Hardware security

Hardware security is the usage of a piece of hardware in order to protect, identify and authenticate different entities and devices. A physical unclonable function (PUF) is a module that uses intrinsic random physical features to identify people, objects and systems. PUFs use biological variations (fingerprints), unpredictability of optical reflection patterns, and variations in the manufacturing process of hardware devices, as a source of randomness which is utilized for both security and authentication. Due to their random nature, the behavior of most PUFs is vulnerable to variations in environmental factors. Therefore, the response of a PUF may vary from one sample to another, when environmental conditions change. In order to compensate for their unstable nature, post-processing methods aimed at overcoming their “noisy” behavior, such as error correcting codes or fuzzy extractors, are employed. Essentially, the noisy behavior of a PUF leads to a reduced sample space for security and authentication.

Hardware PUFs use small variations in the manufacturing process which even the manufacturer can not control and predict, in order to produce a random and unpredictable response. Different types of hardware PUFs relay on random variations in different processes. For example, arbiter and ring oscillator PUFs use variations in length of paths on a chip, to produce a random response; whereas memory-based PUFs such as SRAM PUF and Latch PUF utilize small and uncontrollable variations in transistor level. Variations in environmental factors such as temperature can result in “noisy” responses of a PUF. There exist post-processing methods that enable one to recover the original PUF response at the expense of reduced randomness for security.

There are various factors that may affect the security a PUF can provide, such as biased responses, instability and weaknesses in its structure that can lead to model building attack. There is a need to develop a single measure that enables a PUF designer to take all of these factors into consideration and produce a number that has an operational meaning in terms of PUFs security.

We develop a new unified framework for evaluating the level of security of PUFs, based on password security, by using information theoretic tools of guesswork. The guesswork model allows to quantitatively compare, with a single unified metric, PUFs with varying levels of stability, bias and available side information. In addition, it generalizes other measures to evaluate the security level such as min-entropy and mutual information.

Papers