CN114095182B - Dynamic response and security authentication method and system based on strong PUF - Google Patents
Dynamic response and security authentication method and system based on strong PUF Download PDFInfo
- Publication number
- CN114095182B CN114095182B CN202210063760.1A CN202210063760A CN114095182B CN 114095182 B CN114095182 B CN 114095182B CN 202210063760 A CN202210063760 A CN 202210063760A CN 114095182 B CN114095182 B CN 114095182B
- Authority
- CN
- China
- Prior art keywords
- authentication
- puf
- bit
- excitation
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000004044 response Effects 0.000 title claims abstract description 90
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000005284 excitation Effects 0.000 claims abstract description 62
- 238000012545 processing Methods 0.000 claims abstract description 14
- 238000006243 chemical reaction Methods 0.000 claims abstract description 10
- 239000000758 substrate Substances 0.000 claims description 29
- 230000008569 process Effects 0.000 claims description 9
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000012805 post-processing Methods 0.000 claims description 5
- 230000009466 transformation Effects 0.000 claims description 2
- 238000010801 machine learning Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 abstract description 3
- 230000007246 mechanism Effects 0.000 description 25
- 238000013461 design Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 9
- 230000006399 behavior Effects 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 5
- 230000008859 change Effects 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012549 training Methods 0.000 description 3
- 102100021867 Natural resistance-associated macrophage protein 2 Human genes 0.000 description 2
- 108091006618 SLC11A2 Proteins 0.000 description 2
- 230000008278 dynamic mechanism Effects 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 238000013178 mathematical model Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 230000001131 transforming effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a dynamic response and security authentication method based on a strong PUF, which comprises the following steps: performing exclusive-or operation on the m weak PUFs and output signals of a linear feedback shift register arranged in the equipment, and performing confusion processing on the output signals of the linear feedback shift register; and carrying out exclusive OR operation on the output signal of the linear feedback shift register and m-bit excitation of the bottom liner PUF provided by the dynamic excitation conversion module, and carrying out confusion processing on the m-bit excitation of the bottom liner PUF. According to the invention, authentication can be realized by introducing PUF (physical unclonable function) and using pattern matching, and the designed additional intermediate value of a special authentication character string form structure realizes rapid modeling and registration in a protocol registration stage; and can resist the latest CMA-ES variant attack and maintain the resistance to the traditional machine learning attack.
Description
Technical Field
The invention relates to the technical field of security authentication, in particular to a dynamic response and security authentication method and system based on a strong PUF.
Background
The root cause of a pure PUF pattern that is vulnerable to modeling is its static response behavior. Current architectural designs, such as APUF, XOR-APUF, LSPUF, FF-APUF, iUF, etc., all have accurate mathematical models to reflect the relationship between their inputs (stimuli) and outputs (responses). Also because of the existence of these mathematical models, most complex PUF patterns are also broken by various machine learning-based attacks. Therefore, in an authentication system, the security task should be handed to the protocol level rather than the PUF pattern design at the bottom.
At present, XMPUF and MMPUF are mixed up for all excitation bits, the operation amount is large, and the dynamic response behavior cannot be realized.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a dynamic response and safety authentication method and a system based on a strong PUF (physical unclonable function), authentication is realized by leading out the PUF by using pattern matching, and the designed extra intermediate value of a special authentication character string form structure realizes rapid modeling and registration in a protocol registration stage; and can resist the latest CMA-ES variant attack and maintain the resistance to the traditional machine learning attack.
In order to achieve the purpose, the invention adopts the following technical scheme:
a dynamic response and security authentication method based on a strong PUF, the dynamic response and security authentication method comprising the steps of:
s1, performing XOR operation on the m weak PUFs and the output signal of the linear feedback shift register arranged in the device, and performing confusion processing on the output signal of the linear feedback shift register; the linear feedback shift register is driven by an internal clock signal, and output signals are different in different clock periods; the m is a positive integer larger than 1 and smaller than the total excitation bit number of the bottom liner PUF;
s2, carrying out exclusive OR operation on the output signal of the linear feedback shift register and m-bit excitation of the bottom liner PUF provided by the dynamic excitation conversion module, and carrying out confusion processing on the m-bit excitation of the bottom liner PUF;
wherein the selected m-bit excitations simultaneously satisfy the following conditions: 1) the probability of each confusing stimulus bit affecting the response is made to approach 50%, 2) the substrate PUF and the dynamic obfuscation mechanism both provide the same effect on the final response.
