物联网中移动节点抗克隆攻击的UC安全认证协议

物联网中的感知网一般由计算、通信和存储能力极差的感知节点通过移动节点和静态节点相结合的方式构成,以采集信息;而传输网通常利用现有互联网的基础设施,提供强大的计算、通信和存储服务。为了满足物联网中移动节点漫游时实施接入认证的访问控制要求,同时兼顾实际应用中可行性与移动节点轻量级、抗物理克隆攻击等的安全性需求,基于物理不可克隆函数(Physical Unclonable Function,PUF),提出了移动节点抗克隆攻击的UC(Universally Composable)安全认证协议,其可实现移动节点漫游到其他区域时与接入基站之间的双向认证与密钥交换过程。分析表明,所提出的协议在UC安全模型下是可证明安全的。     

Implementation and characterization of flash-based hardware security primitives for cryptographic key generation

Hardware security primitives, also known as physical unclonable functions (PUFs), perform innovative roles to extract the randomness unique to specific hardware. This paper proposes a novel hardware security primitive using a commercial off-the-shelf flash memory chip that is an intrinsic part of most commercial Internet of Things (IoT) devices. First, we define a hardware security source model to describe a hardware-based fixed random bit generator for use in security applications, such as cryptographic key generation. Then, we propose a hardware security primitive with flash memory by exploiting the variability of tunneling electrons in the floating gate. In accordance with the requirements for robustness against the environment, timing variations, and random errors, we developed an adaptive extraction algorithm for the flash PUF. Experimental results show that the proposed flash PUF successfully generates a fixed random response, where the uniqueness is 49.1%, steadiness is 3.8%, uniformity is 50.2%, and min-entropy per bit is 0.87. Thus, our approach can be applied to security applications with reliability and satisfy high-entropy requirements, such as cryptographic key generation for IoT devices.     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

PUF‐based solutions for secure communications in Advanced Metering Infrastructure (AMI)

Advanced metering infrastructure (AMI) provides 2‐way communications between the utility and the smart meters. Developing authenticated key exchange (AKE) and broadcast authentication (BA) protocols is essential to provide secure communications in AMI. The security of all existing cryptographic protocols is based on the assumption that secret information is stored in the nonvolatile memories. In the AMI, the attackers can obtain some or all of the stored secret information from memories by a great variety of inexpensive and fast side‐channel attacks. Thus, all existing AKE and BA protocols are no longer secure. In this paper, we investigate how to develop secure AKE and BA protocols in the presence of memory attacks. As a solution, we propose to embed a physical unclonable function (PUF) in each party, which generates the secret values as required without the need to store them. By combining PUFs and 2 well‐known and secure protocols, we propose PUF‐based AKE and BA protocols. We show that our proposed protocols are memory leakage resilient. In addition, we prove their security in the standard model. Performance analysis of both protocols shows their efficiency for AMI applications. The proposed protocols can be easily implemented.     

基于仲裁器PUF的SRAM FPGA防克隆技术设计与实现

为保护电子设备中使用的静态随机存储器(SRAM)型现场可编程门阵列(FPGA)内部电路设计不被窃取,设计了用于SRAM FPGA的防克隆电路.该电路利用FPGA制造过程中的随机误差,提取每块芯片独一无二的ID.在此ID的控制下,被保护电路只能在指定的FPGA中正常运行,而在未指定的FPGA中运行时,无法产生正确的输出,从而达到防克隆目的.防克隆电路由使用仲裁器的物理不可克隆函数(PUF)、多数表决器、运算门阵列等三部分构成,其中仲裁器PUF电路用于提取ID,多数表决器起到提高输出稳定性的作用.最后在FPGA开发平台上证明了该电路的可行性.     

