KR20180133642A - DATA TRANSFER METHOD USING PRIVATE KEY BASED ON PUBLIC PHYSICALLY UNCLONABLE FUNCTION, IoT COMMUNICATION SYSTEM AND IoT DEVICE - Google Patents

Abstract

A data transmission method using an adaptive private key based on a public physically unclonable function (PPUF) comprises: a step where a transmitter repeats a process of using a delay property of any public physically unclonable function (PPUF) to determine a response value outputted at a reference time after a first and a second challenge value are inputted to determine a first challenge set including a plurality of first challenge values and a response set including a plurality of responses; a step where the transmitter transmits information including the reference time and the response set, and transmits data encoded by using a private key generated by using the plurality of first challenge values; a step where the transmitter receives the information, and repeats a process of determining a specific second challenge value for outputting the response values at the reference time from a challenge value input time by a PPUF circuit having the delay property with respect to all response values included in the response set to determine a second challenge set including a plurality of second challenge values; and a step where the transmitter uses a private key generated by using the plurality of second challenge values to decode the encoded data.

Description

Technical Field [0001] The present invention relates to a data transfer method, an IoT communication system, and an IoT device using an adaptive secret key based on PPUF, a data transfer method using an adaptive secret key based on PPUF,

The technique described below relates to a data transmission technique using an adaptive length secret key.

Security in the field of communications is a very important issue. There are various approaches, but basically there is a technique of encrypting and transmitting data. The main purpose is to make it difficult for an attacker to decrypt or tamper with encrypted data.

Security technology is attracting attention in the field of IoT recently attracting attention. Especially, it is necessary to develop effective security technology for IoT devices with limited energy.

Korean Patent Publication No. 10-2017-0047965

The technique described below is intended to provide a data transmission technique using PPUF (Public Physically Unclonable Function). The technique described below is intended to provide a transmission scheme using a secret key having a variable length in consideration of the available energy of the apparatus.

A data transmission method using an adaptive secret key based on PPUF is a method in which a transmitter uses a delay characteristic of a PPUF (Public Physically Unclonable Function) to generate a first challenge value and a response that is output at a reference time after the first challenge value is input Determining a response set including a first set of challenges and a plurality of responses including a plurality of first challenge values, determining whether the response includes the reference time and the information including the set of responses Transmitting the encrypted data using the secret key generated by using the plurality of first challenge values, receiving, by the receiver, the received information, and transmitting, for each of the response values included in the response set, The PPUF circuit having the delay characteristic outputs the respective response values at the reference time from the input of the challenge value Determining a second challenge set including a plurality of second challenge values by repeating the process of determining a specific second challenge value, and determining whether the receiver uses the secret key generated using the plurality of second challenge values And decrypting the encrypted data.

An IoT communication system using an adaptive secret key based on PPUF uses an initial challenge value, a plurality of first challenge values and a first challenge value after inputting each of the first challenge value and the second challenge value using a delay characteristic of a Public Physically Unclonable Function (PPUF) And transmits the encrypted data using the initial challenge value, the reference time, the plurality of response values, and the secret key generated using the plurality of first challenge values The PPUF circuit receiving the initial challenge value, the reference time, the plurality of response values, and the data, and having the delay characteristic for each of the plurality of response values, Determining a specific second challenge value for outputting the second challenge value, and using a secret key generated using the plurality of second challenge values Received and the one including carcinogenesis Chemistry IoT device that decodes the data.

The IoT device includes a communication circuit for receiving an initial challenge value, a reference time, a plurality of response values, and encrypted data from a transmitting node, a PPUF circuit composed of a plurality of XOR gates, and an initial challenge value for each of the plurality of response values Selecting a specific value among all possible challenge values in a state where a predetermined time has elapsed after inputting to the PPUF circuit, and inputting the selected value to the PPUF circuit; and repeating the process of inputting the currently selected response value And a control circuit for determining a second challenge value to output the second challenge value.

The techniques described below provide a data transmission scheme or authentication scheme that can be efficiently applied to IoT devices with limited resources and energy.

Figure 1 is an example of the operation of an arbiter PUF.
2 is an example of structure and delay information of a public PUF.
3 is an example of a block diagram for a data transmission system based on PPUF.
4 is an example of a procedure flow chart for a data transmission process based on PPUF.
5 is another example of a block diagram for a data transmission system based on PUF.
6 is another example of a procedure flow chart for a data transmission process based on PPUF.
7 shows an example of a data transmission system based on PPUF.

The following description is intended to illustrate and describe specific embodiments in the drawings, since various changes may be made and the embodiments may have various embodiments. However, it should be understood that the following description does not limit the specific embodiments, but includes all changes, equivalents, and alternatives falling within the spirit and scope of the following description.

The terms first, second, A, B, etc., may be used to describe various components, but the components are not limited by the terms, but may be used to distinguish one component from another . For example, without departing from the scope of the following description, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component. And / or < / RTI > includes any combination of a plurality of related listed items or any of a plurality of related listed items.

As used herein, the singular " include " should be understood to include a plurality of representations unless the context clearly dictates otherwise, and the terms " comprises & , Parts or combinations thereof, and does not preclude the presence or addition of one or more other features, integers, steps, components, components, or combinations thereof.

