Abstract
Physically unclonable functions (PUFs) exploit the unavoidable manufacturing variations of an Integrated Circuit (IC). Their input-output behavior serves as a unique IC “fingerprint.” Therefore, they have been envisioned as an IC authentication mechanism, in particular the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review 19 proposals in chronological order: from the original strong PUF proposal (2001) to the more complicated noise bifurcation and system of PUF proposals (2014). The assessment is aided by a unified notation and a transparent framework of PUF protocol requirements.
- Ramzi Bassil, Wissam El-Beaino, Ayman I. Kayssi, and Ali Chehab. 2011. A PUF-based ultra-lightweight mutual-authentication RFID protocol. In 6th International Conference for Internet Technology and Secured Transactions (ICITST’11). 495--499.Google Scholar
- Georg T. Becker. 2015. On the pitfalls of using arbiter PUFs as building blocks. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 8 (2015), 1295--1307.Google ScholarCross Ref
- Georg T. Becker and Raghavan Kumar. 2014. Active and passive side-channel attacks on delay based PUF designs. IACR Cryptology ePrint Archive 2014, 287. http://eprint.iacr.org/2014/287.Google Scholar
- Leonid Bolotnyy and Gabriel Robins. 2007. Physically unclonable function-based security and privacy in RFID systems. In 5th International Conference on Pervasive Computing and Communications (PerCom’07). 211--220. Google ScholarDigital Library
- Xavier Boyen, Yevgeniy Dodis, Jonathan Katz, Rafail Ostrovsky, and Adam Smith. 2005. Secure remote authentication using biometric data. In Advances in Cryptology - EUROCRYPT 2005, 24th International Conference on the Theory and Applications of Cryptographic Techniques. 147--163. Google ScholarDigital Library
- Pier Francesco Cortese, Francesco Gemmiti, Bernardo Palazzi, Maurizio Pizzonia, and Massimo Rimondini. 2010. Efficient and practical authentication of PUF-based RFID tags in supply chains. In International Conference on RFID-Technology and Applications (RFID-TA’10). 182--188.Google ScholarCross Ref
- Amitabh Das, Ünal Kocabaş, Ahmad-Reza Sadeghi, and Ingrid Verbauwhede. 2012. PUF-based secure test wrapper design for cryptographic SoC testing. In Conference & Exhibition on Design, Automation & Test in Europe (DATE’& Test in Europe (DATE’’12). 866--869. Google ScholarDigital Library
- Jeroen Delvaux, Dawu Gu, Dries Schellekens, and Ingrid Verbauwhede. 2015. Helper data algorithms for PUF-based key generation: Overview and analysis. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 34, 6 (2015), 889--902.Google ScholarDigital Library
- Jeroen Delvaux and Ingrid Verbauwhede. 2014. Attacking PUF-based pattern matching key generators via helper data manipulation. In Topics in Cryptology - CT-RSA 2014, The Cryptographers’ Track at the RSA Conference 2014. 106--131.Google Scholar
- Srinivas Devadas, G. Edward Suh, Sid Paral, Richard Sowell, Tom Ziola, and Vivek Khandelwal. 2008. Design and implementation of PUF-based “unclonable” RFID ICs for anti-counterfeiting and security applications. In International Conference on RFID. 58--64.Google ScholarCross Ref
- Yevgeniy Dodis, Rafail Ostrovsky, Leonid Reyzin, and Adam Smith. 2008. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38, 1 (2008), 97--139. Google ScholarDigital Library
- Yevgeniy Dodis, Leonid Reyzin, and Adam Smith. 2004. Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In Advances in Cryptology - EUROCRYPT 2004, International Conference on the Theory and Applications of Cryptographic Techniques. 523--540.Google Scholar
- Blaise Gassend. 2003. Physical Random Functions. Master’s thesis. Massachusetts Institute of Technology.Google Scholar
- Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, and Srinivas Devadas. 2002a. Controlled physical random functions. In ACSAC. IEEE Computer Society, 149--160. Google ScholarDigital Library
- Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, and Srinivas Devadas. 2002b. Silicon physical random functions. In ACM Conference on Computer and Communications Security, Vijayalakshmi Atluri (Ed.). ACM, 148--160. Google ScholarDigital Library
- Blaise Gassend, Marten van Dijk, Dwaine E. Clarke, Emina Torlak, Srinivas Devadas, and Pim Tuyls. 2008. Controlled physical random functions and applications. ACM Transactions on Information and System Security 10, 4, Article 3 (Jan. 2008). Google ScholarDigital Library
- Jorge Guajardo, Sandeep S. Kumar, Geert Jan Schrijen, and Pim Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. In 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’07). 63--80. Google ScholarDigital Library
- Ghaith Hammouri, Erdinç Öztürk, and Berk Sunar. 2008. A tamper-proof and lightweight authentication scheme. Pervasive and Mobile Computing 4, 6 (2008), 807--818. Google ScholarDigital Library
- ZhangQing He and Ling Zou. 2012. High-efficient RFID authentication protocol based on physical unclonable function. In 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM’12). 1--4.Google ScholarCross Ref
- Clemens Helfmeier, Christian Boit, Dmitry Nedospasov, and Jean-Pierre Seifert. 2013. Cloning physically unclonable functions. In International Symposium on Hardware-Oriented Security and Trust (HOST’13). 1--6.Google ScholarCross Ref
- Jens Hermans, Roel Peeters, and Junfeng Fan. 2013. IBIHOP: Proper privacy preserving mutual RFID authentication. In Workshop on RFID and IoT Security - RFIDSec Asia 2013. 45--56.Google Scholar
- Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu. 2009. Power-Up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Transactions on Computers 58, 9 (2009), 1198--1210. Google ScholarDigital Library
- Yongming Jin, Wei Xin, Huiping Sun, and Zhong Chen. 2012. PUF-based RFID authentication protocol against secret key leakage. In 14th Asia-Pacific Web Conference on Web Technologies and Applications (APWeb’12). 318--329. Google ScholarDigital Library
- Seung Wook Jung and Souhwan Jung. 2013. HRP: A HMAC-based RFID mutual authentication protocol using PUF. In International Conference on Information Networking (ICOIN’13). 578--582. Google ScholarDigital Library
- Deniz Karakoyunlu and Berk Sunar. 2010. Differential template attacks on PUF enabled cryptographic devices. In 2010 IEEE International Workshop on Information Forensics and Security (WIFS). 1--6.Google ScholarCross Ref
- Sleyman Kardaş, Serkan Çelik, Muhammet Yildiz, and Albert Levi. 2012. PUF-enhanced offline RFID security and privacy. Joural of Network and Computer Applications 35, 6 (Nov. 2012), 2059--2067. Google ScholarDigital Library
- Süleyman Kardaş, Mete Akgün, Mehmet Sabir Kiraz, and Hüseyin Demirci. 2011. Cryptanalysis of lightweight mutual authentication and ownership transfer for RFID systems. In 2011 Workshop on Lightweight Security Privacy: Devices, Protocols and Applications (LightSec). 20--25. Google ScholarDigital Library
- Stefan Katzenbeisser, Ünal Kocabaş, Vincent van der Leest, Ahmad-Reza Sadeghi, Geert-Jan Schrijen, and Christian Wachsmann. 2011a. Recyclable PUFs: Logically reconfigurable PUFs. J. Cryptographic Engineering 1, 3 (2011), 177--186.Google ScholarCross Ref
- Stefan Katzenbeisser, Ünal Kocabaş, Vincent van der Leest, Ahmad-Reza Sadeghi, Geert-Jan Schrijen, Heike Schröder, and Christian Wachsmann. 2011b. Recyclable PUFs: Logically reconfigurable PUFs. In 13th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’11). 374--389. Google ScholarDigital Library
- Ünal Kocabaş, Andreas Peter, Stefan Katzenbeisser, and Ahmad-Reza Sadeghi. 2012. Converse PUF-based authentication. In 5th International Conference on Trust and Trustworthy Computing (TRUST’12). 142--158. Google ScholarDigital Library
- Sven Tenzing Choden Konigsmark, Leslie K. Hwang, Deming Chen, and Martin D. F. Wong. 2014. System-of-PUFs: Multilevel security for embedded systems. In International Conference on Hardware/Software Codesign and System Synthesis (CODES+ISSS’14). 1--10. Google ScholarDigital Library
