ebook img

Exploiting PUF Models for Error Free Response Generation PDF

0.26 MB·
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Exploiting PUF Models for Error Free Response Generation

Exploiting PUF Models for Error Free Response Generation Yansong Gao†‡, Hua Ma†, Gefei Li†, Shaza Zeitouni§, Said F. Al-Sarawi‡, Derek Abbott‡, Ahmad-Reza Sadeghi§ and Damith C. Ranasinghe† ‡School of Electrical and Electronic Engineering, The University of Adelaide, SA 5005, Australia {yansong.gao, said.alsarawi, derek.abbott}@adelaide.edu.au †Auto-ID Labs, School of Computer Science, The University of Adelaide, SA 5005, Australia {mary.ma, gefei.li, damith.ranasinghe}@adelaide.edu.au 7 1 §System Security Lab, Technische Universitat Darmstadt, Darmstadt 64289, Germany 0 [email protected];[email protected] 2 n a Abstract—Physical unclonable functions (PUF) extract secrets StabilizingPUFresponseisusuallylefttotheon-chiperror J from randomness inherent in manufacturing processes. PUFs correcting logic assisted by the associated priori computed 8 are utilized for basic cryptographic tasks such as authentication helper data as illustrated in Fig. 1. Such a scheme maybe 2 and key generation, and more recently, to realize key exchange adequate for a single or a small number of key extractions and bit commitment requiring a large number of error free ] responses from a strong PUF. We propose an approach to elim- suchasfromSRAMPUFs[7],butbecomesalimitationwhen R inate the need to implement expensive on-chip error correction a large number of keys are necessary. We propose exploiting C logic implementation and the associated helper data storage PUF models, originally used attack PUFs by creating PUF to reconcile naturally noisy PUF responses. In particular, we . functional copies [8], to enable the determination of a ran- s exploitastatisticalmodelofanArbiterPUF(APUF)constructed domlyselectedchallengetogenerateerror-freeresponseunder c under the nominal operating condition during the challenge [ responseenrollmentphasebyatrustedpartytojudiciouslyselect all operating conditions in the absence of the APUF. The challenges that yield error-free responseseven across a wideop- developed approach is able to: i) eschew expensive error cor- 1 v erating conditions, specifically, a ±20% supplyvoltage variation rectionlogiconPUFembeddedsecuritymodules;ii)overcome 1 and a 40◦C temperature variation. We validate our approach the burden of exhaustive characterization of huge number of using measurements from two APUF datasets. Experimental 4 CRPs, especially when large number of keys extracted from results indicate that large number of error-free responses can 2 be generated on demand under worst-case when PUF response strongPUFsarenecessary;iii)eliminatecomputationofhelper 8 error rate is up to 16.68%. data and subsequent on-chip storage or off-chip storage and 0 Index Terms—Error free response, PUF, Modeling building transfer. We summarize our contributions below: . 1 0 I. INTRODUCTION a) We exploitstatistical delaymodelsofAPUFs to evaluate 7 1 Physicalunclonablefunctions(PUFs)arelow-costhardware the response reliability of a random challenge to select : security primitives and can be seamlessly integrated with challenges that generate error-free responses under all v devices during the design and fabrication processes [1], [2], operating conditions. i X [3], to act as trust anchors. The PUF, in essence, extracts b) We have validated our approach based on two APUF r secretsfromtheinevitableprocessvariations.Hence,inreality, datasets.First,webuildsyntheticAPUFsusingreal-world a identicalPUFinstancescannotbeforged,notevenbythesame RO-PUF[6]frequencymeasurementstoacquirearbitrary manufacturer. There exists a number of PUF structures [4], number of CRPs for performing extensive evaluations. [5], [6], [7]. Among them, time-delay based PUFs [5], [1], Second, we use 64,000 CRPs collected across eight in particular, the Arbiter PUF (APUF) and its variants such APUFs implemented on