Run-time Accessible DRAM PUFs in Commodity Devices … · Run-time Accessible DRAM PUFs in...
Transcript of Run-time Accessible DRAM PUFs in Commodity Devices … · Run-time Accessible DRAM PUFs in...
Run-timeAccessibleDRAMPUFsinCommodityDevices
WenjieXiong1,AndréSchaller2,NikolaosA.Anagnostopoulos2,MuhammadUmairSaleem2,SebastianGabmeyer2,
StefanKatzenbeisser2,andJakubSzefer1
1.YaleUniversity,USA2.Technische UniversitätDarmstadtandCASED,Germany
Aug18,2016
PhysicallyUnclonable Functions(PUF)
• Afunction,whichisembeddedintoaphysicalobjectWhenqueriedwithachallengex,thePUFgenerates aresponsey,whichdependson1)Challengexand2)specialphysicalpropertiesoftheobject
• SiliconPUFsusethemanufacturingprocessvariationse.g.ArbiterPUFs,SRAM-PUFsItisalmostimpossibletoclone,evenforthemanufacturer
• Authenticationandidentification
2CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Intrinsic PUF• NoextrachipsneededforPUF• Exploit hardwarewhichison-boardanyway
e.g.startupvaluesofSRAM
IsitpossibletoexploitDRAMasaPUF?• MostcomputingdevicesholdDRAM• ExploitintrinsicDRAMPUFtoderiveaunique
fingerprint&deriveakey• DRAMhaslargercapacitythanSRAM• RuntimePUFratherthanboot-uptime
IntrinsicDRAMPUF
3CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Experimentalplatforms:PandaBoard(top)andIntelGalileo(bottom).
Outline/Contributions• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity
devices duringrun-timeofthe Linuxsystem• IntroducenewmetricsforevaluatingDRAMPUFs,basedontheJaccard
index• Throughextensiveexperiments,weshowthatDRAMPUFsexhibit
robustness,uniqueness,andstability• Designprotocolsfordeviceauthenticationandsecurechannel
establishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells
4
SS 2013 | Seminar: Physically Unclonable Functions and its Applications | André Schaller & Prof. Dr. Stefan Katzenbeisser |
CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
DRAMCellDecay• ADRAMcellconsistsofa
capacitorandatransistor• Bitisstoredascharge• DRAMaccessprocess• Chargeleakage
– DRAMrefresh– Accessawordwillrefresh
thewholerow• Duetothemanufacturing
variationsamongDRAMcells,somecellsdecayfasterthanothers,whichcanbeexploitedasaPUF
SchematicofaDRAMarray;arrowsindicateleakagepathsfor
dissipationofchargesthatleadtoPUFbehavior.
5CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
DRAMPUFAccess
(1)DRAMforordinaryuse
(2)PUFregion(ingrey)isinitializedandtheDRAM
(3)PUFcellsdecayfortimet
(4)ReadouttheDRAMtoextractthePUFmeasurement
(5)DRAMreturntonormalusage
DRAMPUFchallenge:LogicalPUF(addr andsize),initialvalue (0or1),decaytime
OS & App memory
OS & App memory
sizeaddr
LogicalPUF
OS & App memory
OS & App memory
OS & App memory
OS & App memory
OS & App memory
OS & App memory
refreshisdisabled
6
refreshisdisabled
CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
• Twoapproaches– Firmware
• DRAMisnotusedbyfirmware,sothewholeDRAMrefreshcanbedisabled
– Kernelmodule• SelectiveDRAMrefresh
– ReadawordineachDRAMrow,andthus,refreshtheDRAMusedbythesystemandapplications
• Twoplatforms– PandaboardESRevisionB3:TIOMAP4460,1GBELPIDADDR2– IntelGalileoGen2:IntelQuarkX1000,two128MBMicronDDR3
Implementations
7CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Outline/Contributions• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity
devicesduringrun-timeoftheLinuxsystem• IntroducenewmetricsforevaluatingDRAMPUFs,basedontheJaccard
index• Throughextensiveexperiments,weshowthatDRAMPUFsexhibit
robustness,uniqueness,andstability• Designprotocolsfordeviceauthenticationandsecurechannel
establishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells
8CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
DRAMPUFCharacteristics
Iftx ≤tx+1andaddrx =addrx+1,sizex =sizex+1,weobservemx⊆mx+1,uptonoise.
