A PUF-Based Key Storage Scheme Using Fuzzy Vault †
Abstract
:1. Introduction
- We demonstrate that the fuzzy PUFs can be used to secretly store important data without the error-correction algorithm, which is a new train of thought about how to use PUFs in an embedded system.
- We implemented the PUF-based Fuzzy Vault in Python. The pre-processing processes for both weak and strong PUFs are designed to make our design more suitable for PUFs.
- The runtime and successful rate of the new proposal are evaluated with one existing weak PUF and one existing strong PUF implementation.
- We discussed the security and possible improvements of the new proposal.
- In the submitted paper, we introduced the motivation and design philosophy of our protocols.
- Based on the theoretical analysis, we demonstrated two schemes for both the weak PUF and strong PUF, where the method for weak PUF is the extension of our conference paper and the method for strong PUF is a new proposal.
- The evaluation was performed on existing weak PUF and strong PUF designs to show the universality of our design compared with the DRAM-PUF-based evaluation in the conference paper.
- The runtime and successful rate of our design are further evaluated with both the weak and strong PUFs. The test results demonstrate that our proposal can reach a 100% reconstruction rate under some specific parameters with less than 1 s of locking time and a few seconds of unlocking time.
- We rigorously analyze the security of our methods using a more comprehensive lens.
2. Background
2.1. Physical Unclonable Functions
2.2. Helper Data Algorithm
2.3. Fuzzy Vault Scheme
3. Proposed Key Storage Method
3.1. Design Philosophy
3.2. Leveraging Weak PUFs
Algorithm 1 process |
|
Algorithm 2 process |
|
3.3. Leveraging Strong PUFs
4. Security Analysis
4.1. Brute Force Attack
4.2. Correlation Attack
4.3. Modeling Attack for Strong PUFs
5. Experimental Setup
6. Experimental Results and Discussion
6.1. The Test Results for Our Proposal Based on Weak PUF
6.2. The Test Results for Our Proposal Based on Strong PUF
6.3. Discussion and Comparisons
7. Conclusions
Author Contributions
Funding
Institutional Review Board Statement
Informed Consent Statement
Data Availability Statement
Conflicts of Interest
References
- Intrinsic ID, Inc. White Paper: Protecting the IoT with Invisible Keys; Technical Report; Intrinsic ID, Inc.: Sunnyvale, CA, USA, 2010. [Google Scholar]
- Gassend, B.; Clarke, D.; Van Dijk, M.; Devadas, S. Silicon physical random functions. In Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, 18–22 November 2002; pp. 148–160. [Google Scholar]
- Rührmair, U.; Holcomb, D.E. PUFs at a glance. In Proceedings of the 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 24–28 March 2014; pp. 1–6. [Google Scholar]
- Pappu, R.; Recht, B.; Taylor, J.; Gershenfeld, N. Physical one-way functions. Science 2002, 297, 2026–2030. [Google Scholar] [CrossRef] [PubMed] [Green Version]
- Delvaux, J.; Gu, D.; Schellekens, D.; Verbauwhede, I. Helper Data Algorithms for PUF-Based Key Generation: Overview and Analysis. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 2015, 34, 889–902. [Google Scholar] [CrossRef] [Green Version]
- Dries, S. Design and Analysis of Trusted Computing Platforms. Ph.D. Thesis, Catholic University of Leuven, Leuven, Belgium, 2013. [Google Scholar]
- Tuyls, P.; Skoric, B.; Kevenaar, T. Security with Noisy Data: Private Biometrics, Secure Key Storage and Anti-Counterfeiting; Springer: Berlin/Heidelberg, Germany, 2007. [Google Scholar]
- Ari, J.; Madhu, S. A Fuzzy Vault Scheme. Des. Codes Cryptogr. 2006, 38, 237–257. [Google Scholar]
- Geng, S.; Giannopoulou, G.; Kabir-Querrec, M. Privacy Protection in Distributed Fingerprint-Based Authentication. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, WPES’19, London, UK, 11 November 2019; Association for Computing Machinery: New York, NY, USA, 2019; pp. 125–129. [Google Scholar]
- Nandakumar, K.; Jain, A.K.; Pankanti, S. Fingerprint-Based Fuzzy Vault: Implementation and Performance. IEEE Trans. Inf. Forensics Secur. 2007, 2, 744–757. [Google Scholar] [CrossRef]
- Tucakov, D. OpenSSL Tutorial: How Do SSL Certificates, Private Keys, & CSRs Work? Available online: https://phoenixnap.com/kb/openssl-tutorial-ssl-certificates-private-keys-csrs (accessed on 30 January 2023).
