Geert Jan Schrijen

FPGA Intrinsic PUFs and Their Use for IP Protection

In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. In [34], Simpson and Schaumont proposed a fundamentally different approach to IP protection on FPGAs based on the use of Physical Unclonable Functions (PUFs). Their work only assumes the existence of a PUF on the FPGAs without actually proposing a PUF construction. In this paper, we propose new protocols for the IP protection problem on FPGAs and provide the first construction of a PUF intrinsic to current FPGAs based on SRAM memory randomness present on current FPGAs. We analyze SRAM-based PUF statistical properties and investigate the trade offs that can be made when implementing a fuzzy extractor.

Practical biometric authentication with template protection

In this paper we show the feasibility of template protecting biometric authentication systems. In particular, we apply template protection schemes to fingerprint data. Therefore we first make a fixed length representation of the fingerprint data by applying Gabor filtering. Next we introduce the reliable components scheme. In order to make a binary representation of the fingerprint images we extract and then quantize during the enrollment phase the reliable components with the highest signal to noise ratio. Finally, error correction coding is applied to the binary representation. It is shown that the scheme achieves an EER of approximately 4.2% with secret length of 40 bits in experiments.

Read-proof hardware from protective coatings

In cryptography it is assumed that adversaries only have black box access to the secret keys of honest parties. In real life, however, the black box approach is not sufficient because attackers have access to many physical means that enable them to derive information on the secret keys. In order to limit the attacker’s ability to read out secret information, the concept of Algorithmic Tamper Proof (ATP) security is needed as put forth by Gennaro, Lysyanskaya, Malkin, Micali and Rabin. An essential component to achieve ATP security is read-proof hardware. In this paper, we develop an implementation of read-proof hardware that is resistant against invasive attacks. The construction is based on a hardware and a cryptographic part. The hardware consists of a protective coating that contains a lot of randomness. By performing measurements on the coating a fingerprint is derived. The cryptographic part consists of a Fuzzy Extractor that turns this fingerprint into a secure key. Hence no key is present in the non-volatile memory of the device. It is only constructed at the time when needed, and deleted afterwards. A practical implementation of the hardware and the cryptographic part is given. Finally, experimental evidence is given that an invasive attack on an IC equipped with this coating, reveals only a small amount of information on the key.

Hardware intrinsic security from D flip-flops

In this paper we describe the results of our investigations Supported by EU FP7 project UNIQUE on the randomness and reliability of D flip-flops when used as a Physically Unclonable Function (PUF). These D flip-flops are hardware components which present a random start-up value when powered up. We show that against all odds, enough randomness exists in such elements when implemented on an Application-Specific Integrated Circuit (ASIC) to turn the responses of a number of D flip-flops into a secret random sequence allowing to derive keys for use in conjunction with cryptographic algorithms. In addition to being unpredictable, these flip-flops have the advantage that they can be spread over random locations in an ASIC. This makes them very difficult to reverse-engineer when used to hide a secret key in a design at a relatively small cost in resources.

Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions

Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment and storage of keys in sensor networks and radio frequency identification systems based on the use of Physical Unclonable Functions (PUFs). In addition, to providing an overview of different existing PUF realizations, we introduce a PUF realization aimed at ultra-low cost applications. We then show how the properties of Fuzzy Extractors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. We also provide an overview of PUF applications aimed at solving the counterfeiting of goods and devices.

Privacy in an identity-based DRM system

The present paper addresses privacy issues in electronic audio/video content distribution. It introduces an identity-based rights distribution and management system that enables users to access content anytime, anywhere, and on any device by means of authorization certificates issued by a content provider. These certificates openly link the identity of the users to the content that they are entitled to access. This fact, together with the availability of the certificates everywhere in the network, raises user privacy issues. A solution is proposed which deals with these issues and still allows the device to securely check the users entitlement to the content.

Brand and IP protection with physical unclonable functions

In this paper we provide an overview of physical unclonable functions and explain why they are a very valuable technology to protect a companys IP and hence at the same time its brand. Physical unclonable functions are unclonable physical structures that map challenges to responses. They inherit their unclonability from the (deep sub-micron) process variations during manufacturing. They can be turned into a useful tool to generate very secure secret keys in ICs and to provide keys to protect valuable IP of fabless IC companies, IP Vendors and design houses. We will present several examples and explain cryptographic algorithms and protocols to use them in IP protection applications.

Comparative analysis of SRAM memories used as PUF primitives

In this publication we present the results of our investigations into the reliability and uniqueness of Static Random Access Memories (SRAMs) in different technology nodes when used as a Physically Unclonable Function (PUF). The comparative analysis that can be found in this publication is the first ever of its kind, using different SRAM memories in technologies ranging from 180nm to 65nm. Each SRAM memory presents a unique and unpredictable start-up pattern when being powered up. In order to use an SRAM as a PUF in an application, the stability of its start-up patterns needs to be assured under a wide variety of conditions such as temperature and applied voltage. Furthermore the start-up patterns of different memories must be unique and contain sufficient entropy. This paper presents the results of tests that investigate these properties of different SRAM memory technology nodes. Furthermore, it proposes the construction of a fuzzy extractor, which can be used in combination with the tested memories for extracting secure cryptographic keys.

Evaluation of 90nm 6T-SRAM as Physical Unclonable Function for secure key generation in wireless sensor nodes

Due to the unattended nature of WSN (Wireless Sensor Network) deployment, each sensor can be subject to physical capture, cloning and unauthorized device alteration. In this paper, we use the embedded SRAM, often available on a wireless sensor node, for secure data (cryptographic keys, IDs) generation which is more resistant to physical attacks. We evaluate the physical phenomenon that the initial state of a 6T-SRAM cell is highly dependent on the process variations, which enables us to use the standard SRAM circuit, as a Physical Unclonable Function (PUF). Important requirements to serve as a PUF are that the start-up values of an SRAM circuit are uniquely determined, unpredictable and similar each time the circuit is turned on. We present the evaluation results of the internal SRAM memories of low power ICs as PUFs and the statistical analysis of the results. The experimental results prove that the low power 90nm commercial 6T-SRAMs are very useful as a PUF. As far as we know, this is the first work that provides an extensive evaluation of 6T-SRAM-based PUF, at different environmental, electrical, and ageing conditions to representing the typical operating conditions of a WSN.

Visual Crypto Displays Enabling Secure Communications

In this paper we describe a low-tech and user friendly solution for secure two-way communication between two parties over a network of untrusted devices. We present a solution in which displays play a central role. Our approach guarantees privacy and allows to check the authenticity of information presented on displays. Furthermore, we provide the user with a secure return channel. To this end we propose to provide every user with a small decryption display which is, for example, integrated in a credit card and requires very limited computing power. The authentication and security are based on visual cryptography which was first introduced by Naor and Shamir in 1994. We solve some practical shortcomings of traditional visual cryptography and develop protocols for two-way authentication and privacy in untrusted environments.