Lightweight Silicon-based Security: Concept, Implementations, and Protocols

Majzoobi, Mehrdad

16 September 2013

Advancement in cryptography over the past few decades has enabled a spectrum of security mechanisms and protocols for many applications. Despite the algorithmic security of classic cryptography, there are limitations in application and implementation of standard security methods in ultra-low energy and resource constrained systems. In addition, implementations of standard cryptographic methods can be prone to physical attacks that involve hardware level invasive or non-invasive attacks. Physical unclonable functions (PUFs) provide a complimentary security paradigm for a number of application spaces where classic cryptography has shown to be inefficient or inadequate for the above reasons. PUFs rely on intrinsic device-dependent physical variation at the microscopic scale. Physical variation results from imperfection and random fluctuations during the manufacturing process which impact each device’s characteristics in a unique way. PUFs at the circuit level amplify and capture variation in electrical characteristics to derive and establish a unique device-dependent challenge-response mapping. Prior to this work, PUF implementations were unsuitable for low power applications and vulnerable to wide range of security attacks. This doctoral thesis presents a coherent framework to derive formal requirements to design architectures and protocols for PUFs. To the best of our knowledge, this is the first comprehensive work that introduces and integrates these pieces together. The contributions include an introduction of structural requirements and metrics to classify and evaluate PUFs, design of novel architectures to fulfill these requirements, implementation and evaluation of the proposed architectures, and integration into real-world security protocols. First, I formally define and derive a new set of fundamental requirements and properties for PUFs. This work is the first attempt to provide structural requirements and guideline for design of PUF architectures. Moreover, a suite of statistical properties of PUF responses and metrics are introduced to evaluate PUFs. Second, using the proposed requirements, new and efficient PUF architectures are designed and implemented on both analog and digital platforms. In this work, the most power efficient and smallest PUF known to date is designed and implemented on ASICs that exploits analog variation in sub-threshold leakage currents of MOS devices. On the digital platform, the first successful implementation of Arbiter-PUF on FPGA was accomplished in this work after years of unsuccessful attempts by the research community. I introduced a programmable delay tuning mechanism with pico-second resolution which serves as a key component in implementation of the Arbiter-PUF on FPGA. Full performance analysis and comparison is carried out through comprehensive device simulations as well as measurements performed on a population of FPGA devices. Finally, I present the design of low-overhead and secure protocols using PUFs for integration in lightweight identification and authentication applications. The new protocols are designed with elegant simplicity to avoid the use of heavy hash operations or any error correction. The first protocol uses a time bound on the authentication process while second uses a pattern-matching index-based method to thwart reverseengineering and machine learning attacks. Using machine learning methods during the commissioning phase, a compact representation of PUF is derived and stored in a database for authentication.

Modélisation, implémentation et caractérisation de circuits générateurs de nombres aléatoires vrais pour la certification de crypto-processeurs / Modeling, design and characterization of delay-chains based true random number generator

Ben Romdhane, Molka

01 October 2014

Les nombres aléatoires sont indispensables dans de nombreuses applications notamment en cryptographie où l’aléa est utilisé dans les protocoles de sécurité. Les générateurs de nombres aléatoires, plus connus sous le nom de RNG comme “Random Number Generator” se déclinent en deux familles, les PRNG (Pseudo RNG) qui sont des générateurs de nombres aléatoires ayant des séquences déterministes et les TRNG (True RNG) qui sont des générateurs d’aléa “vrai”, donc non prédictibles. Les applications cryptographiques utilisent à la fois les TRNG et les PRNG. Un PRNG nécessite une valeur initiale, ou graine, qui peut être la sortie d’un TRNG. Les TRNG tirent profit de l’aléa des phénomènes physiques. Les TRNGs dans les technologies numériques comme les FPGAs font appel à des oscillateurs qui présentent l’inconvénient de pouvoir être attaqués par couplage harmonique. De façon à évaluer la qualité entropique d’un TRNG, des standards basés sur des tests statistiques ont été élaborés par des organismes de certification comme le NIST ou la BSI. Cependant, il est recommandé de formaliser, par le biais d’un modèle, le caractère stochastique de la génération d’aléa. Dans cette thèse, nous étudions une architecture de TRNG, peu coûteuse et robuste face aux attaques harmoniques car elle n’utilise pas d’oscillateurs. Ce TRNG extrait une variable aléatoire en exploitant à la fois les états métastables des bascules et les fluctuations temporelles (ou gigue) des signaux échantillonnés. Nous proposons par la suite un modèle stochastique qui nous permet de décrire le comportement aléatoire du TRNG indépendamment de la technologie ciblée. Les caractérisations et évaluations sur des circuits prototypes en technologies FPGA et ASIC montrent que l’architecture TRNG proposée génère de l’aléa de qualité et est robuste face aux variations environnementales / Random numbers are required in numerous applications namely in cryptography where randomness is used in security protocols. There are two main classes of Random Number Generators (RNG) : The Pseudo RNG (PRNG) which have a deterministic sequence, and the True RNG (TRNG) which generates unpredictable random numbers. Cryptographic applications use both TRNG and PRNG. The PRNG needs an initial value, or seed, which can be the output of a TRNG. In digital technologies, like FPGAs, TRNG are commonly based on oscillators which have the drawback of being biased by harmonic coupling. In order to assess the entropic quality of TRNGs, standards based on statistical tests have been elaborated by certification organisms namely the NIST and the BSI. However, it is recommended to formalize the stochastic behaviour of the randomness generation process. In this Ph.D, we address the design and quality evaluation of TRNGs in digital circuits. We study of a low-cost digital TRNG without oscillators, hence robust against harmonics attacks. The proposed TRNG exploits both the metastability phenomenon and the jitter noise in CMOS digital flip-flops to generate the random numbers. A stochastic model of this TRNG has been formalized. This model describes the random generation process regardless of the targeted technology. The characterization and evaluation on a prototype circuit, in FPGA and ASIC technologies, has shown that the proposed TRNG architecture generates randomness of good quality and is robust against environmental variations.

Générateur de nombres aléatoires

Métastabilité

Modélisation

ASIC

FPGA

Retards programmables

Tests statistiques

NIST

AIS-31

True random numbers generator (TRGN)

Métastability

Modelization

ASIC

FPGA

Programmable delay

Statistical tests

NIST

AIS-31