• PDF / 565,144 Bytes
• 19 Pages / 439.37 x 666.142 pts Page_size
• 113 Downloads / 192 Views

DOWNLOAD

REPORT

Abstract. PUFs provide cryptographic keys for embedded systems without dedicated secure memory. Practical PUF implementations often show a bias in the PUF responses, which leads to secrecy leakage in many key derivation constructions. However, previously proposed mitigation techniques remove the bias at the expense of discarding large numbers of PUF response bits. Instead of removing the bias from the input sequence, this work reduces the secrecy leakage through the helper data. We apply the concept of wiretap coset coding to add randomness to the helper data such that an attacker cannot isolate significant information about the key anymore. Examples demonstrate the effectiveness of coset coding for different bias parameters by computing the exact leakage for short code lengths and applying upper bounds for larger code lengths. In our case study, we compare a secrecy leakage mitigation design with coset coding and Differential Sequence Coding (DSC). It reduces the number of required PUF response bits by 60% compared to state-of-the-art debiasing approaches. Keywords: Physical Unclonable Functions (PUFs) · Fuzzy extractor Secrecy leakage · Coding theory · Wiretap channel · Coset coding

1

·

Introduction

Silicon Physical Unclonable Functions (PUFs) measure physical manufacturing variations inside integrated circuits to derive a unique behavior for each device. Typical silicon PUFs can be implemented in a standard CMOS manufacturing process such that they provide cryptographic keys for embedded devices without dedicated secure key storage in non-volatile memory [1]. This makes them a suitable solution to protect a wide span of devices, starting from lightweight IoT sensors up to complex high-end circuits such as FPGAs. PUF responses are noisy and often not fully random such that postprocessing steps are necessary to derive stable and secure cryptographic keys from PUFs. The syndrome encoder computes helper data that is stored off-chip, e.g. in unsecured external non-volatile memory. The helper data maps the PUF response to codewords of an Error-Correcting Code (ECC) to enable error correction, c International Association for Cryptologic Research 2017  W. Fischer and N. Homma (Eds.): CHES 2017, LNCS 10529, pp. 601–619, 2017. DOI: 10.1007/978-3-319-66787-4 29

602

¨ M. Hiller and A.G. Onalan

but it must not leak information about the derived key. Several error correction schemes were proposed and implemented over the last decade, e.g. [2–10]. Early work such as [11] already acknowledged the fact that PUF implementations can have imperfections that result in a reduced entropy of the PUF response. As the field matured, the security implications of the imperfections in the PUF responses, and especially bias, were analyzed and addressed in more detail [5,10,12–15]. Looking at a fuzzy commitment [16] in Fig. 1 there are two ways to reduce the leakage within this setting: The approaches in [5,10] reshape the input distribution in a debiasing step such that an unbiased sequence is processed in the syndrome encoder. This comes

Recommend Documents

Helper Data

147 10 47MB

Data Hiding

153 73 47MB

Data Hiding: Steganography and Watermarking

157 29 5MB

Histogram Modification Data Hiding Using Chaotic Sequence

167 11 307KB

T Helper

151 16 6MB

Helper Phage

163 72 3MB

Linear and Nonlinear Oblivious Data Hiding

164 2 835KB

Mycorrhiza Helper Bacteria

184 121 173KB

Association Rule Hiding for Data Mining

228 41 3MB

Reduction of Data Leakage Using Software Streaming

185 84 18MB

Scattering on Leaky Wires in Dimension Three

104 94 5MB

Authentication / Secrecy Codes

165 112 16MB