Your SlideShare is downloading. ×
FERNS   Fingerprint Extraction and Random Numbers from SRAM Dan Holcomb Wayne Burleson Kevin Fu
Motivation <ul><li>RFID circuits give rise to a need for low cost ID and RNG </li></ul><ul><ul><li>Many circuits have iden...
Overview <ul><li>Background </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><li>Related Work </li></ul></ul><ul><ul><ul>...
RFID Applications <ul><li>Passively powered integrated circuits </li></ul><ul><ul><li>LF (125 – 148.5 kHz) </li></ul></ul>...
RFID Circuits <ul><li>Older technologies (0.25 μm/0.18μm) </li></ul><ul><li>Low power (1-10 μW) </li></ul><ul><ul><li>Pote...
Approaches to Identification <ul><li>Non-volatile storage </li></ul><ul><ul><li>EEPROM, flash, fuse, EB programming </li><...
Approaches to Random Number Generation <ul><li>Pseudo RNG (deterministic) </li></ul><ul><li>True RNG </li></ul><ul><ul><li...
Relation between ID and TRNG <ul><li>Noise can act like threshold variation </li></ul><ul><ul><li>All fingerprint ID circu...
Overview <ul><li>Background </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><li>Related Work </li></ul></ul><ul><ul><ul>...
Fingerprint Extraction and Random Numbers from SRAM (FERNS) <ul><li>Initial SRAM state is a physical fingerprint </li></ul...
Principles of Operation <ul><li>The Initialization of SRAM chip ID cell  </li></ul><ul><ul><li>Stable state determined by ...
ID Platform 1: 5120 Virtual Tags <ul><li>64 bit blocks of memory  </li></ul><ul><ul><li>Located across 8 instances of a 51...
ID Platform 2: Ultra-Low-Power Microcontrollers <ul><li>Wirelessly-Powered Platform  for Sensing and Computation*  [Smith0...
Fingerprint Identification <ul><li>Latent print  is a single print </li></ul><ul><ul><li>Influenced by noise </li></ul></u...
SRAM Chip ID - successful <ul><li>Hamming Distance matching </li></ul>WISP DE2
Comparing FERNS to other Chip ID <ul><li>vs.Su et al. </li></ul><ul><li>Low quality ID - but more cost efficient </li></ul...
Generating True Randomness <ul><li>Randomness comes from SRAM cells with well matched variation </li></ul><ul><ul><li>Only...
Comparing FERNS to TRNG of Tokunaga et al. <ul><li>Comparable area </li></ul><ul><li>FERNS on WISP is estimated lower powe...
Other TRNG approaches? Security Seminar Sept. 30 2008 -XKCD
Overview <ul><li>Background </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><li>Related Work </li></ul></ul><ul><ul><ul>...
Lower temperature to break TRNG? <ul><li>Attacker could cool a chip to decrease randomness </li></ul><ul><li>How to deal w...
Change temperature to break ID? <ul><li>Chips are characterized at 293K (room temp) </li></ul><ul><ul><li>ID samples taken...
Attack by controlling supply? <ul><li>When supply voltage is low, a cell may have only one stable state. Once the supply i...
Attack by NBTI <ul><li>(Most bits normally power-up to “1” (AB = 10) in DE2) </li></ul><ul><li>Experiment: </li></ul><ul><...
Future Work <ul><li>More data - need automated test apparatus </li></ul><ul><ul><li>How does aging impact FERNS </li></ul>...
Conclusions <ul><li>SRAM power-up generates usable fingerprints </li></ul><ul><ul><li>Memory chips and microcontroller mem...
