Protecting Private Communications in Cyber-Physical Systems through Physical Unclonable Functions

Abstract

Cyber-physical systems (CPS) are envisioned to change the whole of society. New engineered systems joining physical and digital solutions are being employed in industry, education, etc. These new systems are networked by default, and private information is shared among the different components related to users, critical infrastructures, or business operations. In this context, it is essential to encrypt those communication links to protect such information. However, even most complicated schemes based on hybrid (asymmetric and symmetric) solutions, finally require physical devices to store a secret key. This approach is cryptographically weak, as any person with physical access to the device could obtain that key. Therefore, in this paper we propose the use of physical unclonable functions (PUF) to generate secret keys for lightweight encryption schemes. Using PUFs, any attempt to capture the key is changing the original secret stream, and even manufacturers are not able to build two identical PUFs. The proposed key generator is based on magnetic materials and lightweight pseudorandom number generators to meet the low-cost and small size requirements of CPS. In particular, materials with an activated exchange-bias effect are employed, together with simple copper coils. The encryption process can be based on a simple XOR gate because of the robustness of the proposed key generator. In order to evaluate the performance of the proposed technology, an experimental validation based on simulation scenarios is also provided.

1. Introduction

Cyber-physical systems (CPS) [1] are defined as unions between physical and computational processes. This new approach has opened a new era in industry (Industry 4.0) [2], education, and engineering. In CPS, feedback control loops [3] are employed to make physical and cybernetic processes evolve together. Several heterogenous components are interconnected to create pervasive systems supporting these mechanisms. This new paradigm is particularly interesting to support real-time control systems, fed by an information stream (biological signals, data from sensors, etc.) [4].

However, these new systems are also vulnerable to new, innovative, and more aggressive attacks, known as ‘cyber-physical attacks’ [5]. In fact, as CPS are made of many interconnected components, attacks may affect a critical component when non-relevant (and often less secure) elements fail and the failure propagates due to a cascade effect. Besides, CPS are vulnerable not only to cybercrimes, but also to physical attacks. Thus, in these new systems, not only must attackers accessing to the system through the communication networks be considered, but also people physically accessing and manipulating any device [6].

In this context, security for CPS is a critical issue. Many different schemes and solutions, then, have been proposed. Symmetric and asymmetric encryption schemes [7] or certificateless public key infrastructures [8] are probably some of the most common proposals. Nevertheless, those solutions and any other previously reported, finally require physical devices to store a secret key.

Software components can protect secret keys through cyber-protection technologies, as they have no physical existence, only logical. However, hardware devices must include memory (ROM memory) to store permanent information such as secret keys [9]. This configuration is vulnerable to physical attacks (i.e., people physically manipulating the device), as the key could be read from the memory by unauthorized people. This risk, moreover, is especially relevant in CPS, as many deployments are isolated, unmanaged, and unattended [10]. New mechanisms to create or protect keys against any cyber or physical attacker are, then, required.

Therefore, in this paper we propose a novel solution to protect communication links in CPS. The proposed encryption scheme is based on symmetric keys generated through physical unclonable functions (PUF) [11]. PUFs are systems whose response is unclonable, even if the manufacturing method of the system is known. They take advantage of certain naturally occurring physical properties (such as imperfections in dielectric materials) to create systems which are totally unrepeatable even by the original creator. In this paper, we are defining a new PUF based on magnetic materials which can suffer a spontaneous and unclonable modification of their properties thanks to the exchange-bias effect. This effect only needs an activation process that is done immediately after manufacturing the material. Modifications will depend on the room temperature and, probably (there is no conclusive evidence) on other environmental factors. Besides the activation process, the atomic structure of the material greatly affects the final behavior of this PUF. A unique sample of an activated material should be, then, divided into two elements to create the cipher and the receiver.

The objective of this paper is to provide a mathematical and engineering framework for this novel encryption scheme and key generator system. It is described the proposed architecture and the physical foundations of the electronic device supporting the designed PUF. Moreover, using simulation techniques, the performance of the proposed solution is evaluated.

The rest of the paper is organized as follows: Section 2 describes the state of the art on PUF and security techniques for CPS; Section 3 presents the proposed encryption solution, including the key generator and its mathematical foundations; Section 4 describes the proposed performance evaluation and experimental validation; and Section 5 concludes the paper.

2. State of the Art: Physical Unclonable Functions and Encryption in CPS

Although security and CPS is one of the most interesting and popular research topics nowadays, encryption and security schemes for CPS are pretty standard. In particular, as in most application scenarios, these solutions can be classified into two groups: symmetric and asymmetric key schemes.

Cyber-physical systems, in particular, are usually solutions exchanging information packets, not information streams. Thus, symmetric key schemes in CPS are usually focused on block ciphers [12] of cyclic redundancy checks (CRC) [13] which can detect and/or correct transmission errors caused by natural or intentional causes. This solution, nevertheless, is very inefficient as the amount of information to be exchanged grows. Nowadays, very large amounts of information need to be shared.

In order to improve efficiency in these symmetric key solutions, hardware-supported schemes have been reported [14]. Different sequential circuits focused on encryption may be also found. Nevertheless, in real-time applications, even hardware-based block ciphers are not enough, and stream ciphers are required. Different proposals may be found, although most authors agree the encryption system must be as simple as possible, and the engineering cost must be put on key generation. In this sense, different techniques and pseudo-random number generators (PRNG) [15] for key creation have been described.

These symmetric solutions, however, present a very well-known problem: key distribution. Although this is a problem in any system, in CPS where sparse and resource constrained devices must communication through very unsecure links and networks it is more critical if possible. To address this problem, asymmetric key solutions have been investigated.

Different proposals to adapt cryptography based on elliptic curves to cyber-physical systems may be found [16]. In some occasions, even these mathematical procedures are mixed with nondeterministic effects such as temperature measures to improve the encryption entropy [17]. Employed algorithms are standard solutions such as ElGamal encryption [18,19], although innovative public key infrastructure has also been reported to enable, for example, the transmission of signed information (using high-level data format as JSON) [20].

As a general problem of any of the previously described solutions, all of them require from devices to store a secret key in a ROM or non-volatile memory. A very risky situation in CPS.

