Skip to main content
SpringerLink
Log in

On the feasibility of deriving cryptographic keys from MEMS sensors

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

One of the main challenges in the internet of things (IoT) will be to guarantee the security of products and services enabled by it. A fundamental assumption in any cryptosystem is that secret-key material remains securely stored and unknown to attackers. To this end, physical unclonable functions have been proposed to store cryptographic secrets without the need to use non-volatile memory. In this work, we show that microelectromechanical systems (MEMS) sensors, ubiquitous in the IoT, can be used to generate a stable nearly fully entropic bit string that can be used as a secret or private key in a cryptographic algorithm. We provide experimental evidence of the stability of our methods by analyzing data from 468 off-the-shelf 3-axis MEMS gyroscopes subjected to different temperatures in the range typically required for consumer applications and standardized aging tests. The investigations are carried out on module level so that packaging influences are considered. We derive unique fingerprints from the sensors based on their characteristics, and we show that the false rejection rate (FRR) and the false acceptance rate (FAR) are below \(1 \times 10^{-6}\) for all applied test conditions. By adding up the values of FRR and the FAR, the highest probability for an authentication error is \(4.1 \times 10^{-6}\). Furthermore, we extract stable keys from the fingerprints. The extracted key length lies in a range between 27 and 150 bits depending on the applied test conditions and the used entropy estimation method.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11

Similar content being viewed by others

Notes

  1. The error probability is calculated from the Poisson fit of the intra-Hamming distance distribution (\(\lambda = 1.92\)) in [68] using an \([n=63, k=18, t=10]\)-BCH code.

  2. We assume that, for example, an HMAC with SHA-256, provides security \(\varepsilon \approx 2^{256}\) which is reasonable given our knowledge of the state of the art.

  3. It has to be noted that Fig. 2 shows a simplified layer stack meaning that process flows and layer stacks are more complex in practice (see, e.g., [41]).

  4. MEMS sensors are manufactured with the objective of minimal variability. Since the number of bits that can be derived correlates with the extent of the manufacturing variations, an increase in the key length while decreasing the structure size can very likely be achieved by building a dedicated MEMS PUF without sensor functionality, as discussed in [68].

  5. The order of the fingerprints within the entire bit string was varied as well. However, the effect was negligible.

  6. We used algorithms 3 and 4 from [15] which apply to linear codes.

References

  1. Asokan, N., Brasser, F.F., Ibrahim, A., Sadeghi, A., Schunter, M., Tsudik, G., Wachsmann, C.: SEDA: Scalable embedded device attestation. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security—CCS 2015, pp. 964–975 (2015)

  2. Aysu, A., Ghalaty, N.F., Franklin, Z., Yali, M.P., Schaumont, P.: Digital fingerprints for low-cost platforms using MEMS sensors. In: Proceedings of the Workshop on Embedded Systems Security—WESS 2013. ACM (2013)

  3. Aysu, A., Gulcan, E., Moriyama, D., Schaumont, P., Yung, M.: End-to-end design of a PUF-based privacy preserving authentication protocol. In: Güneysu, T., Handschuh, H. (eds.) Cryptographic Hardware and Embedded Systems—CHES, LNCS 2015, vol. 9293, pp. 556–576. Springer, Berlin (2015)

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) Proceedings of the 1st ACM Conference on Computer and Communications Security—CCS 1993, pp. 62–73. ACM (1993)

  5. Boehm, C.: Physical Unclonable Functions in Theory and Practice. Springer, Berlin (2013)

    Book  Google Scholar 

  6. Bojinov, H., Michalevsky, Y., Nakibly, G., Boneh, D.: Mobile device identification via sensor fingerprinting. CoRR arxiv: abs/1408.1416 (2014)

  7. Bowman, A.W., Azzalini, A.: Applied Smoothing Techniques for Data Analysis. Oxford University Press Inc, New York (1997)

    MATH  Google Scholar 

  8. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., Smith, A.D.: Secure remote authentication using biometric data. In: Cramer, R. (ed.) Advances in Cryptology—EUROCRYPT, 2005, LNCS, vol. 3494, pp. 147–163. Springer, Berlin (2005)

