PUF-Based Software Protection for Low-End Embedded Devices

  • Florian KohnhäuserEmail author
  • André Schaller
  • Stefan Katzenbeisser
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9229)


In recent years, low-end embedded devices have been used increasingly in various scenarios, ranging from consumer electronics to industrial equipment. However, this evolution made embedded devices profitable targets for software piracy and software manipulation. Aggravating this situation, low-end embedded devices typically lack secure hardware to effectively protect against such attacks. In this work, we present a novel software protection scheme, which is particularly suited for already deployed low-end embedded devices without secure hardware. Our approach combines techniques based on self-checksumming code with Physically Unclonable Functions (PUFs) to establish a hardware-assisted software protection. In this way, we can tie the execution of a software instance to a specific device and protect its program code against manipulations. We show that our software protection scheme offers a high level of security against static adversaries and demonstrate that dynamic adversaries require considerable resources to perform a successful attack. To explore the feasibility of our solution, we implemented the protection scheme on an ARM-based low-end commodity microcontroller. A further performance evaluation shows that the implemented solution exhibits a fair overhead of ten percent.


Hash Function Program Code Trusted Platform Module Protected Program Digital Right Management 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Armknecht, F., Maes, R., Sadeghi, A.-R., Sunar, B., Tuyls, P.: Memory leakage-resilient encryption based on physically unclonable functions. In: Sadeghi, A.-R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. Information Security and Cryptography, pp. 135–164. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010)CrossRefGoogle Scholar
  3. 3.
    Aucsmith, D.: Tamper resistant software: an implementation. In: Anderson, R. (ed.) Information Hiding, vol. 1174, pp. 317–333. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  4. 4.
    van den Berg, R., Skoric, B., van der Leest, V.: Bias-based modeling and entropy analysis of PUFs. In: ACM Proceedings of the 3rd International Workshop on Trustworthy Embedded Devices TrustED (2013)Google Scholar
  5. 5.
    Blum, M., Kannan, S.: Designing programs that check their work. J. ACM JACM 42(1), 269–291 (1995)zbMATHCrossRefGoogle Scholar
  6. 6.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  7. 7.
    Chang, H., Atallah, M.J.: Protecting software code by guards. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 160–175. Springer, Heidelberg (2002)Google Scholar
  8. 8.
    Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious hashing a stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) Information Hiding. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Claes, M., van der Leest, V., Braeken, A.: Comparison of SRAM and FF PUF in 65nm technology. In: Laud, P. (ed.) NordSec 2011. LNCS, vol. 7161, pp. 47–64. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  10. 10.
    Clang: A C language family frontend for LLVM.
  11. 11.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  12. 12.
    Gora, M.A., Maiti, A., Schaumont, P.: A flexible design flow for software IP binding in commodity FPGA. In: IEEE Symposium on Industrial Embedded Systems IEEE SIES (2009)Google Scholar
  13. 13.
    van Herrewege, A., Verbauwhede, I.: Software only, extremely compact, keccak-based secure PRNG on ARM Cortex-M. In: ACM Proceedings of the 51st Annual Design Automation Conference (2014)Google Scholar
  14. 14.
    Herzberg, A., Shulman, H., Saxena, A., Crispo, B.: Towards a theory of white-box security. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol. 297, pp. 342–352. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  15. 15.
    Horne, B., Matheson, L., Sheehan, C., Tarjan, R.E.: Dynamic self-checking techniques for improved tamper resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141–159. Springer, Heidelberg (2002) CrossRefGoogle Scholar
  16. 16.
    Jacob, M., Jakubowski, M.H., Venkatesan, R.: Towards integral binary execution: implementing oblivious hashing using overlapped instruction encodings. In: ACM Workshop on Multimedia & Security MM&Sec (2007)Google Scholar
  17. 17.
    KPMG: Managing the Risks of Counterfeiting in the Information Technology Industry. Accessed 23 June 2015
  18. 18.
    Larsen, P., Homescu, A., Brunthaler, S., Franz, M.: SoK: automated software diversity. In: IEEE Symposium on Security and Privacy S&P (2014)Google Scholar
  19. 19.
    Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: IEEE Symposium on Code Generation and Optimization (2014)Google Scholar
  20. 20.
    Lazebnik, F.: On systems of linear diophantine equations. In: Mathematics Magazine (1996)Google Scholar
  21. 21.
    van der Leest, V., van der Sluis, E., Schrijen, G.-J., Tuyls, P., Handschuh, H.: Efficient implementation of true random number generator based on SRAM PUFs. In: Naccache, D. (ed.) Cryphtography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 300–318. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  22. 22.
    Maes, R., Verbauwhede, I.: Physically unclonable functions: a study on the state of the art and future research directions. In: Sadeghi, A.-R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, pp. 3–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Nithyanand, R., Solis, J.: A theoretical analysis: physical unclonable functions and the software protection problem. In: IEEE Symposium on Security and Privacy S&P (2012)Google Scholar
  24. 24.
    Schaller, A., Arul, T., van der Leest, V., Katzenbeisser, S.: Lightweight anti-counterfeiting solution for low-end commodity hardware using inherent PUFs. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 83–100. Springer, Heidelberg (2014) Google Scholar
  25. 25.
    Schneier on Security: Security Risks of Embedded Systems. Accessed 23 June 2015
  26. 26.
    Wikipedia: DeCSS. Accessed 23 June 2015

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Florian Kohnhäuser
    • 1
    Email author
  • André Schaller
    • 1
  • Stefan Katzenbeisser
    • 1
  1. 1.Security Engineering GroupTU DarmstadtDarmstadtGermany

Personalised recommendations