Physically Unclonable Function-based Security And Privacy In RFID
SystemsLeonid Boloynyy and Gabriel RobinsDepartment of Computer Science
University of Virginia
Presented by Jeffery Barton
Outline
Introduction Related Work PUF-Based Tag Identification
Algorithm PUF-Based MAC Protocols PUF Vs. Digital Hash Functions Building PUFs Conclusion
Purpose
What problem are we solving? Privacy and Security in RFID Systems Current cryptographic solutions are
too expensive Privacy-preserving tag identification Secure message authentication
codes Comparisons Directions for future research
Introduction
Introduction
What is RFID? <Insert last two presentations here> In general uses radio signals
for identity verification Low-cost Analogous
to sensor networks PICTURE
What is a PUF? Remember “not easy to find random
generator”??
A Familiar Subject…
Physically Unclonable Functions
“Random number function that can only be evaluated by a specific instance of the underlying hardware”
Hardware based function Easy evaluation Hard characterization Reliable and unpredictable What makes it unclonable?
Introduction
Unclonability
Physical Inherent random components Wire/gate delays, manufacturing variations Hard to define Even with identical hardware Challenges mapped to responses = Unpredictable
Mathematical Hard to compute responses given exact
parameters/CRPs Response = Complex interactions of random
components Modeling with known random values Oodles of
computational effort Combination of the two = extremely unclonable
Introduction - PUFs
Related Work
Physical one-Way Functions [16] Origination – optical PUFs
Controlled Physical Random Functions [7] & Extracting Secret Keys From Integrated Circuits [12] Silicon prototype Reliable, can tolerate varying environmental conditions Variability PUF circuits across multiple chips Accurate model difficult (w/polynomially-many i/o pairs)
RFID-Tags for Anti-Counterfeiting [17] Off-line reader authentication algorithm based on PUFs
using public key cryptography Still too much for low-cost RFID tags
Related Work
More Related Work
Security and Privacy: Modest Proposals for Low-Cost RFID Systems [15] Identification/authentication algo based on Silicon
Physical Random Functions [8] No state maintenance/random responses = easy tracking No access control = easy identification by adversaries Abundant challenges more ID time/power consumption
Therefore Only use challenge-response algos for authentication Send ID to reader first less communication & query
more challenges Tag tracking still possible
Related Work
Assumptions
Cannot recover PUF model given polynomial # of i/o pairs
τ is constant and independent of the # of identical responses from other tags
Hardware tampering = new function Secure against side-channel attacks Random function
Assumptions
PUF-Based Tag Identification Algorithm Single-use 1-step identification algo
to maintain privacy in face of passive adversaries Pseudonyms and one-time-pads Privacy-preserving
PUF-Based Tag Id Algo
Other Tag ID Algorithms
“Minimalist” approach Uses readers to generate pseudonyms Using PUFs requires fewer updates
Hash-chains Tags must compute
2 expensive cryptographic hash functions
PUF = only 1PUF-Based Tag Id Algo
Authors’ Tag ID Algorithm
Interrogation by reader response with ID from tag tag updates ID with p(ID)
Back-end keeps list of ID values i.e. Pseudonyms exhausted new seed ID Multiple executions and Parallel PUFs
Why?
PUF-Based Tag Id Algo
ID
Request
DatabaseID1, p(ID1), p2(ID1), …, pk(ID1)...IDn, pn(IDn), pn
2(IDn), …, pnk(IDn)
p(ID)ID
Multiple Executions & Parallel PUFs Reason increase reliability of output Parallel PUFs each produces sub-
signature Sub-signatures contain n PUF compositions Early invalid results reflect heavily on later
compositions PUF is run several times for each input in
each sub-signature Number of valid sub-signatures must be
above a threshold
Multiple Executions
Averages values for greater reliability R Reliability of last value where:
μ = .02 probability of unreliable value k = 100 compositions N executions at each stage
For 1 execution, R = .49 For 5 executions, R = .992268
PUF-Based Tag Id Algo – Author’s
12
( , , ) (1 (1 ) )N m N m kNm
R N k
Parallel PUFs
Tuple response, any one accepted, also increases reliability
S Successful consecutive identifications where: q tuple size
For q = 2, S ≈ 73 For q = 3, S ≈ 90
More PUFs = few gates One PUF can simulate many Combination possible
PUF-Based Tag Id Algo – Author’s
11
[(1 (1 ) ) (1 (1 ) ) ]x q x qx
S x
Tag ID Specific Assumptions and Requirements No DOS attacks (only passive) ID not overwritable by adversary w/o
