Low-temperature data remanence attacks against SRAM PUFs
نویسندگان
چکیده
In this paper, we present the first systematic investigation of data remanence effects on an intrinsic Static Random Access Memory Physical Unclonable Function (SRAM PUF) implemented on a commercial off-the-shelf (COTS) device in a temperature range between -110◦ C and -40◦ C. Although previous studies investigated data remanence in SRAMs only at temperatures above -50◦ C, our experimental results clearly indicate that the extended temperature region we examine has dramatic effects on the security of intrinsic SRAM PUFs. We propose a number of different attacks and experimentally verify that data remanence effects can be exploited successfully to attack intrinsic SRAM PUFs on a COTS device, where the (micro)processor and the SRAM reside on the same die. Our experimental attack writes a bit-string to memory and freezes the device. Due to data remanence effects the attacker-known bit-string remains in memory and is subsequently read out by the bootloader to generate the PUF response. In this way, the attacker is able to construct a forged secret key by manipulating the PUF response. Finally, we also discuss and assess potential countermeasures against the attacks we examine.
منابع مشابه
On the Effectiveness of the Remanence Decay Side-Channel to Clone Memory-Based PUFs
We present a side-channel attack based on remanence decay in volatile memory and show how it can be exploited effectively to launch a non-invasive cloning attack against SRAM PUFs — an important class of PUFs typically proposed as lightweight security primitive with low overhead by using the existing memory of the underlying device. We validate our approach against two SRAM PUF implementations ...
متن کاملTARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks
Lack of a locally trustworthy clock makes security protocols challenging to implement on batteryless embedded devices such as contact smartcards, contactless smartcards, and RFID tags. A device that knows how much time has elapsed between queries from an untrusted reader could better protect against attacks that depend on the existence of a rate-unlimited encryption oracle. The TARDIS (Time and...
متن کاملOn Improving Reliability of SRAM-Based Physically Unclonable Functions
Physically unclonable functions (PUFs) have been touted for their inherent resistance to invasive attacks and low cost in providing a hardware root of trust for various security applications. SRAM PUFs in particular are popular in industry for key/ID generation. Due to intrinsic process variations, SRAM cells, ideally, tend to have the same start-up behavior. SRAM PUFs exploit this start-up beh...
متن کاملThe Temperature Side Channel and Heating Fault Attacks
In this paper, we present practical results of data leakages of CMOS devices via the temperature side channel—a side channel that has been widely cited in literature but not well characterized yet. We investigate the leakage of processed data by passively measuring the dissipated heat of the devices. The temperature leakage is thereby linearly correlated with the power leakage model but is limi...
متن کاملComparison of SRAM and FF PUF in 65nm Technology
Hardware security is an essential tool in the prevention of cloning, theft of service and tampering. This security is often based on cryptographic primitives, which use a key that is securely stored somewhere in the hardware. The strength of the security is therefore dependent upon the effort required from an attacker to compromise this key. Since the tools used to carry out attacks on hardware...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016