PUFPass: A password management mechanism based on software/hardware codesign

Secure passwords need high entropy, but are difficult for users to remember. Password managers minimize the memory burden by storing site passwords locally or generating secure site passwords from a master password through hashing or key stretching. Unfortunately, they are threatened by the single point of failure introduced by the master password which is vulnerable to various attacks such as offline attack and shoulder surfing attack. To handle these issues, this paper proposes the PUFPass, a secure password management mechanism based on software/hardware codesign. By introducing the hardware primitive, Physical Unclonable Function (PUF), into PUFPass, the random physical disorder is exploited to strengthen site passwords. An illustration of PUFPass in the Android operating system is given. PUFPass is evaluated from aspects of both security and preliminary usability. The security of the passwords is evaluated using a compound heuristic algorithm based PUF attack software and an open source password cracking software, respectively. Finally, PUFPass is compared with other password management mechanisms using the Usability-Deployability-Security (UDS) framework. The results show that PUFPass has great advantages in security while maintaining most benefits in usability.     

基于对抗学习的强PUF安全结构研究

针对强物理不可复制函数（PUF，physical unclonable function）面临的机器学习建模威胁，基于对抗学习理论建立了强PUF的对抗机器学习模型，在模型框架下，通过对梯度下降算法训练过程的分析，明确了延迟向量权重与模型预测准确率之间的潜在联系，设计了一种基于延迟向量权重的对抗样本生成策略。该策略与传统的组合策略相比，将逻辑回归等算法的预测准确率降低了5.4%~9.5%，低至51.4%。结合资源占用量要求，设计了新策略对应的电路结构，并利用对称设计和复杂策略等方法对其进行安全加固，形成了ALPUF（adversarial learning PUF）安全结构。ALPUF不仅将机器学习建模的预测准确率降低至随机预测水平，而且能够抵御混合攻击和暴力破解。与其他 PUF结构的对比表明，ALPUF在资源占用量和安全性上均具有明显优势。     

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.     

基于仲裁器PUF的SRAM FPGA防克隆技术设计与实现

为保护电子设备中使用的静态随机存储器(SRAM)型现场可编程门阵列(FPGA)内部电路设计不被窃取,设计了用于SRAM FPGA的防克隆电路.该电路利用FPGA制造过程中的随机误差,提取每块芯片独一无二的ID.在此ID的控制下,被保护电路只能在指定的FPGA中正常运行,而在未指定的FPGA中运行时,无法产生正确的输出,从而达到防克隆目的.防克隆电路由使用仲裁器的物理不可克隆函数(PUF)、多数表决器、运算门阵列等三部分构成,其中仲裁器PUF电路用于提取ID,多数表决器起到提高输出稳定性的作用.最后在FPGA开发平台上证明了该电路的可行性.     

13C-NMR analysis of phenol-urea-formaldehyde prepolymers and phenol-urea-formaldehyde-tannin adhesives

Phenol-urea-formaldehyde-tannin (PUFT) adhesives were prepared by co-polymerization of Pinus pinaster bark tannins with phenol-urea-formaldehyde (PUF) prepolymers at room temperature. A detailed analysis by ¹³C-NMR spectroscopy of the resins together with an evaluation of their properties was performed in order to find suitable preparation conditions for prepolymers prior to their co-polymerization with tannins. ¹³C-NMR spectroscopy allowed identification of the different linkages formed and quantification of the main functional groups in the PUF prepolymers, which were greatly influenced by the preparation conditions. The decrease in the free formaldehyde content in the PUFT adhesives with respect to the original prepolymers was attributed to tannin methylolation at room temperature. The fast increase in the apparent viscosity of the PUFT adhesives after the blending suggested the possibility of a co-polymerization reaction between tannins and the PUF prepolymers; however, the occurrence of this reaction could not be confirmed by ¹³C-NMR.     

一种基于不可复制功能的RFID认证协议的安全性分析

基于不可复制功能(PUF)的射频识别(RFID)认证协议是近年来的研究热点。2011年,Bassil等在ITST国际会议上提出了一种新的基于PUF的RFID认证协议(BASSIL R, EL-BEAINO W, KAYSSI A, et al. A PUF-based ultra-lightweight mutual-authentication RFID protocol [C]// 2011 International Conference on Internet Technology and Secured Transactions. Piscataway: IEEE, 2011: 495-499)。分析了该认证协议的安全性,通过假设敌手参与协议,指出其不能抵抗密钥泄露攻击、跟踪攻击,也不能抵抗阅读器冒充攻击以及同步破坏攻击;同时描述了这些攻击的细节,并给出了它们的成功概率和计算复杂度。     

多频率段物理不可克隆函数

物理不可克隆函数(Physical Unclonable Functions, PUF)是一种用于保护集成电路芯片安全的新方法。传统的基于振荡器的PUF在产生响应过程中振荡器的振荡频率固定不变,因此存在着被攻击的隐患。该文提出一种新的利用多频率段的PUF(Multiple Frequency Slots based PUF, MFS-PUF)来解决这个问题,通过可配置的振荡器,每产生一位响应,振荡器的振荡频率便发生转移。在每一种振荡频率下,由于不可避免地制造差异,振荡器之间的频率会有微小差别,这些略有差异的频率组成了一个频率段(frequency slot),整个系统中则存在着多个频率段。各个频率段之间随机转变,相比于传统的基于振荡器的PUF,系统输入输出响应对(Challenge-Response Pairs, CRPs)的值更大,也更加不可预测,这使得攻击者使用建模攻击的复杂度大大增加,在保证了自身性能的同时增强了本身的安全性。     

物联网中移动节点抗克隆攻击的UC安全认证协议

物联网中的感知网一般由计算、通信和存储能力极差的感知节点通过移动节点和静态节点相结合的方式构成,以采集信息;而传输网通常利用现有互联网的基础设施,提供强大的计算、通信和存储服务。为了满足物联网中移动节点漫游时实施接入认证的访问控制要求,同时兼顾实际应用中可行性与移动节点轻量级、抗物理克隆攻击等的安全性需求,基于物理不可克隆函数(Physical Unclonable Function,PUF),提出了移动节点抗克隆攻击的UC(Universally Composable)安全认证协议,其可实现移动节点漫游到其他区域时与接入基站之间的双向认证与密钥交换过程。分析表明,所提出的协议在UC安全模型下是可证明安全的。     

苯酚/尿素/甲醛(PUF)树脂的研究进展

苯酚/尿素/甲醛(PUF)共缩聚树脂是一种新型的木材用胶粘剂,其固化特性和耐热特性与酚醛树脂(PF)十分相似,但生产成本明显降低。对PUF共缩聚树脂的合成方法、反应机理、固化特性和影响因素等研究进展进行了综述。     

PUF-Based Key Distribution in Wireless Sensor Networks

Physical Unclonable Functions (PUFs) can be seen as kind of hardware oneway functions, who are easily fabricated but difficult to clone, duplicate or predict. Therefore, PUFs with unclonable and unpredictable properties are welcome to be applied in designing lightweight cryptography protocols. In this paper, a Basic Key Distribution Scheme (Basic-KDS) based on PUFs is firstly proposed. Then, by employing different deployment modes, a Random Deployment Key Distribution Scheme (RD-KDS) and a Grouping Deployment Key Distribution Scheme (GD-KDS) are further proposed based on the Basic-KDS for large scale wireless sensor networks. In our proposals, a sensor is not pre-distributed with any keys but will generate one by the embedded PUF when receiving a challenge from the gateway, which provides perfect resilience against sensor capture attacks. Besides, the unclonable and unpredictable properties of PUF guarantee the key uniqueness and two-way authentication. Analysis and experiment results show that our proposals have better performances in improving the resilience, secureconnectivity, and efficiency as compared to other schemes.