基于序列密码的强PUF抗机器学习攻击方法

物理不可克隆函数(Physical Unclonable Function,PUF)在信息安全领域具有极其重要的应用前景,然而也存在其自身安全受机器学习攻击等方面的不足.该文通过对PUF电路和密码算法的研究,提出一种基于序列密码的强PUF抗机器学习攻击方法.首先,通过构造滚动密钥生成器产生随机密钥,并与输入激励进行混淆;然后,将混淆后的激励通过串并转换电路作用于强PUF,产生输出响应;最后,利用Python软件仿真和FPGA硬件实现,并分析其安全性和统计特性.实验结果表明,当建模所用激励响应对(Challenge Response Pairs,CRPs)高达106组时,基于逻辑回归、人工神经网络和支持向量机的攻击预测率接近50％的理想值.此外,该方法通用性强、硬件开销小,且不影响PUF的随机性、唯一性以及可靠性.     

基于正交混淆的多硬件IP核安全防护设计

为了解决集成电路设计中多方合作的成员信息泄漏问题,该文提出一种基于正交混淆的多硬件IP核安全防护方案。该方案首先利用正交混淆矩阵产生正交密钥数据,结合硬件特征的物理不可克隆函数(PUF)电路,产生多硬件IP核的混淆密钥;然后,在正交混淆状态机的基础上,实现多硬件IP核的正交混淆安全防护算法;最后,利用ISCAS-85基准电路和密码算法,验证正交混淆方法的有效性。在台湾积体电路制造股份有限公司(TSMC) 65 nm工艺下测试正交混淆的多硬件IP核方案,正确密钥和错误密钥下的Toggle翻转率小于5%,在较大规模的测试电路中面积和功耗开销占比小于2%。实验结果表明,采用正交混淆的方式能够提高多硬件IP核的安全性,可以有效防御成员信息泄漏、状态翻转率分析等攻击。     

基于人工神经网络特征向量提取的FF-APUF攻击方法

为评估物理不可克隆函数(PUF)的安全性,需针对不同的PUF结构设计相应的攻击方法。该文通过对强PUF电路结构和工作机理的研究,利用人工神经网络(ANN)提出一种针对触发器-仲裁器物理不可克隆函数(FF-APUF)的有效攻击方法。首先,根据FF-APUF电路结构,利用多维数组构建电路延时模型;然后,对FF-APUF的二进制激励进行邻位划分,将划分后的激励转换为十进制并表示为行向量,实现特征向量提取;最后,基于提取的特征向量利用ANN构建攻击模型并通过后向传播算法获得最优参数。实验结果表明,相同条件下攻击预测率均高于其他3种常用的机器学习方法,尤其当激励响应对(CRP)数量较少、激励位数较多时,优势更加明显。当激励位数为128、CRP个数为100和500时,平均攻击预测率分别提高36.0%和16.1%。此外,该方法具有良好的鲁棒性和可扩展性,不同噪声系数下攻击预测率与可靠性相差最大仅0.32%。     

基于人工神经网络特征向量提取的FF-APUF攻击方法

为评估物理不可克隆函数(PUF)的安全性,需针对不同的PUF结构设计相应的攻击方法.该文通过对强PUF电路结构和工作机理的研究,利用人工神经网络(ANN)提出一种针对触发器-仲裁器物理不可克隆函数(FF-APUF)的有效攻击方法.首先,根据FF-APUF电路结构,利用多维数组构建电路延时模型;然后,对FF-APUF的二进制激励进行邻位划分,将划分后的激励转换为十进制并表示为行向量,实现特征向量提取;最后,基于提取的特征向量利用ANN构建攻击模型并通过后向传播算法获得最优参数.实验结果表明,相同条件下攻击预测率均高于其他3种常用的机器学习方法,尤其当激励响应对(CRP)数量较少、激励位数较多时,优势更加明显.当激励位数为128、CRP个数为100和500时,平均攻击预测率分别提高36.0％和16.1％.此外,该方法具有良好的鲁棒性和可扩展性,不同噪声系数下攻击预测率与可靠性相差最大仅0.32％.     