Upcoming SlideShare
Loading in...5
×

Ferns Presentation

500

Published on

Published in: Education, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
500
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Transcript of "Ferns Presentation"

    1. 1. FERNS Fingerprint Extraction and Random Numbers from SRAM Dan Holcomb Wayne Burleson Kevin Fu
    2. 2. Motivation <ul><li>RFID circuits give rise to a need for low cost ID and RNG </li></ul><ul><ul><li>Many circuits have identifying characteristics </li></ul></ul><ul><ul><li>Many circuits have randomness </li></ul></ul><ul><li>Can ID and RNG be accomplished without dedicated circuitry? </li></ul>
    3. 3. Overview <ul><li>Background </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><li>Related Work </li></ul></ul><ul><ul><ul><li>Identification </li></ul></ul></ul><ul><ul><ul><li>Random Number Generation </li></ul></ul></ul><ul><li>FERNS </li></ul><ul><ul><li>Principles of Operation </li></ul></ul><ul><ul><li>Identification Platforms / Results </li></ul></ul><ul><ul><li>Random Number Generation </li></ul></ul><ul><li>Possible Attacks </li></ul><ul><ul><li>Temperature </li></ul></ul><ul><ul><li>Supply </li></ul></ul><ul><ul><li>NBTI </li></ul></ul><ul><li>Conclusion </li></ul>
    4. 4. RFID Applications <ul><li>Passively powered integrated circuits </li></ul><ul><ul><li>LF (125 – 148.5 kHz) </li></ul></ul><ul><ul><ul><li>Automobile immobilizers, Exxon Mobile SpeedPass TM </li></ul></ul></ul><ul><ul><li>HF (13.56 MHz) </li></ul></ul><ul><ul><ul><li>Credit Cards, MIFARE, E-Passports </li></ul></ul></ul><ul><ul><li>UHF (902-928 MHz) </li></ul></ul><ul><ul><ul><li>Inventory tracking </li></ul></ul></ul><ul><li>Cheap </li></ul><ul><li>Abundant </li></ul>
    5. 5. RFID Circuits <ul><li>Older technologies (0.25 μm/0.18μm) </li></ul><ul><li>Low power (1-10 μW) </li></ul><ul><ul><li>Potential subthreshold logic </li></ul></ul><ul><ul><li>Energy efficiency over performance </li></ul></ul><ul><li>Low area (0.5mm 2 ) </li></ul><ul><ul><li>Digital logic </li></ul></ul><ul><ul><ul><li>4,000 – 8,000 gates in EPC tags </li></ul></ul></ul><ul><ul><ul><li>200 – 2,000 gates for security </li></ul></ul></ul><ul><ul><li>Other </li></ul></ul><ul><ul><ul><li>Power rectification </li></ul></ul></ul><ul><ul><ul><li>Storage capacitors </li></ul></ul></ul><ul><ul><ul><li>Signal modulation </li></ul></ul></ul><ul><ul><ul><li>ID </li></ul></ul></ul>
    6. 6. Approaches to Identification <ul><li>Non-volatile storage </li></ul><ul><ul><li>EEPROM, flash, fuse, EB programming </li></ul></ul><ul><ul><li>30 additional process steps / supporting circuitry </li></ul></ul><ul><ul><li>Fully reliable </li></ul></ul><ul><li>Fingerprint approach </li></ul><ul><ul><li>Use process variation to differentiate chips </li></ul></ul><ul><ul><ul><li>CMOS process </li></ul></ul></ul><ul><ul><li>Circuits with output dependent on PV </li></ul></ul><ul><ul><ul><li>Primarily V th due to random dopant concentrations </li></ul></ul></ul><ul><ul><ul><li>Drain currents [Lofstrom00] </li></ul></ul></ul><ul><ul><ul><li>Path delays [PUFs] </li></ul></ul></ul><ul><ul><li>Not fully reliable </li></ul></ul><ul><ul><li>(1) Reset is high </li></ul></ul><ul><ul><ul><ul><li>-State nodes tied low </li></ul></ul></ul></ul><ul><ul><ul><li>-Supply turned off </li></ul></ul></ul><ul><ul><ul><li>(like unpowered SRAM cell) </li></ul></ul></ul><ul><ul><li>(2) Reset set low </li></ul></ul><ul><ul><ul><ul><li>-Supply turned on </li></ul></ul></ul></ul><ul><ul><ul><ul><li>-State nodes float </li></ul></ul></ul></ul><ul><ul><ul><li>(like SRAM initialization) </li></ul></ul></ul><ul><ul><li>(3) ID bit is generated </li></ul></ul><ul><ul><li>according to which state </li></ul></ul><ul><ul><li>node charges faster </li></ul></ul>Su et al. – UWash ISSCC07
