A practical device authentication scheme using SRAM PUFs

The contamination of electronic component supply chains by counterfeit hardware devices is a serious and growing risk in today’s globalized marketplace. Current practice for detecting counterfeit semiconductors includes visual checking, electrical testing, and reliability testing which can require significant investments in expertise, equipment, and time. Additionally, best practices have been developed in industry worldwide to combat counterfeiting in many of its variants. Although the current approaches improve the situation significantly, they do not provide extensive technical means to detect counterfeiting. However, new approaches in this area are beginning to emerge. Suh and Devadas recently proposed a low cost device authentication scheme which relies on physically unclonable functions (PUFs) to implement a challenge–response authentication protocol. There are several constraints in their authentication scheme, e.g., their scheme requires a secure online database and relies on PUF constructions that exhibit a large number of challenge–response pairs. In this paper, we introduce a new device authentication scheme using PUFs for device anti-counterfeiting. Our scheme is simple and practical as it does not require any online databases and is not tied to any PUF implementations. We evaluate our authentication scheme on 96 discrete SRAM PUF devices and show that our scheme works well in practice. For hardware devices which already have SRAM and non-volatile storage embedded, our scheme takes almost no additional cost.

[1]  Rodham E. Tulloss,et al.  The Test Access Port and Boundary Scan Architecture , 1990 .

[2]  Dirk Fox,et al.  Digital Signature Standard (DSS) , 2001, Datenschutz und Datensicherheit.

[3]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[4]  Srinivas Devadas,et al.  Controlled physical random functions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[5]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[6]  Yevgeniy Dodis,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, EUROCRYPT.

[7]  Lejla Batina,et al.  RFID-Tags for Anti-counterfeiting , 2006, CT-RSA.

[8]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[9]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[10]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[11]  Ingrid Verbauwhede,et al.  Intrinsic PUFs from Flip-flops on Reconfigurable Devices , 2008 .

[12]  P. Tuyls,et al.  PUF-PRFs : A New Tamper-resilient Cryptographic Primitive , 2009 .

[13]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[14]  Memory Leakage-Resilient Encryption Based on Physically Unclonable Functions , 2010, Towards Hardware-Intrinsic Security.

[15]  John Neumann,et al.  Defense Supplier Base: DOD Should Leverage Ongoing Initiatives in Developing Its Program to Mitigate Risk of Counterfeit Parts , 2010 .

[16]  Helena Handschuh,et al.  Hardware intrinsic security from D flip-flops , 2010, STC '10.

[17]  Scott A. Rotondo Trusted Computing Group , 2011, Encyclopedia of Cryptography and Security.

[18]  Marcin Wójcik,et al.  Evaluation of a PUF Device Authentication Scheme on a Discrete 0.13um SRAM , 2011, INTRUST.