hardware security using strong puf array model for side ... · several attacks have been reported...

1 Associate Professor, 2 Lecturer, 3 & 4 Scholars 1,2,3&4 Department of ECE, 1,3&4 Sri Krishna college of Engineering and Technology,

Coimbatore, Tamilnadu, India. 2 Sri Krishna Polytechnic College, Coimbatore, Tamilnadu, India.

[email protected]

Abstract The objective of the research work is to propose an abstract model of a strong PUF array

for side channel attacks. The secrecy and confidentiality in message transfers across

hardware devices is more crucial in the recent cryptographic applications deployed in IOT

technology. The earlier formal models for secret communication have limited security since

the encryption device is more vulnerable not only to the active attacks but also to the passive

attacks. The side channel and covert channel attacks are methods mainly to extract the key

rather than the preferred ciphered texts. A formal modelling of hiding and extracting the

critical information is proposed using a Trusted Ordered Protected Secrecy (TOPS) secret pi

calculus in this paper. Based on the side channel attack parameters and covert channel

processes, a threat configurable PUF array model is proposed as a hardware security

mechanism in the implementable form. The TOPS pi calculus and its semantics are

illustrated using Labelled Transition Systems (LTS). The trusted communication and the

context aware computation are carried out in an ordered manner to protect the secret key in

this model. The above said model is formally verified using Alloy analyzer that is used to

formally verify the constraints on the sample structures and check the properties of the

model through counter examples.

Keywords—Alloy, Physical Unclonable Function, Physical Unclonable Function Array,

TOPS pi calculus.

1. INTRODUCTION

Side Channel Attack has been the recent trend to extract information from a system.

Several attacks have been reported on the PUF core properties. This could possibly make the

term Network security less reliable. It puts the Network security at risk and pushes it to the

Hardware Security using Strong PUF Array model for Side

Channel Attacks 1Veerasamy B, 2Bharathi B, 3Rhaveen S.A, 4Monikka R

International Journal of Pure and Applied MathematicsVolume 119 No. 12 2018, 1555-1571ISSN: 1314-3395 (on-line version)url: http://www.ijpam.euSpecial Issue ijpam.eu

1555

edge to take measures to protect it. Physically Unclonable function is a disordered system

that is associated to protect the randomness of the key that is generated to protect the

message that can either be used on the attacker or on the defender side. PUF are concerned

with their physical and digitally unclonable as well as their assumed resilience against

invasive side channel attacks [1]. Physically Unclonable Function is an entity that depends

on the measure of randomness to generate a key. Its physical structure has a complex design

and each time the key is randomly generated. This physical design is based on certain

physical entities or phenomena that can be introduced by the manufacturer. In general, all

scan-based side channel attacks can be viewed as a kind of differential cryptanalysis where

attackers take advantages of the scan chains to observe the bit changes between pairs of

chosen plaintexts/ciphertext so as to identify the secret keys [18]. The attack is determined

by the vulnerability of the assets that can be exploited. The side channel attacks especially

focus on the witness that monitors the encryption rather than the assets itself eventually

making the information to be easily exploitable. These physical parameters are then

measured to gain information on the assets thus attacking the host source without their

knowledge. The PUF can be used to generate a code in random that can either attack or

defend a network. A few examples include stack canaries, non-executable memory, and

Address Space Layout Randomization (ASLR) [17]. But there are some limitations of kernel

space Address Space Layout Randomization (ASLR) against a local attacker with certain

restricted privileges. This is because the ASLR plays a major part in securing the system

against software faults [3]. Also, Timing attacks are avoided by turning the attacker

oblivious of the sensitive traffic. A secure and an enhanced router architecture that

dynamically configures the router memory space according to the communication and

security properties of the traffic [2]. Domain Model (DM) [14] provides a framework for

specifying program state and state transitions, as well as security-related concepts such as

security policy, information flow, access control, and covert channel vulnerabilities [12].

Because of decidability issues associated with modelling arithmetic operations, Alloy by

design supports only a limited representation of integers and basic arithmetic operations

[12],[14]. Since the DM is implemented using Alloy, it is similarly limited [16].]. The main

focus of the paper work is to propose a TOP Secret Pi Calculus towards the enhancement of

hardware security using PUF array model and formally verify the same using ALLOY tool.

