Hardware Security and Trust: Three Biometric Approaches

In hardware, when an electronic chip fails or a functional module generates erroneous outputs, it can wreak havoc on people’s lives—from private key leakages to radar failing in battle zones during incoming air strikes.

For hardware system vendors, such security breaches can be catastrophic both to their reputation and to the essential trust that their customers require.

To address this, researchers have been exploring biometrics-based authentication as a way of reducing security vulnerability in hardware systems.

In the IT Professional magazine article, “Biometrics for Hardware Security and Trust: Discussion and Analysis,” Anirban Sengupta, Mahendra Rathor, and Rahul Chaurasia describe three such authentication approaches:

• Fingerprint
• Facial
• Palmprint

They also analyze the strengths of these techniques using an experimental validation method. Here, we offer a brief overview.

Hardware Modules: Existing Security Threats and Approaches

Cutting-edge electronic systems achieve functionalities using various modules, or intellectual property (IP) cores, developed by third-party hardware designers/vendors.

These IP cores might include

• general-purpose processor cores, which handle general-purpose applications, and
• digital signal processing (DSP) cores, which handle application-specific functionality such as video encoding/decoding and image compression/decompression.

The vulnerability of IP cores to sabotage or piracy at various points in the third-party IP core supply chain makes verifying trust essential. To this end, there are two traditional approaches:

• watermarking
• steganography

These techniques insert an IP vendor’s secret information into the design itself during the design process. Then, when the IP cores are inspected, authentic IPs can be isolated from counterfeit ones.

However, if these secret marks are leaked to attackers, it can be challenging for genuine IP vendors to prove ownership. To overcome this and other deficiencies of traditional approaches to hardware security, researchers propose the use of biometrics.

Biometrics and Hardware Security

Biometrics-based authentication techniques associate a vendor’s unique personal identity with the hardware security constraints embedded in the design.

Because each individual has unique biometric information, it can’t be replicated or copied and misused to falsely claim IP ownership or authentication. As a result, biometric approaches may offer more robust security against threats than traditional approaches.

Three Biometric Approaches

As the article describes, three common biometrics techniques are fingerprint, facial feature, and palmprint authentication.

To use biometrics for identity verification, biometric templates are created in a multistep process.

Fingerprint Biometrics

With this approach, an individual fingerprint’s inherently unique major minutiae features—such as ridge bifurcations and ridge endings—are exploited for verification to create a digital signature as follows:

• After enhancing the fingerprint and creating a skeleton, the major minutiae points are extracted.
• Each minutiae point is characterized using four attributes: x-coordinate, y-coordinate, minutiae type (bifurcation or ending), and ridge angle.
• A digital fingerprint template is created by converting these attributes into their respective binary representations, then concatenated to create a digital template for each minutiae.
• The fingerprint’s digital template is created by concatenating these individual templates; it is then converted into hardware security constraints using specific encoding rules.

The fingerprint constraints are then inserted into the design for identity verification.

Palmprint Biometrics

The signature palmprint template is generated based on an individual’s unique palmprint features, which may include

• the distance between the start and end of the life line,
• the distance between datum points of the head line and life line,
• the palm’s width and/or length, and
• the distance between consecutive intersection points on different fingers.

The dimensions of each feature are then measured and converted into the corresponding binary representation. As with fingerprints, the binary values of all features are concatenated in a chosen order to generate the palmprint signature digital template.

Facial Biometrics

In the facial-biometrics-based verification process, a facial image is used for security validation.

A facial template is created as follows:

• The vendor’s facial image is captured with a specific grid size and spacing.
• Nodal points are marked onto the facial image based on many specific features (such as forehead and face height, nasal ridge width, and interpupillary distance).
• A facial image with these target features is then generated and the feature dimensions are evaluated between two respective nodal points.
• Each dimension is converted into a corresponding binary value.

The various features’ binary values are then concatenated in a selected order to generate the final signature digital template.

Authentication Process

The general authentication process for these biometrics entails various steps, including the following

• To authenticate an IP core design, its register-transfer level (RTL) circuit is inspected to obtain register allocation information.
• This information is matched against the security constraints generated from the IP vendor’s saved biometric template.
• If the biometric constraints are found in the target design, the IP core is deemed authentic; otherwise, it may be a counterfeit.

Digging Deeper

In addition to offering detailed descriptions of the creation and authentication processes for each biometric, the article also describes the authors’ experimental validation process for biometric robustness using a probability of coincidence (Pc) metric.

To read more, check out Sengupta, Rathor, and Chaurasia’s article, “Biometrics for Hardware Security and Trust: Discussion and Analysis,” in IT Professional magazine.