Cryptographic security using fuzzy credentials for device and server communications

摘要

An approach to cryptographic security uses a “fuzzy” credential, in contrast to a “hard” credential, to eliminate cryptographic algorithmic repeatability on a device that may be subject to physical attacks. By eliminating repeatability performed at an algorithmic (e.g., gate or software) level, a device inherently lacks one of the fundamental setup assumptions associated with certain classes of side channel, fault injection, timing, and related attacks, thus helps to protect the system against such attacks while preserving the cryptographic security of the system.

主权项

1. A method for establishing a secure communication session between a first device and a second device, wherein the first device comprises a physical unclonable function (PUF) element, the method comprising, performed at the second device:
generating a second part of a challenge value; signing the second part of the challenge for signature verification at the first device and transmitting the signed second part of the challenge to the first device; receiving an encryption of a response from the first device representing a use of the challenge as an input to the physical unclonable function element at the first device; decrypting the encrypted response; determining a predicted response to the challenge, and determining if the decrypted response sufficiently matches the predicted response; generating a symmetric key based on the decrypted response; and using the symmetric communication key for communication with the first device; wherein determining if the decrypted response sufficiently matches the predicted response comprises computing a similarity between a plurality of parts of the decrypted response and a corresponding plurality of parts of the predicted response.