Before describing the drawings in detail, it is to be clarified that the division of constituent parts in this specification is merely a division by main functions of each constituent part. That is, two or more constituent parts to be described below may be combined into one constituent part, or one constituent part may be divided into two or more functions according to functions that are more subdivided. In addition, each of the constituent units described below may additionally perform some or all of the functions of other constituent units in addition to the main functions of the constituent units themselves, and that some of the main functions, And may be carried out in a dedicated manner.

Also, in performing a method or an operation method, each of the processes constituting the method may take place differently from the stated order unless clearly specified in the context. That is, each process may occur in the same order as described, may be performed substantially concurrently, or may be performed in the opposite order.

The techniques described below relate to techniques for performing authentication in an IoT system based on PUF technology. The technique described below relates to a technique for performing message authentication in an IoT device using a key generated based on PUF technology. The technique described below relates to a technique for performing message authentication in an IoT device using a key having an adaptive length in consideration of the processing capability of the device.

First, I will explain PUF technology. In semiconductor circuits, oxide thickness difference, threshold voltage difference, electrostatic capacitance difference, etc. may occur during the manufacturing process. The PUF circuit is a circuit that can judge whether or not it is replicated based on the physical unique characteristic that shows slight difference in the operation of the cones due to the minute process variation of the semiconductor process. Figure 1 is an example of the operation of an arbiter PUF. The arbiter PUF of FIG. 1 uses the difference in the fine operation delay time between the upper signal and the lower signal. Of course, the arbiter PUF may have a circuit configuration different from that of FIG.

The challenge is a value input to the configuration of the PUF circuit, and the response is an output value of the PUF circuit for the challenge applied. Even if the same challenge is input to the plurality of PUF circuits, the plurality of PUF circuits output different output values (Responses) due to inherent delay characteristics of each PUF circuit. Thus, each device can be identified or authenticated using the hardware characteristics of each PUF circuit.

2 is an example of structure and delay information of a public PUF. The public PUF (hereinafter referred to as PPUF) is a modification of the arbiter PUF in Fig.

2 (a) shows an example of a circuit constituting the PPUF. Of course, the PPUF may have a configuration different from that of FIG. 2 (a). Figure 2 (a) shows a PPUF composed of six XOR gates. Referring to FIG. 2 (a), three XOR gates are formed in two columns. The PPUF in Fig. 2 (a) is an example in which the height h is 3 and the width w is 2. XOR gates A and B receive two input values (input 1 and input 2), respectively. In FIG. 2 (a), assume that a value input to the left side of the XOR gate is input 1 and a value input to the right side is input 2. The XOR gates C and D receive the output values of the XOR gates A and B as two input values, respectively. The XOR gates E and F receive the output values of the XOR gates C and D as two input values, respectively. The XOR gate has a certain state transition when a new input value is input. The output value of the XOR gate itself may be changed according to the input value or may be maintained as it is. Depending on the height of the XOR gate constituting the PPUF, the state transition at the consecutive XOR gate increases exponentially. According to one initial input value, a state transition of 2 × 2 ^h can occur when the initial input value is changed in the PPUF having a width w of 2 and a height of ^h .

The time at which the signal input from the XOR gate is output is called the delay time. Different XOR gates may each have a unique delay time. That is, each XOR gate has a unique delay characteristic. 2 (b) is a table showing delay characteristics for PPUF in Fig. 2 (a). The delay characteristic for each XOR gate was used in ps unit time. For example, XOR gate A has a delay time of 7.7 for input 1 and a delay time of 9.5 for input 2. XOR gate B has a delay time of 8.3 for input 1 and a delay time of 10.5 for input 2. XOR gate C has a delay time of 12.4 for input 1 and a delay time of 8.3 for input 2.

The PPUF shown in Fig. 2 (a) has a challenge input to the XOR gates A and B. For example, a challenge of x ₀ = "10" (input 1: 1, input 2: 0) is input to A and B, and when a predetermined time elapses, a response value y ₀ = "00" . It is assumed that a response value y ₀ = "00" state is stable (steady-state) the state in which the output. Of course, the response value output in the stabilized state may be a specific value other than " 00 ". The stabilization state is a specific initial value which can confirm that the output value is changed in the future.

When the challenge is changed to x ₁ = "01" (input 1: 0, input 2: 1) at a certain time t = 0 in the stabilized state, the XOR gate A outputs "1" To 0 (at this time, only the input 1 is reflected and the input value is the same as " 00 "). At time t = 9.5, XOR gate A outputs a value of '1' (because the new input value is reflected at this point). That is, the XOR gate A generates a state transition at t = 7.7 and t = 9.5. In this way, the XOR gate B has a state transition at t = 8.3 and t = 10.5. Through such a series of consecutive XOR gates, the information whose input values change over time can be determined.

