SlideShare una empresa de Scribd logo

Physically Unclonable Functions In a M2M Authentication context

Atos_Worldline
Atos_Worldline

Physically Unclonable Functions In a M2M Authentication context presentation presented at Cartes & IDentification 2011 by Stéphane Cauchie

TecnologíaEconomía y finanzasEmpresariales
1 de 30
Descargar para leer sin conexión
Physically Unclonable Functions In a M2M Authentication context Atos Worldline dd-mm-yyyy Transactional services. Powering progress | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer Applicative Layer Project status & Conclusion 2 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary Context : ADS+ Consortium 3 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
ADS+ Consortium ▶ Bank & Industry | 16-11-2011| Cauchie Stéphane O&D-R&D Team
ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries | 16-11-2011| Cauchie Stéphane O&D-R&D Team
ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary ADS+ Consortium Project definition j 10 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Context of Project Needs and requirements bound to the payment card are heavier Management becomes more and more complex and expensive to design and validate a new open and standard POI (Point of Infrastructure) Architecture for the Distribution of secure Services standardization proposals (EPAS, ISO) A Web Major scientific architecture - a thin client POI - A server of infrastructure and industrial - Some ADS+ services impacts | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Kinematics merchant secure channel Merchant establishment Authentication Infrastructure ADS+ services | 16-11-2011| Cauchie Stéphane O&D-R&D Team
10/10/2010 Kinematics Confidential merchant Infrastructure Customer ADS+ services | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Technical innovation on the POI Replace the certificats x.509 in Composants Authentication POI PUF Technology Low cost No private key to protect less complex than PKI | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary ADS+ Consortium Project definition j Physically Unclonable Functions 15 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
PUF Concepts  Introduced by Pappu (cf Physical One Way Functions 2001) (cf. One-Way Functions,  The observation : Component manufacturing processes induce minor  differences between two objects yet being made under  the same conditions  The idea : To exploit these minor differences to generate a secret | 16-11-2011| Cauchie Stéphane O&D-R&D Team
How to generate a secret ? g Black Application challenge Response Box Error detect o a d co ect o o detection and correction Noisy SRAM PUF PUF, Hardware Optical PUF Coating PUF Arbiter PUF | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Categories of PUFs g  t-Strong PUF vs Weak PUF « a Strong t-PUF has a sufficient number of Challenge-response pairs such that it is difficult for an Attackers, who obtained some challenge- response p p pairs during a time t, to p g , predict a response from a challenge p g with a high probability » Source : Rührmair, Sölter, Selmke On the foundation of Physical Unclonable Functions (2009) C Controlled PUF vs U ll d Uncontrolled PUF ll d Controlled PUF Black Challenge Response box Can forbid Can encrypt and hash | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer 19 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Optical PUF Response Transparent with random scatterers Challen ge 20 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Coating PUF random dielectric particles C a e ge Challenge (voltage of a Response R certain frequency (a random and amplitude) capacitan ce Metal sensors Value) 21 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Arbiter PUF C1 C2 CN 1 1 1 0 0 0 0 0 0 1 1 1 22 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
SRAM PUF C1 C1 1 0 0 0 0 0 0 1 C2 0 0 1 0 0 1 0 1 C2 REPONSE CHALLENGE 1 1 0 1 0 1 1 0 0 0 0 1 0 0 0 1 Cn 0 1 1 1 0 0 0 0 Cn 23 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer Applicative Layer 24 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
The PUF response as session key p y  Enrollment phase PUF 1 1 c1 r1 cm rm DB n c1 r1 PUF n cm rm  Session key establishment Id id c1 r1 PUF c1 DB r1 Black box cm rm Session Key r1 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
The PUF response for Authentication p Enrollment phase < gk> a group Ri = gri where ri is a PUF response to challenge ci PUF 1 1 c1 R1 cm Rm BD n c1 R1 PUF n cm Rm  PUF authentication Id PUF id c1 R1 c1 BD Black box r1 cm Rm Zero–Knowledge proof Keith B. Frikken, Marina Blanton, Mikhail J. Atallah Robust Authentication using physically unclonable functions (2009) . | 16-11-2011| Cauchie Stéphane O&D-R&D Team
The PUFs to create a secure channel - PUF uses in key exchange protocol Data base attacks Impersonate the PUF - PUF uses in a authentication protocol No shared secret No session Key - A secure channel : authentication + session key A new protocol has been developed : DHZKP protocol | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer Applicative Layer Project status & Conclusion 28 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Conclusion ▶ Physically Unclonable Function – Use Physical characteristic to extract unique pattern – Less expensive than a secure element – Use cases : Anti-Counterfeit, M2M authentication ▶ ADS+ – M2M context – Replace PKI by a disruptive technology – Our PUF can be considered strong as we are in a Tamper Resistant Device g p ▶ Protocol Layer : Our DHZKP – Scientific Papier about the DHZKP protocol (We are making the security proof) – RFC about the TLS extension by DHZKP – Tests in a real situation (POI / server) – Open source 29 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
Thanks For more information please contact: T+ 33 1 98765432 F+ F 33 1 88888888 M+ 33 6 44445678 firstname.lastname@atos.net Atos (Country and legal form) ( y g ) Address atos.net post/zip code, location Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. October 2011 © 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. Transactional services. Powering progress © Confidential | 16-11-2011| Cauchie Stéphane O&D-R&D Team

