Open-Source Software-Based SRAM-PUF for Secure Data and Key Storage Using Off-The-Shelf SRAM

SRAM PUF has a potential to become the main player in hardware security. Unfor- tunately, currently available solutions are usually locked to specific entities, such as companies or universities. Here, we introduce the first open source project to de- velop software-based SRAM PUF technology using off-the-shelf SRAM. We also present testing results on two off-the-shelf SRAMs quality to be a PUF compon- ent; Microchip 23LC1024 and Cypress CY62256NLL. Testing on two bit-selection algorithms (data remanence analysis and neighbor analysis) are also performed. Based on the testing results, we introduce a PUF enrollment scheme using data remanence analysis as the bit selection algorithm which will locate the location of the stable bits and SRAM Cypress CY62256NLL as the off-the-shelf SRAM. Moreover, we also propose a procedure to develop SRAM PUF-based applications using any off-the-shelf SRAM. The procedure consists of three main steps; test the off-the-shelf SRAM quality to be a PUF component, create a PUF-generated key using enrollment-reconstruction mechanism, and develop any PUF-based ap- plication utilizing the PUF-generated key. In addition, an idea to create numerous CRPs using SRAM PUF is also proposed here. Using a collection of stable bits as a challenge, the stable bits are permutated among themselves to create a challenge which has a numerous number of possibilities. Furthermore, we also present a secure data and key storage scheme using SRAM PUF. The proposed scheme is in- fluenced by multi-factor authentication. Using a combination of a PUF-generated key and user’s password, a derived key is produced and utilized as the final key to protect user’s data or/and user’s key. As the grand concluding experiment of this thesis, we present a demo of storing a private key of Bitcoin. We shows that the Bitcoin key will not be reconstructed successfully if user’s password is incorrect or the SRAM is not similar with the one that use to encrypt the Bitcoin key.

[1]  Geert Jan Schrijen,et al.  Comparative analysis of SRAM memories used as PUF primitives , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[2]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[3]  Roel Maes,et al.  Physically Unclonable Functions , 2012, Springer Berlin Heidelberg.

[4]  Said Hamdioui,et al.  Public-Key Based Authentication Architecture for IoT Devices Using PUF , 2019, 6th International Conference on Computer Science, Engineering and Information Technology (CSEIT-2019).

[5]  Dawu Gu,et al.  A Survey on Lightweight Entity Authentication with Strong PUFs , 2015, ACM Comput. Surv..

[6]  Sergei Skorobogatov Physical Attacks and Tamper Resistance , 2012 .

[7]  Abhranil Maiti,et al.  The Impact of Aging on a Physical Unclonable Function , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[8]  Diego F. Aranha,et al.  PUF-Based Mutual Multifactor Entity and Transaction Authentication for Secure Banking , 2015, LightSec.

[9]  Yehuda Lindell,et al.  Introduction to Modern Cryptography, Second Edition , 2014 .

[10]  Boris Skoric,et al.  Strong Authentication with Physical Unclonable Functions , 2007, Security, Privacy, and Trust in Modern Data Management.

[11]  R. Morelos-Zaragoza The art of error correcting coding , 2002 .

[12]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[13]  Mark Mohammad Tehranipoor,et al.  Bit selection algorithm suitable for high-volume production of SRAM-PUF , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[14]  Tony Tae-Hyoung Kim,et al.  Design of SRAM PUF with improved uniformity and reliability utilizing device aging effect , 2014, 2014 IEEE International Symposium on Circuits and Systems (ISCAS).

[15]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[16]  Georges Gielen,et al.  CMOS Reliability Overview , 2013 .

[17]  Said Hamdioui,et al.  Modeling SRAM start-up behavior for Physical Unclonable Functions , 2012, 2012 IEEE International Symposium on Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT).

[18]  Hongjun Wu,et al.  Improving the Biclique Cryptanalysis of AES , 2015, ACISP.

[19]  Tolga Arul,et al.  Low-Temperature Data Remanence Attacks Against Intrinsic SRAM PUFs , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[20]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[21]  C. Fiegna,et al.  Impact of Hot Carriers on nMOSFET Variability in 45- and 65-nm CMOS Technologies , 2011, IEEE Transactions on Electron Devices.

[22]  Stefan Katzenbeisser,et al.  PUF-Based Authentication Protocols - Revisited , 2009, WISA.

[23]  Mark Mohammad Tehranipoor,et al.  Novel Physical Unclonable Function with process and environmental variations , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[24]  Yohei Hori,et al.  Performance Analysis for PUF Data Using Fuzzy Extractor , 2014 .

[25]  Mohab Anis,et al.  Variability in Nanometer Technologies and Impact on SRAM , 2013 .

[26]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[27]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[28]  Renato Renner,et al.  Simple and Tight Bounds for Information Reconciliation and Privacy Amplification , 2005, ASIACRYPT.

[29]  Ahmad-Reza Sadeghi,et al.  Efficient Helper Data Key Extractor on FPGAs , 2008, CHES.

[30]  Ingrid Verbauwhede,et al.  PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator , 2012, CHES.

[31]  Boris Skoric,et al.  Secure Key Storage with PUFs , 2007 .

[32]  Nigel P. Smart,et al.  Cryptography Made Simple , 2015, Information Security and Cryptography.

[33]  Said Hamdioui,et al.  Design dependent SRAM PUF robustness analysis , 2015, 2015 16th Latin-American Test Symposium (LATS).

[34]  Ulrich Rührmair,et al.  PUFs at a glance , 2014, 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[35]  G. Iannaccone,et al.  Silicon Physical Unclonable Function resistant to a 1025-trial brute force attack in 90 nm CMOS , 2009, 2009 Symposium on VLSI Circuits.

[36]  Kaushik Roy,et al.  Temporal Performance Degradation under NBTI: Estimation and Design for Improved Reliability of Nanoscale Circuits , 2006, Proceedings of the Design Automation & Test in Europe Conference.

[37]  Mikhail J. Atallah,et al.  Robust Authentication Using Physically Unclonable Functions , 2009, ISC.

[38]  Takeshi Fujino,et al.  A stable key generation from PUF responses with a Fuzzy Extractor for cryptographic authentications , 2013, 2013 IEEE 2nd Global Conference on Consumer Electronics (GCCE).

[39]  Angus Stevenson,et al.  Concise Oxford English Dictionary , 2009 .

[40]  Yong Yu,et al.  Exploring New Authentication Protocols for Sensitive Data Protection on Smartphones , 2018, IEEE Communications Magazine.

[41]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[42]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[43]  Keshab K. Parhi,et al.  A data remanence based approach to generate 100% stable keys from an SRAM physical unclonable function , 2017, 2017 IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED).

[44]  Yohei Hori,et al.  Cryptographie key generation from PUF data using efficient fuzzy extractors , 2014, 16th International Conference on Advanced Communication Technology.

[45]  Stefan Katzenbeisser,et al.  DEMO: Inherent PUFs and secure PRNGs on commercial off-the-shelf microcontrollers , 2013, CCS.

[46]  Ingrid Verbauwhede,et al.  A soft decision helper data algorithm for SRAM PUFs , 2009, 2009 IEEE International Symposium on Information Theory.

[47]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[48]  Chip-Hong Chang,et al.  A Retrospective and a Look Forward: Fifteen Years of Physical Unclonable Function Advancement , 2017, IEEE Circuits and Systems Magazine.

[49]  Lieneke Kusters,et al.  Security of helper data schemes for SRAM-PUF in multiple enrollment scenarios , 2017, 2017 IEEE International Symposium on Information Theory (ISIT).

[50]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[51]  J. Pouwelse,et al.  Laws for Creating Trust in the Blockchain Age , 2017 .

[52]  Hamid Mahmoodi,et al.  Analysis of reliability of flip-flops under transistor aging effects in nano-scale CMOS technology , 2011, 2011 IEEE 29th International Conference on Computer Design (ICCD).

[53]  E. Vandamme,et al.  Impact of MOSFET gate oxide breakdown on digital circuit operation and reliability , 2000 .