(Minseo Kim)
1†
(Hoi-Jun Yoo)
1
-
(Electrical Engineering, Korea Advanced Institute of Science and Technology (KAIST))
Copyright © The Institute of Electronics and Information Engineers(IEIE)
Index Terms
PUF, IOT chain, chaotic entropy source, IOT, merkle tree
I. INTRODUCTION
Recently, a demand for IoT Devices will increase year by year, with 3.3 billions of
equipment linked together by 2020 and the market size increase up to 457 Billion[1,2]. In these IoT markets, network security and information protection are the most important
factors in IoT device management. While existing IoT devices are distributed, the
following security issues can occur due to problems that need to be controlled by
the central server[2,3].
1) Malicious attacks on networks and devices that could lead to system failure
2) Counterfeit attacks such as device id or sensor data modification
3) The information provider maliciously manipulates the access level of the data
4) Personal information leakage due to the problem of a centralized server easily
duplicating a user's private information.
Above problems result in two major concerns in IoT management: Data security (data
integrity) issues sent from an IoT device to another device or to a central server,
and security privacy issues (device authentication) for the IoT device itself[4]. Fig. 1 shows the conventional device access of the IoT platform. Generally, IoT devices
consist of an antenna for communication, a sensor for measuring specific data, analog
to digital converter, and a communication module that digitizes measured values. Communication
from one IoT device include both data generated from that the device and the device's
identity , and it sent to another device, a local server, or a central server. Until
now, however, a number of IoT devices have not been efficiently handled security problem
due to the following problems:
Fig. 1. Device Access of the Conventional IOT Platform.
1) Existing security solutions that must receive a security key from a centralized
server are not used even if there is a no problem with the power budget limitation
caused by the battery problem of the IoT device itself. It is necessary to create
security keys on its own in various environments such as bicycles, smart homes, industries,
CCTV cameras, etc.
2) Managing extremely distributed IoT device cannot be efficiently managed by a centralized
server.
In this work, to solve above problem, a PUF using chaotic entropy source is proposed
for IOT device management and a decentralized IoT chain using key generated by PUF
is presented. Section II shows the architecture of proposed IoT chain. Section III
shows the detailed implementation and circuit description of proposed PUF based on
chaotic entropy source. Section IV and V show the measurement results and conclusion.
II. OVERALL ARCHITECTURE
Fig. 2 shows the overall block diagram of the proposed secure IoT chain. The public key
infrastructure (PKI) is applied to resolve security issues that the existing IoT platform
could not resolve.
Fig. 2. Device Access of the proposed Secure IOT Platform.
However, the key generation required for this PKI consists of power-hungry component
in a typical IoT device. Therefore, we propose a low-power PUF, which has true randomness
and non-replicable characteristics. PUF has 4 characteristics: Uniqueness, unpredictability,
unclonability, and robustness. Therefore, the proposed IoT platform can obtain the
different response $R_{i}$ ≠ $R_{j}$ (i,j ∈ devices in proposed IoT chain) for each
device when the same challenge C is applied as shown in Fig. 2. More detailed implementation of PUF design will be discussed in chapter 3.
Detailed data transmission process and device authentication process is shown in Fig. 3. The proposed structure in data transmission for data integrity uses block-chain-based
transmission. To resolve the security issues based on the existing public blockchain,
a private key generated from PUF is used to Merkle tree in the transaction chain shown
in Fig. 3(a). In the process of creating a signature from a blockchain based on the existing Merkle
tree, a chain structure is combined hash function with a private key from the proposed
PUF. Therefore, it can be verified that the data transmitted is valid because only
authorized users with a private key can access it compared to the normal public chain.
Besides data integrity, device authentication (ID authentication) is another important
security issue. For this purpose, the process which the device id is recorded in the
chain is shown in Fig. 3(b).
Fig. 3. (a) Data Transmission, (b) Device Authentication Process of proposed IoT Platform.
First, a PUF based public key is generated in each device. The generated key is verified
with its own private key, which creates a digital signature. A device signature that
represents a device identification is generated and has been verified through the
digital signature. And it registers its ID with the local edge server or block validators.
This process is also recorded in every blockchain, so that unauthorized devices can
be denied to access the IoT platform and prevent malicious attacks. However, there
is a possibility that anonymous IoT devices can be withdrawn or participation frequently.