Recomendados

2011 HKICC Presentation
2011 HKICC Presentation2011 HKICC Presentation
2011 HKICC Presentation
Asia Pacific Cloud Apps Alliance
 
PUF, LightingUpTheWorld
PUF, LightingUpTheWorldPUF, LightingUpTheWorld
PUF, LightingUpTheWorld
Jude Clemente
 
Paper Presentation
Paper PresentationPaper Presentation
Paper Presentation
johirbuet
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
Mani Rathnam
 
Smart card based electronic passport system
Smart card based electronic passport systemSmart card based electronic passport system
Smart card based electronic passport system
Edgefxkits & Solutions
 
Physically Unclonable Digital ID
Physically Unclonable Digital IDPhysically Unclonable Digital ID
Physically Unclonable Digital ID
Peter Choi
 
E-passport example
E-passport exampleE-passport example
E-passport example
Alexander SAMARIN
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded Systems
Informatik-Forum Stuttgart e.V.
 

Recomendados

2011 HKICC Presentation
2011 HKICC Presentation2011 HKICC Presentation
2011 HKICC Presentation
Asia Pacific Cloud Apps Alliance
 
PUF, LightingUpTheWorld
PUF, LightingUpTheWorldPUF, LightingUpTheWorld
PUF, LightingUpTheWorld
Jude Clemente
 
Paper Presentation
Paper PresentationPaper Presentation
Paper Presentation
johirbuet
 
Hardware Security
Hardware SecurityHardware Security
Hardware Security
Mani Rathnam
 
Smart card based electronic passport system
Smart card based electronic passport systemSmart card based electronic passport system
Smart card based electronic passport system
Edgefxkits & Solutions
 
Physically Unclonable Digital ID
Physically Unclonable Digital IDPhysically Unclonable Digital ID
Physically Unclonable Digital ID
Peter Choi
 
E-passport example
E-passport exampleE-passport example
E-passport example
Alexander SAMARIN
 
Secure Embedded Systems
Secure Embedded SystemsSecure Embedded Systems
Secure Embedded Systems
Informatik-Forum Stuttgart e.V.
 