    7. 7. Approaches to Random Number Generation <ul><li>Pseudo RNG (deterministic) </li></ul><ul><li>True RNG </li></ul><ul><ul><li>Depends on a physically random process </li></ul></ul><ul><ul><ul><li>Thermal and shot noise </li></ul></ul></ul><ul><ul><li>Requires harvesting mechanism </li></ul></ul><ul><ul><ul><li>Jitter in free-running oscillators </li></ul></ul></ul><ul><ul><ul><li>Direct or chaotic amplification </li></ul></ul></ul><ul><ul><ul><li>Metastability [Kinnimet02] </li></ul></ul></ul><ul><li>TRNG of Tokunaga et al. [UMich-ISSCC07] </li></ul><ul><li>Based on metastability of cross-coupled devices (like SRAM cell) </li></ul><ul><li>To generate random bit: </li></ul><ul><ul><li>(1) Drive cell to metastability </li></ul></ul><ul><ul><li>(2) Release control </li></ul></ul><ul><ul><ul><li>Final state determined by noise </li></ul></ul></ul>
    8. 8. Relation between ID and TRNG <ul><li>Noise can act like threshold variation </li></ul><ul><ul><li>All fingerprint ID circuits show some noise impacts </li></ul></ul><ul><ul><li>PUFs use this constructively for TRNG [Suh05] </li></ul></ul><ul><ul><ul><li>Apply challenges that create race of paths of equal delay </li></ul></ul></ul><ul><li>Cannot optimize a design for both ID and TRNG </li></ul><ul><li>Does it makes sense to design a circuit that is suboptimal ID and suboptimal TRNG? NO </li></ul><ul><li>… but what if the circuit was not “designed” at all… </li></ul>
    9. 9. Overview <ul><li>Background </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><li>Related Work </li></ul></ul><ul><ul><ul><li>Identification </li></ul></ul></ul><ul><ul><ul><li>Random Number Generation </li></ul></ul></ul><ul><li>FERNS </li></ul><ul><ul><li>Principles of Operation </li></ul></ul><ul><ul><li>Identification Platforms / Results </li></ul></ul><ul><ul><li>Random Number Generation </li></ul></ul><ul><li>Possible Attacks </li></ul><ul><ul><li>Temperature </li></ul></ul><ul><ul><li>Supply </li></ul></ul><ul><ul><li>NBTI </li></ul></ul><ul><li>Conclusion </li></ul>
    10. 10. Fingerprint Extraction and Random Numbers from SRAM (FERNS) <ul><li>Initial SRAM state is a physical fingerprint </li></ul><ul><ul><li>A function of process variation and noise </li></ul></ul><ul><li>Fingerprint provides identification </li></ul><ul><ul><li>Process variation is time invariant </li></ul></ul><ul><li>Fingerprint provides randomness </li></ul><ul><ul><li>Noise is time variant </li></ul></ul>
    11. 11. Principles of Operation <ul><li>The Initialization of SRAM chip ID cell </li></ul><ul><ul><li>Stable state determined by variation </li></ul></ul><ul><ul><li>which node charges faster </li></ul></ul><ul><li>If devices well matched, may reach metastability </li></ul><ul><ul><li>Outcome is then random </li></ul></ul><ul><li>Common mode noise likely rejected (ie supply) </li></ul><ul><ul><ul><li>Random noise not </li></ul></ul></ul>
    12. 12. ID Platform 1: 5120 Virtual Tags <ul><li>64 bit blocks of memory </li></ul><ul><ul><li>Located across 8 instances of a 512K SRAM </li></ul></ul><ul><ul><li>640 virtual tags on each </li></ul></ul><ul><ul><ul><li>Same addresses on each chip </li></ul></ul></ul><ul><ul><li>Comparison of potentially correlated cases </li></ul></ul>
    13. 13. ID Platform 2: Ultra-Low-Power Microcontrollers <ul><li>Wirelessly-Powered Platform for Sensing and Computation* [Smith06] </li></ul><ul><ul><li>Passive UHF device using TI MSP430 </li></ul></ul><ul><ul><li>EPC gen 1 - 64 bit packets </li></ul></ul><ul><li>15 qty of 64 bit IDs </li></ul><ul><ul><li>5 per chip x 3 chips </li></ul></ul><ul><li>16 samples of each ID (collection was manual/tedious) </li></ul>*Intel Research Seattle
    14. 14. Fingerprint Identification <ul><li>Latent print is a single print </li></ul><ul><ul><li>Influenced by noise </li></ul></ul><ul><li>Known print is bitwise mean of latent prints </li></ul><ul><ul><li>Removes noise to find the real (0/1) tendency of each bit </li></ul></ul><ul><li>Match by comparing a latent print against all known prints </li></ul><ul><li>Identification requires latent prints be similar to known print of same circuit, but different from other circuits </li></ul>
    15. 15. SRAM Chip ID - successful <ul><li>Hamming Distance matching </li></ul>WISP DE2
    16. 16. Comparing FERNS to other Chip ID <ul><li>vs.Su et al. </li></ul><ul><li>Low quality ID - but more cost efficient </li></ul><ul><li>vs. FPGA Intrinsic PUFS [Guajardo – CHES07] </li></ul><ul><li>FPGA memory block </li></ul><ul><ul><li>Use BCH ECC to extract error free bits </li></ul></ul><ul><ul><ul><li>“ helper data” transforms SRAM state into a redundant code </li></ul></ul></ul><ul><ul><li>Use privacy amplification to create a PUF from relatively few physical bits </li></ul></ul><ul><ul><ul><li>“ helper data” chooses hash function from family </li></ul></ul></ul><ul><li>Not suitable for RFID </li></ul><ul><ul><li>512 kbits of memory for 110 CRPs </li></ul></ul>
    17. 17. Generating True Randomness <ul><li>Randomness comes from SRAM cells with well matched variation </li></ul><ul><ul><li>Only tested on DE2 SRAM (need many samples!) </li></ul></ul><ul><li>Extraction using PH universal hash function [Yüksel04] </li></ul><ul><ul><li>Hashing is XORs and shifts </li></ul></ul><ul><ul><li>Key and Message are SRAM power-up state </li></ul></ul><ul><ul><li>4,096 power-up bits to create 128 random bits </li></ul></ul><ul><li>Low power hardware implementation </li></ul><ul><ul><li>Low gate count and low power </li></ul></ul><ul><li>Easily implementable in software </li></ul>a single 128 bit random number These numbers indicate passing basic NIST tests
    18. 18. Comparing FERNS to TRNG of Tokunaga et al. <ul><li>Comparable area </li></ul><ul><li>FERNS on WISP is estimated lower power </li></ul><ul><ul><li>0.072μW vs. 0.64μW </li></ul></ul><ul><ul><li>Extraction can be run at energy optimal point </li></ul></ul><ul><li>Disadvantages </li></ul><ul><ul><li>Can generate limited entropy </li></ul></ul><ul><ul><li>Only at initialization </li></ul></ul><ul><ul><ul><li>Suits fixed computation model of RFID </li></ul></ul></ul>
    19. 19. Other TRNG approaches? Security Seminar Sept. 30 2008 -XKCD
    20. 20. Overview <ul><li>Background </li></ul><ul><ul><li>RFID </li></ul></ul><ul><ul><li>Related Work </li></ul></ul><ul><ul><ul><li>Identification </li></ul></ul></ul><ul><ul><ul><li>Random Number Generation </li></ul></ul></ul><ul><li>FERNS </li></ul><ul><ul><li>Principles of Operation </li></ul></ul><ul><ul><li>Identification Platforms / Results </li></ul></ul><ul><ul><li>Random Number Generation </li></ul></ul><ul><li>Possible Attacks </li></ul><ul><ul><li>Temperature </li></ul></ul><ul><ul><li>Supply </li></ul></ul><ul><ul><li>NBTI </li></ul></ul><ul><li>Conclusion </li></ul>
    21. 21. Lower temperature to break TRNG? <ul><li>Attacker could cool a chip to decrease randomness </li></ul><ul><li>How to deal with this? </li></ul><ul><ul><li>Design conservatively: 189.2 bits of </li></ul></ul><ul><ul><li>min-entropy (in worst case) are </li></ul></ul><ul><ul><li>used to create 128 random bits </li></ul></ul>
    22. 22. Change temperature to break ID? <ul><li>Chips are characterized at 293K (room temp) </li></ul><ul><ul><li>ID samples taken at 273K (refrigerator) </li></ul></ul><ul><ul><li>ID samples taken at 323K (stove) </li></ul></ul><ul><li>ID matching gets worse </li></ul><ul><li>but not by much </li></ul>
    23. 23. Attack by controlling supply? <ul><li>When supply voltage is low, a cell may have only one stable state. Once the supply is above ~200mV, the cell is stable and supply fluctuations don’t matter. </li></ul><ul><li>Maximum randomness should occur if quickly ramping up supply </li></ul><ul><ul><li>get to a high enough voltage that cell can be stable in either state </li></ul></ul><ul><li>Best ID should occur if ramping up supply very slowly </li></ul><ul><ul><li>spend significant time at a voltage where only one state of each cell is stable </li></ul></ul><ul><ul><li>(*different voltage for each cell- but ramping slowly will hit this point for each cell) </li></ul></ul><ul><ul><li>Cell will always transition to that state </li></ul></ul><ul><li>This attack might work </li></ul>Size of box represents noise margin of each state Superimposed VTC of the two cross coupled inverters (at 2 different supplies) Only “0” state is stable at Vdd = 100mV
    24. 24. Attack by NBTI <ul><li>(Most bits normally power-up to “1” (AB = 10) in DE2) </li></ul><ul><li>Experiment: </li></ul><ul><li>Burn-in* a 0 (AB=01) into every cell </li></ul><ul><ul><li>This causes M3 to be stressed (threshold raised) </li></ul></ul><ul><li>Power-down and power-up again: </li></ul><ul><ul><li>M3 is now slower to pull-up node B </li></ul></ul><ul><ul><li>M1 now more likely to turn on first, causing a to go high </li></ul></ul><ul><ul><li>Cells are thus skewed towards the 1 state – Hamming weight increases. </li></ul></ul><ul><ul><ul><li>(cells that were initial skewed strongly toward 0 it wont matter – </li></ul></ul></ul><ul><ul><ul><li>if they were close to neutral, then it will matter) </li></ul></ul></ul><ul><li>NBTI Effect is temporary, cell will (mostly) return to its normal skew. </li></ul><ul><li>This has potential as an attack </li></ul><ul><li>(to both TRNG and ID) </li></ul>*Burn-in: “turn on chip, write in 0, bury DE2 in laundry so that it gets hot, and then go party for 1.7E5 seconds”
    25. 25. Future Work <ul><li>More data - need automated test apparatus </li></ul><ul><ul><li>How does aging impact FERNS </li></ul></ul><ul><ul><li>Collect many more bits to test TRNG </li></ul></ul><ul><ul><li>Implement the attack by controlling supply voltage </li></ul></ul><ul><ul><ul><li>So far only theoretical </li></ul></ul></ul><ul><ul><li>Determine how quickly power can be cycled - need test apparatus </li></ul></ul><ul><ul><li>(SRAM can have data remanence) </li></ul></ul><ul><ul><li>This would allow TRNG to be quantified in terms of bits/s </li></ul></ul><ul><ul><li>Also could allow ID to be used more flexibly – power cycling of blocks instead of just generating ID at chip power-up </li></ul></ul><ul><li>Other applications </li></ul><ul><ul><li>Does SRAM ID apply to chips that do not intentionally use the FERNS system? </li></ul></ul><ul><ul><li>Is it ever a problem for a chip to leak ID to its to software? </li></ul></ul><ul><li>More efficient fingerprint matching scheme for large populations </li></ul><ul><li>How can SRAM be modified to better apply FERNS </li></ul><ul><ul><li>… While preserving the functionality and layout density of normal SRAM </li></ul></ul>
    26. 26. Conclusions <ul><li>SRAM power-up generates usable fingerprints </li></ul><ul><ul><li>Memory chips and microcontroller memory / passive and active power </li></ul></ul><ul><li>Difference across chips is ID/ Difference across trials is RNG </li></ul><ul><li>Well suited to RFID </li></ul><ul><ul><li>Need only small amount of randomness </li></ul></ul><ul><ul><li>SRAM begins idle </li></ul></ul><ul><ul><li>Low cost via reuse of hardware </li></ul></ul><ul><li>Press coverage: </li></ul><ul><li>Slashdot (none of Dan’s explanations got modded up!) </li></ul><ul><li>“ Government Computer News” (?) </li></ul><ul><li>RFID Journal: </li></ul><ul><li>Strombergson.com: </li></ul>? ?

    ×