Hardware intrinsic security from D flip-flops

In this paper we describe the results of our investigations Supported by EU FP7 project UNIQUE on the randomness and reliability of D flip-flops when used as a Physically Unclonable Function (PUF). These D flip-flops are hardware components which present a random start-up value when powered up. We show that against all odds, enough randomness exists in such elements when implemented on an Application-Specific Integrated Circuit (ASIC) to turn the responses of a number of D flip-flops into a secret random sequence allowing to derive keys for use in conjunction with cryptographic algorithms. In addition to being unpredictable, these flip-flops have the advantage that they can be spread over random locations in an ASIC. This makes them very difficult to reverse-engineer when used to hide a secret key in a design at a relatively small cost in resources.

[1]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[2]  Ahmad-Reza Sadeghi,et al.  Efficient Helper Data Key Extractor on FPGAs , 2008, CHES.

[3]  Jorge Guajardo,et al.  Extended abstract: The butterfly PUF protecting IP on every FPGA , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[4]  Yun Gao,et al.  Estimating the Entropy of Binary Time Series: Methodology, Some Theory and a Simulation Study , 2008, Entropy.

[5]  Ingrid Verbauwhede,et al.  Intrinsic PUFs from Flip-flops on Reconfigurable Devices , 2008 .

[6]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[7]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[8]  Christopher J. Trufan,et al.  SRAM PUF Analysis and Fuzzy Extractors , 2010 .

[9]  Jorge Guajardo,et al.  Physical Unclonable Functions, FPGAs and Public-Key Crypto for IP Protection. , 2007 .

[10]  Boris Skoric,et al.  Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting , 2007 .

[11]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[12]  Frans M. J. Willems,et al.  Context weighting for general finite-context sources , 1996, IEEE Trans. Inf. Theory.

[13]  Frans M. J. Willems,et al.  The Context-Tree Weighting Method : Extensions , 1998, IEEE Trans. Inf. Theory.

[14]  Boris Skoric,et al.  Estimating the Secrecy-Rate of Physical Unclonable Functions with the Context-Tree Weighting Method , 2006, 2006 IEEE International Symposium on Information Theory.

[15]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[16]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[17]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[18]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[19]  Jean-Paul M. G. Linnartz,et al.  New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates , 2003, AVBPA.

[20]  Werner Schindler,et al.  Random Number Generators for Cryptographic Applications , 2009, Cryptographic Engineering.

[21]  Frans M. J. Willems,et al.  The context-tree weighting method: basic properties , 1995, IEEE Trans. Inf. Theory.

[22]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[23]  Mitsuru Matsui,et al.  Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.