    Chapter  Google Scholar 

  9. Brasser, F.F., Mahjoub, B.E., Sadeghi, A., Wachsmann, C., Koeberl, P.: TyTAN: tiny trust anchor for tiny devices. In: Proceedings of the 52nd Annual Design Automation Conference—DAC 2015, pp. 34:1–34:6. ACM (2015)

  10. Carter, L., Wegman, M.N.: Universal classes of hash functions. J. Comput. Syst. Sci. 18(2), 143–154 (1979)

    Article  MathSciNet  Google Scholar 

  11. Chang, Y.J., Zhang, W., Chen, T.: Biometrics-based cryptographic key generation. In: IEEE International Conference on Multimedia and Expo (ICME), vol. 3 (2004)

  12. Chen, C., Veldhuis, R.N.J., Kevenaar, T.A.M., Akkermans, A.H.M.: Multi-bits biometric string generation based on the likelihood ratio. In: First IEEE International Conference on Biometrics: Theory, Applications, and Systems, pp. 1–6 (2007)

  13. Cigada, A., Leo, E., Vanali, M.: Electrical method to measure the dynamic behaviour and the quadrature error of a MEMS gyroscope sensor. Sens. Actuat. A Phys. 134(1), 88–97 (2007)

    Article  Google Scholar 

  14. Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, New York (2006)

    MATH  Google Scholar 

  15. Delvaux, J., Gu, D., Verbauwhede, I., Hiller, M., Yu, M.M.: Efficient fuzzy extraction of PUF-induced secrets: theory and applications. In: Gierlichs, B., Poschmann, A.Y. (eds.) Cryptographic Hardware and Embedded Systems—CHES, 2016, LNCS, vol. 9813, pp. 412–431. Springer, Berlin (2016)

    Chapter  Google Scholar 

  16. Dodis, Y., Gennaro, R., Håstad, J., Krawczyk, H., Rabin, T.: Randomness extraction and key derivation using the CBC, cascade and HMAC modes. In: Franklin, M.K. (ed.) Advances in Cryptology—CRYPTO, 2004, LNCS, vol. 3152, pp. 494–510. Springer, Berlin (2004)

    Chapter  Google Scholar 

  17. Dodis, Y., Katz, J., Reyzin, L., Smith, A.: Robust fuzzy extractors and authenticated key agreement from close secrets. In: Dwork, C. (ed.) Advances in Cryptology—CRYPTO 2006, pp. 232–250. Springer, Berlin (2006)

  18. Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. An extended abstract appears in [19]. SIAM J. Comput. 38(1), 97–139 (2008)

    Article  MathSciNet  Google Scholar 

  19. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) Advances in cryptology—EUROCRYPT 2004, pp. 523–540. Springer, Berlin (2004)

  20. Dodis, Y., Yu, Y.: Overcoming weak expectations. In: Sahai, A. (ed.) Theory of Cryptography—10th Theory of Cryptography Conference (TCC), LNCS, vol. 7785, pp. 1–22. Springer, Berlin (2013)

  21. Eldefrawy, K., Tsudik, G., Francillon, A., Perito, D.: SMART: secure and minimal architecture for (establishing dynamic) root of trust. In: 19th Network and Distributed System Security (NDSS) Symposium. The Internet Society, Reston (2012)

  22. Franken, E., Peeters, M.: Context tree weighting implementation version 0.1. Technical report, Eindhoven University of Technology (2002)

  23. Fraux, R.: Bosch BMI160 vs ST LSM6DSM. Reverse Costing and Technology Analysis. System Plus Consulting, Nantes (2017)

    Google Scholar 

  24. Ganji, F., Tajik, S., Fäßler, F., Seifert, J.: Having no mathematical model may not secure PUFs. J. Cryptogr. Eng. 7(2), 113–128 (2017)

    Article  Google Scholar 

  25. Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security—CCS 2002, pp. 148–160. ACM (2002)

  26. Github: SP800-90B Entropy Assessment. https://github.com/usnistgov/SP800-90B_EntropyAssessment. Accessed 05 March 2018

  27. Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2007, LNCS, vol. 4727, pp. 63–80. Springer, Berlin (2007)

  28. Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: International Conference on Field Programmable Logic and Applications (FPL), pp. 189–195 (2007)

  29. Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)

    Article  MathSciNet  Google Scholar 

  30. Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning physically unclonable functions. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6 (2013)

