ARCA è l'archivio istituzionale ad accesso aperto della ricerca dell'Università Ca' Foscari Venezia e nasce nel 2014 con lo scopo di raccogliere, diffondere e conservare la produzione scientifica dell'Università. Costituisce di fatto il catalogo della ricerca di Ateneo.ARCA è un sistema Open Access: è non solo consultabile da tutti e visibile nei motori di ricerca, ma anche interoperabile con il portale cerCa. In questo modo vengono valorizzate la produzione scientifica dell'Ateneo e la visibilità dei ricercatori.
EnglishPhysical Unclonable Functions (PUFs) are a promis- ing technology to secure low-cost devices. A PUF is a function whose values depend on the physical characteristics of the un- derlying hardware: the same PUF implemented on two identical integrated circuits will return different values. Thus, a PUF can be used as a unique fingerprint identifying one specific physical device among (apparently) identical copies that run the same firmware on the same hardware. PUFs, however, are tricky to implement, and a number of attacks have been reported in the literature, often due to wrong assumptions about the provided security guarantees and/or the attacker model. In this paper, we present the first mechanized symbolic model for PUFs that allows for precisely reasoning about their security with respect to a variegate set of attackers. We consider mutual authentication protocols based on different kinds of PUFs and model attackers that are able to access PUF values stored on servers, abuse the PUF APIs, model the PUF behavior and exploit error correction data to reproduce the PUF values. We prove security properties and we formally specify the capabilities required by the attacker to break them. Our analysis points out various subtleties, and allows for a systematic comparison between different PUF-based protocols. The mechanized models are easily extensible and can be automatically checked with the Tamarin prover.
| Titolo: | Automated Analysis of PUF-based Protocols |
| Autori: | |
| Data di pubblicazione: | Being printed |
| Abstract: | Physical Unclonable Functions (PUFs) are a promis- ing technology to secure low-cost devices. A PUF is a function whose values depend on the physical characteristics of the un- derlying hardware: the same PUF implemented on two identical integrated circuits will return different values. Thus, a PUF can be used as a unique fingerprint identifying one specific physical device among (apparently) identical copies that run the same firmware on the same hardware. PUFs, however, are tricky to implement, and a number of attacks have been reported in the literature, often due to wrong assumptions about the provided security guarantees and/or the attacker model. In this paper, we present the first mechanized symbolic model for PUFs that allows for precisely reasoning about their security with respect to a variegate set of attackers. We consider mutual authentication protocols based on different kinds of PUFs and model attackers that are able to access PUF values stored on servers, abuse the PUF APIs, model the PUF behavior and exploit error correction data to reproduce the PUF values. We prove security properties and we formally specify the capabilities required by the attacker to break them. Our analysis points out various subtleties, and allows for a systematic comparison between different PUF-based protocols. The mechanized models are easily extensible and can be automatically checked with the Tamarin prover. |
| Handle: | http://hdl.handle.net/10278/3727912 |
| Appare nelle tipologie: | 4.1 Articolo in Atti di convegno |
File in questo prodotto:
| File | Descrizione | Tipologia | Licenza | |
|---|---|---|---|---|
| csf2020.pdf | Versione dell'editore | Accesso chiuso-personale | Riservato |
Copyright © 2020