Showing papers by "Srinivas Devadas published in 2005"

Extracting secret keys from integrated circuits

Abstract: Modern cryptographic protocols are based on the premise that only authorized participants can obtain secret keys and access to information systems. However, various kinds of tampering methods have been devised to extract secret keys from conditional access systems such as smartcards and ATMs. Arbiter-based physical unclonable functions (PUFs) exploit the statistical delay variation of wires and transistors across integrated circuits (ICs) in manufacturing processes to build unclonable secret keys. We fabricated arbiter-based PUFs in custom silicon and investigated the identification capability, reliability, and security of this scheme. Experimental results and theoretical studies show that a sufficient amount of inter-chip variation exists to enable each IC to be identified securely and reliably over a practical range of environmental variations such as temperature and power supply voltage. We show that arbiter-based PUFs are realizable and well suited to build, for example, key-cards that need to be resistant to physical attacks.

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions

Abstract: Secure processors enable new applications by ensuring private and authentic program execution even in the face of physical attack. In this paper we present the AEGIS secure processor architecture, and evaluate its RTL implementation on FPGAs. By using Physical Random Functions, we propose a new way of reliably protecting and sharing secrets that is more secure than existing solutions based on non-volatile memory. Our architecture gives applications the flexibility of trusting and protecting only a portion of a given process, unlike prior proposals which require a process to be protected in entirety. We also put forward a specific model of how secure applications can be programmed in a high-level language and compiled to run on our system. Finally, we evaluate a fully functional FPGA implementation of our processor, assess the implementation tradeoffs, compare performance, and demonstrate the benefits of partially protecting a program.

Volatile device keys and applications thereof

Abstract: A key is determined from a volatile response using circuitry on the device. The volatile response depend on process variation in fabrication of the device. Error control data that depends on the first volatile response can be computed, stored externally to the device, and then used to generate the key using a volatile response using the circuit. Applications of volatile keys include authentication and rights management for content and software.

Securely field configurable device

Abstract: A field configurable device, such as an FPGA, supports secure field configuration without using non-volatile storage for cryptographic keys on the device and without requiring a continuous or ongoing power source to maintain a volatile storage on the device. The approach can be used to secure the configuration data such that it can in general be used on a single or a selected set of devices and/or encryption of the configuration data so that the encrypted configuration data can be exposed without compromising information encoded in the configuration data.

Towards constant bandwidth overhead integrity checking of untrusted data

Abstract: We present an adaptive tree-log scheme to improve the performance of checking the integrity of arbitrarily large untrusted data, when using only a small fixed-sized trusted state. Currently, hash trees are used to check the data. In many systems that use hash trees, programs perform many data operations before performing a critical operation that exports a result outside of the program's execution environment. The adaptive tree-log scheme we present uses this observation to harness the power of the constant runtime bandwidth overhead of a log-based scheme. For all programs, the adaptive tree-log scheme's bandwidth overhead is guaranteed to never be worse than a parameterizable worst case bound. Furthermore, for all programs, as the average number of times the program accesses data between critical operations increases, the adaptive tree-log scheme's bandwidth overhead moves from a logarithmic to a constant bandwidth overhead.

Controlling Cache Pollution in Prefetching With Software-assisted Cache Replacement

Abstract: Aggressive prefetch methods can suffer from cache pollution when prefetched data replaces useful data in the cache, causing performance degradation. In this paper, we present a methodology that ensures that cache pollution does not degrade overall performance when software or hardware prefetching methods are used. Software instructions can allow a program to kill a particular cache element, i.e., effectively make the element the least recently used element. We provide conditions under which kill instructions can be inserted into program code, such that the resulting performance is guaranteed to be as good as or better than the original program run using the standard LRU policy. Using these results, it is possible to analyze code and determine when to perform software-assisted replacement, i.e., when to insert a kill instruction. The result of this analysis is a modified cache replacement method that may be used independently to improve cache performance, or may be used to control cache pollution caused by arbitrary prefetching methods. A prefetching method can be combined with this modified cache replacement method in different ways, by distinguishing normal data from prefetched data. Different ways of combining prefetching with replacement have different associated performance guarantees. We consider aggressive, sequential prefetching methods which prefetch multiple cache blocks on a cache miss. These methods are easy to implement in hardware, but may cause significant cache pollution, and/or require increased bandwidth into the cache, which may result in worse performance than not prefetching at all. We show that both bandwidth and pollution can be controlled effectively using our software-assisted replacement algorithm. Empirical evidence is provided that shows that cache performance can be significantly improved, and minimumperformance guarantees provided, using a combination of simple, aggressive hardware prefetching and softwarecontrolled replacement.

