CN107256370A - A kind of method for storing cipher key of the fuzzy safety box based on SRAM PUF - Google Patents

A kind of method for storing cipher key of the fuzzy safety box based on SRAM PUF Download PDF

Info

Publication number
CN107256370A
CN107256370A CN201710395655.7A CN201710395655A CN107256370A CN 107256370 A CN107256370 A CN 107256370A CN 201710395655 A CN201710395655 A CN 201710395655A CN 107256370 A CN107256370 A CN 107256370A
Authority
CN
China
Prior art keywords
point
true
abscissa
hash
walked
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710395655.7A
Other languages
Chinese (zh)
Other versions
CN107256370B (en
Inventor
李冰
陈帅
杨超凡
沈克强
刘勇
董乾
张�林
王刚
赵霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southeast University
Original Assignee
Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southeast University filed Critical Southeast University
Priority to CN201710395655.7A priority Critical patent/CN107256370B/en
Publication of CN107256370A publication Critical patent/CN107256370A/en
Application granted granted Critical
Publication of CN107256370B publication Critical patent/CN107256370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention discloses a kind of fuzzy safety box method for storing cipher key based on SRAM PUF, SRAM PUF concussion point and the fuzzy safety box of key to be stored generation is extracted in registration phase, by key storage in fuzzy safety box.In the cipher key reconstruction stage, using SRAM PUF as identity identification information, the true point in fuzzy safety box can be filtered out to reconstruct key.The distribution of SRAM PUF concussion point has certain error, therefore eliminates the influence of error present invention introduces Error Correction of Coding, improves the reliability and stability of acquisition key.The present invention constructs a kind of safe fuzzy safety box to store key using PUF unclonable, not reproducible characteristic.Meanwhile, this method can resist the various attack methods of current main flow.

