< Back to previous page
Project
Lightweight PUF-based Key and Random Number Generation
As embedded electronics continue to be integrated into our daily lives at such a pace that there are nowadays more cellphones than people on the planet, security is becoming ever more crucial. Unfortunately, this isall too often realized as an afterthought and thus the security implementations in many embedded devices offer little to no practical protection. Security does not require only cryptographic algorithms; two other critical modules in a secure system are a key generation module and a random number generator (RNG). The lack of well thought-out implementations of these modules has been the downfall of the security in many devices, many of them high-profile.
In this thesis, we look into ways of constructing secure versions of both of these building blocks in embeddeddevices. Towards this end, we turn our attention to physically unclonable functions (PUFs). A PUF is a promising, relatively novel primitive that functions as a fingerprint for electronic devices. In our research, we have combined PUFs with custom hardware modules, such as a BCH error correcting code decoder, to create the first "black box" PUF-based key generation module. Our implementation requires very little real estate, proving that very efficient BCH error correcting codes, which are normallywritten off as being unwieldy and complex, are in fact feasible for usein PUF-based systems.
We furthermore investigate the presence ofPUFs in commercial off-the-shelf (COTS) microcontrollers. A thorough investigation of the usability of SRAM as PUFs and RNGs in a handful of the most prominent microcontroller families on the market is presented. Wediscuss the practical use of the measured microcontrollers in light of our findings, and show that there are large differences between the various families. Our study is the first of its kind, and clearly displays the need for continued work in this fashion on other microcontrollers.
Finally, we develop a system for a secure RNG on COTS embedded devices, leveraging errors in available PUFs as a source of entropy. Building upon the findings of our microcontroller study, we successfully implement this system onto various ARM Cortex-M microcontrollers. Part of thisresult is an implementation of the Keccak algorithm, the smallest published to date.
In this thesis, we look into ways of constructing secure versions of both of these building blocks in embeddeddevices. Towards this end, we turn our attention to physically unclonable functions (PUFs). A PUF is a promising, relatively novel primitive that functions as a fingerprint for electronic devices. In our research, we have combined PUFs with custom hardware modules, such as a BCH error correcting code decoder, to create the first "black box" PUF-based key generation module. Our implementation requires very little real estate, proving that very efficient BCH error correcting codes, which are normallywritten off as being unwieldy and complex, are in fact feasible for usein PUF-based systems.
We furthermore investigate the presence ofPUFs in commercial off-the-shelf (COTS) microcontrollers. A thorough investigation of the usability of SRAM as PUFs and RNGs in a handful of the most prominent microcontroller families on the market is presented. Wediscuss the practical use of the measured microcontrollers in light of our findings, and show that there are large differences between the various families. Our study is the first of its kind, and clearly displays the need for continued work in this fashion on other microcontrollers.
Finally, we develop a system for a secure RNG on COTS embedded devices, leveraging errors in available PUFs as a source of entropy. Building upon the findings of our microcontroller study, we successfully implement this system onto various ARM Cortex-M microcontrollers. Part of thisresult is an implementation of the Keccak algorithm, the smallest published to date.
Date:8 Sep 2009 → 16 Jan 2015
Keywords:Counter-measures, Sidechannel attacks
Disciplines:Other engineering and technology
Project type:PhD project