CN115659886A - Software PUF configuration method based on over-frequency state DEC circuit time sequence error - Google Patents
Software PUF configuration method based on over-frequency state DEC circuit time sequence error Download PDFInfo
- Publication number
- CN115659886A CN115659886A CN202211679452.8A CN202211679452A CN115659886A CN 115659886 A CN115659886 A CN 115659886A CN 202211679452 A CN202211679452 A CN 202211679452A CN 115659886 A CN115659886 A CN 115659886A
- Authority
- CN
- China
- Prior art keywords
- puf
- circuit
- response
- frequency
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Executing Machine-Instructions (AREA)
Abstract
The invention discloses a software PUF configuration method based on a DEC circuit time sequence error in an overclocking state, which comprises the steps of determining the system clock frequency FEF of a first error of a circuit output result in the clock overclocking state of a DEC circuit system; setting a sampling interval, measuring and calculating response stability and entropy source position based on FEF, and further determining an optimal frequency point for extracting PUF response; when equipment authentication is required, the circuit chip is switched to the PUF mode, and PUF response is extracted based on the optimal frequency point. The uniqueness and stability of the software PUF based on the time sequence error under the overclocking are greatly improved, and the PUF response can be generated efficiently and safely.
Description
Technical Field
The invention belongs to the technical field of hardware security, and particularly relates to a software PUF configuration method based on a time sequence error of a DEC circuit in an over-frequency state.
Background
As the integrated circuit industry continues to evolve, the size of transistors also gets smaller, which drives the need for low power portable devices. It was estimated by International Data Corporation (IDC) that by 2025 there would be 416 hundred million devices connected to the internet, producing 79.4ZB of data. With the rise of the internet of things (IOT) era, how to protect the secure communication between devices and the security of the devices in the internet of everything era is a major problem to be solved urgently.
Traditional security mechanisms require intensive computing, consume large amounts of resources, and are not desirable for low-power, resource-limited platforms. Therefore, new lightweight hardware security technologies are being researched to better secure hardware devices on resource-constrained platforms, and a Physical Unclonable Function (PUF) is one such security mechanism.
In the manufacturing process of the integrated circuit, even though the same batch of chips manufactured by the same manufacturer are influenced by factors such as temperature, humidity, voltage, layout and wiring and the like, some differences exist among the chips, and the PUF extracts entropy from the differences. The PUF can well solve the security problem of hardware equipment on a resource-limited platform, particularly in the aspects of equipment identification and authentication. The authentication mechanism of PUFs is based on a stimulus-response pair: for a particular stimulus (input) a unique response (output) is generated, the form of the stimulus and response depending on our PUF design and the required properties. The main goal of PUF design is to produce enough entropy so that each PUF design instance produces a unique response to a particular stimulus, while also ensuring the reliability of the response. Typically, PUFs are implemented on a separate circuit that is added as a component to the target circuit to be securely encrypted, or implemented on an FPGA. The vast majority of current PUF designs are those based on some specific hardware circuit. Such PUF studies introduce designs with desirable security properties, but are not suitable for use on resource-constrained and already existing devices due to the need to change circuit designs and add hardware components to implement PUF functions.
One potential solution to the above problem is a software PUF, the entropy of which is extracted from the circuitry already present in the system, without the need to modify the original hardware circuitry, purely by way of software. These PUFs have the advantage that no additional hardware resources need to be consumed and no modifications to the device hardware are required. Furthermore, since they are software-based, it is often possible to deploy such PUFs to devices that are already in use. By their nature, each software PUF design relies on the characteristics of the existing hardware components in the system. Therefore, in order to enable these PUFs to be used on a wide range of devices, it is necessary to make a feasible design using as wide a range of underlying hardware as possible.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a software PUF configuration method based on the time sequence error of a DEC circuit in an over-frequency state aiming at the defects of the prior art, the time sequence error generated by the DEC circuit in a post-quantum cryptography (PQC) circuit under the over-frequency condition is used as an entropy source of the PUF, a frequency point which enables the PUF to have the best response stability is searched by dynamically adjusting the clock frequency of a hardware circuit, and the proportion of the entropy source bit in the PUF response is considered at the same time, so that the uniqueness and the stability of the software PUF based on the time sequence error under the over-frequency condition are greatly improved, and the PUF response can be generated efficiently and safely. By selecting an appropriate overclocking frequency point for a hardware circuit through the proposed clock frequency regulation strategy, and extracting an entropy source at the frequency point, the generated PUF response has good uniformity, uniqueness and reliability, and the PUF greatly improves the stability and uniqueness of the response compared with the previous software PUF design.
