CN104836669B - A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF - Google Patents
A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF Download PDFInfo
- Publication number
- CN104836669B CN104836669B CN201510234433.8A CN201510234433A CN104836669B CN 104836669 B CN104836669 B CN 104836669B CN 201510234433 A CN201510234433 A CN 201510234433A CN 104836669 B CN104836669 B CN 104836669B
- Authority
- CN
- China
- Prior art keywords
- node
- terminal
- sram puf
- certification
- random
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses one kind to be based on SRAM PUF(Static RAM physics unclonable function)Safety certifying method, belong to technical field of network security.The present invention is directed to the safety issue of the existing Verification System based on SRAM PUF, propose a kind of safety certifying method, the node of SRAM PUF modules is divided into random node and certification node, when being authenticated, it is utilized respectively certification node, random node produces identification sequences, random number sequence, then identification sequences are carried out using the random number sequence generated adding salt Hash operation, so as to effectively improve the security of verification process and reduce the complexity of terminal device.The invention also discloses a kind of terminal and a kind of Verification System.The present invention can greatly improve the security of verification process, and be easy to compatible with existing equipment, have a good application prospect.
Description
Technical field
The present invention relates to a kind of safety certifying method, more particularly to one kind to be based on SRAM PUF (static random access memories
Implements manage unclonable function) safety certifying method, belong to technical field of network security.
Background technology
PUF (Physical Unclonable Functions, physics unclonable function, or abbreviation PUFs) is deposited extensively
In existing movement and internet terminal equipment.Correlative theses and monograph both domestic and external are made to physics unclonable function
Various definitions, generally speaking, physics unclonable function refer to a kind of physical entity, and the entity can be relied in manufacturing process
Otherness produces its distinctive output (be usually binary number), and these outputs are difficult to be cloned.Each group of PUFs
Into partly all there is local parameter difference, by PUFs " algorithm ", these local differences can be combined, compare or directly defeated
Go out, so as to form the distinctive binary system output of the circuit.Because the local difference between each part is can not to be controlled by outside
System, therefore, PUFs is not reproducible.In PUFs typical case, its output valve-response (response) is decided by defeated
Enter selection of the signal-excitation (challenge) to the local difference of its inside, therefore PUFs is a function.
Pappu in 2001 first proposed physics unclonable function this concept, and is named as the unidirectional letter of physics
Number.He has devised and embodied optics PUFs (Optical PUFs) first.Optics PUFs is by quantifying the dry of transparent optical medium
Pattern is related to form its uniqueness output.But too high complexity causes its engineer applied difficult to realize.With integrated circuit skill
The development of art, PUFs's realizes that emphasis is gradually transferred to electricity field, and this change is greatly promoted PUFs development.Now
Existing a variety of PUFs implementations.The PUFs implementations of main flow include at present:Moderator (Arbiter) PUFs is to be based on two
What the delay variance of circuit paths designed;Ring oscillator (Ring Oscillators, RO) PUFs is due to then manufacture
Difference and caused frequency is different, different outputs are produced after frequency contrast;SRAM PUFs are metal-oxide-semiconductors inside sram cell
Asymmetry and caused by export randomness.In addition many very outstanding PUFs circuit designs also be present, for example, latching
PUFs, trigger PUFs, burr PUFs.
In the application, PUFs can be seen as a black box, and the black box is an exciter response system.One is inputted to swash
C to PUFs is encouraged, a response r=f (c) can be returned, wherein function f () describes PUFs input/output (excitation/response)
Relation.Because the function is caused due to manufacturing variation inside PUFs circuits, PUFs is formed distinctive using the difference
CRPs, therefore f () is sightless for a user.Strong PUFs and weak PUFs essential distinction is just both f ()
It being capable of caused CRPs number differences caused by different.Weak PUFs can only produce a small amount of excitation response pair (or even only one
It is individual).And strong PUFs can produce substantial amounts of excitation response pair, so that attacker can not detect in the range of certain time
All excitation response pairs.This two class PUFs is respectively used to two application fields:Low-power consumption certification, the generation of key and is deposited
Storage.Strong PUFs is often used as certification, and weak PUFs is often used as key storage and generation.It is wherein more representational strong
PUFs is that moderator PUFs, weak PUFs have SRAM PUFs and ring oscillator PUFs.