The paper is organized as follows: Section II discusses the need and design of PUF arrays

and the various attacks that are possible for an encryption device. Section III illustrates an

abstract and formal model of PUF array and its types with possible security design

challenges. Section IV comprises the formal verification of the proposed model with a

mathematical description of secured sustainability with the configurability and vulnerability

factors. Section V describes the semantics of the proposed TOPS Pi Calculus and the various

atomic functions with the corresponding notations. Section VI expresses the model checking

with ALLOY tools towards the various state transformations during the attacks with its

traces. Section VII concludes the work with the verification results and limitations of the

proposed PUF array model for hardware security in the case of complex hardware

interactions.

International Journal of Pure and Applied Mathematics Special Issue

1556

I. STUDY OF PHYSICAL UNCLONABLE FUNCTION

A. Physical Unclonable Function

Physical unclonable function is a physical entity that depends on their micro structure for

security purposes [5]. This micro structure depends on the physical factors which are

unpredictable and that which can only be introduced by the manufacturer while

manufacturing. When a physical action is made to the structure, it generates random results.

These are almost impractical to be cloned since the factors that are dependent on are

unpredictable and cannot be controlled. The ability of PUF is to be different between

different devices and generate randomness. PUFs have not only been suggested for the basic

security of tamper sensitive key storage but also for protocol based security like Oblivious

transfer (OT), bit commitment (BC), or key exchange (KE) [4]. The attacks to the PUF are

made by CRP pair (Challenge-Responses) mechanism. The physical action is apparently said

to be the Challenge and the reaction by the PUF is the Response to that challenge. Each PUF

has an unpredictable way to connect responses to the proposed challenges [6],[18]. Hence the

mapping between the challenges and the responses is decided by the measure of the

complexity of the logic inside the circuit structure of the PUF (Physically Unclonable

Function). PUF is intrinsically involved in the actual computation performed by the program,

e.g., a processor that exhibits certain timing characteristics. Such PUFs are intrinsic and

personal. They are intrinsic because these PUFs are inherently involved in the execution of

the software and are personal because every computing device possesses such a PUF [15].

The design of such cryptographic PUFs is strongly reconsidered in [4] and quoted that strong

PUFs need additional hardware properties. The responses reacted for the same proposed

challenge, are not the same for different PUFs. Hence each PUF reacts differently to

different or the same challenge generating the same key.

Fig 1.1Layout of the attack of a system

B. Types of attacks

Invasive attack: A category of attacks on a cryptographic device with the goal to reveal its

secret key. In this type of attacks, the attacker can have direct electrical access to the

internal components by physically probing the system’s components using simple or high-

tech techniques. The user will be aware of the attack [5].

Non-Invasive attack: This attack doesn’t damage the package. No physical access is

required. The attack doesn’t alert the user about the leakage. This type of attack observes

the leakage of any physical entity that is unaware to the host but gives information which

serves as an asset [5].

Active attack: An active attack attempts to alter system resources or affect their operation.

For example, faulty injections into the system by the attacker can affect it or force it to leak

certain information that is useful to the attacker [10]. By restraining the system to its extent

to leak out the information is an active attack by the attacker [8].


1557

Passive attack: A passive attack attempts to learn or make use of information from the

system but does not affect system resources. It is a network attack in which a system is

monitored and sometimes scanned for open ports and vulnerabilities. The purpose is solely to

gain information about the target and no data is changed on the target. Side channel attack

is a non-invasive and passive attack [8],[10].

Fig 1.2 Challenge Response Circuits

Fig 1.3. Architectural model of Hardware attacks

A Challenge can be a tuple like, <attack, defense, constraints, environment >. For example,

attack can be either a simple power attack or a cache attack which can be defended by PUF

array based on the power or temperature constraints in that particular memory transaction

environment. Response I can be outputted as either time or frequency and Response II can

be power or bandwidth parameters where Response I is not equal to Response II. Mechanism

that leaks information to the outsider processes but denying direct access to the information

is a covert channel. It is an insider process that could possibly be a Trojan horse program or

similar malwares. It can result in unauthorized information flows when exploited by

malicious software [16].

