Anthony Van Herrewege

PUFKY: a fully functional PUF-based cryptographic key generator

We present PUFKY: a practical and modular design for a cryptographic key generator based on a Physically Unclonable Function (PUF). A fully functional reference implementation is developed and successfully evaluated on a substantial set of FPGA devices. It uses a highly optimized ring oscillator PUF (ROPUF) design, producing responses with up to 99% entropy. A very high key reliability is guaranteed by a syndrome construction secure sketch using an efficient and extremely low-overhead BCH decoder. This first complete implementation of a PUF-based key generator, including a PUF, a BCH decoder and a cryptographic entropy accumulator, utilizes merely 17% (1162slices) of the available resources on a low-end FPGA, of which 82% are occupied by the ROPUF and only 18% by the key generation logic. PUFKY is able to produce a cryptographically secure 128-bit key with a failure rate <10−9 in 5.62ms. The designs modularity allows for rapid and scalable adaptations for other PUF implementations or for alternative key requirements. The presented PUFKY core is immediately deployable in an embedded system, e.g. by connecting it to an embedded microcontroller through a convenient bus interface.

Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs

RFID-based tokens are increasingly used in electronic payment and ticketing systems for mutual authentication of tickets and terminals. These systems typically use cost-effective tokens without expensive hardware protection mechanisms and are exposed to hardware attacks that copy and maliciously modify tokens. Physically Unclonable Functions (PUFs) are a promising technology to protect against such attacks by binding security critical data to the physical characteristics of the underlying hardware. However, existing PUF-based authentication schemes for RFID do not support mutual authentication, are often vulnerable to emulation and denial-of service attacks, and allow only for a limited number of authentications.

LiBrA-CAN: A Lightweight Broadcast Authentication Protocol for Controller Area Networks

Security in vehicular networks established itself as a highly active research area in the last few years. However, there are only a few results so far on assuring security for communication buses inside vehicles. Here we advocate the use of a protocol based entirely on simple symmetric primitives that takes advantage of two interesting procedures which we call key splitting and MAC mixing. Rather than achieving authentication independently for each node, we split authentication keys between groups of multiple nodes. This leads to a more efficient progressive authentication that is effective especially in the case when compromised nodes form only a minority and we believe such an assumption to be realistic in automotive networks. To gain more security we also account an interesting construction in which message authentication codes are amalgamated using systems of linear equations. We study several protocol variants which are extremely flexible allowing different trade-offs on bus load, computational cost and security level. Experimental results are presented on state-of-the-art Infineon TriCore controllers which are contrasted with low end controllers with Freescale S12X cores, all these devices are wide spread in the automotive industry. Finally, we discuss a completely backward compatible solution based on CAN+, a recent improvement of CAN.

Secure PRNG seeding on commercial off-the-shelf microcontrollers

The generation of high quality random numbers is crucial to many cryptographic applications, including cryptographic protocols, secret of keys, nonces or salts. Their values must contain enough randomness to be unpredictable to attackers. Pseudo-random number generators require initial data with high entropy as a seed to produce a large stream of high quality random data. Yet, despite the importance of randomness, proper high quality random number generation is often ignored. Primarily embedded devices often suffer from weak random number generators. In this work, we focus on identifying and evaluating SRAM in commercial off-the-shelf microcontrollers as an entropy source for PRNG seeding. We measure and evaluate the SRAM start-up patterns of two popular types of microcontrollers, a STMicroelectronics STM32F100R8 and a Microchip PIC16F1825. We also present an efficient software-only architecture for secure PRNG seeding. After analyzing over 1000000 measurements in total, we conclude that of these two devices, the PIC16F1825 cannot be used to securely seed a PRNG. The STM32F100R8, however, has the ability to generate very strong seeds from the noise in its SRAM start-up pattern. These seeds can then be used to ensure a PRNG generates high quality data.

LiBrA-CAN: Lightweight Broadcast Authentication for Controller Area Networks

Despite realistic concerns, security is still absent from vehicular buses such as the widely used Controller Area Network (CAN). We design an efficient protocol based on efficient symmetric primitives, taking advantage of two innovative procedures: splitting keys between nodes and mixing authentication tags. This results in a higher security level when compromised nodes are in the minority, a realistic assumption for automotive networks. Experiments are performed on state-of-the-art Infineon TriCore controllers, contrasted with low-end Freescale S12X cores, while simulations are provided for the recently released CAN-FD standard. To gain compatibility with existent networks, we also discuss a solution based on CAN+.

Software Only, Extremely Compact, Keccak-based Secure PRNG on ARM Cortex-M

The ability to generate secure random numbers is fundamental to the security of cryptographic protocols. Random Number Generators (RNGs) start to appear in recent modern Intel CPUs as used in desktops and servers. Solutions for embedded devices, such as e.g. sensor nodes and wireless routers, are still severely lacking however. In this paper we present the implementation of a secure pseudo-random number generator (PRNG) for the ARM Cortex-M microcontroller family, one of the most popular embedded platforms at this moment. For compactness and compatibility reasons, our implementation is software only. It uses the start-up values of on-chip SRAM as random seed and uses the KECCAK hash function for both entropy extraction as well as pseudo-random number generation. Getting KECCAK very compact in terms of memory requirements is therefore essential. KECCAK is a tunable algorithm: in this paper we discuss the minimum security requirements and the storage costs as a function of the KECCAK variant. The KECCAK permutation of our choice, KECCAK-f[200], is implemented in only 400 bytes. To the best of our knowledge, this is the smallest KECCAK implementation published so far. With the addition of initialization, hashing, padding and output generation functions, our complete solution fits within 496 bytes of ROM and requires 52 bytes of RAM. One byte of pseudo-random data, with a security level of at least 128 bits, can be generated in 3337 cyles on an ARM CortexM3/4, i.e. 50 KiB/s on a development board, plenty fast for a cryptographic PRNG in an embedded setting.

DEMO: Inherent PUFs and secure PRNGs on commercial off-the-shelf microcontrollers

Research on Physically Unclonable Functions (PUFs) has become very popular in recent years. However, all PUFs researched so far require either ASICs, FPGAs or a microcontroller with external components. Our research focuses on identifying PUFs in commercial off-the-shelf devices, e.g. microcontrollers. We show that PUFs exist in several off-theshelf products, which can be used for security applications. We present measurement results on the PUF behavior of five of the most popular microcontrollers today: ARM Cortex A,ARM Cortex-M,Atmel AVR, Microchip PIC16 and Texas Instruments MSP430. Based on these measurements, we can calculate whether these chips can be considered for applications requiring strong cryptography. As a result of these findings, we present a secure bootloader for the ARM Cortex-A9 platform based on a PUF inherent to the device, requiring no external components. Furthermore, instead of discarding the randomness in PUF responses, we utilize this to create strong seeds for pseudo-random number generators (PRNGs). The existence of a secure RNG is at the heart of virtually every cryptographic protocol, yet very often overlooked. We present the implementation of a strongly seeded PRNG for the ARM Cortex-M family, again requiring no external components.

Tiny application-specific programmable processor for BCH decoding

We present a novel design for a tiny application-specific programmable processor for BCH decoding. The design is optimized for use in a PUF key extractor, where low-area overhead is extremely important. Due to its flexible nature, it can support a wide range of BCH codes. The complete design for a BCH(413, 296, 13) decoder requires only 1% (less than 70 slices) of the available resources of a small FPGA.