ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Implementation and characterization of flash-based hardware security primitives for cryptographic key generation

  • Mi-Kyung Oh (Radio & Satellite Research Division, Electronics and Telecommunications Research Institute) ;
  • Sangjae Lee (Radio & Satellite Research Division, Electronics and Telecommunications Research Institute) ;
  • Yousung Kang (Information Security Research Division, Electronics and Telecommunications Research Institute) ;
  • Dooho Choi (Department of AI Cyber Security/College of Science & Technology, Korea University Sejong)
  • Received : 2021.12.01
  • Accepted : 2022.07.06
  • Published : 2023.04.20
Download PDF
⟨ Previous Next ⟩

Abstract

Hardware security primitives, also known as physical unclonable functions (PUFs), perform innovative roles to extract the randomness unique to specific hardware. This paper proposes a novel hardware security primitive using a commercial off-the-shelf flash memory chip that is an intrinsic part of most commercial Internet of Things (IoT) devices. First, we define a hardware security source model to describe a hardware-based fixed random bit generator for use in security applications, such as cryptographic key generation. Then, we propose a hardware security primitive with flash memory by exploiting the variability of tunneling electrons in the floating gate. In accordance with the requirements for robustness against the environment, timing variations, and random errors, we developed an adaptive extraction algorithm for the flash PUF. Experimental results show that the proposed flash PUF successfully generates a fixed random response, where the uniqueness is 49.1%, steadiness is 3.8%, uniformity is 50.2%, and min-entropy per bit is 0.87. Thus, our approach can be applied to security applications with reliability and satisfy high-entropy requirements, such as cryptographic key generation for IoT devices.

Keywords

Acknowledgement

This research was supported by the Institute of Information & Communications Technology Planning & Evaluation (IITP) grant funded by the Korean government (MSIT) (No. 2018-0-00230, [TrusThingz Project]). This research was supported by the Unmanned Vehicles Core Technology Research and Development Program through the National Research Foundation of Korea (NRF) and the Unmanned Vehicle Advanced Research Center (UVARC) funded by the Ministry of Science and ICT, Republic of Korea (No. 2020M3C1C1A01084523)