II. INTRODUCTION TO PUF ARRAY

Different types of PUFs can be configured in such a way that it forms an array. Thus, the

PUFs when formed as an array makes the unpredictability even more complicated and

increases the measure of randomness making it difficult for the attackers to attack the key.

This type of PUF array is called PUFA (Physically unclonable function array). PUFs can

either be configured with randomness by explicit factors or by implicit factors that determine


1558

their structures. PUFs whose randomness is determined by explicit factors are less prone to

changes with external factors or any external attacks and are less vulnerable. PUF’s whose

randomness is implicitly determined has to be fabricated while manufacturing and doesn’t

depend on the external entities. These PUFs are prone to changes while there occur changes

in environmental factors and are easily vulnerable to external attacks. Hence PUF whose

randomness is explicitly introduced are more preferable than the ones generating

randomness implicitly. The sustainability of PUFs depends on how randomly it generates the

key for different devices for the same challenge and for different challenges in the same

device. The PUF is more widely preferred when its measure of randomness and

unpredictability is high.

A. Types of PUF

There are several subtypes of PUFs, each with its own applications and security features.

Three major types are Strong PUFs, Controlled PUFs and Weak PUFs, initially termed

Physically Obfuscated Keys (POKs) [6]. The different PUFs available are Arbiter PUF, Ring

Oscillator PUF, DRAM PUF, SRAM PUF, Bus keeper PUF, D Flip-Flop PUF, Glitch PUF

and Latch PUF [7]. Many threats and attacks have been proposed and several algorithms

have been framed to attack into the PUFs making the message transfer less secure and less

reliable. In parallel the complexities of the PUFs has also been increased due to the proposed

algorithms. PUFs are designed to resist the invasive attacks by the attacker. In general,

modelling attacks on PUFs presume that an adversary Eve has, in one way or the other,

collected a subset of all CRPs of the PUFs [18]. The formal modelling of attack and defense

can be done based on the features of both attack and defense actions. These actions can be

categorized into two types.

One category is the set of the attacking nodes and the other one is defending nodes [12].

Both the actions can be further divided into direct internal action or external implicit actions

or simply as an insider attack or outsider attack. The attacks can be materialized into

effective applications or they will be simply abstract ideas. Hence these abstractions can be

converted into applications onto an asset at any point of time. The security flaw or the

vulnerability can be declared as the potential shortfall or incapability in terms of capacity or

readiness to face any attack. Hence the syntactical form of any attack can be defined using

lambda calculus and then the definition can be applied with suitable arguments.

The challenges are that

1) the attack or counter measure actions have to be identified whether they are physical or

virtual; they are changing with respect to time and attacks

2) The vulnerability is dynamic changing with respect to time and assets; A set of temporal

states with many attributes and transitions rules

3) The exploitation is the critical aspect since the time and place are to be utilized by a

suitable triggering action or stimuli which induces the chain of actions

4) The uncertainties in all computation through probability calculations may be derived as

the least value in its causal effect on the attack and on the risk

5) Countermeasure that may be preventive or reactive technique abstracted, defined and

applied on to the workspace very importantly the ambience [12].

The conceptual model explores that

• One or many attacks on the same asset or multiple assets


1559

• Each asset may have one or multiple vulnerabilities

• The vector product of attack features and vulnerabilities yield exploitations.

• The existence of countermeasures of defensive or offensive techniques comparable

with the exploitations values for each asset or attack determine the probabilistic

security risk values.

• If all the values are deterministic against the cyber-ethics or cyber regulations, then

the threat will be calculated as equal to the total non-compliance.

The combinational theory [12], currying, reduction and solvability in Lambda calculus can

be applied to quantitatively ascertain the solvability and definability of each terms in that

domain specific Security Lambda Calculus.

Lambda attack: time of (attack) asset = time of (asset)

Asset terms are convertible and attack terms invertible terms.

Lambda measure: counter (measure) preventive = counter (reactive)

“Measure” terms are reducible and convertible. The temporal dependencies of the attacks

and counter measures follow the structure of a tree in a forest.

