Physically Unclonable Function-based Security And Privacy In RFID

SystemsLeonid Boloynyy and Gabriel RobinsDepartment of Computer Science

University of Virginia

Presented by Jeffery Barton

Outline

Introduction Related Work PUF-Based Tag Identification

Algorithm PUF-Based MAC Protocols PUF Vs. Digital Hash Functions Building PUFs Conclusion

Purpose

What problem are we solving? Privacy and Security in RFID Systems Current cryptographic solutions are

too expensive Privacy-preserving tag identification Secure message authentication

codes Comparisons Directions for future research

Introduction

Introduction

What is RFID? <Insert last two presentations here> In general uses radio signals

for identity verification Low-cost Analogous

to sensor networks PICTURE

What is a PUF? Remember “not easy to find random

generator”??

A Familiar Subject…

Physically Unclonable Functions

“Random number function that can only be evaluated by a specific instance of the underlying hardware”

Hardware based function Easy evaluation Hard characterization Reliable and unpredictable What makes it unclonable?

Introduction

Unclonability

Physical Inherent random components Wire/gate delays, manufacturing variations Hard to define Even with identical hardware Challenges mapped to responses = Unpredictable

Mathematical Hard to compute responses given exact

parameters/CRPs Response = Complex interactions of random

components Modeling with known random values Oodles of

computational effort Combination of the two = extremely unclonable

Introduction - PUFs

Related Work

Physical one-Way Functions [16] Origination – optical PUFs

Controlled Physical Random Functions [7] & Extracting Secret Keys From Integrated Circuits [12] Silicon prototype Reliable, can tolerate varying environmental conditions Variability PUF circuits across multiple chips Accurate model difficult (w/polynomially-many i/o pairs)

RFID-Tags for Anti-Counterfeiting [17] Off-line reader authentication algorithm based on PUFs

using public key cryptography Still too much for low-cost RFID tags

Related Work

More Related Work

Security and Privacy: Modest Proposals for Low-Cost RFID Systems [15] Identification/authentication algo based on Silicon

Physical Random Functions [8] No state maintenance/random responses = easy

tracking No access control = easy identification by adversaries Abundant challenges more ID time/power

consumption Therefore

Only use challenge-response algos for authentication Send ID to reader first less communication & query

more challenges Tag tracking still possible

Related Work

Assumptions

Cannot recover PUF model given polynomial # of i/o pairs

τ is constant and independent of the # of identical responses from other tags

Hardware tampering = new function Secure against side-channel attacks Random function

Assumptions

PUF-Based Tag Identification Algorithm Single-use 1-step identification algo

to maintain privacy in face of passive adversaries Pseudonyms and one-time-pads Privacy-preserving

PUF-Based Tag Id Algo

Other Tag ID Algorithms

“Minimalist” approach Uses readers to generate pseudonyms Using PUFs requires fewer updates

Hash-chains Tags must compute

2 expensive cryptographic hash functions

PUF = only 1

PUF-Based Tag Id Algo

Authors’ Tag ID Algorithm

Interrogation by reader response with ID from tag tag updates ID with p(ID)

Back-end keeps list of ID values i.e. Pseudonyms exhausted new seed ID Multiple executions and Parallel PUFs

Why?

PUF-Based Tag Id Algo

ID

Request

Database

ID1, p(ID1), p2(ID1), …, pk(ID1)

...IDn, pn(IDn), pn

2(IDn), …, pnk(IDn)

p(ID)ID

Multiple Executions & Parallel PUFs Reason increase reliability of output Parallel PUFs each produces sub-

signature Sub-signatures contain n PUF compositions Early invalid results reflect heavily on later

compositions PUF is run several times for each input in

each sub-signature Number of valid sub-signatures must be

above a threshold

Multiple Executions

Averages values for greater reliability R Reliability of last value where:

μ = .02 probability of unreliable value k = 100 compositions N executions at each stage

For 1 execution, R = .49 For 5 executions, R = .992268

PUF-Based Tag Id Algo – Author’s

1

2

( , , ) (1 (1 ) )N m N m kN

mR N k

Parallel PUFs

Tuple response, any one accepted, also increases reliability

S Successful consecutive identifications where: q tuple size

For q = 2, S ≈ 73 For q = 3, S ≈ 90

More PUFs = few gates One PUF can simulate many Combination possible

PUF-Based Tag Id Algo – Author’s

1

1[(1 (1 ) ) (1 (1 ) ) ]x q x q

xS x

Tag ID Specific Assumptions and Requirements No DOS attacks (only passive) ID not overwritable by adversary w/o

altering PUF circuits Back-end must contain significantly

more i/o values than # of tags PUF must be able to produce many

unique IDs Tags should not yield same outputs If ID repeats, new ID is sent along with

power to perform write operationsPUF-Based Tag Id Algo – Author’s

Adversarial Model

Observe reader communication with multiple tags, single outtwo of them

Randomly select one and runs ID algo

Adversary is successful if they can determine which tag was selected with much greater accuracy than ½ (better than guessing)