- Mihir Bellare, Ran Canetti, and Hugo Krawczyk. 1996. Keying hash functions for message authentication. In Proceedings of the 16th International Cryptology Conference on Advances in Cryptology (CRYPTO'96). 1--15. Google ScholarDigital Library
- Lars Kulseng, Zhen Yu, Yawen Wei, and Yong Guan. 2010. Lightweight mutual authentication and ownership transfer for RFID systems. In 29th International Conference on Computer Communications (INFOCOM’10). 251--255. Google ScholarDigital Library
- Jae W. Lee, Daihyun Lim, Blaise Gassend, G. Edward Suh, Marten van Dijk, and Srinivas Devadas. 2004. A technique to build a secret key in integrated circuits for identification and authentication applications. In Symposium on VLSI Circuits. 176--179.Google ScholarCross Ref
- Young Sil Lee, Tae Yong Kim, and Hoon Jae Lee. 2012. Mutual authentication protocol for enhanced RFID security and anti-counterfeiting. In 26th International Conference on Advanced Information Networking and Applications Workshops (WAINA’12). 558--563. Google ScholarDigital Library
- Young Sil Lee, Hoon Jae Lee, and Esko Alasaarela. 2013. Mutual authentication in wireless body sensor networks (WBSN) based on Physical Unclonable Function (PUF). In 9th International Wireless Communications and Mobile Computing Conference (IWCMC’13). 1314--1318.Google ScholarCross Ref
- Roel Maes. 2012. Physically Unclonable Functions: Constructions, Properies and Applications. Ph.D. Dissertation. KU Leuven.Google Scholar
- Roel Maes. 2013. An accurate probabilistic reliability model for silicon PUFs. In 15th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’13). 73--89. Google ScholarDigital Library
- Mehrdad Majzoobi, Farinaz Koushanfar, and Miodrag Potkonjak. 2008. Testing techniques for hardware security. In International Test Conference (ITC’08). 1--10.Google ScholarCross Ref
- Mehrdad Majzoobi, Masoud Rostami, Farinaz Koushanfar, Dan S. Wallach, and Srinivas Devadas. 2012. Slender PUF protocol: A lightweight, robust, and secure authentication by substring matching. In Symposium on Security and Privacy Workshops. 33--44. Google ScholarDigital Library
- Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl. 2011a. Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In 6th Workshop on Embedded Systems Security (WESS’11). Google ScholarDigital Library
- Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl. 2011b. Side-channel analysis of PUFs and fuzzy extractors. In 4th International Conference on Trust and Trustworthy Computing (TRUST’11). 33--47. Google ScholarDigital Library
- Mohammad Ali Orumiehchiha, Josef Pieprzyk, and Ron Steinfeld. 2013. Breaking NLM-MAC Generator. Cryptology ePrint Archive, Report 2013/202. http://eprint.iacr.org/.Google Scholar
- Erdinç Öztürk, Ghaith Hammouri, and Berk Sunar. 2008. Towards robust low cost authentication for pervasive devices. In PerCom. IEEE Computer Society, 170--178. Google ScholarDigital Library
- Ravikanth Srinivasa Pappu. 2001. Physical One-Way Functions. Ph.D. dissertation. MIT. Google ScholarDigital Library
- Zdenek Sid Paral and Srinivas Devadas. 2011. Reliable and efficient PUF-based key generation using pattern matching. In HOST. IEEE Computer Society, 128--133.Google Scholar
- Damith C. Ranasinghe, Daniel W. Engels, and Peter H. Cole. 2004. Security and privacy: Modest proposals for low-cost RFID systems. In Auto-ID Labs Research Workshop.Google Scholar
- Marko M. Riedel. 2014. Random permutation statistics. http://en.wikipedia.org/wiki/Random_permutation_statistics.Google Scholar
- Masoud Rostami, Mehrdad Majzoobi, Farinaz Koushanfar, Dan S. Wallach, and Srinivas Devadas. 2014. Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Transactions on Emerging Topics in Computing 2, 1 (2014), 37--49.Google ScholarCross Ref
- Ulrich Rührmair, Frank Sehnke, Jan Sölter, Gideon Dror, Srinivas Devadas, and Jürgen Schmidhuber. 2010. Modeling attacks on physical unclonable functions. In 17th Conference on Computer and Communications Security (CCS’10). 237--249. Google ScholarDigital Library
