Secret Key Generation for Physical Unclonable Functions

doi:10.1017/9781316450840.014

13 - Secret Key Generation for Physical Unclonable Functions

from Part III - Secret Key Generation and Authentication

Published online by Cambridge University Press: 28 June 2017

M. Pehl ,

M. Hiller and

Edited by

Ashish Khisti and

M. Pehl: Affiliation:
Chair of Security in Information Technology, Technische Universität München
M. Hiller: Affiliation:
Fraunhofer Institute for Applied and Integrated Security
G. Sigl: Affiliation:
Chair of Security in Information Technology, Technische Universität München
Rafael F. Schaefer: Affiliation:
Technische Universität Berlin
Holger Boche: Affiliation:
Technische Universität München
Ashish Khisti: Affiliation:
University of Toronto
H. Vincent Poor: Affiliation:
Princeton University, New Jersey

Book contents

Get access

Summary

Secure storage of cryptographic keys is a popular application for responses generated from physical unclonable functions (PUFs). It is, however, required to correct these noisy PUF responses in order to derive the same key under all environmental conditions. This is enabled by mapping the random response pattern of the PUF to codewords of error correcting codes using so called helper data, and by proper error correction mechanisms.

This chapter maps the process of key storage with PUFs to the information theoretic model of key agreement from a compound source and shows theoretical bounds. It introduces a unified algebraic description of helper data generation schemes that is able to represent most state-of-the-art approaches. This is used together with the theoretic bounds to analyze the existing schemes. The focus here is secrecy leakage through the helper data. The new representation will allow the analysis of future schemes in an early design phase.

Introduction

Physical circuit properties such as exact run times vary for each manufactured chip. The root cause for this phenomenon is slight variations in process parameters that affect, e.g., the threshold voltages and electron mobility in the transistors of the circuit. To ensure predictable and reliable behavior of circuits, much effort is spent to mitigate the effect of such unpredictable variations. However, they turn out to be unavoidable and, moreover, the influence of these variations on the circuit properties increases with decreasing process sizes. While conventional circuits suffer from this fact, silicon-based physical unclonable functions take advantage of the variations: they capture randomness in the manufacturing process and transform the analog physical variations into digital numbers that can be interpreted as the outcome of a random variable. Then, the quantized result can be used for authentication in a challenge–response protocol or to embed a key into a device and only reproduce it on demand to avoid permanent storage of secret keys in non-volatile memory.

Since silicon PUFs are constructed from transistors, other standard devices, or even from standard cells, their implementation fits in seamlessly with the standard digital design flow and manufacturing process. Therefore, PUFs can be easily added to a standard integrated circuit and bridge the gap between the increasing demand for security and the restriction of a low additional cost overhead. Furthermore, PUFs can still be built in deep sub-micron technologies where standard solutions for secure key storage, e.g., secured non-volatile memory, are no longer available.

Type: Chapter
Information: Information Theoretic Security and Privacy of Information Systems , pp. 362 - 389

DOI: https://doi.org/10.1017/9781316450840.014 [Opens in a new window]

Publisher: Cambridge University Press

Print publication year: 2017

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Book purchase

Temporarily unavailable

References

[1] G. E., Suh and S., Devadas, “Physical unclonable functions for device authentication and secret key generation,” in Proc. 44th ACM/IEEE Design Automation Conf., San Diego, CA, USA, Jun. 2007, pp. 9–14.

[2] J., Guajardo, S. S., Kumar, G. J., Schrijen, and P., Tuyls, “FPGA intrinsic PUFs and their use for IP protection,” Lecture Notes in Computer Science, vol. 4727, pp. 63–80, 2007.Google Scholar

[3] B., Gassend, D., Clarke, M. van, Dijk, and S., Devadas, “Delay-based circuit authentication and applications,” in Proc. ACM Symp. Applied Computing, Melbourne, FL, USA, Mar. 2003, pp. 294–301.

[4] S., Katzenbeisser, U., Kocabaş, V., Rožić, A.-R., Sadeghi, I., Verbauwhede, and C., Wachsmann, “PUFs: Myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon,” Lecture Notes in Computer Science, vol. 7428, pp. 283–301, 2012.Google Scholar

[5] Y., Dodis, L., Reyzin, and A., Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data,” Lecture Notes in Computer Science, vol. 3027, pp. 523–540, 2004.Google Scholar

[6] M., Yu and S., Devadas, “Secure and robust error correction for physical unclonable functions,” IEEE Design & Test Comp., vol. 27, no. 1, pp. 48–65, Jan. 2010.Google Scholar

[7] M., Hiller, D., Merli, F., Stumpf, and G., Sigl, “Complementary IBS: Application specific error correction for PUFs,” in Proc. IEEE Int. Symp. Hardware-Oriented Security Trust, San Francisco, CA, USA, Jun. 2012, pp. 1–6.

