{"id":383,"date":"2023-07-20T13:49:55","date_gmt":"2023-07-20T17:49:55","guid":{"rendered":"https:\/\/mooney.gatech.edu\/security\/?page_id=383"},"modified":"2024-10-30T13:25:00","modified_gmt":"2024-10-30T17:25:00","slug":"puf","status":"publish","type":"page","link":"https:\/\/mooney.gatech.edu\/security\/gridtrust\/puf\/","title":{"rendered":"GridTrust PUF Setup"},"content":{"rendered":"<h1><span style=\"font-size: 24pt;\">GridTrust PUF Setup<\/span><\/h1>\n<p><a href=\"http:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-451\" src=\"http:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf.png\" alt=\"\" width=\"680\" height=\"136\" srcset=\"https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf.png 3373w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf-300x60.png 300w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf-1024x205.png 1024w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf-768x154.png 768w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf-1536x308.png 1536w, https:\/\/mooney.gatech.edu\/security\/wp-content\/uploads\/2023\/07\/gridtrust_puf-2048x410.png 2048w\" sizes=\"auto, (max-width: 680px) 100vw, 680px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>The PUF utilized by the GridTrust framework is an SRAM PUF found on the LPC55S69 microprocessor. Our PUF usage utilizes two bare-metal scripts.<\/p>\n<p>First, an enrollment script is run to initialize the PUF and store a chosen counter and AES key value. Second, an operational script is flashed to the device&#8217;s memory to deploy the PUF board.<\/p>\n<h2><strong>Source Code<\/strong><\/h2>\n<p><a href=\"https:\/\/github.com\/allahverdia\/GridTrust\">GitHub Link<\/a><\/p>\n<h2><strong>Devices Utilized<\/strong><\/h2>\n<p><a href=\"https:\/\/www.nxp.com\/design\/software\/development-software\/mcuxpresso-software-and-tools-\/lpcxpresso-boards\/lpcxpresso55s69-development-board:LPC55S69-EVK\">LPCXpresso55S69 Development Board<\/a><\/p>\n<p>Computer Running Windows 10<\/p>\n<h2><strong>Software Utilized<\/strong><\/h2>\n<p><a href=\"https:\/\/www.nxp.com\/design\/software\/development-software\/mcuxpresso-software-and-tools-\/mcuxpresso-software-development-kit-sdk:MCUXpresso-SDK\">MCUXpresso SDK and IDE<\/a><\/p>\n<h2><strong>Setup<\/strong><\/h2>\n<p>The PUF setup first enrolls a desired AES key and a 128-bit counter onto the LPC55S69 microprocessor. These steps are accomplished with the MCUXpresso SDK, available from NXP.<\/p>\n<p>PUF authentication is achieved by synchronization between the counter on the server and the counter on the PUF.<\/p>\n<p><strong>PUF Board Jumper Configuration<\/strong><\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li><span data-olk-copy-source=\"MessageBody\">Jumper on <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">J7<\/span><\/span><\/li>\n<li><span data-olk-copy-source=\"MessageBody\">Jumper on <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">J6<\/span> set to <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">FS<\/span><\/span><\/li>\n<li><span data-olk-copy-source=\"MessageBody\">Jumper on <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">P4<\/span> set to <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">3.3V<\/span><\/span><\/li>\n<li><span data-olk-copy-source=\"MessageBody\">Jumper on <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">J3<\/span> set to <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">Loc<\/span><\/span><\/li>\n<li>No other jumpers<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ol>\n<li>Install MCUXpresso SDK and IDE\n<ul>\n<li>The IDE is the graphical user interface for loading projects and programming the board, the SDK consists of backend software and device drivers for the board (we used <span data-olk-copy-source=\"MessageBody\"><span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">SDK_2.x_LPCXpresso55S69 version 2.16.000<\/span>)<\/span><\/li>\n<li>The latest MCUXpresso IDE requires a Windows computer, it will not work on the Fedora machines<\/li>\n<\/ul>\n<\/li>\n<li>Load the <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">enroll<\/span> project found on GitHub (.zip file)<\/li>\n<li>Change the counter and AES key values (or keep the defaults) found in the <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">sources\/enroll.c<\/span> file\n<ul>\n<li>The default key is <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01<\/span><\/li>\n<li>The default counter is <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\u00a0<\/span><\/li>\n<li>Found on lines 60 and 63 of <span style=\"font-size: 10pt; font-family: 'courier new', courier, monospace;\">enroll.c<\/span><\/li>\n<li>Note: these values use the same endianness as those stored in the server PostgreSQL database<\/li>\n<\/ul>\n<\/li>\n<li>Build the <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">enroll<\/span> project and run the program on the PUF board\n<ul>\n<li>In MCUXpresso, you can load the projects from GitHub using<span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\"> File -&gt; Open Projects from File System -&gt; Archive<\/span><\/li>\n<li>Connect the PUF to the computer running MCUXpresso using a USB cable<\/li>\n<li>Ensure that the cable is connected to the &#8220;debug link&#8221; USB-C port on the PUF board<\/li>\n<li>In MCUXpresso, click on the Enroll project folder in the Project Explorer tab<\/li>\n<li>In the Quickstart Panel (underneath the Project Explorer tab), press &#8220;Debug with LinkServer Probes&#8221; and wait for the debugging to complete<\/li>\n<li>Once debugging is complete, terminate the debug session<\/li>\n<\/ul>\n<\/li>\n<li>Load the <span style=\"font-family: 'courier new', courier, monospace; font-size: 10pt;\">encrypt_ctr <\/span>project found on GitHub (.zip file)\n<ul>\n<li>Follow the same substeps as above, except using the Encrypt_ctr project rather than Enroll<\/li>\n<li>All you need to do differently is click on the Encrypt_ctr project folder in the Project Explorer tab on the left of the IDE<\/li>\n<li>Once &#8220;Debug with LinkServer Probes&#8221; is run, the program is already flashed onto the board<\/li>\n<li><span style=\"color: #ff0000;\">Do not run the project (the Run button in MCUXpresso), otherwise, the counter on the board will be incremented and out-of-sync with the counter on the server<\/span><\/li>\n<\/ul>\n<\/li>\n<li>Reconnect the board to the native or interface device computer with a USB connection\n<ul>\n<li>Ensure that the cable is connected to the &#8220;debug link&#8221; USB-C port on the PUF board<\/li>\n<li>The PUF board uses flash memory, so its programmed state is persistent even when the board is powered off (which is why we can program the PUF on a Windows computer and then reconnect it to the Fedora computer)<\/li>\n<\/ul>\n<\/li>\n<li>Repeat steps for each additional PUF board<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>GridTrust PUF Setup &nbsp; The PUF utilized by the GridTrust framework is an SRAM PUF found on the LPC55S69 microprocessor. Our PUF usage utilizes two bare-metal scripts. First, an enrollment script is run to initialize the PUF and store a chosen counter and AES key value. Second, an operational script is flashed to the device&#8217;s &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/mooney.gatech.edu\/security\/gridtrust\/puf\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;GridTrust PUF Setup&#8221;<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"parent":351,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"folder":[12],"class_list":["post-383","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/comments?post=383"}],"version-history":[{"count":22,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/383\/revisions"}],"predecessor-version":[{"id":654,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/383\/revisions\/654"}],"up":[{"embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/pages\/351"}],"wp:attachment":[{"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/media?parent=383"}],"wp:term":[{"taxonomy":"folder","embeddable":true,"href":"https:\/\/mooney.gatech.edu\/security\/wp-json\/wp\/v2\/folder?post=383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}