CN113206741B - Anti-machine learning security authentication method and device based on strong PUF - Google Patents
Anti-machine learning security authentication method and device based on strong PUF Download PDFInfo
- Publication number
- CN113206741B CN113206741B CN202110317286.6A CN202110317286A CN113206741B CN 113206741 B CN113206741 B CN 113206741B CN 202110317286 A CN202110317286 A CN 202110317286A CN 113206741 B CN113206741 B CN 113206741B
- Authority
- CN
- China
- Prior art keywords
- polynomial
- server
- strong puf
- puf
- response
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 56
- 238000010801 machine learning Methods 0.000 title claims abstract description 35
- 230000004044 response Effects 0.000 claims abstract description 75
- 238000013178 mathematical model Methods 0.000 claims abstract description 56
- 230000005284 excitation Effects 0.000 claims abstract description 52
- 238000007781 pre-processing Methods 0.000 claims abstract description 11
- 238000013215 result calculation Methods 0.000 claims description 12
- 238000011156 evaluation Methods 0.000 claims description 9
- 239000011159 matrix material Substances 0.000 claims description 7
- 238000004364 calculation method Methods 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 claims description 3
- 230000009977 dual effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 description 16
- 238000004422 calculation algorithm Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 238000013499 data model Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000011664 signaling Effects 0.000 description 4
- 230000002457 bidirectional effect Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 3
- 238000011160 research Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000013507 mapping Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 238000009795 derivation Methods 0.000 description 1
- 230000008030 elimination Effects 0.000 description 1
- 238000003379 elimination reaction Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000000873 masking effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012549 training Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of information security, and provides a strong PUF-based machine learning resistant security authentication method and device. The device side generates a response of the k-dimensional strong PUF according to the obtained random excitation group; the response of the strong PUF is imported into a t-order random polynomial to obtain k polynomial results; wherein k and t are both natural numbers, and k > -t; the device side sends k polynomial results and polynomial coefficients to a server after preprocessing; the server calculates the mathematical model response of the k-dimensional strong PUF according to the mathematical model of the strong PUF and the random excitation group; combining the mathematical model response of the strong PUF and the obtained k polynomial results to reversely deduce a polynomial coefficient; and when the inverse-deducing polynomial coefficient is verified to be consistent with the acquired corresponding content after the same pretreatment, the server authentication result is successful. The method hides the information of the strong PUF into the polynomial point set, so that an attacker cannot implement machine learning attack and has better safety.
Description
[ technical field ] A method for producing a semiconductor device
The invention relates to the technical field of information security, in particular to a strong PUF-based machine learning resistant security authentication method and device.
[ background of the invention ]
In the field of internet of things, the existing key storage and security authentication mechanism based on NVM (Non-volatile memory) has potential safety hazard and cannot resist the threat of numerous physical attacks. Physical Unclonable Functions (PUF) have the characteristics of light weight and high safety, can effectively solve the problems, and have important application in the field of hardware safety. At present, a plurality of manufacturers including Intel, ARM and Samsung all carry out layout in the field of PUF, and realize industrial application in a plurality of product fields such as SoC, FPGA and the like. Domestic PUFs with completely independent intellectual property rights are less in application, and related products are mostly in an exploration research stage at present.
In view of the above, overcoming the drawbacks of the prior art is an urgent problem in the art.
[ summary of the invention ]
The technical problem to be solved by the invention is that the machine learning attack can implement modeling attack on CRPs based on the obtained excitation response, and destroy the safety of the authentication system. The strong PUF is vulnerable to machine learning attack, and an attacker can complete PUF modeling based on the exposed PUF information so as to threaten the safety of the authentication system; the traditional scheme mostly resists attacks by covering mapping relations between stimuli and responses, but researches show that improved machine learning attacks can still realize modeling.
The invention adopts the following technical scheme:
in a first aspect, the present invention provides a strong PUF-based anti-machine learning security authentication method, where a server stores a mathematical model of a strong PUF, and the mathematical model of the strong PUF is generated according to the strong PUF at a device, and the authentication method includes:
the server generates a k-dimensional random excitation group and sends the generated random excitation group to the equipment end;
the device side generates a response of the k-dimensional strong PUF according to the obtained random excitation group; the response of the strong PUF is imported into a t-order random polynomial to obtain k polynomial results; wherein k and t are both natural numbers, and k > -t;
the device side sends the k polynomial results and the polynomial coefficients to a server after preprocessing;
the server calculates the mathematical model response of the k-dimensional strong PUF according to the mathematical model of the strong PUF and the random excitation group; combining the mathematical model response of the strong PUF and the obtained k polynomial results to reversely deduce a polynomial coefficient; and when the reverse-deducing polynomial coefficient is verified to be consistent with the acquired corresponding content after the same pretreatment, the server authentication result is successful.