In existing PUF application technologies, the design of the Verification System based on SRAM PUF is realized relatively easy and is easy to real
It is now compatible with existing apparatus, therefore have a wide range of applications.But found by research, SRAM PUF following characteristic
Constrain its application as Verification System.
SRAM PUF, independent actuation response pair is linear with its number of nodes caused by its energy.That is, attacker only needs
The output valve that a number of excitation response pair can obtains whole PUF interior joints is monitored, passes through software or NVM cans
Simulate the PUF.Meanwhile for existing SRAM, it is usually continuous byte decoding that it, which is decoded, the address of response do not have from
Type is dissipated, this more limits excitation response pair quantity.For applications of the SRAM PUF in Verification System, the scheme of main flow be by
SRAM PUF regard key (authentication information) holder, by the information by hash algorithm to improve security, and add
Error correcting code increases its reliability.But there is the defects of obvious in this method:Hash algorithm is being believed as a kind of one-way hash function
Cease in certification by extensive use.The characteristics of its is main includes:Raw information obtains a cryptographic Hash after Hash calculation;If
Change raw information, cryptographic Hash can also change therewith;Same information, Hash calculation result are identicals;Hash be it is unidirectional,
It is irreversible.But as the appearance of numerous crack methods, simple hash algorithm will no longer be safe.More popular attacks
Hit method and crack (Dictionary Attack) and Brute Force (Brute-force Attack) including dictionary.Both sides
The defects of method, is that efficiency is too low.But if attacker is aware of the cryptographic Hash of information in database, or have built up
The inquiry table of one general information, then can use look-up table (Lookup Table) or rainbow table (Rainbow
Table) the methods of, is cracked.The success once raw information is cracked, then weak PUF safety certification is to count out.Solve
The method of the problem has a lot, and one kind is hash algorithm combining encryption algorithm, though improving security result in cost drastically
Increase and the reduction of efficiency.
The content of the invention
The technical problems to be solved by the invention are overcome the deficiencies in the prior art, there is provided a kind of based on SRAM PUF's
Safety certifying method, it can effectively improve the existing security based on SRAM PUF Verification Systems.
It is of the invention specifically to solve above-mentioned technical problem using following technical scheme:
A kind of safety certifying method based on SRAM PUF, including registration phase and authentication phase,
The registration phase comprises the following steps:
Each node division in itself SRAM PUF module is in advance by step 1, the terminal with SRAM PUF modules
Random node and certification node this two class, and each address of node and its corresponding node type are sent to server;
Step 2, server generate a series of excitations being made up of partial authentication node address at random, and send to described
Terminal;
The excitation is sequentially input SRAM PUF modules by step 3, the terminal, and by caused by SRAM PUF modules
Response feeds back to server;
Step 4, server are stored a series of resulting excitation-response pairs as the authentication data of the terminal;
The authentication phase comprises the following steps:
Step 5, server take an excitation-response pair from the authentication data of current terminal to be certified, swash therein
Transmission is encouraged to terminal to be certified;
The excitation received is inputted SRAM PUF modules by step 6, terminal to be certified, is responded accordingly, with the sound
Identification sequences are should be used as, and the output of the part or all of random node in the once complete output of SRAM PUF modules is formed
One random number sequence;The identification sequences are carried out using the random number sequence for terminal to be certified plus salt Hash operation, and
Operation result and the random number sequence are sent to server;
Response of the random number sequence to selected Challenge-response centering received by step 7, server by utilizing carries out same
Sample adds salt Hash operation, and by obtained operation result compared with the operation result transmitted by terminal to be certified, such as two
Person is identical, then this certification success, otherwise, this authentification failure.
Preferably, the terminal with SRAM PUF modules is in accordance with the following methods by each section in itself SRAM PUF module
Point is divided into random node and certification node this two class:Count each node in the multiple complete output of the SRAM PUF modules
The frequency shaken is exported, the node for not occurring shaking is certification node, and remaining node is random node.
Further, the authentication phase also includes:
Step 8, such as this authentification failure, then step 5 is gone to, carry out certification again;Such as in default maximum certification number
Within once certification success, then the terminal final authentication success, otherwise, authentification failure.
