Abstract
This paper accounts for some scientific aspects related to the international standardization process about physically unclonable functions (PUFs), through the drafting of ISO/IEC 20897 project. The primary motivation for this standard project is to structure and expand the market of PUFs, as solutions for non-tamperable electronic chips identifiers.
While drafting the documents and discussing with international experts, the topic of PUF also gained much maturity. This article accounts how scientific structuration of the PUF as a field of embedded systems security has been emerging as a byproduct. First, the standardization has allowed to merge two redundant security requirements (namely diffuseness and unpredictability) into one (namely randomness), which in addition better suits all kinds of PUFs. As another contribution, the standardization process made it possible to match unambiguous and consistent tests with the security requirements. Furthermore, the process revealed that tests can be seen as estimators from their theoretic expressions, the so-called stochastic models.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
Sensitive security parameters (SSPs) consist either in critical security parameters (CSPs) or public security parameters (PSPs). CSPs shall be kept secret. Examples are nonces, long-term and ephemeral keys. PSPs are public, but shall not be chosen. Examples are initialization vectors.
- 2.
To be accurate, there is thus \(2^0=1\) input, which is consequently constant.
- 3.
Notice that steadiness is a word reserved for stability of a given PUF response corresponding to a fixed challenge. The synonymous terms reliability, reproducibility and stability are not preferred. In particular, “reliability” is discarded as it would make some confusion regarding the metric related to the yield in the CMOS manufacturing processes.
References
Halak, B.: Physically Unclonable Functions—From Basic Design Principles to Advanced Hardware Security Applications. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76804-5
Böhm, C., Hofer, M.: Physical Unclonable Functions in Theory and Practice. Springer, New York (2012). https://doi.org/10.1007/978-1-4614-5040-5
Cai, Y., Ghose, S., Luo, Y., Mai, K., Mutlu, O., Haratsch, E.F.: Vulnerabilities in MLC NAND flash memory programming: experimental analysis, exploits, and mitigation techniques. In: 2017 IEEE International Symposium on High Performance Computer Architecture, HPCA 2017, Austin, TX, USA, 4–8 February 2017, pp. 49–60. IEEE Computer Society (2017)
Cherif, Z., Danger, J.-L., Guilley, S., Bossuet, L.: An easy-to-design PUF based on a single oscillator: the loop PUF. In: DSD,Çeşme, Izmir, Turkey, 5–8 September 2012 (2012). (Online PDF)
Altera Corporation: White paper: FPGA architecture, July 2006. ver. 1.0. https://www.altera.com/content/dam/altera-www/global/en_US/pdfs/literature/wp/wp-01003.pdf. Accessed 19 Apr 2018
Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, 18–22 November 2002, pp. 148–160. ACM (2002)
Guilley, S., El Housni, Y.: Random numbers generation: tests and attacks. In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2018, Amsterdam, Netherlands, 13 September 2018. IEEE Computer Society (2018)
Güneysu, T.: Using data contention in dual-ported memories for security applications. Signal Process. Syst. 67(1), 15–29 (2012)
Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)
ISO/IEC JTC 1/SC27/WG2. ISO/IEC 18031:2011 - Information technology - Security techniques - Random bit generation
ISO/IEC JTC 1/SC27/WG3. ISO/IEC DIS 20543 - Information technology - Security techniques - Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408
ISO/IEC NP 20897. Information technology - Security techniques - Security requirements, test and evaluation methods for physically unclonable functions for generating nonstored security parameters. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=69403
Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29656-7. ISBN 978-3-642-29655-0
Killmann, W., Schindler, W.: A proposal for: functionality classes for random number generators, September 2011. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf?__blob=publicationFile
Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, 14–18 June 2014, pp. 361–372. IEEE Computer Society (2014)
Marsaglia, G.: The Marsaglia random number CDROM including the diehard battery of tests of randomness. Web site at the Department of Statistics, Florida State University, Tallahassee, FL, USA (1995)
Mutlu, O.: The RowHammer problem and other issues we may face as memory becomes denser. In: Atienza, D., Di Natale, G. (eds.) Design, Automation and Test in Europe Conference and Exhibition, DATE 2017, Lausanne, Switzerland, 27–31 March 2017, pp. 1116–1121. IEEE (2017)
NIST. Recommendation for the entropy sources used for random bit generation (2012). http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90b.pdf
Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002). https://doi.org/10.1126/science.1074376
Pappu, R.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology, March 2001
Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 237–249. ACM (2010)
Rukhin, A., et al.: A statistical test suite for the validation of random number generators and pseudo random number generators for cryptographic applications, April 2010. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-22r1a.pdf
Schaub, A., Danger, J.-L., Guilley, S., Rioul, O.: An improved analysis of reliability and entropy for delay PUFs. In: Novotný, M., Konofaos, N., Skavhaug, A. (eds.) 21st Euromicro Conference on Digital System Design, DSD 2018, Prague, Czech Republic, 29–31 August 2018, pp. 553–560. IEEE Computer Society (2018)
Schaub, A., Rioul, O., Boutros, J.J., Danger, J.-L., Guilley, S.: Challenge codes for physically unclonable functions with Gaussian delays: a maximum entropy problem. In: Latin American Week on Coding and Information, UNICAMP - Campinas, Brazil, 22–27 July 2018 (2018). LAWCI
NIST FIPS (Federal Information Processing Standards). Security Requirements for Cryptographic Modules publication 140-2, 25 May 2001. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
Su, Y., Holleman, J., Otis, B.P.: A digital 1.6 pJ/bit chip identification circuit using process variations. IEEE J. Solid-State Circuits 43(1), 69–77 (2008)
Suzuki, D., Shimizu, K.: The glitch PUF: a new delay-PUF architecture exploiting glitch shapes. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 366–382. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15031-9_25
Tuyls, P., Škoric, B., Kevenaar, T.: Security with Noisy Data: On Private Biometrics, Secure Key Storage and Anti-Counterfeiting, 1st edn. Springer, New York (2007). https://doi.org/10.1007/978-1-84628-984-2. ISBN 978-1-84628-983-5
Wu, M.-Y., et al.: A PUF scheme using competing oxide rupture with bit error rate approaching zero. In: 2018 IEEE International Solid-State Circuits Conference, ISSCC 2018, San Francisco, CA, USA, 11–15 February 2018, pp. 130–132. IEEE (2018)
Acknowledgments
This work was partly supported by both Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2016-0-00399, Study on secure key hiding technology for IoT devices [KeyHAS Project]) and the project commissioned by the Japanese New Energy and Industrial Technology Development Organization (NEDO).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Bruneau, N. et al. (2019). Development of the Unified Security Requirements of PUFs During the Standardization Process. In: Lanet, JL., Toma, C. (eds) Innovative Security Solutions for Information Technology and Communications. SECITC 2018. Lecture Notes in Computer Science(), vol 11359. Springer, Cham. https://doi.org/10.1007/978-3-030-12942-2_24
Download citation
DOI: https://doi.org/10.1007/978-3-030-12942-2_24
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12941-5
Online ISBN: 978-3-030-12942-2
eBook Packages: Computer ScienceComputer Science (R0)