altering PUF circuits Back-end must contain significantly
more i/o values than # of tags PUF must be able to produce many unique
IDs Tags should not yield same outputs If ID repeats, new ID is sent along with
power to perform write operationsPUF-Based Tag Id Algo – Author’s
Adversarial Model
Observe reader communication with multiple tags, single outtwo of them
Randomly select one and runs ID algo
Adversary is successful if they can determine which tag was selected with much greater accuracy than ½ (better than guessing)
PUF-Based Tag Id Algo – Author’s
Theorem 3.1
**Given a random oracle assumption for PUFs, and adversary has no advantage in attempting to compromise a tag’s privacy
Proof sketch: Observe output of two tags Obtain next output from one Adversary cannot determine which tag it
came from b/c PUF is assumed to be random
PUF-Based Tag Id Algo – Author’s
PUF-Based MAC Protocols
Three-tuple (K, T, V) K = generation algo generates key
used in T and V T = tagging algo takes input message m
and outputs signature σ V = verification algo verifies signature σ
for message m is authentic Secure if resistant to forgeries Adversary is successful if they can
determine signature from messagePUF-Based MAC Protocols
Other MAC Protocols
Various implementations: Standard cryptographic hash function Block cipher One-time signature scheme
list of secrets that are 0 or 1 Oodles of memory usage
“Minimalistic” approach Each secret is a single bit Longer message size and shorter message
spacePUF-Based MAC Protocols
Authors’ MAC Protocols
PUF acts like a public key: PUF computation algo (schematic) is known Private key (PUF’s i/o behavior) remains unknown Seller possesses a tag, but cannot predict PUF
computations Resistant to forgery even when verifier is offline Defense against hardware alterations
Physically locating tag’s verification password storage circuitry under PUF’s circuitry/wires
Multiple executions/Parallel PUFs can be used
PUF-Based MAC Protocols
Comparisons
Vs. tag authentication Tag signs/authenticates
message instead of reader Signed message is input, output is
signature/MAC Key used to sign is PUF itself
Vs. standard cryptographic MAC algos Keys are larger Physical presence of tag required Cannot sign arbitrary messages Back-end computation keeps tag costs down
PUF-Based MAC Protocols – Author’s
Components of the Protocol Key Generation
Verifier creates table of values Occurs before deployment Can be disabled/passworded Large key required for verification w/o
tag presence Tagging algo signs message Verification algo verifies signature
PUF-Based MAC Protocols – Author’s
Key GenerationAlgorithm Input: Message set M; tag/PUF identifiers set P;
# of needed signatures k; # of sub-signatures qfor each PUF p ∈ P do for i = 1 to |M| do for c = 1 to k · q do Key[p,mi, c] = {c, pc(mi), . . . , p(n)
c
(mi)} end endend
PUF-Based MAC Protocols – Author’s - Components
Tagging Algorithm
Input: Message m; # of sub-signatures q
Side effect: c = c + q
PUF-Based MAC Protocols – Author’s - Components
( )
( )c+1 c+1
( )c+q-1 c+q-1
= ({c, p (m), . . . , p (m)},
{c + 1, p (m), . . . , p (m)}, . . . ,
{c + q - 1, p (m), . . . , p (m)})
nc c
n
n
Signature
Verification Algorithm
Input: Key K; PUF p; # of needed signatures k; # of sub-signatures q; allowed number t of incorrect PUF responses;
verify that 1 ≤ c ≤ k ∙ qv = 0for each sub-signature σc do σ* = K[p, m, c] if σc agrees with σ* in at least n − t terms then v = v + 1if v ≥ threshold then acceptelse reject
PUF-Based MAC Protocols – Author’s - Components
( )
( )c+1 c+1
( )c+q-1 c+q-1
= ({c, p (m), . . . , p (m)},
{c + 1, p (m), . . . , p (m)}, . . . ,
{c + q - 1, p (m), . . . , p (m)})
nc c
n
n
Signature
Large Message Spaces
Signature verification only possible when tag is in range b/c of size of key
Unique token c (counter) Substitute for timestamp in passive tags Natural total ordering Info leak possible tells state of tag
Multiple executions forgery resistance
PUF-Based MAC Protocols – Author’s
Quantifying Auth. Reliability and Forgery Difficulty probv valid signature detection probability
probf forgery non-recognition probability
τ = .4 PUF1 output = PUF2 output probability µ = .02 output deviation probability n = 30 # of responses t = 3 # of deviations allowed probv = .997107 probf = .000313 Tweak n and t to get better results if necessary
PUF-Based MAC Protocols – Author’s – Large Msg Spaces
1( , , ) 1 (1 )n i n iv i t
nprob n t
i
1( , , ) 1 (1 )n j n jf j t
nprob n t
j
Theorem 4.1
Given a random oracle assumption for PUF p, the probability that an adversary can forge a signature σ for a message m is bounded from above by β.