PUF-Based Tag Id Algo – Author’s

Theorem 3.1

**Given a random oracle assumption for PUFs, and adversary has no advantage in attempting to compromise a tag’s privacy

Proof sketch: Observe output of two tags Obtain next output from one Adversary cannot determine which tag it

came from b/c PUF is assumed to be random

PUF-Based Tag Id Algo – Author’s

PUF-Based MAC Protocols

Three-tuple (K, T, V) K = generation algo generates key

used in T and V T = tagging algo takes input message

m and outputs signature σ V = verification algo verifies signature

σ for message m is authentic Secure if resistant to forgeries Adversary is successful if they can

determine signature from messagePUF-Based MAC Protocols

Other MAC Protocols

Various implementations: Standard cryptographic hash function Block cipher One-time signature scheme

list of secrets that are 0 or 1 Oodles of memory usage

“Minimalistic” approach Each secret is a single bit Longer message size and shorter message

space

PUF-Based MAC Protocols

Authors’ MAC Protocols

PUF acts like a public key: PUF computation algo (schematic) is known Private key (PUF’s i/o behavior) remains unknown Seller possesses a tag, but cannot predict PUF

computations Resistant to forgery even when verifier is

offline Defense against hardware alterations

Physically locating tag’s verification password storage circuitry under PUF’s circuitry/wires

Multiple executions/Parallel PUFs can be used

PUF-Based MAC Protocols

Comparisons

Vs. tag authentication Tag signs/authenticates

message instead of reader Signed message is input, output is

signature/MAC Key used to sign is PUF itself

Vs. standard cryptographic MAC algos Keys are larger Physical presence of tag required Cannot sign arbitrary messages Back-end computation keeps tag costs down

PUF-Based MAC Protocols – Author’s

Components of the Protocol Key Generation

Verifier creates table of values Occurs before deployment Can be disabled/passworded Large key required for verification w/o

tag presence Tagging algo signs message Verification algo verifies signature

PUF-Based MAC Protocols – Author’s

Key GenerationAlgorithm Input: Message set M; tag/PUF identifiers set P;

# of needed signatures k; # of sub-signatures qfor each PUF p ∈ P do

for i = 1 to |M| do for c = 1 to k · q do Key[p,mi, c] = {c, pc(mi), . . . , p(n)

c

(mi)}

end endend

PUF-Based MAC Protocols – Author’s - Components

Tagging Algorithm

Input: Message m; # of sub-signatures q

Side effect: c = c + q

PUF-Based MAC Protocols – Author’s - Components

( )

( )c+1 c+1

( )c+q-1 c+q-1

= ({c, p (m), . . . , p (m)},

{c + 1, p (m), . . . , p (m)}, . . . ,

{c + q - 1, p (m), . . . , p (m)})

nc c

n

n

Signature

Verification Algorithm

Input: Key K; PUF p; # of needed signatures k; # of sub-signatures q; allowed number t of incorrect PUF responses;

verify that 1 ≤ c ≤ k ∙ qv = 0for each sub-signature σc do

σ* = K[p, m, c] if σc agrees with σ* in at least n − t terms then

v = v + 1if v ≥ threshold then acceptelse reject

PUF-Based MAC Protocols – Author’s - Components

( )

( )c+1 c+1

( )c+q-1 c+q-1

= ({c, p (m), . . . , p (m)},

{c + 1, p (m), . . . , p (m)}, . . . ,

{c + q - 1, p (m), . . . , p (m)})

nc c

n

n

Signature

Large Message Spaces

Signature verification only possible when tag is in range b/c of size of key

Unique token c (counter) Substitute for timestamp in passive tags Natural total ordering Info leak possible tells state of tag

Multiple executions forgery resistance

PUF-Based MAC Protocols – Author’s

Quantifying Auth. Reliability and Forgery Difficulty probv valid signature detection probability

probf forgery non-recognition probability

τ = .4 PUF1 output = PUF2 output probability µ = .02 output deviation probability n = 30 # of responses t = 3 # of deviations allowed probv = .997107

probf = .000313 Tweak n and t to get better results if necessary

PUF-Based MAC Protocols – Author’s – Large Msg Spaces

1( , , ) 1 (1 )

n i n iv i t

nprob n t

i

1( , , ) 1 (1 )

n j n jf j t

nprob n t

j

Theorem 4.1

Given a random oracle assumption for PUF p, the probability that an adversary can forge a signature σ for a message m is bounded from above by β.

