survey

A Survey on Lightweight Entity Authentication with Strong PUFs

Authors:
Jeroen Delvaux

KU Leuven and Shanghai Jiao Tong University and iMinds, Leuven, Belgium

KU Leuven and Shanghai Jiao Tong University and iMinds, Leuven, Belgium
View Profile

,
Roel Peeters

KU Leuven and iMinds

KU Leuven and iMinds
View Profile

,
Dawu Gu

Shanghai Jiao Tong University, Shanghai, China

Shanghai Jiao Tong University, Shanghai, China
View Profile

,
Ingrid Verbauwhede

KU Leuven and iMinds, Leuven, Belgium

KU Leuven and iMinds, Leuven, Belgium
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 48 Issue 2Article No.: 26pp 1–42https://doi.org/10.1145/2818186

Published:12 October 2015Publication History

ACM Computing Surveys

Abstract

Physically unclonable functions (PUFs) exploit the unavoidable manufacturing variations of an Integrated Circuit (IC). Their input-output behavior serves as a unique IC “fingerprint.” Therefore, they have been envisioned as an IC authentication mechanism, in particular the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review 19 proposals in chronological order: from the original strong PUF proposal (2001) to the more complicated noise bifurcation and system of PUF proposals (2014). The assessment is aided by a unified notation and a transparent framework of PUF protocol requirements.