Other works have considered a totally new approach based on innovative characteristics of CPS. In particular, taxonomies to classify and analyze the attacks to be suffered by CPS [21] have been proposed. Based on these taxonomies, some intelligent solutions to detect and react to cyber-physical attacks in the most appropriate manner have been studied [5]. Besides, some domain-specific solutions may be also found, especially in the area of Smart Grids [22], industrial control systems [23], or feedback control loops [24].

Nevertheless, these approaches are totally reactive, and only valid to detect and react to attacks that are already running. Although these solutions are needed, schemes to prevent those attacks and keep the private information as a secret are even more important.

In this work, we combine both approaches and define a preventive security scheme (a symmetric key encryption scheme), but which does not require to store a secret key in memory. This objective is reached thanks to physical unclonable functions (PUF).

PUFs [25] formalize the idea of one-way functions, later named ‘physical random functions’, which consist of the use of systems’ random nature properties to identify them [26,27]. In particular, PUFs benefit from all these effects that are non-controllable or non-repeatable to create unique responses from systems to common excitations or challenges. Up to three different types of PUF have been reported: non-electric, electric, and intrinsic.

• Non-electronic PUFs [28] include all functions based on non-electric phenomena, although some electrical components are employed to create challenges or collect responses. These technologies are the oldest techniques in PUFs and are usually based on optical effects. Optical fibers, lasers, etc., present random and uncontrollable behaviors that may be employed to create a PUF. However, these mechanisms are expensive, complex, and require a very precise manipulation. These conditions do not fit CPS requirements, in general.
• Electronic PUFs [29] are those based on electric analog signals suffering random effects. For example, random and unclonable changes in the voltage threshold of solid-state devices such as diodes or transistors. These changes create a personal behavior for each device. The main problem of these PUFs is they may be difficult to measure.
• Intrinsic PUFs [25] are those that naturally arise when manufacturing a system, whose main function is usually different. For example, in logic circuits, time required by signals to go through different paths is slightly different and depends on the manufacturing conditions of each specific circuit (a type of PUF known as an ‘arbitrary PUF’). ‘Ring oscillator PUF’ is also another example of intrinsic PUF.

Different applications for PUFs have been described, including security applications. PUFs have been employed into two basic schemes: key generators and authentication mechanisms. The oldest PUF proposals are related to RFID systems, which include key generators based on PUFs [30]. Some hardware-supported algorithms also include PUFs to increase its entropy [31,32]; and PUF-based random number generators with high randomness levels have been also reported [33,34]. Authorization mechanisms [35] are based on challenge–response tables, which are employed to compare responses to authorization queries.

The proposed encryption mechanism in this work considers an encryption scheme with an electronic PUF embedded in a key generator, because of its low-cost character and reduced dimensions. Besides, only simple manufacturing processes are required to implement the proposed solution, which perfectly fits the characteristics of CPS.

3. Proposed Encryption Scheme

In this section, we described the proposed encryption scheme for CPS. The proposed scheme includes a simple encryption mechanism based on a XOR logic gate, and the PUF-based key generator.

3.1. Proposed Architecture and Global Overview

Figure 1 shows the proposed security solution for cyber-physical systems. In this figure, two different modules are presented: a transmitter and a receiver. In the transmitter, a certain discrete-time digital information $m\left[n\right]$ is collected to be transmitted. This information is injected in a symmetric encryption module, represented by $\epsilon [·]$ operator, together with a key stream $k\left[n\right]$. As a result, an encrypted message $e\left[n\right]$ is obtained (1).

$$\mathrm{e}\left[\mathrm{n}\right]=\epsilon \left(m\left[n\right], k\left[n\right]\right)$$

(1)

This message is then transmitted through a wireless communication module. This module may be based on any existing technology such as Bluetooth, WiFi, or ZigBee. Hereinafter, we are assuming no errors are produced during the wireless transmission or, if produced, they are corrected by the native mechanisms considered by these technologies. For this analysis, thus, we are considering this module as a transparent component. The same solution could be applied to more complex scenarios, but additional mechanisms to manage data transmission should be considered (that are not the focus of this article).

Information is, then, recovered by the receiver. As a symmetric encryption scheme is being employed, the same encryption function may be employed to decrypt the original information (2). To this function, in this case, it is injected the encrypted message $e\left[n\right]$ and the key stream generated by the receiver $k^{*}\left[n\right]$. A clear information $m^{*}\left[n\right]$ is then obtained.

$$m^{*}\left[n\right] = \epsilon \left(e\left[n\right], k^{*}\left[n\right]\right)$$

(2)

The recovered information $m^{*}\left[n\right]$ is only equivalent to the original information $m\left[n\right]$ only if encryption key $k\left[n\right]$ and decryption key $k^{*}\left[n\right]$ are equal. To guarantee both key streams have exactly the same sequence, a synchronization signal $s\left[n\right]$ is calculated and injected into the receiver’s key generator. This assumption may be hard to fulfill but different schemes have implemented this mechanism successfully [15,36]. In particular, in our work, we are employing physical unclonable functions. The key generator design based on PUF (see Section 3.3) guarantees the same sequence is generated in both the transmitter and the receiver (Section 3.3 and Section 4 will provide evidence about this requirement). The described synchronization signal ensures, besides, both sequences present the same time base (as seen below).

This synchronization signal is calculated through a correlation algorithm in the synchronization module (3). In this algorithm, a simple correlation estimator $c\left[r\right]$ between both key streams is obtained. As the key generator guarantees both key streams ($N$ bits length sequences in the transmitter and the receiver) are the same sequence, it is only necessary to analyze the delay $r$ between both keys. The delay to be corrected in the receiver’s key is the value for which $c\left[r\right]$ is maximum.

$$c\left[r\right]={\displaystyle \sum }_{n=0}^{N-1-r}k\left[n+r\right]·k^{*}\left[n\right]$$

(3)

With this synchronization correction, both stream keys are exactly the same sequence [37], and the symmetric encryption algorithm in the receiver may recover the original information.