In order to optimize the technical scheme, the specific measures adopted further comprise:
further, in step S2, selecting a confusion target stimulus from the best influence stimulus bit and its neighboring stimulus bits;
the best influencing stimulus bit is the stimulus bit with the influence probability on the PUF response closest to 50%.
Further, the dynamic response and security authentication method includes the steps of:
s3, generating an authentication string:
s31, setting the output signal of the linear feedback shift register to contain m elements in each cycle period, and generating response bits which are cycles with the period of m; let the complete response at the device end be R0, which has a bit length of NROIs m;
s32, two successive subsets R1 and R2 are selected from the random position in the complete response R0, and the bit length of the two subsets is NR1And NR2And N isR1=NR2Home position is ind1;
S33, performing negation operation on all bits of the R2 to obtain R' 2;
s34, putting { R1| | R' 2} into a padding character string provided by a true random number generator, wherein the initial position is ind2Forming an authentication string Ra; ind of1And ind2All provided by a true random number generator;
s4, authentication process:
sending the authentication string Ra from the equipment end to the server end, obtaining the complete response Rb of the server end by the server end according to excitation calculation, circularly comparing the authentication string Ra with the complete response Rb of the server end, and searching whether continuous N exists in the authentication string Ra or notRaAnd matching the bit with a certain part of the Rb, and judging whether the authentication is successful according to a matching result.
Further, the dynamic response and security authentication method includes the steps of:
identify the device code IdiSending the authentication character string Ra and the authentication character string Ra to a server side from the equipment side, wherein the server side sends an equipment identification code Id to the equipment sideiAnd performing authentication, judging that the authentication fails if the authentication is invalid, and otherwise, obtaining a complete response Rb of the server according to excitation calculation.
Further, in step S4, the process of determining whether the authentication is successful according to the matching result includes the following steps:
s41, circularly comparing the authentication character string Ra with the complete response Rb of the server end to obtain the length NR1The maximum matching degree T of the time, if T is less thanFixed matching degree threshold TthIf so, judging that the authentication fails, ending the authentication process, otherwise, entering the step S42;
s42, calculating the character string with the maximum matching degree
、
And a maximum matching bit length Nmatch(ii) a If N is presentmatchAnd contract NR1The difference being less than the bit-length threshold NthIf so, judging that the authentication fails, ending the authentication process, otherwise, entering the step S43;
s43, calculating ind' = -
-
Sending ind' to the equipment end; after the device end receives ind ', the ind' is compared with | ind1-ind2I contrast, if the difference is greater than the bit-length threshold NthIf not, the authentication is successful.
Based on the method, the invention also provides a dynamic response and security authentication system based on the strong PUF, wherein the dynamic response and security authentication system comprises a linear feedback shift register, a dynamic excitation conversion module, a bottom liner PUF, a response post-processing module and m weak PUFs;
the m weak PUFs and m output signal bits of the linear feedback shift register are respectively connected to two input ends of the m first exclusive-or gates, so that the output signals of the m weak PUFs and the output signals of the linear feedback shift register are subjected to exclusive-or operation, and the output signals of the linear feedback shift register are subjected to confusion processing; the linear feedback shift register is driven by an internal clock signal, and output signals are different in different clock periods; the m is a positive integer larger than 1 and smaller than the total excitation bit number of the bottom liner PUF;
the output ends of the m first exclusive-or gates and the m output ends of the dynamic excitation conversion module are respectively connected to two input ends of the m second exclusive-or gates, so that the output signal of the linear feedback shift register and the m-bit excitation of the bottom liner PUF provided by the dynamic excitation conversion module are subjected to exclusive-or operation, and the m-bit excitation of the bottom liner PUF is subjected to aliasing processing;
wherein the selected m-bit excitations simultaneously satisfy the following conditions: 1) the influence probability of each confusion stimulus bit on the response approaches 50%, 2) the substrate PUF and the dynamic confusion mechanism provide the same influence on the final response;
and the output ends of the m second exclusive-or gates are connected with m excitation ends of the bottom liner PUF, and the output end of the bottom liner PUF is connected with the response post-processing module to generate a final response.