A kind of terminal and a kind of Verification System can also be obtained according to same invention thinking, it is specific as follows:
A kind of terminal, is embedded with SRAM PUF modules, and each node in the SRAM PUF modules is divided into advance
Random node and certification node this two class;The terminal also includes being used for the authentication unit for completing safety certification, the certification list
Member specifically includes:
Address mapping table, for storing each address of node and its corresponding node type in SRAM PUF modules;
Random number sequence generation module, for part or all of random in the once complete output by SRAM PUF modules
The output of node forms a random number sequence;
Serial data composite module, for identification sequences and the random number sequence generation module for being exported SRAM PUF modules
The random number sequence exported is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation.
Preferably, each node in the SRAM PUF modules be divided into advance in accordance with the following methods random node and
This two class of certification node:Count the frequency that each node output is shaken in the multiple complete output of the SRAM PUF modules
Secondary, the node for not occurring shaking is certification node, and remaining node is random node.
Preferably, serial data combination used in the serial data composite module be front end link, rear end link, in
Between one kind in insertion and XOR these four modes.
A kind of Verification System, including the as above terminal described in any technical scheme of server and one group.
Preferably, the server includes authentication unit, and the authentication unit includes:
Address mapping table, each address of node and its corresponding node in the SRAM PUF modules for storing each terminal
Type;
Authentication database, the excitation-response pair data of the SRAM PUF modules for storing each terminal;
Generation module is encouraged, for generating a series of partial authentication node address institute groups by current terminal to be certified at random
Into excitation;
Serial data composite module, for identification sequences and the random number sequence generation module for being exported SRAM PUF modules
The random number sequence exported is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation;
Comparison module, for by the data that terminal to be certified is sent compared with the data that itself hash module exports,
And judge whether certification succeeds according to comparative result.
Compared with prior art, the invention has the advantages that:
The node of SRAM PUF modules is divided into random node and certification node by the present invention, sharp respectively when being authenticated
Identification sequences, random number sequence are produced with certification node, random node, then utilizes generated random number sequence to certification sequence
Row carry out plus salt Hash operation, can greatly improve the security of verification process, and simplify the software and hardware structure of terminal device, drop
Low cost of implementation.
Brief description of the drawings
Fig. 1 is the structural principle block diagram of one preferred embodiment of present inventive verification system;
Fig. 2 is the structural principle block diagram of the control module of server certification unit in preferred embodiment;
Fig. 3 is the structural principle block diagram of the serial data composite module of server certification unit in preferred embodiment;
Fig. 4 is the structural principle block diagram of the control module of terminal authentication unit in preferred embodiment;
Fig. 5 is the schematic flow sheet of present inventive verification system registration process;
Fig. 6 is the schematic flow sheet of present inventive verification system verification process.
Embodiment
The present invention is directed to the safety issue of the existing Verification System based on SRAM PUF, it is proposed that a kind of safety certification side
Method, the node of SRAM PUF modules is divided into random node and certification node, when being authenticated, be utilized respectively certification node,
Random node produces identification sequences, random number sequence, and then identification sequences are carried out using the random number sequence generated to add salt
Hash operation, so as to effectively improve the security of verification process and reduce the complexity of terminal device.
The safety certifying method of the present invention, including registration phase and authentication phase,
The registration phase comprises the following steps:
Each node division in itself SRAM PUF module is in advance by step 1, the terminal with SRAM PUF modules
Random node and certification node this two class, and each address of node and its corresponding node type are sent to server;Step
Rapid 2, server generates a series of excitations being made up of partial authentication node address at random, and sends to the terminal;Step
3rd, the excitation is sequentially input SRAM PUF modules by the terminal, and response caused by SRAM PUF modules is fed back into clothes
Business device;
Step 4, server are stored a series of resulting excitation-response pairs as the authentication data of the terminal;
The authentication phase comprises the following steps:
Step 5, server take an excitation-response pair from the authentication data of current terminal to be certified, swash therein
Transmission is encouraged to terminal to be certified;
The excitation received is inputted SRAM PUF modules by step 6, terminal to be certified, is responded accordingly, with the sound
Identification sequences are should be used as, and the output of the part or all of random node in the once complete output of SRAM PUF modules is formed
One random number sequence;The identification sequences are carried out using the random number sequence for terminal to be certified plus salt Hash operation, and
Operation result and the random number sequence are sent to server;
Response of the random number sequence to selected Challenge-response centering received by step 7, server by utilizing carries out same
Sample adds salt Hash operation, and by obtained operation result compared with the operation result transmitted by terminal to be certified, such as two
Person is identical, then this certification success, otherwise, this authentification failure.