Preferably, the method further comprises:
the server sends one or more of the back-derived polynomial coefficients to the equipment end;
and the equipment terminal verifies that the obtained polynomial coefficient reversely pushed out by the server is consistent with the locally generated polynomial coefficient of the t-order random polynomial, and the authentication result of the client terminal is successful.
Preferably, the mathematical model of the strong PUF is generated from the strong PUF at the device end, and specifically includes:
server generates random incentive group CaiThe random excitation group CaiSending the data to an equipment end; wherein i is a natural number;
the equipment end obtains the random excitation group Ca from the serveriGenerating a response of the corresponding strong PUF, and feeding back the response of the strong PUF to the server;
server side based on generated random excitation group CaiAnd the response of the strong PUF trains a mathematical model of the strong PUF;
repeating the above to generate the random excitation group CaiAnd storing the mathematical model of the strong PUF meeting the preset threshold delta until the precision of the trained mathematical model of the strong PUF is more than or equal to the preset threshold delta.
Preferably, the pretreatment comprises:
combining the polynomial coefficients and then performing hash calculation to obtain a result value; or,
the server and the equipment terminal determine the positions and the number g of the coefficients in the polynomial to be verified in advance, and the preprocessing is to extract the coefficients of the corresponding positions and the number from the polynomial coefficients.
Preferably, the server generates a k-dimensional random excitation group, specifically including:
the server generates a k-dimensional random excitation set Ca ═ a using a random number generator1,a2,...,akSending the data to an equipment end;
a strong PUF mathematical model of the server generates corresponding k responses Ra based on the generated excitation prediction1,Ra2,...,Rak(ii) a Based on the received random stimulus Ca, the strong PUF at the device end generates a corresponding response
Preferably, the order-t random polynomial is specifically: the device randomly generates a t-order polynomial f (x) a based on a random number generator0+a1x+…+atxt;
Then, the response of the strong PUF is imported into a t-order random polynomial to obtain k polynomial results, which specifically is:
response generated by strong PUF
Respectively substituting into the t-order polynomials to generate points on k polynomials f (x)
The device side sends the k polynomial results and polynomial coefficients to a server after preprocessing, specifically:
the longitudinal coordinate value of the point set
And a hash operation a1、a2、…、atThe result value obtained from one or more of them is sent to the server.
Preferably, the reversely deriving the polynomial coefficient by combining the mathematical model response of the strong PUF and the obtained k polynomial results specifically includes:
the server back-derives the polynomial coefficients by solving the vandermonde matrix shown below
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1); said y1,y2,…,yt+1Respectively correspond to
The term of (1).
In a second aspect, the present invention further provides a strong PUF-based machine learning resistant security authentication device, which includes a strong PUF module, a serial-parallel conversion module, a control module, a dual-port RAM, a random generator, a polynomial evaluation module, and a hash module, wherein the strong PUF module and the serial-parallel conversion module are coupled to the dual-port RAM after being connected in series, the random generator is respectively connected to the polynomial evaluation module and the hash module, the polynomial evaluation module is further connected to the dual-port RAM, an output end of the hash module is further connected to the control module, and the control module is configured to control data gating between the related group module and the dual-port RAM, specifically:
the device receives a random excitation group Ca from the server;
the strong PUF module sequentially generates corresponding response groups according to the received random excitation group Ca
The initialization of the dual-port RAM is completed;
the addresses of the dual-port RAM are stored with a plurality of groups of response groups; the random generator generates a random number as a polynomial coefficient, and inputs the polynomial coefficient into the polynomial dereferencing module;
from address addr _ k-1 to addr _0 in the dual port RAM; and (4) performing polynomial result calculation on a response group stored in each address addr, and outputting the polynomial result calculation content to an authentication server to realize the safety authentication of the server side.
Preferably, the outputting the polynomial result calculation content to an authentication server to implement server-side security authentication specifically includes:
splicing the polynomial coefficients, solving a hash value, and outputting the hash value and the polynomial result calculation content to a server;
the server calculates the mathematical model response of the strong PUF according to the mathematical model of the strong PUF and the random excitation group Ca; combining the mathematical model response of the strong PUF and the obtained polynomial result to reversely deduce a polynomial coefficient; and when the polynomial coefficients are verified and reversely deduced for splicing, and the obtained hash value is consistent with the obtained hash value after the hash value is solved, the server authentication result is successful.
Preferably, the inverse derivation of the polynomial coefficient by combining the mathematical model response of the strong PUF and the obtained polynomial result specifically includes:
the server back-derives the polynomial coefficients by solving the vandermonde matrix shown below
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1); said y1,y2,…,yt+1Respectively correspond to
The term of (1).
The method is based on the algorithm thought of polynomial reconstruction, constructs a security authentication mechanism based on the strong PUF, and has universality; the method hides the information of the strong PUF into the polynomial point set, so that an attacker cannot implement machine learning attack and has better safety.