Description

A kind of method for storing cipher key of the fuzzy safety box based on SRAM-PUF
Technical field
The present invention relates to field of information security technology, more particularly to a kind of cipher key storage mechanism based on SRAM-PUF.
Background technology
Existing cryptography security mechanism is all based on greatly EEPROM, the non volatile register (Non-volatile such as Flash Memory, NVM) carry out safety certification and key storage.However, the memory mechanism based on NVM is needed in IC manufacturing mistake Floating transistor technique is added in journey, increases manufacturing cost.Meanwhile, NVM memory mechanisms easily a variety of physics such as are attacked by intrusive mood The threat of attack.Therefore the key storage for high security how being realized in the embedded device of low cost is the pass of urgent need to resolve One of key problem.
Physics unclonable function (Physical Unclonable Functions, PUFs) is emerging as a kind of whole world Information Security Mechanism, with low cost, high safety the characteristics of, the support of the Information Security Industry as main flow can Effectively solve the above problems.PUFs essence is a kind of " chip finger print ", should " fingerprint " from being difficult to control to, it is unpredictable, Unclonable chip manufacturing difference, can resist the physical attacks for NVM.
Analyzed based on more than, PUFs can be used for substituting NVM memory mechanisms progress key, ID storages in embedded device. But, there is the problem of key is difficult to renewal based on PUFs cipher key storage mechanisms in what be presently, there are:Key storage based on PUFs The essence of mechanism is to extract key from PUFs intrinsic " chip finger print ".However, in key failure, reaching life cycle etc. Dynamic more new key is needed under scene, PUFs circuits are obviously difficult to meet this demand.And adding restructural PUFs then needs ASIC Design is carried out, increases cost.
The content of the invention
Present invention seek to address that above mentioned problem, propose a kind of cipher key storage mechanism that can dynamically update, it is innovative general PUFs ambiguity and the accuracy combining encryption of key are stored.It is an object of the invention to provide a kind of based on SRAM-PUF's In fuzzy safety box key storage scheme, this programme, key derives from key management system or other key generting machanisms, PUFs It is only used for protecting the key, key is stored in fuzzy safety box, it is ensured that the security of key.Key can arbitrarily update, More flexibility.
The upper electricity value of multi collect sram chip of the present invention, if the double upper electricity value of a certain units of SRAM is different, is calculated Make the unit once to shake, frequency threshold value is shaken by arrange parameter, the concussion point in sram chip can be filtered out.According to The characteristic of sram chip, for same sram chip, its address for shaking point is basically unchanged, only very little difference, and The concussion dot address difference of different sram chips is huge.Therefore the present invention regard the concussion dot address in sram chip as character modules The fuzzy safety box of plate construction, while using key structure multinomial is stored, by being stored in fuzzy safety box for key safety.
The present invention is specifically adopted the following technical scheme that:
Registration phase:
1st step, key K to be stored is matched with sram chip, every piece of sram chip is only corresponded to a key K.
2nd step, inserts sram chip, and p upper electricity value of collection sram chip filters out and number of times is shaken in sram chip If (the double upper electricity value of a certain units of SRAM is different, can be regarded as and once shakes) are more than f unit as concussion point and remembered Record its address.
3rd step, CRC codings are carried out to key K to be stored and obtain KCRC, by KCRCIt is equally divided into D+1 sections and will be described D+1 sections Value successively as coefficient, construct D grades of multinomial P (x);
4th step, the true point abscissa of construction:The quantity of characteristic information according to needed for being determined the true number M, chooses The address of M concussion point is simultaneously transformed into finite field gf (2 by M concussion point16) in and be used as xi(i=1,2,3....M), is utilized xiConstruct feature templates A={ xi|xi∈GF(216), i=1,2,3 ..., M }
5th step, constructs true point set:Bring M described in the 4th step true points into described in the 3rd step D grades of multinomials respectively P (x), obtains true point coordinates P (xi) (i=1,2,3 ..., M), by the true point coordinates (xi, P (xi)) (i=1,2, 3 ..., M) it is combined as true point set Q;
6th step, constructs hash point set:Generate N number of hash point coordinates (v at random using randomizerj, wj) (j= 1,2,3,4......N) as hash point set Q ', hash point coordinates scope is identical with true point coordinates scope.
