Refine
Document Type
- Conference Proceeding (7)
- Article (reviewed) (6)
- Doctoral Thesis (1)
Conference Type
- Konferenzartikel (7)
Language
- English (14)
Is part of the Bibliography
- yes (14) (remove)
Keywords
- IoT security (2)
- PUF key generation (2)
- physically unclonable function (PUF) (2)
- Entropy (1)
- Hardware Security (1)
- Internet of Things (1)
- Noise measurement (1)
- Physically Unclonable Function (1)
- Printed Electronics (1)
- Security (1)
Institute
Open Access
- Open Access (6)
- Closed Access (5)
- Closed (2)
With the increasing degree of interconnectivity in industrial factories, security becomes more and more the most important stepping-stone towards wide adoption of the Industrial Internet of Things (IIoT). This paper summarizes the most important aspects of one keynote of DESSERT2020 conference. It highlights the ongoing and open research activities on the different levels, from novel cryptographic algorithms over security protocol integration and testing to security architectures for the full lifetime of devices and systems. It includes an overview of the research activities at the authors' institute.
Physically Unclonable Functions (PUFs) are hardware-based security primitives, which allow for inherent device fingerprinting. Therefore, intrinsic variation of imperfect manufactured systems is exploited to generate device-specific, unique identifiers. With printed electronics (PE) joining the internet of things (IoT), hardware-based security for novel PE-based systems is of increasing importance. Furthermore, PE offers the possibility for split-manufacturing, which mitigates the risk of PUF response readout by third parties, before commissioning. In this paper, we investigate a printed PUF core as intrinsic variation source for the generation of unique identifiers from a crossbar architecture. The printed crossbar PUF is verified by simulation of a 8×8-cells crossbar, which can be utilized to generate 32-bit wide identifiers. Further focus is on limiting factors regarding printed devices, such as increased parasitics, due to novel materials and required control logic specifications. The simulation results highlight, that the printed crossbar PUF is capable to generate close-to-ideal unique identifiers at the investigated feature size. As proof of concept a 2×2-cells printed crossbar PUF core is fabricated and electrically characterized.
Modern society is more than ever striving for digital connectivity -- everywhere and at any time, giving rise to megatrends such as the Internet of Things (IoT). Already today, 'things' communicate and interact autonomously with each other and are managed in networks. In the future, people, data, and things will be interlinked, which is also referred to as the Internet of Everything (IoE). Billions of devices will be ubiquitously present in our everyday environment and are being connected over the Internet.
As an emerging technology, printed electronics (PE) is a key enabler for the IoE offering novel device types with free form factors, new materials, and a wide range of substrates that can be flexible, transparent, as well as biodegradable. Furthermore, PE enables new degrees of freedom in circuit customizability, cost-efficiency as well as large-area fabrication at the point of use.
These unique features of PE complement conventional silicon-based technologies. Additive manufacturing processes enable the realization of many envisioned applications such as smart objects, flexible displays, wearables in health care, green electronics, to name but a few.
From the perspective of the IoE, interconnecting billions of heterogeneous devices and systems is one of the major challenges to be solved. Complex high-performance devices interact with highly specialized lightweight electronic devices, such as e.g. smartphones and smart sensors. Data is often measured, stored, and shared continuously with neighboring devices or in the cloud. Thereby, the abundance of data being collected and processed raises privacy and security concerns.
Conventional cryptographic operations are typically based on deterministic algorithms requiring high circuit and system complexity, which makes them unsuitable for lightweight devices.
Many applications do exist, where strong cryptographic operations are not required, such as e.g. in device identification and authentication. Thereby, the security level mainly depends on the quality of the entropy source and the trustworthiness of the derived keys. Statistical properties such as the uniqueness of the keys are of great importance to precisely distinguish between single entities.
In the past decades, hardware-intrinsic security, particularly physically unclonable functions (PUFs), gained a lot of attraction to provide security features for IoT devices. PUFs use their inherent variations to derive device-specific unique identifiers, comparable to fingerprints in biometry.
The potentials of this technology include the use of a true source of randomness, on demand key derivation, as well as inherent key storage.