[ description of the drawings ]
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below. It is obvious that the drawings described below are only some embodiments of the invention, and that for a person skilled in the art, other drawings can be derived from them without inventive effort.
Fig. 1 is a schematic flowchart of a strong PUF-based anti-machine learning security authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a strong PUF-based anti-machine learning security authentication method according to an embodiment of the present invention;
fig. 3 is a schematic flowchart of a strong PUF-based anti-machine learning security authentication method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a strong PUF-based anti-machine learning security authentication device according to an embodiment of the present invention;
fig. 5 is a signaling diagram of a strong PUF-based anti-machine learning security authentication method according to an embodiment of the present invention;
fig. 6 is a schematic flowchart of a strong PUF-based anti-machine learning security authentication method according to an embodiment of the present invention;
fig. 7 is a signaling diagram of a strong PUF-based anti-machine learning security authentication method according to an embodiment of the present invention.
[ detailed description ] embodiments
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In the description of the present invention, the terms "inner", "outer", "longitudinal", "lateral", "upper", "lower", "top", "bottom", and the like indicate orientations or positional relationships based on those shown in the drawings, and are for convenience only to describe the present invention without requiring the present invention to be necessarily constructed and operated in a specific orientation, and thus should not be construed as limiting the present invention.
The existing security authentication protocol based on the strong PUF mostly supports the security authentication based on the model: in the registration stage, the server completes strong PUF model training at the equipment end based on the obtained excitation Response Pairs (CRPs); and a certification phase, wherein the security certification based on the CRPs is implemented based on the PUF model.
The existing strong PUF-based security authentication protocol has the advantages that: the server only needs to safely store the mathematical model of the strong PUF, and does not need to store a large number of CRPs; the server may enforce security authentication based on the behavior of the strong PUF model, not just the stored CRPs themselves.
Therefore, the machine learning attack can implement modeling attack based on the acquired CRPs, and destroy the security of the authentication system. The strong PUF is vulnerable to machine learning attack, and an attacker can complete PUF modeling based on the exposed PUF information so as to threaten the safety of the authentication system; the traditional scheme mostly resists attacks by masking mapping relations between stimuli and responses, however, research of the inventor shows that improved machine learning attacks can still realize modeling.
Further, the existing scheme uses a complex encryption algorithm for PUF-based security authentication, which is difficult to apply to lightweight devices. The PUF has reliability problem in application, and how to deal with the problem by a lightweight method in the authentication process is a core problem to be solved in PUF application.
In addition, the technical features involved in the embodiments of the present invention described below may be combined with each other as long as they do not conflict with each other.
Example 1:
an embodiment 1 of the present invention provides a strong PUF-based anti-machine learning security authentication method, where a server stores a mathematical model of a strong PUF, and the mathematical model of the strong PUF is generated according to the strong PUF of a device, as shown in fig. 1, the authentication method includes:
in step 201, the server generates a random excitation group in k dimensions, and transmits the generated random excitation group to the device side.
In step 202, the device generates a response of a strong PUF in the k dimension according to the obtained random excitation group; the response of the strong PUF is imported into a t-order random polynomial to obtain k polynomial results; wherein k and t are both natural numbers, and k > -t.
The distance difference between k and t determines the fault tolerance characteristic (i.e. the success rate of authentication can be improved), because more combinations can be selected from the k polynomial results for calculation, thereby overcoming the problem that the responses of the k-dimensional strong PUF are different due to noise in actual situations.
In each authentication process, the polynomial at the device side is randomly generated. The randomly generated polynomial is similar to a Nonce in a general authentication protocol, so as to support bidirectional authentication and resist replay attack, and further improve the security of the strong PUF in authentication.
In step 203, the device side sends the k polynomial results and polynomial coefficients to the server after preprocessing.
In step 204, the server calculates the mathematical model response of the k-dimensional strong PUF according to the mathematical model of the strong PUF and the random excitation group; combining the mathematical model response of the strong PUF and the obtained k polynomial results to reversely deduce a polynomial coefficient; and when the reverse-deducing polynomial coefficient is verified to be consistent with the acquired corresponding content after the same pretreatment, the server authentication result is successful.
The pretreatment includes at least the following two modes.
The first method is as follows:
combining the polynomial coefficients and then performing hash calculation to obtain a result value; for a server with a correct strong PUF model, the response of Ca, i.e. the x value of the point set, can be predicted by the strong PUF model, so as to reconstruct the polynomial. For low cost devices, the hash operation can be replaced by a lightweight hash function such as Skinny. The security level of the hash may then be selected according to the security requirements. It should be noted that it is not necessary to hash all polynomial coefficients and send them to the server. The system may be dynamically selected based on security requirements.
The second method comprises the following steps:
the server and the equipment terminal predetermine the positions and the number h of the coefficients in the polynomial to be verified, and the preprocessing is to extract the coefficients of the corresponding positions and the number h from the polynomial coefficients.
