CN104836669B - A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF - Google Patents

A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF Download PDF

Info

Publication number
CN104836669B
CN104836669B CN201510234433.8A CN201510234433A CN104836669B CN 104836669 B CN104836669 B CN 104836669B CN 201510234433 A CN201510234433 A CN 201510234433A CN 104836669 B CN104836669 B CN 104836669B
Authority
CN
China
Prior art keywords
node
terminal
sram puf
certification
random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510234433.8A
Other languages
Chinese (zh)
Other versions
CN104836669A (en
Inventor
李冰
陈帅
顾巍
杨宇
董乾
刘勇
赵霞
王刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201510234433.8A priority Critical patent/CN104836669B/en
Publication of CN104836669A publication Critical patent/CN104836669A/en
Application granted granted Critical
Publication of CN104836669B publication Critical patent/CN104836669B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses one kind to be based on SRAM PUF(Static RAM physics unclonable function)Safety certifying method, belong to technical field of network security.The present invention is directed to the safety issue of the existing Verification System based on SRAM PUF, propose a kind of safety certifying method, the node of SRAM PUF modules is divided into random node and certification node, when being authenticated, it is utilized respectively certification node, random node produces identification sequences, random number sequence, then identification sequences are carried out using the random number sequence generated adding salt Hash operation, so as to effectively improve the security of verification process and reduce the complexity of terminal device.The invention also discloses a kind of terminal and a kind of Verification System.The present invention can greatly improve the security of verification process, and be easy to compatible with existing equipment, have a good application prospect.

