-
Secure and Lightweight Strong PUF Challenge Obfuscation with Keyed Non-linear FSR
Authors:
Kleber Stangherlin,
Zhuanhao Wu,
Hiren Patel,
Manoj Sachdev
Abstract:
We propose a secure and lightweight key based challenge obfuscation for strong PUFs. Our architecture is designed to be resilient against learning attacks. Our obfuscation mechanism uses non-linear feedback shift registers (NLFSRs). Responses are directly provided to the user, without error correction or extra post-processing steps. We also discuss the cost of protecting our architecture against p…
▽ More
We propose a secure and lightweight key based challenge obfuscation for strong PUFs. Our architecture is designed to be resilient against learning attacks. Our obfuscation mechanism uses non-linear feedback shift registers (NLFSRs). Responses are directly provided to the user, without error correction or extra post-processing steps. We also discuss the cost of protecting our architecture against power analysis attacks with clock randomization, and Boolean masking. Security against learning attacks is assessed using avalanche criterion, and deep-neural network attacks. We designed a testchip in 65 nm CMOS. When compared to the baseline arbiter PUF implementation, the cost increase of our proposed architecture is 1.27x, and 2.2x when using clock randomization, and Boolean masking, respectively.
△ Less
Submitted 22 July, 2022;
originally announced July 2022.
-
Design Exploration and Security Assessment of PUF-on-PUF Implementations
Authors:
Kleber Stangherlin,
Zhuanhao Wu,
Hiren Patel,
Manoj Sachdev
Abstract:
We design, implement, and assess the security of several variations of the PUF-on-PUF (POP) architecture. We perform extensive experiments with deep neural networks (DNNs), showing results that endorse its resilience to learning attacks when using APUFs with 6, or more, stages in the first layer. Compositions using APUFs with 2, and 4 stages are shown vulnerable to DNN attacks. We reflect on such…
▽ More
We design, implement, and assess the security of several variations of the PUF-on-PUF (POP) architecture. We perform extensive experiments with deep neural networks (DNNs), showing results that endorse its resilience to learning attacks when using APUFs with 6, or more, stages in the first layer. Compositions using APUFs with 2, and 4 stages are shown vulnerable to DNN attacks. We reflect on such results, extending previous techniques of influential bits to assess stage bias in APUF instances. Our data shows that compositions not always preserve security properties of PUFs, the size of PUFs used plays a crucial role. We implemented a testchip in 65 nm CMOS to obtain accurate measurements of uniformity, uniqueness, and response stability for our POP implementations. Measurement results show that minimum bit error rate is obtained when using APUFs with 8 stages in the first layer, while fewer APUF stages lead to a large spread of bit error rate across different chips.
△ Less
Submitted 23 June, 2022;
originally announced June 2022.
-
Enhancing Strong PUF Security with Non-monotonic Response Quantization
Authors:
Kleber Stangherlin,
Zhuanhao Wu,
Hiren Patel,
Manoj Sachdev
Abstract:
Strong physical unclonable functions (PUFs) provide a low-cost authentication primitive for resource constrained devices. However, most strong PUF architectures can be modeled through learning algorithms with a limited number of CRPs. In this paper, we introduce the concept of non-monotonic response quantization for strong PUFs. Responses depend not only on which path is faster, but also on the di…
▽ More
Strong physical unclonable functions (PUFs) provide a low-cost authentication primitive for resource constrained devices. However, most strong PUF architectures can be modeled through learning algorithms with a limited number of CRPs. In this paper, we introduce the concept of non-monotonic response quantization for strong PUFs. Responses depend not only on which path is faster, but also on the distance between the arriving signals. Our experiments show that the resulting PUF has increased security against learning attacks. To demonstrate, we designed and implemented a non-monotonically quantized ring-oscillator based PUF in 65 nm technology. Measurement results show nearly ideal uniformity and uniqueness, with bit error rate of 13.4% over the temperature range from 0 C to 50 C.
△ Less
Submitted 11 June, 2022; v1 submitted 7 June, 2022;
originally announced June 2022.
-
Design and Implementation of a Secure RISC-V Microprocessor
Authors:
Kleber Stangherlin,
Manoj Sachdev
Abstract:
Secret keys can be extracted from the power consumption or electromagnetic emanations of unprotected devices. Traditional counter-measures have limited scope of protection, and impose several restrictions on how sensitive data must be manipulated. We demonstrate a bit-serial RISC-V microprocessor implementation with no plain-text data. All values are protected using Boolean masking. Software can r…
▽ More
Secret keys can be extracted from the power consumption or electromagnetic emanations of unprotected devices. Traditional counter-measures have limited scope of protection, and impose several restrictions on how sensitive data must be manipulated. We demonstrate a bit-serial RISC-V microprocessor implementation with no plain-text data. All values are protected using Boolean masking. Software can run with little to no counter-measures, reducing code size and performance overheads. Unlike previous literature, our methodology is fully automated and can be applied to designs of arbitrary size or complexity. We also provide details on other key components such as clock randomizer, memory protection, and random number generator. The microprocessor was implemented in 65 nm CMOS technology. Its implementation was evaluated using NIST tests as well as side channel attacks. Random numbers generated with our RNG pass on all NIST tests. Side-channel analysis on the baseline implementation extracted the AES key using only 375 traces, while our secure microprocessor was able to withstand attacks using 20 M traces.
△ Less
Submitted 3 October, 2022; v1 submitted 10 May, 2022;
originally announced May 2022.