3.2. Encryption Mechanism

Any existing or new symmetric encryption algorithm could be integrated in the proposed architecture. However, devices in CPSs tend to be resource constrained and, then, computationally low-cost algorithms are preferred. Thus, in this work we propose the use of the XOR (Exclusive OR) encryption. The XOR operation is also employed in some existing encryption solutions such as the Vernam cipher [37] or the one-time pad [38]. However, these mechanisms include some other configurations (such as the key structure or the data format) which are not valid in our proposal. Thus, we are referring the basic encryption technology supporting all these schemes: XOR operation.

This encryption scheme may be easily implemented using a logic gate, and the obtained security level is sufficiently high. Mathematical evaluations can prove this result depends on the randomness of the key stream. In fact, XOR-based encryption presents some vulnerabilities (such as the known-plaintext attack), but most of them are addressed below with the appropriate key generator and, in any case, the balance between the reached security level and the lightweight implementation in XOR encryption is adequate for CPSs [39].

Mathematically, the XOR encryption process may be represented by a simple binary operation (4). The XOR gate receives two data streams to perform the encryption. For this model, information signal $m\left[n\right]$ is composed of $N$ bit samples. In that way, $m\left[n\right]$ takes values in the range $\left\{0,\dots ,2^N-1\right\}$. Figure 2 represents the encryption scheme.

$$e\left[n\right]= m\left[n\right] \oplus k\left[n\right]$$

(4)

Then, if the employed key stream $k\left[n\right]$ is a flow of random numbers, the resulting encrypted signal $e\left[n\right]$ has a discrete probability density function equal to the probability function describing the behavior of the key stream $k\left[n\right]$. In particular, all possible values have the same probability. Hereinafter, $P(·)$ is the probability operator and $P\left(· | ·\right)$ the conditional probability operator.

$$P\left(k\left[n\right]={\xi }_i\right)=P\left(e\left[n\right]={\xi }_i\right)={\phi }_1=\frac{1}{2^N} \forall {\xi }_i$$

(5)

Then, because of the structure of the XOR truth table, a known value from the encrypted signal $e\left[n\right]$ of all possible values in the range of the information signal $m\left[n\right]$ have the same probability of having generated that encrypted sample (6).

$$P\left(m\left[n\right]={\xi }_j | e\left[n\right]={\xi }_i\right)={\phi }_2=\frac{1}{2^N} \forall {\xi }_i,{\xi }_j$$

(6)

In order to determine how secure the proposed XOR encryption is, we employ Shannon’s information theory. The mutual information between the encrypted and the original information flow $I\left(m;e\right)$ represents the residual information that remains in the encrypted signal about the original one (7). Considering expressions (5) and (6), it is easy to obtain this amount is zero; i.e., the encrypted signal does not provide any information about the original signal $m\left[n\right]$.

$$I\left(m;e\right)= {\displaystyle \sum }_{i=0}^{2^N-1}{\displaystyle \sum }_{j=0}^{2^N-1}P\left(m={\xi }_j , e={\xi }_i\right)·log\left(\frac{P\left(m={\xi }_j | e={\xi }_i\right)}{P\left(e={\xi }_i\right)}\right)=0$$

(7)

This mathematical demonstration is only valid for continuous random key streams. However, random numerical flows are impossible to generate in practice. Then, only pseudorandom number sequences are possible to obtain. Experiments show that a pseudorandom sequence may replace a random flow with some considerations:

• REQ#1: The pseudorandom sequence (which is periodical) must present a long period; enough to encrypt each information message using only one key period
• REQ#2: The same sequence cannot be employed to encrypt an undefined number of messages. The pseudorandom sequences must be changed each certain operation time.
• REQ#3: The algorithm generating the number sequence must be secret.

If these conditions are not fulfilled, then, simple cryptanalysis may break the encryption.

The proposed key generator in the next subsection employs a lightweight PRNG connected to a PUF in order to create pseudorandom sequences with a very large period, including also a dynamic mechanism to dynamically modify this sequence in a secret manner.

This encryption scheme also enables us to easily calculate the synchronization signal through the proposed correlation algorithm. As key streams have a random behavior, their correlation with any other signal tends to be negligible (8). To prove that, we are obtaining a correlation estimator $c^{*}\left[r\right]$ between the receiver key stream $k^{*}\left[n\right]$ and the encrypted signal $e\left[n\right]$.

$$\begin{gathered} c^{*}\left[r\right]={\displaystyle \sum }_{n=0}^{N-1-r}e\left[n+r\right]·k^{*}\left[n\right]={\displaystyle \sum }_{n=0}^{N-1-r}\left(m\left[n+r\right] \oplus k\left[n+r\right]\right)·k^{*}\left[n\right]= \\ ={\displaystyle \sum }_{n=0}^{N-1-r}\left(m\left[n+r\right]·k^{*}\left[n\right]\right)\oplus \left(k\left[n+r\right]·k^{*}\left[n\right]\right)\approx {\displaystyle \sum }_{n=0}^{N-1-r}k\left[n+r\right]·k^{*}\left[n\right]=c\left[r\right] \end{gathered}$$

(8)

3.3. Key Generator

As said before, in order to guarantee a total protection level, the proposed key generator must generate a random key stream. Figure 3 shows the proposed design to reach that objective. In order to create a number sequence meeting the three basic requirements described in Section 3.2, in this key generator a simple lightweight pseudorandom number generator (PRNG) is considered to ensure a behavior as random as possible at low computational cost.

In particular, we propose the use of the Trifork PRNG [15,40]. This PRNG is based on three perturbed lagged Fibonacci generators (PLFGs), interconnected in such a manner that only using shift registers and OR logic gates make it possible to create a number sequence with a very long period (very random) and totally protected against cyberattacks (as proved by the NIST tests [40]). Then REQ#1 is met.

In order to create the key stream, Trifork must be configured with a secret seed $SEED\left[n\right]$. This seed includes three N-bit length values (9), $x_0\left[n\right], y_0\left[n\right],$ and $z_0\left[n\right]$. This collection is employed by a seeding module to create the initial sequence (not included in the secret key stream) to trigger the key generation process.

$$SEED\left[n\right]= \left\{x_0\left[n\right], y_0\left[n\right], z_0\left[n\right]\right\}$$

(9)

This secret seed $SEED\left[n\right]$ also changes with time, in order to guarantee the same secret key stream is not used indefinitely. However, as the period of the sequences generated by Trifork is very long, the secret seed may change quite slowly.