基于65 nm工艺的多端口可配置PUF电路设计

物理不可克隆函数(Physical Unclonable Function, PUF)电路利用结构完全相同的电路在制造过程中存在的随机工艺偏差,产生具有唯一性、随机性和不可克隆性的密钥。该文通过对共源共栅电流镜的研究,提出一种基于电流镜工艺偏差的多端口可配置PUF电路。该PUF电路由输入寄存器、偏差电压源、复用网络、判决器阵列和扰乱模块构成,通过激励信号配置偏差电压源,无需更换硬件便可实现输出密钥的变化,且可在一个时钟周期内输出多位密钥。在SMIC 65 nm CMOS工艺下,采用全定制方式设计具有36个输出端口的PUF电路,版图面积为24.8 m77.4 m。实验结果表明,该PUF电路具有良好的唯一性和随机性,且工作在不同温度(-40~125C)和电压(1.08~1.32 V)下的可靠性均大于97.4%,可应用于信息安全领域。     

基于敏感度混淆机制的控制型物理不可克隆函数研究

为了克服物理不可克隆函数(PUF)面对建模攻击的脆弱性,该文提出一种基于敏感度混淆机制的控制型PUF架构。根据PUF的布尔函数定义及Walsh谱理论,推导出各个激励位具有不同敏感度,分析并归纳了与混淆值位宽奇偶性有关的位置选取规则。利用该规则指导了多位宽混淆算法(MWCA)的设计,构建了具有高安全性的控制型PUF架构。将基础PUF结构作为控制型PUF的防护对象进行实验评估,发现基于敏感度混淆机制的控制型PUF所产生的响应具有较好的随机性。采用逻辑回归算法对不同PUF结构进行建模攻击,实验结果表明,相比基本ROPUF、仲裁器PUF以及基于随机混淆机制的OB-PUF,基于敏感度混淆机制的控制型PUF能够显著提高PUF的抗建模攻击能力。     

基于多级协同混淆的硬件IP核安全防护设计

传统硬件混淆从物理级、逻辑级、行为级等进行单层次混淆,没有发挥多级协同优势,存在安全隐患。该文通过对物理版图、电路逻辑和状态跳变行为的关系研究,提出多级协同混淆的硬件IP核防护方法。该方案首先在自下而上协同混淆中,采用虚拟孔设计版图级伪装门的方式进行物理-逻辑级混淆,采用过孔型物理不可克隆函数(PUF)控制状态跳变的方式实现物理-行为级混淆;然后,在自上而下协同混淆中,利用密钥控制密钥门进行行为-逻辑级混淆,利用并行-支路混淆线的方法完成行为-物理级混淆;最后提出混淆电路在网表的替换机制,设计物理-逻辑-行为的3级协同混淆,实现多级协同混淆的IP核安全防护。ISCAS-89基准电路测试结果表明,在TSMC 65 nm工艺下,多级协同混淆IP核在较大规模测试电路中的面积开销占比平均为11.7%,功耗开销占比平均为5.1%,正确密钥和错误密钥下的寄存器翻转差异低于10%,所提混淆方案可有效抵御暴力攻击、逆向工程、SAT等攻击。     

基于多级协同混淆的硬件IP核安全防护设计

传统硬件混淆从物理级、逻辑级、行为级等进行单层次混淆,没有发挥多级协同优势,存在安全隐患.该文通过对物理版图、电路逻辑和状态跳变行为的关系研究,提出多级协同混淆的硬件IP核防护方法.该方案首先在自下而上协同混淆中,采用虚拟孔设计版图级伪装门的方式进行物理-逻辑级混淆,采用过孔型物理不可克隆函数(PUF)控制状态跳变的方式实现物理-行为级混淆;然后,在自上而下协同混淆中,利用密钥控制密钥门进行行为-逻辑级混淆,利用并行-支路混淆线的方法完成行为-物理级混淆;最后提出混淆电路在网表的替换机制,设计物理-逻辑-行为的3级协同混淆,实现多级协同混淆的IP核安全防护.ISCAS-89基准电路测试结果表明,在TSMC 65 nm工艺下,多级协同混淆IP核在较大规模测试电路中的面积开销占比平均为11.7％,功耗开销占比平均为5.1％,正确密钥和错误密钥下的寄存器翻转差异低于10％,所提混淆方案可有效抵御暴力攻击、逆向工程、SAT等攻击.     