Then the XOR gate located in the upper row will have state transition more time. For example, the XOR gate C receives the output value of the XOR gate A as the input 1 and receives the output value of the XOR gate B as the input 2. As described above, the XOR gate A and the XOR gate B have two state transitions (two output values) with respect to x1 = " 01 " inputted at time t = 0 according to the passage of time. As a result, the XOR gate C receives two inputs 1 and receives two inputs 2 in accordance with the passage of time. In this case, the XOR gate C can output four different output values according to the time. Specifically, the XOR gate C has a state transition at t = 16.6, 18.8, 20.1 and 21.9. This is a result of combining the times at which the output values of the XOR gate A and the XOR gate B are changed. That is, in the case of the input 1, the output value is changed (ie, t = 20.1 and 21.9) to the basic delay time of the input XOR gate C of 12.4 + 12.4 times the output value change point of the XOR gate A (7.7 and 9.5). In the case of input 2, the output value is changed (ie, t = 16.6 and 18.8) to the input 2 default delay time 8.3 + XOR gate B's output value change point (8.3 and 10.5). In this way, the XOR gate located in the upper column undergoes a lot of state transition with exponentially higher heights.

As described above, the inherent PPUFs have different delay characteristics. It can be used for authentication for communication using the delay characteristic specific to the individual PPUF. Communication is a technique that eventually delivers a specific message. For convenience of explanation, hereinafter, a device for transmitting a specific message is referred to as a transmitter, and a device for receiving a message transmitted by a transmitter is referred to as a receiver. The receiver authenticates whether the received message is a message transmitted by the actual transmitter. The communication system assumes an example in which authentication is performed using a public key and a private key. The public key is the above-described PPUF-specific delay information. For example, the delay table shown in Fig. 2 (b) can be used as a public key.

Basic authentication protocol based on PPUF

The message transfer protocol is briefly described first. The transmitter determines x ₀ , x ₁ and t ₁ . As described above, x ₀ is an input value that causes the PPUF to reach the stabilization state after a certain time. x ₁ is an input value that brings the state transition in the stabilized state. Assuming that t = 0 when x ₁ is input, t ₁ is the time when PPUF outputs y ₁ output after input. The transmitter can determine the output value y ₁ and sends a ₀ x, y ₁ and t ₁ for determining an output value y _1. The receiver can determine a particular input value x ₁ by receiving x ₀ , y _1, and t ₁ . That is, x ₁ corresponds to a secret key for message authentication. To do this, the transmitter and the receiver must share the delay information of a particular PPUF. Therefore, the delay information of a specific PPUF is used as a public key.

It is assumed that one device (e.g., receiver) has a physical PUF and the other device (e.g., transmitter) uses a module (PPUF module) that implements a physical PPUF in a software manner.

3 is an example of a block diagram for a data transmission system 100 based on PPUF. The system 100 includes a transmitter 110 and a receiver 150. In FIG. 3, a pair of a transmitter 110 and a receiver 150 are shown for convenience of explanation. As described above, the transmitter 110 and the receiver 150 share a PPUF performing the same operation. In FIG. 3, the transmitter 110 uses a software PPUF module and the receiver 150 uses a physical PPUF circuit.

Transmitter 110 uses a software PPUF module. This is called the PPUF simulation module. The PPUF simulation module outputs the response output at a specific time when a certain challenge is input using the delay information of the physical PPUF circuit in the receiver 150. [

The transmitter 110 includes a control circuit 111, a storage device 112, and a communication circuit 113. The control circuit 111 is a device for controlling the operation of the transmitter 110. [ The control circuit 110 may be constituted by a central processing unit such as a CPU and a memory for storing control commands. The storage device 112 stores software for PPUF simulation. The control circuit 110 drives the software stored in the storage device 112 to determine the initial input value x ₀ , the challenge x ₁ , the constant time t _1, and the response y ₁ output at the time t ₁ after the challenge input. As described above, the challenge x ₁ corresponds to the secret key. The control circuit 110 encrypts the specific data using the challenge x ₁ . It is assumed that specific data is provided in advance. Various algorithms using secret keys can be used for the data encryption method. Transmitter 110 transmits (x ₀ , y ₁ , t ₁ ) and encrypted data D via communication circuitry 113. The communication circuit 113 may be composed of an antenna, a communication module, and the like.

Receiver 150 uses the physical PPUF circuitry to determine challenge x ₁ , which is a secret key. The receiver 150 determines the challenge x ₁ using the received information (x ₀ , y ₁ , t ₁ ).

The receiver 150 includes a control circuit 151, a PPUF circuit 152, a storage device 153 and a communication circuit 154. The control circuit 151 is a circuit for controlling the operation of the receiver 150. The PPUF circuit 152 refers to a physical specific PPUF as described above. The storage device 153 stores software for decrypting the secret key using the PPUF circuit 152. [ The storage device 153 may also store the received information and the decoded data. The communication circuit 154 receives certain information from the transmitter 110.

The receiver 150 determines the challenge x ₁ using (x ₀ , y ₁ , t ₁ ). Receiver 150 determines a challenge x ₁ to output the response y ₁ after time t ₁ among all possible challenge candidates. At this time, the challenge candidate may include all possible challenges except the basic input value x ₀ . The challenge candidate is determined by the width of the PPUF. For example, if the width of the PPUF is 2, all the challenge candidates are four (2 ² ). Except for the existing input values, the challenge candidates are three challenges.

