[go: up one dir, main page]

CN105978694B - The strong physics unclonable function device and its implementation of anti-modeling attack - Google Patents

The strong physics unclonable function device and its implementation of anti-modeling attack Download PDF

Info

Publication number
CN105978694B
CN105978694B CN201610282695.6A CN201610282695A CN105978694B CN 105978694 B CN105978694 B CN 105978694B CN 201610282695 A CN201610282695 A CN 201610282695A CN 105978694 B CN105978694 B CN 105978694B
Authority
CN
China
Prior art keywords
module
boolean
excitation
function device
unclonable function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610282695.6A
Other languages
Chinese (zh)
Other versions
CN105978694A (en
Inventor
叶靖
胡瑜
郭青丽
龚越
李晓维
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Computing Technology of CAS
Original Assignee
Institute of Computing Technology of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Computing Technology of CAS filed Critical Institute of Computing Technology of CAS
Priority to CN201610282695.6A priority Critical patent/CN105978694B/en
Publication of CN105978694A publication Critical patent/CN105978694A/en
Application granted granted Critical
Publication of CN105978694B publication Critical patent/CN105978694B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Professional, Industrial, Or Sporting Protective Garments (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本发明适用于信息安全及集成电路技术领域,提供了一种抗建模攻击的强物理不可克隆函数装置,包括:布尔混淆模块,用于将输入激励经多个弱物理不可克隆函数及布尔逻辑元件再处理后输出响应,实现布尔逻辑关系不可预测;激励划分模块,用于将输入激励划分为有效激励与无效激励;攻击检测模块,用于检测所述无效激励识别出建模攻击,处理所述无效激励和所述建模攻击;响应计算模块,用于通过强物理不可克隆函数装置对所述有效激励进行响应计算。还提供一种基于抗建模攻击的强物理不可克隆函数装置的实现方法。借此,本发明保证强物理不可克隆函数装置随机性与稳定性的同时,能够主动检测并被动防御严重威胁强物理不可克隆函数装置安全的建模攻击。

The present invention is applicable to the fields of information security and integrated circuit technology, and provides a strong physical unclonable function device that is resistant to modeling attacks, including: a Boolean confusion module, which is used to pass input excitation through multiple weak physical unclonable functions and Boolean logic After the components are reprocessed, the output response realizes the unpredictable Boolean logic relationship; the stimulus division module is used to divide the input stimulus into valid stimulus and invalid stimulus; the attack detection module is used to detect the invalid stimulus and identify the modeling attack, and process all The invalid incentive and the modeling attack; a response calculation module, used to perform response calculation on the effective incentive through a strong physical unclonable function device. Also provided is an implementation method of a strong physical unclonable function device based on anti-modeling attack. Thereby, while ensuring the randomness and stability of the strong physical unclonable function device, the present invention can actively detect and passively defend against modeling attacks that seriously threaten the safety of the strong physical unclonable function device.

Description

抗建模攻击的强物理不可克隆函数装置及其实现方法Strong Physical Unclonable Function Device Against Modeling Attacks and Its Implementation Method

技术领域technical field

本发明涉及信息安全领域及集成电路领域,尤其涉及一种硬件安全设计,特别是涉及一种抗建模攻击的强物理不可克隆函数装置及其实现方法。The invention relates to the field of information security and the field of integrated circuits, in particular to a hardware security design, in particular to a strong physical unclonable function device resistant to modeling attacks and an implementation method thereof.

背景技术Background technique

随着电子设备的广泛使用,安全和隐私成为重要问题。被认为能永久存储和不被攻击者所知的密钥是传统密码学的核心,然而,很多攻击方法已经能破解密钥,这就使得密钥不足以保证安全。为有效地解决安全问题,物理不可克隆函数(Physical UnclonableFunction,PUF)应运而生,它是一种硬件部件,能更有效地应对安全问题。With the widespread use of electronic devices, security and privacy have become important issues. The key that is considered to be permanently stored and unknown to the attacker is the core of traditional cryptography. However, many attack methods have been able to crack the key, which makes the key insufficient to ensure security. In order to effectively solve the security problem, the Physical Unclonable Function (Physical Unclonable Function, PUF) came into being, which is a hardware component that can deal with the security problem more effectively.

PUF利用芯片制造时不可避免的工艺偏差产生特定的输入输出对,又称激励响应对(Challenge-Response Pair,CRP)。即使是同样的电路设计,在制造过程中的工艺偏差使得不同芯片的PUF,面对相同的输入激励,可能会产生不同的输出响应,即CRP不同。由于工艺偏差本身难以控制和预测,因此,这些CRP既不能在PUF制造前被预测,也难以在PUF制造后被复制。这相比于传统密钥,具有更大的优势。PUF的这种特性使其在安全领域得到了广泛应用,如知识产权保护、鉴定、认证、识别等。The PUF uses the inevitable process deviation during chip manufacturing to generate a specific input-output pair, also known as a Challenge-Response Pair (CRP). Even with the same circuit design, the process deviation in the manufacturing process makes the PUF of different chips face the same input stimulus, which may produce different output responses, that is, different CRP. Since the process deviation itself is difficult to control and predict, these CRPs can neither be predicted before PUF fabrication nor replicated after PUF fabrication. This has a greater advantage over traditional keys. This characteristic of PUF makes it widely used in the field of security, such as intellectual property protection, authentication, authentication, identification, etc.

广义上讲PUF可以被分为两类:弱PUF和强PUF。这里的强和弱并非指它们的安全性高低,而是CRP的数量多少,他们的特征分别如下。Broadly speaking, PUFs can be divided into two categories: weak PUFs and strong PUFs. The strength and weakness here do not refer to their security level, but the number of CRP, and their characteristics are as follows.

弱PUF只有很少量的CRP,多数情况下一个弱PUF只有一个CRP。例如,介电粒子层PUF是一种弱PUF,在制造时,随机的撒上一层介电粒子,由于它们的分布难以预测,因此介电粒子层PUF依据随机覆盖的介电粒子层所决定的电容大小产生响应。又如,静态随机存取存储(Static Random Access Memory,SRAM)PUF是另一种弱PUF,受工艺偏差的影响,每个SRAM单元都具有不同的电气特性,在芯片上电的瞬间,不同的SRAM单元之间会随机并且独立地存储0或1,而自然形成了一个CRP。其它一些存储单元如闪存、动态随机存取存储器、忆阻器等同样也具有类似的特性,因而可以用来构造弱PUF。由于基于存储单元的弱PUF只在上电的时候会产生响应,因此相比于存储在非易失性存储器中的密钥更加安全。由于弱PUF仅有少量CRP,因此它们的CRP一般会有专用的一次性安全通道用于厂商在芯片制造后获取,而之后,攻击者则很难再次通过该通道窃取CRP。A weak PUF has only a small amount of CRP, and in most cases a weak PUF has only one CRP. For example, the dielectric particle layer PUF is a weak PUF. During manufacture, a layer of dielectric particles is randomly sprinkled. Because their distribution is difficult to predict, the dielectric particle layer PUF is determined according to the randomly covered dielectric particle layer. The size of the capacitance produces a response. As another example, Static Random Access Memory (SRAM) PUF is another kind of weak PUF. Due to the influence of process deviation, each SRAM unit has different electrical characteristics. When the chip is powered on, different SRAM cells will randomly and independently store 0 or 1, and naturally form a CRP. Some other storage units such as flash memory, dynamic random access memory, memristor, etc. also have similar characteristics, so they can be used to construct weak PUFs. Since the weak PUF based on the storage unit will only generate a response when it is powered on, it is more secure than a key stored in a non-volatile memory. Since weak PUFs only have a small amount of CRP, their CRP generally has a dedicated one-time security channel for manufacturers to obtain after the chip is manufactured, and then it is difficult for attackers to steal CRP through this channel again.

