利用多路选择器熵源的高移植性轻量级物理不可克隆函数研究

SR锁存器物理不可克隆函数 (Physical Unclonable Function, PUF) 是基于 FPGA 实现的最流行加密应用,在轻量级物联网设备中拥有广阔的市场。为了实现对称无偏SR锁存PUF,研究人员提出了不同的实现方法,这些方法增加了面积消耗。该文提出一种新型的基于MUX单元的延迟门来构成M_SR PUF单元,并将稳定状态下SR锁存器的输出提取作为PUF的响应。为了验证所提出的 M_SR PUF,该文在 Xilinx Virtex-6,Virtex-7 和 Kintex-7 3个系列的 FPGA 上进行了实现。值得一提的是,对称布局通过“硬宏”实现相对简单,保证了PUF更好的性能。实验结果表明,所提出的M_SR PUF可以在超宽范围的环境变化(温度:0°C～80°C;电压:0.8～1.2 V)下稳定工作,平均唯一性为50.125%。此外,所提出的 M_SR PUF 单元具有低开销的特点,仅消耗 4个 MUX 和 2个 DFF,并产生适合硬件安全应用的高熵响应。     

Exploiting Multi-Phase On-Chip Voltage Regulators as Strong PUF Primitives for Securing IoT

The physical randomness of the flying capacitors in the multi-phase on-chip switched-capacitor (SC) voltage converter is exploited as a novel strong physical unclonable function (PUF) primitive for IoT authentication. Moreover, for the strong PUF we devised, an approximated constant input power is achieved against side-channel attacks and a non-linear transformation block is utilized to scramble the high linear relationship between the input challenges and output responses against machine-learning attacks. The results show that the novel strong PUF primitive we designed achieves a nearly 51.3% inter-Hamming distance (HD) and 98.5% reliability while maintaining a high security level against both side-channel and machine-learning attacks.     

FPGA-based Physical Unclonable Functions: A comprehensive overview of theory and architectures

Physically Unclonable Functions (PUFs) are a promising technology and have been proposed as central building blocks in many cryptographic protocols and security architectures. Among other uses, PUFs enable chip identifier/authentication, secret key generation/storage, seed for a random number generator and Intellectual Property (IP) protection. Field Programmable Gate Arrays (FPGAs) are re-configurable hardware systems which have emerged as an interesting trade-off between the versatility of standard microprocessors and the efficiency of Application Specific Integrated Circuits (ASICs). In FPGA devices, PUFs may be instantiated directly from FPGA fabric components in order to exploit the propagation delay differences of signals caused by manufacturing process variations. PUF technology can protect the individual FPGA IP cores with less overhead. In this article, we first provide an extensive survey on the current state-of-the-art of FPGA based PUFs. Then, we provide a detailed performance evaluation result for several FPGA based PUF designs and their comparisons. Subsequently, we briefly report on some of the known attacks on FPGA based PUFs and the corresponding countermeasures. Finally, we conclude with a brief overview of the FPGA based PUF application scenarios and future research directions.     

基于气敏传感器的高稳态物理不可克隆函数发生器

物联网(IoT)作为战略性新兴产业已经上升为国家发展重点,但在实际应用中也面临各种安全威胁.确保资源受限物联网系统数据传输、处理和存储的安全已成为研究热点.该文通过对物理不可克隆函数(PUF)和传感器制备工艺偏差的研究,提出一种基于气敏传感器的高稳态物理不可克隆函数发生器设计方案.该方案首先采用静电喷雾沉积(ESD)方...     

Lightweight Cryptography: A Solution to Secure IoT

In Internet of Things (IoT), the massive connectivity of devices and enormous data on the air have made information susceptible to different type of attacks. Cryptographic algorithms are used to provide confidentiality and maintain the integrity of the information. But small size, limited computational capability, limited memory, and power resources of the devices make it difficult to use the resource intensive traditional cryptographic algorithms for information security. In this scenario it becomes impertinent to develop lightweight security schemes for IoT. A thorough study on the lightweight cryptography as a solution to the security problem of resource-constrained devices in IoT has been presented in this work. This paper is a comprehensive attempt to provide an in-depth and state of the art survey of available lightweight cryptographic primitives till 2019. In this paper 21 lightweight block ciphers, 19 lightweight stream ciphers, 9 lightweight hash functions and 5 variants of elliptic curve cryptography (ECC) has been discussed i.e. in total 54 LWC primitives are compared in their respective classes. The comparison of the ciphers has been carried out in terms of chip area, energy and power, hardware and software efficiency, throughput, latency and figure of merit (FoM). Based on the findings it can be observed that AES and ECC are the most suitable for used lightweight cryptographic primitives. Several open research problems in the field of lightweight cryptography have also been identified.