Combining these potentials with the unique features of PE technology opens up new opportunities to bring security to lightweight electronic devices and systems. Although PE is still far from being matured and from being as reliable as silicon technology, in this thesis we show that PE-based PUFs are promising candidates to provide key derivation suitable for device identification in the IoE.
Thereby, this thesis is primarily concerned with the development, investigation, and assessment of PE-based PUFs to provide security functionalities to resource constrained printed devices and systems.
As a first contribution of this thesis, we introduce the scalable PE-based Differential Circuit PUF (DiffC-PUF) design to provide secure keys to be used in security applications for resource constrained printed devices. The DiffC-PUF is designed as a hybrid system architecture incorporating silicon-based and inkjet-printed components. We develop an embedded PUF platform to enable large-scale characterization of silicon and printed PUF cores.
In the second contribution of this thesis, we fabricate silicon PUF cores based on discrete components and perform statistical tests under realistic operating conditions. A comprehensive experimental analysis on the PUF security metrics is carried out. The results show that the silicon-based DiffC-PUF exhibits nearly ideal values for the uniqueness and reliability metrics. Furthermore, the identification capabilities of the DiffC-PUF are investigated and it is shown that additional post-processing can further improve the quality of the identification system.
In the third contribution of this thesis, we firstly introduce an evaluation workflow to simulate PE-based DiffC-PUFs, also called hybrid PUFs. Hereof, we introduce a Python-based simulation environment to investigate the characteristics and variations of printed PUF cores based on Monte Carlo (MC) simulations. The simulation results show, that the security metrics to be expected from the fabricated devices are close to ideal at the best operating point.
Secondly, we employ fabricated printed PUF cores for statistical tests under varying operating conditions including variations in ambient temperature, relative humidity, and supply voltage. The evaluations of the uniqueness, bit aliasing, and uniformity metrics are in good agreement with the simulation results. The experimentally determined mean reliability value is relatively low, which can be explained by the missing passivation and encapsulation of the printed transistors. The investigation of the identification capabilities based on the raw PUF responses shows that the pure hybrid PUF is not suitable for cryptographic applications, but qualifies for device identification tasks.
The final contribution is to switch to the perspective of an attacker. To judge on the security capabilities of the hybrid PUF, a comprehensive security analysis in the manner of a cryptanalysis is performed. The analysis of the entropy of the hybrid PUF shows that its vulnerability against model-based attacks mainly depends on the selected challenge building method. Furthermore, an attack methodology is introduced to assess the performances of different mathematical cloning attacks on the basis of eavesdropped challenge-response pairs (CRPs). To clone the hybrid PUF, a sorting algorithm is introduced and compared with commonly used supervised machine learning (ML) classifiers including logistic regression (LR), random forest (RF), as well as multi-layer perceptron (MLP).
The results show that the hybrid PUF is vulnerable against model-based attacks. The sorting algorithm benefits from shorter training times compared to the ML algorithms. If the eavesdropped CRPs are erroneous, the ML algorithms outperform the sorting algorithm.
Physical unclonable functions (PUFs) are increasingly generating attention in the field of hardware-based security for the Internet of Things (IoT). A PUF, as its name implies, is a physical element with a special and unique inherent characteristic and can act as the security anchor for authentication and cryptographic applications. Keeping in mind that the PUF outputs are prone to change in the presence of noise and environmental variations, it is critical to derive reliable keys from the PUF and to use the maximum entropy at the same time. In this work, the PUF output positioning (POP) method is proposed, which is a novel method for grouping the PUF outputs in order to maximize the extracted entropy. To achieve this, an offset data is introduced as helper data, which is used to relax the constraints considered for the grouping of PUF outputs, and deriving more entropy, while reducing the secret key error bits. To implement the method, the key enrollment and key generation algorithms are presented. Based on a theoretical analysis of the achieved entropy, it is proven that POP can maximize the achieved entropy, while respecting the constraints induced to guarantee the reliability of the secret key. Moreover, a detailed security analysis is presented, which shows the resilience of the method against cyber-security attacks. The findings of this work are evaluated by applying the method on a hybrid printed PUF, where it can be practically shown that the proposed method outperforms other existing group-based PUF key generation methods.
Modeling of Random Variations in a Switched Capacitor Circuit based Physically Unclonable Function
(2020)
The Internet of Things (IoT) is expanding to a wide range of fields such as home automation, agriculture, environmental monitoring, industrial applications, and many more. Securing tens of billions of interconnected devices in the near future will be one of the biggest challenges. IoT devices are often constrained in terms of computational performance, area, and power, which demand lightweight security solutions. In this context, hardware-intrinsic security, particularly physically unclonable functions (PUFs), can provide lightweight identification and authentication for such devices. In this paper, random capacitor variations in a switched capacitor PUF circuit are used as a source of entropy to generate unique security keys. Furthermore, a mathematical model based on the ordinary least square method is developed to describe the relationship between random variations in capacitors and the resulting output voltages. The model is used to filter out systematic variations in circuit components to improve the quality of the extracted secrets.
Hybrid low-voltage physical unclonable function based on inkjet-printed metal-oxide transistors
(2020)
Modern society is striving for digital connectivity that demands information security. As an emerging technology, printed electronics is a key enabler for novel device types with free form factors, customizability, and the potential for large-area fabrication while being seamlessly integrated into our everyday environment. At present, information security is mainly based on software algorithms that use pseudo random numbers. In this regard, hardware-intrinsic security primitives, such as physical unclonable functions, are very promising to provide inherent security features comparable to biometrical data. Device-specific, random intrinsic variations are exploited to generate unique secure identifiers. Here, we introduce a hybrid physical unclonable function, combining silicon and printed electronics technologies, based on metal oxide thin film devices. Our system exploits the inherent randomness of printed materials due to surface roughness, film morphology and the resulting electrical characteristics. The security primitive provides high intrinsic variation, is non-volatile, scalable and exhibits nearly ideal uniqueness.
Novel manufacturing technologies, such as printed electronics, may enable future applications for the Internet of Everything like large-area sensor devices, disposable security, and identification tags. Printed physically unclonable functions (PUFs) are promising candidates to be embedded as hardware security keys into lightweight identification devices. We investigate hybrid PUFs based on a printed PUF core. The statistics on the intra- and inter-hamming distance distributions indicate a performance suitable for identification purposes. Our evaluations are based on statistical simulations of the PUF core circuit and the thereof generated challenge-response pairs. The analysis shows that hardware-intrinsic security features can be realized with printed lightweight devices.
Embedded Analog Physical Unclonable Function System to Extract Reliable and Unique Security Keys
(2020)
Internet of Things (IoT) enabled devices have become more and more pervasive in our everyday lives. Examples include wearables transmitting and processing personal data and smart labels interacting with customers. Due to the sensitive data involved, these devices need to be protected against attackers. In this context, hardware-based security primitives such as Physical Unclonable Functions (PUFs) provide a powerful solution to secure interconnected devices. The main benefit of PUFs, in combination with traditional cryptographic methods, is that security keys are derived from the random intrinsic variations of the underlying core circuit. In this work, we present a holistic analog-based PUF evaluation platform, enabling direct access to a scalable design that can be customized to fit the application requirements in terms of the number of required keys and bit width. The proposed platform covers the full software and hardware implementations and allows for tracing the PUF response generation from the digital level back to the internal analog voltages that are directly involved in the response generation procedure. Our analysis is based on 30 fabricated PUF cores that we evaluated in terms of PUF security metrics and bit errors for various temperatures and biases. With an average reliability of 99.20% and a uniqueness of 48.84%, the proposed system shows values close to ideal.
The Thread protocol is a recent development based on 6LoWPAN (IPv6 over IEEE 802.15.4), but with extensions regarding a more media independent approach, which – additionally – also promises true interoperability. To evaluate and analyse the operation of a Thread network a given open source 6LoWPAN stack for embedded devices (emb::6) has been extended in order to comply with the Thread specification. The implementation covers Mesh Link Establishment (MLE) and network layer functionality as well as 6LoWPAN mesh under routing mechanism based on MAC short addresses. The development has been verified on a virtualization platform and allows dynamical establishment of network topologies based on Thread's partitioning algorithm.