与弱PUF相比,强PUF则拥有大量CRP。仲裁PUF是一种典型的强PUF,它通过比较两条路径传播跳变的时延来确定响应,每条路径由多个子路径构成,而子路径的选择则是由激励所决定,不同的激励构造的两条路径不相同,而它们的时延大小也不尽相同,从而产生了随机的响应。为了提高仲裁PUF的安全性,仲裁PUF还有许多其它扩展,如前馈仲裁PUF、异或仲裁PUF、轻量仲裁PUF、电流镜PUF等。前馈仲裁PUF通过比较部分路径的时延大小来指导剩余路径中子路径的选择;异或仲裁PUF将多个仲裁PUF的响应进行异或作为最终的响应;轻量仲裁PUF仍然使用异或门对多个仲裁PUF的响应进行异或计算,但一次性得到多个响应比特;电流镜PUF则引入电流代替时延进行比较。环形振荡PUF是另一种强PUF,它的响应通过比较不同环形振荡器的频率大小来确定,而被比较的环形振荡器则由激励决定,但环形振荡PUF硬件开销较大、CRP的数量也比不上仲裁PUF。由于强PUF有大量的CRP,如1038个CRP,而攻击者不可能在合理时间内,如100年时间内读取所有的CRP,又不知道在实际应用时哪些CRP会被使用,因此对强PUF的CRP访问一般没有限制,厂商在芯片制造后会通过CRP的访问端口选择特定的CRP用于后续的应用。Compared with weak PUFs, strong PUFs possess a large amount of CRP. Arbitration PUF is a typical strong PUF. It determines the response by comparing the delay of two path propagation jumps. Each path is composed of multiple sub-paths, and the selection of sub-paths is determined by incentives. Different incentives The two constructed paths are different, and their delays are also different, resulting in random responses. In order to improve the security of arbitration PUF, arbitration PUF has many other extensions, such as feedforward arbitration PUF, XOR arbitration PUF, lightweight arbitration PUF, current mirror PUF, etc. Feedforward arbitration PUF guides the selection of sub-paths in the remaining paths by comparing the delay of some paths; XOR arbitration PUF XORs the responses of multiple arbitration PUFs as the final response; lightweight arbitration PUF still uses XOR gates The XOR calculation is performed on the responses of multiple arbitration PUFs, but multiple response bits are obtained at one time; the current mirror PUF introduces current instead of time delay for comparison. The ring oscillator PUF is another strong PUF. Its response is determined by comparing the frequency of different ring oscillators, and the compared ring oscillator is determined by the excitation. However, the hardware overhead of the ring oscillator PUF is large, and the number of CRP Not as good as the arbitration PUF. Since a strong PUF has a large number of CRPs, such as 10 38 CRPs, and it is impossible for an attacker to read all the CRPs within a reasonable time, such as 100 years, and does not know which CRPs will be used in actual applications, the The CRP access of strong PUF is generally not restricted. After the chip is manufactured, the manufacturer will select a specific CRP for subsequent applications through the CRP access port.

随着PUF的研究和应用日益增多,PUF的安全性也受到严重威胁,基于机器学习的建模攻击方法就严重威胁着诸如仲裁PUF等强PUF的安全性。由于强PUF有大量CRP,若为每个CRP设计独立的电路,显然硬件开销十分巨大,因此,强PUF的不同CRP之间都有一定的关联,建模攻击正是通过机器学习来推测这种关联,从而破解强PUF的CRP。建模攻击首先根据强PUF的电路结构,建立以相关物理特性为未知数的CRP模型,然后通过机器学习从获取的部分CRP数据推测这些相关物理特性,然后,对于未知响应的激励,则可以根据所推测的相关物理特性,预测其响应,实现对强PUF的破解。常用的机器学习方法有支持向量机、逻辑回归、进化策略等。使用建模攻击破解仲裁型PUF和环形振荡PUF,CRP预测精度可达到99%以上。即使前馈仲裁PUF、异或仲裁PUF、轻量仲裁PUF和电流镜PUF使强PUF的结构更加复杂,然而使用建模攻击得到的CRP预测精度平均仍然可以达到90%以上,可见强PUF的安全性受到严重威胁。With the increasing research and application of PUF, the security of PUF is also seriously threatened. The modeling attack method based on machine learning seriously threatens the security of strong PUF such as arbitration PUF. Since a strong PUF has a large number of CRPs, if an independent circuit is designed for each CRP, obviously the hardware overhead is huge. Therefore, there is a certain correlation between different CRPs of a strong PUF. The modeling attack uses machine learning to infer this Association, thereby cracking the CRP of the strong PUF. The modeling attack first establishes a CRP model with relevant physical properties as unknowns based on the circuit structure of the strong PUF, and then uses machine learning to infer these relevant physical properties from part of the CRP data obtained. Predict the relevant physical properties, predict its response, and realize the cracking of the strong PUF. Commonly used machine learning methods include support vector machines, logistic regression, and evolutionary strategies. Using modeling attack to crack the arbitration type PUF and ring oscillation PUF, the CRP prediction accuracy can reach more than 99%. Even though feed-forward arbitration PUF, XOR arbitration PUF, lightweight arbitration PUF and current mirror PUF make the structure of strong PUF more complex, the average CRP prediction accuracy obtained by using modeling attacks can still reach more than 90%, which shows that strong PUF is safe. Sexuality is seriously threatened.

综上可知,现有技术在实际使用上显然存在不便与缺陷,所以有必要加以改进。In summary, there are obviously inconveniences and defects in the actual use of the prior art, so it is necessary to improve it.

发明内容Contents of the invention

针对上述的缺陷,本发明的目的在于提供一种抗建模攻击的强物理不可克隆函数装置及其实现方法,目的是保证强物理不可克隆函数装置随机性与稳定性的同时,能够主动检测并被动防御严重威胁强物理不可克隆函数装置安全的建模攻击,从而有效抵抗建模攻击。In view of the above-mentioned defects, the purpose of the present invention is to provide a strong physical unclonable function device and its implementation method against modeling attacks, the purpose is to ensure the randomness and stability of the strong physical Passive defense against modeling attacks that seriously threaten the security of strong physical unclonable function devices, thus effectively resisting modeling attacks.

为了实现上述目的,本发明提供一种抗建模攻击的强物理不可克隆函数装置,包括:In order to achieve the above object, the present invention provides a strong physical non-clonable function device resistant to modeling attacks, including:

布尔混淆模块,用于将输入激励经多个弱物理不可克隆函数装置及布尔逻辑元件再处理后输出响应,实现布尔逻辑关系不可预测;The Boolean confusion module is used to output the response after the input stimulus is reprocessed by multiple weak physical unclonable function devices and Boolean logic elements, so as to realize the unpredictable Boolean logic relationship;

激励划分模块,用于将输入激励划分为有效激励与无效激励;An incentive division module is used to divide input incentives into valid incentives and invalid incentives;

攻击检测模块,用于检测所述无效激励识别出建模攻击,处理所述无效激励和所述建模攻击;An attack detection module, configured to detect the invalid stimulus and identify a modeling attack, and process the invalid stimulus and the modeling attack;

响应计算模块,用于通过强物理不可克隆函数装置对所述有效激励进行响应计算。The response calculation module is used to calculate the response of the effective stimulus through the strong physical unclonable function device.

根据本发明所述强物理不可克隆函数装置,所述布尔混淆模块包括:According to the strong physical unclonable function device of the present invention, the Boolean confusion module includes:

弱PUF子模块,用于所述弱物理不可克隆函数装置对所述输入激励处理得到布尔逻辑配置比特;The weak PUF sub-module is used for the weak physical unclonable function device to process the input excitation to obtain Boolean logic configuration bits;

布尔确定子模块,用于输入所述弱物理不可克隆函数装置的响应,并通过确定的输入输出的布尔逻辑关系对所述响应再处理得到输出响应;和/或The Boolean determination sub-module is used to input the response of the weak physical unclonable function device, and reprocess the response through the determined input-output Boolean logic relationship to obtain an output response; and/or

厂商通过一次性安全通道获取所述弱物理不可克隆函数装置响应得到所述布尔混淆模块实际布尔逻辑。The manufacturer obtains the response of the weak physical unclonable function device through a one-time secure channel to obtain the actual Boolean logic of the Boolean obfuscation module.