     

Reliable and secure data transfer in IoT networks

With the rapid technological improvements in mobile devices and their inclusion in Internet of Things (IoT), secure key management becomes mandatory to ensure security of information exchange. For instance, IoT applications, such as smart health-care and smart homes, provide automated services to the users with less or no user intervention. As these application use user-sensitive data, ensuring their security and privacy should be paramount, especially during the key management process. However, traditional approaches for key management will not suit well in IoT environment because of the inherent resource constraint property of IoT devices. In this paper, we propose a novel distributed key management scheme for IoT ecosystem. The proposed scheme efficiently provides security to IoT devices by delegating most of the resource consuming cryptographic processing to a local entity. This entity coordinates with other peer entities to provide a distributed key as well as an authentication mechanism to network devices. In particular, the proposed scheme exploits the advantages of mobile agents by deploying them in different subnetworks as and when required: (1) to process the cryptography work for the IoT devices, and (2) to act as an local authenticated entity to perform fast authentication process. To verify the effectiveness and correctness of our proposed scheme, we have simulated it in a large IoT scenario and evaluated against relevant metrics that includes user mobility, certification generation time, and communication overhead.

     

A lightweight IoT‐based security framework for inventory automation using wireless sensor network

Internet of things (IoT) has evolved as an innovation of next generation in this world of smart devices. IoT tends to provide services for data collection, data management, and data and device security required for application development. Things or devices in IoT communicate and compute to make our lives comfortable and safe. In inventory automation, real‐time check on items, their information management, and status management, monitoring can be carried out using IoT. The huge amount of data that flows among the devices in the network demands for a security framework that ensures authentication, authorization, integrity, and confidentiality of data. The existing security solutions like SIMON or SPECK offer lightweight security solutions but are vulnerable to differential attack because of their simplicity. Moreover, existing solutions do not offer inbuilt authentication. Therefore, this research work contributes a secure and lightweight IoT‐based framework using wireless sensor network (WSN) as a technology. The existing security solutions SPECK and SIMON are compared with the proposed security approach using COOJA simulator. The results show that proposed approach outstands others by 2% reduction in number of CPU cycles, 10% less execution time, 4% less memory requirements of security approach, and with minimum 10% more security impact.     

基于序列密码的强PUF抗机器学习攻击方法

物理不可克隆函数(Physical Unclonable Function, PUF)在信息安全领域具有极其重要的应用前景,然而也存在其自身安全受机器学习攻击等方面的不足。该文通过对PUF电路和密码算法的研究,提出一种基于序列密码的强PUF抗机器学习攻击方法。首先,通过构造滚动密钥生成器产生随机密钥,并与输入激励进行混淆;然后,将混淆后的激励通过串并转换电路作用于强PUF,产生输出响应;最后,利用Python软件仿真和FPGA硬件实现,并分析其安全性和统计特性。实验结果表明,当建模所用激励响应对(Challenge Response Pairs, CRPs)高达106组时,基于逻辑回归、人工神经网络和支持向量机的攻击预测率接近50%的理想值。此外,该方法通用性强、硬件开销小,且不影响PUF的随机性、唯一性以及可靠性。     

Quantum Cryptography for Internet of Things Security

Internet of things (IoT) is a developing technology with a lot of scope in the future. It can ease various different tasks for us. On one hand, IoT is useful for us, on the other hand, it has many serious security threats, like data breaches, side-channel attacks, and virus and data authentication. Classical cryptographic algorithms, like the Rivest-Shamir-Adleman (RSA) algorithm, work well under the classical computers. But the technology is slowly shifting towards quantum computing, which has immense processing power and is more than enough to break the current cryptographic algorithms easily. So it is required that we have to design quantum cryptographic algorithms to prevent our systems from security breaches even before quantum computers come in the market for commercial uses. IoT will also be one of the disciplines, which needs to be secured to prevent any malicious activities. In this paper, we review the common security threats in IoT and the presently available solutions with their drawbacks. Then quantum cryptography is introduced with some of its variations. And finally, the analysis has been carried out in terms of the pros and cons of implementing quantum cryptography for IoT security.     

