Researchers have found a way to use the chaos to create digital fingerprints for electronic devices that can be unique enough to thwart even the most sophisticated hackers.
How unique are these fingerprints? The researchers believe it would take longer than the life of the universe to test every possible combination available.
The study was recently published online in the journal IEEE access.
The researchers developed a new version of a new technology called physically non-clonable functionsor PUFs built into computer chips.
According to Gauthier, these new PUFs could potentially be used to create secure ID cards, track goods in supply chains and as part of authentication applications where it is important to know that you are not communicating with a scammer.
"The SolarWinds Hack That targeted the US government and got people thinking about how we are going to do authentication and cryptography, ”Gauthier said.
"We hope this can be part of the solution."
The new solution uses PUFs that leverage tiny manufacturing variations in each computer chip – variations so small that they are not noticeable to the end user, said Noeloikeau Charlot, lead author of the study and a PhD student in physics at Ohio State.
"Even with the smallest differences in computer chips, there is a wealth of information that we can use to create PUFs," said Charlot.
These minor deviations – sometimes only at the atomic level – are used to create unique sequences of zeros and ones that researchers in the field appropriately refer to as "secrets."
Other groups have developed strong PUFs, but research has shown that hackers can successfully attack them. The problem is that current PUFs only hold a limited number of secrets, Gauthier said.
"If you have a PUF where that number is 1,000 or 10,000 or even a million, with the right technology and enough time a hacker can learn all of the secrets on the chip," said Gauthier.
"We believe we've found a way to produce a myriad of secrets that make it nearly impossible for hackers to find out, even if they had direct access to the computer chip."
The key to creating the improved PUF is chaos, an issue that Gauthier has studied for decades. No other PUFs have made use of chaos as shown in this study, he said.
The researchers created a complex network in their PUFs using a network of randomly interconnected Logic gate. Logic gates take two electrical signals and use them to create a new signal.
“We are using the gates in a non-standard way that leads to unreliable behavior. But that's exactly what we want. We use this unreliable behavior to create some kind of deterministic chaos, ”said Gauthier.
The chaos amplifies the small manufacturing fluctuations on the chip. Even the smallest differences, when amplified by chaos, can change the entire class of possible outcomes – in this case the secrets that Charlot says are produced.
“Chaos really expands the number of secrets available on a chip. This will likely confuse any attempts to predict the secrets, ”said Charlot.
One key to this process, according to Gauthier, is to let the chaos on the chip run just long enough. If you let it run for too long, it will get – well, too messy.
“We want the process to run long enough to create patterns too complex for hackers to attack and guess. However, the pattern has to be reproducible so that we can use it for authentication tasks, ”said Gauthier.
The researchers calculated that their PUF could produce 1077 Secrets. How big is that number? Imagine if a hacker could guess a secret every microsecond – 1 million secrets per second. It would take the hacker longer than the life of the universe, roughly 20 billion years, to guess every secret available in that microchip, Gauthier said.
As part of the study, the researchers attacked their PUF to see if they could be successfully hacked. They attempted machine learning attacks, including deep learning-based methods and model-based attacks, all of which failed. They are now offering their data to other research groups to see if they can find a way to hack it.
Gauthier said the hope is that PUFs like this one could help improve security even against government sponsored hacking attacks, which are generally very sophisticated and have lots of computing resources.
For example, Russia is suspected of assisting the SolarWinds hack uncovered in December. This hack is supposed to Obtained access to Department of Homeland Security officials' email accounts and the cybersecurity department staff.
“It's an ongoing struggle to develop technology that will stay one step ahead of hackers. We are trying to develop a technology that no hacker – no matter what your resources, no matter what supercomputer you are using – can crack. "
The researchers have applied for an international patent for their PUF device.
The team's goal is to go beyond research and commercialize the technology quickly. Gauthier and two partners recently founded Verilock with the goal of bringing a product to market within a year.
“We see this technology as a real enabler for cybersecurity. This novel approach to a strong PUF may prove to be virtually unhackable, ”said Jim Northup, CEO of Verilock.
Source: Ohio State University