Memory-Based Combination PUFs for Device Authentication in Embedded Systems

IEEE Transactions on Multi-Scale Computing Systems Pub Date : 2018-10-01 DOI:10.1109/TMSCS.2018.2885758

Soubhagya Sutar;Arnab Raha;Vijay Raghunathan

{"title":"Memory-Based Combination PUFs for Device Authentication in Embedded Systems","authors":"Soubhagya Sutar;Arnab Raha;Vijay Raghunathan","doi":"10.1109/TMSCS.2018.2885758","DOIUrl":null,"url":null,"abstract":"Embedded systems play a crucial role in fueling the growth of the Internet-of-Things (IoT) in application domains such as health care, home automation, transportation, etc. However, their increasingly network-connected nature, coupled with their ability to access potentially sensitive/confidential information, has given rise to a plethora of security and privacy concerns. An additional challenge is the growing number of counterfeit components in these devices, with serious reliability and financial repercussions. Physically Unclonable Functions (PUFs) are a promising security primitive to help address these concerns. Memory-based PUFs are particularly attractive as they can be realized with minimal or no additional hardware beyond what is already present in all embedded systems, i.e., memory. However, current memory-based PUFs utilize only a single memory technology for constructing the PUF, which has many disadvantages including making them vulnerable to certain security attacks. Several of these PUFs also suffer from other shortcomings such as low entropy, limited number of challenge-response pairs, etc. In this paper, we propose the design of a new memory-based combination PUF that tightly integrates (two) heterogeneous memory technologies to address these challenges/shortcomings. Our design enables us to authenticate an on-chip component and an off-chip component, thereby taking a step towards multi-component authentication in a device, without incorporating any additional hardware. We have implemented a prototype of the proposed combination PUF using a Terasic TR4-230 FPGA development board and several off-the-shelf SRAMs and DRAMs. Measured experimental results demonstrate substantial improvements over current memory-based PUFs including the ability to resist various security attacks. We also propose a lightweight authentication scheme that ensures robust operation of the PUF across environmental and temporal variations. Extensive authentication tests performed on several PUF prototypes achieved a true-positive rate of greater than 97.5 percent across these variations. The absence of any false-positives, even under an invasive attack, further highlighted the effectiveness of the overall design.","PeriodicalId":100643,"journal":{"name":"IEEE Transactions on Multi-Scale Computing Systems","volume":"4 4","pages":"793-810"},"PeriodicalIF":0.0000,"publicationDate":"2018-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1109/TMSCS.2018.2885758","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Multi-Scale Computing Systems","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/8568007/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 19

Abstract

Embedded systems play a crucial role in fueling the growth of the Internet-of-Things (IoT) in application domains such as health care, home automation, transportation, etc. However, their increasingly network-connected nature, coupled with their ability to access potentially sensitive/confidential information, has given rise to a plethora of security and privacy concerns. An additional challenge is the growing number of counterfeit components in these devices, with serious reliability and financial repercussions. Physically Unclonable Functions (PUFs) are a promising security primitive to help address these concerns. Memory-based PUFs are particularly attractive as they can be realized with minimal or no additional hardware beyond what is already present in all embedded systems, i.e., memory. However, current memory-based PUFs utilize only a single memory technology for constructing the PUF, which has many disadvantages including making them vulnerable to certain security attacks. Several of these PUFs also suffer from other shortcomings such as low entropy, limited number of challenge-response pairs, etc. In this paper, we propose the design of a new memory-based combination PUF that tightly integrates (two) heterogeneous memory technologies to address these challenges/shortcomings. Our design enables us to authenticate an on-chip component and an off-chip component, thereby taking a step towards multi-component authentication in a device, without incorporating any additional hardware. We have implemented a prototype of the proposed combination PUF using a Terasic TR4-230 FPGA development board and several off-the-shelf SRAMs and DRAMs. Measured experimental results demonstrate substantial improvements over current memory-based PUFs including the ability to resist various security attacks. We also propose a lightweight authentication scheme that ensures robust operation of the PUF across environmental and temporal variations. Extensive authentication tests performed on several PUF prototypes achieved a true-positive rate of greater than 97.5 percent across these variations. The absence of any false-positives, even under an invasive attack, further highlighted the effectiveness of the overall design.

查看原文本刊更多论文

嵌入式系统中用于设备认证的基于内存的组合PUF

嵌入式系统在推动物联网（IoT）在医疗保健、家庭自动化、交通等应用领域的发展方面发挥着至关重要的作用。然而，它们日益网络连接的性质，加上它们访问潜在敏感/机密信息的能力，引发了过多的安全和隐私问题。另一个挑战是，这些设备中的假冒组件数量不断增加，可靠性和财务影响严重。物理不可控制函数（PUF）是一种很有前途的安全原语，可以帮助解决这些问题。基于内存的PUF特别有吸引力，因为除了所有嵌入式系统（即内存）中已经存在的硬件之外，它们可以用最少的硬件或不需要额外的硬件来实现。然而，当前基于内存的PUF仅使用单一的内存技术来构建PUF，这具有许多缺点，包括使它们容易受到某些安全攻击。其中一些PUF还存在其他缺点，如低熵、挑战-响应对数量有限等。在本文中，我们提出了一种新的基于内存的组合PUF的设计，该组合PUF紧密集成了（两种）异构内存技术，以解决这些挑战/缺点。我们的设计使我们能够对芯片上组件和芯片外组件进行身份验证，从而朝着设备中的多组件身份验证迈出了一步，而无需结合任何额外的硬件。我们已经使用Terasic TR4-230 FPGA开发板和几个现成的SRAM和DRAM实现了所提出的组合PUF的原型。测量的实验结果表明，与当前基于内存的PUF相比，PUF有了实质性的改进，包括抵御各种安全攻击的能力。我们还提出了一种轻量级身份验证方案，该方案确保PUF在环境和时间变化中的稳健操作。在几个PUF原型上进行的广泛认证测试在这些变体中实现了超过97.5%的真阳性率。即使在侵入性攻击下，也没有任何假阳性，这进一步突出了整体设计的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Multi-Scale Computing Systems

自引率

0.00%

发文量