# Introduction

UF, is a trap door function physically blended or inscribed deep in system during manufacturing process and is easy to evaluate but hard to clone. Because of random process variations, no two Integrated Circuits even with the same layouts are identical.Variation is inherent in fabrication process or in areas environmental variations such as temperature, supply voltage and Electromagnetic interference, which can affect their performance and is hard to remove or predict. An untrusted foundry cannot create a copy of the circuit as it is impossible to control the manufacturing process variations. PUFs are highly secure and there are no need for trusted programming and are found to be inexpensive as there is no need of special fabrication technique PUF can enable a secure, low-cost authentication without crypto.

"Security engineers face the seemingly contradictory challenge of providing lightweight cryptographic algorithms for strong authentication, encryption and other cryptographic services that can perform on a speck of dust." [1]. Most of the traditional authentication schemes and encryption algorithms relies on a unique ID or a secret key. They are usually generated and stored in a secure manner in non volatile storage on chip either in fuses or EEPROMs, protecting them from malicious attackers. However, these are susceptible to invasive and non invasive attacks like side channel attacks.

Side channel attacks instead of testing the strength of the cryptographic algorithms and extract the information presented due to implementation weaknesses, instead extract vital information from the electrical characteristics of a chip such as power and timing which are data dependent. Hence, any hardware mechanism aiming to be robust should tackle and counter invasive and non invasive attacks.

PUFs basically work on concept of challengeresponse authentication. When a physical stimulus is applied to the structure, it reacts in an unique way as a result of complex interaction of the stimulus with the physical microstructure of the device. This exact microstructure depends on physical factors introduced during manufacturing process. The device's identity is established and hidden in microstructure itself. As this structure is not directly revealed by the challengeresponse mechanism such a device is resistant to spoofing attacks.

Unclonability means that each PUF device has a unique and unpredictable yet unique response to challenges. It is infeasible to construct a PUF with the same challenge-response behavior as another given PUF because exact control over the manufacturing process is infeasible. The combination of physical and mathematical unclonability renders a PUF truly unclonable.

A distinction is made between PUFs in which physical randomness is explicitly introduced and used as an unique identification code. PUFs uses this very inherent to thwart attacks.

The strength of a PUF is determined by three important parameters namely uniqueness, reliability and security. Uniqueness indicates the ability to distinguish between different ICs, measured by determining hamming distance between the responses obtained from different PUF instances. Reliability indicates that PUF circuit should be capable of reproducing CRPs in presence of noise and environmental variations. The security in PUFs indicates a PUF's susceptibility to different types of modeling attacks. It should be impossible construct an exact replica of a PUF instance even with complete knowledge of the design.

In the case of ASIC implementations, Hard PUFs are implemented directly into the ASIC silicon. By comparison, in the case of FPGAs, Soft PUFs are implemented using a small amount of the FPGA's standard programmable resources, such as Lookup Tables, Registers, and Memories.


# II.


# Related Work

Generally, there are three classes of PUF architectures namely cover-based PUF, delay-based PUF, and memory-based PUF. The first mention of PUF in the literature is that of optical PUF [2] which is coverbased PUF, exploits the randomness in the light scattering particles and the complexity of the interaction between the laser and the particles. After that, several PUF hardware structures have been proposed [2][3][4][5]. Most PUFs use conventional silicon techniques so that they do not require any special fabrication process or treatment and can be easily integrated into IC chips. Silicon PUFs exploits manufacturing delay variation of wire to generate a unique challenge-response mapping for each IC. These unique properties of each IC are easy to measure through the circuits but hard to copy without.

Unfortunately, recent analysis has demonstrated that those PUF structures are vulnerable to several attack methods including emulation, replay (man-in-the-middle attack), and reverse engineering [7]. Therefore, a dynamic PUF that can alter the CRPs every time the data is modified to prevent the hidden information leaked out is very desirable. Memory-based PUFs exploit the vulnerable balance of SRAM crosscoupled transistors. Uncontrollable random SRAM contents can be generated during power-up. The random contents are then used as PUF signature [6] [7]. The drawback of memory-based PUF is that every memory element generates a fixed one bit signature. Multi-factor authentication protocols, which often use a password and a mobile device, have been explored in prior literature [8,9,10].


# III.


# Proposed Soft Puf Scheme

In this paper we describe authentication solution based on a PUF device that provide stronger security environment. Each user is issued a PUF that aids in authentication and cannot be copied or cloned. The scheme works on three underlying principle that anyone with complete access to the authentication data at the server side and the device itself is still unable to impersonate the user.

There are three principal entities in the scheme: server S (or another entity authenticating the user on behalf of the server), user U, and device D. Before authentication can take place, the user obtains a device with a PUF built into it and enrols himself with the aid of Register protocol with the server. Once the registration is complete, the user will be able to authenticate with the help of the device. a) Register: is a process between S and U, where the user U registers with the server with the aid of D. If enrolment is successful, the server obtains and stores a token credU that can be used in subsequent authentications.

b) Authentication: is a process between S and U, where U uses D and S uses its stored credentials credU to make its decision to either accept or reject the user.

In proposed scheme, nowhere it is required to place any sensitive information on the device, to eliminate any possibility of data compromise In fact, our protocols do not require the device to store any information not related to the PUF functionality, which strengthens our design.

Register : 1. Server S sends challenge c to user U along with description of the group Gq, consisting of a pair (p,q), and its generator g.


# 2.

User U sends H(c||pwd), Gq, g, where pwd is a user password, to device D for a modified Gen protocol.

