Physically%20Unclonable%20Function

1
Physically Unclonable FunctionBased Security and
Privacy in RFID Systems

• Leonid Bolotnyy and Gabriel Robins
• Dept. of Computer Science
• University of Virginia
• www.cs.virginia.edu/robins

2
Contribution and Motivation

• Contribution
• Privacy-preserving tag identification algorithm
• Secure MAC algorithms
• Comparison of PUF with digital hash functions
• Motivation
• Digital crypto implementations require 1000s of
  gates
• Low-cost alternatives
• Pseudonyms / one-time pads
• Low complexity / power hash function designs
• Hardware-based solutions

3
PUF-Based Security

• Physical Unclonable Function (PUF) Gassend et al
  2002
• PUF Security is based on
• wire delays
• gate delays
• quantum mechanical fluctuations
• PUF characteristics
• uniqueness
• reliability
• unpredictability
• PUF Assumptions
• Infeasible to accurately model PUF
• Pair-wise PUF output-collision probability is
  constant
• Physical tampering will modify PUF

4
Privacy in RFID

• Privacy

A
B
C
Alice was here A, B, C
5
Private Identification Algorithm
ID
p(ID)

• It is important to have
• a reliable PUF
• no loops in PUF chains
• no identical PUF outputs

• Assumptions
• no denial of service attacks (e.g., passive
  adversaries, DoS detection/prevention mechanisms)
• physical compromise of tags not possible

6
Improving Reliability of Responses

• Run PUF multiple times for same ID pick majority

• Create tuples of multi-PUF computed IDs
  identify a tag based on at least one valid
  position value

(ID1, ID2, ID3)
7
Privacy Model
Experiment

1. A passive adversary observes polynomially-many
   rounds of reader-tag communications with
   multiple tags
2. An adversary selects 2 tags
3. The reader randomly and privately selects one of
   the 2 tags and runs one identification round with
   the selected tag
4. An adversary determines the tag that the reader
   selected

Definition The algorithm is privacy-preserving
if an adversary can notdetermine reader selected
tag with probability substantially greater than ½
Theorem Given random oracle assumption for
PUFs, an adversary has no advantage in the above
experiment.
8
PUF-Based MAC Algorithms

• MAC (K, t, ?)

• MAC based on PUF
• Motivation yoking-proofs, signing sensor data
• large keys (PUF is the key)
• cannot support arbitrary messages

• Assumptions
• adversary can adaptively learn poly-many (m, s)
  pairs
• signature verifiers are off-line
• tag can store a counter (to protect against
  replay attacks)

9
Large Message Space
Assumption tag can generate good random
numbers (can be PUF-based)
Key PUF
s (m) c, r1, ..., rn, pc(r1, m), ..., pc(rn, m)

• Signature verification
• requires tags presence
• password-based or in radio-protected
  environment (Faraday Cage)
• learn pc(ri, m), 1 i n
• verify that the desired fraction of PUF
  computations is correct

• To protect against hardware tampering
• authenticate tag before MAC verification
• store verification password underneath PUF

10
Choosing of PUF Computations
probv(n, 0.1n, 0.02)
probf(n, 0.1n, 0.4)
11
Theorem
Given random oracle assumption for a PUF, the
probability that an adversary could forge a
signature for a message is bounded from above by
the tag impersonation probability.
12
Small Message Space
Assumption small and known a priori message space
PUF reliability is again crucial
Verify that the desired number of sub-signatures
are valid
13
Theorem
Given random oracle assumption for a PUF, the
probability that an adversary could forge a
signature for a message is bounded by the tag
impersonation probability times the number of
sub-signatures.
14
Attacks on MAC Protocols
15
Comparison of PUF With Digital Hash Functions

• Reference PUF 545 gates for 64-bit input
• 6 to 8 gates for each input bit
• 33 gates to measure the delay
• Low gate count of PUF has a cost
• probabilistic outputs
• difficult to characterize analytically
• non-unique computation
• extra back-end storage
• Different attack target for adversaries
• model building rather than key discovery
• Physical security
• hard to break tag and remain undetected

16
PUF Design

• Attacks on PUF
• impersonation
• modeling
• hardware tampering
• side-channel

• Weaknesses of existing PUF

reliability

• New PUF design
• no oscillating circuit
• sub-threshold voltage

• Compare different non-linear delay approaches

17
Conclusions and Future Work

• PUF hardware primitive for RFID security
• Identification and MAC algorithms based on PUF
• PUFs protect tags from physical attacks
• PUFs is the key

• Develop theoretical framework for PUF
• Design new sub-threshold voltage based PUF
• Manufacture and test PUFs
• varying environmental conditions
• motion, acceleration, vibration, temperature,
  noise
• Design new PUF-based security protocols
• ownership transfer
• recovery from privacy compromise
• PUFs on RFID readers

18
Thank You
Questions ?
Leonid Bolotnyy lbol_at_cs.virginia.edu Dept. of
Computer Science University of Virginia
19
PUF-Based Ownership Transfer

• Ownership Transfer

• To maintain privacy we need
• ownership privacy
• forward privacy

• Physical security is especially important

• Solutions
• public key cryptography (expensive)
• knowledge of owners sequence
• trusted authority
• short period of privacy

20
Using PUF to Detect and Restore Privacy of
Compromised System
s1,0
s1,1
s2,0
s2,1
s2,2
s2,3
s3,1
s3,0
s3,4
s3,5
s3,2
s3,3
s3,7
s3,6

1. Detect potential tag compromise
2. Update secrets of affected tags

21
Related Work on PUF

• Optical PUF Ravikanth 2001
• Silicon PUF Gassend et al 2002
• Design, implementation, simulation, manufacturing
• Authentication algorithm
• Controlled PUF
• PUF in RFID
• Identification/authentication Ranasinghe et al
  2004
• Off-line reader authentication using public key
  cryptography Tuyls et al 2006