Ünal Kocabaş

PUFs: myth, fact or busted? a security evaluation of physically unclonable functions (PUFs) cast in silicon

Physically Unclonable Functions (PUFs) are an emerging technology and have been proposed as central building blocks in a variety of cryptographic protocols and security architectures. However, the security features of PUFs are still under investigation: Evaluation results in the literature are difficult to compare due to varying test conditions, different analysis methods and the fact that representative data sets are publicly unavailable. In this paper, we present the first large-scale security analysis of ASIC implementations of the five most popular intrinsic electronic PUF types, including arbiter, ring oscillator, SRAM, flip-flop and latch PUFs. Our analysis is based on PUF data obtained at different operating conditions from 96 ASICs housing multiple PUF instances, which have been manufactured in TSMC 65 nm CMOS technology. In this context, we present an evaluation methodology and quantify the robustness and unpredictability properties of PUFs. Since all PUFs have been implemented in the same ASIC and analyzed with the same evaluation methodology, our results allow for the first time a fair comparison of their properties.

Memristor PUFs: a new generation of memory-based physically unclonable functions

Memristors are emerging as a potential candidate for next-generation memory technologies, promising to deliver non-volatility at performance and density targets which were previously the domain of SRAM and DRAM. Silicon Physically Unclonable Functions (PUFs) have been introduced as a relatively new security primitive which exploit manufacturing variation resulting from the IC fabrication process to uniquely fingerprint a device instance or generate device-specific cryptographic key material. While silicon PUFs have been proposed which build on traditional memory structures, in particular SRAM, in this paper we present a memristor-based PUF which utilizes a weak-write mechanism to obtain cell behaviour which is influenced by process variation and hence usable as a PUF response. Using a model-based approach we evaluate memristor PUFs under random process variations and present results on the performance of this new PUF variant.

Fair and Consistent Hardware Evaluation of Fourteen Round Two SHA-3 Candidates

The first contribution of our paper is that we propose a platform, a design strategy, and evaluation criteria for a fair and consistent hardware evaluation of the second-round SHA-3 candidates. Using a SASEBO-GII field-programmable gate array (FPGA) board as a common platform, combined with well defined hardware and software interfaces, we compare all 256-bit version candidates with respect to area, throughput, latency, power, and energy consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specification for the SHA-3 module on our testing platform. The second contribution is that we provide both FPGA and 90-nm CMOS application-specific integrated circuit (ASIC) synthesis results and thereby are able to compare the results. Our third contribution is that we release the source code of all the candidates and by using a common, fixed, publicly available platform, our claimed results become reproducible and open for a public verification.

Implementation of binary edwards curves for very-constrained devices

Elliptic Curve Cryptography (ECC) is considered as the best candidate for Public-Key Cryptosystems (PKC) for ubiquitous security. Recently, Elliptic Curve Cryptography (ECC) based on Binary Edwards Curves (BEC) has been proposed and it shows several interesting properties, e.g., completeness and security against certain exceptional-points attacks. In this paper, we propose a hardware implementation of the BEC for extremely constrained devices. The w-coordinates and Montgomery powering ladder are used. Next, we also give techniques to reduce the register file size, which is the largest component of the embedded core. Thirdly, we apply gated clocking to reduce the overall power consumption. The implementation has a size of 13,427 Gate Equivalent (GE), and 149.5 ms are required for one point multiplication. To the best of our knowledge, this is the first hardware implementation of binary Edwards curves.

PUF-based secure test wrapper design for cryptographic SoC testing

Globalization of the semiconductor industry increases the vulnerability of integrated circuits. This particularly becomes a major concern for cryptographic IP blocks integrated on a System-on-Chip (SoC). The trustworthiness of these cryptographic blocks can be ensured with a secure test strategy. Presently, the IEEE 1500 Test Wrapper has emerged as the test standard for industrial SoCs. Additionally a secure activation mechanism has been proposed to this standard in order to restrict access to the testing interface to eligible testers by using a cryptographic authentication mechanism. This access mechanism is necessary in order not to provide any side-channels which may leak secret information for attackers. However, this approach requires the authentication mechanism to be implemented in hardware incurring an area overhead, and the authentication secrets to be securely stored in non-volatile memory (NVM), which may be susceptible to side-channel attacks. In this work, we enhance the secure test wrapper allowing testing of multiple IP blocks using a PUF-based authentication mechanism which overcomes the necessity of secure NVM and reduces the implementation overhead.

Converse PUF-Based authentication

Physically Unclonable Functions (PUFs) are key tools in the construction of lightweight authentication and key exchange protocols. So far, all existing PUF-based authentication protocols follow the same paradigm: A resource-constrained prover, holding a PUF, wants to authenticate to a resource-rich verifier, who has access to a database of pre-measured PUF challenge-response pairs (CRPs). In this paper we consider application scenarios where all previous PUF-based authentication schemes fail to work: The verifier is resource-constrained (and holds a PUF), while the prover is resource-rich (and holds a CRP-database). We construct the first and efficient PUF-based authentication protocol for this setting, which we call converse PUF-based authentication. We provide an extensive security analysis against passive adversaries, show that a minor modification also allows for authenticated key exchange and propose a concrete instantiation using controlled Arbiter PUFs.

Prototyping platform for performance evaluation of SHA-3 candidates

The objective of the SHA-3 NIST competition is to select, from multiple competing candidates, a standard algorithm for cryptographic hashing. The selected winner must have adequate cryptographic properties and good implementation characteristics over a wide range of target platforms, including both software and hardware. Performance evaluation in hardware is particularly challenging because of the large design space, wide range of target technologies, and multitude of optimization criteria. We describe the efforts of three research groups to evaluate SHA-3 candidates using a common prototyping platform. Using a SASEBO-GII FPGA board as a starting point, we evaluate the performance of the 14 remaining SHA-3 candidates with respect to area, throughput, and power consumption. Our approach defines a standard testing harness for SHA-3 candidates, including the interface specifications for the SHA-3 module on the SASEBO testing board.

Poster: practical embedded remote attestation using physically unclonable functions

We present the design and implementation of a lightweight remote attestation scheme for embedded devices that combines software attestation with Physically Unclonable Functions (PUFs). In contrast to standard software attestation, our scheme (i) is secure against collusion attacks to forge the attestation checksum, (ii) allows for the authentication and attestation of remote provers, and (iii) enables the detection of hardware attacks on the prover.