Design and Security Analysis of TRNGs and PUFs
Time: Mon 2022-02-21 09.00
Location: Ka-Sal C (Sven-Olof Öhrvik), Kistagången 16, Electrum 1, floor 2, Kista, Kista
Video link: https://kth-se.zoom.us/s/63391272873
Subject area: Information and Communication Technology
Doctoral student: Yang Yu , Elektronik och inbyggda system
Opponent: Professor Ilia Polian, University of Stuttgart
Supervisor: Professor Elena Dubrova, Elektronik och inbyggda system; Professor Zhonghai Lu, Elektronik och inbyggda system
True Random Number Generators (TRNGs) and Physical Unclonable Functions (PUFs) are two important types of cryptographic primitives. TRNGs create a hardware-based, non-deterministic noise that is often used for generating keys, initialization vectors, and nonces for various applications that require cryptographic protection. PUFs have been proposed as a tamper-resistant alternative to the traditional secret key generation and challenge-response authentication methods. A compromised TRNG or PUF can lead to a system-wide loss of security.
The conventional TRNG or PUF designs are challenged by new attack vectors such as deep learning-based side-channel analysis. In this dissertation, we propose several new PUF and TRNG designs and evaluations of their performance and security.
The first PUF we introduce is called threshold PUF. We show that, in principle, any n-input threshold logic gate can be used as a base for building an n-input PUF. We implement and evaluate a threshold PUF based on recently proposed threshold logic flip-flops using SPICE simulation as a proof of concept. Threshold PUFs open up the possibility of using the rich body of knowledge on threshold logic implementations for designing PUFs.
The second proposed design is a lightweight PUF construction called CRC-PUF, which focuses on protecting PUFs against machine learning-based modeling attacks. In CRC-PUF, input challenges are de-synchronized from output responses to make the PUF model difficult to learn. The input transformation which does the de-synchronization is based on a Cyclic Redundancy Check (CRC), thus the name CRC-PUF. By changing the CRC generator polynomial for each new response, we assure that recovering the transforming challenge has a success probability of at most 2-86 for 128-bit challenge-response pairs.
The first TRNG design we introduce is based on a Non-Linear Feedback Ring Oscillator (NLFRO). The proposed NLFRO-TRNG structure harvests randomness from noise and unpredictable variations in delay cells and bi-stable elements, which is further amplified by the formation of non-linear feedback loops. The NLFRO outputs have chaotic behavior, allowing the construction of TRNGs with high entropy and speed. We implement three NLFRO-TRNGs on FPGA and evaluate the properties of the implementations with the NIST 800-90B entropy estimation and NIST 800-22 statistical test suits.
The second proposed TRNG design is based on a strong PUF. The PUF based TRNG exploits the inherent determinism of PUF to enable in-field testing of the entropy sources by known answer tests. We present a prototype FPGA implementation of the proposed TRNG based on an arbiter PUF that passes all NIST 800-22 statistical tests and has the minimal entropy of 0.918 estimated according to NIST 800-90B recommendations.
Apart from TRNG and PUF designs, it is crucial to consider potential attack vectors that can be created leveraging recently emerged technologies. To that end, in the second part of this dissertation, we introduce a novel attack on FPGA-based PUF and TRNG implementations that combines bitstream modification along with deep learning-based side-channel analysis. We evaluate this new attack vector on the design of an arbiter PUF and a ring oscillator-based TRNG implemented on Xilinx Artix-7 28nm FPGAs. In both cases, we are able to achieve close to 100% classification accuracy to recover the output or response. In the case of the arbiter PUF, the attack can even overcome countermeasures that are based on encrypting the challenges or responses.
With such potent attack vectors readily available, the construction of strong countermeasures is necessary. Unfortunately, many of the state-of-the-art countermeasures are one-sided. In the final part of the dissertation, we use a countermeasure proposed for the protection of the Advanced Encryption Standard as an example. We conduct experiments and conclude that it can assist another type of side-channel attack that is not considered by the countermeasure.