A formal definition and a new security mechanism of physical unclonable functions

The characteristic novelty of what is generally meant by a "physical unclonable function" (PUF) is precisely defined, in order to supply a firm basis for security evaluations and the proposal of new security mechanisms. A PUF is defined as a hardware device which implements a physical function with an output value that changes with its argument. A PUF can be clonable, but a secure PUF must be unclonable. This proposed meaning of a PUF is cleanly delineated from the closely related concepts of "conventional unclonable function", "physically obfuscated key", "random-number generator", "controlled PUF" and "strong PUF". The structure of a systematic security evaluation of a PUF enabled by the proposed formal definition is outlined. Practically all current and novel physical (but not conventional) unclonable physical functions are PUFs by our definition. Thereby the proposed definition captures the existing intuition about what is a PUF and remains flexible enough to encompass further research. In a second part we quantitatively characterize two classes of PUF security mechanisms, the standard one, based on a minimum secret read-out time, and a novel one, based on challenge-dependent erasure of stored information. The new mechanism is shown to allow in principle the construction of a "quantum-PUF", that is absolutely secure while not requiring the storage of an exponentially large secret. The construction of a PUF that is mathematically and physically unclonable in principle does not contradict the laws of physics.Comment: 13 pages, 1 figure, Conference Proceedings MMB & DFT 2012, Kaiserslautern, German

A new Definition and Classification of Physical Unclonable Functions

A new definition of "Physical Unclonable Functions" (PUFs), the first one that fully captures its intuitive idea among experts, is presented. A PUF is an information-storage system with a security mechanism that is 1. meant to impede the duplication of a precisely described storage-functionality in another, separate system and 2. remains effective against an attacker with temporary access to the whole original system. A novel classification scheme of the security objectives and mechanisms of PUFs is proposed and its usefulness to aid future research and security evaluation is demonstrated. One class of PUF security mechanisms that prevents an attacker to apply all addresses at which secrets are stored in the information-storage system, is shown to be closely analogous to cryptographic encryption. Its development marks the dawn of a new fundamental primitive of hardware-security engineering: cryptostorage. These results firmly establish PUFs as a fundamental concept of hardware security.Comment: 6 pages, 3 figures; Proceedings "CS2 '15 Proceedings of the Second Workshop on Cryptography and Security in Computing Systems", Amsterdam, 2015, ACM Digital Librar

Secret-free security: a survey and tutorial

Classical keys, i.e., secret keys stored permanently in digital form in nonvolatile memory, appear indispensable in modern computer security-but also constitute an obvious attack target in any hardware containing them. This contradiction has led to perpetual battle between key extractors and key protectors over the decades. It is long known that physical unclonable functions (PUFs) can at least partially overcome this issue, since they enable secure hardware without the above classical keys. Unfortunately, recent research revealed that many standard PUFs still contain other types of secrets deeper in their physical structure, whose disclosure to adversaries breaks security as well: Examples include the manufacturing variations in SRAM PUFs, the power-up states of SRAM PUFs, or the signal delays in Arbiter PUFs. Most of these secrets have already been extracted in viable attacks in the past, breaking PUF-security in practice. A second generation of physical security primitives now shows potential to resolve this remaining problem, however. In certain applications, so-called Complex PUFs, SIMPLs/PPUFs, and UNOs are able to realize not just hardware that is free of classical keys in the above sense, but completely secret-free instead. In the resulting hardware systems, adversaries could hypothetically be allowed to inspect every bit and every atom, and learn any information present in any form in the system, without being able to break security. Secret-free hardware would hence promise to be innately and permanently immune against any physical or malware-based key-extraction: There simply is no security-critical information to extract anymore. Our survey and tutorial paper takes the described situation as starting point, and categorizes, formalizes, and overviews the recently evolving area of secret-free security. We propose the attempt of making hardware completely secret-free as promising endeavor in future hardware designs, at least in those application scenarios where this is logically possible. In others, we suggest that secret-free techniques could be combined with standard PUFs and classical methods to construct hybrid systems with notably reduced attack surfaces

Novel Cryptographic Authentication Mechanisms for Supply Chains and OpenStack

In this dissertation, first, we studied the Radio-Frequency Identification (RFID) tag authentication problem in supply chains. RFID tags have been widely used as a low-cost wireless method for detecting counterfeit product injection in supply chains. We open a new direction toward solving this problem by using the Non-Volatile Memory (NVM) of recent RFID tags. We propose a method based on this direction that significantly improves the availability of the system and costs less. In our method, we introduce the notion of Software Unclonability, which is a kind of one-time MAC for authenticating random inputs. Also, we introduce three lightweight constructions that are software unclonable. Second, we focus on OpenStack that is a prestigious open-source cloud platform. OpenStack takes advantage of some tokening mechanisms to establish trust between its modules and users. It turns out that when an adversary captures user tokens by exploiting a bug in a module, he gets extreme power on behalf of users. Here, we propose a novel tokening mechanism that ties commands to tokens and enables OpenStack to support short life tokens while it keeps the performance up

Quantum Lock: A Provable Quantum Communication Advantage

Physical unclonable functions(PUFs) provide a unique fingerprint to a physical entity by exploiting the inherent physical randomness. Gao et al. discussed the vulnerability of most current-day PUFs to sophisticated machine learning-based attacks. We address this problem by integrating classical PUFs and existing quantum communication technology. Specifically, this paper proposes a generic design of provably secure PUFs, called hybrid locked PUFs(HLPUFs), providing a practical solution for securing classical PUFs. An HLPUF uses a classical PUF(CPUF), and encodes the output into non-orthogonal quantum states to hide the outcomes of the underlying CPUF from any adversary. Here we introduce a quantum lock to protect the HLPUFs from any general adversaries. The indistinguishability property of the non-orthogonal quantum states, together with the quantum lockdown technique prevents the adversary from accessing the outcome of the CPUFs. Moreover, we show that by exploiting non-classical properties of quantum states, the HLPUF allows the server to reuse the challenge-response pairs for further client authentication. This result provides an efficient solution for running PUF-based client authentication for an extended period while maintaining a small-sized challenge-response pairs database on the server side. Later, we support our theoretical contributions by instantiating the HLPUFs design using accessible real-world CPUFs. We use the optimal classical machine-learning attacks to forge both the CPUFs and HLPUFs, and we certify the security gap in our numerical simulation for construction which is ready for implementation.Comment: Replacement of paper "Hybrid PUF: A Novel Way to Enhance the Security of Classical PUFs" (arXiv:2110.09469