This secret seed is usually stored in a ROM memory, calculated through a certain algorithm or received from remote servers, but all these options have been proven to be unsecure. Thus, in this work this secret seed is calculated using PUF. Figure 4 shows the proposed PUF for seed generation.

As can be seen, the proposed PUF is based on the parallel connection of $N_d$ exchange-bias magnetic elemental devices; and one additional non-EB magnetic device. All these elemental devices are challenged using the same analog excitation. In order to get all magnetic materials (devices) to respond to the excitation (challenge) with an unclonable signal changing with time, we propose the material is activated to suffer the exchange-bias effect (EB).

3.3.1. Exchange-Bias Effect: Overview

Discovered by Meiklejohn and Bean [41] in 1956, they describe the EB as a process that occurs as a result of the interaction between two layers of magnetic material composing the magnetic device: a ferromagnetic (FM) and an antiferromagnetic (AFM) layer. The first (and simplest) consequence of this phenomenon is a displacement of the hysteresis cycle showed by magnetic materials affected by a magnetic field (because of the influence of the atomic spins of the FM on the AFM ions in the contact zone of the two materials, or interface). In a physical sense, an EB device is seen as a united set of magnetic domains that do not interact with each other but have an interface with a ferromagnetic layer, so that each one of the domains in the AFM has a magnetic moment [42].

However, in a more practical context, this effect causes the material magnetization to evolve and change when the material is left at room temperature after activation. It is then when the dependence of the (exchange-bias) magnetic field with $ln\left(t\right)$ (logarithm of time instant) becomes noticeable, as stated by O’Grady et al. [43] and Paetzold and Röll [44]. The importance of these results lies in the demonstration that a magnetic device composed of a FM and AFM bilayer behaves depending on the logarithm of time instant and without the intervention of any other variable.

In order to cause a magnetic bilayer to behave in that way, the material must be activated according to a specific process. The manufacturing methods of exchange-bias materials are not a subject of study in this work, but it is important to mention that the activation requires a distribution of the AF material in grains suitable to achieve this activation and thermal stability [43]. This manufacturing process, which will be called ‘activation’, consists of converting the behavior of the AFM from antiferromagnetic to paramagnetic in such a way that the spins are oriented in a random manner. This is achieved by heating the material in a temperature range that is between the Néel temperature, $T_N$ (above which an antiferromagnetic material becomes paramagnetic), and the Curie temperature, $T_C$ (above which certain magnetic materials undergo a sharp change in their magnetic properties). This heating is done in the presence of a magnetic field $H_{ext}$ high enough to saturate the ferromagnetic layer, as shown in Figure 5. Once the antiferromagnetic spins are aligned in a random manner, the sample is cooled below the Néel temperature, in what is called the alignment temperature, $T_{AL}$. If the presence of the saturation field is maintained, not only the spins of the ferromagnetic will be aligned but also those of the interface of the AFM, due to the influence of the spins of the interface of the FM, as seen in Figure 5.

Then, as a conclusion, an EB magnetic device presents a behavior that varies with time. This phenomenon enables us to create seeds also varying with time, so the entire secret key stream will dynamically and automatically change with time, as required (see Section 3.2). This dynamic evolution, besides, does not require any key distribution or communication; benefits from a natural phenomenon. Thus, the proposed scheme is more secure than any other previous proposal. REQ#2 is, therefore, fulfilled.

Although the evolution speed may be quite slow, a Trifork generator can produce very long-period number sequences, fulfilling REQ#1.

Any case, if any manufacturer or attacker could create an EB material behaving in the same manner as those materials employed in our PUF, no security will be provided by this mechanism (REQ#3 will not be met). Nevertheless, the next section describes how unclonable the behavior of these EB materials is; and how impossible it is in practice to either manufacture two identical or similar EB devices or to manipulate an existing EB-based PUF to be employed by cybercriminals.

3.3.2. Unclonable Behavior in EB devices

Only one last requirement (REQ#3) must be fulfilled. It must be guaranteed that the proposed PUF is secret; i.e., the PUF is unclonable and nobody could extract a magnetic device from a hardware node and employ it with unethical objectives.

Figure 6a shows a graphic schematic of an EB device. To create an elemental EB -PUF, two copper coils are associated to the EB material (bilayer). The first coil is a magnetic field generator, wound directly on top of the material. The second copper winding or sensing coil is also on top, to collect the response from the EB material. With this configuration, the proposed device presents a very reduced size.

To perform an electromagnetic analysis, this compact configuration may be expanded (see Figure 6b). In fact, at a short distance, the generator or field source, the magnetic material, and the signal receiving coil operate as if all them are put together.

In order to challenge (excite) the EB material, the field-generator coil produces a magnetic field $\overline{H}$ with two components: a great continuous component ${\overline{H}}_o$ and a variable field with time (10). The great continuous component is required by EB devices to operate, and the variable field is the challenge to the PUF.

$$\overline{H}={\overline{H}}_o+{\displaystyle \sum }_k\overline{h} e^{j{\omega }_{k}t}$$

(10)

Generating controlled magnetic fields is quite complicated, especially in resource constrained nodes, but using an electrical (current) signal $\mathrm{I}$ (11) and the field-generator coil, the required magnetic field (10) may be produced.

$$I=I_o+{\displaystyle \sum }_{k}i e^{j{\omega }_{k}t}$$

(11)

The field that is generated in the coil will have a frequential composition that will be equal, as is evident, to the frequential composition of the signal in the excitation current. Thus, the material is subjected to a variable magnetic field and a variable magnetic flux will pass through it. This flow will induce an electromotive force in the sensing coil that will be measured and acquired to create the PUF response, as seen later.

