Reliable and Efficient PUFBased Key Generation Using
Pattern Matching
Srini Devadas and Zdenek Paral (MIT), HOST 2011
Thomas Chen, Anup Jadhav
UNIVERSITY OF MICHIGAN
1
Outline
 Motivation & Security Challenges
 Problem & Previous Approaches
 Physical Unclonable Functions (PUF)
 PUF-based Key Generation Using Pattern Matching
 Results
 Conclusion
 References
UNIVERSITY OF MICHIGAN
2
Motivation


Secure computing
 Devices are becoming:
 Distributed
 Unsupervised
 Physically exposed
Prone to physical tampering
 Need protection at the hardware level
UNIVERSITY OF MICHIGAN
3
Problem & Previous Approaches


Making a device tamper proof is difficult and expensive
 IBM 4758 cryptographic coprocessor ($3000)
 Battery powered sensors
 Anti-tamper package
Attackers can
 Extract keys from NVM while processor is off
 Depackage,etch, and polish down to poly to read off fuse bits
ROM
UNIVERSITY OF MICHIGAN
Fuses
Flash
Anti-fuses
4
Physical Unclonable Function (PUF)



Silicon “fingerprint”
 Unique per instance
 Reproducible/repeatable
Challenge
Variability
Sensitive Circuit
Usefulness
 Random key generation
 Low-cost key “storage”
 Tamper resistant
Extract keys from complex physical system
C
R1
UNIVERSITY OF MICHIGAN
Response
!=
R2
!=
R3
5
PUF-based Key Generation


Use PUF to generate fixed size of secret bits
 Can use as symmetric key bits or seed for asymmetric key
But…
 Some bits may be “noisy”- need error correction
 Need to use helper data/syndrome to correct
Response
PUF
Key
Key Generator
Path-swapping switch
Arbiter
…
D Q
C
C0
UNIVERSITY OF MICHIGAN
C1
C2
Cn
6
Reproducibility



Intra-distance metric (use fractional Hamming distance)
 Ideally HDintra=0
Mean intra-distance varies with voltage, temperature
 Can reduce unstable bits by:
 pre/post selection, temporal majority voting, compensation, etc.
Typically >5%, <20% over region of operation (before corr.)
PUF A
2 bits -> 6.25%
Stored PUF A response
1
0
1
1
0
1
1
0
1
0
1
1
0
1
1
0
1
0
1
1
0
1
1
0
0
0
1
0
1
0
0
0
0
0
1
0
1
0
0
0
0
0
1
0
1
0
1
0
1
1
1
1
0
0
1
0
1
1
1
1
0
0
1
0
1
0
1
1
0
0
1
0
1
0
1
1
1
0
0
0
1
0
1
1
1
0
0
0
1
0
1
1
1
0
0
0
UNIVERSITY OF MICHIGAN
7
Uniqueness



Inter-distance metric
Use fractional Hamming distance
Ideally, HDinter of 50% -> no correlation between chips
15 bits ->
46.875%
PUF A
PUF B
1
0
1
1
0
1
1
0
1
0
1
1
0
1
1
0
1
1
1
0
1
1
0
0
0
0
1
0
1
0
0
0
0
0
1
0
1
0
0
0
0
1
1
0
1
0
1
1
1
1
1
1
0
0
1
0
1
1
1
1
0
0
1
0
1
1
0
0
0
1
1
1
1
0
1
1
1
0
0
0
1
0
1
1
1
0
0
0
0
1
1
0
1
0
1
0
UNIVERSITY OF MICHIGAN
8
Error Correction & Entropy



Key must be 100% reproducible (HDintra=0)
 Often use BCH codes
Increase reproducibility
 But helper data leaks information, reduces unpredictability
Need bigger response then compress
 Extracted key length <= Total accumulated entropy
1
0
1
1
0
1
1
0
1
0
0
1
0
1
0
1
0
1
0
1
0
1
1
0
0
1
0
0
0
1
0
1
1
1
0
0
0
0
1
0
1
1
0
1
1
0
0
0
1
0
1
0
0
0
1
1
1
1
0
0
1
1
0
1
1
1
0
0
Correction
1 0 0 1 0 1 1 0
Helper
Data
UNIVERSITY OF MICHIGAN
9
Pattern Matching Key
Generator(PMKG) Architecture
UNIVERSITY OF MICHIGAN
10
Key Generation Scheme



Major Difference
 Instead of making challenge public, make response public
Provisioning and Regeneration
 Happens over a number of rounds
Regeneration
 Involves matching the patterns provisioned to recreate key
UNIVERSITY OF MICHIGAN
11
Pattern Matching


Provisioning
 In each round select an index I
 Starting at that index store a pattern of length W
Regeneration
 Match against known patterns to obtain index
Index=sub-key
X X 7
PUF generated
bit stream:
1
1110100110
10 bits
UNIVERSITY OF MICHIGAN
0
Pattern Storage
011
000
101
12
Key Generator Architecture
UNIVERSITY OF MICHIGAN
13
Security



Public helper data does not leak information about key
 Index based key
Key mixer
 Post process key bits
LFSR forking
 Fork the next round of challenge generator based on key index
 Fixed number of comparisons against helper patterns
UNIVERSITY OF MICHIGAN
14
Key Generation Parameters
UNIVERSITY OF MICHIGAN
15
Intra-distance and Inter-distance
UNIVERSITY OF MICHIGAN
16
Matching threshold and FAR,FRR



Tolerance match detector
 Causes false positives and false negatives
 Requires appropriate matching threshold
 Requires sufficiently wide pattern
Otherwise use error correction scheme
For small pattern, additional logic required to prevent collision
UNIVERSITY OF MICHIGAN
17
False Negatives and False Positives
UNIVERSITY OF MICHIGAN
18
Trials Required For Key Regeneration
UNIVERSITY OF MICHIGAN
19
Conclusion


Main contribution
 Expose PUF response, keep challenge hidden
 Key regeneration via pattern matching
 Key bits are not directly stored
 Subkeys are indices of PUF responses
Avoid heavy error correction logic
 But need to choose good threshold and pattern width
 False positives, false negatives
UNIVERSITY OF MICHIGAN
20
Questions & Discussion Points



Is there enough process variation to identify between ICs?
Is setting a threshold a good enough approach?
Is the arbiter PUF a good choice?
UNIVERSITY OF MICHIGAN
21
References

[1] Paral, Z., and Srinivas Devadas. "Reliable and efficient
PUF-based key generation using pattern
matching." Hardware-Oriented Security and Trust (HOST),
2011 IEEE International Symposium on. IEEE, 2011.
UNIVERSITY OF MICHIGAN
22