The attack is a labelled tree with the attributes as shown below:

Attack :: {time, mode, strength, type, singular or multiple, µ, ω, λ, ϴ}

such that, µ implies that the effective convertibility function of attack on asset, ω indicates

that mapping function between vulnerability of an asset and mode, λ maps the preventive

measures and the attack types andϴ implies that exploitation strategies and the solvability

of the countermeasures. This model can be refined still further based on the distributed or

lumped nature of the attack type.

The usability and scalability of the approach can be extended to any level of system of

systems or actions.

A ij(t) =>The ith attack on the jth time at time t = t a

The strength of any attack is depending on the duration and massiveness. The target of

attack is based on the attack plan towards the variety of assets., ie. Assets => File, Data or

Information, Network or Infrastructure

Attack ij(t) onto any one or more than the number of Assets

Plan = Compliance Policies, Regulation Acts

Attack (t) → Asset. Network

Attack A => Internal | External

Defense D =>Physical | Virtual


1560

Vulnerability V represents ∑ Temporal set of States

Exploitation E is represented as {(V X A) t, action}

Countermeasure C=>C p (Preventive) & C r (Reactive)

The mathematical model and the corresponding formal model of Attack Defense Tree with

Preventive and Reactive Counter measure can be achieved.

TABLE 1. PARAMETERS DETERMINING SIDE CHANNEL ATTACKS

Component Parameters Environment Outcome

Android device Timing

(c1) Types of key (e1) Radiation (o1)

Microprocessor Power

(c2)

Size in bits of key

(e2)

Differential Power

dissipation (o2)

Microcontroller Voltage

(c3)

Times of usage

(e3)

Temperature Transient

(o3)

Cache memory Frequency

(c4)

Fixed/Permanent

(e4)

Pulse waves

(o4)

RAM Cache

(c5)

Exchange of key

(e5)

Faulty Outcomes

(o5)

FPGA RAM

(c6)

Power

consumption

(e6)

EM Waves

(o6)

Optical

(c7)

Purposeful

branching

(e7)

Process

timing waves

(o7)

Cache miss

and hit(c8)

Delays

(e8)

Break(c9) Noises

(e9)

EM Waves

(c0)

Faults and

damage (e0)

III. FUNCTIONAL VERIFICATION

The characteristics of the attack is determined by it defensiveness, offensiveness,

vulnerability, configurability and sustainability. In Unit level, the verification is done on

• PUF

• PUF ARRAY

• Interfaces

Event (Side channel attack):

Offensiveness of any hardware entity is Sum of Product of the attack and the vulnerability

of the system.


1561

𝑂𝑓𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝑂)

= [(𝑁𝑎𝑡𝑢𝑟𝑒 𝑜𝑓 𝑎𝑡𝑡𝑎𝑐𝑘 ∗ 𝑡𝑖𝑚𝑒 𝑜𝑓 𝑎𝑡𝑡𝑎𝑐𝑘 ∗ 𝑛𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑎𝑡𝑡𝑎𝑐𝑘)

+ (𝑉𝑢𝑙𝑛𝑒𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦 ∗ 𝐸𝑥𝑝𝑜𝑠𝑢𝑟𝑒 ∗ 𝐸𝑥𝑝𝑙𝑜𝑖𝑡𝑎𝑏𝑖𝑙𝑖𝑡𝑦)]

It is possible for many attacks to occur at a time. The probability of concurrency is limited

for the said analysis.

𝑃𝑐[𝑠𝑐𝑎1. 𝑠𝑝𝑎(𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑜𝑟)] → 𝑝𝑎𝑟𝑡 𝑜𝑓 𝑡ℎ𝑒 𝑚𝑒𝑠𝑠𝑎𝑔𝑒(𝑘𝑒𝑦, 𝑡𝑒𝑥𝑡)

For simultaneous attacks in time t1 is

𝑃𝑐[𝑠𝑐𝑎1(𝑡1). 𝑠𝑝𝑎 + 𝑠𝑐𝑎2(𝑡1). 𝑡𝑎 (𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑜𝑟)] → 𝑝𝑎𝑟𝑡 𝑜𝑓 𝑡ℎ𝑒 𝑚𝑒𝑠𝑠𝑎𝑔𝑒 (𝑘𝑒𝑦, 𝑡𝑒𝑥𝑡)

Offensiveness of any system in the software or application level has higher measure of

vulnerability rather than the hardware level and easily exploitable. Based on this analysis it

can be interpreted as follows

Sustainability is directly proportional to defensiveness and inversely proportional to

offensiveness.