- Yadav, G. Cryptographic Key Storage Options & Best Practices. Available online: https://www.globalsign.com/en/blog/cryptographic-key-management-and-storage-best-practice (accessed on 30 January 2023).
- Developers, A. Android Keystore System. Available online: https://developer.android.com/training/articles/keystore (accessed on 30 January 2023).
- Kholmatov, A.; Yanikoglu, B. Realization of Correlation Attack Against the Fuzzy Vault Scheme. Int. Soc. Opt. Photonics 2008, 6819, 263–269. [Google Scholar]
- Paul, C.; Yuan, C.; Xiaojin, Z.; Leilei, Z.; Fan, Z. Locking Secret Data in the Vault Leveraging Fuzzy PUFs. In Proceedings of the 2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST), Xi’an, China, 16–17 December 2019. [Google Scholar]
- Holcomb, D.E.; Burleson, W.P.; Fu, K. Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In Proceedings of the Conference on RFID Security, Malaga, Spain, 11–13 July 2007. [Google Scholar]
- Xiong, W.; Schaller, A.; Anagnostopoulos, N.A.; Saleem, M.U.; Gabmeyer, S.; Katzenbeisser, S.; Szefer, J. Run-time Accessible DRAM PUFs in Commodity Devices. In Proceedings of the Cryptographic Hardware and Embedded Systems—CHES 2016, Santa Barbara, CA, USA, 17–19 August 2016; Volume 9813, pp. 432–453. [Google Scholar]
- Hashemian, M.S.; Singh, B.; Wolff, F.; Clay, S.; Papachristou, C. A robust authentication methodology using physical unclonable functions in DRAM arrays. In Proceedings of the Desigh, Automation Test in Europe Conference Exhibition, DATE 2015, Grenoble, France, 9–13 March 2015; pp. 647–652. [Google Scholar]
- Kim, J.S.; Patel, M.; Hassan, H.; Mutlu, O. The DRAM Latency PUF: Quickly Evaluating Physical Unclonable Functions by Exploiting the Latency-Reliability Tradeoff in Modern Commodity DRAM Devices. In Proceedings of the 2018 IEEE International Symposium on High Performance Computer Architecture, HPCA 2018, Vienna, Austria, 24–28 February 2018; pp. 194–207. [Google Scholar]
- Gassend, B.; Lim, D.; Clarke, D.; Van Dijk, M.; Devadas, S. Identification and authentication of integrated circuits. Concurr. Comput. Pract. Exp. 2004, 16, 1077–1098. [Google Scholar] [CrossRef]
- Helinski, R.; Acharyya, D.; Plusquellic, J. A physical unclonable function defined using power distribution system equivalent resistance variations. In Proceedings of the 2009 46th ACM&IEEE Design Automation Conference, San Francisco, CA, USA, 26–31 July 2009; pp. 676–681. [Google Scholar]
- Yao, Y.; Kim, M.; Li, J.; Markov, I.L.; Koushanfar, F. ClockPUF: Physical Unclonable Functions based on clock networks. In Proceedings of the 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 18–22 March 2013; pp. 422–427. [Google Scholar]
- Rührmair, U.; Jaeger, C.; Bator, M.; Stutzmann, M.; Lugli, P.; Csaba, G. Applications of high-capacity crossbar memories in cryptography. IEEE Trans. Nanotechnol. 2010, 10, 489–498. [Google Scholar] [CrossRef]
- Rührmair, U.; Sehnke, F.; Sölter, J.; Dror, G.; Devadas, S.; Schmidhuber, J. Modeling attacks on physical unclonable functions. In Proceedings of the 17th ACM Conference on Computer and Communications Security, Chicago, IL, USA, 4–8 October 2010; pp. 237–249. [Google Scholar]