  31. Hodges, J.L., Cam, L.L.: The Poisson approximation to the Poisson binomial distribution. Ann. Math. Stat. 31(3), 737–740 (1960)

    Article  MathSciNet  Google Scholar 

  32. Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)

    Article  MathSciNet  Google Scholar 

  33. Hsu, W.T., Brown, A.R.: Frequency trimming for MEMS resonator oscillators. In: IEEE International Frequency Control Symposium Joint with the 21st European Frequency and Time Forum, pp. 1088–1091 (2007)

  34. Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the secrecy-rate of physical unclonable functions with the context-tree weighting method. In: IEEE International Symposium on Information Theory, pp. 499–503 (2006)

  35. Ignatenko, T., Schrijen, G.J., Skoric, B., Tuyls, P., Willems, F.: Estimating the secrecy-rate of physical unclonable functions with the context-tree weighting method. In: 2006 IEEE International Symposium on Information Theory, pp. 499–503. IEEE (2006)

  36. JEDEC Solid State Technology Association Standard—JESD22-A103E: High Temperature Storage Life (2015). Revision of JESD22-A103D (2010)

  37. JEDEC Solid State Technology Association Standard—JESD22-A104D: Temperature Cycling (2009). Revision of JESD22-A104C (2005)

  38. Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012, pp. 283–301. Springer, Berlin (2012)

    Chapter  Google Scholar 

  39. Krawczyk, H.: Cryptographic extraction and key derivation: the HKDF scheme. In: Rabin, T. (ed.) Advances in Cryptology—CRYPTO 2010, LNCS, vol. 6223, pp. 631–648. Springer, Berlin (2010)

  40. Laermer, F., Schilp, A.: Method of Anisotropically Etching Silicon, US patent (1996)

  41. Lahrach, A.: Bosch IMU in iPhone X. Reverse Costing and Technology Analysis. System Plus Consulting, Nantes (2018)

    Google Scholar 

  42. Lee, J., Lim, D., Gassend, B., Suh, G., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: 2004 Symposium on VLSI Circuits, Digest of Technical Papers, pp. 176–179 (2004)

  43. Lindroos, V., Tilli, M., Lehto, A., Motooka, T.: Handbook of Silicon Based MEMS Materials and Technologies. Elsevier Inc, Amsterdam (2010)

    Google Scholar 

  44. Linnartz, J.M.G., Tuyls, P.: New shielding functions to enhance privacy and prevent misuse of biometric templates. In: Kittler, J., Nixon, M.S. (eds.) Proceedings of the 4th International Conference on Audio-and Video-Based Biometrie Person Authentication—AVBPA 2003, LNCS, vol. 2688, pp. 393–402. Springer, Berlin (2003)

  45. Maes, R.: Physically Unclonable Functions: Constructions. Properties and Applications. Springer, Berlin (2013)

    Book  Google Scholar 

  46. Maes, R., van der Leest, V., van der Sluis, E., Willems, F.M.J.: Secure key generation from biased PUFs: extended version. J. Cryptogr. Eng. 6(2), 121–137 (2016)

    Article  Google Scholar 

  47. Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: A fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2012, LNCS, vol. 7428, pp. 302–319. Springer, Berlin (2012)

  48. Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: IEEE/ACM International Conference on Computer-Aided Design—ICCAD 2008, pp. 670–673 (2008)

  49. May, G.S., Spanos, C.J.: Statistical process control. In: Fundamentals of Semiconductor Manufacturing and Process Control, chap. 6, pp. 181–227. Wiley, New York (2006)

  50. Mgc.co.jp: Non-haloganated low CTE BT resin laminate for IC plastic packages. http://www.mgc.co.jp/eng/products/lm/btprint/lineup/hfbt.html. Accessed 24 July 2017

  51. Nedospasov, D., Seifert, J.P., Helfmeier, C., Boit, C.: Invasive PUF analysis. In: Workshop on Fault Diagnosis and Tolerance in Cryptography—FDTC 2013, pp. 30–38. IEEE (2013)

  52. Neul, R., Gomez, U., Kehr, K., Bauer, W., Classen, J., Doring, C., Esch, E., Gotz, S., Hauer, J., Kuhlmann, B., Lang, C., Veith, M., Willig, R.: Micromachined gyros for automotive applications. In: IEEE Sensors, pp. 527–530 (2005)

