Authentication System

Abstract

A device authentication system for use with an authenticatable device having a physically-unclonable function and constructed to, in response to input of challenge C, internally generate an output O characteristic to the PUF and the challenge C, and configured to: i) upon receiving challenge C, generate a corresponding commitment value that depends upon a private value r, and ii) upon receiving an authentication query that includes the challenge C and a nonce, return a zero knowledge proof authentication value that corresponds to the commitment value. The system comprises an enrollment server having a working verification set that includes challenge C and corresponding commitment value, wherein: a) the enrollment server is configured to generate an authentication token that corresponds to the authentication value and includes a blinded value depending upon the private value r and a random value decryptable by the authenticatable device; and / or b) the system is configured to pre-process and convey data to the authenticatable device as part of an extended Boyko-Peinado-Venkatesan generation.

Description

CROSS REFERENCE TO RELATED APPLICATIONS[0001]This application claims the benefit of provisional application Ser. No. 61 / 902,283 filed Nov. 10, 2013, which is incorporated by reference here including its Introduction and other matter not expressly set forth here. The contents of U.S. Patent Application Publication No. 2013 / 0212642 and Applicant's co-pending U.S. patent application Ser. No. 13 / 829,826 are also incorporated here by reference, in particular their disclosure of a Resilient Device Authentication System, with which suitable embodiments of the system described herein can be used.FIELD OF THE INVENTION[0002]This disclosure relates generally to hardware verification, and in particular but not exclusively, to binding authentication to protect against tampering and subversion by substitution.BACKGROUND OF THE INVENTION[0003]The unique properties of PUFs provide several advantages over traditional public key infrastructure (PKI) constructions. In general, PUFs provide two core p...

AI Technical Summary

Benefits of technology

[0020]A device authentication system according to the present invention is for use with an authenticatable device having a physically-unclonable function (“PUF”) and constructed so as to, in response to the input of a specific challenge C, internally generate an output O that is characteristic to the PUF and the specific challenge C, the authenticatable device configured to: i) upon receiving the specific challenge C, generate a corresponding commitment value that depends upon a private value r, and ii) upon receiving an authentication query that includes the specific challenge C and a nonce, return a zero knowledge proof authentication value that corresponds to the commitment value. The device authentication system comprises an enrollment server having a working verification set that includes the specific challenge C and the authenticatable device's corresponding commitment value, wherein: a) the enrollment server is configured to generate an authentication token that corresponds to the zero knowledge proof authentication value and includes a blinded value depending upon the private value r and a random value that can be decrypted by the authenticatable device; and / or b) the system is configured to pre-process and convey data to the authenticatable device as part of an extended Boyko-Peinado-Venkatesan generation.

Problems solved by technology

As the PUF relies on unclonable hardware tolerances (e.g. wire delays, resistance, etc.), any modification to either the PUF or the attached integrated circuit will irreversibly alter the PUF's mapping from challenges to responses.

Thus, if an adversary attempts to acquire the full challenge-response pair set, the time required to achieve this would exceed the lifetime of the device.

Katzenbeisser et al. evaluate the assumed properties of various PUF constructions, finding that many lack essential characteristics of an ideal PUF.

While all PUF constructions are acceptably robust, the arbiter PUF has low entropy while flip-flop and latch PUFs are heavily affected by temperature fluctuations.

A drawback for ring oscillators is low min-entropy, while SRAM lacks an exponential input space.

By employing PUFs, the secret key is no longer duplicable, as PUFs are by design unclonable.

Thus, the underlying construction becomes infeasible to build, and the designer and adversary face the same asymptotic difficulty.

The attacks presented are sufficient to break most PUF constructions in production, and demonstrate that other approaches seem to meet with exponential increases in complexity for both defender and adversary.

Kirkpatrick et al. describe how to use PUFs to generate read-once keys, where upon use the key is immediately destroyed and further use is impossible.

Existing models did not allow the broad range of PUF constructions to be accurately modeled, for example by requiring the PUF to act as a physical one-way function.

The authors demonstrate that any protocol for oblivious transfer or key exchange based solely on the use of a PUF is impossible when the adversary has posterior access to the PUF.

Similar impossibility results are given for other security models, even when the PUF is modeled as an ideal random permutation oracle.

Finally, the authors demonstrate that the application of Brzuska et al. to the universally composable framework of Canetti is not valid in these security models, and should be considered an open problem.

Images