Aarnet Acu Briefing 040711
Aarnet Acu Briefing 040711Aarnet Acu Briefing 040711
Aarnet Acu Briefing 040711
James Sankar
 
20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services
Arian Zwegers
 
Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...
Luigi Buglione
 
Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...
Luigi Buglione
 
ScienceSoft: Open Software for Open Science
ScienceSoft: Open Software for Open ScienceScienceSoft: Open Software for Open Science
ScienceSoft: Open Software for Open Science
SoftwarePractice
 
A Valuable ‘Data Experience’
A Valuable ‘Data Experience’A Valuable ‘Data Experience’
A Valuable ‘Data Experience’
Luigi Buglione
 
Satellite Applications Catapult Centre Overview
Satellite Applications Catapult Centre OverviewSatellite Applications Catapult Centre Overview
Satellite Applications Catapult Centre Overview
A. Rocketeer
 
Gda Panel
Gda PanelGda Panel
Gda Panel
Design And Reuse
 
Systematic 6th Internal Convention, June 15, 2011, Paris
Systematic 6th Internal Convention, June 15, 2011, ParisSystematic 6th Internal Convention, June 15, 2011, Paris
Systematic 6th Internal Convention, June 15, 2011, Paris
CompatibleOne
 
Long way from ideas and needs to software measurement standards - Failures, s...
Long way from ideas and needs to software measurement standards - Failures, s...Long way from ideas and needs to software measurement standards - Failures, s...
Long way from ideas and needs to software measurement standards - Failures, s...
Luigi Buglione
 
Measuring web performance. Velocity EU 2011
Measuring web performance. Velocity EU 2011Measuring web performance. Velocity EU 2011
Measuring web performance. Velocity EU 2011
Stephen Thair
 
Coveo Search - Product Overview
Coveo Search - Product OverviewCoveo Search - Product Overview
Coveo Search - Product Overview
Amplexor
 
Trm for mtec
Trm for mtecTrm for mtec
Trm for mtec
Nares Damrongchai
 
Presentation of aviation
Presentation of aviationPresentation of aviation
Presentation of aviation
cohtech
 
20080325 Software, Services, and Semantics in FP7
20080325 Software, Services, and Semantics in FP720080325 Software, Services, and Semantics in FP7
20080325 Software, Services, and Semantics in FP7
Arian Zwegers
 
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
Luigi Buglione
 
Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...
Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...
Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...
Nagios
 
ServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von Aspediens
ServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von AspediensServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von Aspediens
ServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von Aspediens
René Haeberlin
 
Micro Focus - Not only Cobol
Micro Focus - Not only CobolMicro Focus - Not only Cobol
Micro Focus - Not only Cobol
Eclipse Day 2010 in Rome
 
Iess10 I 2 Avs@Iess1 0 Presentation V0 4
Iess10 I 2 Avs@Iess1 0 Presentation V0 4Iess10 I 2 Avs@Iess1 0 Presentation V0 4
Iess10 I 2 Avs@Iess1 0 Presentation V0 4
IESS
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
lior mazor
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Neo4j
 

Más contenido relacionado

Similar a Physically Unclonable Functions In a M2M Authentication context

Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...
Luigi Buglione
 
ScienceSoft: Open Software for Open Science
ScienceSoft: Open Software for Open ScienceScienceSoft: Open Software for Open Science
ScienceSoft: Open Software for Open Science
SoftwarePractice
 
A Valuable ‘Data Experience’
A Valuable ‘Data Experience’A Valuable ‘Data Experience’
A Valuable ‘Data Experience’
Luigi Buglione
 
Satellite Applications Catapult Centre Overview
Satellite Applications Catapult Centre OverviewSatellite Applications Catapult Centre Overview
Satellite Applications Catapult Centre Overview
A. Rocketeer
 

Similar a Physically Unclonable Functions In a M2M Authentication context (20)

Aarnet Acu Briefing 040711
Aarnet Acu Briefing 040711Aarnet Acu Briefing 040711
Aarnet Acu Briefing 040711
 
20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services20080422 Overview of ICT research in Software & Services
20080422 Overview of ICT research in Software & Services
 
Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...
 
Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...Experimental Study Using Functional Size Measurement in Building Estimation M...
Experimental Study Using Functional Size Measurement in Building Estimation M...
 
