Physical unclonable function based solutions to unification of user, device and data authentication
With the boom of the Internet of Things (IoT), security is increasingly becoming a requirement rather than an option. Further development of IoT applications is challenged into seeking trust assurance of multiple credentials from user, device and data. Existing solutions meet this expectation with a...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Doctor of Philosophy |
| Language: | English |
| Published: |
Nanyang Technological University
2020
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/137808 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| Summary: | With the boom of the Internet of Things (IoT), security is increasingly becoming a requirement rather than an option. Further development of IoT applications is challenged into seeking trust assurance of multiple credentials from user, device and data. Existing solutions meet this expectation with a naive layer-by-layer multi-factor authentication scheme. These solutions are typically realized using conventional techniques that require the safekeeping of a secret binary key in the non-volatile memory, or battery-backed SRAM of some device, or a token owned by the user, which have been proven to be vulnerable to various kinds of invasive, semi-invasive and side channel attacks. The non-repudiation assumption of these conventional techniques is being challenged by emerging artificial-intelligent assisted and malware-based attacks on independently chained weak links (factors), and their limited extension to IoT scenarios, where the sheer number of inexpensive and often insufficiently protected endpoints prevent application of standard, secret-key based techniques. A Physical Unclonable Function (PUF), which is a hardware-intrinsic security primitive emerged in the early 2000s, stood out as an inexpensive and yet effective way for device authentication and secret key generation. Compared to those conventional cryptographic primitives, the secret is hidden intrinsically within the device structure by the uncontrollable manufacturing process variations of integrated circuits. PUF promises a keyless solution with its appealing low-cost, low-power, tamper-aware and “reply-upon-request” attributes. As the demand of providing more comprehensive protection across user, device and data for IoT applications is increasing, this research aims at developing new PUF solutions to unify device, data and user authentication with high security and efficiency. As a result of a comprehensive review of existing PUFs and multi-factor authentication schemes, new PUF based user-device hash, data-device hash as well as event-driven PUF design for end-point authentication, digital forensics and reactive monitoring are developed in this research. The first distinctive contribution is a PUF-based user-device hash for endpoint authentication. A UDhashing scheme is proposed to unify the macroscopic human biometric and microscopic silicon entropy into a single identity by projecting the contactless facial biometric into a PUF- defined random space. The system achieves a bipartite authentication of both end user and end device as a whole, and zero-knowledge mutual authentication between the endpoint and the verifier. The proposed system also achieves cancelable biometrics and system reconfiguration. In addition, the experimental results obtained using standard face databases and measured silicon data of a strong PUF demonstrates good authentication performance with excellent discriminability. The proposed system is also analyzed to be resilient against multiple attacks including memory probing, random guessing, replay, man-in-the-middle and modelling attacks. The second contribution is a rotation/scaling-invariant PUF-based data-device hash for digital (more specifically, image) forensic applications. Existing digital forensics methods are capable of performing well in either forgery content detection or acquisition device identifica- tion but not both. At a time of rampant public media manipulation and ease of fake image/video fabrication, verification of benign and malicious image transformations is necessary but not sufficient for fact checking of visual artefacts presented in the court of law. The proposed scheme fills this gap by being able to detect and locate image tampering while identifying the source device that produces the images or footages with a comparatively low cost. The core idea is to create a hash tag to integrate the invariant image features with the PUF-based device
“fingerprint” using random projection. The shaky security assumption of keeping a stored digital string (key) private for attestation in conventional perceptual image hash is avoided. For this use case, the proposed scheme can do away with challenge-response enrolment and hence the need for a trusted third party server to secure the database of challenge-response pairs. The system is demonstrated to achieve successful tamper detection and location, excellent data and device authentication as well as robust resilience against attacks on PUF. Finally, the design of the first-ever event-driven PUF designed from the dynamic vision sensor (DVS) is proposed. DVS is an image sensor that responds asynchronously to relative changes in intensity. Compared with the conventional active pixel sensor, DVS reduces the data redundancy and possesses high dynamic range while preserving precise timing information. The event-driven PUF is derived from the original sensing circuit of DVS, with only three transistors added per pixel (originally 1 photodiode, 2 capacitors and more than 14 transistors) to achieve independent but simultaneous DVS sensing and PUF operation. The responses of the PUF is made to trigger only upon the detection of environmental changes. This is believed to be the only known image sensor based PUF whose response is indivisibly related to the sensing activities. This new subfield of event-driven PUF addresses indisputable attestation against tampering of hardware sensors and their generated data. It augments applications such as traffic monitoring and remote healthcare, by endowing the camera with a new security feature to generate a non-repudiable proof of exceptional events that have happened in surveillance. Experimental results show that the DVS sensor meets the quality criteria in PUF operation without compromising its normal imaging performance. |
|---|