根据本发明所述强物理不可克隆函数装置,所述激励划分模块包括:According to the strong physical unclonable function device of the present invention, the incentive division module includes:

划分规则子模块,用于定义所述有效激励和无效激励的划分规则;The division rule submodule is used to define the division rules of the effective incentives and invalid incentives;

划分执行子模块,用于将所述输入激励与所述划分规则做比较,得出所述输入激励的类别;A division execution submodule, configured to compare the input stimulus with the division rule to obtain the category of the input stimulus;

所述划分规则包括:所述输入激励划分为有效激励集合与无效激励集合;有效激励集合为所述强物理不可克隆函数装置在正常应用中合法使用的输入集合,无效激励集合为所述强物理不可克隆函数装置在正常应用中非法使用的输入集合。The division rules include: the input stimulus is divided into a valid stimulus set and an invalid stimulus set; the valid stimulus set is the input set legally used by the strong physical unclonable function device in normal applications, and the invalid stimulus set is the strong physical A set of inputs that are illegally used by a non-clonable function device in normal applications.

根据本发明所述强物理不可克隆函数装置,所述激励划分模块由所述布尔混淆模块的硬件电路资源实现,所述划分规则根据所述布尔混淆模块的类型决定;According to the strong physical unclonable function device of the present invention, the incentive division module is realized by the hardware circuit resources of the Boolean obfuscation module, and the division rule is determined according to the type of the Boolean obfuscation module;

当所述输入激励划分模块为开关型布尔混淆模块或开关常开型布尔混淆模块时,所述布尔混淆模块以串联的形式连接,所述划分规则包括:When the input excitation division module is a switch type Boolean confusion module or a switch normally open type Boolean confusion module, the Boolean confusion modules are connected in series, and the division rules include:

对所述输入激励C1~C4m进行划分,所述弱PUF子模块的响应与输入值共同决定了输出的值为有效值或HiZ;若所述输入激励使得从T0出发的跳变能够经过所述开关型布尔混淆模块SB1,SB2,...,SBm最终到达T1,则所述输入激励为有效激励;若所述输入激励使得从T0出发的跳变无法经过开关型布尔混淆模块SB1,SB2,...,SBm最终到达T1,则为无效激励;Divide the input stimuli C 1 to C 4m , the response of the weak PUF sub-module and the input value together determine the effective value or HiZ of the output; if the input stimuli enables the transition from T 0 to After the switch-type Boolean confusion modules S B1 , S B2 ,..., S Bm finally reach T 1 , the input excitation is an effective excitation; if the input excitation makes the transition from T 0 unable to pass through the switch Type Boolean confusion modules S B1 , S B2 ,...,S Bm finally reach T 1 , it is an invalid incentive;

当所述布尔混淆模块为开关型布尔逻辑混淆模块时,通过所述弱PUF子模块的输出控制字节控制所述布尔混淆模块的开关。When the Boolean obfuscation module is a switch type Boolean logic obfuscation module, the switch of the Boolean obfuscation module is controlled by the output control byte of the weak PUF sub-module.

根据本发明所述强物理不可克隆函数装置,所述攻击检测模块包括:According to the strong physical unclonable function device of the present invention, the attack detection module includes:

激励计数子模块,用于根据对所述输入激励的判断结果,对所述无效激励计数;The incentive counting submodule is used to count the invalid incentives according to the judgment result of the input incentives;

攻击处理子模块,用于根据所述无效激励计数数目达到攻击阈值时,触发应对攻击的处理。The attack processing sub-module is configured to trigger processing to deal with the attack when the number of invalid incentive counts reaches the attack threshold.

根据本发明所述强物理不可克隆函数装置,所述响应计算模块对所述输入激励的响应计算通过比较两条路径传播跳变的时延产生,每条所述路径的子路径由所述输入激励决定;According to the strong physical unclonable function device of the present invention, the response calculation of the response calculation module to the input stimulus is generated by comparing the time delays of two path propagation jumps, and the sub-paths of each path are determined by the input Incentive decisions;

所述响应计算模块处理所述跳变经所述路径的传播过程还可以合并和复用所述布尔混淆模块的硬件电路资源。The processing of the propagation process of the transition through the path by the response calculation module may also combine and reuse hardware circuit resources of the Boolean obfuscation module.

本发明提供一种基于抗建模攻击的强物理不可克隆函数装置的实现方法,包括:The present invention provides a method for implementing a strong physical unclonable function device based on anti-modeling attacks, including:

布尔混淆步骤,将输入激励经多个弱物理不可克隆函数装置及布尔逻辑元件再处理后输出响应,实现布尔逻辑关系不可预测;The Boolean obfuscation step is to output the response after the input stimulus is reprocessed by multiple weak physical unclonable function devices and Boolean logic elements, so that the Boolean logic relationship is unpredictable;

划分激励步骤,将输入激励划分为有效激励与无效激励;Divide the incentive steps, and divide the input incentives into valid incentives and invalid incentives;

检测攻击步骤,检测所述无效激励识别出建模攻击,处理所述无效激励和所述建模攻击;Detecting an attack step, detecting the invalid stimulus to identify a modeling attack, processing the invalid stimulus and the modeling attack;

响应计算步骤,通过强物理不可克隆函数装置对所述有效激励进行响应计算。In the response calculation step, the response calculation is performed on the effective stimulus through a strong physical unclonable function device.

根据本发明所述实现方法,所述布尔混淆步骤还包括:According to the implementation method of the present invention, the Boolean confusion step also includes:

所述弱物理不可克隆函数装置对所述输入激励处理得到布尔逻辑配置比特;The weak physical unclonable function device processes the input stimulus to obtain Boolean logic configuration bits;

输入所述弱物理不可克隆函数装置的响应,并通过确定的输入输出的布尔逻辑关系对所述响应再处理得到输出响应;和/或Input the response of the weak physical unclonable function device, and reprocess the response through the determined input-output Boolean logic relationship to obtain an output response; and/or

厂商通过一次性安全通道获取所述弱物理不可克隆函数装置响应得到实际布尔逻辑。The manufacturer obtains the response of the weak physical unclonable function device through a one-time secure channel to obtain the actual Boolean logic.

根据本发明所述实现方法,所述响应计算步骤还包括:According to the implementation method of the present invention, the response calculation step also includes:

所述输入激励的响应计算通过比较两条路径传播跳变的时延产生,每条所述路径的子路径由所述输入激励决定,并且处理所述跳变经所述路径的传播过程还可以复用所述布尔混淆步骤的硬件电路资源。The calculation of the response of the input stimulus is generated by comparing the time delays of the propagation jumps of the two paths, the sub-paths of each of the paths are determined by the input stimulus, and processing the propagation process of the jumps through the paths can also be Reusing the hardware circuit resources of the Boolean obfuscation step.

根据本发明所述实现方法,所述输入激励划分步骤包括:According to the implementation method of the present invention, the input excitation division step includes:

定义所述有效激励和无效激励的划分规则;defining rules for dividing said effective incentives and ineffective incentives;

将所述输入激励与所述划分规则做比较,得出所述输入激励的类别;comparing the input stimulus with the division rule to derive the category of the input stimulus;

所述划分规则包括:所述输入激励划分为有效激励集合与无效激励集合;有效激励集合为所述强物理不可克隆函数装置在正常应用中合法使用的输入集合,无效激励集合为所述强物理不可克隆函数装置在正常应用中非法使用的输入集合;The division rules include: the input stimulus is divided into a valid stimulus set and an invalid stimulus set; the valid stimulus set is the input set legally used by the strong physical unclonable function device in normal applications, and the invalid stimulus set is the strong physical The set of inputs illegally used by the non-clonable function device in normal applications;

所述攻击检测步骤包括:The attack detection steps include:

根据对所述输入激励的判断结果,对所述无效激励计数;counting the invalid stimuli according to the judgment result of the input stimuli;

根据所述无效激励计数数目达到攻击阈值时,触发应对攻击的处理。When the number of counts of invalid incentives reaches an attack threshold, processing to deal with attacks is triggered.

本发明通过抗建模攻击的强物理不可克隆函数装置结构及设计,在保证强物理不可克隆函数装置随机性与稳定性的同时,能够主动检测并被动防御严重威胁强物理不可克隆函数装置安全的建模攻击,从而有效抵抗建模攻击。Through the structure and design of the strong physical unclonable function device resistant to modeling attacks, the present invention can actively detect and passively defend against serious threats to the safety of the strong physical unclonable function device while ensuring the randomness and stability of the strong physical unclonable function device Modeling attacks to effectively resist modeling attacks.

