Skip to main content
SpringerLink
Log in

PUF-Protected Methods to Generate Session Keys

  • Conference paper
  • First Online:
Advances in Information and Communication (FICC 2022)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 439))

Included in the following conference series:

  • 1553 Accesses

Abstract

The proposed methods protect networks of client devices connected to a server containing physical unclonable functions, by generating session keys for secure cryptographic protocols. Hostile servers without known physical unclonable functions cannot generate these session keys, thereby are not trust-worthy to the client devices. During an initial set up cycle, each client device selects a set of passwords, and picks a first set of random numbers to hash these passwords multiple times. The resulting sets of message digests are converted by the server into sets of instructions to generate some responses from the physical functions; these initial responses are stored for future reference by the server. The client device picks a second set of random numbers smaller than the first set and repeat of the same scheme; the session keys are computed from the differences between both sets of random numbers. The sever can also get access independently to the session keys by finding a group of responses from its physical function that is similar to the initial responses. The proposed pseudo-homomorphic computations never disclose to the server the set of original passwords. We are suggesting ways to optimize the levels of protections and the performance of the session key generation in terms of latencies and entropy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. National cybersecurity center of excellence: Zero Trust Architecture, NIST newsletter. https://www.nccoe.nist.gov/projects/building-blocks/zero-trust-architecture. Accessed 22 June 2021

  2. Allan, D., Haddon E.: Zero Trust networks, the concepts, the strategies, and the reality (2021). https://doi.org/10.1016/B978-0-12-821442-8.00001-X

  3. Jenzen, W.: Iterated password hash systems and methods for preserving password entropy. US patent 8,769,637 (2007)

    Google Scholar 

  4. Eldefrawy, M., Alghathbar, K., Khan, M.: One-time password authentication with infinite nested hash claims. Patent application US2013/0191899 A1

    Google Scholar 

  5. Champine, M., Kaufman, C.: Secure remote password validation. Patent 7,949,880 B2 (2010)

    Google Scholar 

  6. Kamakari, R., et al.: Relational encryption for password verification. US patent 10,129,028 (Nov 2018)

    Google Scholar 

  7. Roth, G., Rubin, G.: Distributed passcode verification system. Patent 9,967,249 (May 2018)

    Google Scholar 

  8. Cambou, B.: Password management with Addressable PUF generators. US Patent 11,010,465 (May 2021)

    Google Scholar 

  9. Cambou, B.: Password manager combining hashing functions and ternary PUFs. In: Arai, K., Bhatia, R., Kapoor, S. (eds.) Intelligent Computing: Proceedings of the 2019 Computing Conference, Volume 2, pp. 494–513. Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-030-22868-2_37

    Chapter  Google Scholar 

  10. Quigley, O., Waddle, J., Adida, B., Guise, M.: Homomorphic passcode encryption. US patent 10,719,828 (Jun 2020)

    Google Scholar 

  11. Quigley, O., Waddle, J., Adida, B., Guise, M., Boneh, D.: Splicing resistant homomorphic passcode encryption. US patent 9,646,306 (May 2017)

    Google Scholar 

  12. Assiri, F., Cambou, B.: Homomorphic Password Manager using Multi-Hash with PUFs. In: NAU D2019-045 (May 2019)

    Google Scholar 

  13. Cambou, B., Telesca, D.: Ternary computing to strengthen cybersecurity: development of ternary state based public key exchange. In: Arai, K., Kapoor, S., Bhatia, R. (eds.) Intelligent Computing: Proceedings of the 2018 Computing Conference, Volume 2, pp. 898–919. Springer International Publishing, Cham (2019). https://doi.org/10.1007/978-3-030-01177-2_67

    Chapter  Google Scholar 

  14. Maeda, S., et al.: An artificial fingerprint device (AFD): a study of identification number applications utilizing characteristics variation of polycrystalline silicon TFTs. Trans. Electron Devices 50(6), 1451–1458 (2003)

    Article  Google Scholar 

  15. Lofstrom, K., Daasch, W.R., Taylor, D.: IC identification circuits using device mismatch. In: Proceeding of ISSCC, pp. 372–373 (2000). http://kl-ic.com/isscc2K.pdf

  16. Alkabani, Y., Koushanfar, F., Kiyavash, N., Potkonjak, M.: Trusted integrated circuits: a nondestructive hidden characteristics extraction approach. In: Solanki, K., Sullivan, K., Madhow, U. (eds.) IH 2008. LNCS, vol. 5284, pp. 102–117. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88961-8_8

    Chapter  Google Scholar 

  17. Huang, J., Lach, J.: IC activation and user authentication for security-sensitive systems. In: Proceeding of IEEE International Workshop on Hardware-Oriented Security and Trust, pp. 79–83 (2008)

    Google Scholar 

  18. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceeding of Design Automation Conference, pp. 9–14 (2007)

    Google Scholar 

  19. Simpson, E., Schaumont, P.: Offline hardware/software authentication for reconfigurable platforms. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 311–323. Springer, Heidelberg (2006). https://doi.org/10.1007/11894063_25

    Chapter  Google Scholar 

  20. Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: PUFs and public key crypto for FPGA IP protection. In: Conference on Field Programmable Logic and Applications, pp. 189–195 (2007)

