Software PUF based on RISC-V processor for IoT security

Abstract

Disclosed is a software PUF based on an RISC-V processor for IoT security. A 32-bit RISC-V processor is used to generate abnormal information results in an abnormal operating state under a low voltage, and the abnormal information results are used to represent the features of the 32-bit RISC-V processor; 5-bit binary data obtained by comparing the abnormal information results with normal information results has high randomness and uniqueness and it is extremely difficult to directly extract internal abnormal information result from a hardware circuit of the 32-bit RISC-V processor, so modeling attacks based on the 5-bit binary data calculated according to the abnormal information results of the 32-bit RISC-V processor are almost impossible; in addition, when the 32-bit RISC-V processor is in an abnormal operating state, the operating frequency of the 32-bit RISC-V processor is dynamically adjusted through a frequency compensation method.

Claims

1. A software PUF based on an RISC-V processor for IoT security, characterized in that comprises a 32-bit RISC-V processor, wherein a temperature sensor for monitoring an operating temperature of the 32-bit RISC-V processor and a voltage sensor for monitoring an operating voltage of the 32-bit RISC-V processor are configured in the 32-bit RISC-V processor, and the 32-bit RISC-V processor generates an output response through the following method: (1) randomly selecting, from R instructions, four groups of instructions and four groups of operands corresponding to the four groups of instructions, wherein the four groups of instructions are all 32-bit binary data, and the four groups of operands are all 64-bit binary data; (2) accessing a supply voltage to the 32-bit RISC-V processor, wherein the supply voltage is a normal operating voltage of the 32-bit RISC-V processor, and the 32-bit RISC-V processor enters a normal operating state under the normal operating voltage, and an operating frequency of the 32-bit RISC-V processor at this moment is a normal operating frequency; sequentially loading the four groups of operands to a general register with a load instruction, sorting the four groups of instructions in chronological order, sequentially running the four groups of instructions and the corresponding four groups of operands according to the sorting order to successively obtain four normal information results corresponding to the four groups of instructions, and storing the four normal information results in the general register, wherein the four normal information results are 32-bit binary data; (3) decreasing the supply voltage accessed to the 32-bit RISC-V processor to 0.7V, wherein the supply voltage at this moment is an abnormal operating voltage of the 32-bit RISC-V processor, and the 32-bit RISC-V processor enters an abnormal operating state under the abnormal operating voltage; (4) acquiring a current operating temperature of the 32-bit RISC-V processor from the temperature sensor, acquiring a current operating voltage of the 32-bit RISC-V processor from the voltage sensor, denoting the current operating temperature of the 32-bit RISC-V processor as temp.sub.cur, denoting the current operating voltage of the 32-bit RISC-V processor as V.sub.cur, and obtaining a compensatory operating frequency of the 32-bit RISC-V processor by calculation according to formula (1): $\begin{matrix} F_{com} = \frac{1}{\frac{1}{\ln a_{temp}} ? ({temp}_{c u r} - {temp}_{ref}) + \frac{1}{F_{ref}}} + \frac{1}{\ln a_{vdd} ? (V_{cur} - V_{ref}) + \frac{1}{F_{ref}}} & (1) \end{matrix}$ In formula (1), temp.sub.ref is a reference temperature of the 32-bit RISC-V processor ((temp.sub.ref=25? C.), V.sub.ref is a reference voltage of the 32-bit RISC-V processor (V.sub.ref=0.7V), F.sub.ref is the normal operating frequency of the 32-bit RISC-V processor, F.sub.com is the compensatory operating frequency of the 32-bit RISC-V processor, a.sub.temp is a temperature compensation coefficient of the 32-bit RISC-V processor and is determined by testing the fluctuation velocity of a delay of the 32-bit RISC-V processor with time under different temperatures, a.sub.vdd is a voltage compensation coefficient of the 32-bit RISC-V processor and is determined by testing the fluctuation velocity of the delay of the 32-bit RISC-V processor with voltage under different supply voltages, and In is a logarithmic operator; (5) setting the operating frequency of the 32-bit RISC-V processor as the compensatory operating frequency; (6) loading the four groups of operands to the general register again with the load instruction, then sequentially running the four groups of instructions and the corresponding four groups of operands in chronological order the same as that in Step (2) to successively obtain four abnormal information results corresponding to the four groups of instructions, and storing the four abnormal information results in the general register, wherein the four abnormal information results are 32-bit binary data; (7) bitwise comparing the normal information results and the abnormal information results corresponding to the four groups of instructions one by one to determine error bits of the abnormal information result corresponding to each group of instructions with respect to the normal information result corresponding to the group of instructions, calculating the number of the error bits, and then converting the number of the error bits into 5-bit binary data, so that four pieces of 5-bit binary data corresponding to the four groups of instructions are obtained; and (8) sequentially stitching the four pieces of 5-bit binary data from high bit to low bit according to a corresponding instruction running order to obtain 20-bit binary data, wherein the 20-bit binary data is the output response of the software PUF.