The invention has the beneficial effects that:
first, the method and system for strong PUF-based dynamic response and security authentication of the present invention use a small-sized LFSR to dynamically obfuscate only part of the stimuli of the substrate PUF structure, instead of obfuscating all the stimuli bits as in the XMPUF and MMPUF, thereby reducing the computation amount.
Secondly, the invention discloses a dynamic response and security authentication method and system based on a strong PUF, which adopts a weak PUF to confuse an output signal of an LFSR, and then adopts the output signal of the LFSR to dynamically confuse partial excitation of a substrate PUF structure, because the LFSR outputs different signals in different clock cycles, the excitation of the substrate PUF is always changed, thereby realizing the dynamic change of input and output mapping and leading the substrate PUF to have a dynamic response behavior; according to DCT design, LFSRs and weak PUFs provide dynamic aliasing signals. The substrate PUF and DCT can produce multiple different responses (dynamic responses) that make it more difficult for an attacker to model, requiring only one master stimulus to be input.
Thirdly, the invention provides a security authentication protocol aiming at the dynamic response mechanism and reduces the application difficulty of authentication. The proposed authentication mechanism supports different parameters NR1, enabling an unlimited number of authentications.
Drawings
Fig. 1 is a schematic diagram of the principle of the PUF response behavior dynamization mechanism of the present invention.
FIG. 2 is a schematic diagram of the basic structure of the dynamic incentive conversion module of the present invention.
Fig. 3 is a schematic structural diagram of a dynamic excitation transforming module incorporating a weak PUF according to the present invention.
FIG. 4 is a diagram of the simulated statistical structure of the probability of impact (SAC properties) of 64-bit stimuli on responses for 64-stage APUF variants in accordance with the present invention.
FIG. 5 is a schematic diagram of an authentication string set according to the present invention.
Fig. 6 is a schematic diagram illustrating the principle of matching the authentication strings at the server end according to the present invention.
Fig. 7 is a block diagram of the equipment end component of the present invention.
FIG. 8 is a graphical representation of the relationship between the number of training CRPs used in the present invention and the prediction rate.
Fig. 9 is a code diagram of the registration phase of the present invention.
Fig. 10 is a schematic diagram of the authentication phase code of the present invention.
Detailed Description
The present invention will now be described in further detail with reference to the accompanying drawings.
It should be noted that the terms "upper", "lower", "left", "right", "front", "back", etc. used in the present invention are for clarity of description only, and are not intended to limit the scope of the present invention, and the relative relationship between the terms and the terms may be changed or adjusted without substantial technical change.
One, dynamic response
This embodiment refers to a dynamic response and security authentication method based on a strong PUF, which includes the following steps:
s1, performing XOR operation on the m weak PUFs and the output signal of the linear feedback shift register arranged in the device, and performing confusion processing on the output signal of the linear feedback shift register; the linear feedback shift register is driven by an internal clock signal, and output signals are different in different clock periods; the m is a positive integer larger than 1 and smaller than the total excitation bit number of the bottom liner PUF;
s2, carrying out exclusive OR operation on the output signal of the linear feedback shift register and m-bit excitation of the bottom liner PUF provided by the dynamic excitation conversion module, and carrying out confusion processing on the m-bit excitation of the bottom liner PUF;
wherein the selected m-bit excitations simultaneously satisfy the following conditions: 1) the probability of each confusing stimulus bit affecting the response is made to approach 50%, 2) the substrate PUF and the dynamic obfuscation mechanism both provide the same effect on the final response.
In order to change the static response behavior of the strong PUF, the present embodiment proposes a mechanism to make the response behavior of the strong PUF dynamic, and the concept thereof is shown in fig. 1. In the response dynamization mechanism, besides the substrate PUF, two modules are included: dynamic excitation transformation DCT and response post-processing.