In order to achieve the technical purpose, the technical scheme adopted by the invention is as follows:
the software PUF configuration method based on the time sequence error of the DEC circuit in the over-frequency state comprises the following steps:
1) Determining the system clock frequency FEF of a first error of a circuit output result in an over-frequency state of a DEC circuit system clock;
2) Setting a sampling interval, and calculating the stability and entropy source bit of the response based on FEF (field emission function), so as to determine the optimal frequency point for extracting the PUF response;
3) When equipment authentication is needed, the chip is switched to the PUF mode, and PUF response is extracted based on the optimal frequency point.
In order to optimize the technical scheme, the specific measures adopted further comprise:
1) gradually increasing the system clock frequency of the DEC circuit until the output result of the circuit goes wrong for the first time, and obtaining the FEF.
The DEC circuit is a DEC circuit in a post-quantum cryptography circuit, and when a 256-bit message output of the DEC circuit is in error for the first time, the system clock frequency at the moment is recorded as FEF.
And 2) setting a sampling interval according to a specific system clock frequency, taking the FEF as an initial frequency point, continuously increasing the sampling frequency on the basis, and calculating the stability and the entropy source bit of the generated response at each sampling frequency point until the stability and the proportion of the entropy source bit in the response reach an ideal value, wherein the entropy source bit refers to a bit which has errors in a circuit output result under the over-frequency condition compared with the normal condition.
The above-mentioned stability calculation method is:
wherein Stability represents Stability and HD represents the Hamming distance between two responses;
under certain ambient temperature and supply voltage conditions,
and
representing responses generated by a certain PUF chip at the p-th time and the q-th time under the same stimulus; w is the total number of response generation;lthe number of bits in each response;
the proportion of the entropy source bits in the response is calculated as follows: the proportion of the entropy source bits in the response = the number of erroneous bits in the response/the total number of bits in the response;
the ideal value of stability is 100% and the ideal value of the proportion of entropy source bits in the response is 50%.
The DEC circuit is provided with a normal mode and a PUF mode;
when the circuit chip is in a normal mode, the frequency of a system clock is unchanged, and the circuit normally performs functions at the moment;
when the circuit chip performs a PUF function, it will switch to a PUF mode.
And 3) when the device authentication is carried out, the chip is switched to the PUF mode, the frequency of the system clock is adjusted to be an optimal frequency point, n times of PUF responses are continuously extracted from the optimal frequency point, and the response result with the largest occurrence number is taken as the final PUF response.
N is 10.
The invention has the following beneficial effects:
1. the entropy is extracted by utilizing the time sequence error generated by the circuit under the condition of over-frequency, and the optimal frequency point responded by the PUF is selected by a dynamic clock regulation strategy, so that the aims of improving the stability, uniqueness and reliability of the PUF are fulfilled;
2. a dynamic clock adjustment strategy is provided to select an optimal frequency point for the extraction of the PUF response, and the frequency is close to an ideal value in both the stability of the PUF response and the proportion of entropy source bits. The following problems are solved: in the manufacturing process of the integrated circuit, even though the same batch of chips manufactured by the same manufacturer are influenced by factors such as process, environment and the like, the differences exist among the chips, and the differences can be reflected as time sequence errors of the circuit under the over-frequency condition, and the time sequence errors are unique to different chips. Timing errors at over-frequency can be used as an entropy source of a software PUF, but as the clock frequency of a flip-flop in a hardware circuit increases, the probability of metastability increases, because the probability of metastability = (setup time + hold time)/capture clock cycle. Once a metastable state occurs, the errors of the circuit caused by the fact that the circuit does not meet the timing constraint under the condition of over-frequency also become unstable, the output result of the circuit becomes unstable, and the response stability of the PUF also becomes poor;
3. the invention is divided into two functional modes on the final hardware circuit functional design: the chip is in the normal mode, the frequency of a system clock is unchanged, the circuit normally functions at the moment, and when the chip executes the PUF function, the chip is switched to the PUF mode. The system clock frequency is adjusted to the optimum frequency point mentioned above and then the PUF response is extracted. In this mode, the circuit output will only appear as a PUF response and will not interfere with the circuit functioning properly.