eight FPGAs. Our results show as XOR-APUFs, is one of popular silicon PUF construction that no erroneousbits occur when selected responses are considering its compact structure and the large challenge- re-evaluatedacrossa wide rangeof operatingconditions. responsepair(CRP) spacecharacterizingofastrongPUF[8]. In addition, the selected challenges still exhibit the ran- Prominent PUF applications include authentication and domness characteristic expected from the corresponding cryptographic key generation [1]. In recent years, use of responses. PUFs in more advanced cryptographic protocols such as key c) We show that our error-free response generation method exchange, oblivious transfer, bit commitment and muti-party is ’cost-free’ to the PUF integrated device without any computation[9],[10],whereastrongPUFisalwaysrequired, area or power overhead. Building a model takes less has been investigated. Although authentication is able to thanfifteen secondsincludingcollectinga small number, tolerate the noisy PUF responses, key generation applications 10,000,ofCRPsandthesubsequentdelay-timestatistical and key exchange, especially recent advanced cryptographic characterization of each delay segment at each stage of protocols [9], require large number of error free responses. anAPUF,whilethereliablechallengeselectionusingthe c1 c2 ck t top 1 3 er 2 4 tbottomArbit response Fig. 2. Structure of an arbiter PUF (APUF). Signal propagation delays of thetoppathttop andthebottompathtbottom inthearbiterinputdetermines Fig.1. Generalized ECCbasedPUFkeygeneration scheme. theresponsebits. model can be performed on demand. that is able to accurately estimate the internal delay times Next section introduces related work. Section III describes of the APUF to eschew physically characterizations. In [14], the approach to build an accurate statistical delay model the authorsemploythis adaptivecharacterizationto realize an of an APUF, and subsequently describes an algorithm to impersonationof an APUF froma physicalmeansrather than filter challenges that produce highly reliable response bits. a software means. During the key extraction phase, filtered Section IV validates the proposed approach based on two reliable challenges are issued by the server and applied to APUF datasets. Section V concludes this paper. the PUF to obtain reliable response bits that can be directly utilizedtoderivekeyswithouterrorcorrection.Next,wedetail II. RELATEDWORK the principles of generating error free responses when wire Reconciling PUF response errors is usually carried out by delay times for all stages of the APUF are estimated. employingerrorcorrectioncodes(ECC).ThustheECCbased A. Arbiter PUF generalizedPUFkeygenerationshavetwophasesasillustrated in Fig. 1: (1) The key enrollment phase computes helper data As depicted in Fig. 2, an APUF consists of k stages thatwillbeusedin(2)thekeyregenerationphasetoreconcile of two 2-input multiplexers, or any other unit forming two errorsofthereproducedresponseandretrievetheenrolledkey. theoreticallysymmetrical,butpracticallyasymmetrical,signal This scheme is efficient to guarantee a small number of pathsdueto inherentrandomnessin thefabricationprocesses. error-free responses to derive a single cryptographic key To generate a response bit, an active pulse is fed as an input such as from a SRAM PUF [7], but it becomes expensive to the first stage, while the selection bit of ci, i ∈ {1,...,k} when multiple number of keys are necessary to realize: i) determines the signal path to the next stage. For example, if revocation of keys; ii) session key exchange; iii) controlled ci = 1, two signals propagate from 1 to 3 and from 2 to 4, PUF constructions [4], [11]. These applications all prefer respectively,inotherwords,thesetwosignalspassthroughthe employingastrongPUFthatisabletoprovidealargenumber i-thstageoftheAPUFwithoutcrossing.Conversely,ifci =0, of error-free responses. Notably, the associated helper data theypropagatefrom1to4andfrom2to3concurrently,these