Proof sketch: To forge a signature: Find n distinct numbers r1, . . . , rn

Find unused counter value c Compute correct PUF values pc(ri ,m) for at least n – t

of them p is assumed to be random and c was never inputted

into p adversary must rely on the tag(s) in their possession

PUF-Based MAC Protocols – Author’s

Small Message Spaces

Outputs can be computed ahead of time

Can verify signature w/o tag’s presence

Tokens generated on tag ≠ random Counters can be used just like large

MS

PUF-Based MAC Protocols – Author’s

Theorem 4.2

Given a random oracle assumption for a PUF p, the probability that an adversary could forge a signature σ for a message m is bounded from above by q · β.

Proof sketch: Adversary finds next counter value c PUF is random accurate modeling not possible Must use other tags for impersonation Success of forging a sub-signature bounded by

β Success of forging whole signature bounded

by q · βPUF-Based MAC Protocols – Author’s

Attacks on MAC Protocols - Impersonation Manufacture tag duplicate

forge signatures Obtain multiple tags use responses to

impersonate PUF = random duplicating or selecting

equivalent tag = improbable (“unclonable”) Tweaking n and t

Raise valid signature detection probability probv

Lower forgery non-recognition probability probf

Makes impersonation more improbable

PUF-Based MAC Protocols - Attacks

original clone

Attacks on MAC Protocols - Modeling Attempt to model PUF using

signature/message pairs PUFs determined by unreliable factors

modeling is very difficult Attempt to measure wire delays

This in itself will alter wire delays Likely disrupt/damage overlying circuitry Alters functionality of PUF

PUF-Based MAC Protocols - Attacks

Attacks on MAC Protocols – Side-channel Attempt to learn secret info using

timing and power analyses attacks PUF-based secrets are difficult to

represent correctly in digital form Therefore hard to model

PUF-Based MAC Protocols - Attacks

Attacks on MAC Protocols – Hardware Tampering Attempt to physically probe wires

High risk of altering/destroying PUF’s behavior

Attempt to physically read-off or alter digital key/password Likely damage overlying wires and alter

tag behavior Detection is possible by precompiling

information about tag

PUF-Based MAC Protocols - Attacks

PUF Vs. Digital Hash Functions Much less hardware required

Drawbacks to low hardware complexity: Probabilistic consistency with expected

output Tag copies = similar computational behavior Back-end must store all challenge/response

pairs for each tagPUF Vs. Digital Hash Functions

MD4

7350

MD5

8400

SHA-256

10868

Yuksel

1701

PUF

545

AES

3400

algorithm

# of gates

More Comparisons to DHF

Modeling PUF vs. determining key Difficult to represent accurately in concise

form Difficult to model random components

More resistant to side-channel attacks/physical tampering

Even with physical measurements, PUF is difficult to duplicate

Reliance upon physical characteristics makes security difficult to guarantee/characterize analytically

PUF Vs. Digital Hash Functions

Building PUFs

First prototype of silicon PUF: Silicon Physical Random Functions B. Gassend, D. Clarke, M. van Dijk, and

S. Devadas Oscillating counter circuit used to

measure intrinsic delays Slow counting mechanism slowed

manufacturing process increased overall cost

Building PUFs

More Building of PUFs

Delay values for different challenges tend towards Gaussian distribution

Certain challenges should be avoided Identical/similar outputs even when signals

travel different paths Filtered out of database at creation

Response reliability is low More computation rounds Still risking producing noise

Building PUFs

Avoiding Drawbacks

Use sub-threshold voltage techniques to compare gate polarizations

Fast w/o using oscillating counter Separates PUF values better and

avoids highly skewed distributions of responses

Still preserves reliability/unpredictability

Variable non-linear delays can be added to keep modeling difficult

Building PUFs

Future Research

Characterization of security of PUFs Thorough testing of RFID tags with

PUFs satisfying current RFID standards Sub-threshold voltage-based PUFs Conditional testing environmental and

operational Behavior testing under varying levels of

motion, acceleration, vibration, temperature, noise, etc.

τ and μ should be characterized as functions of operational environment

Conclusion - Future Research

More Future Research

Adaptations for various applications Multi-tag regimes Ownership transfer algos Tree-based identification protocols

PUFs in readers can be used to combat rogue readers

Conclusion - Future Research

Conclusion

Full-fledged cryptographic security mechanisms are too costly for low-cost RFID tags enter PUF approach

Exponential # of keys no key distribution problem Protects from cloning, even with physical access to

tags and circuit schematics Valuable in access control and authenticity verification

MAC protocols require few hardware resources keeps tag costs down

Comparison to digital counterparts Possible improvements in PUF design Outline of future research

Conclusion

Questions?

Are you still reading these?

GO HOME!!

Seriously, go home