The method is based on the algorithm thought of polynomial reconstruction, constructs a security authentication mechanism based on the strong PUF, and has universality; the method hides the information of the strong PUF into the polynomial point set, so that an attacker cannot implement machine learning attack and has better safety. The invention has natural fault-tolerant characteristic and can deal with the reliability problem of the PUF to a certain extent.
If the embodiment of the present invention is to complete bidirectional authentication in the implementation process, a preferred extension scheme also exists in combination with the embodiment of the present invention, as shown in fig. 2, where the method further includes:
in step 205, the server sends one or more of the back-derived polynomial coefficients to the device side.
At this time, if the server and the device side in the preset manner determine the positions and the number h of the coefficients in the polynomial to be verified in advance, the preprocessing is to extract the coefficients of the corresponding positions and the number h from the polynomial coefficients, and here, the server sends g of the back-derived polynomial coefficients to the device side, and if the positions of the h coefficients and the g coefficients do not overlap, in order to ensure that an attacker cannot reconstruct the polynomial based on the acquired information, it is necessary to further report that h + g < t is satisfied.
In step 206, the device verifies that the obtained polynomial coefficient reversely pushed by the server is consistent with the locally generated polynomial coefficient of the t-order random polynomial, and the client authentication result is successful.
In a specific implementation manner of the present invention, the mathematical model of the strong PUF is generated according to the strong PUF at the device end, and a corresponding generation method is shown in fig. 3, and specifically includes:
in step 301, the server generates a random incentive group CaiThe random excitation group CaiSending the data to an equipment end; wherein i is a natural number.
In an alternative, the server randomly or sequentially generates a unique id of the device, which is stored in a non-volatile register (e.g., OTP, all known as One Time Programmable Storage) on the device side.
Here, random excitation group Ca with index i is usediIt is shown that, in order to be able to perform a connection in a feature expression with the recursive process in step 304, it is matched with the recursive process, and it can be understood that when step 301 is executed for the first time, the value of corresponding i is 1, that is, at this time, the server generates a random excitation group of Ca1After the step 304 is executed once, i.e. when the recursion is performed to the step 301 for the second time, the value of the corresponding i is changed from adding 1 to 2,that is, the server generates a random excitation group of Ca2And so on in turn; and jumping out of the recursion process of the corresponding step 301-303 until the precision of the mathematical model of the strong PUF trained in the step 304 is larger than or equal to the preset threshold value delta.
In step 302, the device end obtains the random excitation group Ca from the serveriAnd generating a response of the corresponding strong PUF, and feeding back the response of the strong PUF to the server.
In step 303, the server side bases on the generated random excitation group CaiAnd the response of the strong PUF trains a mathematical model of the strong PUF.
In step 304, the above-mentioned process of steps 301-303 is repeated until the precision of the mathematical model of the trained strong PUF is greater than or equal to the preset threshold δ, and the mathematical model of the strong PUF satisfying the preset threshold δ is stored.
In the modeling process of the data model of the strong PUF, the corresponding modeling manner includes, but is not limited to, one or more of LR, ES, DNN, approach, and attach.
Next, the above method procedures of the present invention are performed by using appropriate parameter values, for example, the server generates a k-dimensional random excitation group, which specifically includes:
the server generates a k-dimensional random excitation set Ca ═ a using a random number generator1,a2,...,akSending the data to an equipment end;
a strong PUF mathematical model of the server generates corresponding k responses Ra based on the generated excitation prediction1,Ra2,...,Rak(i.e. a strong PUF mathematical model response); based on the received random stimulus Ca, the strong PUF at the device end generates a corresponding response
(i.e. a strong PUF response).
Based on the parameter content displayed above, the method content related in the embodiment of the present invention is further perfected to be displayed, and the t-order random polynomial specifically includes: the device randomly generates a t-order polynomial f (x) a based on a random number generator0+a1x+…+atxt;
Then the response of the strong PUF is imported into a random polynomial of order t to obtain k polynomial results, specifically:
response generated by strong PUF
Respectively substituting into the t-order polynomials to generate points on k polynomials f (x)
The device randomly generates a polynomial by a random number generator to protect the response of the strong PUF, so that the excitation response pair CRPs are hidden in the authentication point set in the authentication process, and an attacker cannot implement deep learning attack.
Here, the coefficient a of the polynomial f (x)0,a1,…,akThe k polynomial results and the polynomial coefficients are sent to a server after being preprocessed by the equipment terminal, and the k polynomial results and the polynomial coefficients are specifically:
the longitudinal coordinate value of the point set
And a hash operation a0、a1、…、atThe result value obtained from one or more of them is sent to the server. For an attacker, since the response value corresponding to Ca, namely the abscissa value of the point set, cannot be obtained, only the publicly transmitted y value of the point set is relied on
Polynomial reconstruction cannot be done.
