1. Field of the Invention
This invention relates to a secure logic system, and more particularly, a secure logic system with a physically unclonable function.
2. Description of the Prior Art
As reverse engineering methods of physical intellectual property (IP) and devices become automatable, physical and side-channel attacks have become much more affordable and powerful, raising the issues of exposure of sensitive information. To prevent valuable technologies from being copied by competitors and to prevent the devices from being accessed by unauthorized people, manufactures and property owners usually spend a significant amount of money and time to develop countermeasures to safeguard against adversaries.
To protect the system from physical attacks and to raise the barrier for reverse engineering, the integrated circuit physical unclonable function (PUF) may be applied due to its intrinsic characteristics.
The integrated circuit physical unclonable function can establish a bit string pattern due to uncontrollable random physical characteristics in a manufacturing process. The process variations can come from very small changes in process control, material contents, and/or environmental drift. These natural variations are not only unavoidable during manufacturing but are also very hard to reproduce, making duplication of the same string pattern very difficult.
Normally, a particular string pattern is formed when the circuit component is settled into a stable state after power up. The formation of the string pattern is partially dependent on the physical microstructure of the particular components. Since the forming conditions are varied with time and environment, the dependencies on forming conditions can create enough uniqueness for individual components. However, although the PUF may offer root of trust to the system, it still remains an issue on how to adopt the PUF into the system effectively and economically to secure information.
One embodiment of the present invention discloses a secure logic system. The secure logic system includes a physically unclonable function (PUF), a physically unclonable function configuration register, and an encryption circuit.
The physically unclonable function is for establishing an encryption string according to at least partial random physical characteristics of the physically unclonable function. The physically unclonable function configuration register is coupled to the physically unclonable function, and for loading the encryption string from the physically unclonable function. The encryption circuit is coupled to the physically unclonable function configuration register, and is for manipulating a system string with the encryption string to generate encrypted data.
Another embodiment of the present invention discloses a method for operating a secure logic system. The secure logic system includes a physically unclonable function (PUF), a physically unclonable function configuration register, and an encryption circuit.
The method includes the physically unclonable function establishing an encryption string according to at least partial random physical characteristics of the physically unclonable function, the physically unclonable function configuration register loading the encryption string from the physically unclonable function, and the encryption circuit manipulating a system string with the encryption string to generate encrypted data.
These and other objectives of the present invention will no doubt become obvious to those of ordinary skill in the art after reading the following detailed description of the preferred embodiment that is illustrated in the various figures and drawings.
The physically unclonable function 110 can establish an encryption string P1 according to at least partial random physical characteristics of the physically unclonable function 110. The unique encryption string P1 can offer the deep-root security as a result of silicon manufacturing variations. For example, the secure logic system 100 can achieve confidentiality by entangling seemly regular and easily recognizable logic structures with the unclonable encryption string P1 established by the physical unclonable function 110, making at least one of the control path and the data pattern unique to each individual device.
The physically unclonable function configuration register 120 is coupled to the physically unclonable function 110, and can load the encryption string P1 from the physically unclonable function 110. This configuration register can be designed with instant wipe capability so its content will be completely removed or randomized in a controllable fashion.
In some embodiments of the present invention, the physically unclonable function 110 may include more than one PUF unit, that is, the physically unclonable function 110 may establish a plurality of unique strings. In this case, the address of the encryption string P0 and P1 can be determined by firmware at the early phase of device initialization or a default setting during the system power-on reset.
In some embodiments, the initial system condition used to load the encryption string P0 and P1 may be stored in a safe environment or a one-time programming circuit, such as an anti-fuse circuit. In this case, if the PUF configuration register 120 is reset due to some security threats, then the encryption string P0 and P1 can still be regenerated by the PUF 110 according to the stored information, allowing the system to be restored.