References

Ramzi Bassil, Wissam El-Beaino, Ayman I. Kayssi, and Ali Chehab. 2011. A PUF-based ultra-lightweight mutual-authentication RFID protocol. In 6th International Conference for Internet Technology and Secured Transactions (ICITST’11). 495--499.Google Scholar
Georg T. Becker. 2015. On the pitfalls of using arbiter PUFs as building blocks. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 8 (2015), 1295--1307.Google ScholarCross Ref
Georg T. Becker and Raghavan Kumar. 2014. Active and passive side-channel attacks on delay based PUF designs. IACR Cryptology ePrint Archive 2014, 287. http://eprint.iacr.org/2014/287.Google Scholar
Leonid Bolotnyy and Gabriel Robins. 2007. Physically unclonable function-based security and privacy in RFID systems. In 5th International Conference on Pervasive Computing and Communications (PerCom’07). 211--220. Google ScholarDigital Library
Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. 2005. Secure remote authentication using biometric data. In Advances in Cryptology - EUROCRYPT 2005, 24th International Conference on the Theory and Applications of Cryptographic Techniques. 147--163. Google ScholarDigital Library
Pier Francesco Cortese, Francesco Gemmiti, Bernardo Palazzi, Maurizio Pizzonia, and Massimo Rimondini. 2010. Efficient and practical authentication of PUF-based RFID tags in supply chains. In International Conference on RFID-Technology and Applications (RFID-TA’10). 182--188.Google ScholarCross Ref
Amitabh Das, Ünal Kocabaş, Ahmad-Reza Sadeghi, and Ingrid Verbauwhede. 2012. PUF-based secure test wrapper design for cryptographic SoC testing. In Conference & Exhibition on Design, Automation & Test in Europe (DATE’& Test in Europe (DATE’’12). 866--869. Google ScholarDigital Library
Jeroen Delvaux, Dawu Gu, Dries Schellekens, and Ingrid Verbauwhede. 2015. Helper data algorithms for PUF-based key generation: Overview and analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 6 (2015), 889--902.Google ScholarDigital Library
Jeroen Delvaux and Ingrid Verbauwhede. 2014. Attacking PUF-based pattern matching key generators via helper data manipulation. In Topics in Cryptology - CT-RSA 2014, The Cryptographers’ Track at the RSA Conference 2014. 106--131.Google Scholar
Srinivas Devadas, G. Edward Suh, Sid Paral, Richard Sowell, Tom Ziola, and Vivek Khandelwal. 2008. Design and implementation of PUF-based “unclonable” RFID ICs for anti-counterfeiting and security applications. In International Conference on RFID. 58--64.Google ScholarCross Ref
Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. 2008. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38, 1 (2008), 97--139. Google ScholarDigital Library
Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. 2004. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques. 523--540.Google Scholar
Blaise Gassend. 2003. Physical Random Functions. Master’s thesis. Massachusetts Institute of Technology.Google Scholar
Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, and Srinivas Devadas. 2002a. Controlled physical random functions. In ACSAC. IEEE Computer Society, 149--160. Google ScholarDigital Library
Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, and Srinivas Devadas. 2002b. Silicon physical random functions. In ACM Conference on Computer and Communications Security, Vijayalakshmi Atluri (Ed.). ACM, 148--160. Google ScholarDigital Library
Blaise Gassend, Marten van Dijk, Dwaine E. Clarke, Emina Torlak, Srinivas Devadas, and Pim Tuyls. 2008. Controlled physical random functions and applications. ACM Transactions on Information and System Security 10, 4, Article 3 (Jan. 2008). Google ScholarDigital Library
Jorge Guajardo, Sandeep S. Kumar, Geert Jan Schrijen, and Pim Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. In 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’07). 63--80. Google ScholarDigital Library
Ghaith Hammouri, Erdinç Öztürk, and Berk Sunar. 2008. A tamper-proof and lightweight authentication scheme. Pervasive and Mobile Computing 4, 6 (2008), 807--818. Google ScholarDigital Library
ZhangQing He and Ling Zou. 2012. High-efficient RFID authentication protocol based on physical unclonable function. In 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM’12). 1--4.Google ScholarCross Ref
Clemens Helfmeier, Christian Boit, Dmitry Nedospasov, and Jean-Pierre Seifert. 2013. Cloning physically unclonable functions. In International Symposium on Hardware-Oriented Security and Trust (HOST’13). 1--6.Google ScholarCross Ref
Jens Hermans, Roel Peeters, and Junfeng Fan. 2013. IBIHOP: Proper privacy preserving mutual RFID authentication. In Workshop on RFID and IoT Security - RFIDSec Asia 2013. 45--56.Google Scholar
Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu. 2009. Power-Up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Transactions on Computers 58, 9 (2009), 1198--1210. Google ScholarDigital Library
Yongming Jin, Wei Xin, Huiping Sun, and Zhong Chen. 2012. PUF-based RFID authentication protocol against secret key leakage. In 14th Asia-Pacific Web Conference on Web Technologies and Applications (APWeb’12). 318--329. Google ScholarDigital Library
Seung Wook Jung and Souhwan Jung. 2013. HRP: A HMAC-based RFID mutual authentication protocol using PUF. In International Conference on Information Networking (ICOIN’13). 578--582. Google ScholarDigital Library
Deniz Karakoyunlu and Berk Sunar. 2010. Differential template attacks on PUF enabled cryptographic devices. In 2010 IEEE International Workshop on Information Forensics and Security (WIFS). 1--6.Google ScholarCross Ref
Sleyman Kardaş, Serkan Çelik, Muhammet Yildiz, and Albert Levi. 2012. PUF-enhanced offline RFID security and privacy. Joural of Network and Computer Applications 35, 6 (Nov. 2012), 2059--2067. Google ScholarDigital Library
Süleyman Kardaş, Mete Akgün, Mehmet Sabir Kiraz, and Hüseyin Demirci. 2011. Cryptanalysis of lightweight mutual authentication and ownership transfer for RFID systems. In 2011 Workshop on Lightweight Security Privacy: Devices, Protocols and Applications (LightSec). 20--25. Google ScholarDigital Library
Stefan Katzenbeisser, Ünal Kocabaş, Vincent van der Leest, Ahmad-Reza Sadeghi, Geert-Jan Schrijen, and Christian Wachsmann. 2011a. Recyclable PUFs: Logically reconfigurable PUFs. J. Cryptographic Engineering 1, 3 (2011), 177--186.Google ScholarCross Ref
Stefan Katzenbeisser, Ünal Kocabaş, Vincent van der Leest, Ahmad-Reza Sadeghi, Geert-Jan Schrijen, Heike Schröder, and Christian Wachsmann. 2011b. Recyclable PUFs: Logically reconfigurable PUFs. In 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’11). 374--389. Google ScholarDigital Library
Ünal Kocabaş, Andreas Peter, Stefan Katzenbeisser, and Ahmad-Reza Sadeghi. 2012. Converse PUF-based authentication. In 5th International Conference on Trust and Trustworthy Computing (TRUST’12). 142--158. Google ScholarDigital Library
