Design, implementation and analysis of efficient hardware-based security primitives

Abstract

Internet of Things (IoT) is a vast and rapidly growing technology right now in the world of innovation. Billions of new electronic devices are going to be connected to the internet in wide-ranging applications. With this massive increase in adoption and utilization of new technology, security vulnerabilities are growing exponentially as well. Traditionally, conventional cryptographic primitives are used in order to provide security of these devices. The security of the cryptographic protection relies on the secrecy of the key. Typically, secret keys, which are used as device identification (IDs), are stored in non-volatile memories (NVMs), and combine cryptographic primitives to implement information encryption and authentication. However, through such traditional technique, secret keys are vulnerable to various kinds of attacks and can be easily obtained or cloned. Further, maintaining such secrets in NVMs is difficult and expensive. In addition, random key generation and key exchange are also very challenging in secure IoT applications.

Physically Unclonable Function (PUF) promises to be a critical hardware security primitive to provide an alternative method to create unique signatures (IDs) from complex physical characteristics of ICs rather than storing the IDs in non-volatile memories. Eventually these IDs can be used to authenticate devices and also to generate secret keys for cryptographic functions. A True Random Number generator (TRNG) is another important hardware security primitive that generates high entropy random numbers (keys) from a physical process for use in key exchange/agreement, encryption, and digital signature, etc. The IoT infrastructure adopts a large number of these hardware-based security primitives in order to securely exchange data in an effective and resource efficient manner. Furthermore, one of the major requirements of PUF and TRNG intended for IoT applications is that the device area must be efficiently utilized. Unfortunately, the huge area consumption of many PUF and TRNG implementations on Field-Programmable Gate Arrays (FPGAs) made them infeasible in IoT environments. Therefore, we undertake the study and development of new techniques to design, develop and implement highly efficient PUFs and TRNG for FPGAs in the context of IoT applications in this thesis.

In the first part of this thesis, we study different techniques for improving performance characteristics of PUFs. In this context, we carry out the design, development, implementation and evaluation of four major types of PUFs has for IoT security. These PUFs fall in three categories: memory based, delay based or hybrid PUFs. The first design we study is RS-Latch based which is a memory based PUF. Next two designs are Ring oscillator and Arbiter based, and fall in the category of delay based PUF. The fourth design is a hybrid of RS Latch and Arbiter PUF designs. All the four designs have been thoroughly tested on FPGA devices. The enhancement in performance of the new designs is achieved through the incorporation of various novel techniques. Performance metrics of these designs have been presented and compared to the state of the art PUFs. It has also been shown that the proposed designs yield the most area-efficient conventional and hybrid PUFs reported so far. Moreover, the proposed PUFs are resistant to temperature, supply voltage, and correlated process variations making them attractive for IoT applications. In the second part of this thesis, we design and develop a ring oscillators based true random number generation on FPGA. The quality of generated true random bits can be improved by employing different new techniques. Subsequently experimental evaluation and comparisons with existing techniques are presented. Further, our proposed implementation provides a very good area-throughput trade-off and high entropy rate of the produced output bits when compared to the existing state-of-the-art.

Lastly, in the third part of this work, we focus on efficient FPGA implementation of elliptic curve based authenticated key agreement protocol for IoT devices using PUF and TRNG. In this context, we design and develop a novel hardware architecture for Binary Edwards Curve (BEC) point multiplication. Subsequently, an FPGA design of elliptic curve based key agreement protocol (ECMQV) using PUF and TRNG is presented. The obtained implementation results show that the proposed architecture yields a better performance when compared to the existing state-of-the-art.