2. The software PUF according to claim 1, wherein the four groups of instructions are add instructions, subtract instructions, multiply instructions and divide instructions.

Description

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS

(1) FIG. 1 is a schematic diagram of the operating states of a 32-bit RISC-V processor under different supply voltages;

(2) FIG. 2 is an entropy distribution diagram of output responses of 50 software PUFs;

(3) FIG. 3 illustrates a statistical histogram and a fitting curve of the average HD of a software PUF according to the invention;

(4) FIG. 4 illustrates the auto-correlation result of an output response of the software PUF according to the invention;

(5) FIG. 5 illustrates error rates of the software PUF under different supply voltages according to the invention;

(6) FIG. 6 illustrates error rates of the software PUF under different temperatures according to the invention.

DETAILED DESCRIPTION OF THE INVENTION

(7) The invention will be described in further detail below in conjunction with the accompanying drawings and embodiments.

(8) Embodiment: A software PUF based on an RISC-V processor for IoT security comprises a 32-bit RISC-V processor, wherein a temperature sensor for monitoring the operating temperature of the 32-bit RISC-V processor and a voltage sensor for monitoring the operating voltage of the 32-bit RISC-V processor are configured in the 32-bit RISC-V processor, and the 32-bit RISC-V processor generates an output response through the following method: (1) randomly selecting, from R instructions, four groups of instructions and four groups of operands corresponding to the four groups of instructions, wherein the four groups of instructions are all 32-bit binary data, and the four groups of operands are all 64-bit binary data; (2) accessing a supply voltage to the 32-bit RISC-V processor, wherein the supply voltage is a normal operating voltage of the 32-bit RISC-V processor, and the 32-bit RISC-V processor enters a normal operating state under the normal operating voltage, and the operating frequency of the 32-bit RISC-V processor at this moment is a normal operating frequency; sequentially loading the four groups of operands to a general register with a load instruction, sorting the four groups of instructions in chronological order (preset), sequentially running the four groups of instructions and the corresponding four groups of operands according to the sorting order to successively obtain four normal information results corresponding to the four groups of instructions, and storing the four normal information results in the general register, wherein the four normal information results are 32-bit binary data; (3) decreasing the supply voltage accessed to the 32-bit RISC-V processor to 0.7V, wherein the supply voltage at this moment is an abnormal operating voltage of the 32-bit RISC-V processor, and the 32-bit RISC-V processor enters an abnormal operating state under the abnormal operating voltage; (4) acquiring a current operating temperature of the 32-bit RISC-V processor from the temperature sensor, acquiring a current operating voltage of the 32-bit RISC-V processor from the voltage sensor, denoting the current operating temperature of the 32-bit RISC-V processor as temp.sub.cur, denoting the current operating voltage of the 32-bit RISC-V processor as V.sub.cur, and obtaining a compensatory operating frequency of the 32-bit RISC-V processor by calculation according to formula (1):