Unlike the concept of a reconfigurable PUF, in response to the dynamization mechanism, the reconfiguration signal to the substrate PUF originates from inside the device, not from outside. The DCT module is designed as shown in fig. 2, and part of the excitation of its substrate PUF pattern is xored with a signal provided by an internal LFSR. The LFSR is driven by an internal clock signal. Since the LFSR outputs different in different clock cycles, the stimulus of its substrate PUF is always changing. This enables dynamic changes in the input and output mapping. Considering that the feedback function of the LFSR can be derived by analyzing its structure, this embodiment also designs a variant of DCT, which confuses the LFSR output signal with a weak PUF, as shown in fig. 3. Also, both weak PUFs are used for obfuscation, unlike XMPUFs and MMPUFs, the proposed DCT design uses the LFSR-provided signal and the weak PUF response to obfuscate part of the stimulus bits of the substrate PUF. Of course, the fundamental difference is that the PUF with DCT has a dynamic response behavior. In the designed DCT, the small-sized LFSR is used in the embodiment, and only part of excitation of the substrate PUF structure is subjected to dynamic confusion, but not all excitation bits are subjected to confusion like XMPUF and MMPUF. However, these excitation bits are not randomly selected, and the excitation bits selected by the present embodiment must satisfy a certain condition.
Before this, simulation statistics were performed on the influence probability (SAC attribute) of 64-bit excitation on the response of the 64-stage APUF variants in this example, and the results are shown in fig. 4. Here, the FF ring in 1-FF APUF starts at the twentieth stage and ends at the 60 th stage.
According to the SAC criterion, each bit of excitation has the most ideal security performance if it provides 50% probability of influence on the final response. This embodiment takes as the best influencing excitation bit (OIC) the excitation bit with the probability of Influence on the PUF response closest to 50%. In APUF and all its variants, the influence of each stimulus on the response is different. It can be noted from fig. 4 that for most of them the OIC is located close to the middle stage. The OIC for FF apaf may also occur elsewhere (depending on the location of the FF ring), with the OIC for iPUF at 1/4 and 3/4 of the total length.
In the proposed dynamic response mechanism, the excitation bits with the best SAC properties, i.e. OIC and its neighboring excitation bits, are selected for aliasing in the present embodiment. This is done in order to 1) get the probability of each aliased stimulus bit affecting the response close to 50%, 2) to make both the substrate PUF and the dynamic aliasing mechanism provide the same influence on the final response. This is to ensure security, because either of them has an excessive influence on the response, and thus an approximate attack can be used, and the smaller one can be ignored to obtain a prediction effect higher than 50%, which causes a potential safety hazard.
Second, safety certification
The dynamic nature of the aforementioned PUFs makes them more difficult for an attacker to model, but also increases the application difficulty for authentication. Therefore, the embodiment designs a dynamic authentication mechanism and a mechanism for further improving the security.
Authentication string form and authentication mechanism design
According to DCT design, LFSRs and weak PUFs provide dynamic aliasing signals. The substrate PUF and DCT can produce multiple bit different responses (dynamic responses) with only one master stimulus input. From LFSRThe signal is cyclic, and assuming that each cyclic period contains m elements, the response bit generated is a cycle also of period m. Given that the complete response of the substrate PUF and DCT is R0, its bit length is NROAnd (d) = m. For security, the present embodiment designs a special composition form of the authentication string Ra on the device side, as shown in fig. 5. First two successive subsets R1 and R2 are chosen from random positions in the complete response R0, their bit length NR1=NR2Home position is ind1. Then, all bits of R2 are inverted to obtain R' 2. Then put { R1| | R' 2} into the padding string provided by TRNG, the initial position is ind2An authentication string Ra is formed. Ind of1And ind2Are all provided by TRNG.
After Ra is sent from the equipment end to the server end, the server end obtains a complete response Rb (which is the same as R0 of the equipment end) according to the excitation calculation, and then the Ra and the Rb are circularly compared to find whether continuous N exists in the Ra or notRaThe bit bits match some fraction of Rb as shown in fig. 6.
Proposed mutual authentication protocol
(1) Registration phase
At this stage, the server side first sends a sufficient number of stimuli to the device side. In addition to responding to the corresponding response, the device side needs to respond to m complete cyclic states of the LFSR, the responses of the weak PUFs and the device identification codes IDiAnd sending the data to a server side. And finally, the server side models the bottom liner PUF and the DCT of the equipment side according to the information. The specific process is shown in fig. 9.
