Title: Lightweight PUF-based Key and Random Number Generation
Other Titles: Lichtgewicht PUF-gebaseerde sleutel en willekeurige nummergeneratie
Authors: Van Herrewege, Anthony
Issue Date: 16-Jan-2015
Abstract: As embedded electronics continue to be integrated into our daily lives at such a pace that there are nowadays more cellphones than people on the planet, security is becoming ever more crucial. Unfortunately, this is all too often realized as an afterthought and thus the security implementations in many embedded devices offer little to no practical protection. Security does not require only cryptographic algorithms; two other critical modules in a secure system are a key generation module and a random number generator (RNG). The lack of well thought-out implementations of these modules has been the downfall of the security in many devices, many of them high-profile.In this thesis, we look into ways of constructing secure versions of both of these building blocks in embedded devices. Towards this end, we turn our attention to physically unclonable functions (PUFs). A PUF is a promising, relatively novel primitive that functions as a fingerprint for electronic devices. In our research, we have combined PUFs with custom hardware modules, such as a BCH error correcting code decoder, to create the first "black box" PUF-based key generation module. Our implementation requires very little real estate, proving that very efficient BCH error correcting codes, which are normally written off as being unwieldy and complex, are in fact feasible for use in PUF-based systems.We furthermore investigate the presence of PUFs in commercial off-the-shelf (COTS) microcontrollers. A thorough investigation of the usability of SRAM as PUFs and RNGs in a handful of the most prominent microcontroller families on the market is presented. We discuss the practical use of the measured microcontrollers in light of our findings, and show that there are large differences between the various families. Our study is the first of its kind, and clearly displays the need for continued work in this fashion on other microcontrollers.Finally, we develop a system for a secure RNG on COTS embedded devices, leveraging errors in available PUFs as a source of entropy. Building upon the findings of our microcontroller study, we successfully implement this system onto various ARM Cortex-M microcontrollers. Part of this result is an implementation of the Keccak algorithm, the smallest published to date.
Table of Contents: Preface
List of Figures
List of Tables
List of Code Listings
List of Abbreviations
List of Symbols
1 Introduction
1.1 Cryptographic primitives
1.2 Problem sketch
1.3 Thesis outline
1.4 Conclusion
2 PUF and RNG Background
2.1 Physically Unclonable Function
2.2 Applications
2.3 Design
2.4 Threat model
2.5 Mathematical notation
2.6 Quality metrics
2.7 Error correction
2.8 Random number generation
2.9 Summary
3 PUFKY: An Area-Efficient Key Generation Module
3.1 Introduction
3.2 Background
3.3 Design
3.4 BCH decoding microcontroller
3.5 Full generator implementation
3.6 Conclusion
4 Analysis of SRAM in COTS Microcontrollers
4.1 Introduction
4.2 Measurement setup
4.3 Measurements & evaluations
4.4 Discussion
4.5 Conclusion
5 Software-based Secure PRNG Design
5.1 Introduction
5.2 Design
5.3 Implementation
5.4 Conclusion
6 Conclusions
A Microcontroller Firmware
B Microcontroller Metrics
Curriculum Vitae
List of Publications
ISBN: 978-94-6018-947-0
Publication status: published
KU Leuven publication type: TH
Appears in Collections:ESAT - COSIC, Computer Security and Industrial Cryptography (+)

Files in This Item:
File Status SizeFormat
anthonyvh-thesis-2015_01_08-10_43.pdf Published 4884KbAdobe PDFView/Open


All items in Lirias are protected by copyright, with all rights reserved.