This excitation will generate a magnetization (12) in the material, $\overline{\mathrm{M}}$, where ${\overline{M}}_o$ is the saturation magnetization at room temperature and $\overline{m}$ is the corresponding RF component. Hereinafter, in order to mathematically demonstrate the unclonable behavior of these EB devices, we are considering the superposition theorem to study each one of the frequential components ${\mathsf{\omega }}_{\mathrm{k}}$ in the magnetization and magnetic fields separately (13).

$$\overline{M}={\overline{M}}_o+{\displaystyle \sum }_k\overline{m} e^{j{\omega }_{k}t}$$

(12)

$$\overline{M}={\overline{M}}_o+\overline{m} e^{j\omega t}$$

(13)

The relation between the magnetic field and the magnetization may take different forms (14). However, in EB devices (see Section 3.3.1), the magnetic material (analyzed on a macroscopic scale) is divided around domains with a magnetization $\overline{M}$ when an external continuous magnetic field ${\overline{H}}_o$ is applied in such a way that it can be said that each domain precesses inside the material around the axis of application of the magnetic field. Using the equation describing this movement, a new relation between the magnetic field and magnetization is deducted (15).

$$\overline{M}=\left(\frac{\mu }{{\mu }_0}-1\right)\overline{H}$$

(14)

$$\frac{d\overline{M}}{dt}=-\gamma {\mu }_o\overline{M}\times {\overline{H}}_o$$

(15)

Where $\mu$ is the magnetic permeability in the material (considered isotropic), ${\mu }_0$ is the magnetic permeability of free space, and $\gamma$ is a gyromagnetic ratio. This ratio describes the relation between the spin magnetic moment in the material, ${\overline{\mu }}_B$, which is the moment that an electron spinning has on itself; and the kinetic moment that the electron has in the opposite direction, that will be named $\overline{p}$ (16).

$$\gamma =-\frac{{\overline{\mu }}_B}{\overline{p}}$$

(16)

In all of these expressions, the permeability and gyromagnetic parameters depend on the electronic configuration of the constituent atoms of the magnetic material, as well as on the interaction that exists between them. Both parameters are then, in practice, unclonable and are the basis for the proposed PUF.

In order to create a PUF, the EB devices must respond to the applied challenge or excitation. In magnetic material, this response is the magnetic induction (17); where $\stackrel{=}{\mu }$ is a tensor describing the magnetic permeability in the EB device (which is an anisotropic device, composed by two layers).

$$\overline{B}=\stackrel{=}{\mu }\overline{H}$$

(17)

In order to determine how variable the behavior of an EB device is, the value of this tensor must be studied. In particular, considering a second definition of the magnetic induction depending on the magnetic field and the magnetization vector (18), it can be deducted this tensor is the Polder tensor (19) and (20).

$$\overline{B}={\mu }_0\left(\overline{H}+\overline{M}\right)$$

(18)

$$\stackrel{=}{\mu }={\mu }_o\left[\begin{array}{ccc}{\mu }_p& -jK& 0\\ jK& {\mu }_p& 0\\ 0& 0& 1\end{array}\right]$$

(19)

$${\mu }_p=1+\frac{{\omega }_o{\omega }_M}{{\omega }_o^2-{\omega }^2} K=-\frac{\omega -{\omega }_M}{{\omega }_o^2-{\omega }^2}$$

(20)

The Polder tensor describes, in general, the magnetic permeability of ferrites, but in this case, it may be also employed for EB devices. Two relevant parameters are identified (21): the Larmor frequency ${\omega }_o$ and a new parameter ${\omega }_M$ dependent on the atomic structure of the material (i.e., the magnetization vector).

$$\begin{gathered} \gamma {\mu }_o{H}_o={\omega }_o \\ \gamma {\mu }_{o}M={\omega }_M \end{gathered}$$

(21)

Although the Lamor frequency may be controlled through the excitation current generating the excitation magnetic field ${\overline{\mathrm{H}}}_{\mathrm{o}}$; the ‘natural frequency’ ${\omega }_M$ (in fact, a resonance frequency, see Section 3.3.3) is uncontrollable and unclonable [45]. Besides, because of the EB effect (see Section 3.3.1) the magnetization vector induced in the device varies with time (depending on the logarithm of the time instant). Then, ${\mathsf{\omega }}_{\mathrm{M}}$ will also evolve with time in an autonomous, independent, and uncontrollable manner.

Nowadays, however, there are no instruments or procedures to predict, manipulate, or clone the behavior of this ‘natural frequency’ ${\omega }_M$ or the EB devices (as it depends on atomic structures) [45]. In fact, in order to create two identical EB devices, a unique magnetic material must be firstly activated and, later, divided into two samples. Besides, any attempt to extract or manipulate the PUF from its casing and operation conditions will modify the magnetization vector and, in consequence, the system behavior, the generated seed and, finally, the secret key stream.

However, before ensuring REQ#3 is fulfilled, it must be evaluated how variations in ${\mathsf{\omega }}_{\mathrm{M}}$ affect the PUF responses. Figure 7 shows the evolution in ${\mathsf{\mu }}_{\mathrm{p}}$ and $K$ depending on the excitation frequency for different possible values of ${\mathsf{\omega }}_{\mathrm{M}}$.

As can be seen, the response of ${\mathsf{\mu }}_{\mathrm{p}}$ and $K$ is similar for all material around the Larmor frequency ${\omega }_o$, regardless of the value of ${\omega }_M$. Besides, the same situation occurs for very high or very low frequencies. Then, we will configure the device to work around high frequencies relatively far from the Larmor pulsation. This means that none of the previous terms tend to infinity and, in addition, the term ${\omega }_M$ influences the frequency behavior of the material (see Figure 7).

Finally, it is necessary to acquire or sense the magnetic induction to generate an analog electrical signal. As variable components are always considered in the fields, it is easy to generate that electrical (voltage) signal through an induced electromotive force in a second copper coil (22).

$$\epsilon ={{\displaystyle \oint }}_{C}E·dl={{\displaystyle \int }}_{S}NB·\widehat{n}dA={{\displaystyle \int }}_{S}N{B}_{n}dA=-\frac{d{\varphi }_m}{dt}$$

(22)

With the previous expressions and discussions, it is demonstrated that there is a direct relationship between the magnetization of the material and its behavior as a transmission line for radio frequency signals. Then, as (nowadays) magnetization in EB devices is uncontrollable and unclonable (no work has reported a method to control the natural frequency ${\omega }_M$) [45], the response of these devices as a transmission line to the applied excitation (challenge) will also be unclonable. REQ#3 is then met.

Then, to create a cipher and decipher pair, an EB material must be generated, divided into two identical samples; and using these samples, two EB devices are constructed. The same process must be repeated to build all required EB devices for both the cipher and the decipher.

