FPGA的物理不可克隆函数关键技术研究

发布时间：2018-08-17 20:05

【摘要】：近年来,以智能硬件为主的多样化终端和交互设备大规模普及,使得整个信息系统更加智能和便捷,其使用环境的多样性和复杂性导致整个信息系统的风险抵御能力变得十分脆弱。作为一种重要的硬件安全原语,物理不可克隆函数(PUF)利用不可控的制造工艺随机差异生成具有唯一标识的签名数据。自身特有的轻量级和防篡改属性在知识产权保护、物联网系统安全和硬件设备认证等方面具有广泛的应用前景。基于现场可编程门阵列(FPGA)的应用因其对电路设计可自由灵活配置的特点,自身的安全性和可靠性问题越来越受到关注。PUF技术可以从硬件层面为FPGA电路提供有效安全保护,以较少的开销获得更强的抵御安全风险能力。本文从FPGA PUF的实现原理、主要特性和应用领域等方面入手,系统地分析和论述基于存储和基于时延两大类FPGA PUF的模型和相应的电路结构,指出现有FPGA PUF设计存在片面追求响应比特的随机性而忽略了电路整体开销和灵活性的问题。特别深入研究了FPGA PUF设计中的三个关键技术:制造工艺随机特性体现,可重构PUF电路技术和多节点密钥匹配,以提高硬件资源使用效率、增强电路结构灵活性和稳定性为主要目标开展工作,主要成果包括:(1)以提高硬件资源使用率和兼容性为目标,设计并实现了一种高资源利用率毛刺PUF电路设计方法。针对毛刺PUF电路设计中由于硬件开销大和兼容性差导致响应输出无法充分体现制造工艺随机特性的问题,对现有毛刺PUF设计存在的单一使用状态转换时延差等问题展开研究,根据可编程逻辑块(CLB)的不同特性设置相应的布局布线策略,通过改变顶层与底层双路选择器的输入状态和调整开关矩阵中路径分配的策略控制到达两个双路选择器的时延差,减少并入双路选择器的个数的同时调整Slice之间相对位置,确保产生的“毛刺”信号具有PUF特性。实验结果表明,该方法将单位CLB输出响应最高可提升至2比特,并实现芯片Slice资源100%利用率。(2)针对可重构PUF电路设计中存在的灵活程度差,响应稳定性不高的问题,提出一种交叉可重构RO PUF电路设计方法。引入交叉可重构概念,通过在每一阶反相器之间并入级间交叉结构进一步扩大RO链路组合方式。采用基于LUT的级间交叉实现设计不仅可以实现动态配置路径的目标,还可以充分利用LUT资源物理位置固定的优势,解决信号在不同配置电路中传输时延差异过大影响输出信号随机性的问题。实验结果表明,与文献中其他优化结构设计相比,该电路结构在可重构数、唯一性和稳定性方面都有明显提升。(3)将FPGA PUF设计与实际应用相结合,针对目前物联网节点认证加密算法在硬件资源消耗和多点认证方面存在薄弱环节问题,借助本文提出的高资源利用率毛刺PUF电路和交叉可重构RO PUF电路设计,提出了一种基于FPGA PUF的共享密钥认证加密算法。对基于PUF电路的一对多认证模式相关设计进行深入研究。采用交叉可重构RO PUF电路为硬件平台,利用选择信号预先设置PUF电路,激励信号选取RO对的方式,调整两个不同的交叉可重构RO PUF配置,使其输出相同的响应比特,完成密钥配对过程。在此基础上设计了基于共享密钥的认证和数据通信协议基本框架结构,并在时效性和能耗方面进一步拓展。实验表明,相较典型的认证加密算法,本文提出的认证加密技术与在保证可靠性的前提下FPGA硬件资源消耗较少,采用一对多认证模式时该优势更加明显。
[Abstract]:In recent years, the large-scale popularization of intelligent hardware-based terminals and interactive devices has made the whole information system more intelligent and convenient. The diversity and complexity of its use environment make the risk resistance ability of the whole information system very fragile. The unique lightweight and tamper-proof attributes of the signature data are widely used in the fields of intellectual property protection, Internet of Things system security and hardware equipment authentication. The application based on field programmable gate array (FPGA) is self-sufficient for circuit design. Due to the characteristics of flexible configuration, more and more attention has been paid to the security and reliability of itself. PUF technology can provide effective security protection for FPGA circuits from the hardware level, and gain a stronger ability to resist security risks with less cost. This paper analyzes and discusses the models and corresponding circuit structures of two types of FPGA PUF: memory-based and delay-based. It points out that the existing design of FPGA PUF has the problem of unilaterally pursuing the randomness of response bits while ignoring the overall cost and flexibility of the circuit. At present, reconfigurable PUF circuit technology and multi-node key matching are the main objectives to improve the efficiency of hardware resource utilization, enhance the flexibility and stability of circuit structure. The main achievements include: (1) To improve the hardware resource utilization and compatibility, a burr-proof PUF circuit design method with high resource utilization is designed and implemented. Aiming at the problem that the response output can not fully reflect the stochastic characteristics of manufacturing process due to the high hardware overhead and poor compatibility in burr PUF circuit design, the problem of single state transition delay in burr PUF design is studied, and the corresponding layout and routing strategy is set according to the different characteristics of programmable logic block (CLB). Simply, by changing the input state of the top-level and bottom-level double-channel selectors and adjusting the strategy of path allocation in the switching matrix, the delay difference between the two double-channel selectors is controlled, the number of parallel double-channel selectors is reduced, and the relative position between the Slices is adjusted to ensure that the "burr" signal has PUF characteristics. Methods The maximum output response per CLB can be upgraded to 2 bits and 100% utilization of chip Slice resources can be realized. (2) To solve the problems of poor flexibility and low response stability in the design of reconfigurable PUF circuits, a cross-reconfigurable RO PUF circuit design method is proposed. The inter-level crossover structure based on LUT can not only achieve the goal of dynamic configuration path, but also make full use of the advantage of fixed physical location of LUT resources to solve the problem of signal transmission delay difference in different configuration circuits affecting the randomness of output signal. The experimental results show that the reconfigurable number, uniqueness and stability of the circuit structure are significantly improved compared with other optimized structure designs in the literature. (3) Combining the design of FPGA PUF with the practical application, there are some weaknesses in the hardware resource consumption and multi-point authentication of node authentication and encryption algorithms in the Internet of Things. In this paper, a shared key authentication and encryption algorithm based on FPGA PUF is proposed with the help of burr PUF circuit with high resource utilization and cross reconfigurable RO PUF circuit design proposed in this paper. Preset the PUF circuit, select the RO pairing mode of the excitation signal, adjust two different cross-reconfigurable RO PUF configurations to output the same response bit and complete the key pairing process. On this basis, the basic framework of authentication and data communication protocol based on shared key is designed, and the timeliness and energy consumption are further expanded. Experiments show that, compared with the typical authentication encryption algorithm, the authentication encryption technology proposed in this paper consumes less hardware resources on the premise of ensuring the reliability of the FPGA, and this advantage is more obvious when one-to-many authentication mode is adopted.
【学位授予单位】：中国矿业大学(北京)
【学位级别】：博士
【学位授予年份】：2017
【分类号】：TN791

【参考文献】