Advertisement

On the feasibility of deriving cryptographic keys from MEMS sensors

  • Oliver WillersEmail author
  • Christopher Huth
  • Jorge Guajardo
  • Helmut Seidel
  • Peter Deutsch
Regular Paper
  • 51 Downloads

Abstract

One of the main challenges in the internet of things (IoT) will be to guarantee the security of products and services enabled by it. A fundamental assumption in any cryptosystem is that secret-key material remains securely stored and unknown to attackers. To this end, physical unclonable functions have been proposed to store cryptographic secrets without the need to use non-volatile memory. In this work, we show that microelectromechanical systems (MEMS) sensors, ubiquitous in the IoT, can be used to generate a stable nearly fully entropic bit string that can be used as a secret or private key in a cryptographic algorithm. We provide experimental evidence of the stability of our methods by analyzing data from 468 off-the-shelf 3-axis MEMS gyroscopes subjected to different temperatures in the range typically required for consumer applications and standardized aging tests. The investigations are carried out on module level so that packaging influences are considered. We derive unique fingerprints from the sensors based on their characteristics, and we show that the false rejection rate (FRR) and the false acceptance rate (FAR) are below \(1 \times 10^{-6}\) for all applied test conditions. By adding up the values of FRR and the FAR, the highest probability for an authentication error is \(4.1 \times 10^{-6}\). Furthermore, we extract stable keys from the fingerprints. The extracted key length lies in a range between 27 and 150 bits depending on the applied test conditions and the used entropy estimation method.

Keywords

Physical Unclonable Functions PUFs Microelectromechanical devices Hardware security IoT security 

