Abstract
Deploying a physically unclonable trusted anchor is required for securing software running on embedded systems. Common mechanisms combine secure boot with either stored secret keys or keys extracted from a Physical Unclonable Function (PUF). We propose a new secure boot mechanism that is hardware-based, individual to each device, and keyless to prohibit any unauthorized alteration of the software running on a particular device. Our solution is based on the so-called Secret Unknown Hash (SUH), a self-created random secret unknown hardwired hash function residing as a permanent digital hardware-module in the device’s physical layout. It is initiated in the device in a post-manufacturing, unpredictable single event process in self-reconfigurable non-volatile SoC FPGAs. In this work, we explain the SUH creation process and its integration for a device-specific secure boot. The SUH is shown to be lightweight when implemented in a sample scenario as a DM-PRESENT-based hash function. A security analysis is also presented, highlighting the different proposed sample SUH-class entropies.
R. Zarrouk—Supported by a research grant from the German Academic Exchange Service (DAAD).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Arbaugh, W.A., Farber, D.J., Smith, J.M.: A secure and reliable bootstrap architecture. In: Proceedings of the IEEE Computer Society Symposium on Research in Security and Privacy, pp. 65–71. IEEE (1997). https://doi.org/10.1109/secpri.1997.601317
Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9, 49–51 (2011). https://doi.org/10.1109/MSP.2011.67
Quarta, D., Pogliani, M., Polino, M., Maggi, F., Zanchettin, A.M., Zanero, S.: An experimental security analysis of an industrial robot controller. In: Proceedings - IEEE Symposium on Security and Privacy, pp. 268–285. IEEE (2017). https://doi.org/10.1109/SP.2017.20
Skorobogatov, S.P.: Semi-invasive attacks - a new approach to hardware security analysis. Cambridge (2005)
Sanwald, S., Kaneti, L., St, M., Martin, B.: Secure boot revisited : challenges for secure implementations in the automotive domain. In: 17th Escar Europe: Embedded Security in Cars, pp. 113–127. Ruhr-Universität Bochum, Universitätsbibliothek (2019). https://doi.org/10.13154/294-6662
Bhat, A.: Secure boot, chain of trust and data protection. In: Embedded World Conference 2019 (2019)
Jacob, N., et al.: Securing FPGA SoC configurations independent of their manufacturers. In: 30th IEEE International System-on-Chip Conference (SOCC), pp. 114–119. IEEE (2017). https://doi.org/10.1109/SOCC.2017.8226019
Muller, K.U., Ulrich, R., Stanitzki, A., Kokozinski, R.: Enabling secure boot functionality by using physical unclonable functions. In: PRIME 2018 - 14th Conference on Ph.D. Research in Microelectronics and Electronics, pp. 81–84. IEEE, Prague, Czech Republic (2018). https://doi.org/10.1109/PRIME.2018.8430370
Owen Jr., D., et al.: An autonomous, self-authenticating, and self-contained secure boot process for field-programmable gate arrays. Cryptography 2, 15 (2018). https://doi.org/10.3390/cryptography2030015
Haj-Yahya, J., Wong, M.M., Pudi, V., Bhasin, S., Chattopadhyay, A.: Lightweight secure-boot architecture for RISC-V system-on-chip. In: 20th International Symposium on Quality Electronic Design (ISQED), pp. 216–223. IEEE, Santa Clara, CA, USA (2019). https://doi.org/10.1109/ISQED.2019.8697657
Guajardo, J.: Physical Unclonable Functions (PUFs). In: Encyclopedia of Cryptography and Security. Springer, Boston, MA (2011). https://doi.org/10.1007/978-1-4419-5906-5
Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002). https://doi.org/10.1126/science.1074376
Delvaux, J., Peeters, R., Gu, D., Verbauwhede, I.: A survey on lightweight entity authentication with strong pufs. ACM Comput. Surv. 48, 1–42 (2015). https://doi.org/10.1145/2818186
Rührmair, U., Sölter, J.: PUF modeling attacks: an introduction and overview. In: 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE), pp. 1–6. IEEE, Dresden, Germany (2014). https://doi.org/10.7873/DATE2014.361
Schuster, D., Hesselbarth, R.: Evaluation of bistable ring PUFs using single layer neural networks. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 101–109. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08593-7_7
Xu, X., Rührmair, U., Holcomb, D.E., Burleson, W.: Security evaluation and enhancement of bistable ring PUFs. In: Mangard, S., Schaumont, P. (eds.) RFIDSec 2015. LNCS, vol. 9440, pp. 3–16. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-24837-0_1
Roelke, A., Stan, M.R.: Attacking an SRAM-Based PUF through wearout. In: 2016 IEEE Computer Society Annual Symposium on VLSI (ISVLSI), pp. 206–211. IEEE, Pittsburgh, PA, USA (2016). https://doi.org/10.1109/ISVLSI.2016.68
Koeberl, P., Li, J., Rajan, A., Wu, W.: Entropy loss in PUF-based key generation schemes: the repetition code pitfall. In: 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 44–49. IEEE, Arlington, VA, USA (2014). https://doi.org/10.1109/HST.2014.6855566
Adi, W.: Autonomous physical secret functions and clone-resistant identification. International Journal of Advanced Science and Technology, vol. 14 (2010)
Wollinger, T., Paar, C., Guajardo, J.: Security on FPGAs: state-of-the-art implementations and attacks. ACM Trans. Embed. Comput. Syst. 3, 534–574 (2004). https://doi.org/10.1145/1015047.1015052
Microsemi: User Guide SmartFusion2 and IGLOO2 FPGA Security and Best Practices (2017)
Lai, X., Massey, J.L.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-47555-9_5
Schläffer, M.: Cryptanalysis of AES-Based Hash Functions (2011)
Bogdanov, A., et al.: PRESENT: an ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_31
Saarinen, M.-J.O.: Cryptographic analysis of All 4 × 4-Bit S-Boxes. In: Miri, A., Vaudenay, S. (eds.) SAC 2011. LNCS, vol. 7118, pp. 118–133. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28496-0_7
Bogdanov, A., Leander, G., Paar, C., Poschmann, A., Robshaw, M.J.B., Seurin, Y.: Hash functions and RFID tags: mind the gap. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 283–299. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85053-3_18
Preneel, B., Govaerts, R., Vandewalle, J.: Hash functions based on block ciphers: a synthetic approach. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 368–378. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48329-2_31
Microsemi: SmartFusion2 SoC FPGA Fabric User’s Guide (2017)
Bogdanov, A., Knežević, M., Leander, G., Toz, D., Varıcı, K., Verbauwhede, I.: spongent: a lightweight hash function. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 312–325. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_21
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Zarrouk, R., Mulhem, S., Adi, W., Berekovic, M. (2021). Clone-Resistant Secured Booting Based on Unknown Hashing Created in Self-Reconfigurable Platform. In: Derrien, S., Hannig, F., Diniz, P.C., Chillet, D. (eds) Applied Reconfigurable Computing. Architectures, Tools, and Applications. ARC 2021. Lecture Notes in Computer Science(), vol 12700. Springer, Cham. https://doi.org/10.1007/978-3-030-79025-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-79025-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-79024-0
Online ISBN: 978-3-030-79025-7
eBook Packages: Computer ScienceComputer Science (R0)