ABSTRACT
In this paper we describe the results of our investigations Supported by EU FP7 project UNIQUE on the randomness and reliability of D flip-flops when used as a Physically Unclonable Function (PUF). These D flip-flops are hardware components which present a random start-up value when powered up. We show that against all odds, enough randomness exists in such elements when implemented on an Application-Specific Integrated Circuit (ASIC) to turn the responses of a number of D flip-flops into a secret random sequence allowing to derive keys for use in conjunction with cryptographic algorithms. In addition to being unpredictable, these flip-flops have the advantage that they can be spread over random locations in an ASIC. This makes them very difficult to reverse-engineer when used to hide a secret key in a design at a relatively small cost in resources.
- }}C. Bosch, J. Guajardo, A. Sadeghi, J. Shokrollahi, and P. Tuyls. Efficient helper data key extractor on fpgas. In Cryptographic Hardware and Embedded Systems, CHES 2008, pages 181--197, 2004. Google ScholarDigital Library
- }}X. Boyen. Reusable cryptographic fuzzy extractors. In Proceedings of the 11th ACM Conference on Computer and Communications Security (CCS 2004), pages 82--91, 2004. Google ScholarDigital Library
- }}Y. Dodis, R. Ostrovsky, L. Reyzin, and A. Smith. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput., 38(1):97--139, 2008. Google ScholarDigital Library
- }}I. Edwards, P. Newell, and C. Trufan. SRAM PUF Analysis and Fuzzy Extractors. (http://users.wpi.edu/~martin/MQP/edwardsetal.pdf), 2010.Google Scholar
- }}Y. Gao, I. Kontoyiannis, and E. Bienenstock. Estimating the entropy of binary time series: Methodology, some theory and a simulation study. Entropy, 10(2):71--99, 2008.Google ScholarCross Ref
- }}B. Gassend, D. E. Clarke, M. van Dijk, and S. Devadas. Silicon physical random functions. In Vijayalakshmi Atluri editor, Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pages 148--160. ACM, 2002. Google ScholarDigital Library
- }}J. Guajardo, S. Kumar, G. Schrijen, and P. Tuyls. Physical unclonable functions, fpgas and public-key crypto for ip protection. In Intl. Conference on Field Programmable Logica and Applications - FPL 2007, 2007.Google ScholarCross Ref
- }}J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls. Fpga intrinsic pufs and their use for ip protection. In Pascal Paillier and Ingrid Verbauwhede, editors, Cryptographic Hardware and Embedded Systems (CHES 2007), volume 4727, pages 63--80. Springer-Verlag, 2007. Google ScholarDigital Library
- }}D. Holcomb, W. Burleson, and K. Fu. Power-up sram state as an identifying fingerprint and source of true random numbers. In IEEE Transactions on Computers Volume 58 Issue 9, pages 1198--1210, 2009. Google ScholarDigital Library
- }}T. Ignatenko, G.-J. Schrijen, B. Skoric, P. Tuyls, and F. Willems. Estimating the secrecy-rate of physical unclonable functions using the context-tree weighting method. In Proceedings of International Symposium on Information Theory (ISIT 2006), pages 499--503. IEEE, 2006.Google ScholarCross Ref
- }}S. S. Kumar, J. Guajardo, R. Maes, G.-J. Schrijen, and P. Tuyls. The buttery puf: Protecting ip on every fpga. In Mohammed Tehranipoor and Jim Plusquellic, editors, IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2008), pages 67--70. IEEE Computer Society, 2008. Google ScholarDigital Library
- }}J. W. Lee, D. Lim, B. Gassend, G. E. Suh, M. van Dijk, and S. Devadas. A technique to build a secret key in integrated circuits for identification and authentication applications. In Proceedings of the IEEE VLSI Circuits Symposium, pages 176--179, 2004.Google ScholarCross Ref
- }}J. Linnartz and P. Tuyls. New shielding functions to enhance privacy and prevent misuse of biometrictemplates. In J. Kittler and M. Nixon, Editors, Proceedings of the 4th Conference on Audio and Video Based Biometric Person Authentication, LNCS, volume 2688, pages 393--402. Springer-Verlag, 2003. Google ScholarDigital Library
- }}R. Maes, P. Tuyls, and I. Verbauwhede. Intrinsic pufs from ip-ops on reconfigurable devices. In 3rd Benelux Workshop on Information and System Security (WISSec 2008). 17 pages, 2008.Google Scholar
- }}M. Matsui. Linear cryptanalysis method for descipher. In Proceedings of EUROCRYPT 1993, LNCS, volume 765, pages 386--397. Springer-Verlag, 1993. Google ScholarDigital Library
- }}A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997. Google ScholarDigital Library
- }}J. V. Neumann. See http://en.wikipedia.org/wiki/Randomness extractor.Google Scholar
- }}R. S. Pappu. Physical one-way functions. PhD. Thesis, Massachusetts Institute of Technology, March 2001.Google Scholar
- }}N. I. S. T. Special Publication 800--22, A Statistical Test Suite for Random and Pseudo-Random Number Generators for Cryptographic Applications. (http://csrc.nist.gov/rng/), 2001.Google Scholar
- }}P. Tuyls, B. Skoric, and T. Kevenaar. Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting. Springer-Verlag, 2007. Google ScholarDigital Library
- }}F. Willems. The context-tree weighting method: Extensions. IEEE Trans. Inform. Theory 1998, 44:792--798, 1998. Google ScholarDigital Library
- }}F. Willems, Y. Shtarkov, and T. Tjalkens. Context tree weighting: Basic properties. IEEE Trans. Inform. Theory 1995, 41:653--664, 1995. Google ScholarDigital Library
- }}F. Willems, Y. Shtarkov, and T. Tjalkens. Context weighting for general finite-context sources. IEEE Trans. Inform. Theory 1996, 42:1514--1520, 1996. Google ScholarDigital Library
Index Terms
- Hardware intrinsic security from D flip-flops
Recommendations
Flip-Flops for Multiple-Valued Logic
A family of multiple-valued (MV) electronic memory elements, referred to herein as flip-flops, is presented along with a system of MV algebra upon which they are based. These MV flip-flops are compared to binary flip-flops. MV asynchronous set-clear ...
Differential Edge-Triggered Flip-Flops Using Neuron-MOS Transistors
CIS '13: Proceedings of the 2013 Ninth International Conference on Computational Intelligence and SecurityNovel differential flip-flops using neuron-MOS transistors are presented, including single edge-triggered flip-flop and double edge-triggered flip-flop. In the new differential flip-flops, a pair of n-channel multiple-input neuron-MOS pull down logic ...
Verifiable memory leakage-resilient dynamic searchable encryption
Searchable symmetric encryption (SSE) allows a data owner to outsource his encrypted data to a cloud server while retaining the ability to perform keyword search over encrypted data. The security guarantees of existing SSE schemes require that the ...
Comments