Abstract
Side-channel attacks on cryptographic implementations threaten system security via the loss of the secret key. Fresh re-keying techniques aim to mitigate these attacks by regularly updating the key so that the side-channel exposure for each key is minimized. Existing key update schemes generate fresh keys by processing a root key with arithmetic operations which have, unfortunately, been demonstrated to be also vulnerable to side-channel attacks. We propose a novel approach to fresh re-keying that replaces the arithmetic key update function with a strong Physically Unclonable Function (PUF). We show that the security of our scheme hinges on the resilience of the PUF to a power side-channel attack and propose a realization based on a Subthreshold Current Array (SCA) PUF. We show that SCA-PUF is resistant to simple power analysis and that it is resilient to a modeling attack that uses machine learning on the power side-channel. We target an insecure device and secure server encryption scenario for which we provide an efficient and scalable method of PUF enrollment. We finally propose an end-to-end encryption system with the PUF-based fresh re-keying scheme, using a reverse fuzzy extractor construction.