Sven Tenzing Choden Konigsmark, Leslie K. Hwang, Deming Chen, and Martin D. F. Wong. 2014. System-of-PUFs: Multilevel security for embedded systems. In International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS’14). 1--10. Google ScholarDigital Library
Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Keying hash functions for message authentication. In Proceedings of the 16th International Cryptology Conference on Advances in Cryptology (CRYPTO'96). 1--15. Google ScholarDigital Library
Lars Kulseng, Zhen Yu, Yawen Wei, and Yong Guan. 2010. Lightweight mutual authentication and ownership transfer for RFID systems. In 29th International Conference on Computer Communications (INFOCOM’10). 251--255. Google ScholarDigital Library
Jae W. Lee, Daihyun Lim, Blaise Gassend, G. Edward Suh, Marten van Dijk, and Srinivas Devadas. 2004. A technique to build a secret key in integrated circuits for identification and authentication applications. In Symposium on VLSI Circuits. 176--179.Google ScholarCross Ref
Young Sil Lee, Tae Yong Kim, and Hoon Jae Lee. 2012. Mutual authentication protocol for enhanced RFID security and anti-counterfeiting. In 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA’12). 558--563. Google ScholarDigital Library
Young Sil Lee, Hoon Jae Lee, and Esko Alasaarela. 2013. Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF). In 9th International Wireless Communications and Mobile Computing Conference (IWCMC’13). 1314--1318.Google ScholarCross Ref
Roel Maes. 2012. Physically Unclonable Functions: Constructions, Properies and Applications. Ph.D. Dissertation. KU Leuven.Google Scholar
Roel Maes. 2013. An accurate probabilistic reliability model for silicon PUFs. In 15th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’13). 73--89. Google ScholarDigital Library
Mehrdad Majzoobi, Farinaz Koushanfar, and Miodrag Potkonjak. 2008. Testing techniques for hardware security. In International Test Conference (ITC’08). 1--10.Google ScholarCross Ref
Mehrdad Majzoobi, Masoud Rostami, Farinaz Koushanfar, Dan S. Wallach, and Srinivas Devadas. 2012. Slender PUF protocol: A lightweight, robust, and secure authentication by substring matching. In Symposium on Security and Privacy Workshops. 33--44. Google ScholarDigital Library
Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl. 2011a. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS’11). Google ScholarDigital Library
Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl. 2011b. Side-channel analysis of PUFs and fuzzy extractors. In 4th International Conference on Trust and Trustworthy Computing (TRUST’11). 33--47. Google ScholarDigital Library
Mohammad Ali Orumiehchiha, Josef Pieprzyk, and Ron Steinfeld. 2013. Breaking NLM-MAC Generator. Cryptology ePrint Archive, Report 2013/202. http://eprint.iacr.org/.Google Scholar
Erdinç Öztürk, Ghaith Hammouri, and Berk Sunar. 2008. Towards robust low cost authentication for pervasive devices. In PerCom. IEEE Computer Society, 170--178. Google ScholarDigital Library
Ravikanth Srinivasa Pappu. 2001. Physical One-Way Functions. Ph.D. dissertation. MIT. Google ScholarDigital Library
Zdenek Sid Paral and Srinivas Devadas. 2011. Reliable and efficient PUF-based key generation using pattern matching. In HOST. IEEE Computer Society, 128--133.Google Scholar
Damith C. Ranasinghe, Daniel W. Engels, and Peter H. Cole. 2004. Security and privacy: Modest proposals for low-cost RFID systems. In Auto-ID Labs Research Workshop.Google Scholar
Marko M. Riedel. 2014. Random permutation statistics. http://en.wikipedia.org/wiki/Random_permutation_statistics.Google Scholar
Masoud Rostami, Mehrdad Majzoobi, Farinaz Koushanfar, Dan S. Wallach, and Srinivas Devadas. 2014. Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Transactions on Emerging Topics in Computing 2, 1 (2014), 37--49.Google ScholarCross Ref
Ulrich Rührmair, Frank Sehnke, Jan Sölter, Gideon Dror, Srinivas Devadas, and Jürgen Schmidhuber. 2010. Modeling attacks on physical unclonable functions. In 17th Conference on Computer and Communications Security (CCS’10). 237--249. Google ScholarDigital Library
Ulrich Rührmair, Jan Sölter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jürgen Schmidhuber, Wayne Burleson, and Srinivas Devadas. 2013. PUF modeling attacks on simulated and silicon data. IEEE Transactions on Information Forensics and Security 8, 11 (2013), 1876--1891. Google ScholarDigital Library
Ulrich Rührmair, Xiaolin Xu, Jan Sölter, Ahmed Mahmoud, Mehrdad Majzoobi, Farinaz Koushanfar, and Wayne P. Burleson. 2014. Efficient power and timing side channels for physical unclonable functions. In 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’14). 476--492. Google ScholarDigital Library
Ahmad-Reza Sadeghi, Ivan Visconti, and Christian Wachsmann. 2010. Enhancing RFID security and privacy by physically unclonable functions. In Towards Hardware-Intrinsic Security - Foundations and Practice. 281--305.Google Scholar
Masoumeh Safkhani, Nasour Bagheri, and Majid Naderi. 2011. Security analysis of a PUF based RFID authentication protocol. IACR Cryptology ePrint Archive 2011, 704. http://eprint.iacr.org/2011/704.Google Scholar
Sergei P. Skorobogatov. 2005. Semi-Invasive Attacks—A New Approach to Hardware Security Analysis. Technical Report UCAM-CL-TR-630. University of Cambridge, Computer Laboratory.Google Scholar
Gookwon Edward Suh and Srinivas Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In 44th Design Automation Conference (DAC’07). 9--14. Google ScholarDigital Library
Shahin Tajik, Enrico Dietz, Sven Frohmann, Jean-Pierre Seifert, Dmitry Nedospasov, Clemens Helfmeier, Christian Boit, and Helmar Dittrich. 2014. Physical characterization of arbiter PUFs. In 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’14). 493--509. Google ScholarDigital Library
Pim Tuyls and Lejla Batina. 2006. RFID-tags for anti-counterfeiting. In Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006. 115--131. Google ScholarDigital Library
Anthony Van Herrewege, Stefan Katzenbeisser, Roel Maes, Roel Peeters, Ahmad-Reza Sadeghi, Ingrid Verbauwhede, and Christian Wachsmann. 2012. Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs. In 16th International Conference on Financial Cryptography and Data Security (FC’12). 374--389.Google ScholarCross Ref
Yuanzhong Xu and Zhangqing He. 2012. Design of a security protocol for low-cost RFID. In 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM’12). 1--3.Google ScholarCross Ref
Meng-Day (Mandel) Yu, David M’Raïhi, Ingrid Verbauwhede, and Srinivas Devadas. 2014. A noise bifurcation architecture for linear additive physical functions. In International Symposium on Hardware-Oriented Security and Trust (HOST’14). 124--129.Google ScholarCross Ref