可配置电阻分压型DAC-PUF电路设计

物理不可克隆函数(Physical Unclonable Function,PUF)电路利用结构和设计参数相同的单元电路在制造过程中存在的随机工艺偏差,产生具有唯一性、随机性和不可克隆性的密钥.通过对电阻失配和数模转换器(Digital to Analogue Conversion,DAC)的研究,提出一种可配置电阻分压型DAC-PUF电路设计方案.该PUF电路由输入寄存器、电阻分压型DAC、电压比较器和时序控制模块构成.通过激励信号配置DAC单元,使该PUF电路无需更换硬件便可实现输出密钥的变化.在TSMC-LP 65nm CMOS工艺下采用全定制方式进行版图设计,面积为72.4μm×87.8μm.实验结果表明该PUF电路唯一性高,且在不同温度(-40~125℃)和电压(1.08~1.32V)下随机性和可靠性分别大于99.1%和97.8%,可广泛应用于信息安全领域.     

强物理不可克隆函数的侧信道混合攻击

物理不可克隆函数（Physical Unclonable Function,PUF）凭借其固有的防篡改、轻量级等特性,在资源受限的物联网安全领域拥有广阔的应用前景,其自身的安全问题也日益受到关注.多数强PUF可通过机器学习方法建模,抗机器学习的非线性结构PUF难以抵御侧信道攻击.本文在研究强PUF建模的基础上,基于统一符号规则分类介绍了现有的强PUF侧信道攻击方法如可靠性分析、功耗分析和故障注入等,重点论述了各类侧信道/机器学习混合攻击方法的原理、适用范围和攻击效果,文章最后讨论了PUF侧信道攻击面临的困境和宜采取的对策.     

A novel current controlled configurable RO PUF with improved security metrics

Physical Unclonable Functions (PUFs) are promising hardware security primitives which produce unique signatures. Out of several delay based PUF circuits, Configurable Ring Oscillator (CRO) PUF has got higher uniqueness and it is resilient against modelling attacks. In this paper, we present a novel Current controlled CRO (C-CRO) PUF in which inverters of RO uses different logic styles: static CMOS and Feedthrough logic (FTL). Use of different logic styles facilitates improvement of security metrics of PUF. The analysis of security metrics of the proposed architecture is carried out in 90 nm CMOS technology shows, using FTL logic leads to better security metrics. Proposed C-CRO PUF is also both power and area efficient. Further, in order to measure the vulnerability of proposed PUF, machine learning attack is carried out and the result shows FTL RO based C-CRO PUF is highly resilient to machine learning attack because of its non-linearity property.     

基于亚阈值电流阵列的低成本物理不可克隆电路设计

物理不可克隆函数(PUF)能够提取出集成电路在加工过程中的工艺误差并将其转化为安全认证的密钥。由于常用于资源及功耗都受限的场合,实用化的PUF电路需要极高的硬件利用效率及较强的抗攻击性能。该文提出一种基于亚阈值电流阵列放电方案的低成本PUF电路设计方案。亚阈值电流阵列的电流具有极高的非线性特点,通过引入栅控开关和交叉耦合的结构,能够显著提升PUF电路的唯一性和稳定性。此外,通过引入亚阈值电流的设计可以极大地提高PUF的安全性,降低传统攻击手段的建模攻击。为了提升芯片的资源利用率,通过详细紧凑的版图设计和优化,该文提出的PUF单元面积仅为377.4 μm2,使得其特别适合物联网等低功耗低成本应用场景。仿真结果表明,该文所提亚阈值电路放电阵列PUF具有良好的唯一性和稳定性,无需校准电路的标准温度电压下唯一性为48.85%;在温度范围–20～80°C,电压变动范围为0.9～1.3V情况下,其可靠性达到了99.47%。     

