Identification and authentication of integrated circuits

Gassend, Blaise; Lim, Dokshin; Clarke, Dwaine; Dijk, Marten van; Devadas, Srinivas

doi:10.1002/cpe.805

Cited by 244 publications

(148 citation statements)

References 13 publications

(17 reference statements)

Supporting

Mentioning

144

Contrasting

Unclassified

Order By: Relevance

“…It has been discussed in theory and realized in silicon mainly for challenge lengths of 64 bits up to this date [10,11,16,34]. Our attack on such a 64-bit implementation requires the read-out of 2 × 2 32 = 8.58 × 10 9 CRPs by the receiver.…”

Section: Electrical Integrated Pufsmentioning

confidence: 99%

On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols

Rührmair

Dijk²

2013

J Cryptogr Eng

Self Cite

View full text Add to dashboard Cite

In recent years, PUF-based schemes have been suggested not only for the basic tasks of tamper-sensitive key storage or the identification of hardware systems, but also for more complex protocols like oblivious transfer (OT) or bit commitment (BC), both of which possess broad and diverse applications. In this paper, we continue this line of research. We first present an attack on two recent OT and BC protocols which have been introduced by Brzuska In practice, this leads to insecure protocols when electrical PUFs with a medium challenge-length are used (e.g., 64 bits), or whenever optical PUFs are employed. These two PUF types are currently among the most popular designs of so-called Strong PUFs. Secondly, we show that the same attack applies to a recent OT protocol of Ostrovsky et al. (IACR Cryptol. ePrint Arch. 2012:143, 2012, leading to exactly the same consequences. Finally, we discuss countermeasures. We present a new OT protocol with better security properties, which utilizes interactive hashing as a substep and is based on an earlier protocol by Rührmair (TRUST, LNCS 6101, pp 430-440, Springer 2010). We then closely analyze its properties, including its security, security amplification, and practicality.

show abstract

Section: Electrical Integrated Pufsmentioning

confidence: 99%

On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols

Rührmair

Dijk²

2013

J Cryptogr Eng

Self Cite

View full text Add to dashboard Cite

show abstract

“…The security primitive of a Physical Unclonable Function (PUF) [8], [9], [10], [11] was introduced, at least in part, in order to address some of the above problems. A PUF is a (partly) disordered physical system S that can be challenged with so-called external stimuli or challenges C i , upon which it reacts with corresponding responses termed R Ci .…”

Section: B Physical Unclonable Functions (Pufs)mentioning

confidence: 99%

“…Once this information is known to an adversary, he can numerically derive the same key as the cryptographic hardware embedding the SRAM PUF, and break the system. In the case of Arbiter PUFs, the secret information are the internal runtime delays in the circuit stages [11]. If this information is known, the adversary can numerically simulate the behavior of the PUF output by an additive, linear model, again breaking its security [31].…”

Section: Secret Information In Pufsmentioning

confidence: 99%

SIMPL Systems as a Keyless Cryptographic and Security Primitive

Rührmair

2012

Cryptography and Security: From Theory to Applications

View full text Add to dashboard Cite

Abstract-We discuss a recent cryptographic primitive termed SIMPL system. Like Physical Unclonable Functions (PUFs), SIMPL systems are disordered, unclonable physical systems with many possible inputs and a complex input-output behavior. Contrary to PUFs, however, each SIMPL system comes with a publicly known, individual numeric description that allows its slow simulation and output prediction. While everyone can determine a SIMPL system's output slowly by simulation, only its actual holder can determine the output fast by physical measurement. This added functionality allows new public key like protocols and applications.But SIMPLs have a second, perhaps more striking advantage: No secret information is, or needs to be, contained in SIMPL systems in order to enable cryptographic security. Neither in the form of a standard digital key, nor as secret information hidden in the random, analog features of some hardware, as it is the case for PUFs. The security of SIMPL systems instead rests on (i) an assumption regarding their physical unclonability, and (ii) a computational assumption on the complexity of simulating their output. This provides SIMPL systems with a natural immunity against any key extraction attacks, including malware, side channel, invasive, and modeling attempts.In this manuscript, we give a comprehensive discussion of SIMPLs as a cryptographic and security primitive. Special emphasis is placed on the different cryptographic protocols that are enabled by this new tool.

show abstract

“…The idea of using variability-induced delays for authentication and security has been proposed [2,6]. PUFs are one-way functions that map a set of challenges to a set of responses, based on an intractably complex physical system.…”

Section: Topicsmentioning

confidence: 99%

Hardware Security: Preparing Students for the Next Design Frontier

Koushanfar

Potkonjak

2007

2007 IEEE International Conference on Microelectronic Systems Education (MSE'07)

View full text Add to dashboard Cite

Hardware security (HS) RationaleIn the 70's, area emerged as the dominant synthesis and design objective for integrated circuit (IC), in the '80s the objective was speed of execution, and in the 90's it became power. While all these objectives are still very important, security, privacy, and digital right management (DRM) arise as the most important metrics in many modern and emerging applications [7]. The paradigm shift toward DRM, security and privacy is not only due to the common impact of technology push and applications pool, but also it is a consequence of an inherently insecure but dominant horizontal microelectronic business model and design reuse. The horizontal model is where the design houses, silicon foundries, and system integrators are economically separate entities; hardware IP reuse is to alleviate the design productivity gap.In preparing students for designing secure hardware, the most challenging is that the intrinsic nature and concepts needed for ensuring security are sharply different from the ones for area, speed, or power optimization. In addition, HS has close interactions with the underlying technologies, system software, and applications. Another significant hurdle is that a high percentage of students do not have a solid background in security.Our strategic goal is to prepare students for synthesis and evaluation of secure devices and systems. The main technical objectives of the course include understanding of security and DRM mechanisms such as non-destructive observability, IC uniqueness, and methods for hiding information inside the design specifications. A special focus is placed on sound foundation and complete coverage of attacks -defense mechanisms and protocols -, and analysis and complete understanding of the assumptions and models. We also emphasize the importance of preserving transparency of the synthesis process in realizing the HS features. TopicsIn the offerings so far, we covered in technical details various subsets of the following topics: (i) smart cards; (ii) manufacturing variability and HW security; (iii) watermarking of designs; (iv) IC fingerprinting; (v) IC metering (vi) HW Trojan horse detection; (vii) IC rapid aging attacks that exploit HCI (hot carrier induced degradation), TDDB (time dependent dielectric [soft/hard] breakdown) and NBTI (negative bias temperature instability) deepsubmicron transistor degradation and interconnect electromigration. (viii) obfuscation of the specification of designs and nonreadability of data and computation against power, delay, and radiation attacks; (ix) physically unclonable functions; (x) secure coprocessor, algorithmic HW attacks, and buffer overflow attacks; (xi) HW identification using clock skew and manufacturing variability techniques; (xii) voting HW; (xiii) biometrics techniques and HW; (xiv) jamming and time synchronization attacks in wireless networks; (xv) explosives, chemical, and biologic toxic material detection; and (xvi) security of physical objects such as locks and digital IDs. We briefly elabor...

show abstract

Identification and authentication of integrated circuits

Cited by 244 publications

References 13 publications

On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols

On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols

SIMPL Systems as a Keyless Cryptographic and Security Primitive

Hardware Security: Preparing Students for the Next Design Frontier

Contact Info

Product

Resources

About