Leonid Bolotnyy and Gabriel Robins
Dept. of Computer Science
University of Virginia www.cs.virginia.edu/robins

Contribution
• Privacy-preserving tag identification algorithm
• Secure MAC algorithms
• Comparison of PUF with digital hash functions
Motivation
• Digital crypto implementations require 1000’s of gates
• Low-cost alternatives
– Pseudonyms / one-time pads
– Low complexity / power hash function designs
– Hardware-based solutions

• Physical Unclonable Function (PUF) [Gassend et al 2002]
• PUF Security is based on
– wire delays
– gate delays
– quantum mechanical fluctuations
• PUF characteristics
– uniqueness
– reliability
– unpredictability
• PUF Assumptions
– Infeasible to accurately model PUF
– Pair-wise PUF output-collision probability is constant
– Physical tampering will modify PUF

• Privacy
A B
Alice was here: A, B, C
C

ID p(ID)
ID
Request
• It is important to have
– a reliable PUF
– no loops in PUF chains
– no identical PUF outputs
Database
ID
1
, p(ID
1
), p
2
(ID
1
), …, p k
(ID
1
)
...
ID n
, p n
(ID n
), p n
2
(ID n
), …, p n k
(ID n
)
• Assumptions
– no denial of service attacks (e.g., passive adversaries, DoS detection/prevention mechanisms)
– physical compromise of tags not possible

• Run PUF multiple times for same ID & pick majority unreliability probability number of runs chain length overall reliability
R( μ, N, k ) ≥ (1 -
N
∑ m=
N+1
2
R(0.02, 5, 100) ≥ 0.992
N m
μ m
(1μ) N-m
) k
• Create tuples of multi-PUF computed IDs & identify a tag based on at least one valid position value expected number of identifications tuple size
S( μ, q ) =
∞
∑ i [(1 – (1μ
) i+1
) q
(1 – (1-μ) i
) q
]
(ID
1
, ID
2
, ID
3
) i=1
S(0.02, 1) = 49, S(0.02, 2) = 73, S(0.02, 3) = 90

Experiment:
1.
A passive adversary observes polynomially-many rounds of reader-tag communications with multiple tags
2.
An adversary selects 2 tags
3.
The reader randomly and privately selects one of the 2 tags and runs one identification round with the selected tag
4.
An adversary determines the tag that the reader selected
Definition: The algorithm is privacy-preserving if an adversary can not determine reader selected tag with probability substantially greater than ½
Theorem: Given random oracle assumption for PUFs, an adversary has no advantage in the above experiment.

• MAC = (K, τ, υ)
• valid signature σ : υ (M, σ) = 1
K
• forged signature σ’ : υ (M’, σ’) = 1, M = M’
K
• MAC based on PUF
– Motivation: “yoking-proofs”, signing sensor data
– large keys (PUF is the key)
– cannot support arbitrary messages
• Assumptions
– adversary can adaptively learn poly-many (m, σ) pairs
– signature verifiers are off-line
– tag can store a counter (to protect against replay attacks)

Assumption: tag can generate good random numbers
(can be PUF-based)
Key : PUF
σ (m) = c, r
1
, ..., r n
, p c
(r
1
, m), ..., p c
(r n
, m)
Signature verification
• requires tag’s presence
• password-based or in radio-protected environment (Faraday Cage)
• learn p c
(r i
, m), 1 ≤ i ≤ n
• verify that the desired fraction of PUF computations is correct
To protect against hardware tampering
• authenticate tag before MAC verification
• store verification password underneath PUF

prob v
(n, 0.1n, 0.02) prob v
(n, t, μ) = 1 n
∑ i=t+1 n i
μ i
(1μ) n-i prob f
(n, 0.1n, 0.4) prob f
(n, t, τ) = 1 n
∑ j=t+1 n j
τ j
(1τ) n-j
α < prob v
0 ≤ t ≤ n-1
≤ 1 and prob f
≤ β ≤ 1

Given random oracle assumption for a PUF, the probability that an adversary could forge a signature for a message is bounded from above by the tag impersonation probability.

Assumption: small and known a priori message space
PUF message counter
Key [p, m i
, c] = c, p c
(1)
(m i
), ..., p c
(n)
(m i
)
PUF reliability is again crucial
σ (m) = c, p c
(1)
(m), ..., p c
(n)
(m),
..., c+q-1, p c+q-1
(1)
(m), p c+q-1
(n)
(m) sub-signature
Verify that the desired number of sub-signatures are valid

Given random oracle assumption for a PUF, the probability that an adversary could forge a signature for a message is bounded by the tag impersonation probability times the number of sub-signatures.

original clone
• Impersonation attacks
– manufacture an identical tag
– obtain (steal) existing PUFs
• Modeling attacks
– build a PUF model to predict PUF’s outputs
• Side-channel attacks
– algorithm timing
– power consumption
• Hardware-tampering attacks
– physically probe wires to learn the PUF
– physically read-off/alter keys/passwords

algorithm MD4 MD5 SHA-256 AES Yuksel PUF
# of gates 7350 8400 10868 3400 1701
• Reference PUF: 545 gates for 64-bit input
– 6 to 8 gates for each input bit
– 33 gates to measure the delay
• Low gate count of PUF has a cost
– probabilistic outputs
– difficult to characterize analytically
– non-unique computation
– extra back-end storage
• Different attack target for adversaries
– model building rather than key discovery
• Physical security
– hard to break tag and remain undetected
545

• Attacks on PUF
– impersonation
– modeling
– hardware tampering
– side-channel
• Weaknesses of existing PUF reliability
• New PUF design
– no oscillating circuit
– sub-threshold voltage
• Compare different non-linear delay approaches

• PUF: hardware primitive for RFID security
• Identification and MAC algorithms based on PUF
• PUFs protect tags from physical attacks
• PUFs is the key
• Develop theoretical framework for PUF
• Design new sub-threshold voltage based PUF
• Manufacture and test PUFs
– varying environmental conditions
– motion, acceleration, vibration, temperature, noise
• Design new PUF-based security protocols
– ownership transfer
– recovery from privacy compromise
– PUFs on RFID readers
} in progress

Dept. of Computer Science
University of Virginia

• Ownership Transfer
• To maintain privacy we need
– ownership privacy
– forward privacy
• Physical security is especially important
• Solutions
– public key cryptography (expensive)
– knowledge of owners sequence
– trusted authority
– short period of privacy

s
2,0 s
1,0 s
2,1 s
1,1 s
2,2 s
2,3 s
1,2 s
2,4 s
3,0 s
3,1 s
3,2 s
3,3
4 s
3, s
3,5 s
3,6 s
3,7 s
3,8 s
3,9 s
3,10
1. Detect potential tag compromise
2. Update secrets of affected tags s
2,5

• Optical PUF [Ravikanth 2001]
• Silicon PUF [Gassend et al 2002]
– Design, implementation, simulation, manufacturing
– Authentication algorithm
– Controlled PUF
• PUF in RFID
– Identification/authentication [Ranasinghe et al 2004]
– Off-line reader authentication using public key cryptography
[Tuyls et al 2006]