FPGA implementation of highly secure,hardware‐efficient QC‐LDPC code–based nonlinear cryptosystem for wireless sensor networks

This paper presents the design and implementation of an integrated architecture for embedding security into quasi‐cyclic (QC) low‐density parity‐check (LDPC) code–based cryptographic system through a nonlinear function of low hardware complexity. Instead of using standard S ‐boxes for implementation of nonlinear function, this paper considers a method on the basis of maximum length cellular automata (CA), so that enhanced security can be achieved with simple hardware structure. The proposed system adopts a lightweight random bit stream generator on the basis of linear feedback shift register (LFSR) for generating random error vectors, so that a large number of vectors with very good cryptographic properties can be made available with low hardware cost. Different permutation patterns generated for different message blocks help to provide good degrees of freedom for tuning security with reasonable key size. The hardware architecture for the proposed system is developed and validated through implementation on Xilinx Spartan 3S500E. Analytical and synthesis results show that the proposed scheme is lightweight and offers very high security through continuously changing parameters, thus making it highly suitable for resource‐constrained applications.     

PUFPass: A password management mechanism based on software/hardware codesign

Secure passwords need high entropy, but are difficult for users to remember. Password managers minimize the memory burden by storing site passwords locally or generating secure site passwords from a master password through hashing or key stretching. Unfortunately, they are threatened by the single point of failure introduced by the master password which is vulnerable to various attacks such as offline attack and shoulder surfing attack. To handle these issues, this paper proposes the PUFPass, a secure password management mechanism based on software/hardware codesign. By introducing the hardware primitive, Physical Unclonable Function (PUF), into PUFPass, the random physical disorder is exploited to strengthen site passwords. An illustration of PUFPass in the Android operating system is given. PUFPass is evaluated from aspects of both security and preliminary usability. The security of the passwords is evaluated using a compound heuristic algorithm based PUF attack software and an open source password cracking software, respectively. Finally, PUFPass is compared with other password management mechanisms using the Usability-Deployability-Security (UDS) framework. The results show that PUFPass has great advantages in security while maintaining most benefits in usability.     

基于亚阈值电流阵列的低成本物理不可克隆电路设计

物理不可克隆函数(PUF)能够提取出集成电路在加工过程中的工艺误差并将其转化为安全认证的密钥。由于常用于资源及功耗都受限的场合,实用化的PUF电路需要极高的硬件利用效率及较强的抗攻击性能。该文提出一种基于亚阈值电流阵列放电方案的低成本PUF电路设计方案。亚阈值电流阵列的电流具有极高的非线性特点,通过引入栅控开关和交叉耦合的结构,能够显著提升PUF电路的唯一性和稳定性。此外,通过引入亚阈值电流的设计可以极大地提高PUF的安全性,降低传统攻击手段的建模攻击。为了提升芯片的资源利用率,通过详细紧凑的版图设计和优化,该文提出的PUF单元面积仅为377.4 μm2,使得其特别适合物联网等低功耗低成本应用场景。仿真结果表明,该文所提亚阈值电路放电阵列PUF具有良好的唯一性和稳定性,无需校准电路的标准温度电压下唯一性为48.85%;在温度范围–20～80°C,电压变动范围为0.9～1.3V情况下,其可靠性达到了99.47%。     

Reconfigurable Electronic Physically Unclonable Functions Based on Organic Thin-Film Transistors with Multiscale Polycrystalline Entropy for Highly Secure Cryptography Primitives

In this study, organic thin-film transistors (OTFTs) are investigated as a promising platform for cost-effective, reconfigurable, and strong electronic physically unclonable functions (PUFs) for highly secure cryptography primitives. Simple spin-casting of solution-processable small-molecule organic semiconductors forms unique and unclonable fingerprint thin films with randomly distributed polycrystalline structures ranging from nanoscale molecular orientations to microcrystalline orientations, which provides a stochastic entropy source of device-to-device variations for OTFT arrays. Blending organic semiconductors with polymer materials is a promising strategy to improve the reliability of OTFT-based PUFs. Studies on the relationship between the phase-separated polycrystalline microstructure of organic semiconductor/polymer blend films and PUF characteristics reveal that the 2D mosaic microcrystalline structure of organic semiconductors in the vertically phase-separated trilayered structure enables the implementation of OTFT-based PUFs that simultaneously satisfy the requirements of being unclonable and unpredictable, with reliable cryptographic properties. The inherent multiscale randomness of the crystalline structure allows random distribution in OTFT-based PUFs even with various channel dimensions. The secret bit stream generated from the OTFT-based PUF developed in this study is reconfigurable by simply changing the gate bias, demonstrating the potential to counter evolving security attack threats.     