- Rührmair, U.; Sölter, J.; Sehnke, F.; Xu, X.; Mahmoud, A.; Stoyanova, V.; Dror, G.; Schmidhuber, J.; Burleson, W.; Devadas, S. PUF modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forensics Secur. 2013, 8, 1876–1891. [Google Scholar] [CrossRef] [Green Version]
- Dodis, Y.; Ostrovsky, R.; Reyzin, L.; Smith, A. Fuzzy Extractors: How to generate strong keys from biometrics and other noisy data. SIAMJ. Comput. 2008, 38, 97–139. [Google Scholar] [CrossRef] [Green Version]
- Schaller, A.; Xiong, W.; Anagnostopoulos, N.A.; Saleem, M.U.; Gabmeyer, S.; Skoric, B.; Katzenbeisser, S.; Szefer, J. Decay-Based DRAM PUFs in Commodity Devices. IEEE Trans. Dependable Secur. Comput. 2019, 16, 1–14. [Google Scholar] [CrossRef]
- Uludag, U.; Pankanti, S.; Jain, A.K. Fuzzy Vault for Fingerprints. In Proceedings of the Proceedings of the 5th International Conference on Audio- and Video-Based Biometric Person Authentication, AVBPA’05, Hilton Rye Town, NY, USA, 20–22 July 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 310–319. [Google Scholar]
- Li, P.; Yang, X.; Cao, K.; Tao, X.; Wang, R.; Tian, J. An Alignment-Free Fingerprint Cryptosystem Based on Fuzzy Vault Scheme. J. Netw. Comput. Appl. 2010, 33, 207–220. [Google Scholar] [CrossRef]
- Dodis, Y.; Reyzin, L.; Smith, A. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In International Conference on the Theory and Applications of Cryptographic Techniques; Springer: Berlin/Heidelberg, Germany, 2004; pp. 523–540. [Google Scholar]
- Pankanti, S.; Prabhakar, S.; Jain, A.K. On the individuality of fingerprints. IEEE Trans. Pattern Anal. Mach. Intell. 2002, 24, 1010–1025. [Google Scholar] [CrossRef]
- Sobolewski, J.S. Cyclic Redundancy Check. In Encyclopedia of Computer Science; John Wiley and Sons Ltd.: Chichester, UK; pp. 476–479.
- Rahman, M.T.; Hosey, A.; Guo, Z.; Carroll, J.; Forte, D.; Tehranipoor, M. Systematic Correlation and Cell Neighborhood Analysis of SRAM PUF for Robust and Unique Key Generation. Journal of Hardware and System Security. 2017, 1, 137–155. [Google Scholar] [CrossRef] [Green Version]
- Zhao, Q.; Cao, Y.; Zhao, X.; Chang, C.H. A Current Comparator Based Physical Unclonable Function with High Reliability and Energy Efficiency. In Proceedings of the 2018 IEEE 23rd International Conference on Digital Signal Processing (DSP), Shanghai, China, 19–21 November 2018; pp. 1–4. [Google Scholar]
- Keller, C.; Gürkaynak, F.; Kaeslin, H.; Felber, N. Dynamic memory-based physically unclonable function for the generation of unique identifiers and true random numbers. In Proceedings of the IEEE International Symposium on Circuits and Systems, ISCAS, Melbourne, Australia, 1–5 June 2014; pp. 2740–2743. [Google Scholar]
- Nguyen, P.H.; Sahoo, D.P.; Chakraborty, R.S.; Mukhopadhyay, D. Security analysis of arbiter PUF and its lightweight compositions under predictability test. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 2016, 22, 1–28. [Google Scholar] [CrossRef]
- Siddhanti, A.A.; Bodapati, S.; Chattopadhyay, A.; Maitra, S.; Roy, D.; Stănică, P. Analysis of the Strict Avalanche Criterion in Variants of Arbiter-Based Physically Unclonable Functions. In Proceedings of the International Conference on Cryptology in India, Hyderabad, India, 15–18 December 2019; Springer: Berlin/Heidelberg, Germany, 2019; pp. 556–577. [Google Scholar]
