Researchers have discovered a way to use chaos to aid in the development of digital fingerprints for electronic devices that may be distinct enough to elude even the most skilled hackers. How distinct are these fingerprints? The researchers believe it would take longer than the universe’s lifetime to test every possible combination.
How distinct are these fingerprints? The researchers believe it would take longer than the universe’s lifetime to test every possible combination. “Chaos is very, very good in our system,” said Daniel Gauthier, senior author of the study and physics professor at The Ohio State University. The study was recently published online in the IEEE Access journal.
The researchers developed a new version of a new technology known as physically unclonable functions, or PUFs, which are built into computer chips. These new PUFs, according to Gauthier, could be used to create secure ID cards, track goods in supply chains, and as part of authentication applications, where it is critical to ensure that you are not communicating with an impostor.
Researchers have found a way to use chaos to help develop digital fingerprints for electronic devices that may be unique enough to foil even the most sophisticated hackers.
“The SolarWinds hack, which was aimed at the US government, really got people thinking about how we’re going to do authentication and cryptography,” Gauthier explained. “We’re hopeful that this will contribute to the solution.”
According to Noeloikeau Charlot, lead author of the study and a doctoral student in physics at Ohio State, the new solution makes use of PUFs, which take advantage of tiny manufacturing variations found in each computer chip – variations so small that they aren’t noticeable to the end user. “Even the smallest differences found on computer chips contain a wealth of information that we can exploit to create PUFs,” Charlot said.
These minor variations, which are sometimes only visible at the atomic level, are used to generate unique sequences of 0s and 1s, which researchers in the field refer to as “secrets.” Other groups created what they thought were strong PUFs, but research revealed that they could be successfully attacked by hackers. The issue is that current PUFs only have a limited number of secrets, according to Gauthier.
“If you have a PUF with a value of 1,000, 10,000, or even a million, a hacker with the right technology and enough time can learn all the secrets on the chip,” Gauthier explained. “We believe we have discovered a method of producing an infinite number of secrets to use that will make it nearly impossible for hackers to figure out, even if they had direct access to the computer chip.” Chaos, a topic Gauthier has studied for decades, is the key to creating the improved PUF. He claims that no other PUFs have used chaos in the way that this study has.
Using a web of randomly interconnected logic gates, the researchers built a complex network in their PUFs. Logic gates combine two electric signals to generate a new signal. “We are using the gates in an unconventional manner, which results in unreliable behavior. But that’s exactly what we want. We’re taking advantage of that untrustworthy behavior to create a kind of deterministic chaos “Gauthier explained.
The chaos magnifies the chip’s minor manufacturing variations. According to Charlot, even the smallest differences, when amplified by chaos, can change the entire class of possible outcomes – in this case, the secrets that are being produced. “Chaos significantly increases the number of secrets available on a chip. Any attempts to predict the secrets will most likely be muddled as a result of this “According to Charlot.
According to Gauthier, one key to the process is allowing the chaos to run just long enough on the chip. If you let it run for too long, it becomes – well, chaotic. “We want the process to run long enough to generate patterns that are too complex for hackers to attack and guess. However, the pattern must be repeatable in order for us to use it for authentication tasks “Gauthier stated.
According to the researchers’ calculations, their PUF could generate 1077 secrets. What is the magnitude of that figure? Consider the possibility that a hacker could guess one secret every microsecond – 1 million secrets per second. According to Gauthier, it would take the hacker longer than the life of the universe, or about 20 billion years, to guess every secret available in that microchip.
The researchers attacked their PUF as part of the study to see if it could be successfully hacked. They attempted machine learning attacks, such as deep learning-based methods and model-based attacks, but they all failed. They are now making their data available to other research organizations to see if they can find a way to hack it.
According to Gauthier, the hope is that PUFs like this will help strengthen security against even state-sponsored hacker attacks, which are typically very sophisticated and supported by a large amount of computer resources. Russia, for example, is suspected of being behind the SolarWinds hack, which was discovered in December. The hack reportedly gained access to email accounts of Department of Homeland Security officials as well as the department’s cybersecurity staff.
“It is a constant battle to develop technology that can keep hackers at bay. We’re attempting to develop technology that no hacker, regardless of resources or supercomputer, will be able to crack.” For their PUF device, the researchers have applied for an international patent.
The team’s goal is to move beyond research and quickly commercialize the technology. Verilock was founded recently by Gauthier and two partners with the goal of bringing a product to market within a year. “This technology, in our opinion, will be a game changer in cybersecurity. This novel approach to creating a strong PUF may prove virtually unhackable “Jim Northup, CEO of Verilock, stated