[8] M., Hiller, M., Yu, and M., Pehl, “Systematic low leakage coding for physical unclonable functions,” in Proc. 10th ACM Symp. Inf., Comp. Commun. Security, Singapore, Apr. 2015, pp. 155–166.

[9] M., Yu, M., Hiller, and S., Devadas, “Maximum likelihood decoding of device-specific multi-bit symbols for reliable key generation,” in Proc. IEEE Int. Symp. Hardware-Oriented Security Trust, Washington, DC, USA, May 2015, pp. 38–43.

[10] M., Hiller, M., Weiner, L. R., Lima, M., Birkner, and G., Sigl, “Breaking through fixed PUF block limitations with differential sequence coding and convolutional codes,” in Proc. 3rd Int. Workshop Trustworthy Embedded Devices, Berlin, Germany, Nov. 2013, pp. 43–54.

[11] J., Delvaux, D., Gu, D., Schellekens, and I., Verbauwhede, “Helper data algorithms for PUF-based key generation: Overview and analysis,” IEEE Trans. Computer-Aided Design Integrated Circuits Systems, vol. 34, no. 6, pp. 889–902, Jun. 2015.Google Scholar

[12] R., Ahlswede and I., Csiszár, “Common randomness in information theory and cryptography – Part I: Secret sharing,” IEEE Trans. Inf. Theory, vol. 39, no. 4, pp. 1121–1132, Jul. 1993.Google Scholar

[13] U. M., Maurer, “Secret key agreement by public discussion from common information,” IEEE Trans. Inf. Theory, vol. 39, no. 3, pp. 733–742, May 1993.Google Scholar

[14] H., Boche and R. F., Wyrembelski, “Secret key generation using compound sources – optimal key-rates and communication costs,” in Proc. 9th Int. ITG Conf. Systems, Communications and Coding, Munich, Germany, Jan. 2013, pp. 1–6.

[15] R., Ahlswede and I., Csiszár, “Common randomness in information theory and cryptography – Part II: CR capacity,” IEEE Trans. Inf. Theory, vol. 44, no. 1, pp. 225–240, Jan. 1998.Google Scholar

[16] D., Merli, D., Schuster, F., Stumpf, and G., Sigl, “Side-channel analysis of PUFs and fuzzy extractors,” Lecture Notes in Computer Science, vol. 6740, pp. 33–47, 2011.Google Scholar

[17] D., Merli, J., Heyszl, B., Heinz, D., Schuster, F., Stumpf, and G., Sigl, “Localized electromagnetic analysis of RO PUFs,” in Proc. IEEE Int. Symp. Hardware-Oriented Security Trust, Austin, TX, USA, Jun. 2013, pp. 19–24.

[18] N., Tavangaran, H., Boche, and R. F., Schaefer, “Secret-key capacity of compound source models with one-way public communication,” in Proc. IEEE Inf. Theory Workshop – Fall, Jeju, Korea, Oct. 2015, pp. 252–256.

[19] F., Armknecht, R., Maes, A.-R., Sadeghi, B., Sunar, and P., Tuyls, “Memory leakage-resilient encryption based on physically unclonable functions,” Lecture Notes in Computer Science, vol. 5912, pp. 685–702, 2009.Google Scholar

[20] M., Yu and S., Devadas, “Recombination of physical unclonable functions,” in Proc. 35th Annual GOMACTech Conf., Reno, NV, USA, Mar. 2010, pp. 1–4.

[21] A., Juels and M., Wattenberg, “A fuzzy commitment scheme,” in Proc. 6th ACM Conf. on Computer and Communications Security. Singapore: ACM Press, Nov. 1999, pp. 26–36.

[22] B., Fuller, X., Meng, and L., Reyzin, “Computational fuzzy extractors,” Lecture Notes in Computer Science, vol. 8269, pp. 174–193, 2013.Google Scholar

[23] C., Herder, L., Ren, M. van, Dijk, M., Yu, and S., Devadas, “Trapdoor computational fuzzy extractors and stateless cryptographically-secure physical unclonable functions,” IEEE Trans. Dependable Secure Computing, Mar. 2016.

[24] T., Ignatenko and F. M. J., Willems, “Biometric security from an information-theoretical perspective,” Found. Trends Commun. Inf. Theory, vol. 7, no. 2–3, pp. 135–316, 2012.Google Scholar

[25] G. I., Davida, Y., Frankel, and B. J., Matt, “On enabling secure applications through off-line biometric identification,” in Proc. IEEE Symp. Security Privacy, Oakland, CA, USA, May 1998, pp. 148–157.

[26] A., Stoianov, T., Kevenar, and M. van der, Veen, “Security issues of biometric encryption,” in Proc. IEEE Toronto Int. Conf. Science and Technology for Humanity, Toronto, ON, Canada, Sep. 2009, pp. 34–39.