𝑆𝑢𝑠𝑡𝑎𝑖𝑛𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝑆) = 𝑘1 [𝐷𝑒𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝐷)

𝑂𝑓𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝑂)] (1)

By substituting values for the (1),

TABLE II. EXAMPLE VALUES FOR SUSTAINABILITY

Defensiveness Offensiveness Sustainability

0.9 0.1 9k1

0.75 0.25 3k1

0.6 0.3 2k1

0.45 0.5 0.9k1

0.3 0.65 0.46k1

0.25 0.8 0.31k1

0.1 0.95 0.105k1

Where k1 is the proportionality constant in the Sustainability equation with respect to

Defensiveness and Offensiveness depending on the hardware environment and operating

temperature. It can be clearly seen that as defensiveness keeps increasing and offensiveness

keeps decreasing, the sustainability decreases with the constant. A sustainability of 1 is

ideally possible to attain where the system cannot be sustainable depending on the working

environment.

Also, Offensiveness is directly proportional to Vulnerability of the target and defensiveness

is directly proportional to the configurability.

𝑂𝑓𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝑂) ∝ 𝑉𝑢𝑙𝑛𝑒𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝑉)(2)

𝐷𝑒𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝐷) ∝ 𝐶𝑜𝑛𝑓𝑖𝑔𝑢𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦 𝑜𝑓 𝑡ℎ𝑒 𝑡𝑎𝑟𝑔𝑒𝑡(𝐶) (3)

Thus,

𝑆𝑢𝑠𝑡𝑎𝑖𝑛𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝑆) = 𝑘2

𝐶𝑜𝑛𝑓𝑖𝑔𝑢𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝐶)

𝑉𝑢𝑙𝑛𝑒𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝑉) (4)


1562

Where k2 is the constant of proportionality of Sustainability with respect to configurability

and vulnerability. Also it can be observed that sustainability is high when configurability is

high and vulnerability is less. Since it is highly impractical for an ideal condition to achieve,

a sample value of 0.6 can be assumed.

TABLE III. EXAMPLE VALUES FOR SUSTAINABILITY

Configurability Vulnerability Sustainability

0.9 0.1 9k2

0.75 0.25 3k2

0.6 0.3 2k2

0.45 0.5 0.9k2

0.3 0.65 0.46k2

0.25 0.8 0.31k2

0.1 0.95 0.105k2

Another relation from the above mentioned stated as

𝑘1 ∗ 𝑉𝑢𝑙𝑛𝑒𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝑉) ∗ 𝐷𝑒𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝐷)

= 𝑘2 ∗ 𝐶𝑜𝑛𝑓𝑖𝑔𝑢𝑟𝑎𝑏𝑖𝑙𝑖𝑡𝑦(𝐶)

∗ 𝑂𝑓𝑓𝑒𝑛𝑠𝑖𝑣𝑒𝑛𝑒𝑠𝑠(𝑂) (5)

IV. SEMANTICS OF TOPS PI CALCULUS

A. Semantics of Pi Calculus

Secret 𝜋 calculus includes the usage of two forms of restricted pattern matching in input so

that a set of channels are denied to a process or enforcing a process to receive only few

trusted channels. The standard input of 𝜋 calculus use an infinite set of names N varied from

a,b,c.....,x,y,z to represent channel names and parameters [11] . So the subject(A) and the

object (B) of the communication range over subset of N. For example, a process of the form

𝑥(𝑦 ÷ 𝐵). 𝑃 represents an input where the name x is the input channel name, y is the formal

parameter which can appear in the continuation P, and B is the set of blocked names that

the process cannot receive. ‘r’ is the amount of randomness the PUF can generate to make

the key protected and secret and s can act as the spy level in a covert channel.