Knowledge Flow Analysis for Security Protocols

Abstract: Knowledge flow analysis offers a simple and flexible way to find flaws in security protocols. A protocol is described by a collection of rules constraining the propagation of knowledge amongst principals. Because this characterization corresponds closely to informal descriptions of protocols, it allows a succinct and natural formalization; because it abstracts away message ordering, and handles communications between principals and applications of cryptographic primitives uniformly, it is readily represented in a standard logic. A generic framework in the Alloy modelling language is presented, and instantiated for two standard protocols, and a new key management scheme.

Secondary Structure Prediction of All-Helical Proteins Using Hidden Markov Support Vector Machines

Abstract: Our goal is to develop a state-of-the-art predictor with an intuitive and biophysically-motivated energy model through the use of Hidden Markov Support Vector Machines (HM-SVMs), a recent innovation in the field of machine learning. We focus on the prediction of alpha helices in proteins and show that using HM-SVMs, a simple 7-state HMM with 302 parameters can achieve a Qα value of 77.6% and a SOVα value of 73.4%. We briefly describe how our method can be generalized to predicting beta strands and sheets.

Exploiting metastability and thermal noise to build a re-configurable hardware random number generator

Abstract: While pseudo random number generators based on computational complexity are widely used for most of cryptographic applications and probabilistic simulations, the generation of true random numbers based on physical randomness is required to guarantee the advanced security of cryptographic systems. In this paper we present a method to exploit manufacturing variations, metastablity, and thermal noise in integrated circuits to generate random numbers. This metastability based physical random number generator provides a compact and low-power solution which can be fabricated using standard IC manufacturing processes. Test-chips were fabricated in TSMC 0.18um process and experimental results show that the generated random bits pass standard randomness tests su ccessfully. The operation of the proposed scheme is robust against environmental changes since it can be re-calibrated to new environmental conditions such as temperature and power supply voltage.

An integrable low cost hardware random number generator

Abstract: A hardware random number generator is different from a pseudo-random number generator; a pseudo-random number generator approximates the assumed behavior of a real hardware random number generator. Simple pseudo random number generators suffices for most applications, however for demanding situations such as the generation of cryptographic keys, requires an efficient and a cost effective source of random numbers. Arbiter-based Physical Unclonable Functions (PUFs) proposed for physical authentication of ICs exploits statistical delay variation of wires and transistors across integrated circuits, as a result of process variations, to build a secret key unique to each IC. Experimental results and theoretical studies show that a sufficient amount of variation exits across IC’s. This variation enables each IC to be identified securely. It is possible to exploit the unreliability of these PUF responses to build a physical random number generator. There exists measurement noise, which comes from the instability of an arbiter when it is in a racing condition. There exist challenges whose responses are unpredictable. Without environmental variations, the responses of these challenges are random in repeated measurements. Compared to other physical random number generators, the PUF-based random number generators can be a compact and a low-power solution since the generator need only be turned on when required. A 64-stage PUF circuit costs less than 1000 gates and the circuit can be implemented using a standard IC manufacturing processes. In this paper we have presented a fast and an efficient random number generator, and analysed the quality of random numbers produced using an array of tests used by the National Institute of Standards and Technology to evaluate the randomness of random number generators designed for cryptographic applications.