Receiver 150 selects any challenge in the challenge set, inputs the challenge selected in the stabilization state to PPUF circuit 152, and confirms the response output after time t ₁ after the selected challenge is input. The receiver 150 determines the currently selected challenge as the secret key x ₁ when the response output after time t ₁ after the selected specific challenge is y ₁ is y ₁ .

On the other hand, even if the attacker who can not use the PPUF circuit 152 in the receiver 150 knows the delay information of the PPUF, the time for deciphering the secret key and decrypting the data takes much longer than the receiver 150. Therefore, the receiver 150 can use the longest time required for deciding the secret key and decrypting the data as the time limit. For example, the receiver 150 recognizes and processes only data decoded within a time limit from the time the message arrives as normal data. The time limit may be set based on the time the transmitter 110 sent the message.

As described above, the PPUF circuit may have different height and width. For example, if the width of the PPUF circuit is w, the input value x, which is basically input, has w digits, and the output value y has w digits. Finally, w corresponds to the length of the secret key.

Figure 3 illustrates a system where the transmitter 110 uses a software PPUF simulation module and the receiver 150 uses physical PPUF circuitry. In some cases, the transmitter 110 may use a physical PPUF circuit, and the receiver 150 may use a software PPUF simulation module.

FIG. 4 is an example of a procedure flow chart for the PPUF-based data transmission process 200. FIG. Transmitter 110 first generates a secret key for data encryption (201). The transmitter 110 selects the initial input value x ₀ and the specific time t ₁ (1). The transmitter 110 inputs the initial input value x ₀ to the PPUF (software module or hardware circuit) and waits for a predetermined time (entering the stabilization state). Transmitter 110 selects a particular challenge x ₁ from possible challenges (2). The transmitter 110 inputs the challenge x ₁ to the PPUF in the stabilized state to determine the response y ₁ output after the time t ₁ (3).

The transmitter 110 encrypts the data (data) to be transmitted using the challenge x ₁ as a secret key (202). One of various algorithms can be used to encrypt the secret key. However, the encryption method used in the transmitter 110 and the decryption method used in the receiver 150 must correspond to each other.

The transmitter 110 transmits (x ₀ , y ₁ , t ₁ ) among the information determined by the transmitter 110 (211). The transmitter 110 transmits the encrypted data D (211). Transmitter 110 may transmit (x ₀ , y ₁ , t ₁ ) and D simultaneously.

The receiver 150 first determines the secret key using the received information (221). The receiver 150 inputs the received initial input value x ₁ in PPUF and waits for a predetermined time elapse (1). It is assumed that the time to reach the stabilization state after the initial input value x ₁ is pre-shared time. Or the time when the transmitter 110 is in a stabilized state, to the receiver 150. Receiver 150 selects a particular challenge among all possible challenges, confirms the response at time t ₁ after entering the selected challenge. After the challenge is input, the receiver 150 determines the currently selected challenge as a secret key when the response y ₁ is output at time t ₁ (2).

Thereafter, the receiver 150 decrypts the encrypted data D using the determined secret key x ₁ (222).

As described above, the communication system can set a time limit for legitimate data processing. For example, the receiver 150 can process the decoded data as legitimate data only when the data is decoded within a predetermined time limit from when the message is received. Alternatively, the receiver 150 can process the decoded data as legitimate data only when the transmitter 110 decodes the data within a predetermined time limit from when the message is transmitted.

Meanwhile, the receiver 150 may transmit the decoded data to the transmitter 110. When the transmitter 110 receives data decoded from the receiver 150 within a time limit, the receiver 150 can be authenticated with a legitimate receiver. The transmitter 110 may then further transmit the encrypted data to the receiver 150 in the same manner. The time limit can be appropriately set considering the performance of the system, the length of the secret key, and the like.

Authentication protocol using a key composed of a plurality of challenge values

5 is another example of a block diagram for a data transmission system 300 based on PUF. The data transmission system 300 of FIG. 5 uses a plurality of challenge values as secret keys, unlike the system 100 of FIG. In FIG. 5, a pair of a transmitter 510 and a receiver 550 are shown for convenience of explanation. As described above, the transmitter 510 and the receiver 550 share a PPUF performing the same operation. In FIG. 5, the transmitter 510 uses a software PPUF module, and the receiver 550 uses a physical PPUF circuit.

In the data transmission system 300, the secret key may be composed of a plurality of challenge values. The process of determining the challenge to be used as the secret key by the transmitter 310 may be repeated m times to determine a plurality of challenges. The transmitter 310 determines a plurality of challenges x = {x ₁ , x ₂ , ..., x _m }. x represents a challenge set. The transmitter 310 determines a response output at a specific time t after each challenge is input in the stabilized state. The transmitter 310 determines the response _{y = {y 1, y 2} , ... y m}. y denotes a set of responses according to each challenge contained in the challenge set x.

The transmitter 310 may concatenate the determined challenge to generate a secret key X. Transmitter 310 can generate X by combining x ₁ , x ₂ , ..., x _{m in} that order. In this case, X is a single binary string connecting the challenge (a specific binary string). Further, the transmitter 310 may generate the X by selecting the challenge in any order or in a particular order in x. Meanwhile, the criterion by which the transmitter 310 generates X should be shared with the receiver 350.