It can be resolved by creating a group signature with a public group key that is already
shared according to the application of IoT devices.
III. CHAOTIC ENTROPY SOURCE BASED PUF IMPLEMENTATION
Fig. 4 shows the principle of chaotic entropy source[5,6]. Chaotic entropy source can be implemented in a various ways, but piecewise linear
chaotic map[5] is the most efficient implementation. First, a logistic-map is defined and random
noise is applied to the initial input. At this point, the initial noise repeats amplification
and analog to digital conversion, gradually producing unpredictable random streams.
Fig. 5 shows the detailed implementation of chaotic map using SAR ADC. It consists of 5-b
SAR ADC, residue amplifier, sample and hold switch, and post processing unit. The
input VIN is first sampled into the 5-b SAR ADC input. The input is a random value
consisting of the thermal noise, flicker noise, etc. of MOSFET. After passing the
ADC, the input generates a residue value, and the generated residue is converted to
the input value of the full range after passing through the residue amplifier. This
process is repeated over again, with the ADC's conversion bit producing true random
number through the postprocessing unit based on XOR. After that, a unique and non-replicable
digital finger print is generated by sampling this value.
Fig. 4. Block Diagram of Chaotic Map using A/D Conversion.
Fig. 5. Overall Architecture of ADC based Chaotic Map.
Fig. 6 shows the detailed circuit implementation of Chaotic Map. The 5-b SAR ADC was implemented
as a differential SAR ADC, and the capacitor DAC consists of a MOM capacitors. The
gain of the residue amplifier is set to 16, and can be gain-controlled with a tail
current, and an adaptive reset-comparator is used to further reduce power consumption[6]. First, the switch $\phi_{1}$ is connected for input sampling, then the analog to
digital conversion is performed. Then the $\phi_{3}$ switch is connected and the residue
held in the capacitor DAC is amplified. The $\phi_{2}$ switch is then connected and
the residue is stored at the front end of the residue amplifier. This process is repeated,
and the converted digital bit is passed through the XOR processing unit.
Fig. 6. Detailed Circuit Implementation of Proposed Chaotic map based on SAR ADC.
IV. MEASUREMENT RESULTS
The chip microphotograph and performance summary are described in Fig. 7. The PUF was implemented by using 0.18 mm mixed CMOS process. The active chip area
of the proposed chaotic entropy source is only 30 mm×150 mm. The highest data rate
of the fabricated chip was 270 kbps at the supply voltage of 0.6V. The power break
down of proposed entropy source is shown in Fig. 7. Capacitor DAC only consume 2 nW, digital processing unit consumes 15 nW, residue
amplifier consumes 45 nW and comparator consumes 3 nW. Fig. 8 shows the measured 1M bit steam of entropy source without deterministic patterns
(0=black dot, 1=white dot). NIST SP-800.22 tests[7] are used to evaluate the randomness of output bit stream with a threshold of p-value
> 0.01(significance level). The bit stream without post-processing failed due to
imperfections in the implementation of the chaotic map. The imperfection in chaotic
map is due to the quantization error from CDAC mismatch and comparator offset. Therefore,
we performed an XOR post processing (parity-based postprocessing). Table 1 shows the
NIST test result of 1M bit raw bit stream with 0.6 V supply. As shown in Table 1, when the post-processing bit width is 4, the output bit stream successfully passed
all of the 15 subtests for 1M bit streams.
Fig. 7. Chip Micrograph and Performance Summary.
Fig. 8. 1M bit output stream displayed in 1024x1024 array.
Table 1. NIST Test Results
|
NIST Pub 800-22 Test
|
P-value
|
Result
|
|
Frequency
|
0.593123
|
Pass
|
|
Block Frequency
|
0.431237
|
Pass
|
|
Cumulative Sums
|
0.366841
|
Pass
|
|
Runs
|
0.299760
|
Pass
|
|
Longest Runs of 1's
|
0.511478
|
Pass
|
|
Rank
|
0.273077
|
Pass
|
|
FFT
|
0.320408
|
Pass
|
|
Non-overlapping Template
|
100% Success
|
Pass
|
|
Overlapping Template
|
0.053141
|
Pass
|
|
Universal Statistical
|
0.234504
|
Pass
|
|
Approximate Entropy
|
0.142312
|
Pass
|
|
Random Excursions
|
0.31211
|
Pass
|
|
Random Excursions Variant
|
0.057437
|
Pass
|
|
Serial
|
0.204149
|
Pass
|
|
Linear Complexity
|
0.198422
|
Pass
|
V. CONCLUSIONS
In this paper, we present a PUF based on chaotic-map entropy source for secure IoT
chain that not only consumes low power, but also can be integrated in IoT device with
compact area. Moreover, secure IoT platform is proposed using key generated from the
proposed PUF. The proposed entropy source shows world lowest 65nW power consumption
while passing all NIST tests.
ACKNOWLEDGMENTS
This work was supported by Institute for Information & communications Technology
Promotion (IITP) grant funded by the Korea government (MSIP) (No.2016-0-00207, Intelligent
Processor Architectures and Application Software for CNN (Convolutional Neural Network)-RNN
(Recurrent Neural Network))
REFERENCES
, https://www.forbes.com/sites/louiscolumbus/2017/12/10/2017-roundup-of-internet-of-things
forecasts/#3239eabe1480
Xu Teng, et al , Nov. 2014, Security of IoT Systems: Design Challenges and Opportunities,
Solid-State Circuits Conference, 2014 IEEE/ACM International Conference on Computer-Aided
Design (ICCAD)
Panikkar S., et al , Jan.2015, IBM ADEPT: An IoT Practitioner Perspective - Draft
Copy for Advance Review, https://ia802601.us.archive.org/4/items/pdfyesMcC00dKmdo53_/IBM%20ADEPT%20Practictioner%20Perspective%20%20Pre%20Publication%20Draft%20%207%20Jan%202015.pdf
IBM , Jan. 2017, Empowering the edge, Practical insights on a decentralized Internet
of Things, Availabl:https://www935.ibm.com/services/multimedia/GBE03662USEN.pdf
Kim M., Ha U., Lee Y., Lee K., Yoo H. J., Sept. 2016, A 82nW chaotic-map true random
number generator based on sub-ranging SAR ADC, Proc. of IEEE ESSCIRC, pp. 157-160
Kim M., Ha U., Lee Y., Lee K., Yoo H. J., May. 2017, A 82-nW Chaotic Map True Random
Number Generator Based on a Sub-Ranging SAR ADC, IEEE Journal of Solid-State Circuits
2010, A Statistical Test Suite for the Validation of Random Number Generators and
Pseudo Random Number Generators for Cryptographic Applications, National Inst. Standards
and Technology, Pub 800-22
Author
(S’14) received the B.S degree in Semiconductor System Engineering, Sung Kyun Kwan
University in 2014 and received M.S. and Ph.D. degree in electrical engineering from
Korea Advanced Institute of Science and Technology (KAIST), Daejeon, Korea, in 2016
and 2019, respectively.
His research interests include low-power bio-medical SoC for wearable healthcare system
and IOT security platform.
graduated from the Electronic Department of Seoul National University, Seoul, Korea,
in 1983 and received the M.S. and Ph.D. degrees in electrical engineering from the
Korea Advanced Institute of Science and Technology (KAIST), Daejeon, in 1985 and 1988,
respectively. Since 1998, he has been the faculty of the Department of Electrical
Engineering at KAIST and now is a full professor.
From 2001 to 2005, he was the director of Korean System Integration and IP Authoring
Research Center (SIPAC).
From 2003 to 2005, he was the full time Advisor to Minister of Korea Ministry of Information
and Communication and National Project Manager for SoC and Computer.
In 2007, he founded System Design Innovation & Application Research Center (SDIA)
at KAIST.
Since 2010, he has served the general chair of Korean Institute of Next Generation
Computing.
His current interests are computer vision SoC, body area networks, biomedical devices
and circuits.
He is a coauthor of DRAM Design (Korea: Hongrung, 1996), High Performance DRAM (Korea:
Sigma, 1999), Future Memory: FRAM (Korea: Sigma, 2000), Networks on Chips (Morgan
Kaufmann, 2006), Low-Power NoC for High-Performance SoC Design (CRC Press, 2008),
Circuits at the Nanoscale (CRC Press, 2009), Embedded Memories for Nano-Scale VLSIs
(Springer, 2009), Mobile 3D Graphics SoC from Algorithm to Chip (Wiley, 2010), Bio-Medical
CMOS ICs (Springer, 2011), Embedded Systems (Wiley, 2012), and Ultra-Low-Power Short-Range
Radios (Springer, 2015)