slides - SPQR - University of Michigan

Design Automation and Test in Europe 2014
PUFs at a
Glance
Ulrich Rührmair!
Technische Universität München!
!
Daniel E. Holcomb!
University of Michigan
This work was supported in part by C-FAR, one of six centers of
STARnet, a Semiconductor Research Corporation program
sponsored by MARCO and DARPA, and NSF CNS-0845874.
Physical Unclonable Functions
Silicon Physical Random Functions
∗
Blaise Gassend, Dwaine Clarke, Marten van Dijk† and Srinivas Devadas
Massachusetts Institute of Technology
Laboratory for Computer Science
Silicon Physical Random Functions
Cambridge, MA 02139, USA
∗
gassend,declarke,marten,devadas}@mit.edu
{ Dijk† and Srinivas Devadas
Blaise Gassend, Dwaine Clarke, Marten van
Massachusetts Institute of Technology
Laboratory for Computer Science
Cambridge, MA 02139, USA
{gassend,declarke,marten,devadas}@mit.edu
ABSTRACT
leads us to a method of identifying and authenticat
ABSTRACT
leads us to a method of identifying and authenticating in- dividual ICs and a means of building secure smartca
We introduce the notion of adividual
Physical
Function
ICs and aRandom
means of building
secure smartcards. A
We introduce the notion of a Physical Random Function
host
of
other
applications
are
also
possible.
(PUF). We argue
that a complex
(PUF).
We integrated
argue circuit
thatcana becomplex
integrated
circuit
can
be and au- host of other applications are also possible.
Many
methods
are
already
available
to
identify
viewed as a silicon PUF and describe a technique to identify
Many methods are already available to identify a
thenticate ICs.
One can embed ato
unique
identifier in an IC
viewed
a silicon
a technique
identify
and authenticate
individualas
integrated
circuits PUF
(ICs). and describe
to give it a unique identity. This approach can identify the thenticate ICs. One can embed a unique identifier in
We describe several possible circuit realizations of diﬀerand authenticate individual integrated
IC, but cannot circuits
authenticate (ICs).
it. To enable authentication,
ent PUFs. These circuits have been implemented in comone
needs
to
embed
a
secret
key
onto the IC. Of course, for to give it a unique identity. This approach can ident
modity Field Programmable
Gate Arrays
(FPGAs).possible
We
We describe
several
circuit
realizations
of
diﬀerthe
system
to
work,
this
key
needs
to remain secret, which
present experiments which indicate that reliable authentiIC, but cannot authenticate it. To enable authenti
means
that the
packaged IC has to be
resistant to atent FPGAs
PUFs.
been
implemented
inmade
comcation of individual
can beThese
performedcircuits
even in the have
tacks
that
attempt
to
discover
the
key.
Numerous
attacks
one needs to embed a secret key onto the IC. Of cour
presence of significant environmental variations.
modity Field Programmable are
Gate
Arrays
(FPGAs).
We
described
in the literature.
These attacks
may be invaWe describe how secure smart cards can be built, and also
sive, e.g., removal of the package and layers of the IC, or the system to work, this key needs to remain secret,
briefly describepresent
how PUFs can
be applied to licensing
and indicate
experiments
which
that reliable authentinon-invasive, e.g., diﬀerential power analysis that attempts
certification applications.
to
determine
the key by stimulating
and observing means that the packaged IC has to be made resistant
cation of individual FPGAs can be performed
eventheinICthe
the power and ground rails. Making an IC tamper-resistant tacks that attempt to discover the key. Numerous a
Categories and
Subject Descriptors
presence
of significant environmental
to all forms ofvariations.
attacks is a challenging problem and is receiving
some attention [1]. IBM’s PCI Cryptographic Coproces- are described in the literature. These attacks may b
C.3 [Special-Purpose
and
Application-Based
Systems]:
We describe how secure smart
cards can
be built,
and
also within a
sor encapsulates
a 486-class
processing
subsystem
Smartcards
tamper-sensing
and
tamper-responding
environment
briefly describe how PUFs can be applied to licensing and where sive, e.g., removal of the package and layers of the
one can run security-sensitive processes [13]. However, pro- non-invasive, e.g., diﬀerential power analysis that at
General Terms
certification applications.
viding high-grade tamper resistance, which makes it imposMeasurement, Experimentation, Security
sible for an attacker to access or modify the secrets held to determine the key by stimulating the IC and obs
inside a device, is expensive and diﬃcult [2, 3].