Description

A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF
Technical field
The present invention relates to a kind of safety certifying method, more particularly to one kind to be based on SRAM PUF (static random access memories Implements manage unclonable function) safety certifying method, belong to technical field of network security.
Background technology
PUF (Physical Unclonable Functions, physics unclonable function, or abbreviation PUFs) is deposited extensively In existing movement and internet terminal equipment.Correlative theses and monograph both domestic and external are made to physics unclonable function Various definitions, generally speaking, physics unclonable function refer to a kind of physical entity, and the entity can be relied in manufacturing process Otherness produces its distinctive output (be usually binary number), and these outputs are difficult to be cloned.Each group of PUFs Into partly all there is local parameter difference, by PUFs " algorithm ", these local differences can be combined, compare or directly defeated Go out, so as to form the distinctive binary system output of the circuit.Because the local difference between each part is can not to be controlled by outside System, therefore, PUFs is not reproducible.In PUFs typical case, its output valve-response (response) is decided by defeated Enter selection of the signal-excitation (challenge) to the local difference of its inside, therefore PUFs is a function.
Pappu in 2001 first proposed physics unclonable function this concept, and is named as the unidirectional letter of physics Number.He has devised and embodied optics PUFs (Optical PUFs) first.Optics PUFs is by quantifying the dry of transparent optical medium Pattern is related to form its uniqueness output.But too high complexity causes its engineer applied difficult to realize.With integrated circuit skill The development of art, PUFs's realizes that emphasis is gradually transferred to electricity field, and this change is greatly promoted PUFs development.Now Existing a variety of PUFs implementations.The PUFs implementations of main flow include at present:Moderator (Arbiter) PUFs is to be based on two What the delay variance of circuit paths designed;Ring oscillator (Ring Oscillators, RO) PUFs is due to then manufacture Difference and caused frequency is different, different outputs are produced after frequency contrast;SRAM PUFs are metal-oxide-semiconductors inside sram cell Asymmetry and caused by export randomness.In addition many very outstanding PUFs circuit designs also be present, for example, latching PUFs, trigger PUFs, burr PUFs.
In the application, PUFs can be seen as a black box, and the black box is an exciter response system.One is inputted to swash C to PUFs is encouraged, a response r=f (c) can be returned, wherein function f () describes PUFs input/output (excitation/response) Relation.Because the function is caused due to manufacturing variation inside PUFs circuits, PUFs is formed distinctive using the difference CRPs, therefore f () is sightless for a user.Strong PUFs and weak PUFs essential distinction is just both f () It being capable of caused CRPs number differences caused by different.Weak PUFs can only produce a small amount of excitation response pair (or even only one It is individual).And strong PUFs can produce substantial amounts of excitation response pair, so that attacker can not detect in the range of certain time All excitation response pairs.This two class PUFs is respectively used to two application fields:Low-power consumption certification, the generation of key and is deposited Storage.Strong PUFs is often used as certification, and weak PUFs is often used as key storage and generation.It is wherein more representational strong PUFs is that moderator PUFs, weak PUFs have SRAM PUFs and ring oscillator PUFs.
In existing PUF application technologies, the design of the Verification System based on SRAM PUF is realized relatively easy and is easy to real It is now compatible with existing apparatus, therefore have a wide range of applications.But found by research, SRAM PUF following characteristic Constrain its application as Verification System.
SRAM PUF, independent actuation response pair is linear with its number of nodes caused by its energy.That is, attacker only needs The output valve that a number of excitation response pair can obtains whole PUF interior joints is monitored, passes through software or NVM cans Simulate the PUF.Meanwhile for existing SRAM, it is usually continuous byte decoding that it, which is decoded, the address of response do not have from Type is dissipated, this more limits excitation response pair quantity.For applications of the SRAM PUF in Verification System, the scheme of main flow be by SRAM PUF regard key (authentication information) holder, by the information by hash algorithm to improve security, and add Error correcting code increases its reliability.But there is the defects of obvious in this method:Hash algorithm is being believed as a kind of one-way hash function Cease in certification by extensive use.The characteristics of its is main includes:Raw information obtains a cryptographic Hash after Hash calculation;If Change raw information, cryptographic Hash can also change therewith;Same information, Hash calculation result are identicals;Hash be it is unidirectional, It is irreversible.But as the appearance of numerous crack methods, simple hash algorithm will no longer be safe.More popular attacks Hit method and crack (Dictionary Attack) and Brute Force (Brute-force Attack) including dictionary.Both sides The defects of method, is that efficiency is too low.But if attacker is aware of the cryptographic Hash of information in database, or have built up The inquiry table of one general information, then can use look-up table (Lookup Table) or rainbow table (Rainbow Table) the methods of, is cracked.The success once raw information is cracked, then weak PUF safety certification is to count out.Solve The method of the problem has a lot, and one kind is hash algorithm combining encryption algorithm, though improving security result in cost drastically Increase and the reduction of efficiency.
The content of the invention
The technical problems to be solved by the invention are overcome the deficiencies in the prior art, there is provided a kind of based on SRAM PUF's Safety certifying method, it can effectively improve the existing security based on SRAM PUF Verification Systems.
It is of the invention specifically to solve above-mentioned technical problem using following technical scheme:
A kind of safety certifying method based on SRAM PUF, including registration phase and authentication phase,
The registration phase comprises the following steps:
