Friday, September 16, 2011

CARDIS '11 - Invited speakers

CARDIS (Smart Card Research and Advanced Applications) was held this year at Katholieke Universiteit Leuven in Belgium. Helena Handschuh, chief technology officer of Intrinsic-ID, gave the first of two invited talks on SRAM PUFs.

A PUF is a physical unclonable function, a functional fingerprint for silicon chips designed to provide an unclonable means of identifying the device. The unclonable requirement extends as far as requiring that even the manufacturing process that created the original PUF should not be able to reproduce it for the same device. The way to achieve this is by creating a challenge-response situation by stimulating some physical structure on the device. The exact micro-structure is influenced by physical factors introduced during the manufacturing process, and is highly unpredictable. A PUF then has a way of mapping different stimuli (challenges) to unique reactions (responses).

A PUF can then be used to prevent a device being cloned, because the cloned PUF will react differently to the stimuli. With this property, it would be possible to create unclonable RFID tags, for instance. Some PUFs can also be used for secure key storage, by essentially one-time 'enrolling' a key on a device, and also in some particular cases as a way of generating entropy.

The physical structure that defines the PUF can be created in many different ways. For example, optical PUFs work by measuring how light from a laser is reflected when it of shone through randomly distributed glass scatterers; so the unclonability is achieved with explicitly-induced randomness. Additionally, by varying the angle of incidence of the laser light, a set of unique responses can be achieved. Alternatively, implicitly-induced randomness can be created with SRAM PUFs because the initial state of the start up cells at the device-power on is different for different devices. The rest of the talk concentrated on SRAM PUFs and their properties.

Helena spoke about the challenges involved in testing the effectiveness of their PUFs. One interesting comment was about how, over time, the physical structure that embodies the PUF can degrade through use. This could lead to the fingerprint of the device varying. To test this, a chip needs to be heated to 80c for 2000 hours to simulate 10 years of ageing. Factors that affect a PUF include the temperature of the chip, power-up times, and many others. Helena concluded with some interesting statistics illustrating just how much manpower and equipment have gone into assessing how these factors affect SRAM PUFs.

The second invited speaker was Olivier Ly of the Laboratoire Bordelais de Recherche en Informatique (LaBRI) at the University of Bordeaux. Olivier's talk revolved around the "Insight" framework, a piece of software designed for automatic analysis of programs in their binary state. The concept has applications in virus detection and assessing side-channel vulnerabilities.

No comments:

Post a Comment