We propose a completely diﬀerent approach to IC authen- the power and ground rails. Making an IC tamper-re
Keywords
tication
in this paper. Our thesis is that there is enough to all forms of attacks is a challenging problem and is
Categories
and
Subject
Descriptors
Identification, physical random function, physical security,
manufacturing process variations across ICs with identical
smartcard, tamper resistance, unclonability
masks to uniquely characterize each
IC, and this character- ing some attention [1]. IBM’s PCI Cryptographic Cop
C.3 [Special-Purpose and Application-Based
Systems]:
ization can be performed with a large signal-to-noise ratio
Smartcards
(SNR). The characterization of an IC involves the genera- sor encapsulates a 486-class processing subsystem w
1. INTRODUCTION
tion
of a set of challenge-response pairs. To authenticate ICs tamper-sensing and tamper-responding environment
We describe the notion of Physical Random Functions
we require the set of challenge-response pairs to be charac(PUFs) and argue that PUFs can be implemented using
teristic of each IC. For reliable authentication, we require one can run security-sensitive processes [13]. Howeve
conventional integrated circuit (IC) design techniques. This
that environmental variations and measurement errors do
General Terms
not produce so much noise that they hide inter-IC varia- viding high-grade tamper resistance, which makes it
This work was funded by Acer Inc., Delta Electronics Inc.,
tions.Security
We will show in this paper, using experiments and sible for an attacker to access or modify the secret
HP Corp., NTT
Inc., Nokia Research Center,
and Philips
Measurement,
Experimentation,
Research under the MIT Project Oxygen partnership.
analysis, that we can perform reliable authentication using
Glance
DATEthat2014
Visiting researcher from Philips Research, Prof Holstlaan
the techniques
we now introduce.
inside a device, is expensive and diﬃcult [2, 3]. 2
4, Eindhoven, The Netherlands.
Research !
Mentions!
by Year
Year
∗
PUFs at a
†
How can we produce a unique set of challenge-response
Overview
Context and motivation for remainder of session
1. Brief introduction to PUFs!
2. Weak PUFs and applications!
3. Strong PUFs and applications!
4. Conclusions
PUFs at a Glance
DATE 2014
3
Physical Unclonable Functions
Challenges
PUFs at a Glance
DATE 2014
f
Responses
4
Physical Unclonable Functions
❖
Challenges
Function!
❖
f
Responses
Map challenges to responses
PUFs at a Glance
DATE 2014
4
Physical Unclonable Functions
❖
Function!
❖
❖
Challenges
f
Responses
Map challenges to responses
Physical!
❖
Mapping depends on physical variations
PUFs at a Glance
DATE 2014
4
Physical Unclonable Functions
❖
Function!
❖
❖
Challenges
f
Responses
Map challenges to responses
Physical!
❖
Mapping depends on physical variations
PUFs at a Glance
DATE 2014
4
Physical Unclonable Functions
❖
Function!
❖
❖
Challenges
Map challenges to responses
Physical!
❖
f
Responses
PUF Characterized by
Challenge-Response Pairs
(CRPs)
Mapping depends on physical variations
PUFs at a Glance
DATE 2014
4
Physical Unclonable Functions
❖
Function!
❖
❖
Map challenges to responses
Physical!
❖
❖
Challenges
f
Responses
PUF Characterized by
Challenge-Response Pairs
(CRPs)
Mapping depends on physical variations
Unclonable!
❖
No compact model exists, and CRP space is too large
for dictionary
PUFs at a Glance
DATE 2014
4
Physical Unclonable Functions
❖
Function!
