Solving the software protection problem with intrinsic personal physical unclonable functions (original) (raw)
Related papers
A Theoretical Analysis: Physical Unclonable Functions and the Software Protection Problem
2012
Physical Unclonable Functions (PUFs) or Physical One Way Functions (P-OWFs) are physical systems whose responses to input stimuli are easy to measure but hard to clone. The unclonability property is due to the accepted hardness of replicating the multitude of uncontrollable manufacturing characteristics and makes PUFs useful in solving problems such as device authentication, software protection and licensing, and certified execution. In this paper, we investigate the effectiveness of PUFs for software protection in hostile offline settings. We show that traditional non-computational (black-box) PUFs cannot solve the software protection problem in this context. We provide two real-world adversary models (weak and strong variants) and security definitions for each. We propose schemes secure against the weak adversary and show that no scheme is secure against a strong adversary without the use of trusted hardware. Finally, we present a protection scheme secure against strong adversaries based on trusted hardware.
Abstract—Physical Unclonable Functions (PUFs) or Physical One Way Functions (P-OWFs) are physical
2015
systems whose responses to input stimuli are easy to measure but hard to clone. The unclonability property is due to the accepted hardness of replicating the mul-titude of uncontrollable manufacturing characteristics and makes PUFs useful in solving problems such as device authentication, software protection and licensing, and certified execution. In this paper, we investigate the effectiveness of PUFs for software protection in hostile offline settings. We show that traditional non-computational (black-box) PUFs cannot solve the software protection problem in this context. We provide two real-world adversary models (weak and strong variants) and security def-initions for each. We propose schemes secure against the weak adversary and show that no scheme is secure against a strong adversary without the use of trusted hardware. Finally, we present a protection scheme secure against strong adversaries based on trusted hardware. Keywords-physical unclonable functions, PUFs, phys-ical on...
Poster: making the case for intrinsic personal physical unclonable functions (IP-PUFs
2011
Physical Unclonable Functions (PUFs) are physical systems whose responses to input stimuli (i.e., challenges) are easy to measure but difficult to clone. The unclonability property is due to the accepted hardness of replicating the multitude of uncontrollable manufacturing characteristics and makes PUFs useful in solving problems such as authentication, software protection/licensing, and certified execution.
A Physical Unclonable Function (PUF) is hardware that acts as a one-way function, whose each different instance provides unique outputs for the same distinct input. Although recent research has demonstrated the merits of PUFs as security primitives for resource-constrained computer systems, better implementations of them need to be identified by future research, in order for them to be commercially adopted. Nevertheless, PUFs have already found application in the implementation of a large number of cryptographic protocols and other security solutions. A number of well-known metrics have been proposed in the literature in order to assess the quality of individual PUF implementations as security mechanisms, in terms of the stability, uniqueness and randomness of their responses.
Physical Unclonable Functions and Applications: A Tutorial
Proceedings of the IEEE, 2014
| This paper describes the use of physical unclonable functions (PUFs) in low-cost authentication and key generation applications. First, it motivates the use of PUFs versus conventional secure nonvolatile memories and defines the two primary PUF types: ''strong PUFs'' and ''weak PUFs.'' It describes strong PUF implementations and their use for lowcost authentication. After this description, the paper covers both attacks and protocols to address errors. Next, the paper covers weak PUF implementations and their use in key generation applications. It covers error-correction schemes such as pattern matching and index-based coding. Finally, this paper reviews several emerging concepts in PUF technologies such as public model PUFs and new PUF implementation technologies.
Using physical unclonable functions for hardware authentication: a survey
2010
Physical unclonable functions (PUFs) are drawing a crescent interest in hardware oriented security due to their special characteristics of simplicity and safety. However, their nature as well as early stage of study makes them constitute currently a diverse and non-standardized set for designers. This work tries to establish one organization of existing PUF structures, giving guidelines for their choice, conditioning, and adaptation depending on the target application. In particular, it is described how using PUFs adequately could enlighten significantly most of the security primitives, making them very suitable for authenticating constrained resource platforms. Keywords-PUFs; hardware security; light cryptography
Leveraging Distributions in Physical Unclonable Functions
Cryptography
A special class of Physical Unclonable Functions (PUFs) referred to as strong PUFs can be used in novel hardware-based authentication protocols. Strong PUFs are required for authentication because the bit strings and helper data are transmitted openly by the token to the verifier, and therefore are revealed to the adversary. This enables the adversary to carry out attacks against the token by systematically applying challenges and obtaining responses in an attempt to machine learn, and later predict, the token's response to an arbitrary challenge. Therefore, strong PUFs must both provide an exponentially large challenge space and be resistant to machine-learning attacks in order to be considered secure. We investigate a transformation called temperature-voltage compensation (TVCOMP), which is used within the Hardware-Embedded Delay PUF (HELP) bit string generation algorithm. TVCOMP increases the diversity and unpredictability of the challenge-response space, and therefore increases resistance to model-building attacks. HELP leverages within-die variations in path delays as a source of random information. TVCOMP is a linear transformation designed specifically for dealing with changes in delay introduced by adverse temperature-voltage (environmental) variations. In this paper, we show that TVCOMP also increases entropy and expands the challenge-response space dramatically.
Modeling attack resistant strong physical unclonable functions : design and applications
2021
Physical unclonable functions (PUFs) have great promise as hardware authentication primitives due to their physical unclonability, high resistance to reverse engineering, and difficulty of mathematical cloning. Strong PUFs are distinguished by an exponentially large number of challenge-response pairs (CRPs), in contrast with weak PUFs that have a smaller CRP set. Because the adversary cannot create an enumeration clone by recording all CRPs even when in physical possession of a PUF, strong PUFs enable secure direct authentication, that does not require cryptography and are thus attractive to low-energy and IoT applications. The first contribution of this dissertation is the design of a strong silicon PUF resistant to machine learning (ML) attacks. For a strong PUF to be an effective security primitive, the CRPs need to be unpredictable: given a set of known CRPs, it should be difficult to predict the unobserved CRPs. Otherwise, an adversary can succeed in an attack based on building...
Remote Attestation Mechanism based on Physical Unclonable Functions
The 2013 Workshop on RFID and IoT Security (RFIDsec'13 Asia), 2013
Remote attestation mechanisms are well studied in the high-end computing environments; however, the same is not true for embedded devices - especially for smart cards. With ever changing landscape of smart card technology and advancements towards a true multi-application platform, verifying the current state of the smart card is significant to the overall security of such proposals. The initiatives proposed by GlobalPlatform Consumer Centric Model (GP-CCM) and User Centric Smart Card Ownership Model (UCOM) enables a user to download any application as she desire - depending upon the authorisation of the application provider. Before an application provider issues an application to a smart card, verifying the current state of the smart card is crucial to the security of the respective application. In this paper, we analyse the rationale behind the remote attestation mechanism for smart cards, and the fundamental features that such a mechanism should possess. We also study the applicability of Physical Unclonable Functions (PUFs) for the remote attestation mechanism and propose two algorithms to achieve the stated features of remote attestation. The proposed algorithms are implemented in a test environment to evaluate their performance.