Boris Skoric

Read-proof hardware from protective coatings

In cryptography it is assumed that adversaries only have black box access to the secret keys of honest parties. In real life, however, the black box approach is not sufficient because attackers have access to many physical means that enable them to derive information on the secret keys. In order to limit the attacker’s ability to read out secret information, the concept of Algorithmic Tamper Proof (ATP) security is needed as put forth by Gennaro, Lysyanskaya, Malkin, Micali and Rabin. An essential component to achieve ATP security is read-proof hardware. In this paper, we develop an implementation of read-proof hardware that is resistant against invasive attacks. The construction is based on a hardware and a cryptographic part. The hardware consists of a protective coating that contains a lot of randomness. By performing measurements on the coating a fingerprint is derived. The cryptographic part consists of a Fuzzy Extractor that turns this fingerprint into a secure key. Hence no key is present in the non-volatile memory of the device. It is only constructed at the time when needed, and deleted afterwards. A practical implementation of the hardware and the cryptographic part is given. Finally, experimental evidence is given that an invasive attack on an IC equipped with this coating, reveals only a small amount of information on the key.

Measuring intrusion detection capability: an information-theoretic approach

A fundamental problem in intrusion detection is what metric(s) can be used to objectively evaluate an intrusion detection system (IDS) in terms of its ability to correctly classify events as normal or intrusive. Traditional metrics (e.g., true positive rate and false positive rate) measure different aspects, but no single metric seems sufficient to measure the capability of intrusion detection systems. The lack of a single unified metric makes it difficult to fine-tune and evaluate an IDS. In this paper, we provide an in-depth analysis of existing metrics. Specifically, we analyze a typical cost-based scheme [6], and demonstrate that this approach is very confusing and ineffective when the cost factor is not carefully selected. In addition, we provide a novel information-theoretic analysis of IDS and propose a new metric that highly complements cost-based analysis. When examining the intrusion detection process from an information-theoretic point of view, intuitively, we should have less uncertainty about the input (event data) given the IDS output (alarm data). Thus, our new metric, CI D (Intrusion Detection Capability), is defined as the ratio of the mutual information between the IDS input and output to the entropy of the input. CI D has the desired property that: (1) It takes into account all the important aspects of detection capability naturally, i.e., true positive rate, false positive rate, positive predictive value, negative predictive value, and base rate; (2) it objectively provides an intrinsic measure of intrusion detection capability; and (3) it is sensitive to IDS operation parameters such as true positive rate and false positive rate, which can demonstrate the effect of the subtle changes of intrusion detection systems. We propose CI D as an appropriate performance measure to maximize when fine-tuning an IDS. The obtained operation point is the best that can be achieved by the IDS in terms of its intrinsic ability to classify input data. We use numerical examples as well as experiments of actual IDSs on various data sets to show that by using CI D, we can choose the best (optimal) operating point for an IDS and objectively compare different IDSs.

Reconfigurable Physical Unclonable Functions - Enabling technology for tamper-resistant storage

A PUF or Physical Unclonable Function is a function that is embodied in a physical structure that consists of many random uncontrollable components which originate from process variations during manufacturing. Due to this random structure a physical stimulus or challenge generates unpredictable responses. Because of their physical properties PUFs are unclonable and very promising primitives for the purpose of authentication and storage of cryptographic keys. Previous work on PUFs considers mainly static challenge-response PUFs. In many applications, however, a dynamic PUF would be desirable, e.g., in order to allow the key derived from the PUF to be updated. We define a new primitive, the reconfigurable PUF (rPUF) which is a PUF with a mechanism to transform it into a new PUF with a new unpredictable and uncontrollable challenge-response behavior, even if the challengeresponse behavior of the original PUF is already known. We present two practical instantiations of a reconfigurable PUF. One is a new variant of the optical PUF, and the other is based on phase change memory. We also illustrate how an rPUF can be used to protect non-volatile storage against invasive physical attacks.

Robust key extraction from physical uncloneable functions

Physical Uncloneable Functions (PUFs) can be used as a cost-effective means to store key material in an uncloneable way. Due to the fact that the key material is obtained by performing measurements on a physical system, noise is inevitably present in each readout. In this paper we present a number of methods that improve the robustness of bit-string extraction from noisy PUF measurements in general, and in particular for optical PUFs. We describe a practical implementation in the case of optical PUFs and show experimental results.

Information-theoretic security analysis of physical uncloneable functions

We propose a general theoretical framework to analyze the security of Physical Uncloneable Functions (PUFs). We apply the framework to optical PUFs. In particular we present a derivation, based on the physics governing multiple scattering processes, of the number of independent challenge-response pairs supported by a PUF. We find that the number of independent challenge-response pairs is proportional to the square of the thickness of the PUF and inversely proportional to the scattering length and the wavelength of the laser light. We compare our results to those of Pappu and show that they coincide in the case where the density of scatterers becomes very high.Finally, we discuss some attacks on PUFs, and introduce the Slow PUF as a way to thwart brute force attacks.

Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions

Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment and storage of keys in sensor networks and radio frequency identification systems based on the use of Physical Unclonable Functions (PUFs). In addition, to providing an overview of different existing PUF realizations, we introduce a PUF realization aimed at ultra-low cost applications. We then show how the properties of Fuzzy Extractors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. We also provide an overview of PUF applications aimed at solving the counterfeiting of goods and devices.

Strong Authentication with Physical Unclonable Functions

Physical unclonable functions (PUFs) can be used as a cost-effective means to store cryptographic key material in an unclonable way. They can be employed for strong authentication of objects, e.g., tokens, and of persons possessing such tokens, but also for other purposes. We give a short overview of security applications where PUFs are useful, and discuss physical realisations, noisy measurements and information content of PUFs. Then we describe an integrated authentication token containing an optical PUF, a challenging mechanism and a detector. Finally, we discuss authentication protocols for controlled and uncontrolled PUFs.

Security with noisy data

An overview was given of security applications where noisy data plays a substantial role. Secure Sketches and Fuzzy Extractors were discussed at tutorial level, and two simple Fuzzy Extractor constructions were shown. One of the latest developments was presented: quantum-readout PUFs.

Towards an information-theoretic framework for analyzing intrusion detection systems

IDS research still needs to strengthen mathematical foundations and theoretic guidelines. In this paper, we build a formal framework, based on information theory, for analyzing and quantifying the effectiveness of an IDS. We firstly present a formal IDS model, then analyze it following an information-theoretic approach. Thus, we propose a set of information-theoretic metrics that can quantitatively measure the effectiveness of an IDS in terms of feature representation capability, classification information loss, and overall intrusion detection capability. We establish a link to relate these metrics, and prove a fundamental upper bound on the intrusion detection capability of an IDS. Our framework is a practical theory which is data trace driven and evaluation oriented in this area. In addition to grounding IDS research on a mathematical theory for formal study, this framework provides practical guidelines for IDS fine-tuning, evaluation and design, that is, the provided set of metrics greatly facilitates a static/dynamic fine-tuning of an IDS to achieve optimal operation and a fine-grained means to evaluate IDS performance and improve IDS design. We conduct experiments to demonstrate the utility of our framework in practice.

Estimating the Secrecy-Rate of Physical Unclonable Functions with the Context-Tree Weighting Method

We propose methods to estimate the secrecy-rate of fuzzy sources (e.g. biometrics and physical unclonable functions (PUFs)) using context-tree weighting. In this paper we focus on PUFs. In order to show that our estimates are realistic we first generalize Maurers (1993) result to the ergodic case. Then we focus on the fact that the entropy of a stationary two-dimensional structure is a limit of a series of conditional entropies, a result by Anastassiou and Sakrison (1982). We extend this result to the conditional entropy of one two-dimensional structure given another one. Finally we show that the general CTW-method approaches the source entropy also in the two-dimensional stationary case. We further extend this result to the two-dimensional conditional entropy. Based on the obtained results we do several measurements on (our) optical PUFs. These measurements allow us to conclude that a secrecy-rate of 0.3 bit/location is possible