Proof sketch: To forge a signature: Find n distinct numbers r1, . . . , rn
Find unused counter value c Compute correct PUF values pc(ri ,m) for at least n – t of
them p is assumed to be random and c was never inputted
into p adversary must rely on the tag(s) in their possession
PUF-Based MAC Protocols – Author’s
Small Message Spaces
Outputs can be computed ahead of time
Can verify signature w/o tag’s presence
Tokens generated on tag ≠ random Counters can be used just like large
MS
PUF-Based MAC Protocols – Author’s
Theorem 4.2
Given a random oracle assumption for a PUF p, the probability that an adversary could forge a signature σ for a message m is bounded from above by q · β.
Proof sketch: Adversary finds next counter value c PUF is random accurate modeling not possible Must use other tags for impersonation Success of forging a sub-signature bounded by β Success of forging whole signature bounded by
q · β
PUF-Based MAC Protocols – Author’s
Attacks on MAC Protocols - Impersonation Manufacture tag duplicate
forge signatures Obtain multiple tags use responses to
impersonate PUF = random duplicating or selecting
equivalent tag = improbable (“unclonable”) Tweaking n and t
Raise valid signature detection probability probv Lower forgery non-recognition probability probf Makes impersonation more improbable
PUF-Based MAC Protocols - Attacks
original clone
Attacks on MAC Protocols - Modeling Attempt to model PUF using
signature/message pairs PUFs determined by unreliable factors
modeling is very difficult Attempt to measure wire delays
This in itself will alter wire delays Likely disrupt/damage overlying circuitry Alters functionality of PUF
PUF-Based MAC Protocols - Attacks
Attacks on MAC Protocols – Side-channel Attempt to learn secret info using
timing and power analyses attacks PUF-based secrets are difficult to
represent correctly in digital form Therefore hard to model
PUF-Based MAC Protocols - Attacks
Attacks on MAC Protocols – Hardware Tampering Attempt to physically probe wires
High risk of altering/destroying PUF’s behavior
Attempt to physically read-off or alter digital key/password Likely damage overlying wires and alter
tag behavior Detection is possible by precompiling
information about tagPUF-Based MAC Protocols - Attacks
PUF Vs. Digital Hash Functions Much less hardware required
Drawbacks to low hardware complexity: Probabilistic consistency with expected
output Tag copies = similar computational behavior Back-end must store all challenge/response
pairs for each tagPUF Vs. Digital Hash Functions
MD47350
MD58400
SHA-25610868
Yuksel1701
PUF
545
AES3400
algorithm# of gates
More Comparisons to DHF
Modeling PUF vs. determining key Difficult to represent accurately in concise form Difficult to model random components
More resistant to side-channel attacks/physical tampering
Even with physical measurements, PUF is difficult to duplicate
Reliance upon physical characteristics makes security difficult to guarantee/characterize analytically
PUF Vs. Digital Hash Functions
Building PUFs
First prototype of silicon PUF: Silicon Physical Random Functions B. Gassend, D. Clarke, M. van Dijk, and
S. Devadas Oscillating counter circuit used to
measure intrinsic delays Slow counting mechanism slowed
manufacturing process increased overall cost
Building PUFs
More Building of PUFs
Delay values for different challenges tend towards Gaussian distribution
Certain challenges should be avoided Identical/similar outputs even when signals
travel different paths Filtered out of database at creation
Response reliability is low More computation rounds Still risking producing noise
Building PUFs
Avoiding Drawbacks
Use sub-threshold voltage techniques to compare gate polarizations
Fast w/o using oscillating counter Separates PUF values better and
avoids highly skewed distributions of responses
Still preserves reliability/unpredictability
Variable non-linear delays can be added to keep modeling difficult
Building PUFs
Future Research
Characterization of security of PUFs Thorough testing of RFID tags with
PUFs satisfying current RFID standards Sub-threshold voltage-based PUFs Conditional testing environmental and
operational Behavior testing under varying levels of
motion, acceleration, vibration, temperature, noise, etc.
τ and μ should be characterized as functions of operational environment
Conclusion - Future Research
More Future Research
Adaptations for various applications Multi-tag regimes Ownership transfer algos Tree-based identification protocols
PUFs in readers can be used to combat rogue readers
Conclusion - Future Research
Conclusion
Full-fledged cryptographic security mechanisms are too costly for low-cost RFID tags enter PUF approach
Exponential # of keys no key distribution problem Protects from cloning, even with physical access to
tags and circuit schematics Valuable in access control and authenticity verification
MAC protocols require few hardware resources keeps tag costs down
Comparison to digital counterparts Possible improvements in PUF design Outline of future research
Conclusion
Questions?
Are you still reading these?
GO HOME!!
Seriously, go home