Wemeasuredtwo 32KBlogicalPUFson4 PandaBoardsand5 IntelGalileos.EachlogicalPUFwasmeasuredatfive decaytimeswith50measurementseach.
AveragedecayrateofDRAMmodulesof(blue)PandaBoardand(purple)IntelGalileo.
120 180 240 300 3600
0.005
0.01
0.015
0.02
0.025
Decay time (sec)
Decay
rate
t1 t2 t3t0
9CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
DRAMPUFCharacteristics• PUFmeasurement:Astringof0’sand1’s
->Asetofbitflips• Hammingdistance->Jaccardindex
• IntraJaccardIndex:– PUFmeasurementsofthesame PUFchallenge.– Ideally,themeasurementsarethesame. Jintra ≈1.
• InterJaccardIndex:– PUFmeasurementsofdifferent PUFchallenges.– Ideally, themeasurementsarecompletelydifferent.Jinter ≈0.
J(v1,v2 ) =v1∩v2v1∪v2
10CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Maxfractionalintra-HD
Minfractionalinter-HD
0.0045 0.0038
0.0003 0.0012
0.0083 0.0139
0.0005 0.0032
0.0101 0.0244
0.0020 0.0057
0.0123 0.0238
0.0013 0.0080
0.0206 0.0279
0.0022 0.0124
DRAMPUFCharacteristicsRobustnessandUniqueness
• Robustness:ForthesamePUF,thesamechallengexshouldalwaysproducealmostthesameresponsey. Jintra ≈1
• Uniqueness:FordifferentPUF,thesamechallengexshouldalwaysproduceverydifferentresponsey. Jinter ≈0
• JaccardindexisbetteratdistinguishingDRAMPUFmeasurements.Decaytime
device MinJintra
MaxJinter
120sPandaBoard 0.4634 0.0102
Galileo 0.7712 0.0038
180sPandaBoard 0.4382 0.0168
Galileo 0.8361 0.0044
240sPandaBoard 0.4087 0.0258
Galileo 0.6261 0.0049
300sPandaBoard 0.4222 0.0405
Galileo 0.7944 0.0055
360sPandaBoard 0.3484 0.0342
Galileo 0.8276 0.0072 11
Jaccard index between pairs of measurements0 0.2 0.4 0.6 0.8 1
Pro
bab
ility
0
0.05
0.1
0.15
Jinter
Jintra
Jaccard index between pairs of measurements0 0.2 0.4 0.6 0.8 1
Pro
bab
ility
0
0.05
0.1
0.15
0.2
0.25
Jinter
Jintra
DRAMPUFCharacteristicsRobustnessandUniqueness
DistributionofJintra and Jinter valuesfor(left)PandaBoardand(right)IntelGalileo.
• Robustness:ForthesamePUF,thesamechallengexshouldalwaysproducealmostthesameresponsey. Jintra ≈1
• Uniqueness:FordifferentPUF,thesamechallengexshouldalwaysproduceverydifferentresponsey. Jinter ≈0
• ThereisacleargapbetweenJintra and Jinter.->Uniqueness
12CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
TemperatureDependency• DRAMdecayalsodependsontheambienttemperature.• WeconductedtemperatureexperimentswithaheaterontopoftheDRAM.
Temperature-dependentdecayof(left)PandaBoardand(right)IntelGalileo.
13
40 60 800
0.05
0.1
0.15
0.2
0.25
0.3
Temperature (◦C)
Decay
rate
t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s
40 60 800
0.05
0.1
0.15
0.2
Temperature (◦C)
Decay
rate
t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s
CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
TemperatureDependency
120 180 240 300 3600
0.005
0.01
0.015
0.02
0.025
Decay time (sec)
Decay
rate
120 180 240 300 3600
0.002
0.004
0.006
0.008
0.01
0.012
Decay time (sec)
Decay
rate
Temperature-dependentdecayof(left)PandaBoardand(right)IntelGalileo.
