CN111444556A - SRAM PUF-based hardware IP implementation structure - Google Patents
SRAM PUF-based hardware IP implementation structure Download PDFInfo
- Publication number
- CN111444556A CN111444556A CN202010244958.0A CN202010244958A CN111444556A CN 111444556 A CN111444556 A CN 111444556A CN 202010244958 A CN202010244958 A CN 202010244958A CN 111444556 A CN111444556 A CN 111444556A
- Authority
- CN
- China
- Prior art keywords
- value
- sram
- root key
- puf
- architecture
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 claims abstract description 15
- 238000004364 calculation method Methods 0.000 claims description 3
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 238000011084 recovery Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 6
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000005286 illumination Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/86—Secure or tamper-resistant housings
- G06F21/87—Secure or tamper-resistant housings by means of encapsulation, e.g. for integrated circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a hardware IP realization structure based on SRAM PUF, the realization method is as follows: compressing by using a random number generated by TRNG to generate a root key/characteristic value; because the entropy density of the random number is higher, the number of data sources compressed by SM3 can be greatly reduced in order to obtain the same 256-bit root key/characteristic value; the initial value of the SRAM is used for generating Help Data to carry out secret sharing; associating the value of Help Data with different chips through an association module; the Help Data is stored without confidentiality and is used for recovering a 256-bit root key/characteristic value; the invention has the beneficial effects that: the realization of PUF software is ensured, and the data security is improved; associating the value of Help Data with different chips through an association module; the feedback signal is controlled, the module is powered on again, and the stability of the system is guaranteed.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a hardware IP implementation structure based on an SRAM PUF.
Background
With the development of information technology, the world of everything interconnection is now entered: the comprehensive intercommunication and interconnection between people, objects and people are started. In all application fields of interconnection, how to ensure the security and uniqueness of data has become the most important and urgent problem.
Currently, the method for solving the problem in the industry is mainly authorized by a root certificate center, but any root certificate is generated by human algorithm operation, and a plurality of risks such as hacking, leakage in the operation process and the like exist from the source.
The PUF technology can solve the problem of data uniqueness from a root of trust source, and is the best method for solving the problem of data information security. Specific scene application of some PUF technologies appears in the market, but the PUF technologies are used as bottom layer technologies, and security modules are formed through different algorithms and embedded into chips, so that large-scale application of terminal scenes does not appear at home and abroad.
The puf (physical Unclonable function) is a short term for "physical Unclonable technology", and is a unique "fingerprint" information of a chip generated by using random process deviations of processes such as injection, illumination and the like in the chip manufacturing process, and the unique fingerprint "information can be used as unique identification information of the chip after being extracted by a special technology. The mark is automatically generated in the manufacturing process, so that a designer, a manufacturer and a producer of the chip can not control the mark, and the physical uncloneable characteristic of the anti-counterfeiting chip is ensured.
PUF technology allows each piece of data to have a unique, uncopyable "fingerprint"! Is gradually and widely applied to the security fields of identity authentication, key generation, fingerprint identification, defense technology and the like.
In order to solve the problem of data information security, a hardware IP implementation structure based on an SRAM PUF is provided for the purpose.
Disclosure of Invention
The invention aims to provide a hardware IP implementation structure based on an SRAM PUF, which solves the problem of data information safety.
In order to achieve the purpose, the invention provides the following technical scheme: an implementation structure of hardware IP based on SRAM PUF comprises the following steps:
the method comprises the following steps: compressing by using a random number generated by TRNG to generate a root key/characteristic value;
step two: the initial value of SRAM is used to generate Help Data for secret sharing.
As a preferred solution of the present invention, the number of data sources compressed by SM3 is reduced to obtain the same 256-bit root key/feature value.
In a preferred embodiment of the present invention, SM3 is used for calculating the HASH value.
The invention further comprises an association module, which is used for associating the value of HelpData with different chips.
As a preferred technical scheme of the invention, the storage of Help Data does not need to be kept secret, and the Help Data is used for recovering a 256-bit root key/characteristic value.
As a preferred solution of the present invention, the TRNG is used as a random number source for the PUF during the enrollment phase, and is available for external use during the normal operation phase.
As a preferred technical solution of the present invention, the apparatus further includes a feedback module, and the feedback module is used for feedback of the signal.
Compared with the prior art, the invention has the beneficial effects that:
(1) the realization of PUF software is ensured, and the data security is improved;
(2) associating the value of Help Data with different chips through an association module;
(3) the feedback signal is controlled, the module is powered on again, and the stability of the system is guaranteed.