3.3.3. Global Behavior and Seed Obtention

Previous equations establish a clear relationship between the components of the permeability tensor and the resonance frequencies of EB devices. In fact, a simple analysis shows that the EB device’s resonance frequency (that for which all reactive or imaginary components in $\stackrel{=}{\mathsf{\mu }}$ are vanish) is the ‘natural frequency’, ${\omega }_M$.

As in any other resonant system, at this resonance frequency, an EB device stores (or consumes) all received energy, so no signal or magnetic induction is transmitted. Then, each one of the EB devices will have the resonance at $f_M=\frac{{\mathsf{\omega }}_{\mathrm{M}}}{2\pi }$ (the particular value will depend of the atomic structure of the material) and will filter any signal within this bandwidth, known as notch band (see Figure 8).

On the other hand, this resonance frequency will vary with time (as already said), with a speed $v_M$. Experimental studies [45], besides, prove this frequency evolves in downward direction (see Figure 8).

Then, the global PUF proposed in Figure 4 will present a global frequential response calculated as the superposition of $N_d$ notch filters, one for each EB device (see Figure 9). Mathematically, then, when applying a challenge $ch\left(t\right)$, a response $rp\left(t\right)$ is obtained whose frequential structure is variable and unclonable (23), as the natural frequency ${\omega }_M$ cannot be controlled [45].

$$\begin{gathered} ch\left(t\right)={\displaystyle \sum }_{\mathrm{k}}{C}_k{ \mathrm{e}}^{{\mathrm{j}\mathsf{\omega }}_{\mathrm{k}}\mathrm{t}} \\ rp\left(t\right)=PUF\left\{ch\left(t\right)\right\}={\displaystyle \sum }_{s=1}^{N_d}{\displaystyle \sum }_{\mathrm{k}}{A}_s\left(t\right)C_k{ \mathrm{e}}^{{\mathrm{j}\mathsf{\omega }}_{\mathrm{k}}\mathrm{t}} \end{gathered}$$

(23)

However, to maintain EB devices in the operation conditions, challenges must be mixed with great continuous signals, to create the required continuous magnetic fields. Then, the obtained response will also be mixed with the great signal which must be removed to extract the real PUF response. To perform this operation, in the proposed PUF (see Figure 4) a non-EB device and a lock-in are included.

The non-EB device has the two windings described above and the core is composed of either a bilayer material where the exchange-bias has not been activated and has the initial permeability value) or is an air core (vacuum). The objective of using this core is to isolate the effect on the phase shift of the signal due to the effect of the couplings that may exist in the windings and which, being identical to those that are mounted in the devices with the activated bilayer core, introduce a similar phase shift. In this way, the two signals that enter the lock-in are differentiated only due to the effect generated by the exchange-bias phenomenon.

The lock-in amplifier is often a device that returns a DC signal proportional to the phase shift between two signals and to the amplitude of both signals. Therefore, if the same signal flows through two different paths, the differences in the circuitry of these paths will be what cause the changes in the signal and the difference that the lock-in will measure.

At this point, then, an unclonable and dynamic PUF response to the applied challenge is obtained.

The output signal of the lock-in goes through a post-processing system that measures it and converts it into a valid seed. The output seed of that unit will be the result of a mathematical operation that relates the amplitude of the received signal and its frequency; and therefore, will depend as much on the state of the cores of material bilayer with the effect of exchange-bias developing over time, as the set of signal frequencies that will be introduced into the material (challenge).

Complex algorithms to control the challenge to be applied or the seed calculation could be employed in order to increase the global entropy of the key generator. However, for this initial work presenting the solution, we are considering as challenge a simple composition of $N_c$ harmonics; and the seed calculation was based on a sampling scheme (a sigma-delta modulator) to extract from the analog signal three digital words with the appropriate length. Besides, in order to remove transitory responses and other exogenous effects affecting the seed calculation, the post-processing module was configured to only respond to long-term changes in PUF response. Moving average filters are implemented to perform this function. This technological feature might limit the randomness of the generated keys, but the use of PRNG prevents this problem.

4. Performance Evaluation and Results

In relation to the proposed solution, an evaluation focused on security analyses has no sense, as the final obtained security level is directly dependent on the Trifork PRNG, a technology that has already been validated [40]. On the other hand, a qualitative risk analysis is not relevant at this point, as previous discussions have already proved that most relevant security risks have been addressed. Therefore, for this work, we are proposing an experimental validation based on a performance evaluation and key performance indicators (KPI).

4.1. Experiment Description

Five different experiments were carried out in order to evaluate five basic indicators: (1) randomness level; (2) the bit error rate depending on the accumulated operation time; (3) the distance between key streams generated by a similar PUF; (4) the malfunction probability depending on the number of EB devices in the PUF; and (5) the resource consumption caused by the proposed encryption scheme.

The first four parameters are going to be evaluated with experiments based on simulation scenarios and tools. The last and fifth KPI is evaluated using a real implementation.

Simulation scenarios were built using the MATLAB and SimuLink software tools, which also include mechanisms for electromagnetic and engineering simulations. It is a proprietary suite that employs a specific programming language based on C syntaxis. However, libraries based on other technologies such as C or Java may be employed. This suite was deployed in a Linux (Ubuntu 16.04) machine with 8GB of RAM memory and an Intel i7 processor.

The simulation scenario consisted of two nodes creating a bidirectional communication link between them (see Figure 1). Models for magnetic materials, radio channels, magnetization vectors, etc., were taken from standard existing libraries. The simulation model for the EB devices was configured and characterized through numerical functions fitted to follow and behave as the measures obtained by Migliorini and other authors [45] indicate. Apart from the magnetic components, each node was constructed with a relatively small amount of hardware: a general-purpose embedded processor with analog-digital converters, 5 kilobits of SRAM and 32 kilobytes of DRAM.

In order to pack and assign the described resources to the nodes, virtual containers were employed. In particular, Kernel-based Virtual Machine (KVM) technologies were employed with the libVirt Application Programming Interface (API). In that way, a simple C++ program may be employed to control virtual instances and they may be managed from the MATLAB suite.

