Date: Wednesday 29 March 2017
Time: 11:00 - 12:30
Location / Room: 2BC

Chair:
Berndt Gammel, Infineon Technologies, DE

Co-Chair:
Tim Güneysu, University of Bremen & DFKI, DE

This session discusses the implementation of basic primitives that are necessary building blocks for the secure systems: Physical unclonable functions (PUFs) are used for creating secret values which then are used as keys in cryptographic algorithms. Logical and physical security of these systems fundamentally relies on the presence of high quality random numbers.

Time	Label	Presentation Title Authors
11:00	6.3.1	SENSITIZED PATH PUF: A LIGHTWEIGHT EMBEDDED PHYSICAL UNCLONABLE FUNCTION Speaker: Matthias Sauer, University of Freiburg, DE Authors: Matthias Sauer1, Pascal Raiola1, Linus Feiten1, Bernd Becker1, Ulrich Rührmair2 and Ilia Polian3 1University of Freiburg, DE; 2TU München, DE; 3University of Passau, DE Abstract Physical unclonable functions (PUFs) can be used for a number of security applications, including secure on-chip generation of secret keys. We introduce an embedded PUF concept called sensitized path PUF (SP-PUF) that is based on extracting entropy out of inherent timing variability of modules already present in the circuit. The new PUF sensitizes paths of nearly identical lengths and generates response bits by racing transitions through different paths against each other. SP-PUF has lower area overhead and higher speed than earlier embedded PUFs and requires no helper data stored in non-volatile memory beyond standard error-correction information for fuzzy extraction. Compared with standalone PUFs, the new solution intrinsically and inseparably intertwines PUF behavior with functional circuitry, thus complicating invasive attacks or simplifying their detection. Moreover, SP-PUF can naturally define the contribution of a digital block to a system-wide ``fusion PUF''. We present a systematic design flow to turn an arbitrary (sufficiently complex) circuit into an SP-PUF. The flow leverages state-of-the-art sensitization algorithms, formal filtering based on statistical analysis, and MAXSAT-based optimization of SP-PUF's area overhead. Experiments show that SP-PUF extracts 256-bit keys with perfect reliability and nearly perfect uniqueness after fuzzy extraction for the majority of standard benchmarks circuits. Download Paper (PDF; Only available from the DATE venue WiFi)
11:30	6.3.2	TEMPERATURE AWARE PHASE/FREQUENCY DETECTOR-BASED RO-PUFS EXPLOITING BULK-CONTROLLED OSCILLATORS Speaker: Sha Tao, Royal Institute of Technology (KTH), SE Authors: Sha Tao and Elena Dubrova, Royal Institute of Technology (KTH), SE Abstract Physical unclonable functions (PUFs) are promising hardware security primitives suitable for low-cost cryptographic applications. Ring oscillator (RO) PUF is a well-received silicon PUF solution due to its ease of implementation and entropy evaluation. However, the responses of RO-PUFs are susceptible to environmental changes, in particular, to temperature variations. Additionally, a conventional RO-PUF implementation is usually more power-hungry than other PUF alternatives. This paper explores circuit-level techniques to design low-power RO-PUFs with enhanced thermal stability. We introduce a power-efficient approach based on a phase/frequency detector (PFD) to perform pairwise comparisons of ROs. We also propose a temperature compensated bulk-controlled oscillator (BCO) and investigate its feasibility and usage in PFD-based RO-PUFs. Evaluation results demonstrate that the proposed techniques can effectively reduce the thermally induced errors in PUF responses while imposing a low power overhead. The PFD-based BCO-PUF is one of the best among existing RO-PUFs in terms of power efficiency. Download Paper (PDF; Only available from the DATE venue WiFi)
12:00	6.3.3	CHACHA20-POLY1305 AUTHENTICATED ENCRYPTION FOR HIGH-SPEED EMBEDDED IOT APPLICATIONS Speaker: Fabrizio De Santis, Technische Universität München, DE Authors: Fabrizio De Santis, Andreas Schauer and Georg Sigl, Technische Universität München, DE Abstract The ChaCha20 stream cipher and the Poly1305 authenticator are cryptographic algorithms designed by Daniel J. Bernstein with the aim of ensuring high-security margins, while achieving high performance on a broad range of software platforms. % In response to the concerns raised about the reliability of the existing IETF/TLS cipher suite, its performance on software platforms, and the ease to realize secure implementations thereof, the IETF has recently published the RFC7905 and RFC7539 to promote the use and standardization of the ChaCha20 stream cipher and Poly1305 authenticator in the TLS protocol. % Most interestingly, the RFC7539 specifies how to combine together the ChaCha20 stream cipher and Poly1305 authenticator to construct an Authenticated Encryption with Associated Data (AEAD) scheme to provide confidentiality, integrity, and authenticity of data. % In this work, we present compact, constant-time, and fast implementations of the ChaCha20 stream cipher, Poly1305-ChaCha20 authenticator, and ChaCha20-Poly1305 AEAD scheme for ARM Cortex-M4 processors, aimed at evaluating the suitability of such algorithms for high-speed and lightweight IoT applications, e.g. to deploy fast and secure TLS connections between IoT nodes and remote cloud servers, when AES hardware acceleration capabilities are not available. Download Paper (PDF; Only available from the DATE venue WiFi)