leaks information that may be exploited to attack PUFs [12]. two paths are referredto as cross paths. We refer to the delay There is a concurrent but independent investigation of time from 1 to 3 of i stage as ti , and the corresponding th 13 selecting reliable responses of delay-based PUFs [13] using delays through the others as ti ,ti , and ti . At the circuit 14 23 24 simulated data, where the effect of explicit PUF operational level, each stage of the APUF can be implemented by a conditions, such as operating voltage and temperature, on multiplexer.Attheendofthecascadedmultiplexers,anarbiter, the selection strategy remains to be investigated. Based on whichcanbe implementedbya latch,determineswhetherthe measureddata,weextensivelyevaluateourerror-freeresponse top or bottom signal arrives first and hence results in a logic generation approach across a wide range of operating condi- ‘0’ or ‘1’, accordingly, to yield a 1-bit response. tions. B. Response Reliability III. ERROR FREE RESPONSE SELECTION Morespecifically,thedelaytimedifferencet betweenthe dif We assume that a trusted party—the server—has one-time delaytimeofthetoppatht andthedelaytimeofthebottom top access to the underlying APUFs acting as a PUF building patht determinestheresponsebit(output)atthearbiter bottom block within the controlled PUF or PUF embedded crypto- and also its reliability, as depicted in Fig. 3. For a randomly graphic key generators. The PUF building block can also be chosen challenge, if the corresponding delay time difference XOR-APUFs rather than basic APUFs. The server securely t > 0, then a response of ‘0’ is produced, and vice versa. dif storesthederivedstatisticalmodelofeachAPUFanddestroys Further, if |t | ≤ |∆t|, ∆t being a delay discrimination dif theone-timeaccess,eg.,fusingone-timeprogrammablewires. threshold,thedelaytimedifferencet fallsintotheunreliable dif The challenge response interface can be protected. For exam- regionasillustratedinFig.3;thenthecorrespondingresponse ple, in a controlled PUF construction, it is achieved in a way bit has a high probability of being nondeterministic during of g(x) = h (h (x),f(h (x))), where h is a hash function, repeated regeneration attempts, especially under varying en- 2 1 1 x is the input, and f(·) is the PUF. vironmental conditions. Conversely, if |t | > |∆t| , then a dif Weemployadelaytimeadaptivecharacterizationtechnique highlyreliableresponsebitcanbeexpected.Further,if|∆t|is following [14] to build up a statistical model of an APUF far awayfromzero, we can expectthata responsebitwithout unreliableregion C. Modeling an APUF y bilit The goal of a statistical model is to accurately characterize oba individual delay times of ti13,ti14,ti23, and ti24. More specif- pr ically, if the probability of ti > ti , P(ti > ti ), and 13 24 13 24 probability of ti > ti , P(ti > ti ), can be estimated -(cid:1)t0 (cid:1)t tdif precisely, then P1(4ti >2t3i ) and14P(ti 2>3 ti ) can be used to (a) 13 24 14 23 bility 100% ire-tphlasctaegteheodfealnayAtPimUeF.dIifnfeortehnecrewoofrtdi1s3,−wtei24naeneddttoi14s−tatti2is3tiactatlhlye a eli estimatethe followingfourprobabilitiesin (1) aftercollecting r 50% a number of CRPs. t (b) dif i i i P =P(t is longer than t at i-th stage) Fig. 3. (a) Delay time difference tdif distribution, where tdif = ttop − 1i3 i13 i24 tbottom, ttop and tbottom are the signal propagation delay times of the P24 =P(t24 is longer than t13 at i-th stage) (1) input signal at the top path and the bottom path respectively. (b) Response i i i bitreliability determined bytdif toagivenchallenge. P14 =P(t14 is longer than t23 at i-th stage) i i i P =P(t is longer than t at i-th stage) 23 23 14 Given the probabilistic formula of delays, there exists two errorwillbegenerated.Thisreliesonthefactthatresponsesto relationsPi +Pi =1andPi +Pi =1fori∈{1,2,...,k}. 13 24 14 23 those challenges resulting in a large |tdif| are able to tolerate ThePi ,Pi ,Pi ,Pi forallstagesareestimatedbasedon a greater degree of environmental variations, eg., fluctuation 13 24 14 23 anadaptivecharacterizationtechnique.We referreaderstoXu of supply voltage, and temperature, as further depicted in et.al’sworkfordetailed implementations[14]. Consequently, Fig. 4. For example, considering that the ttop and tbottom a statistical delay model of an APUF is obtained when Pi , have different simplified linear temperature co-efficients. A Pi , Pi , Pi for all stages are estimated. As there is a line1a3r larget guaranteesnointersectionbetweent andt , 24 14 23 dif top bottom relationbetweenthedelaytime,eg.,t ,anditscorresponding 12 whileanintersectioneventuallyresultsinaflippedresponse— probability, eg., P [14], we can use the corresponding 12 erroneous response when the temperature deviates. Similar probability to replace the delay time and consequently to observation has shown in [1], where a pair of ring oscillators predict responses and concurrently their reliability for unseen (ROs)exhibitingalargefrequencydifferenceensuresareliable challenges according to t that is the summation of delay dif response bits regenerated from a ROPUF. difference for all stages. tdif tttop tdif=ttop-tbottom D. Determining Reliable Challenges bottom delay delay t onFceilttehreinsgtarteisltiiacballemreosdpeolnisseobbittsaiinsesdtr,aaingdhtiftoirswaarodnaen-tdimsiemtpalsek, dif done during the enrollment phase by the server—the trusted authority. Most importantly, it costs no extra area and power T T T T T T min nom max min nom max overheadtothePUFintegrateddevice,whileitalsoavoidsthe (a) (b) overheadrelated to the ECC and helper data during both, key enrollment and regeneration phases. The challenge filtering Fig. 4. Delay time as a function of the temperature. (a) Challenge always procedure is described in the Algorithm. 1. reproduces the response with 100% reliability within the temperature range fromTmin toTmax.(b)Challenge results inanunreliable responsebit. Algorithm 1 Filtering challenges that generate reliable re- sponses based on the statistical models of APUFs If ti ,ti ,ti , and ti can be accurately measured, then it 13 14 23 24 1: procedure selection (a randomly chosen challenge C, PUF is easy to determine challenges capable of generating highly model f(·), ∆t) reliable response bits by evaluating |tdif|. Concurrently, the 2: tdif ←f(C) response bit value, being ‘0’ or ‘1’, can also be judiciously 3: if tdif <−∆t then determined. Physical measurement of each delay segment is 4: response ← 0; select C; 5: return hard, if not impossible, in practice. It may require probing the die which may damage the circuit or alter the delay, or 67:: elsereifsptodnifse>←∆t1;thseelnect C; other on-chip complicated peripheral circuits that are always 8: return unavailable for resource-constraint devices [15]. Next, we 9: else introduce a method following [14] for obtaining a statistical 10: discard C; 11: return modelto capturedelay times of internalwires for all k stages of an APUF. IV. EXPERIMENTALVALIDATIONS 15 15 APUF1 In this section, we empirically evaluate the reliable chal- APUF2 %)10 %)10 APUF3 lenge selection method employing two datasets: i) we build ( ( APUF4 up synthetic APUFs using ROPUFs [16] frequency measure- R R APUF5 E E ments, by this means, we are able to obtain almost arbitrary B 5 B 5 number of CRPs for extensively testings; ii) we use the CRP data collected across eight APUFs implemented on eight FP- 0.961.08 1.2 1.321.44 25 35 45 55 65 GAs [17], the total numberof CRPs in this dataset is 64,000, voltage (V) temperature (°C) which is the main reason that we consider the synthesized Fig.5. Biterrorrate(BER)underdifferentsupplyvoltageandtemperature APUFsfirsttoobtainarbitrarynumberofCRPsdueto64,000 settings. Results are in well agreement with other experimentally reported CRPs insufficient for some tests. For example, by using the results[21],[22]. first dataset, we test up to 50 million reliable challenges, all yieldingerrorfreeresponses,filteredfrom830millionrandom challenges. This large number empirical tests is hard to be B. Results of Synthesized APUFs carried out based on the second dataset. We evaluate each APUF’s bit error rate (BER). The BER Building a statistical model of an APUF only requires is the probability that two PUF responses from two distinct collecting a number, 10,000, of CRPs under the nominal and random evaluations subject to the same randomly chosen condition rather than all operating conditions. Time of CRP challenge applied to the same PUF are different. In practice, collectioncostslessthanonesecondconsideringthatoneCRP a reference response took under the nominal condition is evaluation needs 50 ns for a 64-stage APUF [5]. The delay always used, while the regenerated response took under a characterization takes only less than fifteen seconds to obtain different operating condition is compared with the reference amodel,whereweuseMATLAB2012btoachievethemodel response [21]. In our tests, each response bit is evaluated building and the processor is an Intel [email protected] 100 times given the same challenge under the same operating CPU. condition. Results are shown in Fig. 5. The BER solely introduced by noise is around 2.2% when both voltage and A. Dataset Descriptions temperature are under the nominal condition, where the volt- There are five ROPUFs implemented across five Spartan3E age is 1.2 V and the temperature is 25◦C. We can see that S500 FPGAs boards in Virginia Tech’s public ROPUF data. supply voltage has predominant influence on the APUF BER Each FPGA implements one ROPUF that consists of 512 compared with the temperature. Further, the worst-case BER ring oscillators (ROs). Detailed implementation information of12.98%isobservedwhenthevoltagehasa−20%deviation is detailed in [18]. The dataset contains each RO’s frequency from the nominal condition. Although APUFs evaluated here measurements. Each RO’s frequency is measured 100 times are synthesized, the presented reliability performance is in under0.96V,1.08V,1.20V,1.32V,1.44V,respectively,ata good agreement with [21], [22]. fixed temperature of 25◦C to reflect supply voltage influence. In the following descriptions, for convenience, we refer to Similarly, each RO is also evaluated 100 times under 35◦C, a challenge that satisfies |t | > ∆t as a reliable challenge. dif 45◦C,55◦C,65◦C,respectively,withafixedsupplyvoltageof Concurrently, we refer to the response bit corresponding to a 1.20 V, to reflect influence from temperature changes. To use reliable challengeas a reliable response. The statistical model thesemeasurementsforsynthesizinganAPUF,weemploythe has 97% response accuracy prediction that is well agreed inverseoffrequenciesoffourROstoreplaceti ,ti ,ti ,ti in with[14].Afterreliablechallengesareselectedbyperforming 13 24 14 23 ordertoformtherealisticdelaytimebehaviorofthei-thstage the challenge filtering Algorithm 1, they are applied to the in the APUF. By this means, we are able to exploit existing same APUF when operating conditions are changed to any real time delay data to form a 64-stage synthesized APUF by setting within a wide range. The regenerated response bits using 256 ROs implemented in the same FPGA board. The are compared with the reference response bit evaluated at arbiter(performingdelaytimecomparison)functioniscarried the nominal condition. If they are same, this indicates that out off-chip by post-processing in MATLAB. Consequently, such a filtered challenge does have a very high tolerance to we obtain five synthesized APUFs. the environmental changes, which guarantees an error free The second CRP dataset are obtained from eight PDL response bit regenerated across a wide operating conditions. (programmabledelay line)APUFs; each has128stages. Each Otherwise, an error is marked and counted. We calculate the APUF is fed with 64000 challenges, therefore, 64000 CRPs error rate that is the percentage of counted errors out of the are collected [19], [20]. For each CRP, it is evaluated 128 numberofselectedreliablechallenges.Itisconvenienttorefer times the same operating condition. In total, nine operating the error rate under a specific ∆t setting as BER@∆t. We conditionsareconsidered:(5◦C,0.95V);(5◦C,1.00V);(5◦C, denote the BER@∆t as below. 1.05 V); (35◦C, 0.95 V); (35◦C, 1.00 V); (35◦C, 1.05 V); BER@∆t. TheBER@∆t is the probabilitythatthe reeval- (65◦C, 0.95 V); (65◦C, 1.05 V); (65◦C, 1.05 V). We treat uated response bit took under one random chosen operating (35◦C, 1.00 V) as the nominal condition. condition within a range is different from the reference re- TABLEI BER@∆t.SYNTHETICAPUFOPERATIONALRANGE:SUPPLY 100 VOLTAGE(1.08-1.32V),TEMPERATURE(25◦C-65◦C) %) 90 s ( 80 s APUF1 ANPUoF DBEefRau@lt B=(E∆0R.t@5) =B(E0∆R.7t@5) B=(E∆1R.t@0) =B(E1∆R.2t@5) B=(E∆1R.t@5) RP lo 6700 AAPPUUFF23 C APUF4 1 6.30% 0% 0% 0% 0% 0% 50 APUF5 2 6.43% 0.013% 0% 0% 0% 0% 34 66..2314%% 0.00.0020075%% 00%% 00%% 00%% 00%% 0.5 0.75 ∆1t 1.25 1.5 5 6.60% 0.01% 0.0008% 0% 0% 0% Fig.6. Illustration ofCRPlossinducedbythereliable challenge filtering. TABLEII BER@∆t.SYNTHETICAPUFOPERATIONALRANGE:SUPPLY TABLEIII VOLTAGE(0.96-1.44V),TEMPERATURE(25◦C-65◦C) BER@∆t.PDLAPUFOPERATIONALRANGE:SUPPLY VOLTAGE(0.95-1.05V),TEMPERATURE(5◦C-65◦C) BER@ BER@ BER@ BER@ BER@ APUF BER@ (∆t (∆t (∆t (∆t (∆t No Default =0.5) =0.75) =1.0) =1.25) =1.5) APUF BER@ B(E∆Rt@ B(E∆Rt@ B(E∆Rt@ B(E∆Rt@ B(E∆Rt@ 1 11.68% 0.91% 0.1338% 0.0041% 0% 0% No Default =0.5) =1.0) =1.5) =1.6) =1.7) 2 11.90% 0.18% 0.13% 0.0056% 0.0006% 0% 3 11.92% 1.44% 0.22% 0.0023% 0.001% 0% 1 10.57% 1.26% 0.095% 0% 0% 0% 4 12.97% 1.29% 0.18% 0.0115% 0% 0% 2 16.68% 8.05% 1.46% 0.039% 0% 0% 5 12.98% 1.76% 0.34% 0.05% 0.0008% 0% 3 8.59% 1.08% 0.037% 0% 0% 0% 4 8.62% 0.656% 0.013% 0% 0% 0% 5 11.52% 0.08% 0% 0% 0% 0% 6 11.07% 0.71% 0.031% 0% 0% 0% 7 5.87% 1.35% 0.032% 0% 0% 0% sponse bit evaluated under the nominal operating condition 8 15.00% 5.98% 0.89% 0.056% 0.085% 0% by applying the same selected reliable challenge to the same PUF, where the reliable challenge resulted delay time differ- ence between top and bottom paths in an APUF satisfying when |tdif| > (∆t = 1.5). As an APUF is able to generate |t |>∆t. an exponential number of CRPs as a function of the number dif We also refer BER@(∆t = 0) as BER@Default. In fact, of stages k, large number of reliable challenges can still be BER@Default is the BER when challenge filtering is not promised.Forexample,givena64-stageAPUF,itsCRPspace employed, eg., shown in Fig. 5. is up to 264. Hence, there are still 264 × 0.06 > 259 error 1) Reliability of Filtered Responses: Tested results are free response bits available. When the PUF operating range shown in Table. I and II. The BER@∆t is evaluated within varies insignificantin practice, a smaller ∆t can be chosen to different operating ranges for each Table. Noting the supply decreasethe CRP loss while still produceerrorfreeresponses voltage range of Table. II (±20% deviation) is larger than as shown in Table. I. Table.I(±10%deviation).ItisnotsurprisingthatBER@∆tis C. PDL APUFs notzerowhenthe∆tissettoasmallvalue.Butasthe∆tgoes up, BER@∆t decreasessignificantly. When the ∆t=1.5, all The statistical model is obtained by training 10,000 CRPs filtered challenges that satisfy |t | > (∆t = 1.5) produce evaluatedonlyunderthenominalconditionandtheprediction dif responses with 100% reliability. The APUF is the most accuracy with 92.41% is achieved. This lower prediction ac- 5 interested testing sample because, in Fig. 5, APUF has the curacycomparedwiththepredictionaccuracyofthesynthetic 5 highestworst-caseBERof12.98%amongotherAPUFswhen APUF model are attributed to [9]: i) The slightly increased the voltage varies between 0.96 V and 1.44 V. By using nominal BER is 4.99% that is obtained under the nominal judiciously selected error free responses to derive keys, it condition—the nominal BER of the synthesized APUF is equals to an ECC decoder that has to correct at least 12.98% 2.2%, see Fig. 5; ii) The usage of PDLs on FPGA, which errors. makes the MUX structure more complicated (slightly