As described above, the PPUF circuit may have different height and width. For example, if the width of the PPUF circuit is w, basically the challenge input has w digits and the response has w digits. Thus, if one challenge has w digits and the secret key X uses all challenge sets, the length of the secret key is w x m.

The transmitter 110 encrypts the data using the combined secret key X. Transmitter 310 transmits the input initial values _{x0, y = {y 1,} y 2, ... y m}, a particular time t. Transmitter 310 also transmits data encrypted with X. Also, in some cases, the transmitter 310 may further send information about the rules for generating the secret key X in the challenge set.

The transmitter 510 uses a PPUF simulation module. The PPUF simulation module outputs the response output at a specific time when a certain challenge is input using the delay information of the physical PPUF circuit in the receiver 550. [ Therefore, the PPUF simulation module should be prepared in advance based on the information about the characteristics of the physical PPUF circuit.

The transmitter 510 includes a control circuit 511, a storage device 512 and a communication circuit 513. The control circuit 511 is a device for controlling the operation of the transmitter 510. [ The control circuit 510 may be composed of a central processing unit such as a CPU and a memory for storing control commands. The storage device 512 stores software for PPUF simulation. The control circuit 510 drives the software stored in the storage device 512 to determine the initial input value x ₀ , the challenge set x, the constant time t, and the response set y output at time t after the challenge input. The control circuit 110 encrypts the specific data using the secret key X generated using the challenge set x. It is assumed that specific data is provided in advance. Various algorithms using secret keys can be used for the data encryption method. The transmitter 110 transmits (x ₀ , y, t) and the encrypted data D via the communication circuit 113. The communication circuit 113 may be composed of an antenna, a communication module, and the like.

The receiver 350 first determines a plurality of challenges constituting the secret key using the received information. Receiver 350 determines a challenge set x 'to output each response included in response set y. The receiver 350 repeats the process of determining the challenge for each response included in the response set y to determine the challenge set x '. The challenge set x 'is a value constituting a secret key for decrypting the data D. Receiver 350 decides secret key X using challenge set x 'and decrypts data D using secret key X.

The rules for constructing the secret key can be defined as the order (x ' _i ) of the challenges contained in the challenge set x' and the order of placement (X _i ) of each challenge in the secret key. The rules for constructing the secret key may be a table that matches x ' _i and X _i . Or the secret key may be a function that receives the input value x ' _i and outputs the output value X _i . The transmitter 310 and the receiver 350 must share this rule. The transmitter 310 and the receiver 350 may respectively store data corresponding to the rules. Or may transmit the rule to the receiver 350 in the process of transmitting the encrypted data D by the transmitter 310.

Receiver 350 uses the physical PPUF circuitry to determine the challenge set x that constitutes the secret key X. The receiver 150 determines the challenge set x using the received information (x ₀ , y, t).

The receiver 350 includes a control circuit 351, a PPUF circuit 352, a storage device 353 and a communication circuit 354. The control circuit 351 is a circuit for controlling the operation of the receiver 350. PPUF circuit 352 means a specific PPUF that is physical as described above. The storage device 353 stores software for decrypting the secret key using the PPUF circuit 352. The storage device 353 can also store the received information and the decoded data. The communication circuit 354 receives certain information from the transmitter 310.

The control circuit 351 determines the challenge set x 'using (x ₀ , y, t). The control circuit 351 inputs the initial input value x ₀ to the PPUF circuit 352 to establish a stabilized state. The PPUF circuit 352 reaches a stabilized state after a predetermined time has elapsed after receiving the initial input value x ₀ . The control circuit 351 determines the challenge for each response included in the response set y.

The process of determining the challenge for one response (assuming y ₁ ) will be described. The control circuit 351 determines the challenge x ₁ to output the response y ₁ after time t for all possible challenge candidates input to the PPUF circuit 352. At this time, the challenge candidate may include all possible challenges except for the basic input value x ₀ . Receiver 150 selects any challenge from the challenge candidates and confirms the response output at time t elapses from when the challenge selected in the stabilization state is input to PPUF circuit 152. [ At this time, the receiver 150 determines the currently selected challenge as the challenge x ' ₁ constituting the secret key when the response outputted at the time t elapses after the selected specific challenge is inputted is y ₁ .

The control circuit 351 repeats the process of determining the challenge for each of the responses included in the response set to prepare the challenge set x '= {x' ₁ , x ' ₂ , ..., x' _m }. The control circuit 351 generates the secret key X 'using the challenge set x'. The control circuit 351 decrypts the data D with the generated secret key X '.

The challenge set x 'generated by the control circuit 351 according to the characteristic of the PPUF circuit 351 is the same as the challenge set x generated by the transmitter 310. [ The secret key X 'generated by the same rule is the same as the secret key generated by the transmitter 310. Therefore, when the control circuit 351 performs a decoding process corresponding to the encryption of the transmitter 310, the encrypted data D can be correctly decoded.