The encryption circuit 130 is coupled to the physically unclonable function configuration register 120, and the encryption circuit 130 can manipulate a system string S1 with the encryption string P1 to generate encrypted data S1_e. The system string S1 can be, for example but not limited to, a memory address, memory data, or an instruction. That is, the encryption circuit 130 may use Boolean equations or other algorithms to mix the encryption string P1 with the system string S1 to be protected.
For example, the encryption circuit 130 may perform an Excess-N binary coding scheme to manipulate the system string S1 by using the encryption string P1 as a seed to select at least one inverting bit of the system string S1. That is, the unique encryption sting P1 can be used to determine which specific permutation is applied to the system string S1.
For instance, if the encryption string P1 has a value of 1, the encryption circuit 130 would invert the value of bit 0 as Excess-1.
If the encryption string P1 has a value of 2, the encryption circuit 130 would invert the value of bit 1 as Excess-2. If the encryption string P1 has a value of 4, the encryption circuit 130 would invert the value of bit 2 as Excess-4. Also, if the encryption string P1 has a value of 3, the encryption circuit 130 would invert the value of bit 0 and bit 1 as Excess-3.
With the Excess-N binary coding scheme, the system string S1 can be easily manipulated with the encryption string P1 to create unpredictable permutations. In the case of the system string S1 being a memory address, the unpredictable permutation can further expand the virtual addressing space of a storage unit beyond its physical range, adding layers of protection to the logical configuration of storage units.
Furthermore, in some embodiments of the present invention, since most of the storage addressing schemes are multi-dimensional, the protection can be further enhanced by using un-correlative encryption strings loaded from different PUF units in the PUF 110 for segment, row, and column addressing to further diffuse the addressing information.
Also, the Excess-N binary coding scheme can be easily decoded with the encryption string P1 when the system string S1 is required for system operations. In
The decryption circuit 140 can be coupled to the PUF configuration register 120, and can decrypt the encrypted data S1_e to restore the system string S1 according to the encryption string P1 retreated from the PUF configuration register 120. For example, the decryption circuit 140 can invert the inverted bit(s) of the encrypted data S1_e again according to the encryption string P1.
After the system string S1 is restored by the decryption circuit 140, the system function circuit 150 coupled to the decryption circuit 140 would be able to perform operations according to the system string S1. For example, if the system string S1 is a memory address, the system function circuit 150 may perform a read operation or a write operation to the storage space corresponding to the address indicated by the system string S1.
In some embodiments, the decryption circuit 140 can be disposed on a signal path between the encryption circuit 130 and the system function circuit 150, and the decryption circuit 140 can decrypt the encrypted data S1_e to restore the system string S1 right at the system function circuit 150, preventing the restored system string S1 from being retrieved by the side-channel attacks and reverse engineering.
Also, in some embodiments, if the system string S1 is an address and the mutation caused by the encryption string P1 is mainly for reducing the predictability of the access to the memory system, then the encrypted data S1_e may be used as a physical address for accessing the data stored in the memory system without being decrypted. In this case, the decryption circuit 140 can be optional, that is, the encrypted data S1_e can be used directly by the memory system or the system function circuit 150, without decrypted by the decryption circuit 140, creating an unique memory mapping for each individual device.
In addition, to further randomize the access of the PUF 110, in
Although the encryption circuit 130 may perform the Excess-N binary coding scheme to introduce the encryption string P1 into the system, this is not to limit the present invention. For example, in some other embodiments, if an arbitrary logical function can be realized by using exclusive paths, such as paths with NAND gates and NOR gates, the encryption circuit 130 may simply activate one of the two possible paths for particular operation according to the encryption string S1_e to further complicate the internal process logic.
For example, the logic circuit 232[0] can perform logic computation on the bit P2[0] of the encryption string P2 and the bit S2[0] of the system string S2, while the logic circuit 232[N-1] can perform logic computation on the bit P2[N-1] of the encryption string P2 and the bit S2[N-1] of the system string S2.