- Brederlow, R.; Prakash, R.; Paulus, C.; Thewes, R. A low-power true random number generator using random telegraph noise of single oxide-traps. In Proceedings of the 2006 IEEE International Solid State Circuits Conference-Digest of Technical Papers, San Francisco, CA, USA, 6–9 February 2006; pp. 1666–1675. [Google Scholar]
- Pareschi, F.; Setti, G.; Rovatti, R. Implementation and testing of high-speed CMOS true random number generators based on chaotic systems. IEEE Trans. Circuits Syst. I: Regul. Pap. 2010, 57, 3124–3137. [Google Scholar] [CrossRef]
- Kinniment, D.; Chester, E. Design of an on-chip random number generator using metastability. In Proceedings of the 28th European Solid-State Circuits Conference, Florence, Italy, 24–26 September 2002; pp. 595–598. [Google Scholar]
- Bucci, M.; Luzzi, R. Fully digital random bit generators for cryptographic applications. IEEE Trans. Circuits Syst. I Regul. Pap. 2008, 55, 861–875. [Google Scholar] [CrossRef]
- Chauhan, A.S.; Sahula, V.; Mandal, A.S. Novel Randomized Biased Placement for FPGA Based Robust Random Number Generator with Enhanced Uniqueness. In Proceedings of the 2019 32nd International Conference on VLSI Design and 2019 18th International Conference on Embedded Systems (VLSID), Delhi, India, 5–9 January 2019; pp. 353–358. [Google Scholar]
- Jin, C.; Burleson, W.; van Dijk, M.; Rührmair, U. Programmable access-controlled and generic erasable PUF design and its applications. J. Cryptogr Eng. 2022, 12, 413–432. [Google Scholar] [CrossRef]
- Örencik, C.; Pedersen, T.B.; Savaş, E.; Keskinöz, M. Improved Fuzzy Vault Scheme for Fingerprint Verification; Springer: Berlin/Heidelberg, Germany, 2008. [Google Scholar]
- Örencik, C.; Pedersen, T.B.; Savaş, E.; Keskinöz, M. Securing fuzzy vault schemes through biometric hashing. Turk. J. Electr. Eng. Comput. Sci. 2010, 18, 515–539. [Google Scholar] [CrossRef]
- Nguyen, M.T.; Truong, Q.H.; Dang, T.K. Enhance fuzzy vault security using nonrandom chaff point generator. Inf. Process. Lett. 2016, 116, 53–64. [Google Scholar] [CrossRef]
- Leng, L.; Teoh, A.B.J. Alignment-free row-co-occurrence cancelable palmprint Fuzzy Vault. Pattern Recognit. 2015, 48, 2290–2303. [Google Scholar] [CrossRef]
- Cao, Y.; Zheng, W.; Zhao, X.; Chang, C.H. An Energy-Efficient Current-Starved Inverter Based Strong Physical Unclonable Function With Enhanced Temperature Stability. IEEE Access 2019, 7, 105287–105297. [Google Scholar] [CrossRef]
- Roel, M.; Anthony, V.H.; Ingrid, V. PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator. In Proceedings of the Cryptographic Hardware and Embedded Systems—CHES 2012: 14th International Workshop, Leuven, Belgium, 9–12 September 2012; Volume 7428, pp. 302–319. [Google Scholar]
- Gao, Y.; Su, Y.; Yang, W.; Chen, S.; Nepal, S.; Ranasinghe, D.C. Building Secure SRAM PUF Key Generators on Resource Constrained Devices. In Proceedings of the 2019 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops), Kyoto, Japan, 11–15 March 2019; pp. 912–917. [Google Scholar]
