Development of the Unified Security Requirements of PUFs During the Standardization Process
This paper accounts for some scientific aspects related to the international standardization process about physically unclonable functions (PUFs), through the drafting of ISO/IEC 20897 project. The primary motivation for this standard project is to structure and expand the market of PUFs, as solutions for non-tamperable electronic chips identifiers.
While drafting the documents and discussing with international experts, the topic of PUF also gained much maturity. This article accounts how scientific structuration of the PUF as a field of embedded systems security has been emerging as a byproduct. First, the standardization has allowed to merge two redundant security requirements (namely diffuseness and unpredictability) into one (namely randomness), which in addition better suits all kinds of PUFs. As another contribution, the standardization process made it possible to match unambiguous and consistent tests with the security requirements. Furthermore, the process revealed that tests can be seen as estimators from their theoretic expressions, the so-called stochastic models.
This work was partly supported by both Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2016-0-00399, Study on secure key hiding technology for IoT devices [KeyHAS Project]) and the project commissioned by the Japanese New Energy and Industrial Technology Development Organization (NEDO).
- 3.Cai, Y., Ghose, S., Luo, Y., Mai, K., Mutlu, O., Haratsch, E.F.: Vulnerabilities in MLC NAND flash memory programming: experimental analysis, exploits, and mitigation techniques. In: 2017 IEEE International Symposium on High Performance Computer Architecture, HPCA 2017, Austin, TX, USA, 4–8 February 2017, pp. 49–60. IEEE Computer Society (2017)Google Scholar
- 4.Cherif, Z., Danger, J.-L., Guilley, S., Bossuet, L.: An easy-to-design PUF based on a single oscillator: the loop PUF. In: DSD,Çeşme, Izmir, Turkey, 5–8 September 2012 (2012). (Online PDF)
- 5.Altera Corporation: White paper: FPGA architecture, July 2006. ver. 1.0. https://www.altera.com/content/dam/altera-www/global/en_US/pdfs/literature/wp/wp-01003.pdf. Accessed 19 Apr 2018
- 6.Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, 18–22 November 2002, pp. 148–160. ACM (2002)Google Scholar
- 7.Guilley, S., El Housni, Y.: Random numbers generation: tests and attacks. In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2018, Amsterdam, Netherlands, 13 September 2018. IEEE Computer Society (2018)Google Scholar
- 10.ISO/IEC JTC 1/SC27/WG2. ISO/IEC 18031:2011 - Information technology - Security techniques - Random bit generationGoogle Scholar
- 11.ISO/IEC JTC 1/SC27/WG3. ISO/IEC DIS 20543 - Information technology - Security techniques - Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408Google Scholar
- 12.ISO/IEC NP 20897. Information technology - Security techniques - Security requirements, test and evaluation methods for physically unclonable functions for generating nonstored security parameters. http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=69403
- 14.Killmann, W., Schindler, W.: A proposal for: functionality classes for random number generators, September 2011. https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Zertifizierung/Interpretationen/AIS_31_Functionality_classes_for_random_number_generators_e.pdf?__blob=publicationFile
- 15.Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, 14–18 June 2014, pp. 361–372. IEEE Computer Society (2014)Google Scholar
- 16.Marsaglia, G.: The Marsaglia random number CDROM including the diehard battery of tests of randomness. Web site at the Department of Statistics, Florida State University, Tallahassee, FL, USA (1995)Google Scholar
- 17.Mutlu, O.: The RowHammer problem and other issues we may face as memory becomes denser. In: Atienza, D., Di Natale, G. (eds.) Design, Automation and Test in Europe Conference and Exhibition, DATE 2017, Lausanne, Switzerland, 27–31 March 2017, pp. 1116–1121. IEEE (2017)Google Scholar
- 18.NIST. Recommendation for the entropy sources used for random bit generation (2012). http://csrc.nist.gov/publications/drafts/800-90/draft-sp800-90b.pdf
- 20.Pappu, R.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology, March 2001Google Scholar
- 21.Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 237–249. ACM (2010)Google Scholar
- 22.Rukhin, A., et al.: A statistical test suite for the validation of random number generators and pseudo random number generators for cryptographic applications, April 2010. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-22r1a.pdf
- 23.Schaub, A., Danger, J.-L., Guilley, S., Rioul, O.: An improved analysis of reliability and entropy for delay PUFs. In: Novotný, M., Konofaos, N., Skavhaug, A. (eds.) 21st Euromicro Conference on Digital System Design, DSD 2018, Prague, Czech Republic, 29–31 August 2018, pp. 553–560. IEEE Computer Society (2018)Google Scholar
- 24.Schaub, A., Rioul, O., Boutros, J.J., Danger, J.-L., Guilley, S.: Challenge codes for physically unclonable functions with Gaussian delays: a maximum entropy problem. In: Latin American Week on Coding and Information, UNICAMP - Campinas, Brazil, 22–27 July 2018 (2018). LAWCI
- 25.NIST FIPS (Federal Information Processing Standards). Security Requirements for Cryptographic Modules publication 140-2, 25 May 2001. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
- 29.Wu, M.-Y., et al.: A PUF scheme using competing oxide rupture with bit error rate approaching zero. In: 2018 IEEE International Solid-State Circuits Conference, ISSCC 2018, San Francisco, CA, USA, 11–15 February 2018, pp. 130–132. IEEE (2018)Google Scholar