Nima Karimian

DRAM based Intrinsic Physical Unclonable Functions for System Level Security

Physical Unclonable Functions (PUF) are the result of random uncontrollable variables in the manufacturing process. A PUF can be used as a source of random but reliable data for applications such as generating chip identification and encryption keys. Among various types of PUFs, an intrinsic PUF is the result of a preexisting manufacturing process, does not require any additional circuitry, and is cost effective. In this paper, we introduce an intrinsic PUF based on dynamic random access memories (DRAM). DRAM PUFs can be used in low cost identification applications and also have several advantages over other PUFs such as large input patterns. The DRAM PUF relies on the fact that the capacitor in the DRAM initializes to random values at startup. We demonstrate real DRAM PUFs and describe an experimental setup to test different operating conditions on three DRAMs to achieve the highest reliable results. Finally, we select the most stable bits to use as chip ID using our enrollment algorithm.

DRAM-Based Intrinsic Physically Unclonable Functions for System-Level Security and Authentication

A physically unclonable function (PUF) is an irreversible probabilistic function that produces a random bit string. It is simple to implement but hard to predict and emulate. PUFs have been widely proposed as security primitives to provide device identification and authentication. In this paper, we propose a novel dynamic-memory-based PUF [dynamic RAM PUF (DRAM PUF)] for the authentication of electronic hardware systems. The DRAM PUF relies on the fact that the capacitor in the DRAM initializes to random values at startup time. Most PUF designs require custom circuits to convert unique analog characteristics into digital bits, but using our method, no extra circuitry is required to achieve a reliable 128-bit PUF. The results show that the proposed DRAM PUF provides a large number of input patterns (challenges) compared with other memory-based PUF circuits such as static RAM PUFs. Our DRAM PUFs provide highly unique PUFs with a 0.4937 average interdie Hamming distance. We also propose an enrollment algorithm to achieve highly reliable results to generate PUF identifications for system-level security. This algorithm has been validated on real DRAMs with an experimental setup to test different operating conditions.

Highly Reliable Key Generation From Electrocardiogram (ECG)

Traditional passwords are inadequate as cryptographic keys, as they are easy to forge and are vulnerable to guessing. Human biometrics have been proposed as a promising alternative due to their intrinsic nature. Electrocardiogram (ECG) is an emerging biometric that is extremely difficult to forge and circumvent, but has not yet been heavily investigated for cryptographic key generation. ECG has challenges with respect to immunity to noise, abnormalities, etc. In this paper, we propose a novel key generation approach that extracts keys from real-valued ECG features with high reliability and entropy in mind. Our technique, called interval optimized mapping bit allocation (IOMBA), is applied to normal and abnormal ECG signals under multiple session conditions. We also investigate IOMBA in the context of different feature extraction methods, such as wavelet, discrete cosine transform, etc., to find the best method for feature extraction. Experiments of IOMBA show that 217-, 38-, and 100-bit keys with 99.9%, 97.4%, and 95% average reliability and high entropy can be extracted from normal, abnormal, and multiple session ECG signals, respectively. By allowing more errors or lowering entropy, key lengths can be further increased by tunable parameters of IOMBA, which can be useful in other applications. While IOMBA is demonstrated on ECG, it should be useful for other biometrics as well.

Hardware security meets biometrics for the age of IoT

The Internet of Things (IoT) is a concept that involves connecting endpoint devices and physical objects to the Internet. While IoT is envisioned to dramatically increase convenience in our daily lives, it could also result in catastrophic economic and safety issues. Considering the applications envisioned for IoT (smart cities, homes, retail, etc.), security must be handled with great care and should start from the bottom up (i.e., from the hardware level). As a good deal of IoT devices require interaction between devices and humans, biometrics provide an interesting opportunity for improving both the convenience and security in IoT applications. In this paper, we consider the potential benefits and challenges associated with incorporating biometrics into IoT. We combine novel biometrics, such as ECG and PPG, and system-level obfuscation approaches to prevent reverse engineering, tampering and unauthorized access of IoT devices and other electronic systems. Our preliminary results are promising and motivate future work in this area.

Genetic Algorithm for hardware Trojan detection with ring oscillator network (RON)

Securing integrated circuits against malicious modifications (i.e., hardware Trojans) is of utmost importance, as hardware Trojans may leak information and reduce reliability of electronic systems in critical applications. In this paper, we use ring oscillators (ROs) to gather measurements of ICs that may contain hardware Trojans. To distinguish between Trojan-inserted ICs and Trojan-free ICs, we investigate several classification approaches. Furthermore, we propose a novel feature selection approach based on the Genetic Algorithm (GA) and evaluate its performance compared to several popular alternatives. The proposed method is an improvement over principal component analysis (PCA) in terms of accuracy and equal error rate by 30% and 97% respectively.

A Study of Power Supply Variation as a Source of Random Noise

In this paper, we consider the construction of True Random Numbers Generators (TRNGs) using variations in power supplies. We demonstrate that power supply line outputs do not have a constant voltage and the variations in voltage follow a normal distribution. These variations can be used to create truly random bits that demonstrates a high entropy rate based on the results obtained from the NIST Statistical Test Suite. In order to quantify the impact of variations on the input signal of a circuit, we analyze the impact of such variations using Monte-Carlo simulations as well as an actual implementation. Results were obtained for evaluating the accuracy and randomness of the data gathered from our proposed circuit. A detailed analysis of the effect of variations of different power supplies is also presented with observations on their usefulness as a TRNG. The key advantage of our power supply variation based TRNG is its simplicity of implementation.

Non-fiducial PPG-based authentication for healthcare application

Biometrics have a great deal of potential in healthcare applications, most notably authentication for medical record privacy and fraud prevention. In this paper, we examine, for the first time, non-fiducial feature extraction for photo-plethysmography (PPG) based authentication. PPG signals have unique identity properties for human authentication, and are becoming easier to capture by emerging IoT sensors such as MaxFast. Different machine learning techniques are used to compare non-fiducial and fiducial feature extractions. Our experimental results show that 99.84% accuracy with EER of 1.31% can be achieved based on non-fiducial feature extraction.

Investigation of DRAM PUFs reliability under device accelerated aging effects

Physical Unclonable Functions are promising candidates for lightweight authentication applications as they are hard to predict and clone. PUFs are dependent on process variations that occurs during silicon chip fabrication. As the CMOS technology scales down towards nanoscale dimensions, there are increasing transistor reliability challenges which impact the lifetime of integrated circuits. These issues are known as aging effects, which result in degradation of the performance of circuits. In this paper, we analyze the effects of aging on the reliability of intrinsic DRAM PUFs. We present accelerated aging experimental results over 18 months (from Sep. 2014 to Feb. 2016) on 3 DRAM PUFs. Based on our observations, DRAM PUFs maintain their reliability over time, and thus, validate the use of DRAM PUFs in a number of applications such as system authentications.

Human recognition from photoplethysmography (PPG) based on non-fiducial features

Photoplethysmography (PPG) signals have unique identity properties for human recognition, and are becoming easier to capture by emerging IoT sensors. Existing research on PPG-based biometric systems rely on fiducial methods that extract landmarks from the PPG signal as features. This paper investigates non-fiducial methods that operating in a holistic manner that is less sensitive to noise in landmarks. We compare PPG-based human verification of 42 subjects with fiducial and non-fiducial methods (specifically, discrete wavelet transform) and classification using a neural network and support vector machine. The experimental results demonstrate higher test recognition rates for wavelet transform feature extraction. We further improve our results by selecting a subset of features via the genetic algorithm.

Noise assessment framework for optimizing ECG key generation

Bioelectrical signals such as electrocardiogram (ECG) have shown promise as biometrics, but their continuous nature and drastic acquisition variations make it difficult to deploy them for biometric-based key generation. In particular, it is nearly impossible to obtain raw ECG measurements from a large population under all possible test conditions. In this paper, we build upon our recent approach called IOMBA by combining it with a pre-assessment framework that uses synthetic ECGs to characterize the impact of different sources of noise on ECG-based keys. Our framework uses an auto-regressive (AR) model with three modulated sources of noise - baseline wander (BW), electromyography (EMG), and motion artifact (MA). The performance of the proposed framework is validated using normal ECG signals from popular ECG databases. Different feature extraction methods are applied for ECG key generation and the performance of each approach with each noise source is evaluated. The proposed framework can be used to optimize pre-processing approaches for low-cost applications.