Susana Eiroa

An analysis of ring oscillator PUF behavior on FPGAs

Many studies have been directed to probe ring oscillator PUFs feasibility in the security field, but most of them suffer from the lack of global approach as they analyze the system isolated, giving an uncompleted theory about their behavior. This paper presents how adjacent hardware elements may affect PUF response, modifying their statistical characteristics and even masking the randomness of manufacturing process. This is a factor that should be taken into account when modeling the behavior of the ring oscillators in the PUF. Experimental results from Xilinx Spartan 3 FPGAs illustrate these issues.

Reducing bit flipping problems in SRAM physical unclonable functions for chip identification

Physical Unclonable functions (PUFs) have appeared as a promising solution to provide security in hardware. SRAM PUFs offer the advantage, over other PUF constructions, of reusing resources (memories) that already exist in many designs. However, their intrinsic noisy nature produces the so called bit flipping effect, which is a problem in circuit identification and secret key generation. The approaches reported to reduce this effect usually resort to the use of pre- and post-processing steps (such as Fuzzy Extractor structures combined with Error Correcting Codes), which increase the complexity of the system. This paper proposes a pre-processing step that reduces bit flipping problems without increasing the hardware complexity. The proposal has been verified experimentally with 90-nm SRAMs included in digital application specific integrated circuits (ASICs).

Improved Generation of Identifiers, Secret Keys, and Random Numbers From SRAMs

This paper presents a method to simultaneously improve the quality of the identifiers, secret keys, and random numbers that can be generated from the start-up values of standard static random access memories (SRAMs). The method is based on classifying memory cells after evaluating their start-up values at multiple measurements in a registration phase. The registration can be done without unplugging the device from its application context, and with no need for a complex laboratory setup. The method has been validated experimentally with standard low-power SRAM modules in two different application specific integrated circuits (ASICs) fabricated with the 90-nm TSMC technology. The results show that with a simple registration the length of the identifiers can be reduced by 45%, the worst case bit error probability (which defines the complexity of the error correcting code needed to recover a secret key) can be reduced by 64%, and the worst case minimum entropy value is improved, thus reducing the number of bits that have to be processed to obtain full entropy by 81%. The method can be applied to standard digital designs by controlling the external power supply to the SRAM using software or by incorporating simple circuitry in the design. In the latter case, a module for implementing the method in an ASIC designed in the 90-nm TSMC technology occupies an active area of 42, 025 μm2.

FPGA implementation and DPA resistance analysis of a lightweight HMAC construction based on photon hash family

Lightweight security is currently a challenge in the field of cryptography. Most of applications designed for embedded scenarios often focus on authentication or on providing some form of anonymity and/or privacy. A well-known cryptographic element employed to provide such security is the HMAC construction. However, reported solutions are not suitable for constrained-resource scenarios due to their heavy approaches optimized for high-speed operations. In order to cover this lack, a lightweight implementation of HMAC based on the Photon family of hash functions is given in this work. Security of the construction against differential power attacks (DPA) is analyzed using a SASEBO-II development board. Implementation and performance results for Xilinx Virtex-5 FPGAs of the HMAC structure is provided.

Hardware authentication based on PUFs and SHA-3 2 nd round candidates

Security features are getting a growing interest in microelectronics. Not only entities have to authenticate in the context of a high secure communication but also the hardware employed has to be trusted. Silicon Physical Unclonable Functions (PUFs) or Physical Random Functions, which exploits manufacturing process variations in integrated circuits, have been used to authenticate the hardware in which they are included and, based on them, several cryptographic protocols have been reported. This paper describes the hardware implementation of a symmetric-key authentication protocol in which a PUF is one of the relevant blocks. The second relevant block is a SHA-3 2nd round candidate, a Secure Hash Algorithm (in particular Keccak), which has been proposed to replace the SHA-2 functions that have been broken no long time ago. Implementation details are discussed in the case of Xilinx FPGAs.

Circuit authentication based on Ring-Oscillator PUFs

The use of Ring Oscillator PUFs to provide circuit authentication is analyzed in this paper. The limitations of the previously reported approach in terms of false rejection (due to high intra-die variations) and false acceptance (due to small inter-die variations) are discussed. These limitations are overcome by a new proposal that makes the authentication more robust against noise, temperature and power supply variations, without increasing considerably hardware complexity. All these issues are illustrated with experimental results obtained with FPGAs from Xilinx.

A VLSI module to authenticate unclonable things

This paper presents a novel VLSI module that implements a lightweight symmetric authentication protocol based on Keyed-Hash Message Authentication Code (HMAC). The cryptographic key and the random numbers needed by the protocol are generated efficiently by a SRAM acting as a Physical Unclonable Function (PUF).

Robust unclonable identifiers and true random numbers from off-the-shelf SRAMs

A demonstrator has been developed that shows how off-the-shelf SRAMs can be identified by their start-up values and how true random numbers can be extracted from them. It contains an FPGA that communicates with off-the-shelf SRAMs and with a USB 2.0 microcontroller which in turn communicates with a computer to show the results to users.