Browsing by Subject "Hardware Security"

Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Attack-Resistance and Reliability Analysis of Feed-Forward and Feed-Forward XOR PUFs
    (2019-05) Avvaru, Satya Venkata Sandeep
    Physical unclonable functions (PUFs) are lightweight hardware security primitives that are used to authenticate devices or generate cryptographic keys without using non-volatile memories. This is accomplished by harvesting the inherent randomness in manufacturing process variations (e.g. path delays) to generate random yet unique outputs. A multiplexer (MUX) based arbiter PUF comprises two parallel delay chains with MUXs as switching elements. An input to a PUF is called a challenge vector and comprises of the select bits of all the MUX elements in the circuit. The output-bits are referred to as responses. In other words, when queried with a challenge, the PUF generates a response based on the uncontrollable physical characteristics of the underlying PUF hardware. Thus, the overall path delays of these delay chains are random and unique functions of the challenge. The contributions in this thesis can be classified into four main ideas. First, a novel approach to estimate delay differences of each stage in MUX-based standard arbiter PUFs, feed-forward PUFs (FF PUFs) and modified feed-forward PUFs (MFF PUFs) is presented. Test data collected from PUFs fabricated using 32 nm process are used to learn models that characterize the PUFs. The delay differences of individual stages of arbiter PUFs correspond to the model parameters. This was accomplished by employing the least mean squares (LMS) adaptive algorithm. The models trained to learn the parameters of two standard arbiter PUF-chips were able to predict responses with 97.5% and 99.5% accuracy, respectively. Additionally, it was observed that perceptrons can be used to attain 100% (approx.) prediction accuracy. A comparison shows that the perceptron model parameters are scaled versions of the model derived by the LMS algorithm. Since the delay differences are challenge independent, these parameters can be stored on the server which enables the server to issue random challenges whose responses need not be stored. By extending this analysis to 96 standard arbiter PUFs, we confirm that the delay differences of each MUX stage of the PUFs follow a Gaussian probability distribution. Second, artificial neural network (ANN) models are trained to predict hard and soft-responses of the three configurations: standard arbiter PUFs, FF PUFs and MFF PUFs. These models were trained using silicon data extracted from 32-stage arbiter PUF circuits fabricated using IBM 32 nm HKMG process and achieve a response-prediction accuracy of 99.8% in case of standard arbiter PUFs, approximately 97% in case FF PUFs and approximately 99% in case of MFF PUFs. Also, a probability based thresholding scheme is used to define soft-responses and artificial neural networks were trained to predict these soft-responses. If the response of a given challenge has at least 90% consistency on repeated evaluation, it is considered stable. It is shown that the soft-response models can be used to filter out unstable challenges from a randomly chosen independent test-set. From the test measurements, it is observed that the probability of a stable challenge is typically in the range of 87% to 92%. However, if a challenge is chosen with the proposed soft-response model, then its portability of being stable is found to be 99% compared to the ground truth. Third, we provide the first systematic empirical analysis of the effect of FF PUF design choices on their reliability and attack resistance. FF PUFs consist of feed-forward loops that enable internally generated responses to be used as select-bits, making them slightly more secure than a standard arbiter PUFs. While FF PUFs have been analyzed earlier, no prior study has addressed the effect of loop positions on the security and reliability. After evaluating the performance of hundreds of PUF structures in various design configurations, it is observed that the locations of the arbiters and their outputs can have a substantial impact on the security and reliability of FF PUFs. Appropriately choosing the input and output locations of the FF loops, the amount of data required to attack can be increased by 7 times and can be further increased by 15 times if two intermediate arbiters are used. It is observed adding more loops makes PUFs more susceptible to noise; FF PUFs with 5 intermediate arbiters can have reliability values that are as low as 81%. It is further demonstrated that a soft-response thresholding strategy can significantly increase the reliability during authentication to more than 96%. It is known that XOR arbiter PUFs (XOR PUFs) were introduced as more secure alternatives to standard arbiter PUFs. XOR PUFs typically contain multiple standard arbiter PUFs as their components and the output of the component PUFs is XOR-ed to generate the final response. Finally, we propose the design of feed-forward XOR PUFs (FFXOR PUFs) where each component PUF is an FF PUF instead of a standard arbiter PUF. Attack-resistance analysis of FFXOR PUFs was carried out by employing artificial neural networks with 2-3 hidden layers and compared with XOR PUFs. It is shown that FFXOR PUFs cannot be accurately modeled if the number of component PUFs is more than 5. However, the increase in the attack resistance comes at the cost of degraded reliability. We also show that the soft-response thresholding strategy can increase the reliability of FFXOR PUFs by about 30%.
  • Thumbnail Image
    Item
    Authentication and Obfuscation of Digital Signal Processing Integrated Circuits
    (2015-07) Lao, Yingjie
    As electronic devices become increasingly interconnected and pervasive in people's lives, security, trustworthy computing, and intellectual property (IP) protection have notably emerged as important challenges for the next decade. The assumption that hardware is trustworthy and that security effort should only be focused on networks and software is no longer valid given globalization of integrated circuits and systems design and fabrication. The Semiconductor Industry Association pegged the cost of electronics counterfeiting at US $7.5 billion per year in lost revenue and tied it to the loss of 11,000 U.S. jobs. From a national defense perspective, unsecured devices can be compromised by the enemy, putting military personnel and equipment in danger. Therefore, securing integrated circuit (IC) chips, in other words, hardware security, is extremely important. This dissertation considers the design of highly secure digital signal processing circuits by employing both authentication-based and obfuscation-based approaches. In the first part of the dissertation, we focus on one emerging authentication-based solution: Physical Unclonable Function (PUF). We present novel reconfigurable PUF designs which could simultaneously achieve better reliability and security. We also present a systematic statistical analysis to quantitatively evaluate the performances of various multiplexer (MUX)-based PUFs. The statistical analysis results can be used to predict the relative advantages of various MUX-based PUF designs. These results can be used by the designer to choose a proper type of PUF or appropriate design parameters for a certain PUF based on the requirements of a specific application. Furthermore, a lightweight PUF-based local authentication scheme is also proposed, which eliminates the use of error correcting codes. In the next part of the dissertation, we consider another hardware protection method: obfuscation. Hardware obfuscation is a technique by which the description or the structure of electronic hardware is modified to intentionally conceal its functionality, which makes it significantly more difficult to reverse engineer. Unlike these prior works, We start to look at Digital Signal Processing (DSP) circuits. In the literature, security aspect of DSP circuits has only attracted little attention. However, high-level transformations of DSP circuit are intrinsically suitable for hardware obfuscation, as these techniques only alter the structure of a circuit, while maintaining the original functionality. Based on this finding, we present a novel design methodology for obfuscated DSP circuits by hiding functionality via high-level transformations. The key idea is to generate meaningful and non-meaningful design variations by using high-level transformations. In the final part of the dissertation, we consider the design and analysis of True Random Number Generator (TRNG), which is also an important topic in hardware security. We examine the modeling and statistical aspects of the proposed TRNG circuit. According to our model, we show that the performance of the beat-frequency detector based TRNG (BFD-TRNG) can be improved by appropriately adjusting design parameters. Motivated by the our analysis, we propose several alternate BFD-TRNG designs which could achieve improved performance. Various post-processing methods which are specific to the proposed designs are also studied.
  • Thumbnail Image
    Item
    Design and Characterization Techniques for Reliable and Secure Integrated Circuits
    (2017-02) Tang, Qianying
    For the past decades of years, device feature size has continued to shrink for achieving better performance at faster speed, lower power and higher circuit density. However, going to a smaller feature sizes also brings in reliability issues such as greater process variations and more aggressive performance degradation. To address these issues, circuits are designed with certain guard-band to avoid probable failures. In order to determine an appropriate guard-band, it is imperative to develop accurate and efficient methods for characterizing and collecting these reliability metrics. This dissertation considers two important circuit reliability issues: Random Telegraph Noise (RTN) and Radiation induced Soft Error. For characterizing the realistic impact of RTN on logic circuit, we proposed two on chip monitors using a 65nm and a 32nm process respectively based on a Beat Frequency Detection (BFD) technique. The impact of RTN on logic and SRAM performance was analyzed based on the measured data. In the chapter 3, a compact 2 Transistor (2T) radiation sensor with tunable measurement sensitivity implemented in a 65nm LP bulk process is presented. The 2T sensor array exhibits a 117X higher sensitivity as compared to a 6T SRAM cell under an alpha particle radiation test. Meanwhile, with the electronic devices become increasingly ubiquitous and interconnected, demand for secure system design has also increased. In particular, hardware-oriented security has emerged as a new solution to provide another dimension of security in additional to the conventional software-oriented security. Many of the hardware security primitives seek to leverage the process variation, in contrast to suppress it for the sake of performance, to against post-silicon attacks. For example, hardware security building blocks such as true random number generators (TRNGs) and physical unclonable functions (PUFs) employ the CMOS devices inherent variation to extract entropy: the former one takes advantage of the time-variant random noise and latter one is based on the manufacturing induced random variation. In this dissertation, one TRNG and two lightweight PUFs are presented. The TRNG measures the frequency difference between two free-running ring oscillators to extract random frequency jitter. Benefitted from the differential structure, the proposed circuit fabricated in 65nm TRNG test chips passed all 15 NIST tests without the use of any feedback or tracking scheme in a supply voltage range from 0.8V to 1.2V. The final part of the dissertation presents two lightweight PUFs that are based on existing Dynamic Random-Access Memory (DRAM) and Successive Approximation Register (SAR) Analog-to-Digital Converter (ADC) blocks respectively.
  • Thumbnail Image
    Item
    A Study on Modeling of MUX-based Physical Unclonable Functions
    (2018-04) Koyily, Anoop
    Physical Unclonable Functions (PUFs) are simple circuits that are ideal for hardware security. Typically, they are used for identifying and authenticating integrated circuits (ICs). In this work, we are interested in a class of delay based PUFs which mainly consist of multiplexers. They are known as multiplexer-based PUFs or MUX PUFs, for short. We are interested in modelling their structure and then, analyzing their performances. Our work can be mainly divided into some key contributions. First, we discuss about the different types of MUX PUFs that we deal with in this work. They are the simple or linear configuration, feed-forward configuration and modified feed-forward configuration. We then, present a typical scheme used for the authentication of these PUFs. However, much of the work concentrates on a modified version of the authentication scheme, where instead of storing a look-up table (LUT) of challenge-response pairs (CRP) in the server, we store a set of delay parameters corresponding to the physical attributes of the MUX PUF. These stored parameters are the delay-differences of the MUX stage and the arbiter delay. We show that MUX PUFs can be modelled using an additive linear delay model. The additive model helps in the computation of an important parameter, known as total delay-difference. Based on the total delay-difference, we can compute two different versions of the output or response: hard-response, which is either a `0' or `1' bit and soft-response, which can take continuous values between 0 and 1. We formulate models for obtaining both these responses. Various metrics used for the evaluation of PUF performance are discussed. The general lab setup used to collect the required PUF data is also discussed. Next, we discuss about the various effects of aging on the performance of MUX PUFs. We extend the linear delay model to include the variations in delay parameters due to aging. The model makes certain assumptions about how noise and aging affect the delay chain (consisting of the multiplexers) and the arbiter. We assume that for a fixed set of conditions, the noise can only cause a constant amount of degradation to the performance of an aging PUF. However, aging which is caused due to undesirable changes like negative bias temperature instability (NBTI), hot carrier injection (HCI) and time dependent dielectric breakdown (TDDB) results in a gradual degradation of performance. That is, the variations due to aging gradually increase with time in contrast to that of noise. In our study, we compare the standalone effects of aging and noise on the PUF. We observe that for the same amount of variation, aging degrades the authentication performance much more than noise. Furthermore, experimental aging data collected from PUFs in our lab suggest that the percent variation in delay parameters can be modelled as a Gaussian distribution. However, there is a small difference in how the percent variations of delay-differences of MUX stages and the arbiter delay are modelled. The former is a zero mean Gaussian, whereas the latter is a positive mean Gaussian with mean and variance both gradually increasing with aging. In addition, the variation in arbiter delay is assumed to be higher than that of delay-differences due to ``asymmetric'' aging in case of arbiter. This happens under unequal aging scenario. Using a Monte-Carlo based simulation for aging, authentication accuracy of the three configurations are studied. We also suggest approaches to improve the authentication accuracy that will increase the lifetime of a PUF. This can be done by either recalibrating the delay parameters or by tuning a threshold based on total delay-difference. Next, we discuss an entropy based approach that can be used to identify whether a MUX is linear or non-linear. The approach is focused on computing the conditional entropy of responses to a set of predefined challenges. The challenge set consists of randomly chosen challenges and their 1-bit neighbors. The entropy is computed across the responses of two 1-bit neighboring challenges. For non-linear MUX PUFs like feed-forward, the method determines the MUX stages which are controlled by internally generated challenge bits as opposed to external challenge bits. This is based on the observation that the conditional entropy for each of these stages is zero. Also, the number of zero conditional entropy values across the MUX stages provide an upper bound on the number of internal arbiters present in the PUF. With the proposed approach, we observe 100% sensitivity and 100% specificity for identifying non-linearity. Furthermore, we show that the proposed approach requires very less number of stable random challenges (about 50) for successfully determining whether a PUF is linear or not for real chips. Our next contribution involves a logistic regression based approach to predict the soft-response for a challenge using the total delay-difference as an input. This approach enables us to determine whether a challenge is stable or not. The approach learns a logistic function based on the total delay-difference which has just 3 parameters. Therefore, this is a simple approach which gives comparable performance against a more complex approach based on artificial neural network (ANN) models. The model demonstrates good sensitivity and precision but poor specificity. Finally, we discuss a bit-flipping algorithm used to convert the unstable challenges to stable challenges. It is based on the idea that a threshold on the total delay-difference can guarantee stability of challenges. The thresholds can be obtained empirically from the probability distributions of the total delay-difference. A straightforward approach is to discard and issue a new random challenge for authentication if the current challenge is unstable. In this paper, we propose a novel bit-flipping based approach in which we claim that by flipping few bits of the original unstable challenge, we can convert it to a stable one with minimal number of bit-flips. By using the algorithm, we are able to transform the most likely unstable challenges to stable ones, typically with 1 bit-flip for linear and modified feed-forward PUFs and 3 bit-flips for the feed-forward PUFs. These bit-flips correspond to the flips in the XOR-ed challenge. We also compare the computation complexities of best, average and worst-case scenarios for the straightforward and proposed approaches. In terms of number of addition operations, the proposed approach has slightly better average-case performance but much better worst-case performance than the straightforward approach.