Index Terms

A Survey on Lightweight Entity Authentication with Strong PUFs

Recommendations

Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible?
Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731

Physically unclonable functions PUFs exploit the unavoidable manufacturing variations of an integrated circuit IC. Their input-output behavior serves as a unique IC 'fingerprint'. Therefore, they have been envisioned as an IC authentication mechanism, ...
Read More
Short Paper: XOR Arbiter PUFs Have Systematic Response Bias
Financial Cryptography and Data Security
Abstract
We demonstrate that XOR Arbiter PUFs with an even number of arbiter chains have inherently biased responses, even if all arbiter chains are perfectly unbiased. This rebukes the believe that XOR Arbiter PUFs are, like Arbiter PUFs, unbiased when ...
Read More
Photonic Side-Channel Analysis of Arbiter PUFs

As intended by its name, physically unclonable functions (PUFs) are considered as an ultimate solution to deal with insecure storage, hardware counterfeiting, and many other security problems. However, many different successful attacks have already ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 48, Issue 2
November 2015
615 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/2830539
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering/University of Florida/Gainesville, FL
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 12 October 2015
- Accepted: 1 July 2015
- Revised: 1 April 2015
- Received: 1 January 2015
Published in csur Volume 48, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Physically unclonable function
entity authentication
lightweight
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 153
  Total Citations
  View Citations
- 1,251
  Total Downloads
- Downloads (Last 12 months)106
- Downloads (Last 6 weeks)14
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

A Survey on Lightweight Entity Authentication with Strong PUFs

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible?

Short Paper: XOR Arbiter PUFs Have Systematic Response Bias

Photonic Side-Channel Analysis of Arbiter PUFs