Sandeep S. Kumar

FPGA Intrinsic PUFs and Their Use for IP Protection

In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. In [34], Simpson and Schaumont proposed a fundamentally different approach to IP protection on FPGAs based on the use of Physical Unclonable Functions (PUFs). Their work only assumes the existence of a PUF on the FPGAs without actually proposing a PUF construction. In this paper, we propose new protocols for the IP protection problem on FPGAs and provide the first construction of a PUF intrinsic to current FPGAs based on SRAM memory randomness present on current FPGAs. We analyze SRAM-based PUF statistical properties and investigate the trade offs that can be made when implementing a fuzzy extractor.

Extended abstract: The butterfly PUF protecting IP on every FPGA

IP protection of hardware designs is the most important requirement for many FPGA IP vendors. To this end, various solutions have been proposed by FPGA manufacturers based on the idea of bitstream encryption. An alternative solution was advocated in (E. Simpson and P. Schaumont, 2006). Simpson and Schaumont proposed a new approach based on physical unclonable functions (PUFs) for IP protection on FPGAs. PUFs are a unique class of physical systems that extract secrets from complex physical characteristics of the integrated circuits which along with the properties of unclonability provide a highly secure means of generating volatile secret keys for cryptographic operations. However, the first practical PUF on an FPGA was proposed only later in (J. Guajardo et al., 2007) based on the startup values of embedded SRAM memories which are intrinsic in some of the current FPGAs. The disadvantage of these intrinsic SRAM PUFs is that not all FPGAs support uninitialized SRAM memory. In this paper, we propose a new PUF structure called the butterfly PUF that can be used on all types of FPGAs. We also present experimental results showing their identification and key generation capabilities.

A Survey of Lightweight-Cryptography Implementations

The tight cost and implementation constraints of high-volume products, including secure RFID tags and smart cards, require specialized cryptographic implementations. The authors review recent developments in this area for symmetric and asymmetric ciphers, targeting embedded hardware and software. In this article, we present a selection of recently published lightweight-cryptography implementations and compare them to state-of-the-art results in their field.

Continuous Verification Using Multimodal Biometrics

Conventional verification systems, such as those controlling access to a secure room, do not usually require the user to reauthenticate himself for continued access to the protected resource. This may not be sufficient for high-security environments in which the protected resource needs to be continuously monitored for unauthorized use. In such cases, continuous verification is needed. In this paper, we present the theory, architecture, implementation, and performance of a multimodal biometrics verification system that continuously verifies the presence of a logged-in user. Two modalities are currently used - face and fingerprint - but our theory can be readily extended to include more modalities. We show that continuous verification imposes additional requirements on multimodal fusion when compared to conventional verification systems. We also argue that the usual performance metrics of false accept and false reject rates are insufficient yardsticks for continuous verification and propose new metrics against which we benchmark our system

Security Challenges in the IP-based Internet of Things

A direct interpretation of the term Internet of Things refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. Although the security needs are well-recognized in this domain, it is still not fully understood how existing IP security protocols and architectures can be deployed. In this paper, we discuss the applicability and limitations of existing Internet protocols and security architectures in the context of the Internet of Things. First, we give an overview of the deployment model and general security needs. We then present challenges and requirements for IP-based security solutions and highlight specific technical limitations of standard IP security protocols.

Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection

In recent years, IP protection of FPGA hardware designs has become a requirement for many IP vendors. To this end solutions have been proposed based on the idea of bitstream encryption, symmetric-key primitives, and the use of physical unclonable functions (PUFs). In this paper, we propose new protocols for the IP protection problem on FPGAs based on public-key (PK) cryptography, analyze the advantages and costs of such an approach, and describe a PUF intrinsic to current FPGAs based on SRAM properties. A major advantage of using PK-based protocols is that they do not require the private key stored in the FPGA to leave the device, thus increasing security. This added security comes at the cost of additional hardware resources but it does not cause significant performance degradation.

Securing the Internet of Things: A Standardization Perspective

The Internet of Things (IoT) is the next wave of innovation that promises to improve and optimize our daily life based on intelligent sensors and smart objects working together. Through Internet Protocol (IP) connectivity, devices can now be connected to the Internet, thus allowing them to be read, controlled, and managed at any time and at any place. Security is an important aspect for IoT deployments. However, proprietary security solutions do not help in formulating a coherent security vision to enable IoT devices to securely communicate with each other in an interoperable manner. This paper gives an overview of the efforts in the Internet Engineering Task Force (IETF) to standardize security solutions for the IoT ecosystem. We first provide an in-depth review of the communication security solutions for IoT, specifically the standard security protocols to be used in conjunction with the Constrained Application Protocol (CoAP), an application protocol specifically tailored to the needs of adapting to the constraints of IoT devices. Since Datagram Transport Layer Security (DTLS) has been chosen as the channel security underneath CoAP, this paper also discusses the latest standardization efforts to adapt and enhance the DTLS for IoT applications. This includes the use of 1) raw public key in DTLS; 2) extending DTLS record Layer to protect group (multicast) communication; and 3) profiling DTLS for reducing the size and complexity of implementations on embedded devices. We also provide an extensive review of compression schemes that are being proposed in IETF to mitigate message fragmentation issues in DTLS.

Breaking ciphers with COPACOBANA –a cost-optimized parallel code breaker

Cryptanalysis of symmetric and asymmetric ciphers is computationally extremely demanding. Since the security parameters (in particular the key length) of almost all practical crypto algorithms are chosen such that attacks with conventional computers are computationally infeasible, the only promising way to tackle existing ciphers (assuming no mathematical breakthrough) is to build special-purpose hardware. Dedicating those machines to the task of cryptanalysis holds the promise of a dramatically improved cost-performance ratio so that breaking of commercial ciphers comes within reach. This contribution presents the design and realization of the COPACOBANA (Cost-Optimized Parallel Code Breaker) machine, which is optimized for running cryptanalytical algorithms and can be realized for less than US

Optimum Digit Serial GF(2^m) Multipliers for Curve-Based Cryptography

10,000. It will be shown that, depending on the actual algorithm, the architecture can outperform conventional computers by several orders in magnitude. COPACOBANA hosts 120 low-cost FPGAs and is able to, e.g., perform an exhaustive key search of the Data Encryption Standard (DES) in less than nine days on average. As a real-world application, our architecture can be used to attack machine readable travel documents (ePass). COPACOBANA is intended, but not necessarily restricted to solving problems related to cryptanalysis. The hardware architecture is suitable for computational problems which are parallelizable and have low communication requirements. The hardware can be used, e.g., to attack elliptic curve cryptosystems and to factor numbers. Even though breaking full-size RSA (1024 bit or more) or elliptic curves (ECC with 160 bit or more) is out of reach with COPACOBANA, it can be used to analyze cryptosystems with a (deliberately chosen) small bitlength to provide reliable security estimates of RSA and ECC by extrapolation.

Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions

Digit serial multipliers are used extensively in hardware implementations of elliptic and hyperelliptic curve cryptography. This contribution shows different architectural enhancements in least significant digit (LSD) multiplier for binary fields GF(2m). We propose two different architectures, the double accumulator multiplier (DAM) and N-accumulator multiplier (NAM), which are both faster compared to traditional LSD multipliers. Our evaluation of the multipliers for different digit sizes gives optimum choices and shows that currently used digit sizes are the worst possible choices. Hence, one of the most important results of this contribution is that digit sizes of the form 2l - 1, where l is an integer, are preferable for the digit multipliers. Furthermore, one should always use the NAM architecture to get the best timings. Considering the time area product DAM or NAM gives the best performance depending on the digit size