Further, the reversely deriving a polynomial coefficient by combining the mathematical model response of the strong PUF and the obtained k polynomial results specifically includes:
the server back-derives the polynomial coefficients by solving the vandermonde matrix shown below
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1); said y1,y2,…,yt+1Respectively correspond to
The term of (1). The specific mode can be sequential selection, and t +1 items can also be randomly selected.
Example 2:
the embodiment of the present invention further provides a strong PUF-based machine learning resistant security authentication device, which may be used to implement corresponding functions implemented by the device side in embodiment 1, as shown in fig. 4, the device includes a strong PUF module, a serial-to-parallel module, a control module, a dual-port RAM, a random generator, a polynomial evaluation module, and a hash module, where the strong PUF module and the serial-to-parallel module are coupled to the dual-port RAM after being connected in series, the random generator is respectively connected to the polynomial evaluation module and the hash module, the polynomial evaluation module is further connected to the dual-port RAM, an output end of the hash module is further connected to the control module, and the control module is configured to control data gating between the related group module and the dual-port RAM, specifically:
the device receives a random excitation group Ca from the server;
the strong PUF module sequentially generates corresponding response groups according to the received random excitation group Ca
The initialization of the dual-port RAM is completed;
the addresses of the dual-port RAM are stored with a plurality of groups of response groups; the random generator generates a random number as a polynomial coefficient, and inputs the polynomial coefficient into the polynomial dereferencing module;
from address addr _ k-1 to addr _0 in the dual port RAM; and (4) performing polynomial result calculation on a response group stored in each address addr, and outputting the polynomial result calculation content to an authentication server to realize the safety authentication of the server side.
In combination with the embodiment of the present invention, there is also a preferred implementation manner, where the outputting the polynomial result calculation content to the authentication server to implement the security authentication at the server side includes:
splicing the polynomial coefficients, solving a hash value, and outputting the hash value and the polynomial result calculation content to a server;
the server calculates the mathematical model response of the strong PUF according to the mathematical model of the strong PUF and the random excitation group Ca; combining the mathematical model response of the strong PUF and the obtained polynomial result to reversely deduce a polynomial coefficient; and when the polynomial coefficients are verified and reversely deduced for splicing, and the obtained hash value is consistent with the obtained hash value after the hash value is solved, the server authentication result is successful.
In combination with the embodiment of the present invention, there is also a preferred implementation manner, and in combination with the mathematical model response of the strong PUF and the obtained polynomial result, the back-deriving polynomial coefficients specifically includes:
the server back-derives the polynomial coefficients by solving the vandermonde matrix shown below
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1); said y1,y2,…,yt+1Respectively correspond to
The term of (1).
Example 3:
based on the method content set forth in embodiment 1 of the present invention, the embodiment of the present invention will set forth a specific implementation process of embodiment 1 of the present invention from a perspective of dividing the complete solution content into a registration phase and an authentication phase, with reference to example scene characteristics, as shown in a signaling diagram of the registration phase shown in fig. 5 and a signaling diagram of the authentication phase shown in fig. 7, in the embodiment of the present invention, a server and a device end are respectively described as an authentication server and an authentication device, and the following are set forth:
a registration stage:
the enrollment process only needs to complete the modeling of the strong PUF at the server side. This process is typically required to be performed in a secure environment (e.g., a local area network environment may be employed). The flow of the registration phase is shown in fig. 5 and 6:
in step 401, the authentication server randomly or sequentially generates a unique identity id of the authentication device, which is stored in a non-volatile register of the authentication device, e.g. an OTP.
In embodiment 2 and for relating to this step 401, however, as an alternative to the presence of this step 401, the security of the authentication server and the authentication device may be further improved, i.e. the verification of a duplicate identity id is added in the authentication phase.
In step 402, the authentication server generates a Random excitation group Ca using a Random Number Generator (TRNG) and transmits it to the authentication device.
In step 403, the strong PUF of the authentication device generates a corresponding response Ra based on the stimulus originating from the authentication server and feeds back to the authentication server.
In step 404, the authentication server trains the data model of the strong PUF based on the generated CRPs.
In step 405, the above process of step 402-404 is repeated until the precision of the data model of the strong PUF being trained is greater than or equal to the threshold δ.
In step 406, the authentication server securely stores the generated data model of the strong PUF
The above process requires that a strong PUF of the authentication device can be accurately modeled. A number of well-studied strong PUF circuits, such as apdu, meet the above requirements. A variety of machine learning algorithms exist that can be applied to strong PUF modeling including, but not limited to, LR, ES, DNN, approach attack, and the like.
Authentication phase
The authentication phase is performed in a working environment, and an attacker can physically contact the equipment end and steal information in an untrusted channel. The flow of the authentication phase is shown in fig. 7:
in step 501, the authentication protocol is initiated by the authentication server, and the authentication device first sends the id stored in the OTP to the authentication server, which starts the authentication process if the id exists in the authentication server database.
In step 502, the server generates an incentive group Ca ═ { Ca using TRNG1,Ca2,...,CakAnd sending the data to the equipment side. Ca contains q × k excitations. At the same time, a mathematical model of a strong PUF
Generating corresponding k q-bit response groups Ra based on the generated excitation prediction1,Ra2,...,Rak. Based on the received stimulus, the strong PUF of the authentication device generates a corresponding response
In step 503, the authentication device randomly generates a random polynomial f (x) a of order t based on TRNG0+a1x+…+atxtWill have a strong PUF generated response
The evaluation is performed on a polynomial of the formula,thereby generating points on k polynomials f (x):
here, the coefficient a of the polynomial f (x)0、a1、…、atAnd the information is regarded as secret information and is shared to the server side through the point set. The longitudinal coordinate value of the point set
And hash (a)0||a1||…||at) And sending to the server. For a server with a mathematical model of a correct strong PUF, the response of Ca, i.e. the x value of a set of points, can be predicted by the mathematical model of the strong PUF, thereby reconstructing the polynomial. For low cost devices, the hash operation can be replaced by a lightweight hash function such as Skinny. The security level of the hash may then be selected according to the security requirements. It should be noted that it is not necessary to hash all polynomial coefficients and send them to the server. The system may be dynamically selected based on security requirements. For example, if hash-128 is used here, 128/q polynomial coefficients may be selected for the hash operation. For an attacker, since the response value corresponding to Ca, namely the abscissa value of the point set, cannot be obtained, only the publicly transmitted y value of the point set is relied on
Polynomial reconstruction cannot be done.
In step 504, at the server side, based on the received information
And strong PUF mathematical model
Predicted generated Ra1,Ra2,...,RakAlternative point sets can be constructed
In order to complete the polynomial reconstruction, at least a server-side predicted value Ra is required1,Ra2,...,RakAnd the t responses from the equipment side
The same is true. Since there are k points in total, the number of all possible combinations is shown in the following formula, and the number of sub-loops Num is required at most.
in each cycle, the server calculates the vandermonde matrix by solving the equation by gaussian elimination or by claime law as follows
If it is
Hash (a) with input1||a2||…||at) And if the authentication result is equal to the preset authentication result, the authentication of the server side to the equipment side is successful, otherwise, the authentication fails.
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1);
said y1,y2,…,yt+1Respectively correspond to
The term of (1).
In step 505, if the server successfully authenticates the device, g (g) is added<t +1) reconstructionsPolynomial coefficients (e.g.
) And the feedback is carried out to the device side to prove that the server side has a correct mathematical model of the PUF, so that the polynomial reconstruction can be completed.
In step 506, the device peer compares the received peer-to-peer messages
And the polynomial coefficient a generated by the apparatus in step 5020||a1||…||ag. If the two are the same, the equipment authentication server is successful, and the bidirectional authentication is completed. Otherwise, the device authenticates the server as an illegitimate server.
The embodiment of the invention can be changed according to different application scenes. For example, in a low cost device, the hash algorithm in the protocol may be replaced by random points on l (l < t +1) f (x). The server verifies the legitimacy of the device by verifying whether the points are on the reconstructed polynomial. It should be noted that to ensure that an attacker cannot reconstruct the polynomial based on the acquired information, it is necessary to ensure that l + g < t +1 holds.
It should be noted that, for the information interaction, execution process and other contents between the modules and units in the apparatus and system, the specific contents may refer to the description in the embodiment of the method of the present invention because the same concept is used as the embodiment of the processing method of the present invention, and are not described herein again.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the embodiments may be implemented by associated hardware as instructed by a program, which may be stored on a computer-readable storage medium, which may include: read Only Memory (ROM), Random Access Memory (RAM), magnetic or optical disks, and the like.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.
Claims (10)
1. A strong PUF-based anti-machine learning security authentication method is characterized in that a mathematical model of a strong PUF is stored in a server side, the mathematical model of the strong PUF is generated according to the strong PUF of a device side, and the authentication method comprises the following steps:
the server generates a k-dimensional random excitation group and sends the generated random excitation group to the equipment end;
the device side generates a response of the k-dimensional strong PUF according to the obtained random excitation group; the response of the strong PUF is imported into a t-order random polynomial to obtain k polynomial results; wherein k and t are both natural numbers, and k > -t;
the device side sends the k polynomial results and the polynomial coefficients to a server after preprocessing;
the server calculates the mathematical model response of the k-dimensional strong PUF according to the mathematical model of the strong PUF and the random excitation group; combining the mathematical model response of the strong PUF and the obtained k polynomial results to reversely deduce a polynomial coefficient; and when the reverse-deducing polynomial coefficient is verified to be consistent with the acquired corresponding content after the same pretreatment, the server authentication result is successful.
2. The strong PUF-based anti-machine learning security authentication method according to claim 1, the method further comprising:
the server sends one or more of the back-derived polynomial coefficients to the equipment end;
and the equipment terminal verifies that the obtained polynomial coefficient reversely pushed out by the server is consistent with the locally generated polynomial coefficient of the t-order random polynomial, and the authentication result of the client terminal is successful.
3. The strong PUF-based anti-machine learning security authentication method according to claim 1, wherein the mathematical model of the strong PUF is generated from the strong PUF on the device side, and specifically includes:
server generates random incentive group CaiA reaction of the above-mentionedRandom excitation group CaiSending the data to an equipment end; wherein i is a natural number;
the equipment end obtains the random excitation group Ca from the serveriGenerating a response of the corresponding strong PUF, and feeding back the response of the strong PUF to the server;
server side based on generated random excitation group CaiAnd the response of the strong PUF trains a mathematical model of the strong PUF;
repeating the above to generate the random excitation group CaiAnd storing the mathematical model of the strong PUF meeting the preset threshold delta until the precision of the trained mathematical model of the strong PUF is more than or equal to the preset threshold delta.
4. A strong PUF-based anti-machine learning security authentication method according to any one of claims 1 to 3, wherein said pre-processing comprises:
combining the polynomial coefficients and then performing hash calculation to obtain a result value; or,
the server and the equipment terminal determine the positions and the number g of the coefficients in the polynomial to be verified in advance, and the preprocessing is to extract the coefficients of the corresponding positions and the number from the polynomial coefficients.
5. A strong-PUF-based anti-machine-learning security authentication method according to any one of claims 1 to 3, wherein the server generates a k-dimensional random excitation group, specifically comprising:
the server generates a k-dimensional random excitation set Ca ═ a using a random number generator1,a2,...,akSending the data to an equipment end;
a strong PUF mathematical model of the server generates corresponding k responses Ra based on the generated excitation prediction1,Ra2,...,Rak(ii) a Based on the received random stimulus Ca, the strong PUF at the device end generates a corresponding response
6. The strong PUF-based anti-machine learning security authentication method according to claim 5, wherein the order-t random polynomial is specifically: the device randomly generates a t-order polynomial f (x) a based on a random number generator0+a1x+…+atxt;
Then, the response of the strong PUF is imported into a t-order random polynomial to obtain k polynomial results, which specifically is:
response generated by strong PUF
Respectively substituting into the t-order polynomials to generate points on k polynomials f (x)
The device side sends the k polynomial results and polynomial coefficients to a server after preprocessing, specifically:
the longitudinal coordinate value of the point set
And a hash operation a1、a2、…、atThe result value obtained from one or more of them is sent to the server.
7. The strong PUF-based anti-machine learning security authentication method according to claim 6, wherein the back-deriving polynomial coefficients by combining a mathematical model response of the strong PUF and the obtained k polynomial results specifically comprises:
the server back-derives the polynomial coefficients by solving the vandermonde matrix shown below
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1); said y1,y2,…,yt+1Respectively correspond to
The term of (1).
8. The utility model provides an anti machine learning security authentication device based on strong PUF, characterized in that, the device includes strong PUF module, the parallel-serial module of serialization, control module, dual-port RAM, random generator, the multinomial module of evaluating, hash module, wherein, strong PUF module and the parallel-serial module of serialization couple with dual-port RAM after establishing ties, random generator links to each other with multinomial evaluation module and hash module respectively, the multinomial evaluation module still links to each other with dual-port RAM, hash module output still links to each other with control module, control module is used for controlling the data gate between the module of relevant group and the dual-port RAM, it is specific:
the device receives a random excitation group Ca from the server;
the strong PUF module sequentially generates corresponding response groups according to the received random excitation group Ca
The initialization of the dual-port RAM is completed;
the addresses of the dual-port RAM are stored with a plurality of groups of response groups; the random generator generates a random number as a polynomial coefficient, and inputs the polynomial coefficient into the polynomial dereferencing module;
from address addr _ k-1 to addr _0 in the dual port RAM; and (4) performing polynomial result calculation on a response group stored in each address addr, and outputting the polynomial result calculation content to an authentication server to realize the safety authentication of the server side.
9. The strong PUF-based anti-machine learning security authentication device according to claim 8, wherein the outputting the polynomial result calculation content to an authentication server to implement server-side security authentication specifically includes:
splicing the polynomial coefficients, solving a hash value, and outputting the hash value and the polynomial result calculation content to a server;
the server calculates the mathematical model response of the strong PUF according to the mathematical model of the strong PUF and the random excitation group Ca; combining the mathematical model response of the strong PUF and the obtained polynomial result to reversely deduce a polynomial coefficient; and when the polynomial coefficients are verified and reversely deduced for splicing, and the obtained hash value is consistent with the obtained hash value after the hash value is solved, the server authentication result is successful.