附图说明Description of drawings

图1是本发明抗建模攻击的强物理不可克隆函数装置的系统结构图;Fig. 1 is a system structure diagram of a strong physical non-clonable function device resistant to modeling attacks of the present invention;

图2是本发明抗建模攻击的强物理不可克隆函数装置的优选实施例;Fig. 2 is a preferred embodiment of the strong physical unclonable function device of the present invention against modeling attacks;

图3是本发明基于抗建模攻击的强物理不可克隆函数装置的实现方法示意图;Fig. 3 is a schematic diagram of the implementation method of the strong physical unclonable function device based on the anti-modeling attack of the present invention;

图4是本发明基于抗建模攻击的强物理不可克隆函数装置的实现方法具体流程示意图;Fig. 4 is a schematic flow diagram of the implementation method of the strong physical unclonable function device based on the anti-modeling attack of the present invention;

图5A是本发明抗建模攻击的强物理不可克隆函数装置中布尔混淆模块实例之一;Fig. 5A is one example of the Boolean confusion module in the strong physical unclonable function device resistant to modeling attacks of the present invention;

图5B是本发明抗建模攻击的强物理不可克隆函数装置中布尔混淆模块实例之二;Fig. 5B is the second example of the Boolean confusion module in the strong physical unclonable function device resistant to modeling attacks of the present invention;

图5C是本发明抗建模攻击的强物理不可克隆函数装置中布尔混淆模块实例之三;Figure 5C is the third example of the Boolean confusion module in the strong physical unclonable function device resistant to modeling attacks of the present invention;

图6是本发明抗建模攻击的强物理不可克隆函数装置中激励划分模块由开关型布尔混淆模块实现的实施例示意图;Fig. 6 is a schematic diagram of an embodiment in which the incentive division module is implemented by a switch-type Boolean confusion module in the strong physical unclonable function device resistant to modeling attacks of the present invention;

图7是本发明中抗建模攻击的强物理不可克隆函数装置复用布尔混淆模块的响应计算模块的实施例示意图;7 is a schematic diagram of an embodiment of the response calculation module of the multiplexing Boolean confusion module of the strong physical unclonable function device resistant to modeling attacks in the present invention;

图8是本发明抗建模攻击的强物理不可克隆函数装置实例的有效激励数示意图;Fig. 8 is a schematic diagram of the effective number of incentives of an example of a strong physical non-clonable function device resistant to modeling attacks in the present invention;

图9是本发明抗建模攻击的强物理不可克隆函数装置实例的随机性评估示意图;Fig. 9 is a schematic diagram of randomness evaluation of an example of a strong physical unclonable function device resistant to modeling attacks in the present invention;

图10是本发明抗建模攻击的强物理不可克隆函数装置实例的稳定性评估示意图。Fig. 10 is a schematic diagram of the stability evaluation of an example of a strong physical unclonable function device resistant to modeling attacks in the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

图1示出了本发明提供一种抗建模攻击的强物理不可克隆函数装置100,包括:Fig. 1 shows that the present invention provides a strong physical unclonable function device 100 resistant to modeling attacks, including:

布尔混淆模块10,用于将输入激励经多个弱物理不可克隆函数装置及布尔逻辑元件再处理后输出响应,实现布尔逻辑关系不可预测;The Boolean confusion module 10 is used to output the response after the input stimulus is reprocessed by multiple weak physical unclonable function devices and Boolean logic elements, so as to realize the unpredictable Boolean logic relationship;

激励划分模块20,用于将输入激励划分为有效激励与无效激励;An incentive division module 20, configured to divide input incentives into valid incentives and invalid incentives;

攻击检测模块30,用于检测所述无效激励识别出建模攻击,处理所述无效激励和所述建模攻击;An attack detection module 30, configured to detect the invalid stimulus and identify a modeling attack, and process the invalid stimulus and the modeling attack;

响应计算模块40,用于通过强物理不可克隆函数装置对所述有效激励进行响应计算。The response calculation module 40 is configured to perform response calculation on the effective stimulus through a strong physical unclonable function device.

本发明抗建模攻击的强物理不可克隆函数装置100的一个优选的实施例中,如图2所示,所述布尔混淆模块10包括:In a preferred embodiment of the strong physical unclonable function device 100 resistant to modeling attacks of the present invention, as shown in Figure 2, the Boolean confusion module 10 includes:

弱PUF子模块11,用于所述弱物理不可克隆函数装置对所述输入激励处理得到布尔逻辑配置比特;The weak PUF sub-module 11 is used for the weak physical unclonable function device to process the input excitation to obtain Boolean logic configuration bits;

布尔确定子模块12,用于输入所述弱物理不可克隆函数装置的响应,并通过确定的输入输出的布尔逻辑关系对所述响应再处理得到输出响应;和/或The Boolean determination sub-module 12 is used to input the response of the weak physical unclonable function device, and reprocess the response through the determined input-output Boolean logic relationship to obtain an output response; and/or

厂商通过一次性安全通道获取所述弱物理不可克隆函数装置响应得到所述布尔混淆模块10实际布尔逻辑。弱PUF子模块11其响应即为布尔混淆模块10的布尔逻辑配置比特,对于不同的芯片,布尔逻辑配置比特也不相同,使布尔混淆模块10的布尔逻辑关系也不尽相同,在芯片制造后,厂商利用专用的一次性安全通道获取弱PUF中的响应;由于弱PUF子模块11的响应具有随机性,因此布尔确定子模块12的响应也具有随机性,且在制造前不可预测,使得布尔混淆模块10通过引入天然抗建模攻击的弱PUF提高安全性,弱PUF、原有的强物理不可克隆函数装置及相应的器件构成了抗建模攻击的强物理不可克隆函数装置100。The manufacturer obtains the response of the weak physical unclonable function device through a one-time secure channel to obtain the actual Boolean logic of the Boolean obfuscation module 10 . The response of the weak PUF sub-module 11 is the Boolean logic configuration bit of the Boolean obfuscation module 10. For different chips, the Boolean logic configuration bits are also different, so that the Boolean logic relationship of the Boolean obfuscation module 10 is not the same. , the manufacturer uses a dedicated one-time security channel to obtain the response in the weak PUF; because the response of the weak PUF sub-module 11 is random, the response of the Boolean sub-module 12 is also random, and it is unpredictable before manufacturing, making the Boolean The obfuscation module 10 improves security by introducing a weak PUF that is naturally resistant to modeling attacks. The weak PUF, the original strong physical unclonable function device and corresponding devices constitute a strong physical unclonable function device 100 that is resistant to modeling attacks.

在本实施例中,所述激励划分模块20包括:In this embodiment, the incentive division module 20 includes:

划分规则子模块21,用于定义所述有效激励和无效激励的划分规则;The division rule sub-module 21 is used to define the division rules of the valid incentives and invalid incentives;

划分执行子模块22,用于将所述输入激励与所述划分规则做比较,得出所述输入激励的类别;The division execution sub-module 22 is used to compare the input stimulus with the division rule to obtain the category of the input stimulus;

所述划分规则包括:所述输入激励划分为有效激励集合与无效激励集合;有效激励集合为所述强物理不可克隆函数装置在正常应用中合法使用的输入集合,无效激励集合为所述强物理不可克隆函数装置在正常应用中非法使用的输入集合。The division rules include: the input stimulus is divided into a valid stimulus set and an invalid stimulus set; the valid stimulus set is the input set legally used by the strong physical unclonable function device in normal applications, and the invalid stimulus set is the strong physical A set of inputs that are illegally used by a non-clonable function device in normal applications.