In some embodiments, since the system string S2 may have to be restored for performing following operations, the logic computation performed by the logic circuits 232[0] to 232[N-1] should be reversible. For example, but not limited to, the plurality of logic circuits 232[0] to 232[N-1] can be XOR gates. That is, the encrypted data S2_e can be generated by performing XOR operations to the encryption string P2 and the system string S2. In this case, the system string can be restored later by performing XOR operations to the encryption string P2 and the encrypted data S2_e easily.
In
According to Table 2, the same input of the system string S3 as shown in Table 1 would lead to four different results corresponding to the values of the encryption string P3. Consequently, the encryption string P3 can be mixed into general logic functions to create configurable logic structures that alter the device's energy consumption and propagation delay via PUF dictated logic paths, making the reverse engineering much more difficult. This is illustrated in
In
However, the encryption circuit 230 of the present invention is not limited to perform XOR operation. In some other embodiments, the encryption circuit 230 may perform other logic computation including at least one of the basic operations NAND, AND, NOR, OR, XOR, XNOR and NOT to generate the encrypted data S2_e, and the decryption circuit 240 would reverse the encrypted data S2_e back to the system string S2 with the corresponding computations. In other embodiments, mixed logic operations can be used for the encryption circuit 230 or other logic paths and logic structures to further alter system behavior.
After the system string S2 has been restored, the system function circuit 250 coupled to the decryption circuit 240 would perform operations according to the system string S2. For example, the system function circuit 250 may store the system string S2 to the corresponding storage space if the system string S2 is the data to be written.
In
In other embodiments, the path selector 270 may choose the transmission path according to a random number generated by the system or another unique string provided by the PUF 110.
In this case, the decryption circuit 240 disposed on the signal path between the path selector 270 and the system function circuit 250 can decrypt the encrypted data S2_e to restore the system string S2 right at the system function circuit 250, preventing the restored system string S2 from being retrieved by the side-channel attacks and reverse engineering.
Furthermore, the entangled decode technique is applicable to data paths as well for protection of sensitive information. For example, in some other embodiments, the decoded data D can be used to select a device specific set of data from a memory bank to the system function circuit 250 directly.
However, in some embodiments, if the security condition permits, the encrypted data S2_e may be sent to the decryption circuit 240 for decryption directly before used by the system function circuit 250 without passing through the path selector 270. Also, in some other embodiments, the path selector 270 and the memory bank can be used together to select the device specific set of data for sensitive information storage.
For example,
That is, the techniques shown in the embodiments of the present invention can be used independently or can be combined with any desired orders according to the system requirement.
In
S510: the physically unclonable function 110 establishes an encryption string P1 according to at least partial random physical characteristics of the physically unclonable function 110;
S520: the physically unclonable function configuration register 120 loads the encryption string P1 from the physically unclonable function 110;
S530: the encryption circuit 130 retreats the encryption string P1 from the physically unclonable function configuration register 120;
S532: the encryption circuit 130 manipulates a system string S1 with the encryption string P1 to generate encrypted data S1_e;
S540: the decryption circuit 140 retreats the encryption string P1 from the physically unclonable function configuration register 120;
S542: the decryption circuit 140 decrypts the encrypted data S1_e to restore the system string S1 according to the encryption string Pl;
S550: the system function circuit 150 performs operations according to the system string Sl.
According to method 500, the system string S1 can be mixed with the unique encryption string P1, making the physical behaviors of identical operation with identical data dramatically different from one another. In some embodiments, the system string S1 can be a memory address, memory data, or an instruction, and the method 500 may be applied to encrypt different types of system strings with different algorithms or different Boolean operations to further complicate the flow controls and data paths for critical functions, making side-channel attacks and reverse engineering much more difficult.