3. Device D calculates a challenge d = H(H(c||pwd), Gq, g) and runs Gen on this value to obtain response r,P, D then sends to the user (gr,P). Authentication : 1. Server S sends challenge c, Gq, g, P, and a nonce N to the user U. then calculates c_ = H(g,gr, t,N) and w = v?c_r mod q, and sends c_,w to the U. 4. User U sends these values to the server S. S calculates t_ = gwgrc_ and accepts the authentication if c_ = H(g,gr, t_,N), and otherwise rejects the value.

There is a strong possibility an adversary can clone the PUF by obtaining the PUFs response to a challenge, and then build a piece of software that impersonates the user. To mitigate this software cloning attack, proposed scheme requires the authenticator to always have physical access to the PUF in order to authenticate.

IV.


# New Application Areas

Wide spectrum of security oriented applications is now available for soft PUFs to be grabbed. Here are the few applications.


# a) Deployment of Keyed Applications

Currently, in devices such as Xilinx Virtex-4 and Virtex-5, there exists battery-backed key that is used to store Bitstream decryption key. This key cannot be accessed from the programmable fabric. By incorporating Soft PUFs into these devices, system designer can now deploy cryptographic keys/seeds on FPGAs.


# b) Activation or deactivation

Different features in FPGA-based can be activated, with activation rights blended in FPGA silicon die. Features like software / firmware running on FPGAbased systems, different modules or features within software / firmware, or remote commands that are directed for a particular FPGA-based system can be made chip specific. This is more secure than traditional anchoring methods such as use of USB dongle, MAC addresses, or similar technologies.


# c) Cloning or Counterfeit Detection of FPGA Silicon

Soft PUFs can be used to counter chip counterfeiting or chip cloning. They can be used, for example, to make sure that FPGAs purchased through distributors or secondary markets are in fact authentic and are shipped by actual manufacturing firm.


# V.


# Conclusion

With Soft PUFs, system designers have a new primitive to increase and enhance application space of FPGA-based designs. By having ability to authenticate FPGAs at device level, and ability to store "volatile" keys in these devices, FPGAs have the potential to venture into yet more security applications areas.
2![U sends (H(c||pwd), Gq_,g,P,N) to device D for Rep protocol. 3. DeviceD calculates a challenge d =H(H(c||pwd),g, p) and runs Rep on this value to obtain response r. D chooses a random value v ? Zq and calculates t = gv. D](image-2.png "2 .")
			© 2015 Global Journals Inc. (US) 1
			© 2015 Global Journals Inc. (US)
		
		
			

				


* 
	
		Panic passwords: Authenticating under duress
		
			JClark
		
		
			UHengartner
		
	
	
		USENIXWorkshop on Hot Topics in Security, Hot
				Sec
		
			2008. 2008
		
	




* 
	
		Physical unclonable functions and publickey crypto for fpga ip protection
		
			JGuajardo
		
		
			SKumar
		
		
			GJSchrijen
		
		
			PTuyls
		
	
	
		International Conference on Field Programmable Logic and Applications
				
			2007
			
		
	




* 
	
		Offline hardware/software authentication for reconfigurable platforms
		
			ESimpson
		
		
			PSchaumont
		
	
	
		CHES 2006. LNCS
				
			LGoubin
			MMatsui
		
		Heidelberg
		
			Springer
			2006
			4249
			
		
	




* 
	
		Physical Unclonable Function with Tristate Buffers
		
			EOzturk
		
		
			GHammouri
		
		
			BSunar
		
	
	
		Proc. ISCAS'08
				ISCAS'08
		
			2008
			
		
	




* 
	
		The PUF Promise
		
			HeikeBusch
		
		
			MSotakova
		
		
			StefanKatzenbeisser
		
		
			RSion
		
	
	
		3 rd International Conference on Trust and Trustworthy Computing (TRUST 2010)
		Springer Lecture Notes in Computer Science
		
			2010
			17
		
	




* 
	
		FPGA intrinsic PUFs and their use for IP protection
		
			JGuajardo
		
		
			SKumar
		
		
			GSchrigen
		
		
			PTuyls
		
	
	
		Proc. CHES'07
				CHES'07
		
			2007
			
		
	




* 
	
		A D igital 1.6 PJ/bit Chip Identification Circuit Using Process Variations
		
			YSu
		
		
			JHolleman
		
		
			BOtis
		
	
	
		Proc. ISSCC'07
				ISSCC'07
		
			2007
			
		
	




* 
	
		Two factor authenticated key exchange (TAKE) protocol in public wireless LANs
		
			YMPark
		
		
			SKPark
		
	
	
		IEICE Transactions on Communications E87-B
		
			5
			
			2004
		
	




* 
	
		A two-factor mobile authentication scheme for secure financial transactions
		
			RDPietro
		
		
			GMe
		
		
			MStrangio
		
	
	
		International Conference on Mobile Business (ICMB 2005)
				
			2005
			
		
	




* 
	
		Privacy preserving multi-factor authentication with biometrics
		
			ABhargav-Spantzel
		
		
			ASqicciarini
		
		
			SModi
		
		
			MYoung
		
		
			EBertino
		
		
			SElliott
		
	
	
		Journal of Computer Security
		
			15
			5
			
			2007
		
	




* 
	
		Multi-factor password-authenticated key exchange
		
			DStebila
		
		
			PUdupi
		
		
			SChang
		
		
			2008. 2008
			214
		
	
	Technical Report ePrint Cryptology Archive