优选的是,如图6所示,所述激励划分模块20由布尔混淆模块10的硬件电路资源实现,所述划分规则根据布尔混淆模块10的类型决定;Preferably, as shown in Figure 6, the excitation division module 20 is realized by the hardware circuit resources of the Boolean confusion module 10, and the division rule is determined according to the type of the Boolean confusion module 10;

当激励划分模块20为开关型布尔混淆模块或开关常开型布尔混淆模块时,所述布尔混淆模块10以串联的形式连接,所述划分规则包括:When the excitation division module 20 is a switch type Boolean confusion module or a switch normally open type Boolean confusion module, the Boolean confusion module 10 is connected in series, and the division rules include:

对所述输入激励C1~C4m进行划分,所述弱PUF子模块11的响应与输入值共同决定了输出的值为有效值或HiZ;若所述输入激励使得从T0出发的跳变能够经过所述开关型布尔混淆模块SB1,SB2,...,SBm最终到达T1,则所述输入激励为有效激励;若所述输入激励使得从T0出发的跳变无法经过开关型布尔混淆模块SB1,SB2,...,SBm最终到达T1,则为无效激励;Divide the input stimuli C 1 to C 4m , the response of the weak PUF sub-module 11 and the input value together determine the effective value or HiZ of the output; if the input stimuli makes the jump starting from T 0 can pass through the switch-type Boolean confusion modules S B1 , S B2 ,..., S Bm and finally reach T 1 , then the input stimulus is an effective stimulus; if the input stimulus makes the transition from T 0 unable to pass through The switch-type Boolean confusion module S B1 , S B2 ,...,S Bm finally reaches T 1 , which is an invalid excitation;

当所述布尔混淆模块10为开关型布尔逻辑混淆模块时,通过所述弱PUF子模块11的输出控制字节控制布尔混淆模块10的开关。When the Boolean obfuscation module 10 is a switch type Boolean logic obfuscation module, the switch of the Boolean obfuscation module 10 is controlled by the output control byte of the weak PUF sub-module 11 .

进一步地,为便于理解,激励划分模块20由开关型布尔混淆模块对输入激励C1~C4m进行划分,弱PUF的响应与A,B,C,D的值共同决定了Y的值为P,还是为HiZ,输出值是否为P,参见图5A~图5C。此时所述划分规则为,若输入激励使得从T0出发的跳变能够经过开关型布尔混淆模块SB1,SB2,...,SBm最终到达T1,则该激励为有效激励,否则为无效激励。Further, for easy understanding, the excitation division module 20 divides the input excitations C 1 ~C 4m by a switch-type Boolean confusion module, and the response of the weak PUF together with the values of A, B, C, and D determine the value of Y to be P , or HiZ, whether the output value is P, see Fig. 5A ~ Fig. 5C. At this time, the division rule is that if the input excitation makes the jump from T0 pass through the switch-type Boolean confusion modules S B1 , S B2 ,...,S Bm and finally reach T 1 , then the excitation is an effective excitation, otherwise for ineffective incentives.

更进一步地,所述攻击检测模块30包括:Further, the attack detection module 30 includes:

激励计数子模块31,用于根据对所述输入激励的判断结果,对所述无效激励计数;The incentive counting sub-module 31 is used to count the invalid incentives according to the judgment result of the input incentives;

攻击处理子模块32,用于根据所述无效激励计数数目达到攻击阈值时,触发应对攻击的处理。The attack processing sub-module 32 is configured to trigger processing to deal with an attack when the number of invalid incentive counts reaches an attack threshold.

优选的是,下面以图7的响应计算模块40实例为例进行说明。图7所示响应计算模块40复用了图5A~图6所示布尔混淆模块10以节约硬件开销。如图7所示,响应计算模块40对所述输入激励的响应计算通过比较两条路径传播跳变的时延产生,每条所述路径的子路径由所述输入激励决定;响应计算模块40处理所述跳变经所述路径的传播过程还可以合并和复用所述布尔混淆模块10的硬件电路资源。响应计算模块40其为有效的激励计算响应,响应通过比较两条路径传播跳变的时延产生,每条路径的子路径由激励决定。为了节约硬件开销,可以将响应计算模块40与布尔混淆模块10进行合并和复用,如图7所示。当有效激励准备好后,一个跳变从T出发,经过多个开关型布尔混淆模块SU1,SU2,...SUm和SB1,SB2,...SBm这两条路径到达仲裁器,对于不同的激励,跳变在开关型布尔混淆模块中经过的电路路径也不相同,因此时延各不相同,最终仲裁器比较跳变到达的先后顺序得出最终响应R。Preferably, the following takes the example of the response calculation module 40 in FIG. 7 as an example for illustration. The response calculation module 40 shown in FIG. 7 reuses the Boolean obfuscation module 10 shown in FIGS. 5A-6 to save hardware overhead. As shown in Figure 7, the response calculation of the response calculation module 40 to the input excitation is produced by comparing the time delays of two path propagation jumps, and the sub-paths of each path are determined by the input excitation; the response calculation module 40 Processing the propagation process of the transition through the path can also combine and reuse the hardware circuit resources of the Boolean obfuscation module 10 . The response calculation module 40 calculates the response for the effective stimulus, and the response is generated by comparing the time delays of the propagation transitions of the two paths, and the sub-paths of each path are determined by the stimulus. In order to save hardware overhead, the response calculation module 40 and the Boolean obfuscation module 10 can be combined and multiplexed, as shown in FIG. 7 . When the effective stimulus is ready, a jump starts from T and arrives at two paths through multiple switch-type Boolean confusion modules S U1 , S U2 ,...S Um and S B1 , S B2 ,...S Bm For the arbiter, for different stimuli, the circuit paths that the jumps pass through in the switch-type Boolean confusion module are also different, so the time delays are different. Finally, the arbiter compares the order of the jumps to get the final response R.

图3是本发明基于抗建模攻击的强物理不可克隆函数装置的实现方法的第一实施例的流程图,其可通过如图1~2所示的抗建模攻击的强物理不可克隆函数装置100实现,包括步骤如下:Fig. 3 is a flow chart of the first embodiment of the implementation method of the present invention based on the strong physical unclonable function device resistant to modeling attacks, which can pass the strong physical unclonable function resistant to modeling attacks as shown in Figs. 1-2 The device 100 is implemented, including the following steps:

步骤S301,布尔混淆步骤,将输入激励经多个弱物理不可克隆函数装置及布尔逻辑元件再处理后输出响应,实现布尔逻辑关系不可预测;Step S301, the Boolean obfuscation step, outputs the response after reprocessing the input stimulus through a plurality of weak physical unclonable function devices and Boolean logic elements, so as to realize the unpredictable Boolean logic relationship;

步骤S302,划分激励步骤,将输入激励划分为有效激励与无效激励;Step S302, divide the incentive step, and divide the input incentive into valid incentive and invalid incentive;

步骤S303,检测攻击步骤,检测所述无效激励识别出建模攻击,处理所述无效激励和所述建模攻击;Step S303, detecting an attack step, detecting the invalid incentive to identify a modeling attack, and processing the invalid incentive and the modeling attack;

步骤S304,响应计算步骤,通过强物理不可克隆函数装置对所述有效激励进行响应计算。Step S304, the step of calculating the response, calculating the response of the effective stimulus by means of a strong physical unclonable function device.

更好的是,所述步骤S301中,所述布尔混淆步骤还包括:More preferably, in the step S301, the Boolean confusion step also includes:

所述弱物理不可克隆函数装置对所述输入激励处理得到布尔逻辑配置比特;The weak physical unclonable function device processes the input stimulus to obtain Boolean logic configuration bits;

输入所述弱物理不可克隆函数装置的响应,并通过确定的输入输出的布尔逻辑关系对所述响应再处理得到输出响应;和/或Input the response of the weak physical unclonable function device, and reprocess the response through the determined input-output Boolean logic relationship to obtain an output response; and/or

厂商通过一次性安全通道获取所述弱物理不可克隆函数装置响应得到实际布尔逻辑。The manufacturer obtains the response of the weak physical unclonable function device through a one-time secure channel to obtain the actual Boolean logic.

