Survey							
                            
		                
		                * Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
EE5900: Cyber-Physical Systems CNT for Hardware Security Lin Liu and Shiyan Hu Carbon Nanotube Technologies 2 Case Study: Credit Card 3 First Generation Credit Card: Magnetic Stripe Card ο§ Magnetic stripe keeps security data (authentication data) through modifying the magnetism of tiny iron-based magnetic particles on the band. ο§ The magnetic stripe is read by swiping through a magnetic reading head. 4 Authentication Flow User π w/ Magnetic Stripe Card Request for authentication information Authentication information for user π No, card is not authenticated If it is valid Yes, card is authenticated 5 Hack? ο§ Given a malicious magnetic card reader, the magnetic stripe is read by swiping through its reading head and the authentication information can be obtained ο§ The hacker can clone the card with the same authentication information and impersonate that user ο§ It has been documented that the information from 40 million credit and debit cards has been stolen 6 Second Generation Credit Card: Microcontroller Based Card ο§ The smart card is embedded with a microchip (integrated circuit) that can store and process data. It provides cryptographic services (e.g. authentication, confidentiality, integrity). ο§ EMV (Europay, MasterCard and Visa) is a global standard for cards equipped with computer chips. 7 In-factory characterization Authentication Flow Encrypt request π to get response πΆ using a crypto-algorithm with the pre-stored key ππ Request πππ User π w/ chip based credit card User Request Response β¦ β¦ β¦ β¦ β¦ β¦ ππ Send Response smart card πΆππ ID for user π Request πππ Response πΆππ User gets $200 Withdraw $200 Reduce the balance by $200 No, card is not authenticated If πΆππ = πΆππ Yes, card is authenticated 8 Hack? is the the main weakness, ο§ A physical attack can This erase security lock bit by focusing UV light on since the security of the EEPROM computation only depends on ο§ Probe the operation of the circuit by using microprobing needles the key ο§ Use laser cutter microscopes to explore the chip ο§ Locate the private key πΎ used in the smart card ο§ Clone a fake credit card with the same private key ο§ Compute response as f(request, πΎ) to impersonate the credit card user databus CPU test logic ROM security logic RAM serial i/o interface EEPROM EEPROM: βcryptographic keys βPIN code βbiometric template βbalance βapplication code 9 Next Generation Credit Card: PUF Based Card ο§ The main idea/advantage of Physically Unclonable Functions (PUFs) is to generate the keys on the fly rather than saving keys locally. ο§ Since PUFs leverage the fabrication induced variations, they are very sensitive to manipulation, so the secondary advantage is that when attackers deploy invasive attacks, they will damage PUFs with a very high probability. 10 Circuit Delay ο§ Circuit delay = Interconnect delay + Gate delay 11 Interconnect The interconnect delay depends on the wire width 12 Gate The gate delay depends on the channel width 13 Lithography System: A Simplistic View 14 Designed v.s. Fabricated Features 15 Fabrication Statistics ο§ Chip design cannot be reliably fabricated ο§ Gap ο§ Lithography technology: 193nm wavelength Large wavelength will degrade the printing ο§ VLSI technology: 45nm features quality, and thus there are significant ο§ Lithography induced variations variations onon feature (wire widths or ο§ Impact timingsizes and power channel ο wire). Even for 180nm technology, variations up to 20x in After printing, circuitpower delay can be significantly leakage and 30% in frequency were different from what it is designed. reported. 16 The Motivational Example Challenge 1 C D Q 0 x No change 1 1 1 1 0 0 Response 0 1 D Q 1 10 0 1 0 C If the first path is faster, then D = 0, C = 1, output Q = 0; If the second path is faster, then D = 1, C = 0, output Q remains at 1. The fabrication variation will generate unpredictable true random output. 17 PUFs Properties ο§ ο§ Basic requirements ο§ For two PUFs, difference between responses to same challenge should be large ο§ For a single PUF, two measured responses to the same challenge should be the same (e.g., robust to environmental change) Expected features ο§ Evaluatable: y = PUF (x) is easy ο§ Unclonable: hard to make PUFβ(x) given PUF(x) ο§ One-way: given y and PUF(), cannot find x ο§ Tamper evident: tampering changes PUF() Challenge x PUF Response y 18 PUF Applications 19 Block Based Ring Oscillator PUF The previous simple implementation requires precise timing measurement Response Response π = ππ΄ /ππ΅ ππ΄ = 4 ππ΅ = 3 B. Gassend, D. Clarke , M. van Dijk, and S. Devadas , "Silicon Physical Random Functions," in ACM CCS, pp. 148160, 2002. 20 Nanotechnology Based PUFs? ο§ PUF security depends on those fabrication variations. ο§ However, the fabrication induced variations on sillicon and copper are sometimes not large, at least not as significant as those of nanomaterials such as carbon nanotubes. ο§ Carbon Nanotube (CNT) is a promising material in designing nanoscale circuit. ο§ Better delay and power. Ideal CNFET circuits can potentially provide 20× Energy-Delay-Product benefits over silicon-CMOS at the 16nm technology node ο§ Fabrication induced variations are significant H. Park, A. Afzali, S.-J. Han, G. S. Tulevski, A. D. Franklin, J. Tersoff, J. B. Hannon, and W. Haensch, βHigh-density integration of carbon nanotubes via chemical self-assembly.,β Nature. Nanotechnology., vol. 7, no. 12, pp. 787β91, Dec. 2012. J. Zhang, A. Lin, N. Patil, H. Wei, L. Wei, H. S. Wong, S. Mitra, βRobust Digital VLSI using Carbon Nanotubes,β IEEE Transactions on Computer-aided Design of integrated circuits and systems, 31.4, 2012. 21 Carbon Nanotubes 1nm 0.32nm SWCNT Bundled SWCNTs Use SWCNTS in bundled which are the typical choice for wires 22 Carbon Nanotube Field Effect Transistor (CNFET) ο§ Use carbon nanotubes to implement the channel of FET instead of silicon. Shulaker, Max M., et al. "Sensor-to-digital interface built entirely with carbon nanotube FETs." SolidState Circuits, IEEE Journal of 49.1 (2014): 190-201. 23 CNT Fabrication Process CNT fabrication process at the Future Carbon GmbH in Bayeruth, Germany 24 Chemical Vapor Deposition Carbon monoxide (CO), methane (CH4), acetylene and ethylene, can be materials to develop SWCNTs Cu, Mn, Mo, Cr, Sn, Mg, Al and SiO2 can be used as the catalysts for SWNTs Temperature, atmosphere and pressure in Chemical Vapor Deposition process could impact the fabrication results 25 CNT Variations ο§ CNT diameter variations ο§ Misalignment of CNTs in the device channel ο§ Variation of controlling semiconducting CNTs (Due to existence of metallic CNTs) ο§ CNT density variations Simulated on-off current ratio variation of a 32nm technology node CNFET contributed by various sources of variations. Zhang, Jie, et al. "Overcoming carbon nanotube variations through co-optimized technology and circuit design." Electron Devices Meeting (IEDM), 2011 IEEE International. IEEE, 2011. 26 CNT Density Variation ο§ CNT density is defined as the CNT count in a region for a certain width. ο§ CNT density variation is caused by randomness in the CNT manufacturing process. ο§ Spacing between alligned CNTs varies significantly, leading to huge CNT density variation. ο§ CNT density variation results in the significant timing variation of the circuit. CNTs CNTs aligned with different spacing and density. 27 CNT PUF Design #1 CNT circuit Edge detector Counter ++ Challenge CNT circuit Edge detector Counter ++ Edge detector Counter ++ Edge detector Counter ++ ÷ β¦ Challenge CNT circuit ÷ Response CNT circuit CNT circuit CNT circuit Response Edge detector Counter ++ Edge detector Counter ++ ÷ 28 CNT PUF Design #2 Hu, Zhaoying, et al. "Physically unclonable cryptographic primitives using self-assembled carbon nanotubes." Nature nanotechnology (2016). 29 2D Carbon Nanotube Array 30 Challenge-Response Pair Generation CNT based circuit (PUF) ο§ Challenge is used as input ο§ Observe the output current or voltage ο§ Apply thresholding technique to ontatin the response ο§ If the input is (1,1,0,0,0) and output is (0.2,0.9,0.3,0.1,1.0), with the threshold is 0.8 the response is (0,1,0,0,1) 31 Weakness? ο§ In a single PUF, two similar challenges might generate similar responses ο§ Machine learning might be deployed to model the PUF ο§ Our idea is to avoid similar input challenges applied to a PUF ο§ Use Lorenz chaotic system which is able to increase the differences among inputs 32 Lorenz System xο¦ ο½ οο³x ο« ο³y yο¦ ο½ ο xz ο« rx ο y zο¦ ο½ xy ο bz ο§ Variables β x refers to the convective flow. β ο§ y refers to the horizontal temperature distribution. β z refers to the vertical temperature distribution. Constants β Ο refers to the ratio of viscosity to thermal conductivity. β r refers to the temperature difference between the top and bottom of a given slice. β b refers to the ratio of the width to the height. 