Each node division in itself SRAM PUF module is in advance by step 1, the terminal with SRAM PUF modules Random node and certification node this two class, and each address of node and its corresponding node type are sent to server;
Step 2, server generate a series of excitations being made up of partial authentication node address at random, and send to described Terminal;
The excitation is sequentially input SRAM PUF modules by step 3, the terminal, and by caused by SRAM PUF modules Response feeds back to server;
Step 4, server are stored a series of resulting excitation-response pairs as the authentication data of the terminal;
The authentication phase comprises the following steps:
Step 5, server take an excitation-response pair from the authentication data of current terminal to be certified, swash therein Transmission is encouraged to terminal to be certified;
The excitation received is inputted SRAM PUF modules by step 6, terminal to be certified, is responded accordingly, with the sound Identification sequences are should be used as, and the output of the part or all of random node in the once complete output of SRAM PUF modules is formed One random number sequence;The identification sequences are carried out using the random number sequence for terminal to be certified plus salt Hash operation, and Operation result and the random number sequence are sent to server;
Response of the random number sequence to selected Challenge-response centering received by step 7, server by utilizing carries out same Sample adds salt Hash operation, and by obtained operation result compared with the operation result transmitted by terminal to be certified, such as two Person is identical, then this certification success, otherwise, this authentification failure.
Preferably, the terminal with SRAM PUF modules is in accordance with the following methods by each section in itself SRAM PUF module Point is divided into random node and certification node this two class:Count each node in the multiple complete output of the SRAM PUF modules The frequency shaken is exported, the node for not occurring shaking is certification node, and remaining node is random node.
Further, the authentication phase also includes:
Step 8, such as this authentification failure, then step 5 is gone to, carry out certification again;Such as in default maximum certification number Within once certification success, then the terminal final authentication success, otherwise, authentification failure.
A kind of terminal and a kind of Verification System can also be obtained according to same invention thinking, it is specific as follows:
A kind of terminal, is embedded with SRAM PUF modules, and each node in the SRAM PUF modules is divided into advance Random node and certification node this two class;The terminal also includes being used for the authentication unit for completing safety certification, the certification list Member specifically includes:
Address mapping table, for storing each address of node and its corresponding node type in SRAM PUF modules;
Random number sequence generation module, for part or all of random in the once complete output by SRAM PUF modules The output of node forms a random number sequence;
Serial data composite module, for identification sequences and the random number sequence generation module for being exported SRAM PUF modules The random number sequence exported is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation.
Preferably, each node in the SRAM PUF modules be divided into advance in accordance with the following methods random node and This two class of certification node:Count the frequency that each node output is shaken in the multiple complete output of the SRAM PUF modules Secondary, the node for not occurring shaking is certification node, and remaining node is random node.
Preferably, serial data combination used in the serial data composite module be front end link, rear end link, in Between one kind in insertion and XOR these four modes.
A kind of Verification System, including the as above terminal described in any technical scheme of server and one group.
Preferably, the server includes authentication unit, and the authentication unit includes:
Address mapping table, each address of node and its corresponding node in the SRAM PUF modules for storing each terminal Type;
Authentication database, the excitation-response pair data of the SRAM PUF modules for storing each terminal;
Generation module is encouraged, for generating a series of partial authentication node address institute groups by current terminal to be certified at random Into excitation;
Serial data composite module, for identification sequences and the random number sequence generation module for being exported SRAM PUF modules The random number sequence exported is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation;
Comparison module, for by the data that terminal to be certified is sent compared with the data that itself hash module exports, And judge whether certification succeeds according to comparative result.
Compared with prior art, the invention has the advantages that:
The node of SRAM PUF modules is divided into random node and certification node by the present invention, sharp respectively when being authenticated Identification sequences, random number sequence are produced with certification node, random node, then utilizes generated random number sequence to certification sequence Row carry out plus salt Hash operation, can greatly improve the security of verification process, and simplify the software and hardware structure of terminal device, drop Low cost of implementation.
Brief description of the drawings
Fig. 1 is the structural principle block diagram of one preferred embodiment of present inventive verification system;
Fig. 2 is the structural principle block diagram of the control module of server certification unit in preferred embodiment;
Fig. 3 is the structural principle block diagram of the serial data composite module of server certification unit in preferred embodiment;
Fig. 4 is the structural principle block diagram of the control module of terminal authentication unit in preferred embodiment;
Fig. 5 is the schematic flow sheet of present inventive verification system registration process;
Fig. 6 is the schematic flow sheet of present inventive verification system verification process.
Embodiment
The present invention is directed to the safety issue of the existing Verification System based on SRAM PUF, it is proposed that a kind of safety certification side Method, the node of SRAM PUF modules is divided into random node and certification node, when being authenticated, be utilized respectively certification node, Random node produces identification sequences, random number sequence, and then identification sequences are carried out using the random number sequence generated to add salt Hash operation, so as to effectively improve the security of verification process and reduce the complexity of terminal device.
The safety certifying method of the present invention, including registration phase and authentication phase,
The registration phase comprises the following steps:
Each node division in itself SRAM PUF module is in advance by step 1, the terminal with SRAM PUF modules Random node and certification node this two class, and each address of node and its corresponding node type are sent to server;Step Rapid 2, server generates a series of excitations being made up of partial authentication node address at random, and sends to the terminal;Step 3rd, the excitation is sequentially input SRAM PUF modules by the terminal, and response caused by SRAM PUF modules is fed back into clothes Business device;
Step 4, server are stored a series of resulting excitation-response pairs as the authentication data of the terminal;
The authentication phase comprises the following steps:
Step 5, server take an excitation-response pair from the authentication data of current terminal to be certified, swash therein Transmission is encouraged to terminal to be certified;
The excitation received is inputted SRAM PUF modules by step 6, terminal to be certified, is responded accordingly, with the sound Identification sequences are should be used as, and the output of the part or all of random node in the once complete output of SRAM PUF modules is formed One random number sequence;The identification sequences are carried out using the random number sequence for terminal to be certified plus salt Hash operation, and Operation result and the random number sequence are sent to server;
Response of the random number sequence to selected Challenge-response centering received by step 7, server by utilizing carries out same Sample adds salt Hash operation, and by obtained operation result compared with the operation result transmitted by terminal to be certified, such as two Person is identical, then this certification success, otherwise, this authentification failure.
For the ease of public understanding, technical scheme is described in detail below in conjunction with the accompanying drawings:
Fig. 1 shows the basic structure of present inventive verification system.As shown in figure 1, the system includes the certification of server end The authentication unit of unit and terminal, wherein, server certification unit includes:Control module 102, for server controls end Carry out information exchange, and the control of whole verification process;Address mapping table 104, should for control module generation certification excitation Mapping table includes the certification node of all terminal SRAM PUF modules and the address of random node in system;Authentication database 106, For storing all excitation response pairs of all terminals;Data transmission blocks 108, for sending data in the form of Bit String; Serial data composite module 110, authentication data string and random data string are combined or letter for the instruction according to control module Single computing;Data reception module 112, carrys out the data of Self-certified terminal for receiving, and according to the flag bit of data head by data Input to different functional modules;Hash algorithm module 114, the data for serial data composite module to be generated carry out Hash fortune Calculate;Serial data comparing module, inputted for two data sequences of input to be compared by bit, and by comparison result to control mould Block 102.Terminal authentication unit includes:Data reception module 118, the correlation that server certification unit is come from for receiving refer to Make, encourage and authentication result;Control module 120, for being registered or being recognized according to the dependent instruction of server certification unit The control of card process and feedback authentication result;Address mapping table 122, the excitation received is decoded into for control circuit SRAM PUF address, the mapping table include the address of certification node and random node;SRAM PUF modules 124, for basis The address of control circuit generation exports corresponding response sequence;Serial data composite module 126, there is identical circuit knot with 110 Structure, for the instruction according to control circuit, the identification sequences that SRAM PUF are exported make nonidentity operation with random sequence;Hash is calculated Method module 128, the serial data for being exported to serial data composite module carry out Hash operation;Data transmission blocks, according to difference Data source, by data group generated data string, and send to the receiving module of server certification unit.
Fig. 2 shows a kind of concrete structure of control module 102.As shown in Fig. 2 control module 102 includes:Master control logic 202, for controlling the running status of whole Verification System according to control signal and the data received, contrasted according to serial data The operation result of module judges and authentication output result;Generation module 204 is encouraged, for the ground in address mapping table 104 Random number is to generate the random address for SRAM PUF caused by location and PRNG 206, and address is translated Code is using the excitation as authentication database;PRNG 206, for generating substantial amounts of pseudo random number for excitation generation mould Block uses;Serial data generation module 208, for serial data of the instruction generation with specific function according to master control logic, including Excited data string, registering result serial data, authentication result serial data are simultaneously sent to certification terminal by data transmission blocks 108; Cache module 210, the data for the input of data cached receiving module 112.
Fig. 3 shows a kind of concrete structure of serial data combinational circuit 110.As shown in figure 3, serial data combinational circuit 110 Including:Selector 302, identification sequences and random number sequence are made into various combination processing for the instruction according to control module 102, Operation result is exported to hash algorithm module 128;Front end link 304, random sequence is read from caching 314, is linked in and comes from The identification sequences front end of caching 316, operation result are exported to hash algorithm module 128;Rear end link 306, by random sequence from Caching 314 is read, and is linked in and is exported from the identification sequences rear end of caching 316, operation result to hash algorithm module 128;In Between insert 308, random sequence is read from caching 314, inserts some bit for specifying among the identification sequences from caching 316 Afterwards, operation result is exported to hash algorithm module 128;XOR 310, by random sequence from caching 314 read, with from The identification sequences of caching 316 carry out XOR, and operation result is exported to hash algorithm module 128, and operation result is exported to Kazakhstan Uncommon algoritic module 128.Identification sequences cache module 312, the temporary identification sequences for coming from control module 102;Random sequence is delayed Storing module 314, the temporary random sequence for coming from data reception module 112.
Fig. 4 shows a kind of concrete structure of control module 120 in terminal authentication unit.As shown in figure 4, control module 120 include:Master control logic 402, for controlling the operation shape of whole Verification System according to control signal and the data received State and reception and registration authentication result;Address generation module 404, for the excitation received according to data reception module, reflected with reference to address Excitation is decoded as SRAM addresses by firing table, or is generated according to the output of pseudo random number generation module 406 and address mapping table SRAM random number sequences address;Pseudo random number generation module 406, generate pseudo random number;Serial data generation module 408, for root According to different pieces of information source, corresponding data head is specified, generates serial data;Caching 410, for caching SRAM PUF output.
Each terminal in Verification System is required for carrying out identity registration in a secure environment first, the stream of identity registration Journey is as shown in Figure 5.First, terminal informs that Fig. 1 control modules 120 need to be registered, and control module 120 will pass through data transmission Module 130 sends registration request;The control module 102 of server certification unit can inquire that CPU whether may be used after receiving registration request To start to register, if can register, start registration process and inform terminal by data transmission blocks 108.Terminal is raw first Into address mapping table 122, the method for generation be control module 120 repeat to read SRAM PUF modules complete output sequence it is multiple (such as 100 times) and the concussion number for counting each node, it is certification node by the vertex ticks for not occurring shaking, shakes Vertex ticks be random node.After the completion of identical address mapping table is sent to the address mapping table of server certification unit Module 104.The pseudo-random number sequence selection address that control module 102 is generated by using PRNG 206 afterwards is reflected Partial authentication node in firing table 104, by these certification addresss of node by encouraging generation module to be encoded to excitation.This way Purpose there is randomness in the excitation response pair in authentication database is caused, to improve security.By swashing for above-mentioned generation Input authentication database is encouraged, while is sent by data transmission blocks 108 to terminal authentication unit.Number in terminal authentication unit The excitation is received according to receiving module, control module 120 is decoded as the ground of SRAM PUF modules by address generation module 404 Location, and input SRAM PUF modules 124.The response that SRAM PUF modules 124 generate is sent to clothes by data transmission blocks 130 Business device authentication unit.The response is sent to control module 102 by the data reception module of server certification unit, and the module should Response is used as an excitation-response pair data storage in authentication database 106 with corresponding excitation.Said process is repeated, directly To the excitation response pair quantity completed required for registering.
It is as shown in Figure 6 that security authentication process is carried out under general environment.First, the control module 120 of terminal authentication unit The certification request of terminal is received, control module 120 sends certification request to server certification unit by data reception module. The control module 102 of server certification unit inquires whether server is authenticated, if so, then entering verification process.Take first Business device informs the terminal serial data combinatorial operation mode to be used, as shown in figure 3, computing mode has four kinds, i.e., front end link, after End link, middle insertion and XOR, can also add other simple operations herein.Control module 104 and 120 can pass through Selection signal input data string composite module 110 and 126 Selecting operation modes.Server control module 102 is from certification number afterwards According to one group of excitation response pair is read in storehouse, excitation is sent to terminal authentication unit by data transmission blocks, while will response Input to the identification sequences of serial data composite module 110 and cache 312.Terminal authentication control module 120 will be encouraged and given birth to by address SRAM PUF addresses are decoded as into module 404.The address is inputted into SRAM PUF modules, it responds output to serial data combination die The identification sequences caching of block 126.Random sequence is subsequently generated, address generation module 404 reads in PRNG 406 and generated Pseudo random number, compare address mapping table, address generation module selected part random node is simultaneously encoded to SRAM PUF address, Send to SRAM PUF modules.SRAM PUF export random number sequence to the random number sequence of serial data composite module 126 and cached. Identification sequences and random number sequence are combined computing by serial data composite module 126 according to the computing mode set before, Finally carry out Hash operation.Data transmission blocks send operation result and random number sequence to terminal authentication unit successively.Eventually The data reception module 112 in authentication unit is held by operation result sequence inputting serial data comparing module 116, by random number sequence Input data string composite module 110.Serial data composite module 110 in terminal authentication unit is according to the combinatorial operation specified before The random number sequence of the response and input that prestore before is combined computing by method.Operation result is subjected to Hash operation, transported Calculate result with input Hash operation result be compared, if both it is identical if control module 102 inform respectively database CPU and Terminal authentication unit, the authentification failure if differing.The number of failure can be allowed in the whole verification process of sets itself herein.

Claims (7)

1. a kind of safety certifying method based on static RAM physics unclonable function SRAM PUF, including
Registration phase and authentication phase, it is characterised in that
The registration phase comprises the following steps:
Each node division in itself SRAM PUF module is in advance random by step 1, the terminal with SRAM PUF modules Node and certification node this two class, and each address of node and its corresponding node type are sent to server;Have The terminal of SRAM PUF modules in accordance with the following methods by each node division in itself SRAM PUF module be random node and This two class of certification node:Count the frequency that each node output is shaken in the multiple complete output of the SRAM PUF modules Secondary, the node for not occurring shaking is certification node, and remaining node is random node;
Step 2, server generate a series of excitations being made up of partial authentication node address at random, and send to the end End;
The excitation is sequentially input SRAM PUF modules, and will responded caused by SRAM PUF modules by step 3, the terminal Feed back to server;
Step 4, server are stored a series of resulting excitation-response pairs as the authentication data of the terminal;
The authentication phase comprises the following steps:
Step 5, server take an excitation-response pair from the authentication data of current terminal to be certified, and excitation therein is sent out Deliver to terminal to be certified;
The excitation received is inputted SRAM PUF modules by step 6, terminal to be certified, is responded accordingly, is made with the response For identification sequences, and the output of the part or all of random node in the once complete output of SRAM PUF modules is formed one Random number sequence;The identification sequences are carried out using the random number sequence for terminal to be certified plus salt Hash operation, and will fortune Calculate result and the random number sequence is sent to server;
Response of the random number sequence to selected Challenge-response centering received by step 7, server by utilizing carries out same Add salt Hash operation, and by obtained operation result compared with the operation result transmitted by terminal to be certified, such as both phases Together, then this certification success, otherwise, this authentification failure.
2. safety certifying method as claimed in claim 1, it is characterised in that the authentication phase also includes:
Step 8, such as this authentification failure, then step 5 is gone to, carry out certification again;Such as presetting within maximum certification number Once certification success, then terminal final authentication success, otherwise, authentification failure.
3. safety certifying method as claimed in claim 1, it is characterised in that described plus serial data used in salt Hash operation
Combination is one kind in front end link, rear end link, middle insertion and XOR these four modes.
4. a kind of terminal, it is embedded with SRAM PUF modules, it is characterised in that each in the SRAM PUF modules
Node is divided into random node and certification node this two class in advance in accordance with the following methods:Statistics is in the SRAM PUF moulds The frequency that each node output is shaken in the multiple complete output of block, the node for not occurring shaking is certification node, remaining section Point is random node;The terminal also includes being used for the authentication unit for completing safety certification, and the authentication unit specifically includes:
Address mapping table, for storing each address of node and its corresponding node type in SRAM PUF modules;
Random number sequence generation module, for the part or all of random node in the once complete output by SRAM PUF modules Output form a random number sequence;
Serial data composite module, for the identification sequences that SRAM PUF modules are exported and random number sequence generation module institute are defeated The random number sequence gone out is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation.
5. terminal as claimed in claim 4, it is characterised in that serial data combination side used in the serial data composite module
Formula is one kind in front end link, rear end link, middle insertion and XOR these four modes.
6. a kind of Verification System, including server and one group of terminal as described in claim 4 or 5.
7. Verification System as claimed in claim 6, it is characterised in that the server includes authentication unit, the authentication unit
Including:
Address mapping table, each address of node and its corresponding node class in the SRAM PUF modules for storing each terminal Type;
Authentication database, the excitation-response pair data of the SRAM PUF modules for storing each terminal;
Generation module is encouraged, is formed for generating a series of partial authentication node address by current terminal to be certified at random Excitation;
Serial data composite module, for the identification sequences that SRAM PUF modules are exported and random number sequence generation module institute are defeated The random number sequence gone out is combined as combination data string;
Hash module, the combination data string for being exported to serial data composite module carry out Hash operation;
Comparison module, for by the data that terminal to be certified is sent compared with the data that itself hash module exports, and root Judge whether certification succeeds according to comparative result.
CN201510234433.8A 2015-05-08 2015-05-08 A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF Active CN104836669B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510234433.8A CN104836669B (en) 2015-05-08 2015-05-08 A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510234433.8A CN104836669B (en) 2015-05-08 2015-05-08 A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF

Publications (2)

Publication Number Publication Date
CN104836669A CN104836669A (en) 2015-08-12
CN104836669B true CN104836669B (en) 2018-04-06

Family

ID=53814325

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510234433.8A Active CN104836669B (en) 2015-05-08 2015-05-08 A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF

Country Status (1)

Country Link
CN (1) CN104836669B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106055491B (en) * 2016-05-31 2019-03-12 东南大学 A kind of entropy extracting method and circuit based on SRAM PUF
CN106020771B (en) * 2016-05-31 2018-07-20 东南大学 A kind of pseudo-random sequence generator based on PUF
CN107493572B (en) * 2016-06-13 2021-04-02 上海复旦微电子集团股份有限公司 Wireless radio frequency equipment, authentication server and authentication method
EP3282675B1 (en) * 2016-08-11 2020-01-29 Nxp B.V. Network node and method for identifying a node in transmissions between neighbouring nodes of a network
US10175949B2 (en) 2016-09-06 2019-01-08 Arizona Board Of Regents Acting For And On Behalf Of Northern Arizona University Data compiler for true random number generation and related methods
JP6471130B2 (en) * 2016-09-20 2019-02-13 ウィンボンド エレクトロニクス コーポレーション Semiconductor device and security system
CN106941400B (en) * 2017-03-06 2020-04-24 东南大学 Fuzzy safe authentication method based on SRAM-PUF
CN108958650B (en) * 2017-05-22 2021-06-15 旺宏电子股份有限公司 Electronic system and method of operating the same
CN107256370B (en) * 2017-05-27 2019-12-10 东南大学 Secret key storage method of fuzzy safe based on SRAM-PUF
CN108197478A (en) * 2017-08-08 2018-06-22 鸿秦(北京)科技有限公司 A kind of NandFlash encrypted file systems using random salt figure
US10649735B2 (en) * 2017-09-12 2020-05-12 Ememory Technology Inc. Security system with entropy bits
CN108616358A (en) * 2018-05-10 2018-10-02 广西大学 The authentication method of sensor and main control unit in wireless body area network based on PUF
CN110858803B (en) * 2018-08-23 2022-10-04 中国电信股份有限公司 Authentication method, system, server, and computer-readable storage medium
CN109005040B (en) * 2018-09-10 2022-04-01 湖南大学 Dynamic multi-key confusion PUF (physical unclonable function) structure and authentication method thereof
CN110134369B (en) * 2019-04-15 2023-05-30 深圳市纽创信安科技开发有限公司 Random number generator, random number generation method and chip
CN110233729B (en) * 2019-07-02 2022-03-11 北京计算机技术及应用研究所 Encrypted solid-state disk key management method based on PUF
CN110545543A (en) * 2019-09-03 2019-12-06 南瑞集团有限公司 authentication method, device and system of wireless equipment
CN111143896A (en) * 2019-12-19 2020-05-12 武汉瑞纳捷电子技术有限公司 Physical safety protection method, device and circuit for terminal node of Internet of things
CN111162914B (en) * 2020-02-11 2023-06-16 河海大学常州校区 IPv4 identity authentication method and system of Internet of things based on PUF
CN111565110B (en) * 2020-05-09 2022-03-04 西安电子科技大学 Unified identity authentication system and method based on RO PUF multi-core system
CN113810194B (en) * 2020-06-16 2023-04-18 华为技术有限公司 PUF-based excitation response pair generation device and method
US11380379B2 (en) * 2020-11-02 2022-07-05 Macronix International Co., Ltd. PUF applications in memories
CN112737770B (en) * 2020-12-22 2022-05-20 北京航空航天大学 Network bidirectional authentication and key agreement method and device based on PUF
CN112597549B (en) * 2020-12-28 2022-09-20 南京航空航天大学 Dynamic physical unclonable function circuit based on static random access memory
CN114422145B (en) * 2022-01-21 2024-05-28 上海交通大学 End-to-end dynamic identity authentication method of Internet of things based on PUF and Hash
CN116028992B (en) * 2023-02-23 2024-06-07 广东高云半导体科技股份有限公司 SoC chip and method for realizing data security detection thereof

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581898A (en) * 2012-08-07 2014-02-12 韩国电子通信研究院 Authentication requesting apparatus, authentication processing apparatus, and authentication execution method based on physically unclonable function
CN104468094A (en) * 2013-09-24 2015-03-25 瑞萨电子株式会社 Encryption Key Providing Method, Semiconductor Integrated Circuit, and Encryption Key Management Device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9787480B2 (en) * 2013-08-23 2017-10-10 Qualcomm Incorporated Applying circuit delay-based physically unclonable functions (PUFs) for masking operation of memory-based PUFs to resist invasive and clone attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103581898A (en) * 2012-08-07 2014-02-12 韩国电子通信研究院 Authentication requesting apparatus, authentication processing apparatus, and authentication execution method based on physically unclonable function
CN104468094A (en) * 2013-09-24 2015-03-25 瑞萨电子株式会社 Encryption Key Providing Method, Semiconductor Integrated Circuit, and Encryption Key Management Device

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Bit Selection Algorithm Suitable for High-Volume Production of SRAM-PUF";Kan Xiao等;《2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST)》;20140507;全文 *
"Physical Unclonable Functions and Applications: A Tutorial";Charles Herder等;《Proceedings of the IEEE》;20140831;第102卷(第8期);全文 *

Also Published As

Publication number Publication date
CN104836669A (en) 2015-08-12

Similar Documents

Publication Publication Date Title
CN104836669B (en) A kind of safety certifying method and a kind of terminal, Verification System based on SRAM PUF
Liang et al. A mutual security authentication method for RFID-PUF circuit based on deep learning
Li et al. A provably secure and practical PUF-based end-to-end mutual authentication and key exchange protocol for IoT
JP7372938B2 (en) Computer-implemented systems and methods for performing atomic swaps using blockchain
Alladi et al. A lightweight authentication and attestation scheme for in-transit vehicles in IoV scenario
CN107895111B (en) Internet of things equipment supply chain trust system management method, computer program and computer
CN105723651B (en) Verifiable device
Zhang et al. A privacy-aware PUFs-based multiserver authentication protocol in cloud-edge IoT systems using blockchain
CN102799800B (en) Security encryption coprocessor and wireless sensor network node chip
CN103078744B (en) Public key-based bidirectional radio frequency identification authorization method
US8667283B2 (en) Soft message signing
Zhao et al. ePUF: A lightweight double identity verification in IoT
Windarta et al. Lightweight cryptographic hash functions: Design trends, comparative study, and future directions
CN105005462A (en) Mixed random number generator and method for generating random number by using mixed random number generator
CN112019347B (en) Lightweight security authentication method based on XOR-APUF
He et al. A lightweight authentication and key exchange protocol with anonymity for IoT
Adeli et al. Challenging the security of “A PUF-based hardware mutual authentication protocol”
Zahednejad et al. A Lightweight, Secure Big Data‐Based Authentication and Key‐Agreement Scheme for IoT with Revocability
Xie et al. A novel bidirectional RFID identity authentication protocol
CN111709011B (en) Light-weight RFID (radio frequency identification device) bidirectional authentication method based on PUF (physical unclonable function)
CN113630255B (en) Lightweight bidirectional authentication method and system based on SRAM PUF
CN114244531A (en) Lightweight self-updating message authentication method based on strong PUF
Ranasinghe Lightweight cryptography for low cost RFID
Lin et al. [Retracted] Information Security Protection of Internet of Energy Using Ensemble Public Key Algorithm under Big Data
JPWO2007138876A1 (en) Communication node authentication system and method, communication node authentication program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant