Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

5
5
Reset filters

Settings
Now showing 1 - 5 of 5
  • Publication
    Secure Physical Enclosures from Coverswith Tamper-Resistance
    ( 2019)
    Immler, V.
    ;
    Obermaier, J.
    ;
    Ng, K.K.
    ;
    Ke, F.X.
    ;
    Lee, J.
    ;
    Lim, Y.P.
    ;
    Oh, W.K.
    ;
    Wee, K.H.
    ;
    Sigl, G.
    Ensuring physical security of multiple-chip embedded systems on a PCB is challenging, since the attacker can control the device in a hostile environment. To detect physical intruders as part of a layered approach to security, it is common to create a physical security boundary that is difficult to penetrate or remove, e.g., enclosures created from tamper-respondent envelopes or covers. Their physical integrity is usually checked by active sensing, i.e., a battery-backed circuit continuously monitors the enclosure. However, adoption is often hampered by the disadvantages of a battery and due to specialized equipment which is required to create the enclosure. In contrast, we present a batteryless tamper-resistant cover made from standard flexPCB technology, i.e., a commercially widespread, scalable, and proven technology. The cover comprises a fine mesh of electrodes and an evaluation unit underneath the cover checks their integrity by detecting short and open circuits. Additionally, it measures the capacitances between the electrodes of the mesh. Once its preliminary integrity is confirmed, a cryptographic key is derived from the capacitive measurements representing a PUF, to decrypt and authenticate sensitive data of the enclosed system. We demonstrate the feasibility of our concept, provide details on the layout, electrical properties of the cover, and explain the underlying security architecture. Practical results including statistics over a set of 115 flexPCB covers, physical attacks, and environmental testing support our design rationale. Hence, our work opens up a new direction of counteracting physical tampering without the need of batteries, while aiming at a physical security level comparable to FIPS 140-2 level 3.
  • Publication
    A measurement system for capacitive PUF-based security enclosures
    ( 2018)
    Obermaier, J.
    ;
    Immler, V.
    ;
    Hiller, M.
    ;
    Sigl, G.
    Battery-backed security enclosures that are permanently monitored for penetration and tampering are common solutions for providing physical integrity to multi-chip embedded systems. This paper presents a well-tailored measurement system for a batteryless PUF-based capacitive enclosure. The key is derived from the PUF and encrypts the underlying system. We present a system concept for combined enclosure integrity verification and PUF evaluation. The system performs differential capacitive measurements inside the enclosure by applying stimulus signals with a 180° phase shift that isolate the local variation in the femtofarad range. The analog circuitry and corresponding digital signal processing chain perform precise PUF digitization, using a microcontroller-based digital lock-in amplifier. The system's measurement range is approximately ±73 fF, the conversion time per PUF node is less than 0.6 ms, and the raw data shows a measurement noise of 0.3 fF. This is the base for a high-entropy key generation while enabling a short system startup time. The system is scalable to the enclosure size and has been experimentally verified to extract information from 128 PUF nodes, using a system prototype. The results show that our concept forms a cornerstone of a novel batteryless PUF-based security enclosure.
  • Publication
    Efficient security zones implementation through hierarchical group key management at NoC-based MPSoCs
    ( 2017)
    Sepulveda, J.
    ;
    Flórez, D.
    ;
    Immler, V.
    ;
    Gogniat, G.
    ;
    Sigl, G.
    Sensitive applications are split into the IP cores of the Multi-Processors System-on-Chip (MPSoCs). In order to isolate the sensitive communication among such IP cores, security zones based on conference keys agreement can be built. However, the flexibility and dynamic nature of MPSoCs force reshaping the security zones at runtime. It is still a challenge to achieve efficient computation and distribution of new conference keys in MPSoC environments. In order to solve this problem, in this work we propose the combination of two techniques: i) high performance NoC, able to efficiently communicate data and control packets in the system; and ii) hierarchical group-key management for efficient security zone modification. We implement three hierarchical protocols and we show that by decentralizing the security management of the rekeying process and using a two-level NoC, it is possible to achieve an improvement of the performance compared to the previous flat approaches.
  • Publication
    Take a moment and have some t: Hypothesis testing on raw PUF data
    ( 2017)
    Immler, V.
    ;
    Hiller, M.
    ;
    Obermaier, J.
    ;
    Sigl, G.
    Systems based on PUB derive secrets from physical variation and it is difficult to measure the security level of the obtained PUF response bits in practice. We evaluate raw NW data to assess the quality of the physical source to detect undesired imperfections in the circuit to provide feedback for the PUF designer and improve the achieved security level. Complementing previous work on correlations across a PUF structure, we apply Welch's t-test to quantify the indistinguishability between distributions of different PUF responses, i.e., the values from on-chip locations measured across multiple devices. The threshold levels of the t-test depend on the number of evaluated PUF cells and the desired confidence of the hypothesis test. These t-values are computed from the statistical moments, such as mean and variance, of the tested distributions and indicate if they were not drawn from the same source. We identify that the quantization of the raw PUF data evaluates different statistical moments. Therefore, it is important to evaluate the indistinguishability of the raw PIT data concerning the critical moment which is used by the quantizer. To demonstrate the benefits of the presented evaluation method, we apply this test to public, real-world RO PUF data. As result, the designer is given specific information to optimize later processing steps or the underlying PUF structure. Complementing tests of the NIST 800-90b test suite further substantiate the chosen approach.
  • Publication
    Hierarchical group-key management for NoC-based MPSoCs protection
    ( 2016)
    Sepulveda, J.
    ;
    Flórez, D.
    ;
    Immler, V.
    ;
    Gogniat, G.
    ;
    Sigl, G.
    Group keys can be used in order to communicate secretly sensitive data among IP cores. However, the flexibility and dynamic nature of MPSoCs force reshaping the security zones at runtime. Members of a zone must be able to efficiently compute the new group key while former members must be prevented for data disclosure. Efficiently creating security zones for achieving sensitive traffic isolation in MPSoC environments is a challenging problem. In this work we present the implementation of hierarchical group-key management for NoC-based systems in order to efficiently perform the rekeying process. We implement three hierarchical protocols and we show that by decentralizing the security management of the rekeying process, it is possible to achieve an improvement of the performance when compared to the previous flat approaches.