Drawings
FIG. 1 is a schematic diagram of critical path delays for different chips;
FIG. 2 is a schematic diagram of the change in PUF stability and entropy source bits as the clock frequency increases;
fig. 3 is a flow of configuration of the FAS-PUF.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
As shown in fig. 3, a high-efficiency software PUF (FAS-PUF) configuration method based on a timing error inside a DEC circuit in an over-frequency state is mainly performed in three parts:
1) Hardware circuit function is wrong under the overclocking: determining the system clock frequency FEF of a first error of a circuit output result in an over-frequency state of a DEC circuit system clock;
because of the influence of temperature, humidity, voltage, layout and wiring and other factors in the manufacturing process of integrated circuits, even though the chips are manufactured by the same manufacturer in the same batch, some differences exist among the chips. In static timing analysis, these differences are manifested as different critical path lengths for different chips, as shown in fig. 1. When the circuit is functioning normally at a normal operating frequency, these timing differences are difficult to be reflected. When the clock frequency is gradually increased (this process is also referred to as over-clocking) until the timing constraints of the circuit are not met and the circuit functions are faulty, these timing differences manifest as differences in the frequency points of the fault, the location of the fault in the critical path, and the errors that are generated. These timing differences are unique for different hardware circuits.
Under the condition that the system clock exceeds the frequency, the time sequence constraint of the system is gradually not met along with the continuous increase of the clock frequency, and the circuit function can be in error. These chip-to-chip differences will manifest themselves as differences in the frequency points of the errors, the locations of the errors in the critical path, and the errors generated. When configuring the FAS-PUF function for a specific hardware circuit, the system clock frequency of the hardware circuit is first increased step by step until the output result of the circuit is in first error.
In the hardware implementation of the technical scheme of the invention, a Decryption (DEC) circuit in a post-quantum cryptography (PQC) circuit is used, and when a 256-bit message output of the DEC circuit makes a First Error, the system clock Frequency at the moment is recorded as First Error Frequency (FEF).
2) Determining the optimal frequency point of the PUF response: setting a sampling interval, and calculating the response stability and entropy source position based on FEF (field emission function), thereby determining an optimal frequency point for extracting PUF (physical unclonable function) response;
in a digital circuit, if the system clock frequency is too high, so that the setup time and the hold time of the flip-flop are not satisfied, the flip-flop may generate a metastable state, that is, the flip-flop in the hardware circuit may enter the metastable state with a certain probability because the requirements of the setup time and the hold time are not satisfied under the condition of over-frequency. The flip-flop output in the metastable state can randomly select 0 or 1, and is not influenced by the input: in the meta-stable state, the flip-flop output Q is in an indeterminate state for a relatively long time after the active clock edge, during which time the Q is oscillating between 0 and 1, rather than being equal to the value of the data input D, which is referred to as the decision time. After the decision time, the Q end will be stable to 0 or 1, but stable to 0 or 1 is random and has no necessary relation with the input.
The metastable state of the flip-flop is an important reason for poor stability of the circuit output result under the over-frequency condition, and the probability of the metastable state is increased along with the increase of the clock frequency. In addition, the position where a timing error occurs in the data path and the position where a metastable state occurs in the circuit have a certain influence on the stability of the circuit output result. That is, the metastable state of the flip-flop causes the stability of the circuit to be poor, and the output result of the circuit in this case also becomes unstable, which is reflected by the randomness of the number of erroneous bits and the location of the errors.
However, the stability of the error of the hardware circuit under the over-frequency condition is influenced by the system clock frequency, and the stability and the relation of the entropy source bit changing along with the clock frequency are shown in fig. 2, wherein the stability is realized on a Basys 3 FPGA development board by taking a DEC circuit in PQC as an example.
Therefore, an appropriate clock frequency point is selected by adopting an optimization design of a dynamic clock frequency regulation strategy, a PUF response is extracted from the frequency point, and two factors of the stability of the PUF response and the proportion of entropy source bits in the response are considered simultaneously when the frequency point is selected. The method comprises the following specific steps:
in order to determine the optimal frequency point for extracting the PUF response, the invention sets a sampling interval according to the specific system clock frequency, takes FEF as an initial frequency point, continuously increases the sampling frequency on the basis, calculates the stability and entropy source bit of the generated response on each sampling frequency point until the frequency point with the stability and entropy source bit close to the ideal value appears, and records as the optimal frequency point.