Notes

References

  1. 1.
    Asokan, N., Brasser, F.F., Ibrahim, A., Sadeghi, A., Schunter, M., Tsudik, G., Wachsmann, C.: SEDA: Scalable embedded device attestation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security—CCS 2015, pp. 964–975 (2015)Google Scholar
  2. 2.
    Aysu, A., Ghalaty, N.F., Franklin, Z., Yali, M.P., Schaumont, P.: Digital fingerprints for low-cost platforms using MEMS sensors. In: Proceedings of the Workshop on Embedded Systems Security—WESS 2013. ACM (2013)Google Scholar
  3. 3.
    Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a PUF-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems—CHES, LNCS 2015, vol. 9293, pp. 556–576. Springer, Berlin (2015)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) Proceedings of the 1st ACM Conference on Computer and Communications Security—CCS 1993, pp. 62–73. ACM (1993)Google Scholar
  5. 5.
    Boehm, C.: Physical Unclonable Functions in Theory and Practice. Springer, Berlin (2013)CrossRefGoogle Scholar
  6. 6.
    Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identification via sensor fingerprinting. CoRR arxiv: abs/1408.1416 (2014)
  7. 7.
    Bowman, A.W., Azzalini, A.: Applied Smoothing Techniques for Data Analysis. Oxford University Press Inc, New York (1997)zbMATHGoogle Scholar
  8. 8.
    Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.D.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT, 2005, LNCS, vol. 3494, pp. 147–163. Springer, Berlin (2005)CrossRefGoogle Scholar
  9. 9.
    Brasser, F.F., Mahjoub, B.E., Sadeghi, A., Wachsmann, C., Koeberl, P.: TyTAN: tiny trust anchor for tiny devices. In: Proceedings of the 52nd Annual Design Automation Conference—DAC 2015, pp. 34:1–34:6. ACM (2015)Google Scholar
  10. 10.
    Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Chang, Y.J., Zhang, W., Chen, T.: Biometrics-based cryptographic key generation. In: IEEE International Conference on Multimedia and Expo (ICME), vol. 3 (2004)Google Scholar
  12. 12.
    Chen, C., Veldhuis, R.N.J., Kevenaar, T.A.M., Akkermans, A.H.M.: Multi-bits biometric string generation based on the likelihood ratio. In: First IEEE International Conference on Biometrics: Theory, Applications, and Systems, pp. 1–6 (2007)Google Scholar
  13. 13.
    Cigada, A., Leo, E., Vanali, M.: Electrical method to measure the dynamic behaviour and the quadrature error of a MEMS gyroscope sensor. Sens. Actuat. A Phys. 134(1), 88–97 (2007)CrossRefGoogle Scholar
  14. 14.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, New York (2006)zbMATHGoogle Scholar
  15. 15.
    Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., Yu, M.M.: Efficient fuzzy extraction of PUF-induced secrets: theory and applications. In: Gierlichs, B., Poschmann, A.Y. (eds.) Cryptographic Hardware and Embedded Systems—CHES, 2016, LNCS, vol. 9813, pp. 412–431. Springer, Berlin (2016)Google Scholar
  16. 16.
    Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M.K. (ed.) Advances in Cryptology—CRYPTO, 2004, LNCS, vol. 3152, pp. 494–510. Springer, Berlin (2004)CrossRefGoogle Scholar
  17. 17.
    Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) Advances in Cryptology—CRYPTO 2006, pp. 232–250. Springer, Berlin (2006)Google Scholar
  18. 18.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. An extended abstract appears in [19]. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) Advances in cryptology—EUROCRYPT 2004, pp. 523–540. Springer, Berlin (2004)Google Scholar
  20. 20.
    Dodis, Y., Yu, Y.: Overcoming weak expectations. In: Sahai, A. (ed.) Theory of Cryptography—10th Theory of Cryptography Conference (TCC), LNCS, vol. 7785, pp. 1–22. Springer, Berlin (2013)Google Scholar
  21. 21.
    Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: SMART: secure and minimal architecture for (establishing dynamic) root of trust. In: 19th Network and Distributed System Security (NDSS) Symposium. The Internet Society, Reston (2012)Google Scholar
  22. 22.
    Franken, E., Peeters, M.: Context tree weighting implementation version 0.1. Technical report, Eindhoven University of Technology (2002)Google Scholar
  23. 23.
    Fraux, R.: Bosch BMI160 vs ST LSM6DSM. Reverse Costing and Technology Analysis. System Plus Consulting, Nantes (2017)Google Scholar
  24. 24.
    Ganji, F., Tajik, S., Fäßler, F., Seifert, J.: Having no mathematical model may not secure PUFs. J. Cryptogr. Eng. 7(2), 113–128 (2017)CrossRefGoogle Scholar
  25. 25.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security—CCS 2002, pp. 148–160. ACM (2002)Google Scholar
  26. 26.
    Github: SP800-90B Entropy Assessment. https://github.com/usnistgov/SP800-90B_EntropyAssessment. Accessed 05 March 2018
  27. 27.
    Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007, LNCS, vol. 4727, pp. 63–80. Springer, Berlin (2007)Google Scholar
  28. 28.
    Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: International Conference on Field Programmable Logic and Applications (FPL), pp. 189–195 (2007)Google Scholar
  29. 29.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning physically unclonable functions. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6 (2013)Google Scholar
  31. 31.
    Hodges, J.L., Cam, L.L.: The Poisson approximation to the Poisson binomial distribution. Ann. Math. Stat. 31(3), 737–740 (1960)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  33. 33.
    Hsu, W.T., Brown, A.R.: Frequency trimming for MEMS resonator oscillators. In: IEEE International Frequency Control Symposium Joint with the 21st European Frequency and Time Forum, pp. 1088–1091 (2007)Google Scholar
  34. 34.
    Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the secrecy-rate of physical unclonable functions with the context-tree weighting method. In: IEEE International Symposium on Information Theory, pp. 499–503 (2006)Google Scholar
  35. 35.
    Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the secrecy-rate of physical unclonable functions with the context-tree weighting method. In: 2006 IEEE International Symposium on Information Theory, pp. 499–503. IEEE (2006)Google Scholar
  36. 36.
    JEDEC Solid State Technology Association Standard—JESD22-A103E: High Temperature Storage Life (2015). Revision of JESD22-A103D (2010)Google Scholar