Very High-Speed True Random Noise Generator

In this work an original CMOS implementation of a discrete-time deterministic-chaos algorithm for random bit generation is presented. The proposed circuit topology prevents the degradation of the generated-sequence statistical properties that can be caused by several factors, including the parameter spreading of the technological processes. Experimental results show that, with a final rate of 3 Mbit/s, the circuit is compliant with the most recent security requirements for cryptographic modules issued by the American National Institute of Standards and Technologies.     

物联网的安全威胁及需求分析

物联网分布范围的广泛性、节点的移动性以及业务应用的复杂性给物联网的安全带来严峻挑战。根据物联网的架构和特点,划分物联网的安全体系,并分析了不同层面所面临的多种安全问题。分别从物联网末端节点、感知层、网络层、应用层、管理控制五个层面全面分析了物联网可能面临的多种安全威胁,并在此基础上提出了物联网面临的安全需求。     

Lightweight Bio-Chaos Crypt to Enhance the Security of Biometric Images in Internet of Things Applications

In recent times, numerous Internet of Things (IoT) applications have begun to use biometric identity for authentication purposes. The integrity and confidentiality of biometric templates during storage and transmission is crucial as it contains key information on the physical identity of the users. Encryption is an effective template protection technique. However, most of the edge side gadgets in the IoT environment require lightweight encryption schemes due to constraints in available power and memory space. Conventional cryptosystems are expensive because of their complexity and multiple rounds for encryption. In the present work, a lightweight bio-cryptosystem is developed to ensure security while storing and transmitting biometric templates. The proposed bio-crypto architecture has three stages—key generation, confusion and diffusion. A two-dimensional logistic sine map is used for key generation. A novel method of diffusion using DNA encoding and ciphering is proposed to decrease the complexity of the encryption process considerably and achieve desirable integrity. Simulations and security analysis indicate that the proposed cryptosystem has sufficient level of security and robustness, involves lesser computational complexity and has the potential of satisfying the requirements of IoT applications.

     

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.     

The Bounded-Storage Model in the Presence of a Quantum Adversary

An extractor is a function that is used to extract randomness. Given an imperfect random source X and a uniform seed Y, the output E(X,Y) is close to uniform. We study properties of such functions in the presence of prior quantum information about X, with a particular focus on cryptographic applications. We prove that certain extractors are suitable for key expansion in the bounded-storage model where the adversary has a limited amount of quantum memory. For extractors with one-bit output we show that the extracted bit is essentially equally secure as in the case where the adversary has classical resources. We prove the security of certain constructions that output multiple bits in the bounded-storage model.     

基于多项式拟合频率重构的物理不可克隆函数优化

近年来硬件安全不断受到挑战,具有不可预测性、随机性等特性的环形振荡器物理不可克隆函数(Ring Oscillator Physical Unclonable Function,RO PUF)可作为硬件安全重要的加密密钥方式,但通常原始RO PUF不满足加密密钥对随机性的要求.因此,提出了基于多项式拟合频率重构的PUF优...     

Design and extensive hardware performance analysis of an efficient pairwise key generation scheme for Smart Grid

Generating pairwise shared keys among different entities of Smart Grid is of great significance because it provides the possibility of subsequent fast and secure communications by means of symmetric key algorithms. Due to the constrained resources of the measurement devices or the smart meters, the shared key generation scheme must not only provide the security features but also put the least possible burden on the measurement devices. Several key generation schemes have been presented thus far. However, many require time and resource consuming operations, some are not suitable for hierarchical data collection in the honest‐but‐curious model, some rely on a third trusted party, and last but not least, most of them have not considered suitable hardware that can be employed for each entity of Smart Grid. Therefore, in this paper, we propose a key generation scheme that not only is free from the aforementioned issues but is also efficient in both communication and computational costs. Additionally, and more importantly, we have implemented the cryptographic elements on (a) an ARM Cortex‐M3 microcontroller, which is a proper candidate for the measurement devices; (b) an Intel Core i7‐4702MQ processor, which can be employed for either the data collectors or the power operator; and (c) 4 ARM processors, three 32‐bit and one 64‐bit. Eventually, we have evaluated the feasibility of using the ARM processors to be employed for the data collectors. We hope that the achieved results be useful for other researches in this field.