  53. Nisan, N., Zuckerman, D.: Randomness is linear in space. J. Comput. Syst. Sci. 52(1), 43–52 (1996)

    Article  MathSciNet  Google Scholar 

  54. Orshansky, M., Nassif, S.R., Boning, D.: Front end variability. In: Design for Manufacturability and Statistical Design: A Constructive Approach, chap. 2, pp. 11–41. Springer, Berlin (2008)

  55. Reyzin, L.: Entropy Loss is Maximal for Uniform Inputs. Technical Report BUCS-TR-2007-011. Boston University, Boston (2007)

  56. Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security—CCS 2010, pp. 237–249. ACM (2010)

  57. Samyde, D., Skorobogatov, S.P., Anderson, R.J., Quisquater, J.: On a new way to read data from memory. In: Proceedings of the First International IEEE Security in Storage Workshop – SISW 2002, pp. 65–69. IEEE Computer Society (2002)

  58. Skorobogatov, S.P.: Data remanence in flash memory devices. In: J.R. Rao, B. Sunar (eds.) Cryptographic Hardware and Embedded Systems—CHES 2005, Lecture Notes in Computer Science, vol. 3659, pp. 339–353. Springer, Berlin (2005)

  59. Suh, G., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th Design Automation Conference—DAC 2007, pp. 9–14 (2007)

  60. Sumibe.co.jp: Epoxy resin molding compounds for encapsulation of semiconductor devices. http://www.sumibe.co.jp/english/product/it-materials/epoxy/sumikon-eme/. Accessed 24 July 2017

  61. Tanner, D.M., Owen, A.C., Rodriguez, F.: Resonant frequency method for monitoring MEMS fabrication. Proc. SPIE 4980, 4980 (2003)

    Google Scholar 

  62. Tatar, E., Alper, S., Akin, T.: Quadrature-error compensation and corresponding effects on the performance of fully decoupled MEMS gyroscopes. J. Microelectromech. Syst. 21(3), 656–667 (2012)

    Article  Google Scholar 

  63. Turan, M.S., Barker, E., Kelsey, J., McKay, K.A., Baish, M.L., Boyle, M.: Recommendation for the entropy sources used for random bit generation (second draft). Special publication 800-90b, National Institute of Standards and Technology (2016)

  64. Tuyls, P., Schrijen, G.J., Skoric, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, LNCS, vol. 4249, pp. 369–383. Springer, Berlin (2006)

  65. Willems, F.M.J., Shtarkov, Y.M., Tjalkens, T.J.: The context-tree weighting method: basic properties. IEEE Trans. Inf. Theory 41(3), 653–664 (1995)

    Article  Google Scholar 

  66. Willems, F.M.J., Shtarkov, Y.M., Tjalkens, T.J.: Context weighting for general finite-context sources. IEEE Trans. Inf. Theory 42(5), 1514–1520 (1996)

    Article  Google Scholar 

  67. Willers, O., Curcic, M., Seidel, H.: Fingerprinting MEMS gyroscopes. In: Proceedings of the 11th Smart Systems Integration (SSI), pp. 133–140 (2017)

  68. Willers, O., Huth, C., Guajardo, J., Seidel, H.: MEMS gyroscopes as physical unclonable functions. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security—CCS 2016, pp. 591–602. ACM (2016)

Download references

Author information

Authors and Affiliations

  1. Department Research and Advance Engineering, Robert Bosch GmbH, Stuttgart, Germany

    Oliver Willers, Christopher Huth & Peter Deutsch

  2. Research and Technology Center, Robert Bosch LLC, Pittsburgh, USA

    Jorge Guajardo

  3. Chair of Micromechanics, Microfluidics/Microactuators, Saarland University, Saarbrücken, Germany

    Helmut Seidel

Authors
  1. Oliver Willers
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Christopher Huth
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jorge Guajardo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Helmut Seidel
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Peter Deutsch
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Oliver Willers.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Willers, O., Huth, C., Guajardo, J. et al. On the feasibility of deriving cryptographic keys from MEMS sensors. J Cryptogr Eng 10, 67–83 (2020). https://doi.org/10.1007/s13389-019-00208-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-019-00208-4

Keywords

Search

Navigation