In some embodiments, the encryption circuit 130 may perform the Excess-N binary coding scheme to manipulate the system string S1 by using the encryption string P1 as a seed to select at least one inverting bit of the system string S1 in step S532. However, in some other embodiments, the encryption circuit 130 may adopt other algorithms or other logic computation to manipulate the system string S1. For example, the encryption circuit 130 may perform XOR operations to the system string S1 and the encryption string P1 to generate the encrypted data S1_e.
After the system string S1 has been mixed with the encryption string P1, the decryption circuit 140 can retreat the encryption string P1 in step S540 to restore the system string S1 in step S542, so that the system function circuit 150 can use the system string S1 for following operations accordingly in step S550.
In some embodiments, additional protections for encrypted data S1_e may be achievable by further alter the device's energy consumption and propagation delay via unpredictable logical paths.
S610: the physically unclonable function 110 establishes encryption strings P2 and P3 according to at least partial random physical characteristics of the physically unclonable function 110;
S620: the physically unclonable function configuration register 120 loads the encryption strings P2 and P3 from the physically unclonable function 110;
S630: the encryption circuit 230 retreats encryption string P2 from the physically unclonable function configuration register 120;
S632: the encryption circuit 230 manipulates a system string S2 with the encryption string P2 to generate encrypted data S2_e;
S640: the decoder 260 retreats encryption string P3 from the physically unclonable function configuration register 120;
S642: the decoder 260 decodes another encrypted data S3_e generated by encrypting another system string S3 with the encryption string P3 to generate decoded data D;
S650: the path selector 270 selects a path for transmitting the encrypted data S2_e according to the decoded data D;
S660: the decryption circuit 240 retreats the encryption string P2 from the physically unclonable function configuration register 120;
S670: the decryption circuit 240 decrypts the encrypted string S2_e to restore the system string S2 according to the encryption string P2;
S680: the system function circuit 250 performs operations according to the system string S2.
That is, after the system string S2 is encrypted with the encryption string P2, the encrypted data S2_e is transmitted through the data path selected by the path selector 270 to the decryption circuit 240 in step S650 according to the decoded data D. Therefore, in step S670, the decryption circuit 240 can decrypt the encrypted string S2_e to restore the system string S2, so that the system function circuit 250 can perform the following operations accordingly in step S680.
In some embodiments, if the system string S2 is an instruction or an arbitrary indicator, then the decryption circuit 240 may not have to regenerate the complete system string S2. Instead, the decryption circuit 240 may transmit the corresponding signals to the system function circuit 250 for performing the respective operation by analyzing the encrypted data S2_e with the encryption string P2.
With both the methods 500 and 600, the encryption string established by the physical unclonable function 110 can be used to combine with the system string so that the control paths and the data flow patterns would be unique to each individual device. Also, since the valuable information required by the side-channel attacks and reverse engineering, such as device timing, energy, heat, magnetic profiles, and power signatures, would also be changed accordingly due to physical changes of logic structure, flow control and data presentation, the methods 500 and 600 can secure the information effectively. Moreover, when applying the methods 500 and 600 to different types of system strings, the protection for the valuable information can be further enhanced. That is, the approaches shown in methods 500 and 600 maybe performed individually or may be combined with others to meet the security requirement of the system.
In summary, the secure logic systems and the method for operating the secure logic systems provided by the embodiments of the present invention can combine the system string with the unpredictable encryption string established by PUF, so that the control paths and the data flow patterns would be unique to each individual device. Also, since each individual device can have its own device timing, energy, heat, magnetic profiles, and power signatures, the critical information can be secured effectively, making the side-channel attacks and reverse engineering extremely difficult.
Those skilled in the art will readily observe that numerous modifications and alterations of the device and method may be made while retaining the teachings of the invention. Accordingly, the above disclosure should be construed as limited only by the metes and bounds of the appended claims.
This non-provisional application claims priority of U.S. provisional application 62/583,499, filed on Nov. 9, 2017, included herein by reference in its entirety.
Number | Date | Country | |
---|---|---|---|
62583499 | Nov 2017 | US |