B. Trusted Ordered Protective Secrecy (TOPS) 𝜋 calculus

By continuing the observations and the expressions being derived in [11] for side channel

processes as follows


1563

TABLE IV. EQUATIONS FOR SPECIFIED ATTACK

Channel Process Variables Notations Remarks

Side

channel

Input 𝑥, 𝑦 𝑥(𝑦 ÷ 𝐵). 𝑃 Input P with

Blocked names

B

Trusted

input 𝑥, 𝑦 𝑥[𝑦: 𝐴]. 𝑃

Trusted input

through the

channel

Output 𝑥, 𝑦 𝑥 ̅(𝑦). 𝑃 Output in

Plaintext

Compositi

on − 𝑃|𝑄 Channel P or Q

Attack 𝑥, 𝑦 𝑥[𝑦: 𝐵]. 𝑃 Attack on the

Input with

channels in B

Defend 𝑥, 𝑦, 𝑟 𝑥[𝑦: 𝐴]. 𝑃/𝐵+ 𝑟

Generated

randomness in

the input

Exploit 𝑥, 𝑦 𝑥[𝑦]. 𝑃 + 𝐵 Input with

blocked names

(vulnerability)

Covert

channel

Terminate 𝑥 ([𝑥: 𝐵]

𝑃) . 𝑃

Input

terminated

when attack

detected

Replicate 𝑥, 𝑦 𝑥(𝑦: 𝐴). 𝑃= 𝑤(𝑧: 𝐴). 𝑃

Input replicated

to another

channel

Indicate 𝑥, 𝑦 𝑥 ̅[𝑦: 𝐴]. 𝑃 Where 𝑥 ̅ = [𝑦: 𝐵]

Vulnerabilitie

s indicated on

the input

Spy 𝑥, 𝑦, 𝑧, 𝑠 𝑥[𝑦/𝐵]. 𝑃 | �̅�(𝑧). 𝑄 |𝑠: 𝑥. 𝑅

Spy level

detected on a

plaintext input

Wait 𝑥, 𝑦 𝑥 (𝑦

𝐵) . 𝑃(0,1)

Wait or

process

depending on

the amount of

vulnerability

As in [11], the process [hide x][P] represents a process P in which the name x is regarded as

secret and should not be accessible to any process external to P. [hide x][P] binds the

occurrence of x in P: fn ([hide x][P]) =fn(P)\ {x}, and bn([hide x][P])={x} U bn(P). Also contexts

are processes containing a hole -.C[P] can be written for the process obtained by replacing –

with P in C[-],


1564

𝐶[−] ∷= −|𝐶[−]| 𝑃 | 𝑃 |𝐶[−]|(𝑛𝑒𝑤 𝑥)[−]|[ℎ𝑖𝑑𝑒 𝑥][−]-----[11]

C[−] 𝑑𝑒𝑛𝑜𝑡𝑒𝑠 𝑎 𝑐𝑜𝑛𝑡𝑒𝑥𝑡[ℎ𝑜𝑙𝑒] 𝐶[𝑃] 𝑑𝑒𝑛𝑜𝑡𝑒𝑠 𝑎 𝑐𝑜𝑛𝑡𝑒𝑥𝑡 𝑜𝑓 𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑜𝑟

V. DOMAIN MODELLING

The proposed Security DM is comprised of an Invariant Model, which defines the generic

concepts of program state, information flow, and security policy; and an Implementation

Model, which specifies the behavior of the base program. A specialized DM Compiler was

developed to translate a base program in IML into an Implementation Model, and to

integrate it with the Invariant Model to form a complete DM specification; the DM-Compiler

thus has visibility of the security policy, as implemented in the Invariant Model. The DM is

verified using the Alloy Analyzer, which identifies execution paths where the security policy

rules are violated. Whereas many previous security models capture information flow between

objects and subjects, the DM does not explicitly define an object, but implements this concept

through variables. An access table records sensitivity labels for program variables, as a

means of tracking information flow across state transitions. These labels indicate the

sensitivity of data stored within a variable, and may change over time as data flows through

the system [16].

A. Alloy

Alloy is a language for describing structures based on defining a set of constraints. It has

been used in a wide range of applications from finding holes in security mechanisms to

design telephone switching networks. An Alloy model is a collection of constraints that

describes (implicitly) a set of structures [14], for example: all the possible security

configurations of a web application, or all the possible topologies of a switching network.