- Ulrich Rührmair, Jan Sölter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jürgen Schmidhuber, Wayne Burleson, and Srinivas Devadas. 2013. PUF modeling attacks on simulated and silicon data. IEEE Transactions on Information Forensics and Security 8, 11 (2013), 1876--1891. Google ScholarDigital Library
- Ulrich Rührmair, Xiaolin Xu, Jan Sölter, Ahmed Mahmoud, Mehrdad Majzoobi, Farinaz Koushanfar, and Wayne P. Burleson. 2014. Efficient power and timing side channels for physical unclonable functions. In 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’14). 476--492. Google ScholarDigital Library
- Ahmad-Reza Sadeghi, Ivan Visconti, and Christian Wachsmann. 2010. Enhancing RFID security and privacy by physically unclonable functions. In Towards Hardware-Intrinsic Security - Foundations and Practice. 281--305.Google Scholar
- Masoumeh Safkhani, Nasour Bagheri, and Majid Naderi. 2011. Security analysis of a PUF based RFID authentication protocol. IACR Cryptology ePrint Archive 2011, 704. http://eprint.iacr.org/2011/704.Google Scholar
- Sergei P. Skorobogatov. 2005. Semi-Invasive Attacks—A New Approach to Hardware Security Analysis. Technical Report UCAM-CL-TR-630. University of Cambridge, Computer Laboratory.Google Scholar
- Gookwon Edward Suh and Srinivas Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In 44th Design Automation Conference (DAC’07). 9--14. Google ScholarDigital Library
- Shahin Tajik, Enrico Dietz, Sven Frohmann, Jean-Pierre Seifert, Dmitry Nedospasov, Clemens Helfmeier, Christian Boit, and Helmar Dittrich. 2014. Physical characterization of arbiter PUFs. In 16th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’14). 493--509. Google ScholarDigital Library
- Pim Tuyls and Lejla Batina. 2006. RFID-tags for anti-counterfeiting. In Topics in Cryptology - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference 2006. 115--131. Google ScholarDigital Library
- Anthony Van Herrewege, Stefan Katzenbeisser, Roel Maes, Roel Peeters, Ahmad-Reza Sadeghi, Ingrid Verbauwhede, and Christian Wachsmann. 2012. Reverse fuzzy extractors: Enabling lightweight mutual authentication for PUF-enabled RFIDs. In 16th International Conference on Financial Cryptography and Data Security (FC’12). 374--389.Google ScholarCross Ref
- Yuanzhong Xu and Zhangqing He. 2012. Design of a security protocol for low-cost RFID. In 8th International Conference on Wireless Communications, Networking and Mobile Computing (WiCOM’12). 1--3.Google ScholarCross Ref
- Meng-Day (Mandel) Yu, David M’Raïhi, Ingrid Verbauwhede, and Srinivas Devadas. 2014. A noise bifurcation architecture for linear additive physical functions. In International Symposium on Hardware-Oriented Security and Trust (HOST’14). 124--129.Google ScholarCross Ref
Index Terms
- A Survey on Lightweight Entity Authentication with Strong PUFs
Recommendations
Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible?
Proceedings of the 16th International Workshop on Cryptographic Hardware and Embedded Systems --- CHES 2014 - Volume 8731Physically unclonable functions PUFs exploit the unavoidable manufacturing variations of an integrated circuit IC. Their input-output behavior serves as a unique IC 'fingerprint'. Therefore, they have been envisioned as an IC authentication mechanism, ...
Short Paper: XOR Arbiter PUFs Have Systematic Response Bias
Financial Cryptography and Data SecurityAbstractWe demonstrate that XOR Arbiter PUFs with an even number of arbiter chains have inherently biased responses, even if all arbiter chains are perfectly unbiased. This rebukes the believe that XOR Arbiter PUFs are, like Arbiter PUFs, unbiased when ...
Photonic Side-Channel Analysis of Arbiter PUFs
As intended by its name, physically unclonable functions (PUFs) are considered as an ultimate solution to deal with insecure storage, hardware counterfeiting, and many other security problems. However, many different successful attacks have already ...
Comments