(9) $\begin{matrix} F_{com} = \frac{1}{\frac{1}{\ln a_{temp}} ? ({temp}_{c u r} - {temp}_{ref}) + \frac{1}{F_{ref}}} + \frac{1}{\ln a_{vdd} ? (V_{cur} - V_{ref}) + \frac{1}{F_{ref}}} & (1) \end{matrix}$ In formula (1), temp.sub.ref is a reference temperature of the 32-bit RISC-V processor ((temp.sub.ref=25? C.), V.sub.ref is a reference voltage of the 32-bit RISC-V processor (V.sub.ref=0.7V), F.sub.ref is the normal operating frequency of the 32-bit RISC-V processor, F.sub.com is the compensatory operating frequency of the 32-bit RISC-V processor, a.sub.temp is a temperature compensation coefficient of the 32-bit RISC-V processor and is determined by testing the fluctuation velocity of a delay of the 32-bit RISC-V processor with time under different temperatures, a.sub.vdd is a voltage compensation coefficient of the 32-bit RISC-V processor and is determined by testing the fluctuation velocity of the delay of the 32-bit RISC-V processor with voltage under different supply voltages, and In is a logarithmic operator; (5) setting the operating frequency of the 32-bit RISC-V processor as the compensatory operating frequency; (6) loading the four groups of operands to the general register again with the load instruction, then sequentially running the four groups of instructions and the corresponding four groups of operands in chronological order the same as that in Step (2) to successively obtain four abnormal information results corresponding to the four groups of instructions, and storing the four abnormal information results in the general register, wherein the four abnormal information results are 32-bit binary data; (7) bitwise comparing the normal information results and the abnormal information results corresponding to the four groups of instructions one by one to determine error bits of the abnormal information result corresponding to each group of instructions with respect to the normal information result corresponding to the group of instructions, calculating the number of the error bits, and then converting the number of the error bits into 5-bit binary data, so that four pieces of 5-bit binary data corresponding to the four groups of instructions are obtained; and (8) sequentially stitching the four pieces of 5-bit binary data from high bit to low bit according to a corresponding instruction running order to obtain 20-bit binary data, wherein the 20-bit binary data is an output response of the software PUF.

(10) In this embodiment, the four groups of instructions are add instructions, subtract instructions, multiply instructions and divide instructions.

(11) An RISC-V instruction is used to activate a path of the 32-bit RISC-V processor, and abnormal information of the 32-bit RISC-V processor under an abnormal operating condition is obtained by decreasing the supply voltage and adjusting the operating frequency of the 32-bit RISC-V processor. The operating states of the 32-bit RISC-V processor under different supply voltages are shown in FIG. 1. As can be known by analyzing FIG. 1, the 32-bit RISC-V processor may be in three different operating states under different supply voltages: normal state, abnormal state, and non-operating state. In the normal state, the 32-bit RISC-V processor has a small path delay and high power consumption, a timing violation will not occur when the instructions are executed, and no abnormal information will be generated. When the process is in the non-operating state, the instructions will not be executed, and the 32-bit RISC-V processor has a maximum path delay and high power consumption due to the existence of leakage current, so the output response of the soft PUF is generated in the gray area (abnormal state) in FIG. 1, a timing violation of RISC-V instructions occurs on the path in the 32-bit RISC-V processor, the 32-bit RISC-V processor has low power consumption and a large path delay, and abnormal information results with the features of the RISC-V processor are generated.

(12) The randomness of the PUF is generally visually evaluated by information entropy. The output of the PUF has two states: logic 1 and logic 1. So, the information entropy E may be expressed as:

(13) $\begin{matrix} E = - {.Math.}_{r = 0}^{1} p (r) \log_{2} p (r) & (2) \end{matrix}$

(14) In formula (2), p(r=0) and p(r=1) respectively represent the probability of logic 0 and the probability of logic 1 of an output. When and only when p(r=0)=p(r=1)=0.5, E=1. To further study the influence of random processing on output responses, Monte Carlo emulation is performed 50 times under a voltage of 0.7V to simulate random process deviations of 50 32-bit RISC-V processors, and output responses of 50 software PUFs are recorded. Wherein, the entropy distribution of the output responses of the 50 software PUFs is shown in FIG. 2. It can be known by analyzing FIG. 2 that the information entropy of the output response of the software PUFs is greater than 0.97, which indicates that the output responses of the software PUF of the invention have extremely good randomness. The proportion of logic 0 and the proportion of logic 1 in the output responses are 50.41% and 49.59% respectively, and the corresponding randomness is 99.18%, which is close to the ideal value 100%, indicating that there is no obvious logic bias.

(15) The uniqueness refers to the capacity to obtain process deviations of the PUF and is used to identify the difference between different software PUFs. The uniqueness of the software PUF of the invention is evaluated by calculating the Hamming distance (HD) between output responses of different PUFs of the same type. The uniqueness represents the average inter-chip HD of K different software PUFs, and may be expressed as:

(16) $\begin{matrix} Uniqueness = \frac{2}{k (k - 1)} {.Math.}_{i = 1}^{k - 1} {.Math.}_{j = i + 1}^{k} \frac{H D (r_{i}, r_{j})}{n} ? 1 0 0 % & (3) \end{matrix}$

(17) In formula (3), k is the number of the software PUFs, R.sub.i and R.sub.j are the output response of the i.sup.th software PUF and the output response of the j.sup.th software PUF, and HD(R.sub.i, R.sub.j) is the HD between the i.sup.th software PUF and the j.sup.th software PUF. By calculation according to formula (3), the uniqueness of the output responses of the software PUFs is 50.1%, which is close to the ideal value 50%, indicating that data of the software PUFs is completely free of biases. As can be seen from FIG. 3 which illustrates the statistical histogram (including the fitting curve) of the average HD of the software PUF of the invention, the HD distribution of output responses obtained by 6,000 times of Monte Carlo emulation is a normal distribution meeting the mathematical expectation ?=0.5010 and the standard difference ?=0.093.