On the other hand, even if the attacker who can not use the PPUF circuit 152 in the receiver 150 knows the delay information of the PPUF, the time for deciphering the secret key and decrypting the data takes much longer than the receiver 150. Therefore, the receiver 150 can use the longest time required for deciding the secret key and decrypting the data as the time limit. For example, the receiver 150 recognizes and processes only data decoded within a time limit from the time the message arrives as normal data. The time limit may be set based on the time the transmitter 110 sent the message. The time limit may be determined according to the number of challenges constituting the secret key and the time required to determine one challenge.

5 illustrates a system where transmitter 110 uses a software PPUF simulation module and receiver 350 uses physical PPUF circuitry. In some cases, the transmitter 310 may use a physical PPUF circuit, and the receiver 350 may use a software PPUF simulation module.

Adaptive secret key generation

The transmitter 310 may use a secret key having a specific length according to the performance of the system, the resource status of the system, the communication state, the residual energy, the user's request, and the like. The length of the secret key is determined by the number of challenges constituting the secret key. That is, the length of the secret key depends on the value of m in the challenge set x = {x ₁ , x ₂ , ..., x _m }. The transmitter 310 may select the appropriate m to generate the secret key.

The length of the secret key varies the energy and time required for the transmitter 310 and the receiver 350 to transmit data. For example, if transmitter 310 or receiver 350 is a device with limited energy, such as an IoT device, a secret key of the appropriate length is preferred.

It is assumed that the receiver 350 performs a specific task. If the receiver 350 performs the task, it should use system resources at a certain time. If the transmitter 310 generates a secret key of a relatively long length (a high security level) to encrypt data, the receiver 350 must use a relatively large amount of resources and energy in decrypting the encrypted data. In this case, the receiver 350 may not be able to properly handle conventional tasks. Therefore, it is preferable that the transmitter 310 adjusts the length of the secret key considering the resource status and energy of the receiver 350 beforehand. Here, the length of the secret key means the number m of the challenges constituting the secret key X. [

Let E _max be the maximum energy that the receiver 350 can use for a certain period of time. The energy required for the receiver 350 to perform the above-described task is called E _load . In this case, the receiver 350 performs the task and the remaining energy E _rem = E _max -E _load . Therefore, it is desirable to set the maximum security level based on the residual energy E _rem .

Transmitter 310 may use an empirical model that can estimate the energy consumed in generating and encrypting the secret key according to the secret key length. Experimental models can be prepared through an iterative process. Furthermore, various logic models may be provided for estimating the energy consumed in secret key generation and encryption. It is assumed that a model for estimating energy consumed in the secret key generation and encryption is prepared in advance. In this case, the transmitter 310 may drive the PPUF simulation model and estimate the expected energy consumption.

The transmitter 310 can generate a secret key of a certain length and estimate the energy consumed through the simulation. Here, it is assumed that the energy consumed in the secret key generation and encryption corresponds to the energy consumed in the secret key generation and decryption in the receiver 350. It is assumed that the transmitter 310 knows information about the residual energy E _rem of the receiver 350. In this case, the transmitter 310 may determine the length of the secret key having the highest security level in consideration of the residual energy of the specific receiver 350. That is, the transmitter 310 may select a secret key suitable for the residual energy E _rem of the receiver 350 while changing the length of the secret key.

Or transmitter 310 may pre-reserve information about the energy consumed in generating and encrypting the secret key for various secret key lengths. Table 1 below shows examples of the energy consumed in generating the secret key and the energy consumed in encrypting 20 Kbytes of data with the secret key. In this case, the transmitter 310 may determine the length of the secret key as soon as it knows the residual energy E _rem of the receiver 350. The transmitter 310 prepares a challenge set x to have the length of the corresponding secret key.

The transmitter 310 estimates the energy consumed. This takes into account the case where the energy of the stage of the receiver 350 is more limited. For example, the transmitter 310 may be a server or gateway device, and the receiver 350 may be an IoT device.

It is assumed that the energy consumed in the secret key generation and encryption corresponds to the energy consumed in the secret key generation and decryption in the receiver 350. Further, the transmitter 310 may use a model that estimates the energy consumed by the secret key generation and decryption at the receiver 350.

Update your secret key

The transmitter 310 can continue to transmit encrypted data using the same secret key to the same receiver 350. [ Further, the transmitter 310 may transmit data while changing the secret key periodically or aperiodically. When changing the secret key, the transmitter 310 must transmit a new (x ₀ , y, t) with D. Further, the transmitter 310 may change the period for changing the secret key in consideration of the current security level (the length of the secret key). For example, if the security level is low, the transmitter 310 may frequently change the secret key. The transmitter 310 may change the period of changing the secret key to the same receiver 350 to further enhance security.

FIG. 6 is another example of a procedure flow diagram for the PPUF-based data transmission process 400. FIG. 6 is an example in which the transmitter 310 controls the length of the secret key. The transmitter 310 collects information on the available energy situation of the receiver 350 in advance (401). Optionally, the transmitter 310 may receive the available energy information of the receiver 350 from the control center.