    Google Scholar 

  21. Kumar. S.S., Guajardo, J., Maes, R., Schrijen, G.J., Tuyls, P.: Extended abstract: the butterfly PUF protecting IP on every FPGA. In: Proceeding of IEEE International Workshop HOST, pp. 70–73 (2008). https://www.esat.kuleuven.be/cosic/publications/article-1154.pdf

  22. Alkabani, Y., Koushanfar, F., Potkonjak, M.: Remote activation of ICs for piracy prevention and digital right management. In: Proceeding of International Conference on CAD, pp. 674−677 (2007)

    Google Scholar 

  23. Guajardo, J., Kumar, S.S., Schrijen, G., Tuyls, P.: Brand and IP protection with physical unclonable functions. In: IEEE Symposium on Circuits and Systems, pp. 3186–3189 (2008)

    Google Scholar 

  24. Herder, C., Yu, M., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014). https://doi.org/10.1109/JPROC.2014.2320516

    Article  Google Scholar 

  25. Yoshimoto, Y., Katoh, Y., Ogasahara, S., Wei, Z., Kouno, K.: A ReRAM-based PU?F with bit error rate < 0.5% after 10 years at 125 °C for 40 nm embedded application. In: 2016 IEEE, Honolulu, HI, pp. 1–2 (2016). https://doi.org/10.1109/VLSIT.2016.7573433

  26. Liu, R., Wu, H., Pang, Y., Qian, H., Yu, S.: A highly reliable and tamper-resistant RRAM PUF: design and experimental validation. In: 2016 IEEE-HOST, McLean, VA, pp. 13−18 (2016).https://doi.org/10.1109/HOST.2016.7495549

  27. Delvaux, J., Verbauwhede, I.: Key-recovery attacks on various RO PUF constructions via helper data manipulation. In: Proceedings -Design, Automation and Test in Europe, DATE, pp. 1−6 (2014).https://doi.org/10.7873/DATE.2014.085

  28. Zhao, X., Zhao, Q., Liu, Y., Zhang, F.: An ultracompact switching-voltage-based fully reconfigurable RRAM PUF with low native instability. IEEE Trans. Electron Devices 67(7), 3010–3013 (2020). https://doi.org/10.1109/TED.2020.2996181

    Article  Google Scholar 

  29. Lin, B., et al.: A Novel Bi-functional Memory-PUF Module Utilizing Adjustable Switching Window of RRAM, pp. 1–4 (2020). https://doi.org/10.1109/EDTM47692.2020.9117813

  30. Yang, J., et al.: A PUF with BER < 0.35% for Secure Chip Authentication Using Write Speed Variation of RRAM, pp. 54–57 (2018). https://doi.org/10.1109/ESSDERC.2018.8486888

  31. Pang, Y., et al.: Design and optimization of strong Physical Unclonable Function (PUF) based on RRAM array. In: 2017 International Symposium on VLSI Technology, Systems and Application (VLSI-TSA), pp. 1–2 (2017). https://doi.org/10.1109/VLSI-TSA.2017.7942473

  32. Uddin, M., Majumder, M.B., Rose, G.S.: Robustness analysis of a memristive crossbar PUF against modeling attacks. IEEE Trans. Nanotechnol. 16(3), 396–405 (2017). https://doi.org/10.1109/TNANO.2017.2677882

    Article  Google Scholar 

  33. Shrivastava, A., Chen, P., Cao, Y., Yu, S., Chakrabarti, C.: Design of a reliable RRAM-based PUF for compact hardware security primitives. In: 2016 IEEE-ISCAS, Montreal, QC, pp. 2326−23292016). https://doi.org/10.1109/ISCAS.2016.7539050

  34. Pang, Y., et al.: 25.2 A reconfigurable RRAM physically unclonable function utilizing post-process randomness source with <6×10−6 native bit error rate. In: 2019 IEEE-ISSCC, San Francisco, CA, USA, pp. 402−404 (2019).https://doi.org/10.1109/ISSCC.2019.8662307

  35. Helfmeier, C., et al.: Cloning physically unclonable functions. Hardware-Oriented Security and Trust (HOST). In: 2013 IEEE International Symposium. IEEE (2013)

    Google Scholar 

  36. Microchip: Security IC Solutions for Authentication. https://www.microchip.com/en-us/products/security-ics. Accessed 30 June 2021

Download references

Acknowledgment

The authors are thanking the research team from Northern Arizona University, and from the Information Directorate of the US Air Force Research Laboratory (AFRL) Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of AFRL.

Author information

Authors and Affiliations

  1. Northern Arizona University, Flagstaff, AZ, 86011, USA

    Bertrand Cambou

  2. Air Force Research Laboratory, Rome, 13441, USA

    Donald Telesca & H. Shelton Jacinto

Authors
  1. Bertrand Cambou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Donald Telesca
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. H. Shelton Jacinto
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bertrand Cambou .

Editor information

Editors and Affiliations

  1. Saga University, Saga, Japan

    Kohei Arai

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cambou, B., Telesca, D., Jacinto, H.S. (2022). PUF-Protected Methods to Generate Session Keys. In: Arai, K. (eds) Advances in Information and Communication. FICC 2022. Lecture Notes in Networks and Systems, vol 439. Springer, Cham. https://doi.org/10.1007/978-3-030-98015-3_51

Download citation

Publish with us

Policies and ethics

Search

Navigation