References

  1. S. Li, T. Zhang, B. Yu, and K. He, A provably secure and practicle PUF-based end-to-end mutual authentication and key exchange protocol for IoT, IEEE Sensors J. 21 (2021), no. 4, 5487-5501. https://doi.org/10.1109/JSEN.2020.3028872
  2. V. P. Yanambaka, S. P. Mohanty, E. Kougianos, and D. Puthal, PMsec: Physical unclonable function-based robust and lightweight authentication in the Internet of Medical Things, IEEE Trans. Consum. Electron. 65 (2019), no. 3, 388-397. https://doi.org/10.1109/TCE.2019.2926192
  3. A. Yazdinejad, R. M. Parizi, A. Dehghantanha, H. Karimipour, G. Srivastava, and M. Aledhari, Enabling drones in the internet of things with decentralized blockchain-based security, IEEE Int. Things J. 8 (2021), no. 8, 6406-6415. https://doi.org/10.1109/JIOT.2020.3015382
  4. C. Huth, D. Becker, J. G. Merchan, P. Duplys, and T. Guneysu, Securing systems with indispensable entropy: LWE-based lossless computational fuzzy extractor for the Internet of Things, IEEE Access 5 (2017), no. 2, 11909-11926. https://doi.org/10.1109/ACCESS.2017.2713835
  5. Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, A survey on security and privacy issues in Internet of Things, IEEE Int. Things J. 4 (2017), no. 5, 1250-1258. https://doi.org/10.1109/JIOT.2017.2694844
  6. M. N. Aman, K. C. Chua, and B. Sikdar, Physical unclonable functions for IoT security, (Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, Xi'an, China), 2016, pp. 10-13. https://doi.org/10.1145/2899007.2899013
  7. J. R. Wallrabenstein, Practical and secure IoT device authentication using physical unclonable functions, (IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), Vienna, Austria), 2016, pp. 99-106. https://doi.org/10.1109/FiCloud.2016.22
  8. R. S. Pappu, Physical one-way functions, Ph.D. dissertation, MIT, Cambridge, MA, USA, (2001).
  9. S. Lim, B. Song, and S. Jung, Highly independent MTJ-based PUF system using diode-connected transistor and two-step post-processing for improved response stability, IEEE Trans. Inf. Forensics Security 15 (2020), 2798-2807. https://doi.org/10.1109/TIFS.2020.2976623
  10. U. Ruhrmair, S. Devadas, and F. Koushanfar, Security based on physical unclonability and disorder, Introduction to Hardware Security and Trust, Springer, New York, NY, USA, 2012, pp. 65-102. https://doi.org/10.1007/978-1-4419-8080-9_4
  11. C. Herder, M. Yu, F. Koushanfar, and S. Devadas, Physical unclonable functions and applications: A tutorial, Proc. IEEE 102 (2014), no. 8, 1126-1141. https://doi.org/10.1109/JPROC.2014.2320516
  12. M. D. Yu and S. Devadas, Secure and robust error correction for physical unclonable functions, IEEE Design Test Comput. 27 (2010), no. 1, 48-65. https://doi.org/10.1109/MDT.2010.25
  13. A. Maiti, J. Casarona, L. McHale, and P. Schaumont, A large scale characterization of RO-PUF, (IEEE International Symposium on Hardware-Oriented Security and Trust, Anaheim, CA, USA), 2010, pp. 94-99. https://doi.org/10.1109/HST.2010.5513108
  14. A. Cherkaoui, L. Bossuet, and C. Marchand, Design, evaluation, and optimization of physical unclonable functions based on transient effect ring oscillators, IEEE Trans. Inf. Forensics Security 11 (2016), no. 6, 2191-1305. https://doi.org/10.1109/TIFS.2016.2524666
  15. Y. Hori, T. Yoshida, T. Katashita, and A. Satoh, Quantitative and statistical performance evaluation of arbiter physical unclonable functions on FPGA, (International conference on reconfigurable computing and FPGAs, Quintana Roo, Mexico), 2010, pp. 298-303. https://doi.org/10.1109/ReConFigure2010.24
  16. B. Li, S. Chen, and F. Dan, Design and implementation of an improved MA-APUF with higer uniqueness and security, ETRI J. 42 (2019), no. 2, 205-216. https://doi.org/10.4218/etrij.2019-0081
  17. G.-J. Schrijen and V. Leest, Comparative analysis of SRAM memories used as PUF primitives, (Design, Automation & Test in Europe Conference & Exhibition, Dresden, Germany), 2012, pp. 1-14. https://doi.org/10.1109/DATE.2012.6176696
  18. Q. Tang, C. Zhou, W. Choi, G. Kang, J. Park, K. K. Parhi, and C. H. Kim, A DRAM based physical unclonable function capable of generating >1032 challenge response pairs per 1Kbit array for secure chip authentication, (IEEE Custom Integrated Circuits Conference, Austin, TX, USA), 2017, pp. 1-4. https://doi.org/10.1109/CICC.2017.7993610
  19. S. Sakib, M. T. Rahman, A. Milenkovic, and B. Ray, Flash memory based physical unclonable function, (Proc. SoutheastCon, Huntsville, AL, USA), 2019, pp. 1-6. https://doi.org/10.1109/SoutheastCon42311.2019.9020567
  20. A. Schaller, W. Xiong, N. A. Anagnostopoulos, M. U. Saleem, S. Gabmeyer, S. Katzenbeisser, and J. Szefer, Decay-based DRAM PUFs in commodity devices, IEEE Trans. Dependable and Secure Compt. 16 (2019), no. 3, 462-475. https://doi.org/10.1109/TDSC.2018.2822298
  21. I. Kumari, M. Oh, Y. Kang, and D. Choi, Rapid run-time DRAM PUF based on bit-flip position for secure IoT devices, (Proc. SENSORS, New Delhi, India), 2018. https://doi.org/10.1109/ICSENS.2018.8589608
  22. S. Jia, L. Xia, Z. Wang, J. Lin, G. Zhang, and Y. Ji, Extracting robust keys from NAND flash physical unclonable functions, Information Security, ISC 2015, J. Lopez and C. Mitchell, (eds.), Lecture Notes in Computer Science, Vol. 9290, Springer, Cham, 2015. https://doi.org/10.1007/978-3-319-23318-5_24
  23. M. Kim, D. Moon, S. Yoo, S. Lee, and Y. Choi, Investigation of physically unclonable functions using flash memory for integrated circuit authentication, IEEE Trans. Nanotechnology 14 (2015), no. 2, 384-389. https://doi.org/10.1109/TNANO.2015.2397956
  24. NIST Special publication (SP) 800-90B, Recommandation for the entropy sources used for random bit generation, 2018. https://doi.org/10.6028/NIST.SP.800-90B
  25. B. Sunar, W. J. Martin, and D. R. Stinson, A provably secure true random number generator with built-in tolerance to active attacks, IEEE Trans. Computers 56 (2007), no. 1, 109-119. https://doi.org/10.1109/TC.2007.250627
  26. R. Bez, E. Camerlenthgi, A. Modelli, and A. Visconti, Introduction to Flash memory, Proc. IEEE 91 (2003), no. 4, 489-502. https://doi.org/10.1109/JPROC.2003.811702
  27. B. Skoric, A trivial debiasing scheme for helper data systems, 2016. Cryptology ePrint ARchive, Report 2016/241.
  28. R. Maes, V. Leest, E. Sluis, and F. Willems, Secure key generation from biased PUFs, (International Workshop on Cryptographic Hardware and Embedded Systems, Saint-Malo, France), 2015, pp. 517-534.
  29. M. Suzuki, R. Ueno, N. Homma, and T. Aoki, Quaternary debiasing for physical unclonable functions, (IEEE 48th International Symposium on Multiple-Valued Logic, Linz, Austria), 2018, pp. 7-12. https://doi.org/10.1109/ISMVL.2018.00010
  30. S. H. Kwok, Y. L. Ee, G. Chew, K. Zheng, K. Khoo, and C. H. Tan, A comparison of post-processing techniques for biased random number generators, (International Workshop on Information Security Theory and Practices), 2011, pp. 175-190.
  31. Micron Serial NOR Flash Memory (MT25QL512), 2019. Available: https://www.micron.com/products/nor-flash/serial-nor-flash/part-catalog/mt25ql512abb1ew9-0sit
  32. GigaDevice Flash Memory Device (GD25B256E), 2020. Available: https://www.gigadevice.com/flash-memory/gd25b256e
  33. S. Puchinger, S. Muelich, M. Bossert, M. Hiller, and G. Sigl, On error correction for physical unclonable functions, (10th International ITG Conference on Systems, Communications and Coding, Hamburg, Germany), 2015, pp. 1-6.
  34. S. Muelich and M. Bossert, Applying convolutional codes to key extraction using ring oscillator PUFs, (Workshop on Optimal Codes and Related Topics, Sofia, Bulgaria), 2017, pp. 98-103.