图4是本发明基于抗建模攻击的强物理不可克隆函数装置的实现方法的一个具体实施例的流程图,其可通过如图1~2所示的抗建模攻击的物理不可克隆函数装置100实现,为了对建模攻击有更好的防御和进行主动检测,在具体实施过程中,还包括:Fig. 4 is a flow chart of a specific embodiment of the implementation method of the strong physical unclonable function device based on modeling attack resistance in the present invention, which can be achieved through the physical unclonable function device resistant to modeling attack as shown in Figs. 1-2 100 implementation, in order to have better defense and active detection against modeling attacks, in the specific implementation process, it also includes:

步骤S401,定义所述有效激励和无效激励的划分规则;Step S401, defining the rules for dividing the valid incentives and invalid incentives;

步骤S402,将所述输入激励与所述划分规则做比较,得出所述输入激励的类别;Step S402, comparing the input stimulus with the division rule to obtain the category of the input stimulus;

所述划分规则包括:所述输入激励划分为有效激励集合与无效激励集合;有效激励集合为所述强物理不可克隆函数装置在正常应用中合法使用的输入集合,无效激励集合为所述强物理不可克隆函数装置在正常应用中非法使用的输入集合;The division rules include: the input stimulus is divided into a valid stimulus set and an invalid stimulus set; the valid stimulus set is the input set legally used by the strong physical unclonable function device in normal applications, and the invalid stimulus set is the strong physical The set of inputs illegally used by the non-clonable function device in normal applications;

步骤S403,根据对所述输入激励的判断结果,对所述无效激励计数;Step S403, counting the invalid incentives according to the judgment result of the input incentives;

步骤S404,根据所述无效激励计数数目达到攻击阈值时,触发应对攻击的处理;Step S404, when the counted number of invalid incentives reaches the attack threshold, triggering processing to deal with the attack;

通过在芯片中内建的攻击检测模块30,其用于主动检测抗建模攻击的强物理不可克隆函数装置100是否受到建模攻击。由于建模攻击基于机器学习方法,而机器学习需要获取训练集,攻击者在无法获知哪些激励是有效的、哪些激励是无效的情况下,在随机获取训练集的过程中,势必会向抗建模攻击的强物理不可克隆函数装置100中输入无效激励。攻击检测模块30通过对无效激励进行计数,当无效激励的个数达到攻击阈值时,可以认为抗建模攻击的强物理不可克隆函数装置100遭受建模攻击,从而针对攻击执行一系列处理方式。这里的攻击阈值和相应的处理方式由厂商根据实际应用的安全等级进行设置,例如当无效激励的个数较小时,可以触发自动断电的处理方式,当无效激励的个数较大时,对于安全等级十分高的应用场景,可以执行芯片自毁的处理方式。Through the attack detection module 30 built in the chip, it is used to actively detect whether the strong physical unclonable function device 100 resistant to modeling attacks is subjected to modeling attacks. Since modeling attacks are based on machine learning methods, and machine learning needs to obtain training sets, the attacker is bound to ask the anti-building Strong physical unclonable function device 100 for modulo attacks with invalid stimuli as inputs. The attack detection module 30 counts invalid stimuli, and when the number of invalid stimuli reaches the attack threshold, it can be considered that the strong physical unclonable function device 100 resistant to modeling attacks is subjected to a modeling attack, thereby executing a series of processing methods for the attack. The attack threshold and the corresponding processing method here are set by the manufacturer according to the security level of the actual application. For example, when the number of invalid incentives is small, the processing method of automatic power-off can be triggered; when the number of invalid incentives is large, for For application scenarios with a very high level of security, the processing method of chip self-destruction can be implemented.

进一步地,对有效激励的存在概率进行理论计算。设NCB为输入激励的比特位数,则抗建模攻击的强物理不可克隆函数装置100的激励总数为设NSI为单个开关型布尔混淆模块的输入数,NS为激励划分模块20的开关型布尔混淆模块个数,则NS=NCB/(NSI-1)。由于开关型布尔混淆模块以串联的形式连接,来自T0的跳变要到达T1必须顺利通过每一个开关型布尔混淆模块。对于一个开关型布尔混淆模块而言,开关总数为设对于一个开关型布尔混淆模块而言,弱PUF响应的一个比特所控制的开关关闭的概率是POFF,则一个开关型布尔混淆模块中至少有一个开关开启的概率为所以T0的跳变能通过NS个开关型布尔混淆模块到达T1的概率为由于弱PUF的响应随机性一般可达到50%,即为0开关关闭和为1开关开启的概率相近,因此POFF≈50%。当NSI=5,且NCB=128时,存在有效激励的概率为99.95%,可见能够为实际应用提供有效的激励。若需进一步提高此概率,还可以使用开关常开型布尔混淆模块进行输入激励的划分。Furthermore, the theoretical calculation of the existence probability of effective incentives is carried out. Let N CB be the number of bits of the input excitation, then the total number of excitations of the strong physical unclonable function device 100 resistant to modeling attacks is Let N SI be the input number of a single switch-type Boolean obfuscation module, and N S be the number of switch-type Boolean obfuscation modules of the excitation division module 20, then N S =N CB /(N SI -1). Since the switch-type Boolean obfuscation modules are connected in series, the jump from T 0 to reach T 1 must pass through each switch-type Boolean obfuscation module. For a switch-type Boolean obfuscation module, the total number of switches is Assuming that for a switch-type Boolean obfuscation module, the probability that the switch controlled by a bit of the weak PUF response is turned off is P OFF , then the probability that at least one switch is turned on in a switch-type Boolean obfuscation module is Therefore, the probability that the jump of T 0 can reach T 1 through N S switch-type Boolean confusion modules is Since the response randomness of a weak PUF can generally reach 50%, that is, the probability of turning off the switch for 0 and turning on the switch for 1 is similar, so P OFF ≈50%. When N SI =5 and N CB =128, the probability of effective excitation is 99.95%, which shows that effective excitation can be provided for practical applications. If this probability needs to be further increased, a switch normally open Boolean obfuscation module can also be used to divide the input stimulus.

进一步地,对有效激励的数量进行理论计算。对于一个开关型布尔混淆模块而言,根据弱PUF的响应,有多少个开关被开启,则该开关型布尔混淆模块就能够在多少种输入组合下将P值传播给Y。存在i个开关被开启、NSS-i个开关被关闭的组合共有种,因此一个开关型布尔混淆模块能够将P传播至Y的输入组合数量的数学期望值为:Further, a theoretical calculation is performed on the number of effective incentives. For a switch-type Boolean obfuscation module, according to the response of the weak PUF, how many switches are turned on, then the switch-type Boolean obfuscation module can propagate the P value to Y under how many input combinations. There are combinations of i switches that are turned on and N SS -i switches that are turned off. , so the mathematical expectation of the number of input combinations that a switch-type Boolean obfuscation module can propagate P to Y is:

其中,i从1计算至NSS,表示考虑单个开关型布尔混淆模块有1种输入组合能够将P值传递给Y,有2种输入组合,……直至NSS种输入组合;Among them, i is calculated from 1 to N SS , which means that considering a single switch-type Boolean obfuscation module, there is 1 input combination that can transfer the P value to Y, there are 2 input combinations, ... until N SS input combinations;

表示i个开关开启且NSS-i个开关关闭的概率。 Denotes the probability that i switches are on and N SS -i switches are off.

整个激励划分模块共有NS个开关型布尔混淆模块,若第j个开关型布尔混淆模块有ij个开关被打开,那么有效激励的总数为M,则有效激励总数的数学期望为:There are N S switch-type Boolean confusion modules in the whole stimulus division module. If the j-th switch-type Boolean confusion module has i j switches turned on, then the total number of effective incentives is M, and the mathematical expectation of the total number of effective incentives is:

其中,多个求和符号表示分别考虑:所有开关型布尔混淆模块都只有1个开关开启的情况、NS-1个开关型布尔混淆模块都只有1个开关开启且1个开关型布尔混淆模块有2个开关开启的情况、NS-1个开关型布尔混淆模块都只有1个开关开启且1个开关型布尔混淆模块有3个开关开启的情况、……直至所有开关型布尔混淆模块所有开关都开启的情况。当NSI=5,且NCB=128时,有效激励总数的数学期望为7.9×1028,可以持续使用1014年。进一步地,对攻击者收集训练集时获得有效激励的概率进行理论计算。若攻击者随机选择激励,则选择一个有效激励的数学期望为:Among them, a plurality of summation symbols means to be considered separately: all switch-type Boolean obfuscation modules have only one switch on, N S -1 switch-type Boolean obfuscation modules have only one switch on and one switch-type Boolean obfuscation module There are 2 switch-on situations, N S -1 switch-type Boolean obfuscation modules have only one switch on and 1 switch-type Boolean obfuscation module has 3 switch-on situations, ... until all switch-type Boolean obfuscation modules are all The switch is turned on. When N SI =5 and N CB =128, the mathematical expectation of the total number of effective incentives is 7.9×10 28 , which can last for 10 14 years. Further, theoretically calculate the probability of the attacker obtaining effective incentives when collecting the training set. If the attacker chooses incentives at random, the mathematical expectation of choosing an effective incentive is:

当NSI=5,且NCB=128时,该值仅为2.33×10-8%。 When N SI =5 and N CB =128, this value is only 2.33×10 -8 %.