ScienceSoft: Open Software for Open Science
ScienceSoft: Open Software for Open ScienceScienceSoft: Open Software for Open Science
ScienceSoft: Open Software for Open Science
 
A Valuable ‘Data Experience’
A Valuable ‘Data Experience’A Valuable ‘Data Experience’
A Valuable ‘Data Experience’
 
Satellite Applications Catapult Centre Overview
Satellite Applications Catapult Centre OverviewSatellite Applications Catapult Centre Overview
Satellite Applications Catapult Centre Overview
 
Gda Panel
Gda PanelGda Panel
Gda Panel
 
Systematic 6th Internal Convention, June 15, 2011, Paris
Systematic 6th Internal Convention, June 15, 2011, ParisSystematic 6th Internal Convention, June 15, 2011, Paris
Systematic 6th Internal Convention, June 15, 2011, Paris
 
Long way from ideas and needs to software measurement standards - Failures, s...
Long way from ideas and needs to software measurement standards - Failures, s...Long way from ideas and needs to software measurement standards - Failures, s...
Long way from ideas and needs to software measurement standards - Failures, s...
 
Measuring web performance. Velocity EU 2011
Measuring web performance. Velocity EU 2011Measuring web performance. Velocity EU 2011
Measuring web performance. Velocity EU 2011
 
Coveo Search - Product Overview
Coveo Search - Product OverviewCoveo Search - Product Overview
Coveo Search - Product Overview
 
Trm for mtec
Trm for mtecTrm for mtec
Trm for mtec
 
Presentation of aviation
Presentation of aviationPresentation of aviation
Presentation of aviation
 
20080325 Software, Services, and Semantics in FP7
20080325 Software, Services, and Semantics in FP720080325 Software, Services, and Semantics in FP7
20080325 Software, Services, and Semantics in FP7
 
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
A proposal for a new common process scope for AutomotiveSPICE: Six reasons fo...
 
Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...
Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...
Nagios Conference 2011 - Christian Mies - German Health Insurance Company Ref...
 
ServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von Aspediens
ServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von AspediensServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von Aspediens
ServiceNow Event 15.11.2012 / Beispiele aus Kundenprojekten von Aspediens
 
Micro Focus - Not only Cobol
Micro Focus - Not only CobolMicro Focus - Not only Cobol
Micro Focus - Not only Cobol
 
Iess10 I 2 Avs@Iess1 0 Presentation V0 4
Iess10 I 2 Avs@Iess1 0 Presentation V0 4Iess10 I 2 Avs@Iess1 0 Presentation V0 4
Iess10 I 2 Avs@Iess1 0 Presentation V0 4
 

Último

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Physically Unclonable Functions In a M2M Authentication context

  • 1. Physically Unclonable Functions In a M2M Authentication context Atos Worldline dd-mm-yyyy Transactional services. Powering progress | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 2. Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer Applicative Layer Project status & Conclusion 2 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 3. Summary Context : ADS+ Consortium 3 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 4. ADS+ Consortium ▶ Bank & Industry | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 5. ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 6. ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 7. ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 8. ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 9. ADS+ Consortium ▶ Bank & Industry ▶ S&M Industries ▶ Labs ▶ Funding Agency | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 10. Summary ADS+ Consortium Project definition j 10 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 11. Context of Project Needs and requirements bound to the payment card are heavier Management becomes more and more complex and expensive to design and validate a new open and standard POI (Point of Infrastructure) Architecture for the Distribution of secure Services standardization proposals (EPAS, ISO) A Web Major scientific architecture - a thin client POI - A server of infrastructure and industrial - Some ADS+ services impacts | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 12. Kinematics merchant secure channel Merchant establishment Authentication Infrastructure ADS+ services | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 13. 10/10/2010 Kinematics Confidential merchant Infrastructure Customer ADS+ services | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 14. Technical innovation on the POI Replace the certificats x.509 in Composants Authentication POI PUF Technology Low cost No private key to protect less complex than PKI | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 15. Summary ADS+ Consortium Project definition j Physically Unclonable Functions 15 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 16. PUF Concepts  Introduced by Pappu (cf Physical One Way Functions 2001) (cf. One-Way Functions,  The observation : Component manufacturing processes induce minor  differences between two objects yet being made under  the same conditions  The idea : To exploit these minor differences to generate a secret | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 17. How to generate a secret ? g Black Application challenge Response Box Error detect o a d co ect o o detection and correction Noisy SRAM PUF PUF, Hardware Optical PUF Coating PUF Arbiter PUF | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 18. Categories of PUFs g  t-Strong PUF vs Weak PUF « a Strong t-PUF has a sufficient number of Challenge-response pairs such that it is difficult for an Attackers, who obtained some challenge- response p p pairs during a time t, to p g , predict a response from a challenge p g with a high probability » Source : Rührmair, Sölter, Selmke On the foundation of Physical Unclonable Functions (2009) C Controlled PUF vs U ll d Uncontrolled PUF ll d Controlled PUF Black Challenge Response box Can forbid Can encrypt and hash | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 19. Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer 19 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 20. Optical PUF Response Transparent with random scatterers Challen ge 20 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 21. Coating PUF random dielectric particles C a e ge Challenge (voltage of a Response R certain frequency (a random and amplitude) capacitan ce Metal sensors Value) 21 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 22. Arbiter PUF C1 C2 CN 1 1 1 0 0 0 0 0 0 1 1 1 22 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 23. SRAM PUF C1 C1 1 0 0 0 0 0 0 1 C2 0 0 1 0 0 1 0 1 C2 REPONSE CHALLENGE 1 1 0 1 0 1 1 0 0 0 0 1 0 0 0 1 Cn 0 1 1 1 0 0 0 0 Cn 23 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 24. Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer Applicative Layer 24 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 25. The PUF response as session key p y  Enrollment phase PUF 1 1 c1 r1 cm rm DB n c1 r1 PUF n cm rm  Session key establishment Id id c1 r1 PUF c1 DB r1 Black box cm rm Session Key r1 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 26. The PUF response for Authentication p Enrollment phase < gk> a group Ri = gri where ri is a PUF response to challenge ci PUF 1 1 c1 R1 cm Rm BD n c1 R1 PUF n cm Rm  PUF authentication Id PUF id c1 R1 c1 BD Black box r1 cm Rm Zero–Knowledge proof Keith B. Frikken, Marina Blanton, Mikhail J. Atallah Robust Authentication using physically unclonable functions (2009) . | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 27. The PUFs to create a secure channel - PUF uses in key exchange protocol Data base attacks Impersonate the PUF - PUF uses in a authentication protocol No shared secret No session Key - A secure channel : authentication + session key A new protocol has been developed : DHZKP protocol | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 28. Summary ADS+ Consortium Project definition j Physically Unclonable Functions Hardware Layer Applicative Layer Project status & Conclusion 28 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 29. Conclusion ▶ Physically Unclonable Function – Use Physical characteristic to extract unique pattern – Less expensive than a secure element – Use cases : Anti-Counterfeit, M2M authentication ▶ ADS+ – M2M context – Replace PKI by a disruptive technology – Our PUF can be considered strong as we are in a Tamper Resistant Device g p ▶ Protocol Layer : Our DHZKP – Scientific Papier about the DHZKP protocol (We are making the security proof) – RFC about the TLS extension by DHZKP – Tests in a real situation (POI / server) – Open source 29 | 16-11-2011| Cauchie Stéphane O&D-R&D Team
  • 30. Thanks For more information please contact: T+ 33 1 98765432 F+ F 33 1 88888888 M+ 33 6 44445678 firstname.lastname@atos.net Atos (Country and legal form) ( y g ) Address atos.net post/zip code, location Atos, the Atos logo, Atos Consulting, Atos Worldline, Atos Sphere, Atos Cloud and Atos WorldGrid are registered trademarks of Atos SA. October 2011 © 2011 Atos. Confidential information owned by Atos, to be used by the recipient only. This document, or any part of it, may not be reproduced, copied, circulated and/or distributed nor quoted without prior written approval from Atos. Transactional services. Powering progress © Confidential | 16-11-2011| Cauchie Stéphane O&D-R&D Team