For the ease of public understanding, technical scheme is described in detail below in conjunction with the accompanying drawings:
Fig. 1 shows the basic structure of present inventive verification system.As shown in figure 1, the system includes the certification of server end
The authentication unit of unit and terminal, wherein, server certification unit includes:Control module 102, for server controls end
Carry out information exchange, and the control of whole verification process;Address mapping table 104, should for control module generation certification excitation
Mapping table includes the certification node of all terminal SRAM PUF modules and the address of random node in system;Authentication database 106,
For storing all excitation response pairs of all terminals;Data transmission blocks 108, for sending data in the form of Bit String;
Serial data composite module 110, authentication data string and random data string are combined or letter for the instruction according to control module
Single computing;Data reception module 112, carrys out the data of Self-certified terminal for receiving, and according to the flag bit of data head by data
Input to different functional modules;Hash algorithm module 114, the data for serial data composite module to be generated carry out Hash fortune
Calculate;Serial data comparing module, inputted for two data sequences of input to be compared by bit, and by comparison result to control mould
Block 102.Terminal authentication unit includes:Data reception module 118, the correlation that server certification unit is come from for receiving refer to
Make, encourage and authentication result;Control module 120, for being registered or being recognized according to the dependent instruction of server certification unit
The control of card process and feedback authentication result;Address mapping table 122, the excitation received is decoded into for control circuit
SRAM PUF address, the mapping table include the address of certification node and random node;SRAM PUF modules 124, for basis
The address of control circuit generation exports corresponding response sequence;Serial data composite module 126, there is identical circuit knot with 110
Structure, for the instruction according to control circuit, the identification sequences that SRAM PUF are exported make nonidentity operation with random sequence;Hash is calculated
Method module 128, the serial data for being exported to serial data composite module carry out Hash operation;Data transmission blocks, according to difference
Data source, by data group generated data string, and send to the receiving module of server certification unit.
Fig. 2 shows a kind of concrete structure of control module 102.As shown in Fig. 2 control module 102 includes:Master control logic
202, for controlling the running status of whole Verification System according to control signal and the data received, contrasted according to serial data
The operation result of module judges and authentication output result;Generation module 204 is encouraged, for the ground in address mapping table 104
Random number is to generate the random address for SRAM PUF caused by location and PRNG 206, and address is translated
Code is using the excitation as authentication database;PRNG 206, for generating substantial amounts of pseudo random number for excitation generation mould
Block uses;Serial data generation module 208, for serial data of the instruction generation with specific function according to master control logic, including
Excited data string, registering result serial data, authentication result serial data are simultaneously sent to certification terminal by data transmission blocks 108;
Cache module 210, the data for the input of data cached receiving module 112.
Fig. 3 shows a kind of concrete structure of serial data combinational circuit 110.As shown in figure 3, serial data combinational circuit 110
Including:Selector 302, identification sequences and random number sequence are made into various combination processing for the instruction according to control module 102,
Operation result is exported to hash algorithm module 128;Front end link 304, random sequence is read from caching 314, is linked in and comes from
The identification sequences front end of caching 316, operation result are exported to hash algorithm module 128;Rear end link 306, by random sequence from
Caching 314 is read, and is linked in and is exported from the identification sequences rear end of caching 316, operation result to hash algorithm module 128;In
Between insert 308, random sequence is read from caching 314, inserts some bit for specifying among the identification sequences from caching 316
Afterwards, operation result is exported to hash algorithm module 128;XOR 310, by random sequence from caching 314 read, with from
The identification sequences of caching 316 carry out XOR, and operation result is exported to hash algorithm module 128, and operation result is exported to Kazakhstan
Uncommon algoritic module 128.Identification sequences cache module 312, the temporary identification sequences for coming from control module 102;Random sequence is delayed
Storing module 314, the temporary random sequence for coming from data reception module 112.
Fig. 4 shows a kind of concrete structure of control module 120 in terminal authentication unit.As shown in figure 4, control module
120 include:Master control logic 402, for controlling the operation shape of whole Verification System according to control signal and the data received
State and reception and registration authentication result;Address generation module 404, for the excitation received according to data reception module, reflected with reference to address
Excitation is decoded as SRAM addresses by firing table, or is generated according to the output of pseudo random number generation module 406 and address mapping table
SRAM random number sequences address;Pseudo random number generation module 406, generate pseudo random number;Serial data generation module 408, for root
According to different pieces of information source, corresponding data head is specified, generates serial data;Caching 410, for caching SRAM PUF output.
Each terminal in Verification System is required for carrying out identity registration in a secure environment first, the stream of identity registration
Journey is as shown in Figure 5.First, terminal informs that Fig. 1 control modules 120 need to be registered, and control module 120 will pass through data transmission
Module 130 sends registration request;The control module 102 of server certification unit can inquire that CPU whether may be used after receiving registration request
To start to register, if can register, start registration process and inform terminal by data transmission blocks 108.Terminal is raw first
Into address mapping table 122, the method for generation be control module 120 repeat to read SRAM PUF modules complete output sequence it is multiple
(such as 100 times) and the concussion number for counting each node, it is certification node by the vertex ticks for not occurring shaking, shakes
Vertex ticks be random node.After the completion of identical address mapping table is sent to the address mapping table of server certification unit
Module 104.The pseudo-random number sequence selection address that control module 102 is generated by using PRNG 206 afterwards is reflected
Partial authentication node in firing table 104, by these certification addresss of node by encouraging generation module to be encoded to excitation.This way
Purpose there is randomness in the excitation response pair in authentication database is caused, to improve security.By swashing for above-mentioned generation
Input authentication database is encouraged, while is sent by data transmission blocks 108 to terminal authentication unit.Number in terminal authentication unit
The excitation is received according to receiving module, control module 120 is decoded as the ground of SRAM PUF modules by address generation module 404
Location, and input SRAM PUF modules 124.The response that SRAM PUF modules 124 generate is sent to clothes by data transmission blocks 130
Business device authentication unit.The response is sent to control module 102 by the data reception module of server certification unit, and the module should
Response is used as an excitation-response pair data storage in authentication database 106 with corresponding excitation.Said process is repeated, directly
To the excitation response pair quantity completed required for registering.
It is as shown in Figure 6 that security authentication process is carried out under general environment.First, the control module 120 of terminal authentication unit
The certification request of terminal is received, control module 120 sends certification request to server certification unit by data reception module.
The control module 102 of server certification unit inquires whether server is authenticated, if so, then entering verification process.Take first
Business device informs the terminal serial data combinatorial operation mode to be used, as shown in figure 3, computing mode has four kinds, i.e., front end link, after
End link, middle insertion and XOR, can also add other simple operations herein.Control module 104 and 120 can pass through
Selection signal input data string composite module 110 and 126 Selecting operation modes.Server control module 102 is from certification number afterwards
According to one group of excitation response pair is read in storehouse, excitation is sent to terminal authentication unit by data transmission blocks, while will response
Input to the identification sequences of serial data composite module 110 and cache 312.Terminal authentication control module 120 will be encouraged and given birth to by address
SRAM PUF addresses are decoded as into module 404.The address is inputted into SRAM PUF modules, it responds output to serial data combination die
The identification sequences caching of block 126.Random sequence is subsequently generated, address generation module 404 reads in PRNG 406 and generated
Pseudo random number, compare address mapping table, address generation module selected part random node is simultaneously encoded to SRAM PUF address,
Send to SRAM PUF modules.SRAM PUF export random number sequence to the random number sequence of serial data composite module 126 and cached.
Identification sequences and random number sequence are combined computing by serial data composite module 126 according to the computing mode set before,
Finally carry out Hash operation.Data transmission blocks send operation result and random number sequence to terminal authentication unit successively.Eventually
The data reception module 112 in authentication unit is held by operation result sequence inputting serial data comparing module 116, by random number sequence
Input data string composite module 110.Serial data composite module 110 in terminal authentication unit is according to the combinatorial operation specified before
The random number sequence of the response and input that prestore before is combined computing by method.Operation result is subjected to Hash operation, transported
Calculate result with input Hash operation result be compared, if both it is identical if control module 102 inform respectively database CPU and
Terminal authentication unit, the authentification failure if differing.The number of failure can be allowed in the whole verification process of sets itself herein.
Claims (7)
1. a kind of safety certifying method based on static RAM physics unclonable function SRAM PUF, including
Registration phase and authentication phase, it is characterised in that
The registration phase comprises the following steps:
Each node division in itself SRAM PUF module is in advance random by step 1, the terminal with SRAM PUF modules
Node and certification node this two class, and each address of node and its corresponding node type are sent to server;Have
The terminal of SRAM PUF modules in accordance with the following methods by each node division in itself SRAM PUF module be random node and
This two class of certification node:Count the frequency that each node output is shaken in the multiple complete output of the SRAM PUF modules
Secondary, the node for not occurring shaking is certification node, and remaining node is random node;
Step 2, server generate a series of excitations being made up of partial authentication node address at random, and send to the end
End;
The excitation is sequentially input SRAM PUF modules, and will responded caused by SRAM PUF modules by step 3, the terminal
Feed back to server;
Step 4, server are stored a series of resulting excitation-response pairs as the authentication data of the terminal;
The authentication phase comprises the following steps:
Step 5, server take an excitation-response pair from the authentication data of current terminal to be certified, and excitation therein is sent out
Deliver to terminal to be certified;
The excitation received is inputted SRAM PUF modules by step 6, terminal to be certified, is responded accordingly, is made with the response
For identification sequences, and the output of the part or all of random node in the once complete output of SRAM PUF modules is formed one
Random number sequence;The identification sequences are carried out using the random number sequence for terminal to be certified plus salt Hash operation, and will fortune
Calculate result and the random number sequence is sent to server;
Response of the random number sequence to selected Challenge-response centering received by step 7, server by utilizing carries out same
Add salt Hash operation, and by obtained operation result compared with the operation result transmitted by terminal to be certified, such as both phases
Together, then this certification success, otherwise, this authentification failure.
2. safety certifying method as claimed in claim 1, it is characterised in that the authentication phase also includes:
Step 8, such as this authentification failure, then step 5 is gone to, carry out certification again;Such as presetting within maximum certification number
Once certification success, then terminal final authentication success, otherwise, authentification failure.
3. safety certifying method as claimed in claim 1, it is characterised in that described plus serial data used in salt Hash operation
Combination is one kind in front end link, rear end link, middle insertion and XOR these four modes.
4. a kind of terminal, it is embedded with SRAM PUF modules, it is characterised in that each in the SRAM PUF modules
Node is divided into random node and certification node this two class in advance in accordance with the following methods:Statistics is in the SRAM PUF moulds
The frequency that each node output is shaken in the multiple complete output of block, the node for not occurring shaking is certification node, remaining section
Point is random node;The terminal also includes being used for the authentication unit for completing safety certification, and the authentication unit specifically includes:
Address mapping table, for storing each address of node and its corresponding node type in SRAM PUF modules;
Random number sequence generation module, for the part or all of random node in the once complete output by SRAM PUF modules
Output form a random number sequence;
Serial data composite module, for the identification sequences that SRAM PUF modules are exported and random number sequence generation module institute are defeated
The random number sequence gone out is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation.
5. terminal as claimed in claim 4, it is characterised in that serial data combination side used in the serial data composite module
Formula is one kind in front end link, rear end link, middle insertion and XOR these four modes.
6. a kind of Verification System, including server and one group of terminal as described in claim 4 or 5.
