# Clone-Resistant Structures in Microsemi SoC Units

## Cryptarchi 2017

18-21 June 2017 Smolenice Castle, Slovakia

W. Adi, A. Mars

IDA, Institute of Computer and Network Engineering Technical University of Braunschweig Germany





# Contents

- 1. Why Physical Unclonable Units?
- 2. State of the Art of Analog PUF Technology
- 3. Digital Resilient Alternative Identity
- 4. Secret Unknown Cipher (SUC) Concept
- 5. SUC Prototype and Realization in SmartFusion2 SoC FPGAs
- 6. Conclusion



## Why clone-resistant physical units?

- Commercial-economic reasons (Cloning)
- Identity (Privacy)
- **Image: Know-How protection (IP-Cores)**
- Medical











連 E-Money ....

#### Smart-Home, -City, -Gouvernement, Consumer, IOT .





#### Best physical Identity: As the born **DNA-like** provable identification



#### **Physical Unclonable Functions PUFs** offer **DNA like** Identification Techniques

<u>Ideal PUFs are</u>: Born unpredictable and unclonable physical VLSI properties. <u>In other words:</u> PUFs are analogue non-linear, hard to model or to copy, unpredictable huge mapping in a semiconductor VLSI device







#### **<u>State of the Art:</u>** Unclonable Devices by: **Analog Physical Unclonable Functions (PUFs)**

Since 2000 many proposalsoptical PUFcoating PUFSilicon PUFoptical fiber PUFRF COALC-PUFS-RAM PUFArbiter PUFButterfluorescent PUF

So far all have "<u>Reproducibility</u>" problems! Analog functions!!!





Delay PUF Butterfly PUF diode breakdown PUF reconfigurable PUF acoustic PUF controlled PUF phosphor PUF



Delay based





Coating PUF (Capacity)

Born properties: Similar to the biological DNA



...



### PUFs inconsistency and aging difficulties



<u>Bad reproducibility due to : Operating conditions, quantization (Metastability), Aging, ...</u>



#### Fuzzy Extractors: Complex, Costly (Sign. Proc + ECC)

\* Source: Roel Maes, ESAT/COSIC, K.U.Leuven, BCRYPT Workshop:



Institute of Computer and Network Engineering



#### **Bio-Inspired** Identification Protocol







# **Our Proposal:**

- 1. Avoid analog-world and use pure digital structures
  - => 100% reproducibility, <u>no aging</u>!
  - => <u>Resilient</u>/robust Identification Technology
  - $\Rightarrow \underline{\text{Target cost}} \rightarrow 0$
- 2. Accept less strict security requirements for mass consumer products.





# **Less-strict** security requirements

#### Pragmatic Security for mass products:

- System is considered as clone-resistant if:
  - > Cloning do not <u>economically pay off</u>
  - Cloning is <u>useless after some time</u>

#### **Security Requirements**

- Enforce attacker to do expensive physical invasive attacks
  ⇒ System should be side channel attack resistant
- "Break-one break-all" should be hard or impossible
  ⇒ Each unit is individually unique

#### **Target applications: Mass-products, Automotive .. Consumer, Smart phones**





#### Key Idea: Electronic DNA-Mutation!

In Post Fabrication: "Mutating a digital "Secret Unknown Cipher" (SUC)





#### **Production Procedure:** in post fabrication **"Mutate SUC"**







#### Institute of Computer and Network Engineering



#### SUC Prototype in SmartFusion2 SoC FPGA





Computer and Network Engineering



#### **<u>Clone-Resistant</u>** SoC FPGA Unit







### **Identification Protocol with a SUC**

What can you do with a cipher which nobody knows?







# **Q:** Is the system realizable today?

- In ultimate form, No! (Emerging .. Technology) <u>Reason</u>: non-volatile self reconfiguring hardware in SoC architecture is <u>not yet</u> available

<u>However</u>: "Microsemi non-Volatile technology" (Actel) is a possible future emerging technology therefore

#### Alternative "Pure Software" solution?:

"ARM SoC" architecture is a possible infrastructure <u>However less secure</u>, low-cost soft version (in Smart phones)





# **Generalized Concept** of **Unknown Secret-key Crypto** as Clone-Resistant Mutated **Digital E-DNA Functions**















Digital PUF : Space size  $\rightarrow$  finite (theoretically not perfect)





#### **Use Case 2: Mutating Unknown Secret Physical Cipher**



The only perfect secret is the one which nobody knows!





# Sample Implementation Case

# SUC in Microsemi SmartFusion®2 SoC FPGAs





Ultimate SUC <u>"is not Realizable"</u> in Contemporary Technologies!

## <u>Why?:</u>

- 1. No self-reconfiguring non-Volatile Technologies
- 2. Bitstream Format is not disclosed
- 3. Bitstream is encrypted





# First Pragmatic Implementation Scenario:

# Concept:

- 1. Use existing technologies
- 2. Accept lower security

#### Note:

Self-Reconfiguring <u>"Volatile Technologies</u>" do exist, however result with quite weak security for unclonability





**Prototyping Key Idea:** (realizable if Bitstream encryption is switched off)

Step-1: Creating SUC as a "Hardware Layout Template"

SoC

**BS:** Bitstream for only application core







#### **Prototyping Key Idea:** Step-2: Template personalization



Initial setup:

Create a SUC template in SoC,

Personalize Units by a Manipulation GENIE!:

- 1. Trigger GENIE' by a random stream of bits from the TRG
- 2. Chose randomly some mappings from the cipher data base (CDB)
- 3. Manipulate the configuration bitstream BS' accordingly
- 4. After completing the SUC personalization, the GENIE' is deleted (killed)
- **BS**": Bitstream after personalization



AC: Application Core CDB: Cipher Data Base TRG: True Random Generator SUC: Secret Unknown Cipher



#### **Design Flow for Creating SUC in Microsemi SoC FPGAs:**



#### Actual SUC Implementation in non-volatile SoC FPGAs:







#### **Proposed Randomized Involution Block Cipher as SUC:**

<u>Requirements:</u> Secure design, lightweight, involutive, and random cipher proposed SUC : has a block size N=64 bits and 32 rounds





#### Soft-Design flow: Incremental SUC Synthesis and Routing



- Compile points are RTL partitions of the design that you define before synthesizing the design
- Each compile point is treated as a block
  - $\rightarrow$  Independent synthesis, optimization and place and route
- The SUC design template can be added to locked Application Core,
- The software will treats separately the SUC design which will reduce the time required for personalization





#### Sample Layout: By incremental synthesis and routing



**Complete layout** 



#### **Pure SUC portions and their locations**



Institute of Computer and Network Engineering



#### Hardware complexity:

The following table presents the hardware complexity of SUC (in percent) for different SmartFusion®2 SoC FPGAs Families

Gate Complexity: 213 LUTs + 72 DFFs

| SmartFusion2 | Resources usage |            |
|--------------|-----------------|------------|
| SoC FPGA     | LUTs            | DFFs       |
| Families     | % of usage      | % of usage |
| M2S005       | 3,51            | 1,19       |
| M2S010       | 1,76            | 0,6        |
| M2S025       | 0,77            | 0,26       |
| M2S050       | 0,37            | 0,12       |
| M2S060       | 0,37            | 0,12       |
| M2S090       | 0,24            | 0,08       |
| M2S150       | 0,14            | 0,04       |





# Summary of the First SUC Prototyping

#### Concept:

- 1. Template based
- 2. Fixed cipher architecture
- 3. Only mapping-contents are variable
- 4. Low Complexity. Very high personalization speed

#### **Disadvantages:**

- 1. Attacker knows the structure
- 2. Attacker knows the physical locations
- 3. No crypto-mappings diversity (fixed template!) However,

overall security level is still relatively: "Very good"





## **CONCLUSIONS**

- Relatively low-cost pure Digital PUFs (in best case "zero-cost")
- "Highly robust <u>digital</u> physical identity" (compared to analog PUFs !)
- Negligible aging!
- Scalable security level!.
- System inherently more resistant to "Side Channel Attacks"
- Security is, <u>manufacturer</u> and trusted <u>authority</u> independent

#### Work in Progress:

- Investigating new "GENIEs", operation scenarios and use protocols
- Practical real field applications,
- Task is multidisciplinary and challenging!



# Thanks



Technische Universität Braunschweig