(18) The security means that it is hardly possible for an attacker to predict PUF responses corresponding to new challenges by means of previous CRPs or CRPs of other PUFs. Generally, the security of the software PUF of the invention is evaluated with the NIST SP800-22 test suite and the auto-correlation test.

(19) 1. NIST test: the NIST statistical test suite is used to evaluate the randomness of encryption applications and pseudo-random numbers. 51,200 random response sequences generated by a test chip are used as inputs of NIST, and these inputs are divided into 50 individual bit streams and are subjected to different NIST tests. Table 1 shows the results of the output responses of the software PUF tested with NIST. The P values of the generated bit streams are all greater than 0.01, and the sequences pass all the tests. Specific test data is shown in Table 1.

(20) TABLE-US-00001 TABLE 1 NIST Test NIST Test Name Stream Run No. P value Pass Frequency 1024 50 0.3815 100 Block 1024 50 0.9782 100 Frequency Runs 1024 50 0.4301 100 Rank 1024 50 0.3018 100 Longest Runs 1024 50 0.5241 100 FFT 1024 50 0.7439 100 Cumulative 1024 50 0.5864 100 Sums Non-overlapping 1024 50 0.7921 100 Overlapping 1024 50 0.4276 100 Template Serial 1024 50 0.1254 100 Approximate 1024 50 0.4393 100 Entropy

(21) 2. Auto-correlation test: the auto-correlation test describes the degree of correlation between a current value and a previous value of the random response sequences to determine whether the tested PUF can generate independent numbers with the same distribution in the sequences. The software PUF of the invention is tested by evaluating the auto-correlation of a 4500-bit output response of the software PUF. The auto-correlation result of the output response of the software PUF is shown in FIG. 4. In FIG. 4, the auto-correlation test value is 0, indicating that the generated response sequence has no spatial correlation. The test result shows that, within a 95% confidence interval, the auto-correlation test value of the software PUF is 0.022, which is close to the ideal value 0.

(22) System noise and changes of supply voltage and temperature will lead to a decline of the stability of the PUF. To evaluate the effectiveness of the frequency compensation method of the invention, the error rate of output response data of 50 software PUFs calibrated with the frequency compensation method and the error rate of output response data of 50 software PUFs not calibrated with the frequency compensation method under different voltages are tested. The error rates of the software PUF under different supply voltages are shown in FIG. 5. In FIG. 5, under a nominal condition (0.7V and 20? C.), the maximum error rate of the software PUFs not calibrated with the frequency compensation method is 28%, and the maximum error rate of the software PUFs calibrated with the frequency compensation method is 16%, indicating that the error rate is decreased by 1.75 times through the frequency compensation method of the invention. To evaluate the reliability of the software PUF under different temperatures before and after calibration, the software PUF of the invention is tested within a large temperature range. The error rate of the software PUF of the invention under different temperatures is shown in FIG. 6. As can be known by analyzing FIG. 6, within a temperature range from ?20? C. to 100? C., the maximum error rate before calibration is 27%, the minimum error rate is decreased to 17% after frequency compensation, providing that the frequency compensation method of the invention is effective.

Software PUF based on RISC-V processor for IoT security

Assignee

Inventors

Cpc classification

Classification Explorer

G09C1/00

PHYSICS

Classification Explorer

H04L2209/12

ELECTRICITY

Classification Explorer

H04L2209/08

ELECTRICITY

Classification Explorer

G06F21/73

PHYSICS

Classification Explorer

H04L2209/26

ELECTRICITY

Classification Explorer

G06F21/566

PHYSICS

Classification Explorer

H04L9/002

ELECTRICITY

Classification Explorer

H04L9/3278

ELECTRICITY

Classification Explorer

G06F2221/034

PHYSICS

Classification Explorer

G06F21/577

PHYSICS

International classification

Classification Explorer

H04L9/32

ELECTRICITY

Abstract

Claims

Description