Wherein, the stability calculation mode is as follows:
wherein Stability represents Stability and HD represents the Hamming distance between two responses;
under a certain ambient temperature and supply voltage condition,
and
representing responses generated by a certain PUF chip at the p-th time and the q-th time under the same stimulus; w generates the total number of times for the responseCounting;lthe number of bits in each response;
the proportion of the entropy source bits in the response is calculated as follows: the proportion of the entropy source bits in the response = the number of erroneous bits in the response/the total number of bits in the response;
the entropy source bit refers to a bit which has errors when the output result of the circuit under the super frequency is compared with the normal condition.
The ideal value of the stability is 100%, the ideal value of the proportion of the entropy source bits in the response is 50%, and the PUF response generated under the condition has good uniqueness and reliability.
3) CRP generation: when equipment authentication is needed, the chip is switched to the PUF mode, and PUF response is extracted based on the optimal frequency point.
Taking the DEC circuit as an example, a ciphertext of 256 × 13 × 3 bits thereof is input as a stimulus of the PUF, and a 256-bit decryption result at turbo frequency is output as a response of the PUF.
On the functional design of the final hardware circuit, the method is divided into two functional modes:
and the normal mode and the PUF mode, when the chip is in the normal mode, the frequency of a system clock is unchanged, the circuit normally functions at the moment, and when the chip executes the PUF function, the circuit is switched to the PUF mode. The system clock frequency is adjusted to the optimum frequency point mentioned above and then the PUF response is extracted. In this mode, the circuit output will only appear as a PUF response and will not interfere with the proper functioning of the circuit.
When equipment authentication is required, the chip is switched to a PUF mode, the frequency of a system clock is adjusted to be an optimal frequency point, 10 times of PUF responses are continuously extracted from the optimal frequency point, and the result with the largest occurrence number is taken as the final PUF response.
The above is only a preferred embodiment of the present invention, and the protection scope of the present invention is not limited to the above-mentioned embodiments, and all technical solutions belonging to the idea of the present invention belong to the protection scope of the present invention. It should be noted that modifications and embellishments within the scope of the invention may be made by those skilled in the art without departing from the principle of the invention.
Claims (9)
1. A software PUF configuration method based on a time sequence error of a DEC circuit in an over-frequency state is characterized by comprising the following steps:
1) Determining the system clock frequency FEF of a first error of a circuit output result in an over-frequency state of a DEC circuit system clock;
2) Setting a sampling interval, and calculating the stability and entropy source bit of the response based on FEF (field emission function), so as to determine the optimal frequency point for extracting the PUF response;
3) When equipment authentication is required, the circuit chip is switched to the PUF mode, and PUF response is extracted based on the optimal frequency point.
2. The method for configuring software PUF based on over-clocking DEC circuit timing error of claim 1, wherein 1) gradually increasing the system clock frequency of the DEC circuit until the output result of the circuit is in first error to obtain FEF.
3. The method for configuring the software PUF based on the timing error of the over-clocking DEC circuit in claim 2, wherein the DEC circuit is a DEC circuit in a post-quantum cryptography circuit, and when a 256-bit message output of the DEC circuit is a first error, the system clock frequency at that time is recorded as FEF.
4. The method for configuring software PUF based on over-clocking DEC circuit timing error as claimed in claim 1, wherein 2) the sampling interval is set according to the specific system clock frequency, FEF is used as the starting frequency point, the sampling frequency is continuously increased, the stability and entropy source bit of the generated response are calculated at each sampling frequency point until the frequency point that the proportion of the stability and entropy source bit in the response reaches the ideal value appears, and the frequency point is marked as the optimal frequency point.
5. The method for configuring the software PUF based on the over-clocking DEC circuit timing error of claim 4, wherein the stability is calculated by:
wherein Stability represents Stability and HD represents the Hamming distance between two responses;
under a certain ambient temperature and supply voltage condition,
and
representing responses generated by a certain PUF chip at the p-th time and the q-th time under the same stimulus; w is the total number of response generation;lthe number of bits in each response;
the proportion of the entropy source bits in the response is calculated as follows: the proportion of the entropy source bits in the response = the number of erroneous bits in the response/the total number of bits in the response;
the entropy source bit refers to a bit which is wrong compared with a normal condition when a circuit output result under the super frequency is obtained.
6. The method of claim 4, wherein the ideal stability value is 100% and the ideal proportion of entropy source bits in the response is 50%.
7. The software PUF configuration method based on the overclocking state DEC circuit timing error according to claim 1, wherein the DEC circuit is provided with a normal mode and a PUF mode;
when the circuit chip is in a normal mode, the frequency of a system clock is unchanged, and the circuit normally performs functions at the moment;
when the circuit chip performs a PUF function, it will switch to a PUF mode.
8. The software PUF configuration method based on over-clocking DEC circuit timing error of claim 7, wherein 3) during device authentication, the chip switches to PUF mode, the system clock frequency is adjusted to the optimal frequency point, n times of PUF responses are continuously extracted from the optimal frequency point, and the response result with the largest occurrence number is taken as the final PUF response.
9. The method for configuring the software PUF based on the over-clocking state DEC circuit timing error of claim 8, wherein n is 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211679452.8A CN115659886B (en) | 2022-12-27 | 2022-12-27 | Software PUF configuration method based on over-frequency state DEC circuit time sequence error |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211679452.8A CN115659886B (en) | 2022-12-27 | 2022-12-27 | Software PUF configuration method based on over-frequency state DEC circuit time sequence error |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115659886A true CN115659886A (en) | 2023-01-31 |
| CN115659886B CN115659886B (en) | 2023-04-07 |
Family
ID=85022770
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211679452.8A Active CN115659886B (en) | 2022-12-27 | 2022-12-27 | Software PUF configuration method based on over-frequency state DEC circuit time sequence error |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115659886B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760786A (en) * | 2016-02-06 | 2016-07-13 | 中国科学院计算技术研究所 | Strong PUF authentication method and system of CPU+FPGA integrated chip |
| CN110324141A (en) * | 2018-03-30 | 2019-10-11 | 恩智浦有限公司 | Resist physics unclonable function method corresponding with its of side channel attack |
| CN113268745A (en) * | 2021-04-12 | 2021-08-17 | 温州大学 | Soft PUF based on Camellia encryption algorithm |
-
2022
- 2022-12-27 CN CN202211679452.8A patent/CN115659886B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760786A (en) * | 2016-02-06 | 2016-07-13 | 中国科学院计算技术研究所 | Strong PUF authentication method and system of CPU+FPGA integrated chip |
| CN110324141A (en) * | 2018-03-30 | 2019-10-11 | 恩智浦有限公司 | Resist physics unclonable function method corresponding with its of side channel attack |
| CN113268745A (en) * | 2021-04-12 | 2021-08-17 | 温州大学 | Soft PUF based on Camellia encryption algorithm |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115659886B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Epstein et al. | Design and implementation of a true random number generator based on digital circuit artifacts | |
| US8938792B2 (en) | Device authentication using a physically unclonable functions based key generation system | |
| US10917251B2 (en) | Apparatus and method for generating hybrid static/dynamic entropy physically unclonable function | |
| US8285767B2 (en) | Apparatus and method for generating a random number | |
| Shimizu et al. | Glitch PUF: extracting information from usually unwanted glitches | |
| Yao et al. | ClockPUF: Physical Unclonable Functions based on clock networks | |
| Batabyal et al. | Design of a ring oscillator based PUF with enhanced challenge response pair and improved reliability | |
| CN112364391A (en) | Arbiter PUF reliable response screening system and bias control and response screening method thereof | |
| CN113835012A (en) | Timing error detection and correction circuit | |
| WO2021232255A1 (en) | True random number generator and electronic device | |
| Rajan et al. | Lightweight and Attack-resilient PUF for Internet of Things | |
| Zhu et al. | Counteracting leakage power analysis attack using random ring oscillators | |
| Singh et al. | Pa-puf: A novel priority arbiter puf | |
| CN115659886B (en) | Software PUF configuration method based on over-frequency state DEC circuit time sequence error | |
| Yang et al. | A low resource consumption Arbiter PUF improved switch component design for FPGA | |
| US20210286594A1 (en) | System, method and apparatus for race-condition true random number generator | |
| Cao et al. | A fully digital physical unclonable function based temperature sensor for secure remote sensing | |
| Gong et al. | Design and implementation of robust and low-cost SRAM PUF using PMOS and linear shift register extractor | |
| Shimada et al. | High-speed and energy-efficient crypto-processor for post-quantum cryptography CRYSTALS-Kyber | |
| Patel et al. | Creating a unique digital fingerprint using existing combinational logic | |
| Cheng et al. | Neural network-based entropy: A new metric for evaluating side-channel attacks | |
| CN111949242B (en) | Metastable true random number generator based on FPGA | |
| Wang et al. | Novel intrinsic physical unclonable function design for post-quantum cryptography | |
| CN113961171B (en) | Random signal generation device and physical unclonable function generation system | |
| Chauhan et al. | Novel placement bias for realizing highly reliable physical unclonable functions on FPGA |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |