Bias-based modeling and entropy analysis of PUFs

Physical Unclonable Functions (PUFs) are increasingly becoming a well-known security primitive for secure key storage and anti-counterfeiting. For both applications it is imperative that PUFs provide enough entropy. The aim of this paper is to propose a new model for binary-output PUFs such as SRAM, DFF, Latch and Buskeeper PUFs, and a method to accurately estimate their entropy. In our model the measurable property of a PUF is its set of cell biases. We determine an upper bound on the "extractable entropy", i.e. the number of key bits that can be robustly extracted, by calculating the mutual information between the bias measurements done at enrollment and reconstruction. In previously known methods only uniqueness was studied using information-theoretic measures, while robustness was typically expressed in terms of error probabilities or distances. It is not always straightforward to use a combination of these two metrics in order to make an informed decision about the performance of different PUF types. Our new approach has the advantage that it simultaneously captures both of properties that are vital for key storage: uniqueness and robustness. Therefore it will be possible to fairly compare performance of PUF implementations using our new method. Statistical validation of the new methodology shows that it clearly captures both of these properties of PUFs. In other words: if one of these aspects (either uniqueness or robustness) is less than optimal, the extractable entropy decreases. Analysis on a large database of PUF measurement data shows very high entropy for SRAM PUFs, but rather poor results for all other memory-based PUFs in this database.

[1]  Jorge Guajardo,et al.  Extended abstract: The butterfly PUF protecting IP on every FPGA , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[2]  Y. Shtarkov,et al.  The context-tree weighting method: basic properties , 1995, IEEE Trans. Inf. Theory.

[3]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[4]  Helena Handschuh,et al.  Hardware intrinsic security from D flip-flops , 2010, STC '10.

[5]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[6]  Geert Jan Schrijen,et al.  Comparative analysis of SRAM memories used as PUF primitives , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Boris Skoric,et al.  Estimating the Secrecy-Rate of Physical Unclonable Functions with the Context-Tree Weighting Method , 2006, 2006 IEEE International Symposium on Information Theory.

[8]  Roel Maes,et al.  An Accurate Probabilistic Reliability Model for Silicon PUFs , 2013, CHES.

[9]  Daisuke Suzuki,et al.  The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes , 2010, CHES.

[10]  Helena Handschuh,et al.  Efficient Implementation of True Random Number Generator Based on SRAM PUFs , 2012, Cryptography and Security.

[11]  An Braeken,et al.  Comparison of SRAM and FF PUF in 65nm Technology , 2011, NordSec.

[12]  Peter Simons,et al.  Buskeeper PUFs, a promising alternative to D Flip-Flop PUFs , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[13]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[14]  Ying Su,et al.  A Digital 1.6 pJ/bit Chip Identification Circuit Using Process Variations , 2008, IEEE Journal of Solid-State Circuits.

[15]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[16]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[17]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[18]  van den,et al.  Entropy analysis of physical unclonable functions , 2012 .

[19]  Frederik Armknecht,et al.  A Formalization of the Security Features of Physical Functions , 2011, 2011 IEEE Symposium on Security and Privacy.

[20]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[21]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[22]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[23]  Tam Tom Kevenaar,et al.  Information-theoretic analysis of capacitive physical unclonable functions , 2006 .

[24]  Ingrid Verbauwhede,et al.  Experimental evaluation of Physically Unclonable Functions in 65 nm CMOS , 2012, 2012 Proceedings of the ESSCIRC (ESSCIRC).

[25]  Boris Skoric,et al.  An information theoretic model for physical uncloneable functions , 2004, International Symposium onInformation Theory, 2004. ISIT 2004. Proceedings..

[26]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[27]  Stefan Katzenbeisser,et al.  PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon , 2012, CHES.

[28]  J. FransM. The context-tree weighting method: basic properties-Information Theory, IEEE Transactions on , 2004 .

[29]  Ingrid Verbauwhede,et al.  Intrinsic PUFs from Flip-flops on Reconfigurable Devices , 2008 .

[30]  Frederik Armknecht,et al.  A Formal Foundation for the Security Features of Physical Functions , 2011, S&P 2011.