Secure key generation from biased PUFs: extended version

When the applied PUF in a PUF-based key generator does not produce full entropy responses, information about the derived key material is leaked by code-offset helper data. If the PUF’s entropy level is too low, the PUF-derived key is even fully disclosed by the helper data. In this work we analyze this entropy leakage, and provide several solutions for preventing leakage for PUFs suffering from i.i.d. biased bits. Our methods pose no limit on the amount of PUF bias that can be tolerated for achieving secure key generation, with only a moderate increase in the required PUF size. This solves an important open problem in this field. In addition, we also consider the reusability of PUF-based key generators and present a variant of our solution which retains the reusability property. In an exemplary application of these methods, we are able to derive a secure 128-bit key from a 15 %-noisy and 25 %-biased PUF requiring only 4890 PUF bits for the non-reusable variant, or 7392 PUF bits for the reusable variant.

[1]  Marcin Wójcik,et al.  Evaluation of a PUF Device Authentication Scheme on a Discrete 0.13um SRAM , 2011, INTRUST.

[2]  Boris Skoric,et al.  The Spammed Code Offset Method , 2014, IEEE Transactions on Information Forensics and Security.

[3]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[4]  Stefan Katzenbeisser,et al.  PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon , 2012, CHES.

[5]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[6]  Bart Preneel,et al.  Soft Decision Error Correction for Compact Memory-Based PUFs Using a Single Enrollment , 2012, CHES.

[7]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[8]  Ingrid Verbauwhede,et al.  PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator , 2012, CHES.

[9]  Lidong Chen,et al.  Recommendation for Key Derivation through Extraction-then-Expansion , 2011 .

[10]  Srinivas Devadas,et al.  Lightweight and Secure PUF Key Storage Using Limits of Machine Learning , 2011, CHES.

[11]  J. Massey Guessing and entropy , 1994, Proceedings of 1994 IEEE International Symposium on Information Theory.

[12]  Xavier Boyen,et al.  Reusable cryptographic fuzzy extractors , 2004, CCS '04.

[13]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[14]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[15]  Frans M. J. Willems,et al.  Secure Key Generation from Biased PUFs , 2015, CHES.

[16]  Roel Maes,et al.  An Accurate Probabilistic Reliability Model for Silicon PUFs , 2013, CHES.

[17]  Ahmad-Reza Sadeghi,et al.  Efficient Helper Data Key Extractor on FPGAs , 2008, CHES.

[18]  Jeroen Delvaux,et al.  Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation , 2014, CT-RSA.

[19]  Wei Wu,et al.  Entropy loss in PUF-based key generation schemes: The repetition code pitfall , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[20]  Martin Wattenberg,et al.  A fuzzy commitment scheme , 1999, CCS '99.

[21]  Roel Maes,et al.  Physically Unclonable Functions , 2012, Springer Berlin Heidelberg.

[22]  Lidong Chen,et al.  Recommendation for Key Derivation Using Pseudorandom Functions (Revised) , 2009 .

[23]  Dawu Gu,et al.  Helper Data Algorithms for PUF-Based Key Generation: Overview and Analysis , 2015, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[24]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[25]  Ingrid Verbauwhede,et al.  Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs , 2009, CHES.

[26]  Frans M. J. Willems,et al.  Information Leakage in Fuzzy Commitment Schemes , 2010, IEEE Transactions on Information Forensics and Security.