7th step, to true point ordinate P (xi) and hash point ordinate wjCarry out BCH Error Corrections of Coding so that the ordinate Occur to correct it during mistake, (P (x are obtained after Bose-Chaudhuri-Hocquenghem Codei))BCH(wj)BCH, the 8th step, structure detail point, by institute State true point abscissa half-and-half to split according to bit wide, obtain high-order true point abscissa and low level truly puts abscissa, will be described High-order true point abscissa and low level truly put abscissa and are combined as true detail point (xhi, xli) (i=1,2,3,4.....M); The hash point abscissa is half-and-half split according to bit wide, high-order hash point abscissa and low level hash point abscissa is obtained, will The high-order hash point abscissa and low level hash point abscissa are combined as hash minutiae point (vhj, vlj) (j=1,2,3, 4.....N)。
9th step, structure detail point description:To each true detail point (xhi, xli) and each hash minutiae point (vhj, vlj).Following steps are carried out successively:With the true detail point (xhi, xli) or the hash minutiae point (vhj, vlj) be The heart chooses k minutiae point according to certain rule (rule is freely chosen by registrant) and describes son, obtains each minutiae point and retouches The numerical value corresponding to t address around son is stated, and successively describes the k minutiae point corresponding to t address around son K*t bit numerical value is arranged according to the order of Row Column, and construction, which obtains truly putting minutiae point, describes subdata MI ' (xhi, xli)) Subdata MI ' (v are described with hash point minutiae pointhj, vlj))。
10th step, calculates and helps data:Each described true point true ordinate of ordinate error correcting code and this is entangled The corresponding low level of description subdata corresponding to error code carries out XOR, and each described hash point ordinate error correcting code is miscellaneous with this The corresponding low level of description subdata gathered corresponding to an ordinate error correcting code carries out XOR, obtains true point and helps data hrealWith Hash point helps data hchaff
11st step, the fuzzy safety box of construction:By the true abscissa xi(i=1,2,3 ..., M), hash point is horizontal to be sat Mark vj(j=1,2,3 ..., N) and the corresponding help data hrealhchaffIt is combined as coordinate (xi, hreal) and (vj, hchaff), fuzzy safety box is constituted, and by the fuzzy safety box coordinate according to true point abscissa and hash point abscissa The arrangement of numerical value ascending order, be combined as fuzzy safety box V, the fuzzy safety box V stored to the authentication database.
Reconstruction stage:
1st step, user's insertion sram chip, system reads electrical characteristics on p SRAM, filters out and shakes secondary in sram chip Number (if the double upper electricity value of a certain units of SRAM is different, can be regarded as and once shake) is more than f unit as concussion point simultaneously Record its address architecture concussion point set ZD
2nd step, will shake point set ZDContrasted with the abscissa of coordinate points in fuzzy safety box, filter out fuzzy insurance Case abscissa and set ZDThe true point template of coordinate points construction reconstruct of coincidenceDue to SRAM cores The position shaken in piece a little is relatively more fixed (there are about 80%-90% concussions point position to fix), if user uses legal sram chip, L coordinate points can be contrasted from fuzzy safety box as the true point template Q of reconstructD(due to SRAM-PUF response error, no It can guarantee that the concussion point gathered every time is completely the same, L < M).
3rd step, structure detail point:Abscissa xd is truly put into the reconstruct filtered out in 2nd stepoHalf-and-half torn open according to bit wide Point, obtain high-order true point abscissa xdhoAbscissa xd is truly put with low levello, by high-order true the point abscissa and low level True point abscissa is combined as truly putting minutiae point (xdho, xdlo) (o=1,2,3,4.....L) and be mapped in sram chip seat In mark system;
4th step, structure detail point description:To each true detail point (xdho, xdlo) following steps are carried out successively: With the true detail point (xdho, xdlo) choose k minutiae point description according to certain rule (rule is freely chosen by registrant) Son, acquisition each minutiae point describes the numerical value corresponding to sub- t address of surrounding, and successively describes the k minutiae point The k*t bit numerical value corresponding to t address around sub is arranged according to the order of Row Column, and construction obtains minutiae point description Data MI ' (xdho, xdlo);
5th step, describes subdata help data corresponding with truly putting by the minutiae point and carries out xor operation, obtain weight Structure truly puts the coordinate after Error Correction of Coding
6th step, error correcting code decoding is carried out by the ordinate after Error Correction of Coding, obtains the true point coordinates set Q of reconstructP= {(xdo, P (xdo)) | o=1 ..., L }.