10. The strong PUF-based anti-machine learning security authentication device according to claim 9, wherein the back-deriving polynomial coefficients by combining a mathematical model response of the strong PUF and an obtained polynomial result includes:
the server back-derives the polynomial coefficients by solving the vandermonde matrix shown below
Wherein x is1,x2,…,xt+1Respectively correspond to Ra1,Ra2,...,RakThe t +1 term in (1); said y1,y2,…,yt+1Respectively correspond to
The term of (1).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110317286.6A CN113206741B (en) | 2021-03-25 | 2021-03-25 | Anti-machine learning security authentication method and device based on strong PUF |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110317286.6A CN113206741B (en) | 2021-03-25 | 2021-03-25 | Anti-machine learning security authentication method and device based on strong PUF |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113206741A CN113206741A (en) | 2021-08-03 |
| CN113206741B true CN113206741B (en) | 2022-03-25 |
Family
ID=77025574
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110317286.6A Active CN113206741B (en) | 2021-03-25 | 2021-03-25 | Anti-machine learning security authentication method and device based on strong PUF |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113206741B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113922990B (en) * | 2021-09-17 | 2023-04-25 | 温州大学 | Strong PUF (physical unclonable function) machine learning attack resisting method based on matrix encryption |
| CN113765677B (en) * | 2021-09-30 | 2023-08-18 | 中音讯谷科技有限公司 | Embedded authentication method in video transmission based on PUF |
| CN114826778B (en) * | 2022-06-21 | 2022-09-27 | 杭州安恒信息技术股份有限公司 | Authentication method, device, equipment and medium |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9806718B2 (en) * | 2014-05-05 | 2017-10-31 | Analog Devices, Inc. | Authenticatable device with reconfigurable physical unclonable functions |
| EP3265943B1 (en) * | 2015-03-05 | 2021-04-28 | Analog Devices, Inc. | Authentication system and device including physical unclonable function and threshold cryptography |
| CN107733655B (en) * | 2017-10-13 | 2020-10-09 | 东南大学 | APUF security authentication method based on polynomial reconstruction |
-
2021
- 2021-03-25 CN CN202110317286.6A patent/CN113206741B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN113206741A (en) | 2021-08-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113206741B (en) | Anti-machine learning security authentication method and device based on strong PUF | |
| EP3069249B1 (en) | Authenticatable device | |
| US8171306B2 (en) | Universal secure token for obfuscation and tamper resistance | |
| CN109756338A (en) | The unclonable function of physics remotely re-registers | |
| KR102603797B1 (en) | How to verify the execution integrity of an application on a target device | |
| CN107615285B (en) | Authentication system and apparatus including physically unclonable function and threshold encryption | |
| Kogan et al. | T/key: Second-factor authentication from secure hash chains | |
| CN107426165A (en) | Bidirectional secure cloud storage data integrity detection method supporting key updating | |
| CN104468579A (en) | Authentication system suitable for distributed storage | |
| US11108560B2 (en) | Authentication protocol using a one-time password | |
| CN107733655B (en) | APUF security authentication method based on polynomial reconstruction | |
| Biryukov et al. | Fast and tradeoff-resilient memory-hard functions for cryptocurrencies and password hashing | |
| CN113326475B (en) | Matrix inversion outsourcing calculation method based on elementary matrix | |
| WO2020020127A1 (en) | Private key storage and reading method and apparatus, and hardware device | |
| JP7312293B2 (en) | Digital signature method, signature information verification method, related device and electronic device | |
| CN107370599A (en) | A kind of management method, the device and system of remote destroying private key | |
| US11614918B1 (en) | Generating quantum representations of hexadecimal data | |
| Xia et al. | Cryptanalysis and improvement of a group authentication scheme with multiple trials and multiple authentications | |
| CN114049121A (en) | Block chain based account resetting method and equipment | |
| CN104468580A (en) | Authentication method suitable for distributed storage | |
| Sun et al. | Public data integrity auditing without homomorphic authenticators from indistinguishability obfuscation | |
| CN109936562A (en) | A kind of scalable accessing control method calculated towards mist | |
| Khan et al. | Soteria: A quantum-based device attestation technique for the Internet of Things | |
| Asimi et al. | New Random Generator of a Safe Cryptographic Salt Per Session. | |
| CN109818944A (en) | It is a kind of to support pretreated cloud data outsourcing and integrity verification method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220511 Address after: 430000 Room 403, 4th floor, Guanggu science and technology building, No. 770, Gaoxin Avenue, Donghu New Technology Development Zone, Wuhan, Hubei Province Patentee after: Wuhan binary semiconductor Co.,Ltd. Address before: 430000, 2nd floor, optical communication industrial building, Fenghuo Road, Guandong Industrial Park, Donghu Development Zone, Wuhan City, Hubei Province Patentee before: WUHAN FISILINK MICROELECTRONICS TECHNOLOGY Co.,Ltd. |
|
| TR01 | Transfer of patent right |