进一步地,对攻击者收集特定数量的有效激励所需收集的总激励数量进行理论计算。设训练集需要NTS个有效激励,若随机选择第i个激励后恰好使训练集包含NTS个有效激励,则说明在前i-1次激励选择中有NTS-1个有效激励,并且第i次选择的激励是有效的。因此获得NTS个有效激励所需激励总数的数学期望为:Further, a theoretical calculation is performed on the total number of incentives that an attacker needs to collect to collect a specific number of valid incentives. Assuming that the training set needs N TS effective incentives, if the i-th incentive is randomly selected to make the training set contain N TS effective incentives, it means that there are N TS -1 effective incentives in the previous i-1 incentive selection, and The incentive for the i-th choice is valid. Therefore, the mathematical expectation of the total number of stimuli required to obtain N TS effective stimuli is:

当NSI=5,且NCB=128时,若NTS=2×106,该值约为8.6×1015,这意味着需要超过10年的时间才能收集到有效训练集。When N SI =5 and N CB =128, if N TS =2×10 6 , the value is about 8.6×10 15 , which means that it takes more than 10 years to collect an effective training set.

具体地,采用集成电路仿真软件(Simulation program with integratedcircuit emphasis,SPICE),基于中芯国际(Semiconductor ManufacturingInternational Corporation,SMIC)180nm工艺对所述强PUF实例进行了模拟,共生成了10个实例。首先对所述强PUF的有效CRP进行评估,如图8~图10所示,平均而言,所述强PUF拥有1.74×1014个有效激励,足够实际应用使用。根据这些有效激励,攻击者随机选取训练集时,仅有0.0009%的概率能够选到有效激励。然后对所述强PUF的随机性进行评估,如图9所示,平均而言,所述强PUF的随机性为49.99%,十分接近理想值50%。最后对所述强PUF的稳定性进行评估,如图10所示,平均而言,所述强PUF的稳定性为95.40%。Specifically, the integrated circuit simulation software (Simulation program with integrated circuit emphasis, SPICE) was used to simulate the strong PUF instance based on the SMIC (Semiconductor Manufacturing International Corporation, SMIC) 180nm process, and a total of 10 instances were generated. Firstly, the effective CRP of the strong PUF is evaluated, as shown in Figures 8 to 10, on average, the strong PUF has 1.74×10 14 effective stimuli, which is enough for practical applications. According to these effective incentives, when the attacker randomly selects the training set, there is only a 0.0009% probability of being able to select effective incentives. Then the randomness of the strong PUF is evaluated, as shown in FIG. 9 , on average, the randomness of the strong PUF is 49.99%, which is very close to the ideal value of 50%. Finally, the stability of the strong PUF was evaluated, as shown in FIG. 10 , on average, the stability of the strong PUF was 95.40%.

本发明与现有强PUF在性能和安全性上的比较,本发明的随机性和稳定性与现有强PUF十分接近,但在抗建模攻击的安全性上从以下几点明显优于现有技术:(1)本发明在强PUF中包含弱PUF以被动抵抗CRP建模;(2)攻击者仅有0.0009%的可能性能够随机选到有效CRP;(3)本发明能够主动检测建模攻击。Compared with the existing strong PUF in terms of performance and security, the randomness and stability of the present invention are very close to the existing strong PUF, but the security against modeling attacks is obviously superior to the existing ones in the following points: Existing technologies: (1) the present invention includes weak PUFs in strong PUFs to passively resist CRP modeling; (2) the attacker has only a 0.0009% possibility of randomly selecting a valid CRP; (3) the present invention can actively detect and build mod attack.

综上所述,本发明使用弱物理不可克隆函数装置构建布尔混淆模块,所述布尔混淆模块的输入与输出之间的布尔逻辑关系在制造前不可预测;使用布尔混淆模块构建激励划分模块,所述激励划分模块将强物理不可克隆函数装置的输入激励集合划分为有效激励集合与无效激励集合;使用布尔混淆模块构建的攻击检测模块,所述攻击检测模块能够检测输入激励是否有效;使用布尔混淆模块构建响应计算模块,所述响应计算模块为输入激励计算输出响应。借此,本发明在保证强物理不可克隆函数装置随机性与稳定性的同时,能够主动检测并被动防御严重威胁强物理不可克隆函数装置安全的建模攻击,从而有效抵抗建模攻击。In summary, the present invention uses a weak physical unclonable function device to construct a Boolean confusion module, and the Boolean logic relationship between the input and output of the Boolean confusion module is unpredictable before manufacture; the Boolean confusion module is used to construct an incentive division module, so The excitation division module divides the input excitation set of the strong physical unclonable function device into an effective excitation set and an invalid excitation set; the attack detection module constructed by using the Boolean confusion module, the attack detection module can detect whether the input excitation is valid; use the Boolean confusion The module builds a response computation module that computes an output response for an input stimulus. Thereby, while ensuring the randomness and stability of the strong physical unclonable function device, the present invention can actively detect and passively defend against modeling attacks that seriously threaten the safety of the strong physical unclonable function device, thereby effectively resisting the modeling attack.

当然,本发明还可有其它多种实施例,在不背离本发明精神及其实质的情况下,熟悉本领域的技术人员当可根据本发明作出各种相应的改变和变形,但这些相应的改变和变形都应属于本发明所附的权利要求的保护范围。Certainly, the present invention also can have other multiple embodiments, without departing from the spirit and essence of the present invention, those skilled in the art can make various corresponding changes and deformations according to the present invention, but these corresponding Changes and deformations should belong to the scope of protection of the appended claims of the present invention.

Claims (10)

1. a kind of strong physics unclonable function device of anti-modeling attack characterized by comprising
Boolean obscures module, for locating input stimulus again through multiple weak physics unclonable function devices and boolean logic element Output response after reason realizes that Boolean logic relationship is unpredictable;
Division module is motivated, for the input stimulus to be divided into effectively excitation and invalid excitation;Wherein, if the input stimulus Module is obscured through boolean and exports the response, then the input stimulus is effectively excitation, otherwise is invalid excitation;
Attack detection module handles the nothing for identifying modeling attack by detecting the number that the invalid excitation occurs Effect excitation and modeling attack;
Response computation module, for carrying out response computation to effective excitation by strong physics unclonable function device.
2. strong physics unclonable function device according to claim 1, which is characterized in that the boolean obscures module packet It includes:
Weak PUF submodule handles to obtain Boolean logic for the weak physics unclonable function device to the input stimulus Configuration bit;
Boolean determines submodule, leads to for the Boolean logic relationship by determining input and output and/or by disposable safe Road is reprocessed to obtain the response by the Boolean logic configuration bit.
3. strong physics unclonable function device according to claim 2, which is characterized in that the excitation division module packet It includes:
Division rule submodule, the division rule for defining effective excitation with motivating in vain;
It divides implementation sub-module and obtains the input stimulus for comparing the input stimulus and the division rule Classification;
The division rule includes: that the input stimulus is divided into effectively excitation set and gathers with invalid excitation;Effectively excitation collection It is combined into the strong physics unclonable function device legal input set used in normal use, invalid excitation collection is combined into institute State the input set that strong physics unclonable function device illegally uses in normal use.
4. strong physics unclonable function device according to claim 3, which is characterized in that the excitation division module is by institute The hardware circuit resource realization that boolean obscures module is stated, the division rule is determined according to the type that the boolean obscures module;
When the excitation division module be switching mode boolean obscure module or switch open type boolean obscure module when, the boolean Obscure module to connect in the form of concatenated;
When it is that switching mode Boolean logic obscures module that the boolean, which obscures module, pass through the output control of the weak PUF submodule Byte processed controls the switch that the boolean obscures module.
5. strong physics unclonable function device according to claim 4, which is characterized in that the attack detection module packet It includes:
Counting submodule is motivated, for when the input stimulus is invalid excitation, the number motivated in vain to generation to be counted Number;
Attack processing submodule, for being identified as the modeling and attacking and trigger when the count number reaches attack threshold value Cope with the processing of the modeling attack.
6. strong physics unclonable function device according to claim 1, which is characterized in that the response computation module is to institute The response computation of input stimulus is stated to generate by comparing the time delay that two paths propagate jump, the subpath in every path by The input stimulus determines;
Communication process of the jump through the path described in the response computation resume module can also merge and be multiplexed the boolean Obscure the hardware circuit resource of module.
7. a kind of implementation method of the strong physics unclonable function device based on anti-modeling attack characterized by comprising
Boolean obscures step, by input stimulus after multiple weak physics unclonable function devices and boolean logic element reprocessing Output response realizes that Boolean logic relationship is unpredictable;
Partiting step is motivated, input stimulus is divided into effectively excitation and invalid excitation;Wherein, if the input stimulus is mixed through boolean Module of confusing exports the response, then the input stimulus is effectively excitation, otherwise is invalid excitation;
Attack detecting step, the number by detecting the invalid excitation generation identify modeling attack, handle described invalid sharp It encourages and is attacked with the modeling;
Response computation step carries out response computation to effective excitation by strong physics unclonable function device.
8. implementation method according to claim 7, which is characterized in that the boolean obscures step further include:
The weak physics unclonable function device handles the input stimulus to obtain Boolean logic configuration bit;
By the Boolean logic relationship and/or disposable safe channel of determining input and output to the Boolean logic configuration bit Reprocessing obtains the response.
9. implementation method according to claim 7, which is characterized in that the excitation partiting step includes:
The division rule for defining effective excitation and motivating in vain;
The input stimulus and the division rule are compared, obtain the classification of the input stimulus;
The division rule includes: that the input stimulus is divided into effectively excitation set and gathers with invalid excitation;Effectively excitation collection It is combined into the strong physics unclonable function device legal input set used in normal use, invalid excitation collection is combined into institute State the input set that strong physics unclonable function device illegally uses in normal use;
The attack detecting step includes:
When the input stimulus is invalid excitation, the number motivated in vain to generation is counted;
When the count number reaches attack threshold value, it is identified as the modeling and attacks and trigger the place for coping with the modeling attack Reason.
10. implementation method according to claim 8, which is characterized in that the response computation step further include:
The response computation of the input stimulus is generated by comparing the time delay that two paths propagate jump, the son in every path Path determines by the input stimulus, and handles the communication process of the jump through the path and can also be multiplexed the boolean Obscure the hardware circuit resource of step.
CN201610282695.6A 2016-04-29 2016-04-29 The strong physics unclonable function device and its implementation of anti-modeling attack Active CN105978694B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610282695.6A CN105978694B (en) 2016-04-29 2016-04-29 The strong physics unclonable function device and its implementation of anti-modeling attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610282695.6A CN105978694B (en) 2016-04-29 2016-04-29 The strong physics unclonable function device and its implementation of anti-modeling attack