7. Verification System as claimed in claim 6, it is characterised in that the server includes authentication unit, the authentication unit
Including:
Address mapping table, each address of node and its corresponding node class in the SRAM PUF modules for storing each terminal
Type;
Authentication database, the excitation-response pair data of the SRAM PUF modules for storing each terminal;
Generation module is encouraged, is formed for generating a series of partial authentication node address by current terminal to be certified at random
Excitation;
Serial data composite module, for the identification sequences that SRAM PUF modules are exported and random number sequence generation module institute are defeated
The random number sequence gone out is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation;
Comparison module, for by the data that terminal to be certified is sent compared with the data that itself hash module exports, and root
Judge whether certification succeeds according to comparative result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510234433.8A CN104836669B (en) | 2015-05-08 | 2015-05-08 | A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510234433.8A CN104836669B (en) | 2015-05-08 | 2015-05-08 | A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104836669A CN104836669A (en) | 2015-08-12 |
CN104836669B true CN104836669B (en) | 2018-04-06 |
Family
ID=53814325
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510234433.8A Active CN104836669B (en) | 2015-05-08 | 2015-05-08 | A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104836669B (en) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106055491B (en) * | 2016-05-31 | 2019-03-12 | 东南大学 | A kind of entropy extracting method and circuit based on SRAM PUF |
CN106020771B (en) * | 2016-05-31 | 2018-07-20 | 东南大学 | A kind of pseudo-random sequence generator based on PUF |
CN107493572B (en) * | 2016-06-13 | 2021-04-02 | 上海复旦微电子集团股份有限公司 | Wireless radio frequency equipment, authentication server and authentication method |
EP3282675B1 (en) * | 2016-08-11 | 2020-01-29 | Nxp B.V. | Network node and method for identifying a node in transmissions between neighbouring nodes of a network |
US10175949B2 (en) | 2016-09-06 | 2019-01-08 | Arizona Board Of Regents Acting For And On Behalf Of Northern Arizona University | Data compiler for true random number generation and related methods |
JP6471130B2 (en) * | 2016-09-20 | 2019-02-13 | ウィンボンド エレクトロニクス コーポレーション | Semiconductor device and security system |
CN106941400B (en) * | 2017-03-06 | 2020-04-24 | 东南大学 | Fuzzy safe authentication method based on SRAM-PUF |
CN108958650B (en) * | 2017-05-22 | 2021-06-15 | 旺宏电子股份有限公司 | Electronic system and method of operating the same |
CN107256370B (en) * | 2017-05-27 | 2019-12-10 | 东南大学 | Secret key storage method of fuzzy safe based on SRAM-PUF |
CN108197478A (en) * | 2017-08-08 | 2018-06-22 | 鸿秦(北京)科技有限公司 | A kind of NandFlash encrypted file systems using random salt figure |
US10649735B2 (en) * | 2017-09-12 | 2020-05-12 | Ememory Technology Inc. | Security system with entropy bits |
CN108616358A (en) * | 2018-05-10 | 2018-10-02 | 广西大学 | The authentication method of sensor and main control unit in wireless body area network based on PUF |
CN110858803B (en) * | 2018-08-23 | 2022-10-04 | 中国电信股份有限公司 | Authentication method, system, server, and computer-readable storage medium |
CN109005040B (en) * | 2018-09-10 | 2022-04-01 | 湖南大学 | Dynamic multi-key confusion PUF (physical unclonable function) structure and authentication method thereof |
CN110134369B (en) * | 2019-04-15 | 2023-05-30 | 深圳市纽创信安科技开发有限公司 | Random number generator, random number generation method and chip |
CN110233729B (en) * | 2019-07-02 | 2022-03-11 | 北京计算机技术及应用研究所 | Encrypted solid-state disk key management method based on PUF |
CN110545543A (en) * | 2019-09-03 | 2019-12-06 | 南瑞集团有限公司 | authentication method, device and system of wireless equipment |
CN111143896A (en) * | 2019-12-19 | 2020-05-12 | 武汉瑞纳捷电子技术有限公司 | Physical safety protection method, device and circuit for terminal node of Internet of things |
CN111162914B (en) * | 2020-02-11 | 2023-06-16 | 河海大学常州校区 | IPv4 identity authentication method and system of Internet of things based on PUF |
CN111565110B (en) * | 2020-05-09 | 2022-03-04 | 西安电子科技大学 | Unified identity authentication system and method based on RO PUF multi-core system |
CN113810194B (en) * | 2020-06-16 | 2023-04-18 | 华为技术有限公司 | PUF-based excitation response pair generation device and method |
US11380379B2 (en) * | 2020-11-02 | 2022-07-05 | Macronix International Co., Ltd. | PUF applications in memories |
CN112737770B (en) * | 2020-12-22 | 2022-05-20 | 北京航空航天大学 | Network bidirectional authentication and key agreement method and device based on PUF |