Transmitter 310 generates a secret key for data encryption (411). The transmitter 310 determines the length m of an appropriate secret key considering the available energy of the receiver 350. The transmitter 310 can determine the length of the secret key with the highest security level in the available energy range (1). The transmitter 310 selects an initial input value x ₀ and a specific time t (2). The transmitter 310 inputs the initial input value x ₀ to the PPUF (software module or hardware circuit) and waits for a predetermined time (entering the stabilization state). The transmitter 310 selects a plurality of challenges by repeating the process of selecting a specific challenge in the stabilized state in consideration of the secret key length. In doing so, the transmitter 310 selects the challenge set x = {x ₁ , x ₂ , ..., x _m } (3). The transmitter 310 generates a secret key X having a length m using the challenge set x (4). Meanwhile, the transmitter 110 determines a response to be output at a point of time t elapsed from the input of each challenge included in the challenge set in the stabilized state. Responses are determined for all the challenges included in the challenge set to generate a response set y = {y ₁ , y ₂ , ..., y _m } (5).

The transmitter 310 encrypts the data (data) to be transmitted using the secret key X (412). One of various algorithms can be used to encrypt the secret key. However, the encryption method used in the transmitter 310 and the decryption method used in the receiver 350 must correspond to each other.

The transmitter 310 transmits (x ₀ , y, t) among the information determined by the transmitter 310 (421). The transmitter 310 transmits the data D encrypted by itself (421). Transmitter 110 may transmit (x ₀ , y, t) and D simultaneously.

The receiver 350 first determines the secret key using the received information (431). The receiver 350 repeats the same process for each response included in the response set y to determine a challenge set x 'for the entire response (1). The receiver 350 inputs the received initial input value x ₁ as PPUF and waits for a predetermined time elapse. It is assumed that the time to reach the stabilization state after the initial input value x ₁ is pre-shared time. Or the time that the transmitter 310 is in a stabilized state, to the receiver 350. Receiver 350 selects a particular challenge among the possible challenge candidates for each response in the response set, and confirms the response at time t after entering the selected challenge. The receiver 350 inputs the selected challenge into the PUFF circuit, and when the currently selected response is output at time t, the currently selected challenge is determined as a challenge for the currently selected response. Through which the receiver 350 can provide a challenge set x 'for the response set y. The receiver 150 then generates the secret key X using the challenge set x '(2).

The receiver 350 then decrypts the encrypted data D using the determined secret key X (432).

As described above, the communication system can set a time limit for legitimate data processing. For example, the receiver 350 can process the decrypted data as legitimate data only when decrypting the data within a predetermined time limit from when the message is received. Alternatively, the receiver 350 can process the decoded data as legitimate data only when the transmitter 310 decodes the data within a predetermined time limit from when the message is transmitted.

Meanwhile, the receiver 350 may transmit the decoded data to the transmitter 310. When the transmitter 310 receives the decrypted data from the receiver 350 within a time limit, the receiver 350 can be authenticated as a legitimate receiver. The transmitter 310 may then further transmit the encrypted data to the receiver 350 in the same manner. The time limit can be appropriately determined considering the performance of the system, the length of the secret key, and the like.

7 is an example of a data transmission system 500 based on PPUF.

System 500 includes a transmitter 510 and receivers 550A and 550B. The transmitter 510 has a PPUF simulation module as described in FIG. However, the system 500 includes two receivers 550A and 550B. Thus, the transmitter 510 has two PPUF simulation modules with delay characteristics of the PPUF circuitry in the two receivers 550A and 550B. The PPUF simulation module A is a module based on the delay characteristic of the PPUF circuit A included in the receiver 550A. The PPUF simulation module B is a module based on the delay characteristics of the PPUF circuit B included in the receiver 550B.

Transmitter 510 transmits different information to receiver 550A and receiver 550B. 7 shows that the transmitter 510 transmits the input initial value x _a , the response set y _b , the time t _b to the receiver 550A and the input initial value x _a , the response set y _c , the time t _c As shown in FIG. The input initial value can also be different for each receiver. Although not shown, the secret key used by the transmitter 510 to encrypt data is different for each of the two receivers 550A and 550B. Further, the transmitter 510 determines the length of the secret key considering the available energy of the receivers 550A and 550B. Therefore, the lengths of the secret keys transmitted by the transmitter 510 to the respective receivers 550A and 550B may be different from each other. The encrypted data D _A and D _B transmitted by the transmitter 510 to the two receivers 550A and 550B are different from each other even if the actual data to be transmitted is the same.

In the PPUF based data transmission system 500, the actual transmitter 510 and the receiver 550 may be various devices. For example, the transmitter 510 may be a variety of devices such as a server, a mobile terminal, a PC, an IoT device, and the like. The receivers 550A and 550B may also be various devices such as a server, a portable terminal, a PC, an IoT device, and the like.

Either the transmitter 510 or the receiver 550A or 550B may be a device lacking energy and resources. For example, assume that the available energy of receiver 550B is a limited IoT device. The receiver 550B may be a sensor device that collects specific information. In this case, the receiver 550B preferably includes a physical PPUF circuit as shown in Fig. Receiver 550B must use the received information to determine the challenge value that is used repeatedly as the secret key, but it may be efficient to use physical PPUF circuitry. In addition, since the transmitter 510 uses the length of an appropriate secret key in consideration of the situation of the energy-limited IoT device, the receivers 550A and 550B can perform their own operations.

