This paper introduces a general framework for the initialization and authentication protocols in SHIELD with different adversarial models based on formally-defined security games. We introduce a ``try-and-check'' attack against DARPA's example authentication protocol in their call for SHIELD proposals which nullifies the effectiveness of SHIELD's main goal of being able to detect and trace adversarial activities with significant probability. We introduce the first concrete initialization protocol and, compared to DARPA's example authentication protocol, introduce an improved authentication protocol which resists the try-and-check attack. The area overhead of our authentication and initialization protocols together is only 64-bit NVM, one 8-bit counter and a TRNG based on a single SRAM-cell together with corresponding control logic. Our findings and rigorous analysis are of utmost importance for the teams which received DARPA's funding for implementing SHIELD.
Category / Keywords: Supply Chain Security, SHIELD, Initialization Protocol, Authentication Protocol, Formal Analysis Date: received 5 Mar 2015, last revised 14 Jun 2016 Contact author: chenglu jin at uconn edu Available format(s): PDF | BibTeX Citation Note: The protocols are modified and the formal analysis is added. Version: 20160614:163021 (All versions of this report) Short URL: ia.cr/2015/210