❖
❖
Map challenges to responses
Physical!
❖
❖
Challenges
f
Responses
PUF Characterized by
Challenge-Response Pairs
(CRPs)
Mapping depends on physical variations
Unclonable!
❖
No compact model exists, and CRP space is too large
for dictionary
❖
Or, responses kept secret
PUFs at a Glance
DATE 2014
4
Design Considerations for Silicon PUFs
❖
Outputs determined by uncorrelated variation!
❖
Random dopant fluctuations and small devices!
❖
Balanced parasitics and wire lengths to avoid bias
PUFs at a Glance
DATE 2014
5
Design Considerations for Silicon PUFs
❖
❖
Outputs determined by uncorrelated variation!
❖
Random dopant fluctuations and small devices!
❖
Balanced parasitics and wire lengths to avoid bias
Variation and noise hard to separate!
❖
Mask unreliable outputs!
❖
Majority voting!
❖
Error correction
PUFs at a Glance
DATE 2014
5
Design Considerations for Silicon PUFs
❖
❖
❖
Outputs determined by uncorrelated variation!
❖
Random dopant fluctuations and small devices!
❖
Balanced parasitics and wire lengths to avoid bias
Variation and noise hard to separate!
❖
Mask unreliable outputs!
❖
Majority voting!
❖
Error correction
Secure
PUFs at a Glance
DATE 2014
5
Security Considerations
❖
Assumed capabilities of adversary!
❖
Observe CRPs!
❖
Measure side channels!
❖
Disassemble and probe chip
PUFs at a Glance
DATE 2014
6
Security Considerations
❖
❖
Assumed capabilities of adversary!
❖
Observe CRPs!
❖
Measure side channels!
❖
Disassemble and probe chip
Possible results of attacks!
❖
DOS by increasing error rate of CRPs!
❖
Train parametric model to predict responses!
❖
Clone with another instance of PUF
PUFs at a Glance
DATE 2014
6
Security Considerations
❖
Assumed capabilities of adversary!
❖
❖
Observe CRPs!
❖
Measure side channels!
❖
Disassemble and probe chip
2nd talk of session
Possible results of attacks!
❖
DOS by increasing error rate of CRPs!
❖
Train parametric model to predict responses!
❖
Clone with another instance of PUF
PUFs at a Glance
DATE 2014
6
Security Considerations
❖
❖
Assumed capabilities of adversary!
❖
Observe CRPs!
❖
Measure side channels!
❖
Disassemble and probe chip
3rd talk of session
Possible results of attacks!
❖
DOS by increasing error rate of CRPs!
❖
Train parametric model to predict responses!
❖
Clone with another instance of PUF
PUFs at a Glance
DATE 2014
6
Security Considerations
❖
❖
Assumed capabilities of adversary!
❖
Observe CRPs!
❖
Measure side channels!
❖
Disassemble and probe chip
Possible results of attacks!
4th talk of session
❖
DOS by increasing error rate of CRPs!
❖
Train parametric model to predict responses!
❖
Clone with another instance of PUF
PUFs at a Glance
DATE 2014
6
Weak vs Strong PUFs
Weak PUFs!
PUFs at a Glance
Strong PUFs!
DATE 2014
7
Weak vs Strong PUFs
Weak PUFs!
❖
Few/one challenges
PUFs at a Glance
Strong PUFs!
❖
DATE 2014
Many challenges
7
Weak vs Strong PUFs
Weak PUFs!
Strong PUFs!
❖
Few/one challenges
❖
Many challenges
❖
Responses remain internal
❖
Public CRP interface
❖
Perfect internal error
correction
PUFs at a Glance
❖
DATE 2014
Error correction outside
PUF is possible
7
Weak vs Strong PUFs
Weak PUFs!
Strong PUFs!