12:15	6.3.4	TOWARDS POST-QUANTUM SECURITY FOR IOT ENDPOINTS WITH NTRU Speaker: Johanna Sepulveda, TU Munich, DE Authors: Oscar M. Guillen1, Thomas Pöppelmann2, Jose M. Bermudo Mera1, Elena Fuentes Bongenaar3, Georg Sigl1 and Johanna Sepulveda1 1TU München, DE; 2Infineon Technologies, DE; 3Radboud University, NL Abstract The NTRU cryptosystem is one of the main alternatives for practical implementations of post-quantum, public-key cryptography. In this work, we analyze the feasibility of employing the NTRU encryption scheme, NTRUEncrypt, in resource constrained devices such as those used for Internet-of-Things endpoints. We present an analysis of NTRUEncrypt's advantages over other cryptosystems for use in such devices. We describe four different NTRUEncrypt implementations on an ARM Cortex M0-based microcontroller, compare their results, and show that NTRUEncrypt is suitable for use in battery-operated devices. We present performance and memory footprint figures for different security parameters, as well as energy consumption in a resource constrained microcontroller to backup these claims. Furthermore, to the best of our knowledge, in this work we present the first time-independent implementation of NTRUEncrypt. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30	IP3-1, 206	LEVERAGING AGING EFFECT TO IMPROVE SRAM-BASED TRUE RANDOM NUMBER GENERATORS Speaker: Mohammad Saber Golanbari, Karlsruhe Institute of Technology (KIT), DE Authors: Saman Kiamehr1, Mohammad Saber Golanbari2 and Mehdi Tahoori2 1Karlsruhe Institute of Technology (KIT), DE; 2Karlsruhe Institute of Technology, DE Abstract The start-up value of SRAM cells can be used as the random number vector or a seed for the generation of a pseudo random number. However, the randomness of the generated number is pretty low since many of the cells are largely skewed due to process variation and their start-up value leans toward zero or one. In this paper, we propose an approach to increase the randomness of SRAM-based True Random Number Generators (TRNGs) by leveraging transistor aging impact. The idea is to iteratively power-up the SRAM cells and put them under accelerated aging to make the cells less skewed and hence obtaining a more random vector. The simulation results show that the min-entropy of SRAM-based TRNG increases by 10X using this approach. Download Paper (PDF; Only available from the DATE venue WiFi)
12:31	IP3-2, 718	DESIGN AUTOMATION FOR OBFUSCATED CIRCUITS WITH MULTIPLE VIABLE FUNCTIONS Speaker: Shahrzad Keshavarz, University of Massachusetts Amherst, US Authors: Shahrzad Keshavarz1, Christof Paar2 and Daniel Holcomb1 1University of Massachusetts Amherst, US; 2Horst Gortz Institut for IT-Security, Ruhr-Universitat Bochum, DE Abstract Gate camouflaging is a technique for obfuscating the function of a circuit against reverse engineering attacks. However, if an adversary has pre-existing knowledge about the set of functions that are viable for an application, random camouflaging of gates will not obfuscate the function well. In this case, the adversary can target their search, and only needs to decide whether each of the viable functions could be implemented by the circuit. In this work, we propose a method for using camouflaged cells to obfuscate a design that has a known set of viable functions. The circuit produced by this method ensures that an adversary will not be able to rule out any viable functions unless she is able to uncover the gate functions of the camouflaged cells. Our method comprises iterated synthesis within an overall optimization loop to combine the viable functions, followed by technology mapping to deploy camouflaged cells while maintaining the plausibility of all viable functions. We evaluate our technique on cryptographic S-box functions and show that, relative to a baseline approach, it achieves up to 38% area reduction in PRESENT-style S-Boxes and 48% in DES S-boxes. Download Paper (PDF; Only available from the DATE venue WiFi)
12:30		End of session Lunch Break in Garden Foyer Keynote Lecture session 7.0 in "Garden Foyer" 1350 - 1420 Lunch Break in the Garden Foyer On all conference days (Tuesday to Thursday), a buffet lunch will be offered in the Garden Foyer, in front of the session rooms. Kindly note that this is restricted to conference delegates possessing a lunch voucher only. When entering the lunch break area, delegates will be asked to present the corresponding lunch voucher of the day. Once the lunch area is being left, re-entrance is not allowed for the respective lunch.