With the objective of connecting the virtual instances and the MATLAB suite where the simulation scenario runs, the bridges provided by the MATLAB and Simulink libraries are deployed and executed. These bridges forward the input traffic in the simulated nodes to the external virtual machine, so real algorithms, solutions, and protocols may be easily tested.

In the first four experiments, simulation tools are adequate to provide relevant results as the limitations due to hardware issues are not evaluated (we are considering nodes can easily implement the proposed cipher). In the last experiment, hardware limitations were considered and real devices were employed.

For the first experiment, the NIST SP 800-22 test suite [46] was considered. This suite includes 15 tests that are usually employed to evaluate the randomness of key generators, PUFs, and other similar proposals. These tests consider two parameters (usually known as $\alpha$ and $p$) to determine if the evaluated number sequence is random. Basically, the tests evaluate if a sequence is random with a confidence equal to $\left(1-\alpha \right)$. Tests obtain the p-value and they are successful (the sequence is random) if it is greater than $\alpha$. In our experiment we are considering $\alpha =0.01$. The simulation scenario consisted of the proposed key generator where 64 different EB devices where integrated.

For the second experiment, a collection of different simulations was carried out. For each different simulation, the number of EB devices in the proposed PUF was increased. A bidirectional secure communication link is stablished between both the transmitter and the receiver for each configuration. As a supporting wireless communication module, we have selected a Bluetooth 4.0 technology solution (available in the NS3 libraries). Communication links were configured to be 10Mbps links (Bluetooth 4.0 enables up to 32 Mbps connections). Using these links, 100 information packets per second were transmitted. Each packet was configured to have 100 information bits. Time was divided into 5-h slots. In this time period, $N_{packets}=1.8\times {10}^6$ packets (or $N_{bits}=1.8\times {10}^9$ information bits) are transmitted. Then, the resulting amounts are enough to evaluate the bit error rate (BER). Thus, the BER in the stablished communication link was evaluated and measured for each different slot.

The third experiment was performed using a simulation scenario similar to the previous one. Nevertheless, in this case, for each PUF configuration, cipher and decipher were built using ‘cloned’ PUF. The similarity level between PUF and the resulting key streams are measured and evaluated.

For these three initial experiments, simulations considering PRNG were configured as follows: $N=16$ to represent a common current situation; and the applied excitation (challenge) to the PUF consisted of a composition of 100 harmonics whose frequencies were calculated using an automatic algorithm (24).

$$f_k=1000·\frac{2k}{3}$$

(24)

Later, in the fourth experiment, some modifications in the scenario were applied. The cipher and decipher were reconsidered to implement two identical PUF (two samples from a unique EB activated material). The probability of the cipher and decipher not being able to operate correctly due to malfunctions in the PUF is then evaluated. Different configurations and numbers of EB devices in the PUF were considered. With this experiment, the probability of a magnetic material so anisotropic that two samples from the same material do not behave in the same manner is analyzed. The same configuration parameters were employed in this fourth experiment for the cipher and the decipher.

Simulations for these fourth initial experiments were repeated 12 times for each case. Each simulation was configured to represent 360 h of operation.

The fifth and last experiment was completely different from all already described. With the objective of evaluating the effect of hardware limitations, especially in the context of CPS where resource constrained devices are usually employed, in the proposed architecture; a real implementation of the proposed solution was executed. We evaluated the consumption in terms of RAM memory, program space, and computational time. The experiment was repeated for different values of $N$ (the bit-length of number in the PRNG).

As a hardware platform, we employed an Arduino Nano board. It includes an AVR microcontroller, the ATmega328 microcontroller. It also has 32 KB of flash memory, 2 KB of SRAM memory, and 1 KB of EEPROM (which is rarely employed).

The implemented PUF for this experiment was manufactured as indicated by Migliorini [45]. Four different EB devices were employed in the designed PUF.

4.2. Results

In this section, results of the described experiments in the previous section are presented and discussed.

In order to remove from the simulation results (as much as possible) fluctuations in the simulation execution process caused by exogenous variables (e.g., delays operations performed by the operating systems), the average of all obtained results from the 12 performed simulation repetitions are employed to calculate the final results.

Table 1. NIST test results. First experiment.

Test	p-Value	Result
Runs	0.973	Successful
Frequency Monobit	0.974	Successful
Overlapping Template Matching	0.319	Successful
Frequency Test within a Block	0.654	Successful
Longest Run of Ones in a Block	0.807	Successful
Universal	0.388	Successful
Linear Complexity	0.309	Successful
Binary Matrix Rank	0.419	Successful
Serial	0.999	Successful
Discrete Fourier Transform	0.215	Successful
Random Excursions Test *	0.461	Successful
Random Excursions Variant Test *	0.399	Successful
Approximate Entropy	0.921	Successful
Non-Overlapping Template Matching	0.979	Successful
Cumulative Sums	0.955	Successful

* Several different values for p-value where obtained. Result is the mean value.

shows the result from the first experiment.

As can be seen, all tests were successful guaranteeing the randomness of the proposal. Besides, obtained p-values are very high (in several tests around the unit), so the randomness level of the evaluated key generator output is also very high.

Figure 10 shows the results from the second experiment. The Bit Error Rate (BER) is evaluated according to the standard expression (25), being $N_{error}$ the number of bit errors in each time period.

$$\mathrm{BER} (\%)=\frac{N_{error}}{N_{bits}}$$

(25)

As can be seen, the bit error rate (BER) is always below 0.01%. BER evolution follows a sigmoid curve, where there is an initial period (around 150 h) when BER is stable. Later, BER starts going down until it reaches the value $5\times {10}^{-6}\%$ (approximately) and gets stable another time. This behavior is coherent with the PUF behavior. In fact, as the proposed PUF is not generating directly the key stream, but a seed for a PNRG (which only changes when long-term changes in the PUF response are detected), and as PUF evolves and changes quite slowly, BER may present very low values.

At first, PUF starts generating signals which may still present some very small fluctuations caused by the transitory period in the magnetic field and induction and PUF response. As time passes, and EB effect starts making the resonance frequency evolve, the small fluctuations tend to disappear and BER goes down. However, there is a minimum value for BER due to numerical processing, etc. This also explains why obtained values are very low, as only errors caused by the encryption mechanism are considered. Besides, only a few bits in packets are corrupted, when fluctuations in the magnetic fields caused very fast and transitory drifts in the PUF behavior. No structural errors are detected.