❖
Few/one challenges
❖
Many challenges
❖
Responses remain internal
❖
Public CRP interface
❖
❖
Perfect internal error
correction
❖
Attacks: Cloning and invasive
reading of responses
PUFs at a Glance
❖
DATE 2014
Error correction outside
PUF is possible
Attacks: Modeling attacks
and protocol attacks
7
Weak vs Strong PUFs
Weak PUFs!
Strong PUFs!
❖
Few/one challenges
❖
Many challenges
❖
Responses remain internal
❖
Public CRP interface
❖
Perfect internal error
correction
❖
❖
Attacks: Cloning and invasive
reading of responses
❖
Use cases: New form of key
storage
PUFs at a Glance
❖
DATE 2014
Error correction outside
PUF is possible
Attacks: Modeling attacks
and protocol attacks
7
Weak vs Strong PUFs
Weak PUFs!
Strong PUFs!
❖
Few/one challenges
❖
Many challenges
❖
Responses remain internal
❖
Public CRP interface
❖
Perfect internal error
correction
❖
Error correction outside
PUF is possible
❖
Attacks: Cloning and invasive
reading of responses
❖
Attacks: Modeling attacks
and protocol attacks
❖
Use cases: New form of key
storage
❖
Use cases: New cryptographic
primitive
PUFs at a Glance
DATE 2014
7
Weak vs Strong PUFs
Weak PUFs!
Strong PUFs!
❖
Few/one challenges
❖
❖ Public CRP interface
Responses
remain
internal
Weak and strong are two PUF subclasses among many!
❖
❖
❖
❖
❖
Perfect internal error
Controlled
PUFs!
correction
❖
Attacks:
❖
Cloning
Public
PUFs!and invasive
❖
SIMPL, etc
Use cases: New form of key
storage
PUFs at a Glance
Error correction outside
PUF is possible
❖
Attacks: Modeling attacks
and protocol attacks
❖
Use cases: New cryptographic
primitive
reading of responses
❖
Many challenges
DATE 2014
7
Overview
1. Brief introduction to PUFs!
2. Weak PUFs and applications!
3. Strong PUFs and applications!
4. Conclusions
PUFs at a Glance
DATE 2014
8
Examples of Weak PUFs
❖
❖
Using custom circuits!
❖
Drain currents
❖
Capacitive coating PUF
❖
Cross-coupled devices
❖
Sense amps
[Lofstrom et al. ’02]!
[Tuyls et al. ’06]!
[Su et al. ’07]!
[Bhargava et al. ’10]!
Using existing circuits!
❖
Clock skew
❖
Flash latency
❖
Power-up SRAM state
PUFs at a Glance
[Yao et al.’13]!
[Prabhu et al. ‘11]!
[Guajardo et al. ’07, Holcomb et al. ’07]
DATE 2014
9
Examples of Weak PUFs
❖
Using custom circuits!
❖
Drain currents
❖
Capacitive coating PUF
❖
Cross-coupled devices
❖
❖
Sense amps
[Lofstrom et al. ’02]!
[Tuyls et al. ’06]!
[Su et al. ’07]!
[Bhargava et al. ’10]!
Research!
Mentions!
by Year
Using existing circuits!
❖
Clock skew
❖
Flash latency
❖
[Yao et al.’13]!
[Prabhu et al. ‘11]!
Power-up SRAM state
PUFs at a Glance
"SRAM PUF"
"PUF"
Year
[Guajardo et al. ’07, Holcomb et al. ’07]
DATE 2014
9
Applications of Weak PUFs
❖
Identification!
❖
Authentication!
❖
Secret key!
❖
Random number generation
PUFs at a Glance
DATE 2014
10
Applications of Weak PUFs
❖
Identification!
❖
Authentication!
❖
Secret key!