Publications (2)

Publication Number Publication Date
CN105978694A CN105978694A (en) 2016-09-28
CN105978694B true CN105978694B (en) 2018-12-04

Family

ID=56994116

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610282695.6A Active CN105978694B (en) 2016-04-29 2016-04-29 The strong physics unclonable function device and its implementation of anti-modeling attack

Country Status (1)

Country Link
CN (1) CN105978694B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR102201217B1 (en) * 2017-11-24 2021-01-12 한국전자통신연구원 Self-extinguishing device and method, and semiconductor chip using the same
CN108460297B (en) * 2018-02-11 2019-02-19 复旦大学 A method for resisting template attack and artificial intelligence attack of physical non-clone function
US11044107B2 (en) 2018-05-01 2021-06-22 Analog Devices, Inc. Device authentication based on analog characteristics without error correction
US10749694B2 (en) 2018-05-01 2020-08-18 Analog Devices, Inc. Device authentication based on analog characteristics without error correction
US11245680B2 (en) 2019-03-01 2022-02-08 Analog Devices, Inc. Garbled circuit for device authentication
CN110135000B (en) * 2019-04-15 2023-06-30 深圳市纽创信安科技开发有限公司 Chip age judging method and device, IP module and chip
CN114303341A (en) * 2019-06-07 2022-04-08 俄亥俄州国家创新基金会 System and method for using hybrid boolean networks as physically unclonable functions
US11516028B2 (en) 2019-12-24 2022-11-29 CERA Licensing Limited Temperature sensing physical unclonable function (PUF) authentication system
GB201919297D0 (en) 2019-12-24 2020-02-05 Aronson Bill Temperature sensing physical unclonable function (puf) authenication system
CN111339576B (en) * 2020-02-12 2023-01-24 鹏城实验室 Three-state physical unclonable function circuit, control method and chip
CN114830598B (en) * 2020-11-20 2024-07-09 京东方科技集团股份有限公司 Safety protection method and device for heterogeneous system and processor
CN112737770B (en) * 2020-12-22 2022-05-20 北京航空航天大学 PUF-based network bidirectional authentication and key agreement method and device
CN113919012B (en) * 2021-08-31 2024-03-19 温州大学 Strong PUF anti-machine learning attack method and circuit based on sequence cipher
CN115065489B (en) * 2022-08-19 2022-11-08 北京高科芯联信息科技有限公司 Safety information generation method and system based on carbon nano tube and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104168264A (en) * 2014-07-11 2014-11-26 南京航空航天大学 Low-cost high-security physical unclonable function
CN105227176A (en) * 2015-10-08 2016-01-06 宁波大学 A hybrid PUF circuit

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104168264A (en) * 2014-07-11 2014-11-26 南京航空航天大学 Low-cost high-security physical unclonable function
CN105227176A (en) * 2015-10-08 2016-01-06 宁波大学 A hybrid PUF circuit

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"A new model of operation for arbiter puf to improve uniqueness on FPGA";Takanori Machida;《Proceedings of Federated Conference on Computer Science and Information Systems》;20141023;全文 *
"OPUF:obfuscation logic based physical unclonable function";Jing Ye;《International On-line Testing symposium》;20150831;全文 *

Also Published As

Publication number Publication date
CN105978694A (en) 2016-09-28

Similar Documents

Publication Publication Date Title
CN105978694B (en) The strong physics unclonable function device and its implementation of anti-modeling attack
Gu et al. A modeling attack resistant deception technique for securing lightweight-PUF-based authentication
Lin et al. Low-power sub-threshold design of secure physical unclonable functions
CN105809065B (en) The strong physics unclonable function of Indistinct Input output
CN105760786B (en) A kind of strong PUF authentication method and system of CPU+FPGA integrated chip
CN106030605B (en) Digital value processing device and method
Mathew et al. A novel memristor-based hardware security primitive
Ye et al. Modeling attacks on strong physical unclonable functions strengthened by random number and weak PUF
Yao et al. Design and evaluate recomposited or-and-xor-puf
CN106919860B (en) Circuit for implementing a physically unclonable function and corresponding operating method
Hosey et al. Advanced analysis of cell stability for reliable SRAM PUFs
Zalivaka et al. FPGA implementation of modeling attack resistant arbiter PUF with enhanced reliability
Xu et al. Rethinking FPGA security in the new era of artificial intelligence
Yamamoto et al. Security evaluation of bistable ring PUFs on FPGAs using differential and linear analysis
Lotfy et al. An efficient design of Anderson PUF by utilization of the Xilinx primitives in the SLICEM
CN109766729B (en) An integrated circuit for defending hardware Trojans and its encryption method
Yu et al. Interconnect-based PUF with signature uniqueness enhancement
Chatterjee et al. Memristor based arbiter PUF: Cryptanalysis threat and its mitigation
Hazari et al. Analysis and machine learning vulnerability assessment of XOR-inverter based ring oscillator PUF design
Cui et al. An efficient ring oscillator PUF using programmable delay units on FPGA
Capovilla et al. Improving the statistical variability of delay-based physical unclonable functions
US20160247769A1 (en) Apparatus and method for generating identification key
Rajendran An overview of hardware intellectual property protection
Wang et al. Slate: a secure lightweight entity authentication hardware primitive
Perach et al. Stt-angie: Asynchronous true random number generator using stt-mtj

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20160928

Assignee: Zhongke Jianxin (Beijing) Technology Co.,Ltd.

Assignor: Institute of Computing Technology, Chinese Academy of Sciences

Contract record no.: X2022990000752

Denomination of invention: A Strong Physical Non Cloneable Function Device Against Modeling Attacks and Its Implementation

Granted publication date: 20181204

License type: Exclusive License

Record date: 20221009