(2) Authentication phase
When authenticating, the server side first sends part of the excitation bit Cb to the device side. After the equipment end receives Rb, the TRNG is used for generating partial excitation bit Ra and random index ind1And ind2. And according to a DCT mechanism, inputting the main excitation { Ca | | Cb }, the signal L provided by the LFSR and the weak PUF response into the bottom liner PUF to obtain a response R0. And then the random index ind is selected from subsets R1 and R2 of R02And the random pad string forms Ra. Then the ID is addediCa, and Ra are sent to the server side.After receiving the information, the server end compares the ID firstlyiAnd if the authentication is not valid, judging that the authentication fails. Then, calculating complete response Rb according to the bottom liner PUF and the DCT model, and matching by using Ra to obtain the length NR1The maximum matching degree T is determined, if T is less than the set threshold value TthThen the authentication is determined to be failed. If the matching degree threshold value is met, the character string with the maximum matching degree is calculated to correspond to
、 
And a maximum matching bit length Nmatch. If N is presentmatchAnd contract NR1The difference being greater than the bit-length threshold NthThen the authentication is determined to be failed. Thereafter, ind' = calculation of current count
-
And sending ind' to the device side. After the device end receives ind ', the ind' is compared with | ind1-ind2I contrast, if the difference is greater than the bit-length threshold NthThen the authentication is determined to be failed. The specific code is shown in fig. 10.
(3) Threshold update
The proposed authentication mechanism supports different parameters NR1. Note that the second determination condition at the server side, the maximum matching bit length of the authentication string Ra and NR1The difference cannot be too great. This means that even if a character string containing more real response bits is used, authentication cannot be passed. Therefore, a new parameter N is usedR1All authentication strings that have been used can be made no longer valid.
Authentication performance
The hardware module composition of the device side is shown in fig. 7.
(1) Authentication accuracy and false acceptance rate
Authentication accuracy refers to the probability of authentication failure when a correct authentication string is used. Due to the existence of noise and the change of environment, the response of the substrate PUF has certain instability, and further, some error bits appear in the authentication character string. These erroneous bits may cause a reduction in authentication accuracy. In the proposed authentication protocol, whether authentication succeeds or not depends on whether the matching degree of the authentication character string satisfies a threshold value or not. When the threshold is set to 0.95, it means that there are less than 5% error bits and authentication is still possible. The false acceptance rate refers to the probability of passing authentication when a false authentication string is used. This is equivalent to the probability of a random guess.
(2) Unlimited number of authentications
Due to the dynamics of the DCT mechanism, multiple inputs of the same dominant stimulus will result in different authentication strings. In addition Besides, the proposed authentication protocol supports updating new parameter NR1. An unlimited number of authentications are achieved.
(3) Fault tolerance
As described above, when the matching degree threshold T is setthLess than 1, the proposed authentication mechanism can tolerate some error bits. Of course, this threshold of matching degree is not set too low to prevent brute force attacks. The suggested matching degree threshold value ranges from 0.8 to 0.95.
Third, protocol security analysis
The security of PUF-based authentication protocols comes from two aspects: the first is modeling resistance of the bottom liner PUF, and the second is authentication mechanism
When a protocol is attacked by using a traditional modeling method based on machine learning, a reverse engineering mode special for a specific protocol is generally needed to obtain the response of the substrate PUF. And modeling the bottom liner PUF. In other words, the resistance offered by the protocol level to a traditional modeling attack depends on the difficulty of the attacker to extract a valid response of the substrate PUF from the authentication string. The present embodiment will analyze the proposed authentication protocol for resistance to traditional modeling attacks.
(1) Modeling resistance promotion provided by DCT mechanism
According to the response dynamic mechanism designed in the first section, the present embodiment first analyzes the attack resistance brought by the response dynamic mechanism. The internal LFSR is not related to the input (stimulus), which means that its seed value is unknown, as is the signal provided to the substrate PUF. It is difficult to obtain a real-time and efficient excitation of the substrate PUF. All the states that the LFSR can provide can only be combined with the known partial stimulus as a complete stimulus for the substrate PUF. The response and these stimuli are then combined and trained as inputs to the modeling algorithm until a certain combination is found that can converge. It can thus be seen that the larger the size of the internal LFSR, the greater the number of combinations an attacker needs to try, and the greater the cost of modeling.