Drawings
FIG. 1 is a flow chart of the registration phase of the present invention;
FIG. 2 is a flow chart of the recovery phase of the present invention;
FIG. 3 is a block hardware architecture diagram of the present invention;
FIG. 4 is a first diagram of the power supply feedback control of the present invention;
FIG. 5 is a schematic diagram of a second configuration of the power feedback control scheme of the present invention;
FIG. 6 is a flowchart illustrating the operation of the registration phase in the logic flow control of the present invention;
FIG. 7 is a flowchart illustrating the recovery phase operation in logic flow control according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
Referring to fig. 1, fig. 2, fig. 3, fig. 4, fig. 5 and fig. 6, the present invention provides a technical solution: a hardware IP realization structure based on SRAMPUF, the realization method is as follows:
the method comprises the following steps: compressing by using a random number generated by TRNG to generate a root key/characteristic value; because the entropy density of the random number is higher, the number of data sources compressed by SM3 can be greatly reduced in order to obtain the same 256-bit root key/characteristic value;
step two: the initial value of the SRAM is used for generating Help Data to carry out secret sharing; associating the value of HelpData with different chips through an association module; the storage of Help Data does not need to be kept secret, which is used to recover the 256-bit root key/signature.
In this embodiment, preferably, SM3 is used for the calculation of the HASH value.
In this embodiment, the TRNG is preferably used as a random number source for the PUF during the enrollment phase, and may be used externally during the normal operation phase.
FIG. 3 is a block hardware architecture diagram: NVRAM flag bit (8bit), when the number of 1 is greater than 0, the flag is the registration stage, after the registration is finished, the 8bit flag bit is changed into 8' h 00; when the number of 0 is more than 1, marking as a working stage;
the Controller is a control module and controls the registration and the working process of the PUF;
power CTR L controls the POWER supply of the module.
FIG. 4 is a first control diagram of power feedback: when the rootkeys recovered for n times continuously in the recovery stage are the same, the recovery is considered to be successful, otherwise, a signal is fed back, and the power supply management logic of the control module is used for controlling the module to be powered on again so as to ensure the stability of the system; or when the system is applied and the recovered RootKey is found to be inconsistent with the previous application, the module can also be configured to control the feedback signal, so that the module is powered on again to recover the RootKey.
Example 2
Referring to fig. 1, fig. 2, fig. 3, fig. 4, fig. 5 and fig. 6, the present invention provides a technical solution: a hardware IP realization structure based on SRAMPUF, the realization method is as follows:
the method comprises the following steps: compressing by using a random number generated by TRNG to generate a root key/characteristic value; because the entropy density of the random number is higher, the number of data sources compressed by SM3 can be greatly reduced in order to obtain the same 256-bit root key/characteristic value;
step two: the initial value of the SRAM is used for generating Help Data to carry out secret sharing; associating the value of HelpData with different chips through an association module; the storage of Help Data does not need to be kept secret, which is used to recover the 256-bit root key/signature.
In this embodiment, preferably, SM3 is used for the calculation of the HASH value.
In this embodiment, the TRNG is preferably used as a random number source for the PUF during the enrollment phase, and may be used externally during the normal operation phase.
In this embodiment, it is preferable that the apparatus further includes a feedback module, and the feedback module is configured to feed back the signal.
FIG. 3 is a block hardware architecture diagram: NVRAM flag bit (8bit), when the number of 1 is greater than 0, the flag is the registration stage, after the registration is finished, the 8bit flag bit is changed into 8' h 00; when the number of 0 is more than 1, marking as a working stage;
the Controller is a control module and controls the registration and the working process of the PUF;
power CTR L controls the POWER supply of the module.
FIG. 4 is a first control diagram of power feedback: when the rootkeys recovered for n times continuously in the recovery stage are the same, the recovery is considered to be successful, otherwise, a signal is fed back, and the power supply management logic of the control module is used for controlling the module to be powered on again so as to ensure the stability of the system; or when the system is applied and the recovered RootKey is found to be inconsistent with the previous application, the module can also be configured to control the feedback signal, so that the module is powered on again to recover the RootKey.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (7)
1. An implementation structure of hardware IP based on SRAM PUF is characterized in that: the implementation method comprises the following steps:
the method comprises the following steps: compressing by using a random number generated by TRNG to generate a root key/characteristic value;
step two: the initial value of SRAM is used to generate Help Data for secret sharing.
2. The architecture for implementing hardware IP based on SRAM PUF according to claim 1, wherein: the number of data sources compressed by SM3 is reduced, resulting in the same 256-bit root key/feature value.
3. The architecture for implementing hardware IP based on SRAM PUF according to claim 2, wherein: SM3 was used for HASH value calculation.
4. The architecture for implementing hardware IP based on SRAM PUF according to claim 1, wherein: an association module is also included for associating the value of Help Data with a different chip.
5. The architecture for implementing hardware IP based on SRAM PUF according to claim 1, wherein: the storage of HelpData does not require privacy, it is used to recover the 256-bit root key/feature value.
6. The architecture for implementing hardware IP based on SRAM PUF according to claim 1, wherein: the TRNG is used as a random number source for the PUF during the enrolment phase and is available for external use during the normal operation phase.
7. The architecture for implementing hardware IP based on SRAM PUF according to claim 1, wherein: the device also comprises a feedback module which is used for the feedback of the signal.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010244958.0A CN111444556A (en) | 2020-03-31 | 2020-03-31 | SRAM PUF-based hardware IP implementation structure |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010244958.0A CN111444556A (en) | 2020-03-31 | 2020-03-31 | SRAM PUF-based hardware IP implementation structure |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111444556A true CN111444556A (en) | 2020-07-24 |
Family
ID=71649378
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010244958.0A Pending CN111444556A (en) | 2020-03-31 | 2020-03-31 | SRAM PUF-based hardware IP implementation structure |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111444556A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8516269B1 (en) * | 2010-07-28 | 2013-08-20 | Sandia Corporation | Hardware device to physical structure binding and authentication |
CN109818745A (en) * | 2017-11-21 | 2019-05-28 | 佛山芯珠微电子有限公司 | Internet of Things information security chip |
CN109995507A (en) * | 2019-04-19 | 2019-07-09 | 武汉大学 | A kind of key generation method and device based on PUF, private key storage method |
-
2020
- 2020-03-31 CN CN202010244958.0A patent/CN111444556A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8516269B1 (en) * | 2010-07-28 | 2013-08-20 | Sandia Corporation | Hardware device to physical structure binding and authentication |
CN109818745A (en) * | 2017-11-21 | 2019-05-28 | 佛山芯珠微电子有限公司 | Internet of Things information security chip |
CN109995507A (en) * | 2019-04-19 | 2019-07-09 | 武汉大学 | A kind of key generation method and device based on PUF, private key storage method |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112272094B (en) | Internet of things equipment identity authentication method, system and storage medium based on PUF (physical unclonable function) and CPK (compact public key) algorithm | |
CN114499952B (en) | Alliance chain consensus identity authentication method | |
CN111193748B (en) | Interactive key security authentication method and system | |
CN101483513B (en) | Network backup system, data backup and recovery method | |
CN105337725B (en) | A kind of key management apparatus and method | |
CN110943976A (en) | Password-based user signature private key management method | |
CN110225014B (en) | Internet of things equipment identity authentication method based on fingerprint centralized issuing mode | |
CN112653553B (en) | Internet of things equipment identity management system | |
Pan et al. | An enhanced secure smart card-based password authentication scheme. | |
CN106533697A (en) | Random number generating and extracting method and application thereof to identity authentication | |
CN111865579B (en) | SM2 algorithm transformation-based data encryption and decryption method and device | |
CN106358184A (en) | Point-to-point identity authentication method | |
CN111163108A (en) | Electric power Internet of things security terminal chip composite encryption system and method | |
CN112422279B (en) | Intelligent terminal key management method and hierarchical management system | |
CN114244531A (en) | Lightweight self-updating message authentication method based on strong PUF | |
CN111865602B (en) | Intelligent energy service system heterogeneous terminal multiparty authentication method and system | |
CN116089928A (en) | Uniform password resource management method | |
CN111444556A (en) | SRAM PUF-based hardware IP implementation structure | |
CN100566239C (en) | The key transmission method of multi-stage intelligent key apparatus and system | |
CN115941176A (en) | PUF-based bidirectional authentication and key agreement method | |
CN202672887U (en) | Coded lock | |
CN114499854B (en) | Identity authentication method and system based on wireless sensor network and electronic equipment | |
CN114553419A (en) | Quantum identity authentication method and system based on continuous variable quantum key distribution | |
CN103856939B (en) | Two-stage identity authentication method based on random number | |
Barman et al. | An approach to cryptographic key exchange using fingerprint |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200724 |
|
RJ01 | Rejection of invention patent application after publication |