❖
Random number generation
PUFs at a Glance
DATE 2014
10
SRAM Power-up State
Utilize inherent power-up bias of each SRAM cell
1.2
WL
VDD
A
Voltage
VDD
B
BLB
A
BL
0.8
B
0.4
0
0
PUFs at a Glance
DATE 2014
2
4
6
Time [ns]
8
10
11
SRAM Power-up State
Utilize inherent power-up bias of each SRAM cell
1.2
WL
VDD
A
Voltage
VDD
B
BLB
A
BL
0.8
B
0.4
0
0
❖
2
4
6
Time [ns]
8
10
Challenge: c (selects n cells)
PUFs at a Glance
DATE 2014
11
SRAM Power-up State
Utilize inherent power-up bias of each SRAM cell
1.2
WL
VDD
A
Voltage
VDD
B
BLB
A
BL
0.8
B
0.4
0
0
❖
❖
2
4
6
Time [ns]
8
10
Challenge: c (selects n cells)
Responses: r ∈ 2n !
(power-up state of n cells)
PUFs at a Glance
DATE 2014
11
SRAM Power-up State
Utilize inherent power-up bias of each SRAM cell
1.2
WL
VDD
A
Voltage
VDD
B
BLB
A
BL
0.8
B
0.4
0
0
❖
❖
❖
2
4
6
Time [ns]
8
10
Challenge: c (selects n cells)
Responses: r ∈ 2n !
(power-up state of n cells)
Disorder/randomness: Threshold
variation of transistors in SRAM cell
PUFs at a Glance
DATE 2014
11
SRAM Power-up State
Utilize inherent power-up bias of each SRAM cell
1.2
WL
VDD
A
Voltage
VDD
B
BLB
A
BL
0.8
B
0.4
0
0
❖
❖
❖
2
4
6
Time [ns]
8
10
Challenge: c (selects n cells)
Responses: r ∈ 2n !
(power-up state of n cells)
Disorder/randomness: Threshold
variation of transistors in SRAM cell
[Holcomb et al., ’07]
PUFs at a Glance
DATE 2014
11
Weak PUF as Secret Key
Enroll PUF
PUFs at a Glance
Weak PUF
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
❖
Weak PUF
Learn CRP (c,r)
PUFs at a Glance
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
❖
Learn CRP (c,r)
❖
Derive public error
Weak PUF
correcting data h for r
❖
Key k = Decode(r ⊕ h)
PUFs at a Glance
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
❖
Learn CRP (c,r)
❖
Derive public error
Weak PUF!
!
!
h
correcting data h for r
❖
Key k = Decode(r ⊕ h)
❖
Store h with PUF
❖
Disable access to response r
PUFs at a Glance
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
❖
Learn CRP (c,r)
❖
Derive public error
Generate Key in Field
correcting data h for r
❖
Key k = Decode(r ⊕ h)
❖
Store h with PUF
❖
Disable access to response r
PUFs at a Glance
Weak PUF!
!
!
h
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
❖
Learn CRP (c,r)
❖
Derive public error
correcting data h for r
❖
Key k = Decode(r ⊕ h)
❖
Store h with PUF
❖
Disable access to response r
PUFs at a Glance
Generate Key in Field
c
Weak PUF!
!
!
h
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
Generate Key in Field
❖
Learn CRP (c,r)
❖
Apply c, obtain r’ ⊕ h
❖
Derive public error
❖
Key k = Decode(r’ ⊕ h)
correcting data h for r
❖
Key k = Decode(r ⊕ h)
❖
Store h with PUF
❖
Disable access to response r
PUFs at a Glance
c
Weak PUF!
!
!
h
DATE 2014
12
Weak PUF as Secret Key
Enroll PUF
Generate Key in Field
❖
Learn CRP (c,r)
❖
Apply c, obtain r’ ⊕ h
❖
Derive public error
❖
Key k = Decode(r’ ⊕ h)
correcting data h for r
❖
c
Key k = Decode(r ⊕ h)
❖
Store h with PUF
❖
Disable access to response r
PUFs at a Glance
k is reliable !
key
DATE 2014
Weak PUF!
!
!
h
12
Weak PUF as Secret Key
Enroll PUF
Generate Key in Field
❖
Learn CRP (c,r)
❖
Apply c, obtain r’ ⊕ h
❖
Derive public error
❖
Key k = Decode(r’ ⊕ h)
correcting data h for r
❖
c
Key k = Decode(r ⊕ h)
❖
Store h with PUF
❖
Disable access to response r
Weak PUF!
k is reliable !
key
❖
Reliable unclonable key for crypto!
❖
Assumes that r cannot be read in field
PUFs at a Glance
DATE 2014
!
!
h
12
Overview
1. Brief introduction to PUFs!
2. Weak PUFs and applications!
3. Strong PUFs and applications!
4. Conclusions
PUFs at a Glance
DATE 2014
13
Examples of Strong PUFs
❖
Optical PUF [Pappu et al. ’02]!
❖
Arbiter PUF [Gassend et al. ’02, Lim et al. ’05]!
❖
Bistable Ring PUF [Chen et al. ’11]!
❖
Low-power current-based PUF !
[Majzoobi et al. ’11]
PUFs at a Glance
DATE 2014
14
Examples of Strong PUFs
❖
Optical PUF [Pappu et al. ’02]!
❖
Arbiter PUF [Gassend et al. ’02, Lim et al. ’05]!
❖
Bistable Ring PUF [Chen et al. ’11]!
❖
Low-power current-based PUF !
[Majzoobi et al. ’11]
"Arbiter PUF"
"PUF"
Research!
Mentions!
by Year
Year
PUFs at a Glance
DATE 2014
14
Strong PUF Protocols
❖
Identification/Authentication (1)!
❖
Key Exchange (2,3)!
❖
Oblivious transfer (4,3,5,6) — enables secure two-party computation!
❖
Bit commitment (3,5,6,7,8) — enables zero-knowledge proofs!
❖
Combined key exchange and authentication (9)
(1) R. Pappu et al, Science 2002 !
(2) M.v.Dijk, US Patent 2,653,197, 2004 !
(3) C. Brzuska et al, CRYPTO 2011 !
(4) U. Rührmair, TRUST 2010 !
(5,6) U. Rührmair, M.v.Dijk, CHES 2012 and JCEN 2013!
(7) U. Rührmair, M.v. Dijk, Cryptology ePrint Archive, 2012
!
(8) Ostrovsky et al., EUROCRYPT 2013!
(9) Tuyls and Skoric, Strong Authentication with Physical Unclonable Functions, Springer 2007
PUFs at a Glance
DATE 2014
15
Strong PUF Protocols
❖
Identification/Authentication (1)!
❖
Key Exchange (2,3)!
❖
Oblivious transfer (4,3,5,6) — enables secure two-party computation!
❖
Bit commitment (3,5,6,7,8) — enables zero-knowledge proofs!
❖
Combined key exchange and authentication (9)
5th talk of session
(1) R. Pappu et al, Science 2002 !
(2) M.v.Dijk, US Patent 2,653,197, 2004 !
(3) C. Brzuska et al, CRYPTO 2011 !
(4) U. Rührmair, TRUST 2010 !
(5,6) U. Rührmair, M.v.Dijk, CHES 2012 and JCEN 2013!
(7) U. Rührmair, M.v. Dijk, Cryptology ePrint Archive, 2012
!
(8) Ostrovsky et al., EUROCRYPT 2013!
(9) Tuyls and Skoric, Strong Authentication with Physical Unclonable Functions, Springer 2007
PUFs at a Glance
DATE 2014
15
Strong PUF Protocols
❖
Identification/Authentication (1)!
❖
Key Exchange (2,3)!
❖
Oblivious transfer (4,3,5,6) — enables secure two-party computation!
❖
Bit commitment (3,5,6,7,8) — enables zero-knowledge proofs!
❖
Combined key exchange and authentication (9)
5th talk of session
(1) R. Pappu et al, Science 2002 !
(2) M.v.Dijk, US Patent 2,653,197, 2004 !
(3) C. Brzuska et al, CRYPTO 2011 !
(4) U. Rührmair, TRUST 2010 !
(5,6) U. Rührmair, M.v.Dijk, CHES 2012 and JCEN 2013!
(7) U. Rührmair, M.v. Dijk, Cryptology ePrint Archive, 2012
!
(8) Ostrovsky et al., EUROCRYPT 2013!
(9) Tuyls and Skoric, Strong Authentication with Physical Unclonable Functions, Springer 2007
PUFs at a Glance
DATE 2014
15
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
PUFs at a Glance
…
0
1
0
1
S
1
0
1
0
R
DATE 2014
Q
16
Arbiter PUF
[D. Lim et al., ’05]
❖
0
1
0
1
1
0
1
0
…
0
1
0
1
S
1
0
1
0
R
Q
Challenges: ci ∈ 2m (m= num stages)
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
❖
0
1
0
1
1
0
1
0
0
0
…
…
0
1
0
1
S
1
0
1
0
R
0
0
Q
Challenges: ci ∈ 2m (m= num stages)
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
❖
0
1
0
1
1
0
1
0
0
0
…
…
0
1
0
1
S
1
0
1
0
R
0
0
Q
Challenges: ci ∈ 2m (m= num stages)
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
0
…
…
0
1
0
1
S
1
0
1
0
R
0
0
❖
Challenges: ci ∈ 2m (m= num stages)
❖
Responses: ri ∈ 2n (n=1 shown)
PUFs at a Glance
DATE 2014
Q
16
Arbiter PUF
[D. Lim et al., ’05]
❖
❖
0
1
0
1
1
0
1
0
0
0
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
0
0
(m= num stages)
Responses: ri ∈ 2n (n=1 shown)
PUFs at a Glance
DATE 2014
Q
voltage
S
R
time
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
❖
❖
0
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
0
Q=1
0
(m= num stages)
Responses: ri ∈ 2n (n=1 shown)
PUFs at a Glance
Q
DATE 2014
voltage
S
R
time
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
…
0
1
0
1
S
1
0
1
0
R
Q
Q=1
❖
❖
Challenges: ci ∈
2m
(m= num stages)
Responses: ri ∈ 2n (n=1 shown)
PUFs at a Glance
DATE 2014
voltage
S
R
time
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
❖
❖
1
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
1
Q=1
0
(m= num stages)
Responses: ri ∈ 2n (n=1 shown)
PUFs at a Glance
Q
DATE 2014
voltage
S
R
time
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
❖
❖
1
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
1
Q=1
0
(m= num stages)
Responses: ri ∈ 2n (n=1 shown)
PUFs at a Glance
Q
DATE 2014
voltage
S
R
time
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
❖
❖
1
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
1
Q
Q=1
0
(m= num stages)
voltage
S
R
time
Responses: ri ∈ 2n (n=1 shown)
voltage
R
S
time
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
❖
❖
1
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
1
Q
Q=1
0
(m= num stages)
voltage
S
R
time
Responses: ri ∈ 2n (n=1 shown)
Q=0
voltage
R
S
time
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
❖
1
…
…
Challenges: ci ∈
2m
0
1
0
1
S
1
0
1
0
R
1
Q=1
0
(m= num stages)
❖
Responses: ri ∈ 2n (n=1 shown)
❖
Disorder/randomness: Delays in the
subcomponents
PUFs at a Glance
Q
DATE 2014
voltage
S
R
time
Q=0
voltage
R
S
time
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
1
…
…
Challenges: ci ∈
❖
2m
0
1
0
1
S
1
0
1
0
R
1
Q
Q=1
0
(m= num stages)
voltage
S
R
time
❖
❖
n (n=1 shown)
Responses:
r
∈
2
Q=0 CRPs!
i model cannot be created by observing
❖ Assumes that
❖
Disorder/randomness:
Delays in the
R
S
voltage delay
But basic arbiter PUF susceptible
to additive
model
subcomponents
time
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
1
…
…
Challenges: ci ∈
❖
2m
0
1
0
1
S
1
0
1
0
R
1
Q
Q=1
0
(m= num stages)
voltage
S
R
time
❖
❖
n (n=1 shown)
Responses:
r
∈
2
Q=0 CRPs!