7th step, reconstruct multinomial P (x):From set QPD+1 coordinate of middle selection, is reconstructed many using Lagrange's interpolation Item formula, takes polynomial coefficient then to obtain the K mentioned in step 1-3CRC, by KCRCStep 1-1 is can obtain after carrying out CRC check The middle key to be stored used, so far completes the acquisition of key.
Beneficial effect
This method obscures encrypted polynomial in safety box algorithm using key structure to be stored, regard SRAM-PUF as feature Structure of transvers plate is truly put and is encrypted into multinomial to constitute fuzzy safety box by true point.Due to being shaken in different sram chips Swing a position difference greatly, and the concussion point position of same sram chip is roughly the same, only minimum deviation, therefore utilize The fuzzy safety box of sram chip this characteristic construction.
Meanwhile, key is encrypted into multinomial by this method, then adds irregular hash point, while ensuring fuzzy insurance Distance is more than a certain particular value between any two point in case, and the particular value is voluntarily chosen by designer so that attacker can only Take brute force attack method to crack, greatly improve the security of key storage.Simultaneously because SRAM-PUF's is unclonable Characteristic, the corresponding sram chip of the key must be held by obtaining key, and this allows for misclassification rate and (refers to user B and use its SRAM core Piece obtains the probability of user's A-key) substantially reduce.
This method, compared to the fuzzy safety box based on biological characteristic, is not required to using the fuzzy safety box of SRAM-PUF constructions A series of images processing links are carried out, flow has been simplified, many resources have been saved.
Brief description of the drawings
Fig. 1 obscures the general flow chart of safety box method for storing cipher key for the SRAM-PUF according to the embodiment of the present invention;
Fig. 2 is concussion point in the registration phase according to the embodiment of the present invention and the sram chip of reconstruction stage collection Distribution map;
Fig. 3 for according to the embodiment of the present invention minutiae point, minutiae point description son and minutiae point describe subdata it Between position relationship schematic diagram;
Fig. 4 obscures the overall flow of the method for storing cipher key of safety box for the SRAM-PUF according to the embodiment of the present invention Schematic diagram;
Fig. 5 is the schematic diagram of the feature templates A according to the embodiment of the present invention.
Embodiment
The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing, it will be appreciated that preferred reality described herein Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.
Key length to be stored is 128bit in this example, and truly count out M=25, and hash is counted out N=200, multinomial Formula series D=8.
Fig. 4 obscures the overall flow of the method for storing cipher key of safety box for the SRAM-PUF according to the embodiment of the present invention Schematic diagram includes registering and two stages of reconstruct.The registration phase, in a secure environment by key storage in fuzzy safety box In;The reconstruction stage, can extract from fuzzy safety box in application environment and specify key.
As shown in figure 1, the specific registration process of registration phase is:
1st step, key to be stored is matched with sram chip, makes each piece of sram chip one key to be stored of correspondence
Electricity value in 2nd step, 100 upper electricity values of collection sram chip, analysis, if the double upper electricity value of some unit is not It is same then be designated as the unit and once shake.Filter out and unit of the number of times more than 15 times is shaken in SRAM as concussion point and its ground is recorded Location.
3rd step, key to be stored to 128bit carries out CRC codings, obtains coding result KCRC(length is 144bit), will Coding result is equally divided into 9 sections and using described 9 sections of value successively as coefficient, constructs 8 grades of multinomial P (x);
4th step, the true point abscissa of construction:25 concussion points are randomly selected in the concussion point obtained from the 2nd step simultaneously It regard its address as feature templates A={ xi|xi∈GF(216), i=1,2,3 ..., M }.Fig. 5 is according to the embodiment of the present invention Feature templates A schematic diagram.
5th step, constructs true point set:By feature templates A={ x described in the 4th stepi|xi∈GF(216), i=1,2,3 ..., M } bring 8 grades of multinomial P (x) described in the 3rd step into respectively, obtain true point coordinates (xi, P (xi)) (i=1,2,3 ..., 25), By the true point coordinates (xi, P (xi)) (25) i=1 2,3 ..., is combined as true point set;
6th step, constructs hash point set:Generate 200 hash point coordinates (v at random using randomizerj, wj)(j =1,2,3,4......200).Hash point coordinates scope is identical with true point coordinates scope.
7th step, to true point ordinate P (xi) and hash point ordinate wjCarry out BCH Error Corrections of Coding so that the ordinate Occur to correct it during mistake, (P (x are obtained after Bose-Chaudhuri-Hocquenghem Codei))BCH(wj)BCH,
8th step, structure detail point half-and-half splits the true abscissa according to bit wide, obtains high-order true point horizontal Coordinate and low level truly put abscissa, truly put abscissa and be combined as true detail high-order true the point abscissa and low level Point (xhi, xli) (i=1,2,3,4.....25);The hash point abscissa is half-and-half split according to bit wide, high-order hash is obtained Point abscissa and low level hash point abscissa, hash is combined as by the high-order hash point abscissa and low level hash point abscissa Minutiae point (vhj, vlj) (j=1,2,3,4.....200).
9th step, structure detail point description:To each true detail point (xhi, xli) and each hash minutiae point (vhj, vlj).Following steps are carried out successively:With the true detail point (xhi, xli) or the hash minutiae point (vhj, vlj) be The heart chooses 100 minutiae points according to Fig. 3 and describes son, obtains the number corresponding to 8 addresses around each minutiae point description Value, and 100 minutiae points are described to the 100*8bit numerical value corresponding to 8 addresses of son surrounding successively according to Row Column Order arrangement, construction obtains minutiae point and describes subdata, q=1,2,3 ..., 225;
11st step, calculates and helps data:Each described true point true ordinate of ordinate error correcting code and this is entangled The corresponding low level of description subdata corresponding to error code carries out XOR, and each described hash point ordinate error correcting code is miscellaneous with this The corresponding low level of description subdata gathered corresponding to an ordinate error correcting code carries out XOR, obtains true point and helps data hrealWith Hash point helps data hchaff
12nd step, the fuzzy safety box of construction:By the true abscissa xi=1,2,3 ..., 25, hash point abscissa vj =1,2,3 ..., the 200 and help data hrealhchaffIt is combined as fuzzy safety box coordinate (xi, hreal) and (vj, hchaff), And arrange all fuzzy safety box coordinates according to the numerical value ascending order of abscissa and hash point abscissa, it is combined as fuzzy safety box V, the fuzzy safety box V is stored to the authentication database.
Reconstruction stage:
1st step, user's insertion sram chip, 100 upper electricity values of system acquisition sram chip filter out concussion number of times and are more than The concussion point of 15 times, Fig. 2 is shake in the registration phase according to the embodiment of the present invention and the sram chip of reconstruction stage collection Swing distribution map a little.
2nd step, will shake point set ZDContrasted with the abscissa of coordinate points in fuzzy safety box, filter out fuzzy insurance Case abscissa and set ZDThe true point template of coordinate points construction reconstruct of coincidenceIf user uses Legal sram chip, because the position shaken in sram chip a little is relatively fixed, therefore can be contrasted from fuzzy safety box (due to SRAM-PUF response error, 80%~90% true point, therefore 9 < L can be about filtered out to L true points < 25).
3rd step, structure detail point, by the true point abscissa xd of the reconstructoHalf-and-half split according to bit wide, obtain high-order true Real point abscissa and low level truly put abscissa, and high-order true the point abscissa and low level are truly put into abscissa combination and attached most importance to Structure true detail point (xdho, xdlo) (o=1,2,3,4.....L);
4th step, structure detail point description:To each reconstruct true detail point (xdho, xdlo) walked as follows successively Suddenly:With the reconstruct true detail point (xdho, xdlo) choose 100 according to certain rule (rule is freely chosen by registrant) Minutiae point description, obtains the numerical value corresponding to 8 addresses around each minutiae point description, and successively by the k The 100*8bit numerical value corresponding to t address around minutiae point description is arranged according to the order of Row Column, and construction is obtained Minutiae point describes subdata MI ' (xdho, xdlo);
5th step, by the minutiae point describe subdata with reconstruct truly put corresponding help dataCarry out XOR behaviour Make, obtain ordinate of each true point after Error Correction of Coding.
6th step, carries out error correcting code decoding, so as to obtain true point coordinates set Q by the ordinate after Error Correction of CodingP= {(xdo, P (xdo)) | o=1 ..., L }.
7th step, reconstruct multinomial P (x):From set QPIn arbitrarily choose 9 true point coordinates, use Lagrange's interpolation Method reconstruct multinomial P (x), takes the polynomial coefficient of reconstruct then to obtain the K mentioned in step 1-3CRC, by KCRCCarry out CRC schools The key to be stored used in step 1-1 is can obtain after testing, the acquisition of key is so far completed.