33 Discrete Lorenz Chaotic System π₯π+1 : = π π¦π β π₯π + π₯π π¦π+1 : = βπ₯π π§π + ππ₯π π§π+1 : = π₯π π¦π β ππ§π + π§π π = 1, 2, β¦ , π β 1 where π₯1 is the challenge and π₯π is the output of Lorenz system 34 Plot of x v.s. Iteration 35 Bufferfly Effect ο§ The butterfly effect is a metaphor for how a little change in initial conditions will result in very different end results. ο§ Edward Lorenz coined the term βbutterfly effectβ. ο§ Propensity of a system to be sensitive to initial conditions. ο§ A minor change in initial conditions lead to big differences later. 36 Lorenz Chaotic CNT PUF CNT based circuit (PUF) Challenge πΆ π Lorenz system π₯1 = πΆ π π₯π+1 : = π π¦π β π₯π + π₯π π¦π+1 : = βπ₯π π§π + ππ₯π π§π+1 : = π₯π π¦π β ππ§π + π§π π = 1, 2, β¦ , π β 1 Response π π 37 Simulation Results 1 0 The Lorenz Chaotic System is (a) able to increase the difference among inputs. (b) (a) Eight 8-bit challenges which are similar to each other (b) Eight 8-bit CNPUF responses w/o Lorenz chaotic system (c) Eight 8-bit CNPUF responses w/ Lorenz chaotic system (c) 38 CNPUF Based Authentication User π w/ CNPUF based credit card In-factory characterization User Challenge Response β¦ β¦ β¦ β¦ β¦ β¦ Send user ID Challenge πΆππ Response π ππ No, card is not authenticated If π ππ = π ππ Yes, card is authenticated 39 Case Study: Smart Meter and Smart Home System Power flow Internet Control flow 40 TI Smart Meter 41 Hacking Smart Meter ο§ https://www.youtube.com/watch?v=wGzZG7IWfYo 42 An Example Smart Meter Hack Two smart meters share the same ID but different power consumption values.. J. Wurm, O. Arias, K. Hoang, A.-R. Sadeght, and Y. Jin, βSecurity analysis on consumer and industrial IoT devices,β in Proc. 21st Asia South Pacific Design Autom. Conf., 2016, pp. 519β524. 43 Hack Smart Meter Communication Electricity bill User A A 1000 kWh Chanel attack Energy usage User A 100 kWh Energy usage User A 1000 kWh 44 CNPUF Integrated Smart Home System: Initialization Utility π Energy usage value rounding might be needed to make the look-up table size manageable, e.g., 100.25kWh is rounded to 100kWh. Smart home user 1 β¦ Smart home user π β¦ User Challenge Response β¦ β¦ β¦ β¦ β¦ β¦ Smart home user π User π Challenge πΆππ Lorenz chaotic system Response π ππ CNT based PUF 45 CNTPUF Integrated Smart Home System: Encryption If received response is close enough to β1001β¦1011β, the consumed energy of smart home user i is 100kWh. Utility π Smart home user 1 β¦ Smart home user π β¦ Smart home user π User Challenge Response β¦ β¦ β¦ β¦ β¦ β¦ Smart home user π Challenge 100kWh Lorenz chaotic system Response 1001β¦1011 CNT based PUF Utility π 46 Summary ο§ ο§ ο§ ο§ ο§ ο§ ο§ What is simple power analysis attack? How does magnetic stripe and microchip based credit cards work? What is Physically Unclonable Function? What is carbon nanotube technology? Why CNT is good for designing PUFs? Why Lorenz chaotic system is needed? How is the proposed Lorenz chaotic CNPUF deployed in smart card and smart home systems? 47 48 CNPUF Based Authentication β’ What if each challenge can only be used once, User implemented as having a local table of used In-factory challenges? characterization β’ This design is vulnerable to deny-of-service attack. If the attacker repeatedly sends all possible challenges Sendwill user User πtow/the CNPUF credit card, the credit card beID invalidated basedsince crediteach cardchallenge can only be used once Challenge Response β¦ β¦ β¦ β¦ β¦ β¦ Challenge πΆππ Response π ππ No, card is not authenticated If π ππ = π ππ Yes, card is authenticated 49 Further Vurnerability? User π w/ PUF based credit card Send user ID Challenge πΆπ1 User Challenge Response π π β¦ πΆπ1 πΆπ2 β¦ π π1 π π2 β¦ π β¦ πΆππ β¦ π ππ β¦ Malicious Repeat many times Response π π1 Clone a credit card with look-up table 50 Bidirectional Authentication Challenge Response πΆπ1 π , πΆπ1 π π π1 π , π π1 π β¦ β¦ πΆππ π , πΆππ π π ππ π , π ππ π β¦ β¦ Send user ID User π w/ PUF based credit card Challenge (πΆππ π , πΆππ π , π ππ π ) Generate the response π ππ π , π ππ π for πΆππ π , πΆππ π If π ππ π = π ππ π No Server authentication fail User authentication succeed Yes M-D Yu, et al., "A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication", IEEE Transactions on Multi-Scale Computing Systems. If π ππ π = π ππ π No User authentication fail 51 Acknowledgement Part of this work is supported by NSF CAREER Award 1349984