i model cannot be created by observing
❖ Assumes that
❖
Disorder/randomness:
Delays in the
R
S
voltage delay
But basic arbiter PUF susceptible
to additive
model
subcomponents
time
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
0
1
1
0
1
0
0
1
…
…
Challenges: ci ∈
❖
2m
0
1
0
1
S
1
0
1
0
R
1
Q
Q=1
0
(m= num stages)
voltage
S
R
time
❖
❖
n (n=1 shown)
Responses:
r
∈
2
Q=0 CRPs!
i model cannot be created by observing
❖ Assumes that
❖
Disorder/randomness:
Delays in the
R
S
voltage delay
But basic arbiter PUF susceptible
to additive
model
subcomponents
time
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
1
0
0
0
1
…
1
0
1
1
0
…
Challenges: ci ∈
❖
0
1
2m
1
0
1
1
0
S
R
Q
[G. Suh et al., ’07]
[M. Majzoobi et al., ’08]
Q=1
0
(m= num stages)
voltage
S
R
time
❖
❖
n (n=1 shown)
Responses:
r
∈
2
Q=0 CRPs!
i model cannot be created by observing
❖ Assumes that
❖
Disorder/randomness:
Delays in the
R
S
voltage delay
But basic arbiter PUF susceptible
to additive
model
subcomponents
time
PUFs at a Glance
DATE 2014
16
Arbiter PUF
[D. Lim et al., ’05]
0
1
1
0
0
0
1
…
1
0
1
0
1
1
0
…
1
0
1
1
0
0
Q
S
[G. Suh et al., ’07]
[M. Majzoobi et al., ’08]
R
❖
Q=1
XOR Arbiter PUF resists
additive
voltagemodel
S
R
Challenges: ci ∈ 2m (m= num stages)
❖
time
❖
❖
n (n=1 shown)
Responses:
r
∈
2
Q=0 CRPs!
i model cannot be created by observing
❖ Assumes that
❖
Disorder/randomness:
Delays in the
R
S
voltage delay
But basic arbiter PUF susceptible
to additive
model
subcomponents
time
PUFs at a Glance
DATE 2014
16
Authentication using Strong PUF
Enroll PUF
Strong PUF
…
PUFs at a Glance
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
Strong PUF
…
PUFs at a Glance
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
Strong PUF
…
PUFs at a Glance
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
Strong PUF
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
…
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
Strong PUF
…
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
c0
…
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
Strong PUF
DATE 2014
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
Strong PUF
c0
r0’
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
DATE 2014
…
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
Authenticate!
r0 ≈ r0’ ?
Strong PUF
c0
r0’
DATE 2014
…
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
PUFs at a Glance
Authenticate!
r0 ≈ r0’ ?
Strong PUF
c0
r0’
DATE 2014
…
17
Authentication using Strong PUF
Enroll PUF
❖
Choose random challenges
❖
Apply and store private CRPs
(c0,r0)!
(c1,r1)!
(c2,r2)!
…
❖
Authenticate!
r0 ≈ r0’ ?
Strong PUF
c0
r0’
…
No need to hide responses if PUF cannot be
modeled
PUFs at a Glance
DATE 2014
17
Overview
1. Brief introduction to PUFs!
2. Weak PUFs and applications!
3. Strong PUFs and applications!
4. Conclusions
PUFs at a Glance
DATE 2014
18
Review
❖
PUFs are exciting new security primitive based on
physical disorder!
❖
Desirable properties but also limitations!
❖
Arms race between designing and breaking
PUFs at a Glance
DATE 2014
19
PReview
❖
PUFs are exciting new security primitive based on
physical disorder!
1. ❖PUFs
at a Glance!
Desirable
properties but also limitations!
2. ❖Modeling
attacks!
Arms race
between designing and breaking
3. Modeling attacks using side-channel information!
4. Invasive attacks !
5. Requirements for secure PUF protocols!
6. Forward-looking trends and challenges
PUFs at a Glance
DATE 2014
19

Download Report