On the other hand, it can be also seen, as the number of EB devices in the PUF is increased, the initial BER is also higher. In fact, as more different magnetic materials are considered, the power and energy associated to fluctuations in magnetic materials are also higher. Consequently, more errors are induced. In any case, the obtained BER values are similar to those associated to traditional encryption and communication systems [47].

It is important to note that, contrary to other works where real implementations are employed to evaluate BER [34], in this case we are using a simulation scenario where only some effects are considered (in particular, only effects related to EB phenomenon are analyzed). For example, fluctuations in the electrical challenges are not considered. Thus, results with real devices might strongly change (BER may go up several magnitude orders) and advanced techniques, such as error correction modules, could be necessary.

Figure 11 shows the results of the third experiment. Distances between key streams are calculated using a statistical expression. In particular, this distance is defined as the mutual information between both key streams (a similar understating to which employed in context-tree weighting method [48]). Mutual information is null when both streams are statistically independent and equal to $N$ (the number of bits per sample, see Section 3), when they are statistically equivalent. To normalize the mutual information, ranging between zero and $N$, and turn this function into a distance function a simple algebraic expression is employed (26). This definition guarantees two streams that are 100% different are statistically independent, contrary to traditional (Euclidean) distance definitions.

$$d\left(k;k^{*}\right)= \frac{N-I\left(k;k^{*}\right) }{N}$$

(26)

Distance between the manufacturing conditions of two PUF is evaluated using a Euclidean distance and the notion of mean square error. Being $C_1$ and $C_2$ vectors describing the manufacturing conditions ($M$ variables), the distance between the two corresponding PUF may be directly obtained (27).

$$d\left(C_1;C_2\right)=\frac{1}{M}\sqrt{{\displaystyle \sum }_{i=1}^M{\left(C_1\left(i\right)-C_2\left(i\right)\right)}^2}$$

(27)

As can be seen, even two PUFs manufactured as ‘clones’ generate key streams that are 50% different. In other words, and considering the distance between key streams is evaluated using the mutual information, only half of bits per sample in the key streams are statistically independent. For configurations including more than two EB devices, even PUFs manufactured with only 10% difference generate statistically independent key streams (distance 100%). Configurations including only one or two EB devices also generate independent key streams and secure encryptions (as only identical key streams may grant access to the private information).

However, similar PUFs generate dependent key streams if fewer EB devices are included. Even if as more different PUFs are manufactured the distance between key streams also increases, one-device configurations only produce totally independent key streams for totally different PUFs; while two-device configuration required materials with at least 50% differences.

Any case, this experiment validates the unclonable behavior of the proposed PUF and encryption solution.

Figure 12 shows the results of the fourth experiment.

As Figure 12 shows, the malfunction probability is also higher as more EB devices are employed to build the PUF. In fact, as more identical EB devices must be manufactured, the malfunction probability grows up. In any case, above $N_d=16$, configurations present a stable malfunction probability around 0.01%. Between $N_d=1$ and $N_d=16$, the malfunction probability goes up exponentially, being ${10}^{-6}\%$ the minimum probability (for a one EB device configuration).

With the four previously described experiments, the performance of the PUF is evaluated. However, one final experiment is required to evaluate indicators related to hardware nodes and limitations.

Table 2. Resource consumption. Results from the fifth experiment.

N	Use of RAM	Use of Program Space	Processing Time to Generate the First Key Sample
4	12%	65%	120 μs
8	14%	67%	3.9 ms
10	14%	67%	5 ms
12	14%	67%	5 ms
16	14%	67%	5 ms

shows the obtained results from the fifth experiment.

As can be seen, results are almost independent from the sample length ($N$). In general, the proposed solution consumes around 70% of available program space in resource constrained nodes. Although this amount may seem too high, the remaining 30% is enough to implement sensing algorithms and other similar small software solutions.

On the other hand, the consumed processing time is quite low, so sampling algorithms can be easily implemented. Considering the required time to encrypt one sample, the fastest signal our nodes could sample is 200 KHz. Traditionally, an Arduino board may consider an analog signal with a maximum bandwidth up to 4.5 MHz. When using our cipher, this quantity is reduced to 200 KHz, but this speed is still enough for most applications.

Once the proposed solution is proven to be adequate for implementation in resource constrained nodes, we can compare resource consumption in our proposal to previously reported solutions.

Table 3. Resource consumption. Comparison to previous works.

Proposal	Memory Usage (ROM and RAM)	Processing Time
PUFKY [34]	3KB	5.62 ms
ROPUF [49]	2KB	4.6 ms
EB PUF (our proposal)	22KB	5 ms

shows that comparison.

As can be seen, required processing time is similar in all proposals (around 5 ms). However, hardware-supported algorithms present a much lower memory consumption, as they are totally optimized to perform a specific calculation, while implementations based on general purpose microcontrollers need more memory resources. In particular, bootloader, auxiliary variables, sampling routine, etc. mean our proposal consumes 22 KB in memory.

Any case, the proposed solution in this paper may be also implemented using simple logic gates and hardware technologies, so the memory consumption could be also reduced.

5. Conclusions

Cyber-physical systems (CPS) are networked by default, and private information is shared among the different components related to users, critical infrastructure, or business operations. In this context, it is essential to encrypt those communication links to protect such information. However, most solutions require physical devices to store a secret key, which is a very unsecure approach.

Therefore, in this paper, an encryption scheme based on keys generated through physical unclonable functions (PUFs). Using PUFs, any attempt to access to the key will immediately and irreversibly change the key, and given one PUF, even the manufacturer cannot clone it into an identical one. The proposed key generator is based on magnetic materials to meet the low-cost and small size requirements of CPS. In particular, materials with an activated exchange-bias effect are employed, together with simple copper coils. The encryption process can be based on a simple XOR gate because of the robustness of the proposed key generator.

Results prove the unclonable behavior of the proposed PUF and the security level of the described encryption scheme. On the other hand, the described solution also meets the requirements of resource constrained nodes in a CPS.