CN112597549B (en) * | 2020-12-28 | 2022-09-20 | 南京航空航天大学 | Dynamic physical unclonable function circuit based on static random access memory |
CN114422145B (en) * | 2022-01-21 | 2024-05-28 | 上海交通大学 | End-to-end dynamic identity authentication method of Internet of things based on PUF and Hash |
CN116028992B (en) * | 2023-02-23 | 2024-06-07 | 广东高云半导体科技股份有限公司 | SoC chip and method for realizing data security detection thereof |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581898A (en) * | 2012-08-07 | 2014-02-12 | 韩国电子通信研究院 | Authentication requesting apparatus, authentication processing apparatus, and authentication execution method based on physically unclonable function |
CN104468094A (en) * | 2013-09-24 | 2015-03-25 | 瑞萨电子株式会社 | Encryption Key Providing Method, Semiconductor Integrated Circuit, and Encryption Key Management Device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9787480B2 (en) * | 2013-08-23 | 2017-10-10 | Qualcomm Incorporated | Applying circuit delay-based physically unclonable functions (PUFs) for masking operation of memory-based PUFs to resist invasive and clone attacks |
-
2015
- 2015-05-08 CN CN201510234433.8A patent/CN104836669B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103581898A (en) * | 2012-08-07 | 2014-02-12 | 韩国电子通信研究院 | Authentication requesting apparatus, authentication processing apparatus, and authentication execution method based on physically unclonable function |
CN104468094A (en) * | 2013-09-24 | 2015-03-25 | 瑞萨电子株式会社 | Encryption Key Providing Method, Semiconductor Integrated Circuit, and Encryption Key Management Device |
Non-Patent Citations (2)
Title |
---|
"Bit Selection Algorithm Suitable for High-Volume Production of SRAM-PUF";Kan Xiao等;《2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)》;20140507;全文 * |
"Physical Unclonable Functions and Applications: A Tutorial";Charles Herder等;《Proceedings of the IEEE》;20140831;第102卷(第8期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN104836669A (en) | 2015-08-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104836669B (en) | A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF | |
Liang et al. | A mutual security authentication method for RFID-PUF circuit based on deep learning | |
Li et al. | A provably secure and practical PUF-based end-to-end mutual authentication and key exchange protocol for IoT | |
JP7372938B2 (en) | Computer-implemented systems and methods for performing atomic swaps using blockchain | |
Alladi et al. | A lightweight authentication and attestation scheme for in-transit vehicles in IoV scenario | |
CN107895111B (en) | Internet of things equipment supply chain trust system management method, computer program and computer | |
CN105723651B (en) | Verifiable device | |
Zhang et al. | A privacy-aware PUFs-based multiserver authentication protocol in cloud-edge IoT systems using blockchain | |
CN102799800B (en) | Security encryption coprocessor and wireless sensor network node chip | |
CN103078744B (en) | Public key-based bidirectional radio frequency identification authorization method | |
US8667283B2 (en) | Soft message signing | |
Zhao et al. | ePUF: A lightweight double identity verification in IoT | |
Windarta et al. | Lightweight cryptographic hash functions: Design trends, comparative study, and future directions | |
CN105005462A (en) | Mixed random number generator and method for generating random number by using mixed random number generator | |
CN112019347B (en) | Lightweight security authentication method based on XOR-APUF | |
He et al. | A lightweight authentication and key exchange protocol with anonymity for IoT | |
Adeli et al. | Challenging the security of “A PUF-based hardware mutual authentication protocol” | |
Zahednejad et al. | A Lightweight, Secure Big Data‐Based Authentication and Key‐Agreement Scheme for IoT with Revocability | |
Xie et al. | A novel bidirectional RFID identity authentication protocol | |
CN111709011B (en) | Light-weight RFID (radio frequency identification device) bidirectional authentication method based on PUF (physical unclonable function) | |
CN113630255B (en) | Lightweight bidirectional authentication method and system based on SRAM PUF | |
CN114244531A (en) | Lightweight self-updating message authentication method based on strong PUF | |
Ranasinghe | Lightweight cryptography for low cost RFID | |
Lin et al. | [Retracted] Information Security Protection of Internet of Energy Using Ensemble Public Key Algorithm under Big Data | |
JPWO2007138876A1 (en) | Communication node authentication system and method, communication node authentication program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |