NAND Flash Can Verify a Device's Identity

← Back to Stories (view on slashdot.org)

NAND Flash Can Verify a Device's Identity

Posted by timothy on Saturday August 13, 2011 @05:30AM from the by-your-errors-shall-we-know-ye dept.

itwbennett writes "Researchers at UC San Diego and Cornell University have developed software that they say can detect variations in flash behavior that are unique to each chip. The system uses 'physically unclonable functions' (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions." Related: from last October, another description of such error-based identity assignment.

34 comments

Min score:

Reason:

Sort:

Which can be defeated by Anonymous Coward · 2011-08-13 05:35 · Score: 0

...which is defeated by a mitm attack spoofing the appropriate response.
1. Re:Which can be defeated by Anonymous Coward · 2011-08-13 06:27 · Score: 2, Interesting
  
  Actually that would be very difficult. The PUF has a large enough input range so that not all outputs can conceivably be retrieved. After manufacture, the device will be tested with just a few of these inputs (chosen randomly for each device) which are held securely in a database along with its serial number. To test the device, a subset of those inputs are used again with the PUF and if the outputs match within a certain tolerance then the device is genuine, otherwise it is counterfeit.
  The fact that the input space is so large and the particular function results chosen at random and kept secret, makes a man in the middle attack infeasible.
2. Re:Which can be defeated by Anonymous Coward · 2011-08-13 08:40 · Score: 0
  
  MITM spoofing the appropriate response at precisely the appropriate time.
  Kinda the whole point, you see. You have to emulate the chip. In real time.
  Yeah, good luck with that.
because bleed over is oh so awesome. by Anonymous Coward · 2011-08-13 05:37 · Score: 0

right...lets program the chips thousands of times to detect bleed over voltages and reduce the life of the device by 1000 fold to get a unique fingerprint for the flash chip.
that will certainly help eliminate counterfeits. and recude the life of the device by a factor of many thousands so consumers will have to replace the entire device more frequently. win win all around!
1. Re:because bleed over is oh so awesome. by Qzukk · 2011-08-13 08:57 · Score: 1
  
  lets program the chips thousands of times to detect bleed over voltages and reduce the life of the device by 1000 fold to get a unique fingerprint for the flash chip.
  that will certainly help eliminate counterfeits. and recude the life of the device by a factor of many thousands so consumers will have to replace the entire device more frequently. win win all around!
  That reminds me of ye olde heade knocke on 1541 floppy drives while the game checks to see if the right errors are on the disk to verify that you're not playing from a copy. I'd even imagine that these people are planning to sell this as a copy-protection feature. No more CDs/DVDs: sell your sofware on a uniquely identified 16GB stick and check to make sure they haven't copied it to a different thumbdrive.
  
  --
  If I have been able to see further than others, it is because I bought a pair of binoculars.
2. Re:because bleed over is oh so awesome. by mr_walrus · 2011-08-13 18:51 · Score: 1
  
  wasnt SD supposed to have been the uniquely identifiable memory stick for copy protection?
Yet another perfect key by geogob · 2011-08-13 05:38 · Score: 2

An the lock that goes with this 'perfect' key will most likely be picked through a deficient identification and validation system.
1. Re:Yet another perfect key by Anonymous Coward · 2011-08-13 23:36 · Score: 0
  
  If a defect can be exacerbated externally then their validation will fail. I wonder how many power fails, soft power surges or watts of RF, or rapid temperature changes that would take?
Properties get more unique as capacity goes up by CaptBubba · 2011-08-13 05:58 · Score: 3, Insightful

With increasing densities I doubt you have to go so far as to look at program disturb. Even just the distribution of bad cells which are present in all flash chips from the factory happens in a random enough manner to be able to ID each chip. There is no realistic way to be able to duplicate the bad cell pattern either. The only way you could ever hope to do it would be to get a flash chip with no defects (or only a few overlapping ones) and mark extra cells as defective. Feasible for a couple kilobit chip but not possible for gigibit densities.
A better ID system would be DRAM really. Write blanket 0s to a block of the memory and halt the refresh operation, then read it a second or two later and see how many have flipped to 1 and in what pattern (the 0 to 1 flip takes much longer than the 1 to 0 flip so it would be more reproducible).
1. Re:Properties get more unique as capacity goes up by Trepidity · 2011-08-13 06:20 · Score: 1
  
  The article's a little unclear, but I think they're trying to ID a chip design, rather than a specific individual chip. They want to be able to answer questions like: is my supplier cutting corners by putting an El Cheapo NAND chip inside a packaging labeled Expensive NAND?
  So they can't rely on properties like the bad-cell distribution of one particular chip, but they're instead trying to use ideas like, this type of chip will show this kind of failure in many fewer iterations than this other kind of chip would. The trick is to pick properties where faking them is no easier than just fabbing the right chip in the first place.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
2. Re:Properties get more unique as capacity goes up by Anonymous Coward · 2011-08-13 06:35 · Score: 0
  
  No, the purpose of PUFs is to identify specific chips.
  The scenario you are describing is already covered by standard quality control procedures, taking a sample from the batch and testing them to see if they are within the specified tolerances.
3. Re:Properties get more unique as capacity goes up by AdamHaun · 2011-08-13 09:16 · Score: 1
  
  But having several parameters to measure makes this method more reliable. Maybe they're talking about program disturb because they have a purely user-mode test. I was thinking the high-voltage outputs for program/erase or internal oscillator frequencies would be a better signature, but those require analog test pins that often aren't bonded out.
  I don't buy this as an anti-counterfeiting technique, though. That would require some kind of public access to manufacturing test databases, which is a security risk in itself. Any non-user mode tests would require access to built-in test functionality, which is not something you usually want customers to have. The high security example with the stolen cell phone was more convincing.
  
  --
  Visit the
4. Re:Properties get more unique as capacity goes up by Anonymous Coward · 2011-08-13 09:32 · Score: 0
  
  Why would it be a security risk?
5. Re:Properties get more unique as capacity goes up by AdamHaun · 2011-08-13 15:28 · Score: 1
  
  For the database -- if you can hack it, you can delete it and wreck the whole validation system. Or pull the data and use it to create valid signatures for close-enough counterfeit units. Competitors could use it for espionage on proprietary manufacturing processes, then spread rumors (true or not) about potential quality problems. Paranoid customers can complain about not getting the "best" chips. But the biggest problem is that's it's a direct link between production hardware and the public internet. Even if you're really careful about designing a one-way read-only database copying system, there's still a risk that you could screw something up, and then someone destroys your expensive test equipment.
  
  --
  Visit the
6. Re:Properties get more unique as capacity goes up by networkBoy · 2011-08-14 00:28 · Score: 1
  
  I used to work in (NOR) flash at chip densities up to 4 gBit (shows how long it's been).
  Perfect chips are gettable. Roughly the centermost third of an 8 inch wafer was flawless in my lab.
  I would figure that on a 12 inch wafer (what most NAND flash is on) that if even the inner 10th is good, you would expect a fairly high yield of "perfect" chips.
  
  --
  whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
7. Re:Properties get more unique as capacity goes up by maeka · 2011-08-14 01:48 · Score: 1
  
  While you are correct as to what the stated goal in TFA was, I think OP has an interesting insight.
  Much as in firearm forensics where there are shell casing / bullet marks characteristic of both the product line as a whole and of the specific firearm I have little doubt PUFs would be able to identify not just a unique chip, but also what model it is.
8. Re:Properties get more unique as capacity goes up by AmiMoJo · 2011-08-15 01:41 · Score: 1
  
  There is no realistic way to be able to duplicate the bad cell pattern either.
  Sure there is. The computer doesn't read the flash memory directly, it goes through the device's firmware first. In fact it is currently not possible to map out bad blocks on flash memory or HDDs because the firmware automatically re-allocates them from a pool of spares and all the PC can see is a counter incrementing in the SMART data. Some vendors have an API to get the raw details but they are not standardised, and of course the firmware could lie anyway.
  It would be a very bad idea for a company to rely on these tests for identification. A controller chip could be re-programmed to reproduce the results from the ID device. The OS and drivers could interfere too. At best the technique could be used to track devices with certain caveats, but I imagine it will also be abused by law enforcement looking for "digital fingerprints".
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
legal? by tchdab1 · 2011-08-13 06:15 · Score: 3, Insightful

How long before it's used as evidence in court?
1. Re:legal? by Trax3001BBS · 2011-08-13 06:20 · Score: 0
  
  We all have different priorities I guess, my first thought was of Spam.
Physically Unclonable Functions by Anonymous Coward · 2011-08-13 07:36 · Score: 0

A team at the Fraunhofer Institute for Secure Information Technology, Garching, Germany, has produced such physically unclonable functionality in chip circuitry by using a component's particular material properties to construct a digital key. The chip fingerprinting method relies on a correspondence between the digital key and a material property of the silicon circuit that is not easily copied. More details at http://www.tikalon.com/blog/blog.php?article=2011/chip_fingerprint
Black Box Theory by nashv · 2011-08-13 08:31 · Score: 2

From TFA

The hacker might test the NAND flash itself and store the expected values on the chip, then replay the expected results when the chip was tested. In this way, they could impersonate the authentic chip. However, tests showed that there would not be enough room on any chip to store the data needed to carry this out. The amount of data needed would grow with the capacity of the chip and would be orders of magnitude larger than its capacity, he said.
That's not what a hacker is going to do. A hacker is going to measure the chip's 'response function' to the ID/validation signals. And then he is going to find another chip. Probability dictates that for a sufficiently similar manufacturing process, another chip will have the same occurrence of behaviour NAND cells, except of course they will have a randomly different spatial location on the chip. Then all you need to do is remap the NAND cells' locations through a modified driver, and replicate the response function. YOu may not even need to have a similar occurrence of behaviours, it could be sufficient to find just enough to replicate the response function.
There is no need to have a complete deterministic model of the chip. You can treat it as a black box and replicate its essential characteristics in a different way. The principle is a mantra in reverse engineering anyway

--
Entia non sunt multiplicanda praeter necessitatem.
1. Re:Black Box Theory by JonySuede · 2011-08-13 10:37 · Score: 1
  
  I would says that blackboxing and blackmagic are the mantras of reverse engineering.
  <nostalgia>
  I remember when I cracked*1 the Orcad student version that was limited to 60 pieces to the full featured version, there was a really complex function involved in printing that counted the components but it also read things scattered all around the memory but it never seemed to write at any other place than the stack. After days and days of dead listing reading and debugging without source I was still in the dark with regard to what that function was doing. In a moment of despaired I decided to replace the start of the routine with a set of instructions the replaced the stack as it was when the function succeed and returned 0. To my amazement it worked. I tested it as hard I can to see if there were some functionalities missing but everything worked.
  </nostalgia>
  *1 legal disclaimer, I was minor at the time as it was in 1997 and I never did any cracking after this, +100hr of work for something that you can't publish under your own name is was not worth it at 17 so it is still not worth it now at 30.
  
  --
  Jehovah be praised, Oracle was not selected
2. Re:Black Box Theory by JonySuede · 2011-08-13 10:40 · Score: 1
  
  31, damn each year past faster than the last one...
  
  --
  Jehovah be praised, Oracle was not selected
DRM systems by Myria · 2011-08-13 08:47 · Score: 1

How long before it's used as evidence in court?
I'm more worried that this will be used for new DRM systems that are hard to crack. You could make some really nasty anti-tampering protections with this.

--
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
1. Re:DRM systems by maeka · 2011-08-14 01:44 · Score: 1
  
  I'm more worried that this will be used for new DRM systems that are hard to crack. You could make some really nasty anti-tampering protections with this.
  I don't see how this would be any different, as a DRM system, than a dongle. Like a dongle one doesn't try to replicate what's being checked, but rather "pinch off" and bypass the code doing the checking.
2. Re:DRM systems by ArcCoyote · 2011-08-15 03:06 · Score: 1
  
  Not reliable ones. The only DRM/anti-tamper that can't be short-circuited in code is an encryption key. Put the key in a secure chip and make it really, really hard to get to the key from outside the secure hardware. And if you are willing to accept the karma of bricking devices, zeroize the key when tampering is detected.
  Using physical characteristics of flash to generate a key is a bad idea. First, you can't quickly destroy the key to prevent tampering. If the key can be extracted from the hardware, it can be emulated. Second, flash cells wear out and their characteristics are going to change, meaning your key is going to change. Third, you might find supposedly random characteristics are rather deterministic by manufacturer, chip type, and production run, reducing your key space significantly.
Re:BUT CAN IT ID MY ASS ?? by Anonymous Coward · 2011-08-13 10:42 · Score: 0

I have an ass full of shit in my pants.
Floppy disk weakly magnetized regions by Anonymous Coward · 2011-08-13 17:04 · Score: 0

This reminds me of floppy disk weakly magnetized regions which were used for copy protection back in the Apple II days.
They would read the same sector over and over and see if some of the bits changed. If they didn't, it was a copy.
Flash can already have a unique ID and locked area by Anonymous Coward · 2011-08-13 21:05 · Score: 0

Flash parts may already have a unique ID built in (i.e. serial number), and can also have one-time-programmable memory areas. So while this is interesting, I don't really see why it's needed.
Here's a technote about these features from 2007: http://www.micron.com/get-document/?documentId=138
Presumable counterfeit devices could be detected simply by reading the flash serial number and comparing it to sales records.
1 problem by Anonymous Coward · 2011-08-13 22:22 · Score: 0

Yes there are some unique traits that exist for different NAND chips. But age, usage, temperature and other external factors will alter this over time. The result your expensive PS4? is labeled 'hacked' because it got a bit hot and damaged the chip in a manor not noticeable under normal conditions. Your games no longer run and your hardware is worthless because companies feel the need to "verify device identities".