(2) Modeling resistance promotion provided by authentication mechanism
The combination of the DCT mechanism and the PUF can also be modeled according to the method provided above. Here the embodiment analyzes the attack resistance brought by the complete authentication protocol. To model a substrate PUF pattern, an attacker needs to try to obtain an effective stimulus and response to the substrate PUF. When only the dynamic obfuscation mechanism is used, an attacker can obtain it by traversing all the states of the LFSR. In the proposed authentication protocol, the attacker also needs to traverse all possible combinations provided by the authentication strings. Three factors greatly increase the number of combinations. Length N of subsetR1Start position ind of the subset1Position ind of padding string2The relationship between the number of all possible combinations and them is:
for comparison, the embodiment uses an Intel Xeon E5-2673 chip with a RAM of 32Gb, runs the CMA-ES algorithm, and models attacks on three scenes: 1) pure PUF constructions (including 64-stage APUF, 2-XOR APUF, 1,2-iPUF), 2) substrate PUF and DCT, 3) proposed a complete authentication protocol. Number of training CRP used NtrainAnd prediction rates as shown in FIG. 8, the CMA-ES attack results against several substrate structures. The DCT mechanism uses 10-LFSR, authentication protocol and 10-bit LFSR,NR1=128,NRa= 512. (the number of CRPs required to model the DCT1 and the DCT2 is the same).
As can be seen from fig. 8, the dynamic obfuscation mechanism greatly increases the modeling cost. In fact, the number of CRPs required for DCT is related to the size of the internal LFSR. The number of combinations that a 10-bit LFSR can provide is 210=1024, which means that the attacker needs to try 512 combinations on average to find the right one. For DCT and weak PUFs, since the weak PUF further hides the LFSR output, it offers more possible combinations, meaning that an attacker needs to search for more space. In addition to the increased number of CRPs required, the training time required for modeling will also increase substantially. The time penalty required for a conventional modeling attack is given here, as shown in the table. For the parameters used in this experiment, according to equation (1), the number of combinations that the attack algorithm needs to search for is
. In this number of levels of combination, a machine learning algorithm is run with a prediction rate substantially equivalent to a random guess. In fact, for the proposed complete protocol, this embodiment runs the attack algorithm for more than one week, with the result that even for a simplest substrate 64-stge APUF, no correct combination can be found.
Table 1 shows the time cost modeled using CMA-ES, where the DCT1, DCT2, and authentication protocol use 10-bit LFSR, NR1=128,NRa=512,NRb=1024。
TABLE 1 time cost for successful modeling
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.
Claims (4)
1. A dynamic response and security authentication method based on a strong PUF (physical unclonable function), which is characterized by comprising the following steps:
s1, performing XOR operation on the m weak PUFs and the output signal of the linear feedback shift register arranged in the device, and performing confusion processing on the output signal of the linear feedback shift register; the linear feedback shift register is driven by an internal clock signal, and output signals are different in different clock cycles; the m is a positive integer larger than 1 and smaller than the total excitation bit number of the bottom liner PUF;
s2, performing exclusive OR operation on the output signal of the linear feedback shift register subjected to the aliasing processing and m-bit excitation of the bottom liner PUF provided by the dynamic excitation conversion module, and performing aliasing processing on the m-bit excitation of the bottom liner PUF;
the security authentication method comprises the following steps:
s3, generating an authentication string:
s31, defining that the output signal of the linear feedback shift register contains m elements in each cycle period, and generating a response bit which is a cycle with the period of m; the complete response at the device end is R0, which has a bit length of NROIs m;
s32, two successive subsets R1 and R2 are selected from the random position in the complete response R0, and the bit length of the two subsets is NR1And NR2And N isR1=NR2The start position is ind1;
S33, performing negation operation on all bits of the R2 to obtain R' 2;
s34, putting { R1| | R' 2} into a padding character string provided by a true random number generator, wherein the initial position is ind2Forming an authentication character string Ra; ind of1And ind2All provided by a true random number generator;
s4, authentication process:
the authentication character string Ra is sent to the server side from the equipment side, and the server side obtains the server side according to the excitation calculationCircularly comparing the authentication string Ra with the server-side complete response Rb, and searching whether continuous N exist in the authentication string RaRaMatching the bit with a certain part of Rb, and judging whether the authentication is successful according to a matching result;
in step S2, selecting an aliasing target excitation from the excitation bit with the best influence and the excitation bits adjacent to the excitation bit;
the best influencing stimulus bit is the stimulus bit with the influence probability on the PUF response closest to 50%.
2. A strong PUF-based dynamic response and security authentication method according to claim 1, characterised in that it comprises the following steps:
identify the device code IdiSending the authentication character string Ra and the authentication character string Ra to a server side from the equipment side, wherein the server side sends an equipment identification code Id to the equipment sideiAnd performing authentication, judging that the authentication fails if the authentication is invalid, and otherwise, obtaining a complete response Rb of the server according to excitation calculation.
3. The strong PUF-based dynamic response and security authentication method according to claim 1, wherein in step S4, the process of determining whether the authentication is successful according to the matching result includes the following steps:
s41, circularly comparing the authentication character string Ra with the complete response Rb of the server end to obtain the length NR1The maximum matching degree T is determined, if T is less than the set threshold value TthIf so, judging that the authentication fails, ending the authentication process, otherwise, entering the step S42;
s42, calculating the character string with the maximum matching degree
、
And a maximum matching bit length Nmatch(ii) a If N is presentmatchAnd contract NR1Difference valueLess than bit-length threshold NthIf so, judging that the authentication fails, ending the authentication process, otherwise, entering the step S43;
s43, calculating ind' = -
-
Sending ind' to the equipment end; after the device end receives ind ', the ind' is compared with | ind1-ind2I contrast, if the difference is greater than the bit length threshold NthIf not, the authentication is successful.
4. A strong PUF-based dynamic response and security authentication system based on the method according to any one of claims 1 to 3, wherein the system comprises a linear feedback shift register, a dynamic stimulus transformation module, a substrate PUF, a response post-processing module and m weak PUFs;
the m weak PUFs and m output signal bits of the linear feedback shift register are respectively connected to two input ends of the m first exclusive-or gates, so that the output signals of the m weak PUFs and the output signals of the linear feedback shift register are subjected to exclusive-or operation, and the output signals of the linear feedback shift register are subjected to confusion processing; the linear feedback shift register is driven by an internal clock signal, and output signals are different in different clock periods; the m is a positive integer larger than 1 and smaller than the total excitation bit number of the bottom liner PUF;
the output ends of the m first exclusive-or gates and the m output ends of the dynamic excitation conversion module are respectively connected to two input ends of the m second exclusive-or gates, so that the output signal of the linear feedback shift register subjected to aliasing processing and m-bit excitation of the bottom liner PUF provided by the dynamic excitation conversion module are subjected to exclusive-or operation, and the m-bit excitation of the bottom liner PUF is subjected to aliasing processing; specifically, selecting a confusion target stimulus from the best influence stimulus bit and its neighboring stimulus bits; the best influence excitation bit refers to the excitation bit with the influence probability on the PUF response closest to 50%;
and the output ends of the m second exclusive-or gates are connected with m excitation ends of the bottom liner PUF, and the output end of the bottom liner PUF is connected with the response post-processing module to generate a final response.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210063760.1A CN114095182B (en) | 2022-01-20 | 2022-01-20 | Dynamic response and security authentication method and system based on strong PUF |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210063760.1A CN114095182B (en) | 2022-01-20 | 2022-01-20 | Dynamic response and security authentication method and system based on strong PUF |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114095182A CN114095182A (en) | 2022-02-25 |
| CN114095182B true CN114095182B (en) | 2022-05-03 |
Family
ID=80308903
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210063760.1A Active CN114095182B (en) | 2022-01-20 | 2022-01-20 | Dynamic response and security authentication method and system based on strong PUF |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114095182B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114928454B (en) * | 2022-06-09 | 2024-01-09 | 湖南大学 | CRP (common-point control) confusion circuit and data confusion method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112106A (en) * | 2014-06-27 | 2014-10-22 | 广州中长康达信息技术有限公司 | Physical unclonability-based RFID lightweight class authentication method |
| CN109005040A (en) * | 2018-09-10 | 2018-12-14 | 湖南大学 | Dynamic multi-secrets key obscures PUF structure and its authentication method |
| CN109614790A (en) * | 2018-11-28 | 2019-04-12 | 河海大学常州校区 | Light-weight authentication equipment and authentication method based on feedback loop PUF |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9628272B2 (en) * | 2014-01-03 | 2017-04-18 | William Marsh Rice University | PUF authentication and key-exchange by substring matching |
| US10511451B2 (en) * | 2016-11-04 | 2019-12-17 | Taiwan Semiconductor Manufacturing Company Ltd. | Physically unclonable function (PUF) device and method of extending challenge/response pairs in a PUF device |
-
2022
- 2022-01-20 CN CN202210063760.1A patent/CN114095182B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104112106A (en) * | 2014-06-27 | 2014-10-22 | 广州中长康达信息技术有限公司 | Physical unclonability-based RFID lightweight class authentication method |
| CN109005040A (en) * | 2018-09-10 | 2018-12-14 | 湖南大学 | Dynamic multi-secrets key obscures PUF structure and its authentication method |
| CN109614790A (en) * | 2018-11-28 | 2019-04-12 | 河海大学常州校区 | Light-weight authentication equipment and authentication method based on feedback loop PUF |
Non-Patent Citations (2)
| Title |
|---|
| 一种基于线性反馈移位寄存器的轻量级强PUF设计;侯申;《图学学报》;20200229;第41卷(第1期);第2.1节 * |
| 轻量级可配置强物理不可克隆函数设计;侯申;《计算机辅助设计与图形学学报》;20211031;第33卷(第10期);摘要,第2节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114095182A (en) | 2022-02-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | Set-based obfuscation for strong PUFs against machine learning attacks | |
| Feng et al. | AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS | |
| Tobisch et al. | On the scaling of machine learning attacks on PUFs with application to noise bifurcation | |
| Bringer et al. | HB^+^+: a lightweight authentication protocol secure against some attacks | |
| Delvaux et al. | Secure lightweight entity authentication with strong PUFs: Mission impossible? | |
| Hiller et al. | Breaking through fixed PUF block limitations with differential sequence coding and convolutional codes | |
| KR20170098733A (en) | Method of testing the resistance of a circuit to a side channel analysis of second order or more | |
| Becker et al. | Security analysis of index-based syndrome coding for PUF-based key generation | |
| CN107733655B (en) | APUF security authentication method based on polynomial reconstruction | |
| Zhang et al. | Fast correlation attacks on Grain-like small state stream ciphers | |
| CN108683505B (en) | APUF circuit that possesses security | |
| JP2017508173A (en) | Digital value processing apparatus and method | |
| Konigsmark et al. | System-of-PUFs: Multilevel security for embedded systems | |
| CN114095182B (en) | Dynamic response and security authentication method and system based on strong PUF | |
| CN112019347B (en) | Lightweight security authentication method based on XOR-APUF | |
| Sauer et al. | Sensitized path PUF: A lightweight embedded physical unclonable function | |
| Zalivaka et al. | FPGA implementation of modeling attack resistant arbiter PUF with enhanced reliability | |
| Aseeri et al. | A subspace pre-learning approach to fast high-accuracy machine learning of large xor pufs with component-differential challenges | |
| Hou et al. | A dynamically configurable LFSR-based PUF design against machine learning attacks | |
| Jana et al. | Differential fault attack on photon-beetle | |
| CN113158179B (en) | Learning side channel attack method for automatically discovering leakage model and encryption equipment | |
| Ramezanpour et al. | Fault intensity map analysis with neural network key distinguisher | |
| Suzuki et al. | Multiple-valued debiasing for physically unclonable functions and its application to fuzzy extractors | |
| JP2007174024A (en) | Encryption processing apparatus | |
| You et al. | Low trace-count template attacks on 32-bit implementations of ASCON AEAD |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |