KR20150051012A - Apparatus and method for generatiing encryption key of hardware using puf - Google Patents

Apparatus and method for generatiing encryption key of hardware using puf Download PDF

Info

Publication number
KR20150051012A
KR20150051012A KR1020130132371A KR20130132371A KR20150051012A KR 20150051012 A KR20150051012 A KR 20150051012A KR 1020130132371 A KR1020130132371 A KR 1020130132371A KR 20130132371 A KR20130132371 A KR 20130132371A KR 20150051012 A KR20150051012 A KR 20150051012A
Authority
KR
South Korea
Prior art keywords
puf
enable signal
encryption key
receiving
signal
Prior art date
Application number
KR1020130132371A
Other languages
Korean (ko)
Inventor
최용제
최두호
조현숙
Original Assignee
한국전자통신연구원
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 한국전자통신연구원 filed Critical 한국전자통신연구원
Priority to KR1020130132371A priority Critical patent/KR20150051012A/en
Publication of KR20150051012A publication Critical patent/KR20150051012A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Hall/Mr Elements (AREA)

Abstract

The present invention relates to an apparatus and method for generating an encryption key of hardware using a physically unclonable function (PUF) logic. The apparatus for generating the encryption key of the hardware using the PUF includes a ring oscillator unit which includes a plurality of ring oscillators and outputs the output signal of the ring oscillator according to input data, an XOR gate which outputs an XOR operation value with regard to the received output signals of the ring oscillators, a latch which receives the operation value of the XOR gate, monitors the operation value, and outputs an enable signal according to the result of the monitoring, and an encryption key generating unit which receives the enable signal and generates the encryption key by storing at least one output signal among the ring oscillators.

Description

[0001] APPARATUS AND METHOD FOR GENERATING ENCRYPTION KEY OF HARDWARE USING PUF [0002]

The present invention relates to an apparatus and method for generating a cryptographic key of hardware using Physically Unclonable Function (PUF) logic.

In order to prevent the key extraction due to physical attack, research and development are underway on the technology of implementing the logic such as the fingerprint with the digital circuit and using it as the cryptographic key without separately storing the cryptographic key.

As a representative technology of these technologies is PUF (Physically Unclonable Function), PUF, which is a copy protection technology of digital devices, has the same wire delay and gate delay This PUF can be implemented as a small gate logic and can easily generate a random output.

In addition, since the delay difference according to the process conditions is utilized, even if the PUF circuit is disclosed, there is an advantage that it is not easy to configure a circuit that outputs the same output as the disclosed PUF circuit.

As the PUF, there is a ring oscillator method using a delay loop and an arbiter-based PUF using a switching circuit.

FIG. 1 shows a ring oscillator-based PUF according to the related art. The ring oscillator method according to the related art has excellent random characteristics, but is difficult to use as a cryptographic key generation logic in a challenge-response protocol. There is a problem.

FIG. 2 is a diagram illustrating an Arbiter-based PUF according to the prior art. The conventional arbiter-based PUF is considered in a challenge-response protocol, There is a problem that it is difficult to newly update the response value.

In addition, although the PUF is advantageous in that it can prevent the copying of the cipher key by a small area circuit, there is a problem that the PUF outputs different values according to the driving environment due to the PUF characteristics. To solve this problem, the error correction technique is applied to the PUF There is a problem such as a circuit addition problem and a PUF random characteristic decrease.

SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above-mentioned problems, and it is an object of the present invention to provide a method and apparatus capable of maintaining a high stability even when a driving environment is changed, enabling application of a challenge- And a method of generating a hardware encryption key using the PUF capable of generating a new key even when a value is exposed.

A hardware encryption key generation apparatus using a PUF according to the present invention includes a ring oscillator unit including a plurality of ring oscillators for receiving input data and outputting a ring oscillation output signal according to input data, An XOR gate for receiving an input signal and outputting an XOR operation value for an output signal of a plurality of input ring oscillators, a latch for receiving an operation value of the XOR gate, monitoring an operation value, and outputting an enable signal according to a result of the monitoring And an encryption key generator for receiving an enable signal output from the latch and storing an output signal of at least one of the plurality of ring oscillators to generate an encryption key.

According to another aspect of the present invention, there is provided a method of generating a hardware encryption key using a PUF, the method comprising: receiving input data and a PUF enable signal; outputting a ring oscillation output signal in response to the received input data; A step of receiving a ring oscillation output signal and outputting an XOR operation value by performing an XOR operation on an input ring oscillation output signal; receiving a XOR operation value, monitoring a change in an XOR operation value, Outputting an enable signal according to a result of the comparison, and receiving an enable signal and storing a ring oscillation output signal according to the input enable signal to generate a cryptographic key.

An apparatus and method for generating a hardware encryption key using a PUF according to the present invention can perform a stable operation even when a driving environment is changed using a 2-path ring oscillator, -response) protocol or fixed cryptographic key generation are all possible.

In addition, according to the present invention, even if a challenge-response value is exposed, a new cryptographic key can be easily generated.

The effects of the present invention are not limited to those mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the following description.

1 shows a ring oscillator based PUF according to the prior art;
Figure 2 shows an arbiter-based PUF according to the prior art;
3 is a circuit diagram showing a hardware encryption key generating apparatus using a PUF according to the present invention.
4 is a flowchart illustrating a hardware encryption key generation method using a PUF according to the present invention.

Hereinafter, preferred embodiments of a hardware encryption key generating apparatus and method using the PUF according to the present invention will be described in detail with reference to the drawings. In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may make the subject matter of the present invention rather unclear.

3 is a circuit diagram showing a hardware encryption key generating apparatus using the PUF according to the present invention.

3, all blocks except the counter 500 of the hardware encryption key generating apparatus using the PUF according to the present invention and the gate 600 for generating the PUF cryptographic key generation completion signal (PUFdone) It is possible to extend the logic to generate n-bit keys, as shown in the circuit diagram shown in Fig. 3, and in the following, in order to facilitate understanding of the invention in the description of the invention A hardware encryption key generating apparatus using a PUF that generates a bit of a key will be described as an example.

3, a hardware encryption key generation apparatus using a PUF according to the present invention includes a plurality of ring oscillators for receiving input data, a ring oscillator unit 100 for outputting a ring oscillation output signal according to the input data, An XOR gate 200 receiving an output signal of the ring oscillator 100 and outputting an XOR operation value to the output signals of the plurality of input ring oscillators; Receives an enable signal outputted from a latch (300) and a latch (300) that receives an input signal, monitors an operation value, and outputs an enable signal according to a result of monitoring, and outputs at least any one of output signals And an encryption key generating unit 400 for generating an encryption key.

At this time, the ring oscillator unit 100 receives the PUF enable signal PUFen and outputs a ring oscillation output signal in accordance with the received PUF enable signal. The hardware oscillation key generator 100, which uses the PUF according to the present invention, Performs the PUF operation only when the PUF enable signal is '1'.

In this case, the input data (DataIn) is data for inputting an initial value for the PUF operation of the hardware encryption key generating apparatus using the PUF according to the present invention. According to one embodiment, the input data (DataIn) Value, and according to another embodiment, only the hardware encryption key generation is performed instead of the challenge-response method, and the initial value for the PUF operation is set to '0' or '1'.

The input initial value is 0 or 1, and the ring oscillator operation is performed through the OR gate or the ring oscillator operation is performed through the AND gate. The NOT gate front end of the ring oscillator logic constituting the ring oscillator unit 100 The multiplexer (MUX) located at the output terminal is controlled by the PUF enable signal PUFen so as not to perform the oscillation operation when the PUF operation is not performed.

The hardware cryptographic key generation apparatus using the PUF according to the present invention includes a plurality of the same ring oscillators implemented in parallel and a plurality of the same gate oscillators based on a gate, and the ring oscillator logic generated in the implementation includes a ring oscillator The logic performs different operations, and uses the difference between these ring oscillator logic to generate a cryptographic key.

At this time, the XOR gate 200 performs an XOR operation on the output value of the logic constituting the ring oscillator unit 100, uses the XOR operation value as a clock signal of the latch 300, The XOR output of the XOR gate 200 repeats '1' and '0'.

At this time, the hardware encryption key generation apparatus using the PUF according to the present invention receives the count value CNT and the PUF enable signal PUFen, counts the input PUF enable signal based on the count value, (500).

When the PUF enable signal is applied, the counter 500 counts the input CNT value and outputs a PUF enable signal. The XOR gate 200 outputs the calculated value to the PUF And operates as a clock of the latch 300 when the enable signal becomes '1'.

According to the present invention, the value of the instant when the output of the counter 500 becomes '1' and the operation value output by the XOR gate 200 becomes '1' is stored as the encryption key, The operation value of the gate 200 is used as a clock signal, and when the XOR operation value and the enable signal output from the counter 500 are '1', the enable signal is outputted.

At this time, the latch 300 outputs the enable signal En0 at the moment when the operation value output from the XOR gate 200 changes from '0' to '1' as '1'.

When using the counter 500 according to the present invention and adopting a challenge-response scheme according to one embodiment, even if the cryptographic key is exposed at any challenge value, A new encryption key can be generated.

The enable signal of the latch 300 according to the present invention is used as a clock signal of the cryptographic key generation unit 400 and the cryptographic key generation unit 400 receives the enable signal output from the latch 300 And stores the output of one of the ring oscillator logic to generate a cryptographic key.

In addition, the hardware encryption key generation apparatus using the PUF according to the present invention may include a gate for receiving an enable signal output from the latch 300, calculating an input enable signal, and outputting a PUF encryption key generation completion signal (PUFdone) (600), and the PUF cryptographic key generation completion signal output gate 600 is an AND gate.

3, the logic for generating a one-bit cryptographic key can be expanded, and an n-bit cryptographic key can be generated according to logic expansion. The enable signal En0 is (PUFdone) for confirming completion of generation in the PUF encryption can be generated by performing AND operation with other enable signals En1, En2, and the like.

The hardware encryption key generating apparatus using the PUF according to the present invention can operate stably even if the driving environment of the ring oscillator logic is changed. In the case of adopting the phrase-response method, the logic operates according to the challenge value, A response protocol can be applied, and a fixed encryption key generation is also possible.

Further, in the case of employing the phrase-response method, even when the phrase-response value is exposed, a new cryptographic key can be obtained easily by changing the count value.

4 is a flowchart illustrating a method of generating a hardware encryption key using the PUF according to the present invention.

Referring to FIG. 4, a method of generating a hardware encryption key using a PUF according to the present invention includes receiving input data and a PUF enable signal (S100), and oscillating the ring oscillator logic according to the received input data (S200) of outputting a ring oscillation output signal, a step (S300) of receiving a ring oscillation output signal, performing an XOR operation on the input ring oscillation output signal and outputting an XOR operation value (S400) for receiving an XOR operation value, monitoring a change of the XOR operation value, and outputting an enable signal according to a result of the monitoring operation (S400); and receiving an enable signal and outputting a ring oscillation And generating an encryption key by storing the output signal (S500).

At this time, the step S400 of outputting the enable signal uses the input XOR operation value as a clock signal, and when the PUF enable signal outputted after counting based on the preset count value CNT is' 1 ', The input XOR operation value is used as a clock signal.

Also, in the hardware encryption key generation method using the PUF according to the present invention, the output enable signal is received according to the XOR operation value monitoring, and the enable signal is generated to generate and output the PUF cryptographic key generation completion signal PUFdone It is preferable to further include step S600.

At this time, the input data (DataIn) received in the step S100 of receiving the input data and the PUF enable signal is data for inputting an initial value of the PUF operation, and a hardware encryption key generating method using the PUF according to the present invention A challenge value is input as the input data DataIn when a challenge-response method is applied, and a hardware encryption key generating method using the PUF according to the present invention is simply applied to the hardware The initial value of the PUF operation is set to '0' or '1' by the input data DataIn.

In addition, the hardware encryption key generation method using the PUF according to the present invention performs the PUF operation when the PUF enable signal received in step S100 receiving the input data and the PUF enable signal is '1' When the enable signal is not '1', the ring oscillation operation is not performed.

In the step S400 of outputting the enable signal, since the enable signal is outputted after counting by the preset count value CNT, even when the encryption key is exposed in the case of applying the phrase-response method, A new cryptographic key can be easily generated by changing the CNT.

The step S600 of generating the PUF cryptographic key generation completion signal includes a plurality of enable signals generated due to the operations of the ring oscillator unit 100, the XOR gate 200, the counter 500 and the latch 300 Generates and outputs a PUF cryptographic key generation completion signal PUFdone, which is a signal for confirming whether the generation of the PUF cryptographic key is completed by performing an AND operation on the input enable signal.

The embodiments of the present invention have been described above. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

100: Ring oscillator part 200: XOR gate
300: latch 400: cryptographic key generator
500: Counter 600: Cryptographic key generation completion signal output gate

Claims (9)

A ring oscillator unit including a plurality of ring oscillators for receiving input data and outputting a ring oscillation output signal according to the input data;
An XOR gate receiving an output signal of the ring oscillator and outputting an XOR operation value of an output signal of the ring oscillator;
A latch for receiving an operation value of the XOR gate, monitoring the operation value, and outputting an enable signal according to a result of the monitoring; And
An encryption key generation unit for receiving an enable signal output from the latch and storing an output signal of at least one of the plurality of ring oscillators to generate an encryption key,
Wherein the PUF includes a PUF.
2. The ring oscillator of claim 1,
Receiving a PUF (Physically Unclonable Function) enable signal, and outputting the ring oscillation output signal in accordance with the PUF enable signal
A hardware encryption key generation device using the PUF.
2. The ring oscillator of claim 1,
Receiving said input data including a challenge;
A hardware encryption key generation device using the PUF.
3. The method of claim 2,
A counter for counting the input PUF enable signal based on the count value and outputting the count value and the PUF enable signal,
Wherein the PUF further comprises a PUF.
5. The apparatus of claim 4, wherein the latch
Using the computed value of the input XOR gate as a clock signal and outputting the enable signal when the XOR operation value and the enable signal output from the counter are high signals
A hardware encryption key generation device using the PUF.
The method according to claim 1,
A gate for receiving an enable signal outputted by the latch, computing a PUF cipher key generation completion signal by calculating the input enable signal,
Wherein the PUF further comprises a PUF.
Receiving input data and a PUF enable signal;
Performing ring oscillation according to the received input data and outputting the ring oscillation output signal;
Receiving the ring oscillation output signal and performing an XOR operation on the input ring oscillation output signal to output an XOR operation value;
Receiving the XOR operation value, monitoring a change of the XOR operation value, and outputting an enable signal according to a result of the monitoring; And
Receiving the enable signal and generating the encryption key by storing the ring oscillation output signal according to the input enable signal
The method comprising the steps of:
8. The method of claim 7, wherein outputting the enable signal comprises:
Using the input XOR operation value as a clock signal and using the input XOR operation value as a clock signal when the PUF enable signal outputted after counting is a high signal based on a predetermined count value
A method of generating a hardware encryption key using a PUF.
8. The method of claim 7,
Receiving an output enable signal according to a result of monitoring the XOR operation value, and calculating an enable signal to generate a PUF cryptographic key generation completion signal
The method comprising the steps of:
KR1020130132371A 2013-11-01 2013-11-01 Apparatus and method for generatiing encryption key of hardware using puf KR20150051012A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020130132371A KR20150051012A (en) 2013-11-01 2013-11-01 Apparatus and method for generatiing encryption key of hardware using puf

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020130132371A KR20150051012A (en) 2013-11-01 2013-11-01 Apparatus and method for generatiing encryption key of hardware using puf

Publications (1)

Publication Number Publication Date
KR20150051012A true KR20150051012A (en) 2015-05-11

Family

ID=53388626

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020130132371A KR20150051012A (en) 2013-11-01 2013-11-01 Apparatus and method for generatiing encryption key of hardware using puf

Country Status (1)

Country Link
KR (1) KR20150051012A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106372539A (en) * 2016-08-31 2017-02-01 电子科技大学 Frequency-variable ring oscillator PUF (Physical Unclonable Function) circuit
KR20200057531A (en) * 2018-11-16 2020-05-26 한국전자통신연구원 Apparatus for generating secure information based on ring oscillator architecture and method for the same
WO2021150082A1 (en) * 2020-01-23 2021-07-29 주식회사 피에스디엘 Security device and security program

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106372539A (en) * 2016-08-31 2017-02-01 电子科技大学 Frequency-variable ring oscillator PUF (Physical Unclonable Function) circuit
CN106372539B (en) * 2016-08-31 2019-12-03 电子科技大学 Frequency conversion ring oscillator PUF circuit and its control method
KR20200057531A (en) * 2018-11-16 2020-05-26 한국전자통신연구원 Apparatus for generating secure information based on ring oscillator architecture and method for the same
WO2021150082A1 (en) * 2020-01-23 2021-07-29 주식회사 피에스디엘 Security device and security program

Similar Documents

Publication Publication Date Title
US8750502B2 (en) System on chip and method for cryptography using a physically unclonable function
KR101370231B1 (en) Bit sequence generation device and bit sequence generation method
CN111492616B (en) Configurable device for lattice-based cryptography
JP5863994B2 (en) Integrated security device and signal processing method used for integrated security device
KR101987141B1 (en) Random number generator
US10411889B2 (en) Chaotic-based synchronization for secure network communications
CN111052670B (en) Encryption device, decryption device, encryption method, decryption method, and computer-readable storage medium
US11190354B2 (en) Randomness verification system and method of verifying randomness
KR20150051012A (en) Apparatus and method for generatiing encryption key of hardware using puf
JP6287785B2 (en) Cryptographic processing apparatus, cryptographic processing method, and program
US11895230B2 (en) Information processing apparatus, secure computation method, and program
US11165758B2 (en) Keystream generation using media data
JP2018506101A (en) Clock generator and processor system
US11177936B2 (en) Message authenticator generation apparatus
JP2016025532A (en) Communication system, communication apparatus and communication method
KR101925787B1 (en) Method and Apparatus for Securing the Continuity of Random Numbers after Von Neumann Post-processing
KR101649996B1 (en) threshold clock controlled random password generator
JP2018098757A (en) Communication apparatus and cryptographic processing system
US20160380766A1 (en) Encryption system with a generator of one-time keys and a method for generating one time-keys
JP2019015916A (en) Authentication cryptosystem with additional data, encryption device, decryption device, method and program for authentication encryption with additional data
EP4221072A1 (en) System and method for flexible post-quantum trust provisioning and updating
Siddavaatam et al. A novel architecture with scalable security having expandable computational complexity for stream ciphers
Hulle et al. High Performance Architecture for LILI-II Stream Cipher
JP2013167740A (en) Encryption device, encryption method, and encryption program
JP2019015914A (en) Authentication cryptosystem with additional data, encryption device, decryption device, method and program for authentication encryption with additional data

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination