Advertisement

Journal of Cryptographic Engineering

, Volume 6, Issue 2, pp 121–137 | Cite as

Secure key generation from biased PUFs: extended version

  • Roel Maes
  • Vincent van der Leest
  • Erik van der Sluis
  • Frans Willems
CHES 2015

Abstract

When the applied PUF in a PUF-based key generator does not produce full entropy responses, information about the derived key material is leaked by code-offset helper data. If the PUF’s entropy level is too low, the PUF-derived key is even fully disclosed by the helper data. In this work we analyze this entropy leakage, and provide several solutions for preventing leakage for PUFs suffering from i.i.d. biased bits. Our methods pose no limit on the amount of PUF bias that can be tolerated for achieving secure key generation, with only a moderate increase in the required PUF size. This solves an important open problem in this field. In addition, we also consider the reusability of PUF-based key generators and present a variant of our solution which retains the reusability property. In an exemplary application of these methods, we are able to derive a secure 128-bit key from a 15 %-noisy and 25 %-biased PUF requiring only 4890 PUF bits for the non-reusable variant, or 7392 PUF bits for the reusable variant.

Keywords

PUFs Key generation Code-offset method Bias  Helper data leakage 

References

  1. 1.
    Bösch, C., Guajardo, J., Sadeghi, A.R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 181–197 (2008)Google Scholar
  2. 2.
    Boyen, X.: Reusable cryptographic fuzzy extractors. In: ACM Conference on Computer and Communications Security—CCS 2004, pp. 82–91. ACM Press, New York (2004)Google Scholar
  3. 3.
    Delvaux, J., Gu, D., Schellekens, D., Verbauwhede, I.: Helper data algorithms for PUF-based key generation: overview and analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems (TCAD) (2014)Google Scholar
  4. 4.
    Delvaux, J., Verbauwhede, I.: Attacking PUF-based pattern matching key generators via helper data manipulation. In: RSA Conference Cryptographers’ Track (CT-RSA), pp. 106–131 (2014)Google Scholar
  5. 5.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Advances in Cryptology-EUROCRYPT 2004. Lecture Notes in Computer Science, vol. 3027, pp. 523–540. Springer, Berlin Heidelberg (2004)Google Scholar
  7. 7.
    Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 63–80 (2007)Google Scholar
  8. 8.
    Ignatenko, T., Willems, F.: Information leakage in fuzzy commitment schemes. IEEE Trans. Inf. Forensics Secur. 5(2), 337–348 (2010)CrossRefGoogle Scholar
  9. 9.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security. CCS ’99, pp. 28–36. ACM, New York (1999)Google Scholar
  10. 10.
    Katzenbeisser, S., Kocabas, U., Rozic, V., Sadeghi, A.R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 283–301 (2012)Google Scholar
  11. 11.
    Koeberl, P., Li, J., Maes, R., Rajan, A., Vishik, C., Wójcik, M.: Evaluation of a PUF device authentication scheme on a discrete 0.13um SRAM. In: Trusted Systems-INTRUST. Lecture Notes in Computer Science, vol. 7222, pp. 271–288. Springer, Berlin Heidelberg (2011)Google Scholar
  12. 12.
    Koeberl, P., Li, J., Rajan, A., Wu, W.: Entropy loss in PUF-based key generation schemes: The repetition code pitfall. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 44–49 (2014)Google Scholar
  13. 13.
    Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Advances in Cryptology CRYPTO 2010. Lecture Notes in Computer Science, vol. 6223, pp. 631–648. Springer, Berlin Heidelberg (2010)Google Scholar
  14. 14.
    van der Leest, V., Preneel, B., van der Sluis, E.: Soft decision error correction for compact memory-based PUFs using a single enrollment. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 268–282 (2012)Google Scholar
  15. 15.
    Lily, C.: NIST Special Publication 800-108: Recommendation for Key Derivation Using Pseudorandom Functions (revised) (2009)Google Scholar
  16. 16.
    Lily, C.: NIST Special Publication 800-56C: Recommendation for Key Derivation through Extraction-then-Expansion (2011)Google Scholar
  17. 17.
    Lim, D., Lee, J., Gassend, B., Suh, G., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. VLSI Syst. 13(10), 1200–1205 (2005)CrossRefGoogle Scholar
  18. 18.
    Maes, R.: An accurate probabilistic reliability model for silicon PUFs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 73–89 (2013)Google Scholar
  19. 19.
    Maes, R.: Physically Unclonable Functions: Constructions, Properties and Applications. Springer, New York (2013)CrossRefMATHGoogle Scholar
  20. 20.
    Maes, R., Van der Leest, V., Van der Sluis, E., Willems, F.: Secure key generation from biased PUFs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 517–534 (2015)Google Scholar
  21. 21.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Workshop on Cryptographic Hardware and Embedded Systems (CHES), pp. 332–347 (2009)Google Scholar
  22. 22.
    Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Cryptographic Hardware and Embedded Systems CHES 2012. Lecture Notes in Computer Science, vol. 7428, pp. 302–319. Springer, Berlin Heidelberg (2012)Google Scholar
  23. 23.
    Massey, J.L.: Guessing and entropy. In: IEEE International Symposium on Information Theory (ISIT), p. 204 (1994)Google Scholar
  24. 24.
    von Neumann, J.: Various techniques used in connection with random digits. In: Applied Math Series 12. National Bureau of Standards, USA (1951)Google Scholar
  25. 25.
    Skoric, B., de Vreede, N.: The Spammed Code Offset Method. Cryptology ePrint Archive, Report 2013/527 (2013). http://eprint.iacr.org/
  26. 26.
    Yu, M.D.: MRaihi, D., Sowell, R., Devadas, S.: Lightweight and secure PUF key storage using limits of machine learning. In: Cryptographic Hardware and Embedded Systems CHES 2011. Lecture Notes in Computer Science, vol. 6917, pp. 358–373. Springer, Berlin Heidelberg (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Roel Maes
    • 1
  • Vincent van der Leest
    • 1
  • Erik van der Sluis
    • 1
  • Frans Willems
    • 2
  1. 1.Intrinsic-ID b.v., High Tech Campus 9EindhovenThe Netherlands
  2. 2.TU EindhovenEindhovenThe Netherlands

Personalised recommendations