  37. 37.
    JEDEC Solid State Technology Association Standard—JESD22-A104D: Temperature Cycling (2009). Revision of JESD22-A104C (2005)Google Scholar
  38. 38.
    Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012, pp. 283–301. Springer, Berlin (2012)CrossRefGoogle Scholar
  39. 39.
    Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) Advances in Cryptology—CRYPTO 2010, LNCS, vol. 6223, pp. 631–648. Springer, Berlin (2010)Google Scholar
  40. 40.
    Laermer, F., Schilp, A.: Method of Anisotropically Etching Silicon, US patent (1996)Google Scholar
  41. 41.
    Lahrach, A.: Bosch IMU in iPhone X. Reverse Costing and Technology Analysis. System Plus Consulting, Nantes (2018)Google Scholar
  42. 42.
    Lee, J., Lim, D., Gassend, B., Suh, G., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: 2004 Symposium on VLSI Circuits, Digest of Technical Papers, pp. 176–179 (2004)Google Scholar
  43. 43.
    Lindroos, V., Tilli, M., Lehto, A., Motooka, T.: Handbook of Silicon Based MEMS Materials and Technologies. Elsevier Inc, Amsterdam (2010)Google Scholar
  44. 44.
    Linnartz, J.M.G., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) Proceedings of the 4th International Conference on Audio-and Video-Based Biometrie Person Authentication—AVBPA 2003, LNCS, vol. 2688, pp. 393–402. Springer, Berlin (2003)Google Scholar
  45. 45.
    Maes, R.: Physically Unclonable Functions: Constructions. Properties and Applications. Springer, Berlin (2013)CrossRefzbMATHGoogle Scholar
  46. 46.
    Maes, R., van der Leest, V., van der Sluis, E., Willems, F.M.J.: Secure key generation from biased PUFs: extended version. J. Cryptogr. Eng. 6(2), 121–137 (2016)CrossRefzbMATHGoogle Scholar
  47. 47.
    Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: A fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012, LNCS, vol. 7428, pp. 302–319. Springer, Berlin (2012)Google Scholar
  48. 48.
    Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: IEEE/ACM International Conference on Computer-Aided Design—ICCAD 2008, pp. 670–673 (2008)Google Scholar
  49. 49.
    May, G.S., Spanos, C.J.: Statistical process control. In: Fundamentals of Semiconductor Manufacturing and Process Control, chap. 6, pp. 181–227. Wiley, New York (2006)Google Scholar
  50. 50.
    Mgc.co.jp: Non-haloganated low CTE BT resin laminate for IC plastic packages. http://www.mgc.co.jp/eng/products/lm/btprint/lineup/hfbt.html. Accessed 24 July 2017
  51. 51.
    Nedospasov, D., Seifert, J.P., Helfmeier, C., Boit, C.: Invasive PUF analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography—FDTC 2013, pp. 30–38. IEEE (2013)Google Scholar
  52. 52.
    Neul, R., Gomez, U., Kehr, K., Bauer, W., Classen, J., Doring, C., Esch, E., Gotz, S., Hauer, J., Kuhlmann, B., Lang, C., Veith, M., Willig, R.: Micromachined gyros for automotive applications. In: IEEE Sensors, pp. 527–530 (2005)Google Scholar
  53. 53.
    Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996)MathSciNetCrossRefzbMATHGoogle Scholar
  54. 54.
    Orshansky, M., Nassif, S.R., Boning, D.: Front end variability. In: Design for Manufacturability and Statistical Design: A Constructive Approach, chap. 2, pp. 11–41. Springer, Berlin (2008)Google Scholar
  55. 55.
    Reyzin, L.: Entropy Loss is Maximal for Uniform Inputs. Technical Report BUCS-TR-2007-011. Boston University, Boston (2007)Google Scholar
  56. 56.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security—CCS 2010, pp. 237–249. ACM (2010)Google Scholar
  57. 57.
    Samyde, D., Skorobogatov, S.P., Anderson, R.J., Quisquater, J.: On a new way to read data from memory. In: Proceedings of the First International IEEE Security in Storage Workshop – SISW 2002, pp. 65–69. IEEE Computer Society (2002)Google Scholar
  58. 58.
    Skorobogatov, S.P.: Data remanence in flash memory devices. In: J.R. Rao, B. Sunar (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, Lecture Notes in Computer Science, vol. 3659, pp. 339–353. Springer, Berlin (2005)Google Scholar
  59. 59.
    Suh, G., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th Design Automation Conference—DAC 2007, pp. 9–14 (2007)Google Scholar
  60. 60.
    Sumibe.co.jp: Epoxy resin molding compounds for encapsulation of semiconductor devices. http://www.sumibe.co.jp/english/product/it-materials/epoxy/sumikon-eme/. Accessed 24 July 2017
  61. 61.
    Tanner, D.M., Owen, A.C., Rodriguez, F.: Resonant frequency method for monitoring MEMS fabrication. Proc. SPIE 4980, 4980 (2003)Google Scholar
  62. 62.
    Tatar, E., Alper, S., Akin, T.: Quadrature-error compensation and corresponding effects on the performance of fully decoupled MEMS gyroscopes. J. Microelectromech. Syst. 21(3), 656–667 (2012)CrossRefGoogle Scholar
  63. 63.
    Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.: Recommendation for the entropy sources used for random bit generation (second draft). Special publication 800-90b, National Institute of Standards and Technology (2016)Google Scholar
  64. 64.
    Tuyls, P., Schrijen, G.J., Skoric, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, LNCS, vol. 4249, pp. 369–383. Springer, Berlin (2006)Google Scholar
  65. 65.
    Willems, F.M.J., Shtarkov, Y.M., Tjalkens, T.J.: The context-tree weighting method: basic properties. IEEE Trans. Inf. Theory 41(3), 653–664 (1995)CrossRefzbMATHGoogle Scholar
  66. 66.
    Willems, F.M.J., Shtarkov, Y.M., Tjalkens, T.J.: Context weighting for general finite-context sources. IEEE Trans. Inf. Theory 42(5), 1514–1520 (1996)CrossRefzbMATHGoogle Scholar
  67. 67.
    Willers, O., Curcic, M., Seidel, H.: Fingerprinting MEMS gyroscopes. In: Proceedings of the 11th Smart Systems Integration (SSI), pp. 133–140 (2017)Google Scholar
  68. 68.
    Willers, O., Huth, C., Guajardo, J., Seidel, H.: MEMS gyroscopes as physical unclonable functions. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security—CCS 2016, pp. 591–602. ACM (2016)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department Research and Advance EngineeringRobert Bosch GmbHStuttgartGermany
  2. 2.Research and Technology CenterRobert Bosch LLCPittsburghUSA
  3. 3.Chair of Micromechanics, Microfluidics/MicroactuatorsSaarland UniversitySaarbrückenGermany

Personalised recommendations