The present embodiment and drawings attached hereto are only a part of the technical idea included in the above-described technology, and it is easy for a person skilled in the art to easily understand the technical idea included in the description of the above- It will be appreciated that variations that may be deduced and specific embodiments are included within the scope of the foregoing description.

100: Data transmission system based on PPUF
110: Transmitter
111: control circuit
112: storage device
113: Communication circuit
150: receiver
151: Control circuit
152: PPUF circuit
153: Storage device
154: Communication circuit
300: Data transmission system based on PPUF
310: Transmitter
311: Control circuit
312: Storage device
313: Communication circuit
350: receiver
351: Control circuit
352: PPUF circuit
353: Storage device
354: Communication circuit
500: Data transmission system based on PPUF
510: Transmitter
550A, 550B: receiver

Claims (13)

The transmitter repeats the process of determining the response value output at the reference time after the first challenge value and the first challenge value are input using the delay characteristics of a PPUF (Public Physically Unclonable Function) to generate a plurality of first challenge values Determining a response set including a first challenge set and a plurality of responses;
Transmitting, by the transmitter, information including the reference time and the response set, and transmitting the encrypted data using the secret key generated using the plurality of first challenge values;
The receiver receives the information and generates a specific second challenge value for outputting the respective response values at the reference time from the input of the challenge value in the PPUF circuit having the delay characteristic for each of the response values included in the response set Determining a second set of challenges comprising a plurality of second challenge values; And
And decrypting the encapsulated data using the secret key generated by the receiver using the plurality of second challenge values. ≪ Desc / Clms Page number 21 > The method according to claim 1,
Wherein the transmitter further includes an initial challenge value input to the PPUF in the information and transmits the PPUF-based adaptive secret key. The method according to claim 1,
The transmitter uses PPUF-based adaptive secret keys to determine the first challenge value, the reference time and the response value using software simulating the operation of the PPUF circuit based on the delay characteristics of the PPUF circuit of the receiver The method of data transmission used. The method according to claim 1,
Wherein the transmitter is further configured to use the available energy information of the receiver to determine the number of first challenges included in the first challenge set. The method according to claim 1,
Wherein the information further includes an initial challenge value,
The receiver selects a specific value among all possible challenge values after a predetermined time elapses after inputting the initial challenge value to the PPUF circuit for the one of the response sets, and inputs the selected value to the PPUF circuit And a second challenge value for outputting the one of the response values at the reference time from the time when the selected challenge value is repeatedly input. The method according to claim 1,
And using the PPUF-based adaptive secret key to process the decrypted data as legitimate only when the receiver decrypts the encrypted data within a time limit. Determining a plurality of response values to be output at a reference time after each of the initial challenge value, the plurality of first challenge values, and the first challenge value is input by using a delay characteristic of a PPUF (Public Physically Unclonable Function) A transmitter for transmitting encrypted data using a secret key generated using a challenge value, the reference time, the plurality of response values, and the plurality of first challenge values; And
The PPUF circuit receiving the initial challenge value, the reference time, the plurality of response values, and the data and outputting the respective response values at the reference time from the input of the challenge value in the PPUF circuit having the delay characteristics for each of the plurality of response values And an IoT device for deciding the specific second challenge value to be output and decrypting the encapsulated data received by using the secret key generated by using the plurality of second challenge values, based on the PPUF-based adaptive secret key IoT communication system used. 8. The method of claim 7,
The transmitter uses software that simulates the operation of the PPUF circuit based on the delay characteristics of the PPUF circuit of the receiver,
The first challenge value is input to the PPUF circuit when a predetermined time has elapsed after the initial challenge value is input to the PPUF circuit for any one of the first challenge values of the plurality of first challenge values The PPUF-based adaptive secret key is used to determine a response value to be output at a time point when the reference time elapses from the time point when the reference time elapses. 8. The method of claim 7,
Wherein the always-on transmitter uses an adaptive secret key based on PPUF to determine the number of first challenges constituting the plurality of first challenge values using available energy information of the receiver. 8. The method of claim 7,
Wherein the IoT device comprises the PPUF circuit,
A step of inputting the initial challenge value to any one of the plurality of response values to the PPUF circuit, selecting a specific value among all possible challenge values after a specific time elapses, and inputting the selected value to the PPUF circuit Wherein the PPUF-based adaptive secret key is used to determine a second challenge value for outputting the one of the response values at the reference time from the input of the selected challenge value. A communication circuit for receiving an initial challenge value, a reference time, a plurality of response values and encrypted data from a transmitting node;
A PPUF circuit comprising a plurality of XOR gates; And
The initial challenge value for each of the plurality of response values is inputted to the PPUF circuit, a specific value among all possible challenge values is selected in a state where a specific time has elapsed, and the selected challenge value is input to the PPUF circuit, And a control circuit for determining a second challenge value for outputting the currently selected response value at the reference time from the input time point. 12. The method of claim 11,
Wherein the control circuit decodes the data using a plurality of the second challenge values as a secret key. 12. The method of claim 11,
Wherein the number of each of the plurality of response values constituting the plurality of response values is determined by the transmitting node on the basis of the available energy of the IoT device.

Images