Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC

Filters

5
5 5 5
5
Reset filters

Settings
Now showing 1 - 5 of 5
  • Publication
    Secure Physical Enclosures from Coverswith Tamper-Resistance
    ( 2019)
    Immler, V.
    ;
    Obermaier, J.
    ;
    Ng, K.K.
    ;
    Ke, F.X.
    ;
    Lee, J.
    ;
    Lim, Y.P.
    ;
    Oh, W.K.
    ;
    Wee, K.H.
    ;
    Sigl, G.
    Ensuring physical security of multiple-chip embedded systems on a PCB is challenging, since the attacker can control the device in a hostile environment. To detect physical intruders as part of a layered approach to security, it is common to create a physical security boundary that is difficult to penetrate or remove, e.g., enclosures created from tamper-respondent envelopes or covers. Their physical integrity is usually checked by active sensing, i.e., a battery-backed circuit continuously monitors the enclosure. However, adoption is often hampered by the disadvantages of a battery and due to specialized equipment which is required to create the enclosure. In contrast, we present a batteryless tamper-resistant cover made from standard flexPCB technology, i.e., a commercially widespread, scalable, and proven technology. The cover comprises a fine mesh of electrodes and an evaluation unit underneath the cover checks their integrity by detecting short and open circuits. Additionally, it measures the capacitances between the electrodes of the mesh. Once its preliminary integrity is confirmed, a cryptographic key is derived from the capacitive measurements representing a PUF, to decrypt and authenticate sensitive data of the enclosed system. We demonstrate the feasibility of our concept, provide details on the layout, electrical properties of the cover, and explain the underlying security architecture. Practical results including statistics over a set of 115 flexPCB covers, physical attacks, and environmental testing support our design rationale. Hence, our work opens up a new direction of counteracting physical tampering without the need of batteries, while aiming at a physical security level comparable to FIPS 140-2 level 3.
  • Publication
    An embedded key management system for PUF-based security enclosures
    ( 2018)
    Obermaier, J.
    ;
    Hauschild, F.
    ;
    Hiller, M.
    ;
    Sigl, G.
    Hardware Security Modules (HSMs) are embedded systems which provide a physically secured environment for data storage and handling. The device is protected by an enclosure against adversaries. A supervisor circuit monitors the enclosure's integrity and deletes all Critical Security Parameters (CSPs), such as keys, upon a tamper event. While current solutions store CSPs in battery-backed memory, our novel batteryless solution exploits the Physical Unclonable Function (PUF) of the enclosure to derive a key encryption key (KEK). However, such a PUF-based solution requires a more complex Embedded Key Management System (EKMS) for integrity verification, PUF usage, and key management. In this paper, we address this issue by discussing an adversary model, deriving design requirements, and presenting a hardened firmware architecture for PUF-based security enclosures. We present the complementing security extensions for FreeRTOS that enhance the operating system's security. To verify the concept's feasibility, we implement the proposed system and evaluate its performance. Our results show that this security architecture for an EKMS can serve as a firmware basis for novel PUF-based HSMs.
  • Publication
    A measurement system for capacitive PUF-based security enclosures
    ( 2018)
    Obermaier, J.
    ;
    Immler, V.
    ;
    Hiller, M.
    ;
    Sigl, G.
    Battery-backed security enclosures that are permanently monitored for penetration and tampering are common solutions for providing physical integrity to multi-chip embedded systems. This paper presents a well-tailored measurement system for a batteryless PUF-based capacitive enclosure. The key is derived from the PUF and encrypts the underlying system. We present a system concept for combined enclosure integrity verification and PUF evaluation. The system performs differential capacitive measurements inside the enclosure by applying stimulus signals with a 180° phase shift that isolate the local variation in the femtofarad range. The analog circuitry and corresponding digital signal processing chain perform precise PUF digitization, using a microcontroller-based digital lock-in amplifier. The system's measurement range is approximately ±73 fF, the conversion time per PUF node is less than 0.6 ms, and the raw data shows a measurement noise of 0.3 fF. This is the base for a high-entropy key generation while enabling a short system startup time. The system is scalable to the enclosure size and has been experimentally verified to extract information from 128 PUF nodes, using a system prototype. The results show that our concept forms a cornerstone of a novel batteryless PUF-based security enclosure.
  • Publication
    Fuzzy-glitch: A practical ring oscillator based clock glitch attack
    ( 2017)
    Obermaier, J.
    ;
    Specht, R.
    ;
    Sigl, G.
    Clock glitches are useful in hardware security applications, where systems are tested for vulnerabilities emerging from fault attacks. Usually a precisely timed and controlled glitch signal is employed. However, this requires complex generators and deep knowledge about the system under attack. Therefore we present a novel approach on clock glitch fault attacks that replaces the single precise glitch by a fuzzy glitch signal. We propose a compact FPGA design for fuzzy clock glitch generation, that is based on mixing two adjustable ring oscillators of different frequencies. The combination of these oscillators creates a glitch containing random and high frequency signal components. We show on the basis of a practical implementation on a Spartan-3E, that the proposed method is able to generate the desired fuzzy clock glitch. We verified experimentally, that the fuzzy clock glitch succeeds in error injection on an STM32F030, an ARM CORTEX-M0 based microcontroller. Our results demonstrate that the fuzzy glitch is an adequate solution for fault injection.
  • Publication
    Take a moment and have some t: Hypothesis testing on raw PUF data
    ( 2017)
    Immler, V.
    ;
    Hiller, M.
    ;
    Obermaier, J.
    ;
    Sigl, G.
    Systems based on PUB derive secrets from physical variation and it is difficult to measure the security level of the obtained PUF response bits in practice. We evaluate raw NW data to assess the quality of the physical source to detect undesired imperfections in the circuit to provide feedback for the PUF designer and improve the achieved security level. Complementing previous work on correlations across a PUF structure, we apply Welch's t-test to quantify the indistinguishability between distributions of different PUF responses, i.e., the values from on-chip locations measured across multiple devices. The threshold levels of the t-test depend on the number of evaluated PUF cells and the desired confidence of the hypothesis test. These t-values are computed from the statistical moments, such as mean and variance, of the tested distributions and indicate if they were not drawn from the same source. We identify that the quantization of the raw PUF data evaluates different statistical moments. Therefore, it is important to evaluate the indistinguishability of the raw PIT data concerning the critical moment which is used by the quantizer. To demonstrate the benefits of the presented evaluation method, we apply this test to public, real-world RO PUF data. As result, the designer is given specific information to optimize later processing steps or the underlying PUF structure. Complementing tests of the NIST 800-90b test suite further substantiate the chosen approach.