基于对抗学习的强PUF安全结构研究

针对强物理不可复制函数（PUF，physical unclonable function）面临的机器学习建模威胁，基于对抗学习理论建立了强PUF的对抗机器学习模型，在模型框架下，通过对梯度下降算法训练过程的分析，明确了延迟向量权重与模型预测准确率之间的潜在联系，设计了一种基于延迟向量权重的对抗样本生成策略。该策略与传统的组合策略相比，将逻辑回归等算法的预测准确率降低了5.4%~9.5%，低至51.4%。结合资源占用量要求，设计了新策略对应的电路结构，并利用对称设计和复杂策略等方法对其进行安全加固，形成了ALPUF（adversarial learning PUF）安全结构。ALPUF不仅将机器学习建模的预测准确率降低至随机预测水平，而且能够抵御混合攻击和暴力破解。与其他 PUF结构的对比表明，ALPUF在资源占用量和安全性上均具有明显优势。     

一步法制备聚脲甲醛包覆反应性乙烯基硅油微胶囊

以聚脲甲醛(PUF)为囊壁,乙烯基硅油为囊芯,采用原位聚合"一步法"成功制备出具有自修复功能且粒径均匀的新型PUF包覆乙烯基硅油微胶囊。研究了分散剂/表面活性剂种类及用量、m(囊芯)∶m(囊壁)比例对微胶囊物理性能的影响,并通过扫描电镜(SEM)、金相显微镜、激光粒度分析仪和红外光谱(FT-IR)法等对微胶囊的形貌、粒径大小等进行了研究。结果表明:选用较高浓度的聚乙烯醇(PVA1799)作为分散剂时,有利于微胶囊的形成;当w(PVA1799)=3.00%(相对于体系总质量而言)、m(囊芯)∶m(囊壁)=2.8∶1.0时,在1500r/min条件下,可制备出平均粒径小于20μm且粒径分布较均匀的理想微胶囊。     

13C-NMR analysis of phenol-urea-formaldehyde prepolymers and phenol-urea-formaldehyde-tannin adhesives

Phenol-urea-formaldehyde-tannin (PUFT) adhesives were prepared by co-polymerization of Pinus pinaster bark tannins with phenol-urea-formaldehyde (PUF) prepolymers at room temperature. A detailed analysis by ¹³C-NMR spectroscopy of the resins together with an evaluation of their properties was performed in order to find suitable preparation conditions for prepolymers prior to their co-polymerization with tannins. ¹³C-NMR spectroscopy allowed identification of the different linkages formed and quantification of the main functional groups in the PUF prepolymers, which were greatly influenced by the preparation conditions. The decrease in the free formaldehyde content in the PUFT adhesives with respect to the original prepolymers was attributed to tannin methylolation at room temperature. The fast increase in the apparent viscosity of the PUFT adhesives after the blending suggested the possibility of a co-polymerization reaction between tannins and the PUF prepolymers; however, the occurrence of this reaction could not be confirmed by ¹³C-NMR.     

苯酚/尿素/甲醛(PUF)树脂的研究进展

苯酚/尿素/甲醛(PUF)共缩聚树脂是一种新型的木材用胶粘剂,其固化特性和耐热特性与酚醛树脂(PF)十分相似,但生产成本明显降低。对PUF共缩聚树脂的合成方法、反应机理、固化特性和影响因素等研究进展进行了综述。     

PUFPass: A password management mechanism based on software/hardware codesign

Secure passwords need high entropy, but are difficult for users to remember. Password managers minimize the memory burden by storing site passwords locally or generating secure site passwords from a master password through hashing or key stretching. Unfortunately, they are threatened by the single point of failure introduced by the master password which is vulnerable to various attacks such as offline attack and shoulder surfing attack. To handle these issues, this paper proposes the PUFPass, a secure password management mechanism based on software/hardware codesign. By introducing the hardware primitive, Physical Unclonable Function (PUF), into PUFPass, the random physical disorder is exploited to strengthen site passwords. An illustration of PUFPass in the Android operating system is given. PUFPass is evaluated from aspects of both security and preliminary usability. The security of the passwords is evaluated using a compound heuristic algorithm based PUF attack software and an open source password cracking software, respectively. Finally, PUFPass is compared with other password management mechanisms using the Usability-Deployability-Security (UDS) framework. The results show that PUFPass has great advantages in security while maintaining most benefits in usability.