Security Against Hardware Trojan Attacks Using Key-Based Design Obfuscation

Malicious modification of hardware in untrusted fabrication facilities, referred to as hardware Trojan, has emerged as a major security concern. Comprehensive detection of these Trojans during post-manufacturing test has been shown to be extremely difficult. Hence, it is important to develop design techniques that provide effective countermeasures against hardware Trojans by either preventing Trojan attacks or facilitating detection during test. Obfuscation is a technique that is conventionally employed to prevent piracy of software and hardware intellectual property (IP). In this work, we propose a novel application of key-based circuit structure and functionality obfuscation to achieve protection against hardware Trojans triggered by rare internal circuit conditions. The proposed obfuscation scheme is based on judicious modification of the state transition function, which creates two distinct functional modes: normal and obfuscated. A circuit transitions from the obfuscated to the normal mode only upon application of a specific input sequence, which defines the key. We show that it provides security against Trojan attacks in two ways: (1) it makes some inserted Trojans benign, i.e. they become effective only in the obfuscated mode; and (2) it prevents an adversary from exploiting the true rare events in a circuit to insert hard-to-detect Trojans. The proposed design methodology can thus achieve simultaneous protection from hardware Trojans and hardware IP piracy. Besides protecting ICs against Trojan attacks in foundry, we show that it can also protect against malicious modifications by untrusted computer-aided design (CAD) tools in both SoC and FPGA design flows. Simulation results for a set of benchmark circuits show that the scheme is capable of achieving high levels of security against Trojan attacks at modest area, power and delay overhead.     

基于多项式拟合频率重构的物理不可克隆函数优化

近年来硬件安全不断受到挑战,具有不可预测性、随机性等特性的环形振荡器物理不可克隆函数(Ring Oscillator Physical Unclonable Function,RO PUF)可作为硬件安全重要的加密密钥方式,但通常原始RO PUF不满足加密密钥对随机性的要求.因此,提出了基于多项式拟合频率重构的PUF优...     

PUFPass: A password management mechanism based on software/hardware codesign

Secure passwords need high entropy, but are difficult for users to remember. Password managers minimize the memory burden by storing site passwords locally or generating secure site passwords from a master password through hashing or key stretching. Unfortunately, they are threatened by the single point of failure introduced by the master password which is vulnerable to various attacks such as offline attack and shoulder surfing attack. To handle these issues, this paper proposes the PUFPass, a secure password management mechanism based on software/hardware codesign. By introducing the hardware primitive, Physical Unclonable Function (PUF), into PUFPass, the random physical disorder is exploited to strengthen site passwords. An illustration of PUFPass in the Android operating system is given. PUFPass is evaluated from aspects of both security and preliminary usability. The security of the passwords is evaluated using a compound heuristic algorithm based PUF attack software and an open source password cracking software, respectively. Finally, PUFPass is compared with other password management mechanisms using the Usability-Deployability-Security (UDS) framework. The results show that PUFPass has great advantages in security while maintaining most benefits in usability.     

FPGA-based Physical Unclonable Functions: A comprehensive overview of theory and architectures

Physically Unclonable Functions (PUFs) are a promising technology and have been proposed as central building blocks in many cryptographic protocols and security architectures. Among other uses, PUFs enable chip identifier/authentication, secret key generation/storage, seed for a random number generator and Intellectual Property (IP) protection. Field Programmable Gate Arrays (FPGAs) are re-configurable hardware systems which have emerged as an interesting trade-off between the versatility of standard microprocessors and the efficiency of Application Specific Integrated Circuits (ASICs). In FPGA devices, PUFs may be instantiated directly from FPGA fabric components in order to exploit the propagation delay differences of signals caused by manufacturing process variations. PUF technology can protect the individual FPGA IP cores with less overhead. In this article, we first provide an extensive survey on the current state-of-the-art of FPGA based PUFs. Then, we provide a detailed performance evaluation result for several FPGA based PUF designs and their comparisons. Subsequently, we briefly report on some of the known attacks on FPGA based PUFs and the corresponding countermeasures. Finally, we conclude with a brief overview of the FPGA based PUF application scenarios and future research directions.