Claims (1)

1. a kind of fuzzy safety box method for storing cipher key based on SRAM-PUF, it is characterised in that step includes:
Registration phase:
1-1 is walked, and matches key to be stored and sram chip, every piece of sram chip is only corresponded to a key to be stored;
1-2 is walked, and inserts sram chip, and p upper electricity of system acquisition sram chip is worth, and p is positive integer, filters out sram chip Middle concussion number of times is more than the unit of setting value as concussion point and records its address;If the double upper electricity of a certain units of SRAM Value is different, then can be regarded as and once shake;
1-3 is walked, and is carried out CRC codings to key to be stored, is obtained coding result KCRC, by KCRCIt is equally divided into D+1 sections and by institute The value for stating D+1 sections constructs D grades of multinomial P (x), D is multinomial series successively as coefficient;
1-4 is walked, the true point abscissa of construction:The quantity of characteristic information, is selected from SRAM according to needed for being determined true point number M M concussion point is taken, the address of M concussion point is transformed into finite field gf (216) in and be used as xi, utilize xiConstruct feature templates A ={ xi|xi∈GF(216), i=1,2,3..., M };
1-5 is walked, and constructs true point set:By 1-4 walk the M true points bring into respectively described in 1-3 steps D grades it is multinomial Formula P (x), obtains truly putting ordinate P (xi), by the true point coordinates (xi, P (xi)) it is combined as true point set Q;
1-6 is walked, and constructs hash point set:Generate N number of hash point coordinates (v at random using randomizerj, wj), j=1, 2,3,4......N, as hash point set Q ', hash point coordinates scope is identical with true point coordinates scope;
1-7 is walked, to true point ordinate P (xi) and hash point ordinate wjCarry out BCH Error Corrections of Coding so that the ordinate goes out It can be corrected it during existing mistake, (P (x are obtained after BCH Error Corrections of Codingi))BCH(wj)BCH
1-8 is walked, structure detail point, and the true abscissa is half-and-half split according to bit wide, a high position is obtained and truly puts horizontal seat Mark xhiAbscissa x is truly put with low levelli, high-order true the point abscissa and low level are truly put abscissa and are combined as truly Minutiae point (xhi, xli), i=1,2,3,4.....M;The hash point abscissa is half-and-half split according to bit wide, obtains high-order miscellaneous Gather an abscissa vhjWith low level hash point abscissa vlj, by the high-order hash point abscissa and low level hash point abscissa group It is combined into hash minutiae point (vhj, vlj), j=1,2,3,4.....N;
1-9 is walked, structure detail point description:To each true detail point (xhi, xli) and each hash minutiae point (vhj, vlj), following steps are carried out successively:With the true detail point (xhi, xli) or the hash minutiae point (vhj, vlj) centered on press The rule selected according to registrant chooses k minutiae point description, and it is right that acquisition each minutiae point describes sub- t address institute of surrounding The numerical value answered, and the k minutiae point is described to the k*t bit numerical value corresponding to t address of son surrounding successively according to leading The order arrangement of rank rear, construction, which obtains truly putting minutiae point, describes subdata MI ' (xhi, xli)) and hash point minutiae point description Data MI ' (vhj, vlj)), k, t are positive integer;
1-10 is walked, and is calculated and is helped data:Will each described true point ordinate error correcting code and the true ordinate error correction The corresponding low level of description subdata corresponding to code carries out XOR, will each described hash point ordinate error correcting code and the hash The corresponding low level of description subdata corresponding to point ordinate error correcting code carries out XOR, obtains true point and helps data hrealWith it is miscellaneous Gather and to help a data hchaff
1-11 is walked, the fuzzy safety box of construction:By the true abscissa xi, i=1,2,3 ..., M, hash point abscissa vj, J=1,2,3 ..., N, and the corresponding help data hreal、hchaffIt is combined as coordinate (xi, hreal) and (vj, hchaff), will It constitutes fuzzy safety box V, and by the fuzzy safety box coordinate according to true point abscissa and the numerical value of hash point abscissa Ascending order is arranged, and is combined as fuzzy safety box V and is stored to authentication database;
Reconstruction stage:
2-1 is walked, and user's insertion sram chip, system reads electrical characteristics on p SRAM, filters out and number of times is shaken in sram chip Unit more than setting value is put as concussion and records its address architecture concussion point set ZD;If a certain units of SRAM are double Upper electricity value it is different, then can be regarded as and once shake;
2-2 is walked, and screens true point:Will concussion point set ZDContrast, filter out with the abscissa of coordinate points in fuzzy safety box Fuzzy safety box abscissa and set ZDThe true point template of coordinate points construction reconstruct of coincidence For the true point abscissa xd of reconstructoThe corresponding ordinate in fuzzy safety box V;Due to shaking position a little in sram chip Compare fixation, if user just uses legal sram chip, L coordinate points can be contrasted from fuzzy safety box as the true point of reconstruct Template QD, due to SRAM-PUF response error, it is impossible to ensure that the concussion point gathered every time is completely the same, therefore L < M;
2-3 is walked, structure detail point:Abscissa xd is truly put in the reconstruct filtered out during 2-2 is walkedoHalf-and-half split according to bit wide, Obtain high-order true point abscissa xdhoAbscissa xd is truly put with low levello, high-order true the point abscissa and low level is true Real point abscissa is combined as truly putting minutiae point (xdho, xdlo), o=1,2,3,4.....L, and it is mapped in sram chip coordinate In system;
2-4 is walked, structure detail point description:To each true minutiae point (xdho, xdlo) following steps are carried out successively:With True detail point (the xdho, xdlo) rule that selects according to registrant chooses k minutiae point and describes son, obtain it is described each Minutiae point describes the numerical value corresponding to sub- t address of surrounding, and the k minutiae point is described into t address around son successively Corresponding k*t bit numerical value is arranged according to the order of Row Column, and construction obtains minutiae point and describes subdata MI ' (xdho, xdlo);
2-5 is walked, and the minutiae point is described into subdata help data corresponding with truly putting carries out xor operation, obtains reconstruct Coordinate of the true point after Error Correction of Coding
2-6 is walked, to coordinate RadOrdinate carry out BCH decodings, the true point ordinate set P (xd of reconstruct are obtained after decodingo), Utilize the true point abscissa xd of reconstructoWith the true point ordinate P (xd of reconstructo) construction set QP={ (xdo, P (xdo)) | o= 1 ..., L };
2-7 is walked, reconstruct multinomial P (x):From set QPD+1 coordinate of middle selection, is reconstructed multinomial using Lagrange's interpolation Formula, takes polynomial coefficient then to obtain the K mentioned in step 1-3CRC, by KCRCIt is can obtain after carrying out CRC check in step 1-1 The key to be stored used, so far completes the acquisition of key.
CN201710395655.7A 2017-05-27 2017-05-27 Secret key storage method of fuzzy safe based on SRAM-PUF Active CN107256370B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710395655.7A CN107256370B (en) 2017-05-27 2017-05-27 Secret key storage method of fuzzy safe based on SRAM-PUF

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710395655.7A CN107256370B (en) 2017-05-27 2017-05-27 Secret key storage method of fuzzy safe based on SRAM-PUF

Publications (2)

Publication Number Publication Date
CN107256370A true CN107256370A (en) 2017-10-17
CN107256370B CN107256370B (en) 2019-12-10

Family

ID=60027784

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710395655.7A Active CN107256370B (en) 2017-05-27 2017-05-27 Secret key storage method of fuzzy safe based on SRAM-PUF

Country Status (1)

Country Link
CN (1) CN107256370B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525399A (en) * 2018-10-22 2019-03-26 国家电网有限公司 A method of the system authentication of power grid intelligent mobile terminal is realized based on PUF
CN111865617A (en) * 2020-08-04 2020-10-30 上海交通大学 Method for enhancing system reliability based on physical unclonable function

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104836669A (en) * 2015-05-08 2015-08-12 东南大学 Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system
CN106020771A (en) * 2016-05-31 2016-10-12 东南大学 Pseudorandom sequence generator based on PUF
US20160359635A1 (en) * 2011-03-11 2016-12-08 Emsycon Gmbh Tamper-protected hardware and method for using same
CN106257590A (en) * 2015-06-18 2016-12-28 松下知识产权经营株式会社 There is Nonvolatile memory devices and the integrated circuit card of tamper-resistance properties

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160359635A1 (en) * 2011-03-11 2016-12-08 Emsycon Gmbh Tamper-protected hardware and method for using same
CN104836669A (en) * 2015-05-08 2015-08-12 东南大学 Security authentication method based on SRAM PUF (Static Random Access Memory Physical Uncloable Function), terminal and authentication system
CN106257590A (en) * 2015-06-18 2016-12-28 松下知识产权经营株式会社 There is Nonvolatile memory devices and the integrated circuit card of tamper-resistance properties
CN106020771A (en) * 2016-05-31 2016-10-12 东南大学 Pseudorandom sequence generator based on PUF

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
JEROEN DELVAUX ETC: "Helper Data Algorithms for PUF-Based Key Generation:Overview and Analysis", 《IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED AND SYSTEM》 *
SHUAI CHEN ETC: "A Dynamic Reseeding DRBG Based on SRAM PUFs", 《IEEE TRANSACTIONS ON COMPUTER-AIDED DESIGN OF INTEGRATED AND SYSTEM》 *
张振华: "DRAM PUF的设计与实现", 《中国优秀硕士学位论文全文数据库》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109525399A (en) * 2018-10-22 2019-03-26 国家电网有限公司 A method of the system authentication of power grid intelligent mobile terminal is realized based on PUF
CN111865617A (en) * 2020-08-04 2020-10-30 上海交通大学 Method for enhancing system reliability based on physical unclonable function
CN111865617B (en) * 2020-08-04 2021-09-07 上海交通大学 Method for enhancing system reliability based on physical unclonable function

Also Published As

Publication number Publication date
CN107256370B (en) 2019-12-10

Similar Documents

Publication Publication Date Title
EP3238199B1 (en) Secure key generation from biased physical unclonable function
US10778441B2 (en) Redactable document signatures
Delvaux et al. Helper data algorithms for PUF-based key generation: Overview and analysis
EP3332402B1 (en) Cryptographic device having physical unclonable function
CN107004380B (en) Encryption device comprising a physical unclonable function
CN109388975A (en) For the storage organization of safety and reliability
CN106941400A (en) A kind of fuzzy safety box authentication method based on SRAM PUF
KR102026757B1 (en) Soft decision error correction for memory based puf using a single enrollment
CN110427774A (en) Data based on block chain deposit card method, data verification method and relevant apparatus
CN103188075A (en) Secret key and true random number generator and method for generating secret key and true random number
CN103312504B (en) For reconstructing the apparatus and method of Bit String on the premise of carrying out precorrection
US20190221139A1 (en) Cryptographic device and memory based puf
US11258597B2 (en) Key derivation from PUFs
CN104954328A (en) On-line registration and authentication method and apparatus
CN106789063B (en) A kind of double factor authentication method based on convolution sum circulation dual coding
CN107256370A (en) A kind of method for storing cipher key of the fuzzy safety box based on SRAM PUF
CN107733655A (en) A kind of APUF safety certifying methods based on Polynomial Reconstructing
CN108763940B (en) Secret sharing based verifiable database encryption retrieval method and system
JP5831203B2 (en) Individual information generation apparatus, encryption apparatus, authentication system, and individual information generation method
CN104363089A (en) Method for realizing fuzzy vault on the basis of geographical location information
Yin A group-based ring oscillator physical unclonable function
CN108984150A (en) A method of generating pseudo-random number seed
CN108632024A (en) A kind of method and device of operation bootstrap

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant