Randomnes in Hardware security Flashcards
Secure Integrated
Circuits (ICs)
Secure Integrated Circuits (ICs) for Authentication, Identification, Transactions, Communication r Required functionalities: Key generation and device fingerprinting
Achieving Randomness in Real World
- Physical phenomena examples:
- Clock drift (jitter)
- Thermal noise
- Transistor mismatches
- Photons through semi-transparent mirror
Generating Random Numbers
- Linear Feedback Shift Register (LFSR) - True Random Number Generator (TRNG) - Physically Unclonable Function (PUF)
Linear Feedback Shift Register (LFSR)
Simple way for generating pseudorandom numbers - Input of shift register as a linear function of output - Initial State called Seed - Feedback bits called Taps
LFSR Applications
Pseudo-random number generators (PRNGs) for stream ciphers - A5/1 and A5/2 in GSM - E0 in Bluetooth - Clock dividers and counters
Advantages of LFSRs
- Easy to implement in Hardware/Software
- Produce long sequence of bits which seems random
with well-chosen feedback function
Disadvantages of LFSRs
- Deterministic
- Finite number of states
True Random Number Generators (TRNGs)
Generate randomness from physical phenomena - Example: Sampling phase jitter in oscillator rings to generate sequence of random bits - Output of rings fed into an XOR - Sampling by D-flipflop driven by the system clock
TRNG Applications
Random numbers with high entropy for - Cryptographic keys - Initialization vectors and seeds for cryptographic primitives and PRNGs - Padding bits - Nonces (number used once)
TRNG Design Challenges
Non-uniform distribution
-> post-processing and correction steps needed
- Low output rate
- Biasing or non-randomness behaviour by
variations in operational conditions (e.g.,
fluctuations in temperature and supply voltage)
-> Many active attacks
Physical(ly) Unclonable Functions (PUFs)
- Also known as Random Physical Functions or One-way Physical Functions - Utilizing manufacturing process variations on different chips to make them unique - Fingerprint of the IC
PUF Definition
-Physical entity that is embodied in a physical
structure
- Easy to evaluate but hard to predict
- Easy to make but practically impossible to
duplicate
- Inputs are called Challenges
- Outputs are called Responses
- Together: Challenge-Response-Pairs (CRPs)
- Not a true function in a mathematical sense: one
possible input -> more possible outputs
Non-electrical PUFs (1)
- Non-electronic constructions with PUF-like
properties - Electronic and digital techniques are used to
process the PUF responses - Examples: Optical PUF, Magnetic PUFs, etc.
Analog Electronic PUFs
- PUF constructions whose basic operation consists
of an analog measurement of an electric or
electronic quantity -> analog responses - Examples: Coating PUFs, LC PUFs, etc.
Digital Intrinsic PUFs
- PUF and measurement system fully integrated in
the embedding device - PUF constructible by available manufacturing
process of embedding device - Two classes:
1. Delay-Based Intrinsic PUFs: Arbiter PUFs, Ring
Oscillator PUFs, etc.
2. Memory-based Intrinsic PUFs: SRAM PUFs,
Butterfly PUFs, Bistable Ring PUFs, etc.
Arbiter PUF
- Utilizing intrinsic timing differences of 2 symmetrically designed electrical paths - Direct or crossed paths in each stage based on challenge bit - Binary response by the Arbiter based on arrival of first signal - Assumption: Attacker cannot measure individual delays!
Ring Oscillator (RO) PUF
- Ring oscillators generate a clock like signal - The frequency is partially random - Two ROs are selected and their frequencies are compared to generate a binary response - Assumption: Attacker cannot measure the ring frequencies!
SRAM & Butterfly PUF
Example of Memory-based PUFs: SRAM PUFs - Using the bistability behaviour of SRAM cells - Bistability because of MOSFET mismatches - Assumption: Attacker cannot readout the SRAM values
Bistable Ring
Using bistability of inverter chains (similar to a larger SRAM
cell)
Bistable Ring (BR) PUF
Combining 2n inverters in a loop to have an
exponential challenge space
- Assumption: The exact mathematical model is
was long time not known -> now I know it!
Twisted Bistable Ring (TBR) PUF
- For an applied challenge all 2n inverters are
involved. - Assumption: The exact mathematical model is
not known!
Authentication using PUFs
PUF is used in two phases:
1. Enrollment: A number of CRPs are collected and stored
in the database (CRP database)
2. Verification: A challenge from CRP database is applied
to the PUF and the response compared with the
corresponded response in data base
Observed response close enough -> verified!
Inter- and Intra-distance measures
For a particular challenge:
m Intra-distance(μintra, σintra): Hamming distance
between two responses resulting from one challenge on
one PUF instantiation
m Inter-distance(μinter, σinter): Hamming distance
between two responses resulting from one challenge on
two different PUF instantiations
m μintra expresses the average noise on the responses
• best case: μintra = 0%
m μinter expresses the uniqueness on the responses
• best case: μinter = 50%
Key Generation using PUFs
Key Storing (No key is stored actually!)
- Key is generated when needed -> traditional semi- and
fully-invasive attacks cannot recover the key!
Environmental Effects
Unwanted physical side effects can interfere the
measurement of responses:
1. Random Effects: Random noise and measurement
uncertainties
2. Systematic Effects: temperature, supply voltage,
etc.
- Countermeasure:
-Error Correction Codes
PUF properties
- Evaluable: given Π and x, it is easy to evaluate y =
Π(x). - Unique: Π(x) contains some information about the
identity of the physical entity embedding Π. - Reproducible: y = Π(x) is reproducible up to a small
error. - Unclonable: given Π, it is hard to construct Γ≠ Π
such that for all x in X: Γ(x) ≈ Π(x) up to a small
error - Unpredictable: given only a set Q = {(xi,yi = Π(xi))},
it is hard to predict yc ≈ Π(xc) up to small error, for
xc a random challenge such that (xc,∙) ∉ Q. - One-way: given only y and Π, it is hard to find x
such that y = Π(x). - Tamper evident: altering the physical Π transforms
Π→Π´ such that with high probability ∃x ∊ X: Π(x)
≠ Π´ (x).