- Taniguchi, M.; Shiozaki, M.; Kubo, H.; Fujino, T. A stable key generation from PUF responses with a Fuzzy Extractor for cryptographic authentications. In Proceedings of the 2013 IEEE 2nd Global Conference on Consumer Electronics (GCCE), Tokyo, Japan, 1–4 October 2013; pp. 525–527. [Google Scholar]
- Paral, Z.; Devadas, S. Reliable and efficient PUF-based key generation using pattern matching. In Proceedings of the 2011 IEEE International Symposium on Hardware-Oriented Security and Trust, San Diego, CA, USA, 5–6 June 2011; pp. 128–133. [Google Scholar]
- Bhargava, M.; Mai, K. An efficient reliable PUF-based cryptographic key generator in 65 nm CMOS. In Proceedings of the 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), Dresden, Germany, 24–28 March 2014. [Google Scholar]
- Usmani, M.A.; Keshavarz, S.; Matthews, E.; Shannon, L.; Tessier, R.; Holcomb, D.E. Efficient PUF-Based Key Generation in FPGAs Using Per-Device Configuration. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 2019, 27, 364–375. [Google Scholar] [CrossRef]
- Chen, B.; Ignatenko, T.; Willems, F.M.; Maes, R.; van der Sluis, E.; Selimis, G. A robust SRAM-PUF key generation scheme based on polar codes. In Proceedings of the IEEE Global Communications Conference IEEE, Singapore, 4–8 December 2017. [Google Scholar]
- Setyawan, S.A. Open-Source Software-Based SRAM-PUF for Secure Data and Key Storage Using Off-the-Shelf SRAM. Master’s Thesis, Delft University of Technology, Delft, The Netherlands, 2018. [Google Scholar]
Majority Vote | Number of Real Points | ||
---|---|---|---|
15 | 20 | 20 with Selected Cells | |
1 | 32.69% | 76.68% | 97.98% |
4 | 50.70% | 88.34% | 97.09% |
8 | 58.88% | 93.31% | 100% |
16 | 64.65% | 94.88% | 100% |
32 | 65.68% | 95.56% | 100% |
64 | 77.77% | 98.38% | 100% |
128 | 0.85553% | 98.75% | 100% |
Works | Error Correction | Applications | PUF Types | Time |
---|---|---|---|---|
PUFKY [49] | fuzzy extractor | Key generation | weak PUF | 5.62 ms on FPGA |
key generator [50] | reverse fuzzy extractor | key generation | weak PUF | ∼38.5 ms on software |
key generator [52] | pattern matching | key generation | strong PUF | - |
key generator [51] | soft-decision fuzzy extractor | key generator | weak PUF | - |
key generator [53] | built-in self-test | key generator | strong PUF | 1.15 us on ASIC |
key generator [54] | per-device configuration | key generator | weak PUF | - |
key generator [55] | polar codes | key generator | weak PUF | ∼ |
key storage [56] | fuzzy extractor | key storage | weak PUF | ∼4 s on software |
our work | fuzzy vault | key storage | weak and strong PUF | ∼1 s on software |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Yang, J.; Chen, S.; Cao, Y. A PUF-Based Key Storage Scheme Using Fuzzy Vault. Sensors 2023, 23, 3476. https://doi.org/10.3390/s23073476
Yang J, Chen S, Cao Y. A PUF-Based Key Storage Scheme Using Fuzzy Vault. Sensors. 2023; 23(7):3476. https://doi.org/10.3390/s23073476
Chicago/Turabian StyleYang, Jinrong, Shuai Chen, and Yuan Cao. 2023. "A PUF-Based Key Storage Scheme Using Fuzzy Vault" Sensors 23, no. 7: 3476. https://doi.org/10.3390/s23073476
APA StyleYang, J., Chen, S., & Cao, Y. (2023). A PUF-Based Key Storage Scheme Using Fuzzy Vault. Sensors, 23(7), 3476. https://doi.org/10.3390/s23073476