Figure - available via license: Creative Commons Attribution 4.0 International
Content may be subject to copyright.
Source publication
In today’s globalized integrated circuit (IC) ecosystem, untrusted foundries are often procured to build critical systems since they offer state-of-the-art silicon with the best performance available. On the other hand, ICs that originate from trusted fabrication cannot match the same performance level since trusted fabrication is often available o...
Context in source publication
Similar publications
![Summary of experimental results of SRAM PUFs and TRNGs in ESP32 [16,37].](publication/351363311/figure/tbl2/AS:1029582941597697@1622483110224/Summary-of-experimental-results-of-SRAM-PUFs-and-TRNGs-in-ESP32-16-37_Q320.jpg)
Non-fungible tokens (NFTs) are widely used in blockchain to represent unique and non-interchangeable assets. Current NFTs allow representing assets by a unique identifier, as a possession of an owner. The novelty introduced in this paper is the proposal of smart NFTs to represent IoT devices, which are physical smart assets. Hence, they are also id...
Citations
... We propose the substitution of the traditional salt complement with a microcontroller's intrinsic Unique Identification number (UID), [20]. Derived from uncontrolled manufacturing variables, [21], this UID resonates with the ethos of Physical Unclonable Function (PUF) technology, [22], [23]. Our exploration is grounded in two microcontrollers, the FDRM K82F and the STM32-F401RE, culminating in the generation of secure, verifiable keys optimal for encryption, and benchmarking their performances. ...
In this research, we introduce an advanced encryption system that aligns with global cryptographic standards, emphasizing device identification and adherence to the PKCS#5 standard. Instead of relying on pseudorandom numbers, our innovative key expansion approach capitalizes on the microcontroller’s UID, merged with the session key, and subjected to a repetitive Digest algorithm, thus achieving a dimension apt for asymmetric encryption protocols. Leveraging the dedicated hardware support for the SHA-256 algorithm, we compute a distinctive digest through varying iteration counts, gauging computational prowess. We employ AES128 for data encryption, given its ubiquity and its hardware inclusion in the NXP FDRM-K82F device. This device boasts a Cryptographic Acceleration Unit (CAU), optimizing processing durations and memory consumption, paving the way for autonomous cryptographic systems with viable throughput rates tailored for IoT scenarios. The microcontroller’s specialized LP Trusted Cryptography (LTC) hardware champions diverse algorithms, enriched with atomic directives. We integrate Physical Unclonable Functions (PUFs) into our design, harnessing inherent manufacturing disparities to spawn unique, hard-to-replicate keys. The key expansion is rooted in the PKI infrastructure, sourcing a distinct number per device from the FRDM-K82F’s UID and culminating in a 256-bit Digest, employed as the AES-CBC key and Initialization Vector (I.V.). Our empirical assessment underscores the superior efficiency of the CAU against counterparts lacking such modules, showcasing remarkable boosts in performance and diminished encryption/decryption intervals. Consequently, our pioneering approach emerges as a prime candidate for fortifying IoT applications.
... These last circuit-level strategies require modifications to the circuit that would render an adversary less capable of making sense of the IP. Some authors propose the reliance on trusted fabrication using splitchip solutions followed by chip-to-chip authentication [8]. These countermeasures fail at some level to provide entire secure systems. ...
... On average, 22 bits per chip have different values at power-on. This value is in line with the findings of other works that also make use of a commercial SRAM IP as a PUF [23]. Further error correction schemes and helper data would be necessary to guarantee that the SRAM PUF response -after correctionhas the same deterministic value at every challenge [24], [25]. ...
The integrated circuit (IC) ecosystem, today, is widely distributed. Usually, a handful of companies is involved in the development of a single chip – an environment that presents many opportunities for malicious activities such as the insertion of hardware trojan horses. This work presents a specialized form of a hardware trojan that is able to mount a hardware-based ransomware attack, an attack that previously only existed in the software domain. This attack is therefore termed a hardware ransomware and is the main contribution of this work. As case studies, two architectures of the hardware ransomware are presented, along with a silicon demonstration in 65nm CMOS. In order to discuss the detectability of the malicious logic, the hardware ransomware is inserted in a complex system on chip (SoC). The experimental results show how an adversary can effortlessly insert the ransomware logic: the baseline SoC has a representative area utilization factor of 59.97% and, after the trojan is inserted, the area utilization factor increases by 0.73% to 60.70%. The inserted logic is also responsible for an increase of approximately 2% in static power – well within process variation margins. Finally, this paper discusses the implications of such an attack at length, showing that from the implementation and technological side, there are no barriers for an adversary to devise a hardware ransomware.
The communication network would have potential uses dependent on the infrastructure once the fifth generation (5G) network is fully commercialized. Subscriber Identification Module (SIM) authentication is a well-known mechanism for safeguarding the confidentiality of wireless device users. Fifth-generation computer technologies are very advanced in certification based on geolocation, regular confirmation, and authentication mechanisms. The clonable authentication feature solves the issue of authentication using duplicate modules. In highly dynamic environments, the problem poses a risk to privacy protection, adaptiveness, self-organization, information leakage, and the reliability of services. The article introduces a 2-way identity authentication method (2WIAM) using a Physical Unclonable Function (PUF) to address the issue above. The suggested technique for detecting module clones depends on user-provided authentication and geolocation data. The 2-way mutual authentication used in the suggested technique is a clever way to combine the many wireless technologies accessible to a given network node and enable the creation of wireless on-demand service providers and networks. The initial stage involves immediate passcode authentication, and the second is verifying the identity of the mobile equipment and any shifts or copies in its physical position. A new-cross authentication is then carried out to determine the identity of the clone's physical counterpart. In prior authentication situations, the choice to provide authorization or ban the clone was made fairly and objectively. The experiment results show that the users' privacy is protected, enhanced adaptiveness and the amount of data lost is limited.
Physical unclonable function (PUF) security devices based on hardware are becoming an effective strategy to overcome the dependency of the internet cloud and software-based hacking vulnerabilities. On the other hand, existing Si-based artificial security devices have several issues, including the absence of a method for multiple key generation, complex and expensive fabrication processes, and easy prediction compared to devices retaining natural randomness. Herein, to generate unique and unpredictable multiple security keys, this paper proposes novel PUF devices consisting of a disordered random mixture of two self-assembled monolayers (SAMs) formed onto p-type Si. The proposed PUF devices exhibited multikeys at different voltage biasing, including 0 V, through the arbitrary dipole effect. As a result, multiple unpredictable hardware security keys were generated from one device using a simple solution-coating process. The PUF security device based on the mixture of materials with different dipoles developed in this study can provide valuable insights for implementing various PUF devices in the future.
Electronic counterfeiting is a longstanding problem with adverse long-term effects for many sectors, remaining on the rise. This article presents a novel low-cost technique to embed watermarking in devices with resistive-RAM (ReRAM) by manipulating its analog physical characteristics through switching (set/reset) operation to prevent counterfeiting. We develop a system-level framework to control memory cells' physical properties for imprinting irreversible watermarks into commercial ReRAMs that will be retrieved by sensing the changes in cells' physical properties. Experimental results show that our proposed ReRAM watermarking is robust against temperature variation and acceptably fast with ~0.6bit/min of imprinting and ~15.625bits/s of retrieval rates.
Nowadays, almost all software products are sold online. But there is a danger of unauthorized users using the product. For this reason, every company employs a product activation system where only authorized users that have a unique key called the product key can use the application. But attackers always find a way to get past the authorization. For example, they use a key generator that generates a random key that matches the format of the product key and can be used to activate the product. Therefore, to avoid this, we need improved product activation programs that can safeguard the product from unauthorized users. This paper proposes an improved key verification system to make sure that the product can be used on one system only. Every system has a unique MAC address, and that's what we use as the foundation for our method. The main contribution of this work is the effective use of a system's MAC address, which in turn boosts the security of the project. The necessary procedure consists of retrieving a MAC address from the user's system. Now, a serial key is derived by performing specific operations on the MAC address, which is then converted into a more straightforward, user-friendly product key while encryption and decryption take place during the transmission of keys between client and server. Looking ahead, this work can lead to better and consistent use of MAC addresses in key generation techniques, which is something that hasn't been explored enough.
Hardware security is a growing concern given the current globalized nature of the integrated circuit (IC) ecosystem. With actors spread across different entities (companies, countries, etc.), it becomes challenging to guarantee that the fabricated hardware was not copied, reverse engineered, maliciously modified, or overproduced. The untrusted foundry is often recognized as a high potential threat since it inevitably has access to the entire IC layout – therefore being capable of effortlessly reverse engineering the design and any IP that is part of it. In this paper, we explore a Split-Chip design approach as an alternative to promote trust in IC fabrication. Instead of a single chip, a trusted system is composed of one IC from a trusted facility and one IC from an untrusted foundry. A chip planning tool that considers the many challenges of a Split-Chip design is discussed. Two demonstration vehicles are taped-out in 16nm CMOS, both implementing portions of a GPS system in Split-Chip fashion.
