Research On Authentication And Secure Boot Mechanism Of Embedded System Based On PUF

In the application process of embedded systems,a large amount of sensitive information is transmitted and stored,which makes it gradually become the target of malicious attacks.As a new type of hardware security primitive,Physical Unclonable Function(PUF)is being applied to the security field of integrated circuits.In this paper,the security threats that the embedded systems currently facing are thoroughly researched first.Then we apply PUF circuits to embedded system as a security method.Based on the PUF technology,an authentication protocol that protect the firmware update of the embedded system is proposed and evaluated.After that,a secure boot mechanism for the embedded system is designed and implemented.The novel contribution of this paper over previous work are:(1)The basic structure and application characteristics of the PUF circuit are studied,and a PUF structure suitable for FPGA chips is improved and implemented.Considering that the available strong PUF designs has large overhead and poor practicability,a new method of combine a weak PUF and an obfuscation logic to build a strong PUF has been proposed.Then a typical architecture with Advanced Encryption Standard as obfuscation logic has been implemented and evaluated.Experiments show that the structure can exponentially expand CRP space of the weak PUF,and also improves the performance of the original weak PUF.(2)Aiming at the security issues such as server impersonation,physical invasive on key memory,deny of services and replay attack that may occur in firmware updating process of the embedded system,improving the overhead and anti-attack capability of existing protocols,a PUF-based secure mutual authentication protocol is designed.A hardware and software co-verification method has been implemented on the protocol for a quick and secure mutual authentication process.Then the evaluation of its performance and security has been made.(3)A chained secure boot mechanism was designed and implemented for security threats such as tampering with embedded system bootrom.The mechanism uses PUF as the root of trust,and perform security verification step by step.This mechanism can prevent unsafe behavior after the system is maliciously tempered.