skip to main content


Title: iTPM: Exploring PUF-based Keyless TPM for Security-by-Design of Smart Electronics
The scope of Smart electronics and its increasing market worldwide has made cybersecurity an important challenge. The Security-by-Design (SbD) principle, an emerging cybersecurity area, focuses on building security/privacy-enabled primitives at the design stage of an electronic system. This paper proposes a novel Physical Unclonable Function (PUF) based Trusted Platform Module (TPM) for SbD primitive. The proposed SbD primitive works by performing secure verification of the PUF key using TPM’s Encryption and Decryption engine. The securely verified PUF Key is then bound to TPM using Platform Configuration Registers (PCR). PCRs in TPM facilitate a secure boot process and effective access control to TPM’s NonVolatile memory through an enhanced authorization policy. By binding PUF with PCR in TPM, a novel PUF-based access control policy can be defined, bringing in a new security ecosystem for the emerging Internet-of-Everything era. The proposed SbD approach has been experimentally validated by successfully integrating various PUF topologies with Hardware TPM.  more » « less
Award ID(s):
2101181
NSF-PAR ID:
10498685
Author(s) / Creator(s):
; ; ; ;
Corporate Creator(s):
Editor(s):
Fernanda Kastensmidt Ricardo Reis Aida Todri-Sanial Hai 
Publisher / Repository:
IEEE
Date Published:
Journal Name:
2023 IEEE Computer Society Annual Symposium on VLSI (ISVLSI)
Volume:
1
Issue:
1
ISBN:
979-8-3503-2769-4
Page Range / eLocation ID:
1-6
Subject(s) / Keyword(s):
Nonvolatile memory, Process control, Very large scale integration, Physical unclonable function, Hardware, Topology, Registers, Security-by-Design (SbD), Trsuted Platform Module (TPM), Physical Unclonable Function (PUF), Energy-Efficient Cybersecurity, Hardware-Assisted Security, Cyber-Physical System (CPS) Internet-of-Things (IoT).
Format(s):
Medium: X
Location:
Foz do Iguacu, Brazil
Sponsoring Org:
National Science Foundation
More Like this
  1. his work presents a sustainable cybersecurity solution using Physical Unclonable Functions (PUF), Trusted Platform Module (TPM), and Tangle Distributed Ledger Technology (DLT) for sustainable device and data security. Security-by-Design (SbD) or Hardware- Assisted Security (HAS) solutions have gained much prominence due to the requirement of tamper-proof storage for hardwareassisted cryptography solutions. Designing complex security mechanisms can impact their efficiency as IoT applications are more decentralized. In the proposed architecture, we presented a novel TPM-enabled PUF-based security mechanism with effective integration of PUF with TPM. The proposed mechanism is based on the process of sealing the PUF key in the TPM, which cannot be accessed outside the TPM and can only be unsealed by the TPM itself. A specified NV-index is assigned to each IoT node for sealing the PUF key to TPM using the Media Access Control (MAC) address. Access to the TPM's Non-Volatile Random Access Memory (NVRAM) is defined by the TPM's Enhanced Authorization policies as specified by the Trust Computing Group (TCG). The proposed architecture uses Tangle for sustainable data security and storage in decentralized IoT systems through a Masked Authentication Messaging (MAM) scheme for efficient and secure access control to Tangle. We validated the proposed approach through experimental analysis and implementation, which substantiates the potential of the presented PUFchain 4.0 for decentralized IoT-driven security solutions. 
    more » « less
  2. The rapid adoption of Internet-of-Medical-Things (IoMT) has revolutionized e-health systems, particularly in remote patient monitoring. With the growing adoption of Internet-of-Medical-Things (IoMT) in delivering technologically advanced health services, the security of Medtronic devices is pivotal as the security and privacy of data from these devices are directly related to patient safety. PUF has been the most widely adopted hardware security primitive which has been successfully integrated with various Internet-of-Things (IoT) based applications, particularly in smart healthcare for facilitating device security. To facilitate security and access control to IoMT devices, this work proposes a novel cybersecurity solution using PUF for facilitating global access to IoMT devices. The proposed framework presents an approach that enables the patient’s body area network devices supported by PUF to be securely accessible and controllable globally. The proposed cybersecurity solution has been experimentally validated using state-of-the-art SRAM PUF, a delay based PUF, and a trusted platform module (TPM) primitive. 
    more » « less
  3. This article presents a novel hardware-assisted distributed ledger-based solution for simultaneous device and data security in smart healthcare. This article presents a novel architecture that integrates PUF, blockchain, and Tangle for Security-by-Design (SbD) of healthcare cyber–physical systems (H-CPSs). Healthcare systems around the world have undergone massive technological transformation and have seen growing adoption with the advancement of Internet-of-Medical Things (IoMT). The technological transformation of healthcare systems to telemedicine, e-health, connected health, and remote health is being made possible with the sophisticated integration of IoMT with machine learning, big data, artificial intelligence (AI), and other technologies. As healthcare systems are becoming more accessible and advanced, security and privacy have become pivotal for the smooth integration and functioning of various systems in H-CPSs. In this work, we present a novel approach that integrates PUF with IOTA Tangle and blockchain and works by storing the PUF keys of a patient’s Body Area Network (BAN) inside blockchain to access, store, and share globally. Each patient has a network of smart wearables and a gateway to obtain the physiological sensor data securely. To facilitate communication among various stakeholders in healthcare systems, IOTA Tangle’s Masked Authentication Messaging (MAM) communication protocol has been used, which securely enables patients to communicate, share, and store data on Tangle. The MAM channel works in the restricted mode in the proposed architecture, which can be accessed using the patient’s gateway PUF key. Furthermore, the successful verification of PUF enables patients to securely send and share physiological sensor data from various wearable and implantable medical devices embedded with PUF. Finally, healthcare system entities like physicians, hospital admin networks, and remote monitoring systems can securely establish communication with patients using MAM and retrieve the patient’s BAN PUF keys from the blockchain securely. Our experimental analysis shows that the proposed approach successfully integrates three security primitives, PUF, blockchain, and Tangle, providing decentralized access control and security in H-CPS with minimal energy requirements, data storage, and response time. 
    more » « less
  4. Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules - the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context - to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today. 
    more » « less
  5. Padhy, Sudarsan ; Oria, Vincent (Ed.)
    The simplicity, low cost, and scalability of Internet of Things (IoT) devices have led researchers to study their applications in a wide range of areas such as Healthcare, Transportation, and Agriculture. IoT devices help farmers to monitor the conditions in a field. These are connected to edge devices for real-time analysis. The edge servers send commands to actuators in the farm directly, without human intervention. At the same time, security vulnerabilities are a big concern, concomitant with the increasing utilization of IoT devices. If the duplication of an IoT device occurs and attackers gain access to the system, then the integrity of the entire ecosystem will be at stake, regardless of the application domain. This paper presents a Physical Unclonable Function (PUF) based hardware security primitive for the authentication of Internet of Agro-Things (IoAT) devices. The proposed security scheme has been prototyped with a testbed evaluation. An arbiter PUF module has been used for the validation of the proposed scheme. The PUF based security primitive is lightweight, scalable, and robust as it mainly depends on inherent manufacturing variations, thereby ensuring no chance for the duplication of IoT devices. 
    more » « less