PUF
Let's take a broad view of present network. (PKI picture)
It's composed of key communication ,key protocol and key storage. ()
Take a look at authentication.
All in all, it's server-server authentication and server-client one. Based on protocols, on both sides, they have long-term private keys, so that it's guaranteed that we talk to the right people.
But there are something we should make sure: is the private key in the right hands? we focus on key storage here.
We have no doubt that the server can be under good surveillance, they got unlimited room, power and hardware for strong security. so private key of server is secure.
But what about smart card or handset? They need to be small, light, low power. Can they guarantee same standard of security as server? If not, then the whole client-server authentication is not secure.
Because in no matter symmetric authentication as MTI/A0 or RSA, if the private key of one-side is compromised, then the other side probably will talk with the wrong person - attacker. (MTI/A0, RSA protocol)
The problem with present key storage in client is its accessibility of device. Normally, they are stored in non-volatile memory such as ROM/EEPROM/Flash. But they are insecure. So we better figure out another way. (report article, french attack PPT )
Here we present a possible scheme with PUF as part of key storage.
Here what is stored not as plain private key, but a XOR of key with PUF-key. So even if it's read out, without any idea of PUF response, it will not leak any secret.Because the PUF CRPs stay inside the chip, no read-out it possible. (key storage scheme)
So why PUF are not readable? it's actually not stored, but a reflection of internal state which cannot be measured, they are process variation such as mos gate oxide thickness or something. Well, if they can be measured, that's would be disaster to PUF, actually more than PUF. (Process variation graph)
If we expand PUF the simple authentication, we can use this protocol.
well, we need to get PUF registered at first. Which is actually a readout of some CRPs. Then we cut the line, so no one are ever read again. During future authentication, every time the server send a random challenge to PUF, the PUF answers with responses.
There are a batch of things need to be dealt with
没有评论:
发表评论