ASPECTOS QUE INFLUYEN EN ESTA NUEVA ESCRITURA
CATEGORÍA: CARACTERÍSTICAS DEL SIGNO LINGÜÍSTICO
This section discusses advanced PUF concepts that enhance the security properties and extend the functionality of standard PUFs.
6.6.1 Controlled PUFs
Most delay-based PUFs are subject to model building attacks that allow emulating the PUF in software (cf. Section 6.5.1). One approach to counter this problem are Controlled PUFs [68] that use cryptography in hardware to hide the actual PUF response from the adversary. Controlled PUFs typically apply a cryptographic hash function to the PUF challenges and/or responses, which introduces non-linearity and breaks up the link between the actual PUF response and the output of the controlled PUF. Clearly, this does not address the fundamental weakness of delay-based PUFs. Moreover, to maintain verifiability of the controlled PUF outputs, error correction must be applied before the noisy responses of the underlying PUF are processed by the cryptographic operation, which increases the complexity of the overall construction. Further, to protect against emulation attacks, the cryptographic component and the error-correction mechanism as well as their connecting wires must be protected against invasive and side channel attacks (cf. Sections 6.5.2 and 6.5.3), which may be hard to achieve in practice.
6.6.2 Reconfigurable PUFs
So far, most existing PUFs exhibit a static behavior while a variety of applications benefits from the availability of PUFs whose characteristics can be changed dynamically, i.e., reconfigured, after deployment. For instance, PUF-based key storage (cf. Section 6.4.2) and PUF-based cryptographic primitives [4] may require that previous secrets derived from the PUF cannot be retrieved any more (e.g., to achieve forward secrecy). Another example are solutions to prevent downgrading of software [114] by binding the software to a certain hardware configuration, such as a PUF, which requires the PUF behavior to be irreversibly altered upon installation of a new software update.
6.6 Advanced PUF Concepts Control Logic (State S) PUF Input Reconfigure Output Challenge Response
Figure 6.2: Concept of Logically Reconfigurable PUFs
Unfortunately, all known implementations of physically reconfigurable PUFs rely on optical mechanisms, reconfigurable hardware (such as FPGAs) or novel memory tech- nologies [114], which all have several limitations in practice. In particular, optical PUFs cannot be easily integrated into integrated circuits and require expensive and error-prone evaluation equipment, while FPGA-based solutions cannot be realized with non-reconfigurable hardware (such as ASICs) that is commonly used in practice [125].
In this context, several attempts to emulate physically reconfigurable PUFs have been made. One of the first proposals was integrating a floating gate transistor into the delay lines of an Arbiter PUF, which allows physically changing the challenge/response behavior of the PUF based on some state maintained in non-volatile memory [119, 120]. Other approaches restrict access to the interface of the PUF and use part of the PUF challenge as reconfiguration data [116, 114], which, however, works only for certain PUF types.
We recently formalized the concept and the security properties of Logically Reconfig- urable PUFs (LR-PUFs) [108]. In contrast to static PUFs, LR-PUFs can be dynamically reconfigured after deployment such that their challenge/response behavior changes in a random manner without replacing or physically modifying the PUF. The idea is amending a conventional PUF with a stateful control logic that transforms challenges and responses of the PUF (cf. Figure 6.2). We presented and evaluated two different constructions for LR-PUFs that are simple, efficient and can easily be implemented.
6.7 Conclusion and Open Problems
Physically Unclonable Functions (PUFs) are a very promising approach to increase the security of embedded systems, such as RFID tags. They open new directions to- wards lightweight, secure and privacy-preserving protocols based on physical assumptions and cost-effective tamper-evident storage for cryptographic secrets that even cannot be learned or reproduced by the manufacturer of the corresponding PUF.
PUF realizations require careful statistical testing before they can be safely deployed to real security-critical products. Even though experimental results have been reported in the literature for some PUF implementations, it is difficult to compare them due to varying test conditions and different analysis methods. We present a new evaluation methodology in Chapter 7 that allows a more precise assessment of the unpredictability property of PUF responses. Further, we provide a large-scale security analysis of ASIC implementations of the five most popular electronic PUF types that allows for the first time a fair comparison of these PUFs.
There is no widely accepted security framework for PUFs while most PUF security models in the literature are not general enough and exclude certain PUF types, do not reflect all properties of real PUF implementations or include security parameters that cannot be determined for real PUF implementations. Typically, idealized PUF models that capture the desired properties of an ideal PUF component are used in the literature. Since it is unclear whether such ideal PUFs exist, a common evaluation framework for the analysis of real PUF implementations is needed to design practical PUF-based security solutions. We present a PUF security framework providing security definitions that are compliant to standard game-based cryptographic security models and that allow for evaluating and quantifying the properties of PUF implementations in Chapter 8.
Since PUFs are bound to the device in which they are embedded, no other entity can verify the response of a PUF to a given challenge without knowing an authentic challenge/response pair (CRP) in advance, which may lead to scalability problems in practice. Current PUF-based protocols aim at circumventing this problem by providing the verifier (e.g., an RFID reader) with a database that contains a set of CRPs that act as reference values for the responses of the interrogated PUF. However, this approach opens the possibility for denial-of-service and replay-attacks. We present two scalable and lightweight PUF-based mutual authentication protocols for RFID that overcome the drawbacks of existing approaches in Chapter 9.
7 Security Evaluation of PUF Implementations on ASIC
In this chapter, we present the first large-scale security analysis of ASIC implementa- tions of the five most popular electronic PUF types. Our analysis is based on PUF data obtained at different operating conditions from 96 ASICs housing multiple PUF in- stances, which have been manufactured in TSMC 65 nm CMOS technology. We present an evaluation methodology and quantify the robustness and unpredictability properties of PUF responses, which are fundamental for the integration of PUFs into cryptographic primitives and protocols, such as authentication schemes. Since all PUFs have been im- plemented in the same ASIC and analyzed with the same evaluation methodology, our results allow for the first time a fair comparison of their properties.Remark. The results presented in this chapter are due to the author of this work and the result of many intensive discussions with Stefan Katzenbeisser, Ünal Kocabaş and Ahmad-Reza Sadeghi (all TU Darmstadt, Germany). The design and parts of the implementation of the evaluation framework are due to the author of this work. The ASICs and evaluation boards used in this work have been designed by our partners Intel, Intrinsic ID, KU Leuven and Sirrix AG. Part of the raw PUF data used for the evaluation has been provided by Intrinsic ID. Vladimir Rožić and Ingrid Verbauwhede (both KU Leuven, Belgium) provided detailed information on the implementations of the PUFs in the ASIC. Ünal Kocabaş set up the test environment and collected parts of the raw PUF data used for the PUF evaluation. Further, he implemented parts of the evaluation framework. Parts of this chapter have been published in [107].