14
40 60 800
0.05
0.1
0.15
0.2
0.25
0.3
Temperature (◦C)
Decay
rate
t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s
40 60 800
0.05
0.1
0.15
0.2
Temperature (◦C)
Decay
rate
t1 = 120st2 = 180st3 = 240st4 = 300st5 = 360s
CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
• HightemperaturespeedsuptheDRAMcelldecay.t’T’=t*e-0.0662*(T’-T)
• Underdifferenttemperature,withequivalent decaytimethesamedecaycanbeobserved.
• ThetemperaturedependencydoesnotaffecttherobustnessofthePUF.
Jin
tra
0
0.2
0.4
0.6
0.8
1
t1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 540/C 50/C 60/C
TemperatureDependency
Jintra (i.e.similarity)ofenrollmentmeasurementstakenat40oCandmeasurementsatT’={40oC,50oC,60oC}onIntelGalileo.
15CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Stability• WetookmeasurementsfromsamePUF4monthsapart.• TheminimumJaccardindexisnoworsethanJintra.
->ThePUFisstableover4months.
Jaccard index between pairs of measurements0.75 0.8 0.85 0.9 0.95
Pro
bab
ility
0
0.02
0.04
0.06
0.08
0.1
0.12
DistributionofJaccardindexofmeasurementstakenfromthesamelogicalPUFonIntelGalileoover4monthswithdecaytime200s.
16CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Outline/Contributions• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity
devicesduringrun-timeoftheLinuxsystem• IntroducenewmetricsforevaluatingDRAMPUFs,basedontheJaccard
index• Throughextensiveexperiments,weshowthatDRAMPUFsexhibit
robustness,uniqueness,andstability.• Designprotocolsfordeviceauthenticationandsecurechannel
establishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells
17CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
ProtocolforAuthentication• Threatmodel:Apassiveattacker,whoisabletoobservethenetworktraffic• Enrollment:A definedsetofdecaytimes
T={t0,t1,...,tn}MeasurementsforeachlogicalPUF
M={mid,0,mid,1,...,mid,n }
• Authentication:Theserverchoosesthesmallestdecaytimetx notpreviouslyusedforthelogicalPUFid.
Client C Server S
D T ,M,W,Kauthreq, id
t
x
, id
m0id,x
m
0id,x
d = J(m0id,x
,mid,x
)
d > ✏
auth
: auth
d ✏
auth
: noauth
8><
>:auth / noauth
18CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
SecureChannelEstablishment
Client C Server S
D T ,M,W,Kchannelreq, id
tx
, wid,x
m0id,x
kid,x
kid,x
kid,x
IfthereexistsasecurefuzzyextractorforourDRAMPUF.• EnrollmentAdefinedsetofdecaytimes
T={t0,t1,...,tn}MeasurementsforeachlogicalPUF
M={mid,0,mid,1,...,mid,n }Asetofrandomkeys
K={kid,0,kid,1,...,kid,n }Helperdata
W={wid,0,wid,1,...,wid,n }
19CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Time Dependent Decay• HowtochoosethesetofdecaytimesT={t0,t1,...,tn}?
• Securityisinthenewlyflippedbitsintx+1comparedtotx.• Security parameterεbits :numberofnewlyflippedbits.
Knowingmx,theprobabilityofarandomguessofmx+1 beingsuccessfulissmallerthan2-128.
tx tx+1
120 180 240 300 3600
0.002
0.004
0.006
0.008
0.01
0.012
Decay time (sec)
Decay
rate
120 180 240 300 3600
0.005
0.01
0.015
0.02
0.025
Decay time (sec)
Decay
rate
Redlinesindicatepossibledecaytimechallenges.IntelGalileocanprovide7challenges,andPandaBoardcanprovide2challengeswith32KBlogicalPUFanddecaytimet<360s.
20CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Conclusions• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity
devices.– Twoplatforms:thePandaBoard andtheIntelGalileo– Twoapproaches:acustomizedfirmware,andakernelmodule
• IntroducednewmetricsforevaluatingDRAMPUFs,basedontheJaccardindex.
• ShowedthatDRAMPUFsexhibitrobustness,uniqueness,andstabilitywiththedecaytimeaspartofthePUFchallenge.
• Designedprotocolsfordeviceauthenticationandsecurechannelestablishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells.
21CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Futurework• Construct fuzzy extractor forDRAMPUF
– Jaccard index– BiasedPUF
• BetterunderstandDRAMPUFcharacteristics– Temperature dependency– Voltagedependency
• Improveread out time– Intheorderofminutes
22CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Acknowledgements
Thisworkhasbeenco-fundedbytheDFGaspartofprojectP3withintheCRC1119CROSSING,andpartlyfundedbyCASED.
ThankstoKevinRyanandEthanWeinbergerfortheirhelpwithbuildingtheheatersetup.
ThankstoIntelfordonatingtheIntelGalileoboardsusedinthiswork.
ThankstoanonymousCHESreviewers,andespeciallyourshepherd,RoelMaes.
23CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
Q&A• Extractdecay-basedDRAMPUFinstancesfromunmodifiedcommodity
devices.– Twoplatforms:thePandaBoard andtheIntelGalileo– Twoapproaches:acustomizedfirmware,andakernelmodule
• IntroducednewmetricsforevaluatingDRAMPUFs,basedontheJaccardindex.
• ShowedthatDRAMPUFsexhibitrobustness,uniqueness,andstabilitywiththedecaytimeaspartofthePUFchallenge.
• Designedprotocolsfordeviceauthenticationandsecurechannelestablishmentthatdrawtheirsecurityfromthetime-dependentdecayofDRAMcells.
24CHES2016|Run-timeAccessibleDRAMPUFsinCommodityDevices| W. Xiong, et al.
25
DRAMcelldecay
Figure1:SchematicofaDRAMarray;arrowsindicateleakage
pathsfordissipationofchargesthatleadtoPUFbehavior.
26
tx
tx+1
RobustnessandUniqueness
27
Maxfractionalintra-HD
Minfractionalinter-HD
0.0045 0.0038
0.0003 0.0012
0.0083 0.0139
0.0005 0.0032
0.0101 0.0244
0.0020 0.0057
0.0123 0.0238
0.0013 0.0080
0.0206 0.0279
0.0022 0.0124
Decaytime
device MinJintra
MaxJinter
120sPandaBoard 0.4634 0.0102
Galileo 0.7712 0.0038
180sPandaBoard 0.4382 0.0168
Galileo 0.8361 0.0044
240sPandaBoard 0.4087 0.0258
Galileo 0.6261 0.0049
300sPandaBoard 0.4222 0.0405
Galileo 0.7944 0.0055
360sPandaBoard 0.3484 0.0342
Galileo 0.8276 0.0072
Jaccard index between pairs of measurements0 0.2 0.4 0.6 0.8 1
Pro
bab
ility
0
0.05
0.1
0.15
Jinter
Jintra
Jaccard index between pairs of measurements0 0.2 0.4 0.6 0.8 1
Pro
bab
ility
0
0.05
0.1
0.15
0.2
0.25
Jinter
Jintra
Figure3:DistributionofJintra and Jinter valuesfor(left)Pandaboardand(right)IntelGalileo.
• HightemperaturespeedsuptheDRAMcelldecay.t’T’=t*e-0.0662*(T’-T)
• Underdifferenttemperature,withequivalent decaytimethesamedecaycanbeobserved.
• ThetemperaturedependencydoesnotaffecttherobustnessofthePUF.
Jin
tra
0
0.2
0.4
0.6
0.8
1
t1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 5 t 1 t 2 t 3 t 4 t 540/C 50/C 60/C
Temperaturedependency
Figure5:Jintra (i.e.similarity)ofenrollmentmeasurementstakenat40oCandmeasurementsatT’={40oC,50oC,60oC}onIntelGalileo.
28