nonlin- Duetoinfinitenumberofreliablechallengesfilteringcannot earity is introduced). beachievedinevaluation,weuseuptomorethan830million There are eight PDL APUFs tested, each of them is imple- randomly generated challenges for all testings, among them, mented on a differentFPGA board. The maximum BER@∆t 50 million selected reliable challenges are obtained when the for all of eight APUFs are listed in Table. III. Among ∆t = 1.5. We can see that all of responses given selected tested eight APUFs, the maximum worst-case BER@Default challenges are error free regenerated even when the supply is 16.68%. When the ∆t=1.7, there is no error found in all voltagehasa±20%variationandthetemperatureexperiences reproduced responses under any tested operating condition. a 40◦C variation. Same to the results obtained from synthesized APUFs in II, 2) CRP Loss: The CRP loss is the probability that a BER@∆tdecreasesasthe∆tincreases.Therearestillaround randomly given challenge cannot meet the challenge filtering 1% challenges satisfying the selection criterion for all eight criterion of |t | > ∆t. The CRP loss is increasing as the tested APUFs even when ∆t=1.7. dif ∆t increases. Fig. 6 depicts the CRP loss as a function of We further investigate the response randomness— ∆t. We can see that 94% response bits will be discarded percentageofoccurrenceof‘1’sinresponsebits—relationship 60 [2] S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, and V. Khandelwal, %) “Design and implementation of PUF-based” unclonable” RFID ICs s (55 foranti-counterfeiting andsecurityapplications,” inIEEEInternational es Conference onRFID. IEEE,2008,pp.58–64. mn50 APUF1 [3] S. U. Hussain, M. Majzoobi, and F. Koushanfar, “A built-in-self-test ndo45 AAAAPPPPUUUUFFFF2345 strcuheemraendfoomr onnulimneberevgaleunaetriaotnorso,”f pIEhyEsEicaTlraunnscalcotnioanbsleofnunMctuioltni-sScaanlde ra AAPPUUFF67 ComputingSystems, vol.2,no.1,pp.2–16,2016. 400 0.5 0.75 APUF81 1.25 1.5 1.7 [4] B.Gassend,D.Clarke,M.VanDijk,andS.Devadas,“Controlledphys- ∆t icalrandomfunctions,”in18thAnnualComputerSecurityApplications Conference. IEEE,2002,pp.149–160. Fig.7. Randomness underdifferent ∆tsettings. [5] D.Lim,J.W.Lee,B.Gassend,G.E.Suh,M.VanDijk,andS.Devadas, “Extractingsecretkeysfromintegratedcircuits,”IEEETrans.VeryLarge ScaleIntegr.(VLSI)Syst,vol.13,no.10,pp.1200–1205, 2005. [6] A. Maiti, I. Kim, and P. Schaumont, “A robust physical unclonable with the ∆t, In general, the challenge filtering should not function with enhanced challenge-response set,” IEEETransactions on result into a bias to PUF’s response with a preferable Information ForensicsandSecurity, vol.7,no.1,pp.333–345,2012. [7] Holcomb,DanielE,W.P.Burleson,andK.Fu,“Power-upSRAMstate value (‘0’/‘1’). In Fig. 7, the challenge filtering does not asanidentifyingfingerprintandsourceoftruerandomnumbers,”IEEE deteriorate the randomness of the selected reliable response Transactions onComputers, vol.58,no.9,pp.1198–1210, 2009. bits. The randomness is always close to 50% when the [8] U.Ruhrmair, J.Solter, F.Sehnke, X.Xu,A.Mahmoud, V.Stoyanova, G.Dror,J.Schmidhuber,W.Burleson,andS.Devadas,“PUFmodeling challenge filtering is performed under different ∆t settings. attacks on simulated and silicon data,” IEEE Trans. Inf. Forensics In addition, even the response’s randomness is not close to Security, vol.8,no.11,pp.1876–1891,2013. 50% initially, the challenge filtering seems eliminate such an [9] U. Ruhrmair and M. Van Dijk, “PUFs in security protocols: Attack models and security evaluations,” inIEEESymposium onSecurity and initial randomness bias. Privacy(SP),2013,pp.286–300. [10] M. van Dijk and U. Ru¨hrmair, “Protocol attacks on advanced PUF V. CONCLUSION protocols and countermeasures,” in Proceedings of the conference on We propose an approach for determining error free re- Design,Automation&TestinEurope. EuropeanDesignandAutoma- tionAssociation, 2014,p.351. sponses even when they are re-evaluated across a wide range [11] B.Gassend,M.V.Dijk,D.Clarke,E.Torlak,S.Devadas,andP.Tuyls, ofoperatingcondition.Theproposedapproachcanbeadopted “Controlled physical random functions and applications,” ACM Trans- into controlledPUF designsand also providelarge numberof actions onInformationandSystem Security, vol.10,no.4,p.3,2008. [12] G.T.Becker,“Onthepitfallsofusingarbiter-PUFsasbuildingblocks,” error free responses on demand for advanced cryptographic IEEE Transactions on Computer-Aided Design of Integrated Circuits applications.ThismethodhasnoburdentothePUFembedded andSystems,vol.34,no.8,pp.1295–1307, 2015. devices because there is no ECC and helper data involved, [13] X. Xu, W. Burleson, and D. E. Holcomb, “Using statistical models to improvethereliabilityofdelay-basedPUFs,”inIEEEComputerSociety where the model building is left to the server and only asks AnnualSymposium onVLSI,2016,DOI:10.1109/ISVLSI.2016.125. negligible computational resources to the server. Extensive [14] T.Xu,D.Li,andM.Potkonjak,“Adaptive characterization andemula- empirically evaluations validate the practicability of our error tionofdelay-basedphysicalunclonablefunctionsusingstatisticalmod- els,”inProceedingsofthe52ndAnnualDesignAutomationConference. free response methodology.There are some interesting future ACM,2015,p.76. works. Firstly, though good results have been demonstrated [15] M. Majzoobi, E. Dyer, A. Elnably, and F. Koushanfar, “Rapid through simulated data [13] considering aging effects, further FPGA delay characterization using clock synthesis and sparse sampling,” in International Test Conference (ITC), 2010, DOI: empirical validations remain to be investigated. Secondly, 10.1109/TEST.2010.5699248. adopting our error-free response generation method in to [16] http://rijndael.ece.vt.edu/variability/main.html. controlled PUFs [11]. In this context, it is imperative to [17] M.Majzoobi, A.Kharaya, F.Koushanfar, andS.Devadas, “Automated design, implementation, andevaluation ofarbiter-based PUFonFPGA reduce the CRP loss, which will enable an efficient control usingprogrammabledelaylines.”IACRCryptologyePrintArchive,vol. logic realization within the controlled PUFs. Last but not 2014,p.639,2014. least, attacks assisted by the helper data compromising the [18] A. Maiti, J. Casarona, L. McHale, and P. Schaumont, “A large scale characterization of RO-PUF,” in IEEE International Symposium on security of a key generator only extracting a single key or Hardware-Oriented SecurityandTrust(HOST),,2010,pp.94–99. very limited number of keys [12] may be even harder, if [19] M.Majzoobi,F.Koushanfar,andM.Potkonjak,“Techniquesfordesign not impossible, when they are mounted to key generators in andimplementationofsecurereconfigurablePUFs,”ACMTransactions onReconfigurable Technology andSystems,vol.2,no.1,p.5,2009. capableofgeneratingalargenumberofkeyswherethehelper [20] M. Majzoobi, F. Koushanfar, and S. Devadas, “Fpga puf using pro- data is not used. This will be another interesting investigation grammable delay lines,” in IEEE International Workshop on In- of securely using error-free responses [23]. formation Forensics and Security (WIFS). IEEE, 2010, DOI: 10.1109/WIFS.2010.5711471. VI. ACKNOWLEDGMENT [21] M.Roel,“Physicallyunclonablefunctions:Constructions,propertiesand applications,” Ph.D.dissertation, University ofKULeuven,2012. WeacknowledgetheAPUFdatasetprovidedbyDrMehrdad [22] R. Maes, V. Rozˇic´, I. Verbauwhede, P. Koeberl, E. Van der Sluis, and Majzoobi and Mr Siam U. Hussain from research group of V. Van der Leest, “Experimental evaluation of physically unclonable functions in 65 nm CMOS,” in Proceedings of the ESSCIRC. IEEE, Prof Farinaz Koushanfar. 2012,pp.486–489. [23] Y. Gao and D. C. Ranasinghe, “PUF-FSM: A controlled strong PUF,” REFERENCES arXivpreprintarXiv:1701.04137v2,2017. [1] G. E. Suh and S. Devadas, “Physical unclonable functions for device authentication and secret key generation,” in Proceedings of the 44th AnnualDesignAutomationConference. ACM,2007,pp.9–14.

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.