Alloy’s tool, the Alloy Analyzer, is a solver that takes the constraints of a model and finds

structures that satisfy them. It is a SAT based language used for formal verification of a

network security. It can be used both to explore the model by generating sample structures,

and to check properties of the model by generating counterexamples. Structures are

displayed graphically, and their appearance can be customized for the domain at hand [9].


1565

Fig. 2.1 Attack and Defense of Power attacks and timing PUF arrays

Fig 2.2 Attack and Defense of cacheattacks and power PUF arrays


1566

Fig 2.3 Attack and Defense of Timing attacks and cache PUF arrays

At constant temperature and typical operational conditions, the following tabular column

have been deducted

TABLE V. STATE TRANSITION TABLE

Initial State Transition

rules Final State Status Relation

Cache attack

If(Cache

attack!=0 &&

other

attacks==0)

Cache

PUF==1

PUF

defended state

Secured by

Cache PUF

Defend

through

increased

complexity

Power attack

If(power

attack!=0 &&

other

attacks==0)

power

PUF==1

PUF

defended state

Secured by

Power PUF

Defend

through

increased

complexity

Timing attack

If(timing

attack!=0 &&

other

attacks==0)

timing

PUF==1

PUF

defended state

Secured by

Timing PUF

Defend

through

increased

complexity

No attack

If(all

attacks==0)

all PUF==0

System

defended state Unsecured

Defended by

the default

system

security


1567

Simultaneous

attacks

If(two

attack==1 &&

one

attack==0)

one PUF==1

One attack

defended and

vulnerable to

other attacks

Unsecured

Partially

defended by

increasing

complexity

TABLE VI. STATE TRACES

Trace Path traced

Trace

1 S0 →S1→S2 →S3 →S4

Trace

2 S0 →S5→S2 →S6 →S4

Trace

3 S0 →S7→S2 →S8 →S4

Where

S0 → Initial State

S2→ Attacked State

S4 → Secured State

S1,S5 ,S7→Attacks on the Encryption device

S3,S6 ,S8→ PUF defence on the Encryption device

VI. CONCLUSION

The work proposes an abstract model for strong PUF array towards hardware security

through the mitigation of side channel and covert channel attacks. The model based on TOPS

Pi calculus has been formally verified model through the possible state transitions. The

various attacks and the required PUF defending the Encryption device have been modelled

using Alloy analyzer. The major limitations in the work is that when simultaneous attacks

occur at the same time the PUF array model cannot handle multiple attacks and the model

may not be suited for trusted transactions between more vulnerable hardware configurations

at the same instances. The above model is going to be realized in an FPGA with necessary

amount of gates to sustain multiple attacks in the future work.

REFERENCES

[1] Ahmed Mahmoud, Ulrich Rührmair, MehrdadMajzoobi, et.,al . "Combined Modelling and

Side Channel Attacks on Strong PUFs", Published in IACR Cryptology ePrint Archive,

2013, Report 2013/632, DOI:10.1109/JPROC.2014.2335155, pp:1283-1295.

[2] Ulrich Ruhrmair& Jan Solter:"PUF Modelling Attacks:An Introduction and Overview"

In:DATE14/ 2014 EDAA/Germany/978-3-9815370-2-4, 2014, DOI:

10.7873/Date.2014.361,IEEE Xplore Germany, ISBN:978-3-9815370-2-4, pp:1-6.


1568

[3] Ralf Hund, Carsten Willems, Et.al Thorsten Holz, "Practical Timing Side Channel

Attacks Against Kernel Space ASLR", In Horst-Goertz Institute for IT Security (HGI),

Ruhr-University Bochum, Germany, published at IEEE 2013 Symposium on Security

and Privacy, 1081-6011/13,2013IEEEDOI: 10.1109/SP.2013.23, ISBN: 978-0-7695-4977-

4, pp: 191-192.

[4] Ulrich Ruhrmair& Marten van Dijk, "PUFs in Security Protocols: Attack Models and

Security Evaluations" In:IEEE Symposium on Security and Privacy, 2013 IEEE

Symposium, Berkeley, USA, DOI:10.1109/SP.2013.23, ISBN: 978-0-7695-4977-4, pp:286-

300.

[5] Fran¸coisKoeune and ,Fran¸cois-XavierStandaert, ” A Tutorial on Physical Security and

Side-Channel Attacks “,Foundations of security analysis anddesign III, Springer, 2005,

I.M.R. Verbauwhede (ed.), Secure Integrated Circuits and Systems,

Integrated Circuits and Systems, DOI 10.1007/978-0-387-71829-3 2,

2010, X, 246p, 92 illus., Hardcover, ISBN: 978-0-387-71827-9, pp:27-42.

[6] Ulrich Rührmair, Frank Sehnke, Et.al ”Modelling Attacks on Physical Unclonable

Functions”, in Association for Computing Machinery ACM,Proceedings of the 17th ACM

conference on Computer and communications security, Chicago, Illinois, USA-October 04-

08,2010, ISBN: 978-1-4503-0245-6, DOI: 10.1145/1866307.1866335, pp:237-249.

[7] Charles Herder, Meng-Day (Mandel) Yu, et.al., ” Physical Unclonable Functions and

Applications: A Tutorial”, Proceedings of the IEEE Volume: 102, Issue: 8, Aug. 2014, doi:

10.1109/JPROC.2014.2320516, 2014, pp: 1126 – 1141.

[8] Job de Haas” Side Channel Attacks and Countermeasures for Embedded Systems”,

Black Hat USA, 08/02/2007 pp:82

[9] Edward Yue Shung Wong, Michael Herrmann, Et.al Omar Tayeb, ” A Guide To Alloy”,

Department of Computing - Imperial College

London,2007,url:https://www.doc.ic.ac.uk/project/examples/2007/271j/suprema_on_alloy/

Final%20Report/LaTeX/report.pdf

[10] Siddika Berna OrsYalcin, “Side-Channel attacks on hardware implementations of

cryptographic algorithms” Istanbul Technical University Department of Electronics and

Communication Engineering, 2007, pp:1-17,

url:http://web.itu.edu.tr/~orssi/dersler/cryptography/slides.pdf.

[11] Martin Giunti ,CatusciaPalamidessi ,Frank D. Valencia, ”Hide and New in the 𝜋

calculus”, EPTCS 89 pp: 65–79, doi:10.4204/EPTCS.89.6. , 2012.

[12] Malay Ganai. Aarti Gupta, ”SAT-Based Scalable Formal Verification Solutions”,

Springer MIT press, 2007, ISBN 978-0-387-69167-1, DOI:10.1007/978-0-387-69167-

1,Series ISSN: 1558-9412, pp:1-16.

[13] Christel Baier, Joost-Pieter Katoen, ” Principles of model checking ”,MIT press, 2007,

ISBN: 9780262333047, April 2008.

[14] Alloy tutorial http://alloy.mit.edu/alloy/ , http://alloy.mit.edu/alloy/tutorials/online/.


1569

[15] RishabNithyanand ,John Solis, ”A Theoretical Analysis: Physical Unclonable

Functions and The Software Protection Problem”, IEEE Computer society,

DOI:10.1109/SPW.2012.16, 2012, pp:1-11 .

[16] Alan B. Shaffer , Mikhail Auguston, et.al, ”A Security Domain Model to Assess

Software for Exploitable Covert Channels”, Research gate conference,DOI:

10.1145/1375696.1375703, 2008, pp: 45-56.

[17] PaX Team, “Address Space Layout Randomization (ASLR),”

http://pax.grsecurity.net/docs/aslr.txt.

[18] Ulrich Ruhrmair, Jan S¨olter, et.al,”PUF Modeling Attacks on Simulated and Silicon

Data”, IEEE Transactions on Information Forensics and Security, 2013,Published in

Journal IEEE Transaction on Information Forensics and Security Volume 8 Issue 11,

November 2013 pp: 1876-1891, IEEE Press Piscataway, NJ, USA,ISSN: 1556-6013doi:

10.1109/TIFS.2013.2279798.


1570

hardware security using strong puf array model for side ... · several attacks have been reported...

Documents