
attack (ML) if k > 6
76
Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw
77
Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw
78
Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw. The number
of APUFs in Vi is only 2. Vi is known because Ri
and Ri+1 is known
79
Cryptanalysis: LSPUF (contd.)
Flaw: The output network has a flaw. The number
of APUFs in Vi is only 2. Vi is known because Ri
and Ri+1 is known
80
Cryptanalysis: LSPUF (contd.)
Attack Steps:
1.From R0, R1, …, R(n-1) we can construct V0, V1,
…, V(n-2)
2.All Vi depends on only two rj and rk. So, we can
model all (n-1) Vi by using ML
3.We need to make a guess on bit R0 and then
combine that guess with all V0, …, V(n-2) to solve
all response bits R1,..,R(n-1)
4.The accuracy of the attack is 1/2 instead of 2-m
81
Cryptanalysis: Composite PUF
Security notion: no algorithm predicting the
response R with accuracy larger than 1/2
82
Cryptanalysis: Composite PUF
(contd.)
1.The challenge space C is divided into 16
classes: CL0, …., CL15
2.All the challenges in the same class has
the same response. CL0 => R0, …,
CL15=>R15
3.Algorithms to build those classes and
their corresponding responses
4. Algorithm to define the corresponding
class for a given challenge C
83
Cryptanalysis: Composite PUF
(contd.)
84
Cryptanalysis: Composite PUF
(contd.)
1: How to define
a class?
85
Cryptanalysis: Composite PUF
(contd.)
1: How to define
a class?
2: How to
define the
number of
classes?
86
Cryptanalysis: Composite PUF
(contd.)
1: How to define
a class?
3: How to
determine
the class 2: How to
where c define the
belongs to number of
? classes?
87
Cryptanalysis: Composite PUF
(contd.)
1: How to define
a class?
3: How to
determine
4: How to 2: How to
the class
determine define the
where c
R0? number of
belongs to
? classes?
88
Cryptanalysis: Define a class
89
Cryptanalysis: Defining a Class
Equal
90
Cryptanalysis: Defining a Class
We define a class based on the output of Level 1 or the
input of Level 2
Equal Equal
91
Cryptanalysis: Number of Classes
92
Cryptanalysis: Assumptions
Assumption 1: For each space of sub-challenge Ci, we can divide it
into two subsets S(i,0) and S(i,1) according to the output of PUFi – ri. If
two Ci and Ci’ belong same S(i,0) or S(i,1) then PUFi(Ci)=PUFi(Ci’)
Assumption 2:, we can construct all S(i,0)s and S(i,1)s then we have 8
sets, i.e.,
1. S(0,0), S(0,1)
2. S(1,0), S(1,1)
3. S(2,0), S(2,1)
4. S(3,0), S(3,1)
Let i=(i0,i1,i2,i3) then we can define the class CLi , i=0,..,15, is the sets
of all challenge C=(C0,C1,C2,C3) such that
1. C0 in S(0,i0)
2. C1 in S(1,i1)
3. C2 in S(2,i2)
4. C3 in S(3,i3)
93
Cryptanalysis: Assumptions
94
Cryptanalysis: Assumptions (contd.)
Assumption 3: all S(i,0)s and S(i,1)s are constructed, i.e., S(0,0), S(0,1),
S(1,0), S(1,1), S(2,0), S(2,1), S(3,0), S(3,1) and all 16 classes
CL0, CL1,…, CL15 are defined based on those sets already.
Class determination: now, for a given challenge C=(C0,C1,C2,C3) we
can determine the class CLi where C belongs as follows:
1. C0 in S(0,0) or S(0,1) => i0
2. C1 in S(1,0) or S(1,1) => i1
3. C2 in S(2,0) or S(2,1) => i2
4. C3 in S(3,0) or S(3,0) => i3
Then i=(i0,i1,i2,i3) is the class index.
95
Cryptanalysis: Assumptions (contd.)
Assumption 3: all S(i,0)s and S(i,1)s are constructed, i.e., S(0,0),
S(0,1) , S(1,0), S(1,1), S(2,0), S(2,1), S(3,0), S(3,1) and all 16 classes
CL0, CL1,…, CL15 are defined based on those sets already.
Determination of response Ri of a class CLi : since all S(i,0) and S(i,1)
are given and i=(i0,i1,i2,i3), Ci=(C0, C1, C2, C3) where
1. Take one C0 in S(0,i0)
2. Take one C1 in S(1,i1)
3. Take one C2 in S(2,i2)
4. Take one C3 in S(3,i3)
Response Ri of CLi is :=PUF(Ci).
96
Cryptanalysis: S(0,0) and S(0,1)
We show an algorithm to construct the sets
S(0,0) and S(0,1) for PUF0 first
Then all the remaining sets can be
constructed in a similar way
Definition of S(0,0) (or S(0,1)): this is the set
of all sub challenge C0s such that the outputs
of PUF0 are the same
97
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
98
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
Equal
99
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
100
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
Not Equal
101
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
102
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
• If C and C’ belong to same set, S(0,0), then
their response Pr(R=R’)=1
• If C and C’ belong to different sets, then
their response Pr(R=R’)= 1/2
• We fix C0 and C0’, try K different values
(C1, C2, C3):
1. If C and C’ belong to same set, then
Pr(R=R’) =1
2. If C and C’ belong to different sets, then
Pr(R=R’) =1/2^K
Thus if K is big, we can determine whether C
and C’ belong to the same or not with very
high accuracy. This fact means that the
sets S(0,0) and S(0,1) can be constructed
by observing the response R.
103
Cryptanalysis: S(0,0) and S(0,1)
(contd.)
• If C and C’ belong to same set, S(0,0), then
their response Pr(R=R’)=1
• If C and C’ belong to different sets, then
their response Pr(R=R’)= 1/2
• We fix C0 and C0’, try K different values
(C1, C2, C3):
1. If C and C’ belong to same set, then
Pr(R=R’) =1
2. If C and C’ belong to different sets, then
When all S(i,0), S(i,1) are Pr(R=R’) =1/2K
constructed, then all Thus if K is big, we can determine whether C
classes CLi are defined and C’ belong to the same or not with very
and their corresponding high accuracy. This fact means that the
Ri can be determined sets S(0,0) and S(0,1) can be constructed
by observing the response R
Finally, a response of a
given challenge C can be
predicted with 100%
accuracy 104
Summary for Lightweight PUFs
105
iPUF: secure and lightweight PUF
106
iPUF: PUF qualities
107
iPUF: security analysis and design
features
108
Part IV:
PUF-based Authentication
Protocols
109
Protocols
110
Authentication Protocol
111
Naïve Authentication
112
Naïve Authentication
Limitations:
1. The bare CRPs are used.
2. If adversary can collect the CRPs,
then she can imitate a legal client.
113
Reverse Fuzzy Extractor Protocol
114
Reverse Fuzzy Extractor Protocol
(contd.)
115
Slender PUF Protocol
116
Slender PUF Protocol (contd.)
117
Slender PUF Protocol
New contribution:
Instead of storing CRPs, we use a WEAK PUF
which we can model. However, the security of this
protocol is still not clear.
118
References
Daihyun Lim. Extracting Secret Keys from Integrated Circuits. Master's
thesis,MIT, USA, 2004
Ahmed Mahmoud, Ulrich Ruhrmair, Mehrdad Majzoobi, and Farinaz
Koushanfar. Combined Modeling and Side Channel Attacks on Strong
PUFs. IACR Cryptology ePrint Archive, 2013:632, 2013.
Mehrdad Majzoobi, Farinaz Koushanfar, and Miodrag Potkonjak.
Lightweight secure PUFs. In Proc. of the 2008 IEEE/ACM International
Conference on Computer-Aided Design(ICCAD), pages 670{673,
Piscataway, NJ, USA, 2008. IEEE Press
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power analysis
attacks revealing the secrets of smart cards. Springer, 2007.
Durga Prasad Sahoo, Phuong Ha Nguyen, Debdeep Mukhopadhyay,
and Rajat Subhra Chakraborty. A Case of Lighweight PUF
Constructions: Cryptanalysis and Machine Learning Attacks. 2014.
under submission.
Durga Prasad Sahoo, Sayandeep Saha, Debdeep Mukhopadhyay,
Rajat Subhra Chakraborty, and Hitesh Kapoor. Composite PUF: A New
Design Paradigm for Physically Unclonable Functions on FPGA. In
IEEE International Symposium on Hardware-Oriented Security and
119
Trust (HOST), 2014.
References (contd.)
Ulrich Ruhrmair, Frank Sehnke, Jan Solter, Gideon Dror, Srinivas
Devadas, and Jurgen Schmidhuber. Modeling attacks on physical
unclonable functions. In Proc. of 17th ACM conference on Computer
and communications security(CCS), pages 237{249, New York, NY,
USA, 2010. ACM.
A. Herrewege, S. Katzenbeisser, R. Maes, R. Peeters, A.-R.Sadeghi, I.
Verbauwhede, and C. Wachsmann. Reverse fuzzy extractors: Enabling
lightweight mutual authentication for pufenabled rfids. In Financial
Cryptography and Data Security, volume 7397 of Lecture Notes in
Computer Science, pages 374–389. Springer Berlin Heidelberg, 2012..
M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas.
Slender puf protocol: A lightweight, robust, and secure authentication by
substring matching. In Security and Privacy Workshops (SPW), 2012
IEEE Symposium on, pages 33–44, May 2012.
Blaise Gassend, Dwaine Clarke, Marten van Dijk, and Srinivas
Devadas. Controlled Physical Random Functions. In Proc. of 18th
Annual Computer Security Applications Conference( ACSAC ), page
149, Washington, DC, USA, 2002. IEEE Computer Society.
120
Part V:
Demonstration – Arbiter PUF
on Xilinx Artix-7 FPGA
121
PUF Lab Setup
122
Arbiter PUF
FPGA
controls challenge
128-bit PicoBlaze
challenge PC
Arbiter Microcontroller response
PUF response
124
Switch Design
switch_2to2 (inT, inB, cT,cB, outT, outB);
(*LOCK_PINS = "all"*)
mux_21 MUXT(
.ins({inB,inT}),
.ctrls(cT),
.out(outT)
);
(*LOCK_PINS = "all"*)
mux_21 MUXB(
.ins({inT,inB}),
.ctrls(cB),
.out(outB)
);
endmodule 125
Parallel Paths
module switchChain #( parameter nStage = 16)( inT, inB, cT, cB, outT, outB );
input inT,inB;
input [nStage-1:0] cT, cB;
output outT, outB;
126
Arbiter
module arbiter (clk,din,dout);
input clk;
input din;
output reg dout;
endmodule
D 1
clk
D 0
clk
Arbiter Operation
127
APUF Design
module apufClassic #(parameter nStage = 128)( clk, tigSignal, c,respReady,respBit);
input clk, tigSignal;
input [nStage-1:0] c; // Challenge for upper and lower paths
output respReady, respBit;
wire pathT;
wire pathB;
reg tigReg;
// Chain of switches
(*KEEP_HIERARCHY = "TRUE"*)
switchChain #(.nStage(nStage) ) SWITCH_CHAIN(
.inT(tigReg),
.inB(tigReg),
.cT(c),
.cB(c),
.outT(pathT), // to arbiter
.outB(pathB) // to arbiter
);
// Arbiter
arbiter A(
.din(pathT),
.clk(pathB),
.dout(respBit)
);
endmodule 128
Ideal Arbiter PUF
129
Placement of 128-bit APUF
INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXU/Mmux_out11" BEL = A6LUT;
INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXL/Mmux_out11" BEL = B6LUT;
INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXU/Mmux_out11" LOC = SLICE_X2Y2;
INST "APUF/SWITCH_CHAIN/STAGE[0].SW/MUXL/Mmux_out11" LOC = SLICE_X2Y2;
130
Quality Metrics
Uniqueness Reliability
r1 r2 r3 r1 r2 r3
Devices Time
C C
131
Thank You for Your Attention!
132