Lars Tebelmann
ABSTRACT
Physical Unclonable Functions (PUFs) provide a cost-efficient way to store a secure key on a device. But the noisy secret from a PUF must be corrected to generate a stable key. Since the error correction processes secret material, it is a target of attacks. Previous work has shown that single bits of a key can be extracted using a power side-channel attacks. This work enhances the attack idea. Non-invasive measurement of electromagnetic radiation together with a differential power analysis is shown to be sufficient to extract not only single bits but even the complete key from an error correction used for PUF-based key generation. The efficiency of the basic attack is significantly improved over state of the art using public available preknowledge on the PUF, an advanced correlation method, and parallel manipulation of helper data. The attack is practically demonstrated on an FPGA implementation with concatenated BCH and repetition codes. The results show that, compared to state of the art, a significant improvement by a factor of more than 100 in terms of trace reduction can be achieved.
- Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi 2002. The EM Side-Channel(s). In Cryptographic Hardware and Embedded Systems - CHES 2002, Burton S. Kaliski, Çetin K. Koç, and Christof Paar (Eds.), Vol.2523. Springer, Redwood Shores, CA, USA, 29--45. Google Scholar
Cross Ref
- Elwyn R. Berlekamp. 1968. Algebraic Coding Theory. MacGraw-Hill, New York.Google Scholar
- Christoph Bösch, Jorge Guajardo, Ahmad-Reza Sadeghi, Jamshid Shokrollahi, and Pim Tuyls. 2008. Efficient Helper Data Key Extractor on FPGA. In Cryptographic Hardware and Embedded Systems - CHES 2008. 10th International Workshop. Washington, DC, USA, August 10 - 13, 2008, Elisabeth Oswald and Pankaj Rohatgi (Eds.). Springer, 181--197. Google ScholarDigital Library
- Eric Brier, Christophe Clavier, and Francis Olivier. 2004. Correlation Power Analysis with a Leakage Model. Cryptographic Hardware and Embedded Systems - CHES 2004 (LNCS), Vol. 3156. Springer, Berlin, Heidelberg, 16--29. Google ScholarCross Ref
- Jianwei Dai and Lei Wang 2009. A Study of Side-Channel Effects in Reliability-Enhancing Techniques 24th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems (DFT '09).Google Scholar
- Jeroen Delvaux and Ingrid Verbauwhede. 2014. Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation. Topics in Cryptology - CT-RSA 2014, Josh Benaloh (Ed.). Number 8366 in LNCS. Springer International Publishing, 106--131.Google Scholar
- Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. 2004. Advances in Cryptology - EUROCRYPT 2004. LNCS, Vol. 3027 2004. Springer, Chapter Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, 523--540.Google Scholar
- Ernest Jamro. 1997. The Design of a VHDL based Synthesis Tool for BCH Codecs. Master's thesis. University of Huddersfield. http://home.agh.edu.pl/~jamro/bch_thesis/bch_thesis.htmlGoogle Scholar
- Ari Juels and Martin Wattenberg. 1999. A Fuzzy Commitment Scheme. In Proceedings of the 6th ACM Conference on Computer and Communications Security (1999) (CCS '99). ACM, 28--36.Google ScholarDigital Library
- Deniz Karakoyunlu and Berk Sunar. 2010. Differential Template Attacks on PUF Enabled Cryptographic Devices. IEEE International Workshop on Information Forensics and Security (WIFS) (2010).Google Scholar
- P. Kocher. 1996. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, In Advances in Cryptology - CRYPTO 1996, N. Koblitz (Ed.). Advances in Cryptology - CRYPTO 1996 Vol. 1109, 104--113. Google ScholarCross Ref
- Paul Kocher, Joshua Jaffe, and Benjamin Jun. 1999. Differential Power Analysis. In Advances in Cryptology - CRYPTO 1999 (LNCS), Vol. 1666. Springer, Berlin, Heidelberg, 388--397. Google ScholarCross Ref
- Shu Lin. 2004. Error Control Coding (2. ed.). Pearson-Prentice Hall.Google Scholar
- Roel Maes, Anthony Van Herrewege, and Ingrid Verbauwhede. 2012. PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator Workshop on Cryptographic Hardware and Embedded Systems (CHES) (LNCS), Emmanuel Prouff and Patrick Schaumont (Eds.), Vol. 7428. Springer, Heidelberg, 302--319.Google Scholar
- Stefan Mangard. 2007. Power Analysis Attacks. Springer.Google Scholar
- Dominik Merli, Frederic Stumpf, and Georg Sigl. 2013. Protecting PUF Error Correction by Codeword Masking. IACR Cryptology ePrint Archive Vol. 334 (2013).Google Scholar
- Rino Micheloni, Alessia Marelli, and Roberto Ravasio. 2008. Error Correction Codes for Non-Volatile Memories. Springer.Google Scholar
- Zdenek Paral and Srinivas Devadas. 2011. Reliable and Efficient PUF-based Key Generation Using Pattern Matching IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). 128--133.Google Scholar
- Michael Pehl, Matthias Hiller, and Georg Sigl. 2017. Information Theoretic Security and Privacy of Information Systems. Cambridge University Press, Chapter Secret Key Generation and Authentication, 362--389.Google Scholar
- Pankaj Rohatgi. 2009. Electromagnetic Attacks and Countermeasures. Cryptographic Engineering, Çetin Kaya Koç (Ed.). Springer, 407--430. Google ScholarCross Ref
Index Terms
- EM Side-Channel Analysis of BCH-based Error Correction for PUF-based Key Generation
Recommendations
Reinforcement Learning-Based Design of Side-Channel Countermeasures
Security, Privacy, and Applied Cryptography EngineeringAbstractDeep learning-based side-channel attacks are capable of breaking targets protected with countermeasures. The constant progress in the last few years makes the attacks more powerful, requiring fewer traces to break a target. Unfortunately, to ...
On-Chip Side-Channel Analysis of the Loop PUF
ASHES'22: Proceedings of the 2022 Workshop on Attacks and Solutions in Hardware SecurityIn recent years, Side-Channel Analysis (SCA) that leverages power measurements from peripherals or on-chip power sensors has gained increasing attention. Instead of direct physical access to the victim device, these so-called remote SCA attacks can be ...
Leakage Sources of the ICLooPUF: Analysis of a Side-Channel Protected Oscillator-Based PUF
Constructive Side-Channel Analysis and Secure DesignAbstractIn the last years, Physical Unclonable Functions (PUFs) became a popular security primitive, which is nowadays also used in several products. As a lightweight solution for key storage, they are frequently suggested in an environment where ...
Comments