Anti-counterfeiting: Mixing the Physical and the Digital World

In this paper, we overview a set of desiderata for building digital anti-counterfeiting technologies that rely upon the difficulty of manufacturing randomized complex 3D objects. Then, we observe how this set is addressed by RF-DNA, an anti-counterfeiting technology recently proposed by DeJean and Kirovski. RF-DNA constructs certificates of authenticity as random objects that exhibit substantial uniqueness in the electromagnetic domain

Quantum readout of Physical Unclonable Functions: Remote authentication without trusted readers and authenticated Quantum Key Exchange without initial shared secrets

Physical Unclonable Functions (PUFs) are physical structures that are hard to clone and have a unique challenge-response behaviour. The term PUF was coined by Pappu et al. in 2001. That work triggered a lot of interest, and since then a substantial number of papers has been written about the use of a wide variety of physical structures for different security purposes such as identification, authentication, read-proof key storage, key distribution, tamper evidence, anti-counterfeiting, software-to-hardware binding and trusted computing. In this paper we propose a new security primitive: the quantum-readout PUF (QR-PUF). This is a classical PUF which is challenged using a quantum state, e.g. a single-photon state, and whose response is also a quantum state. By the no-cloning property of unknown quantum states, attackers cannot intercept challenges or responses without noticeably disturbing the readout process. Thus, a verifier who sends quantum states as challenges and receives the correct quantum states back can be certain that he is probing a specific QR-PUF without disturbances, even in the QR-PUF is far away `in the field\u27 and under hostile control. For PUFs whose information content is not exceedingly large, all currently known PUF-based authentication and anti-counterfeiting schemes require trusted readout devices in the field. Our quantum readout scheme has no such requirement. Furthermore, we show how the QR-PUF authentication scheme can be interwoven with Quantum Key Exchange (QKE), leading to an authenticated QKE protocol between two parties. This protocol has the special property that it requires no a priori secret, or entangled state, shared by the two parties

Toward An Automated Verification of Certificates of Authenticity

A certificate of authenticity (COA) is an inexpensive physical object that has a random unique structure with a high costof exact reproduction.An additional requirement is that the uniqueness of COA's random structure can be verified using an inexpensive device.Donald Bauder was the first to propose COAs created as a randomized augmentationof a setof fixed-length fibers into a transparent gluing material that fixes oncefc all the positionof the fibers within.The statistics of the positioning of fibers is used as a source of randomness that is di#cult to replicate. As oppose to recording authentic fiber-based COA structures in a database, we use public-key cryptography to authenticate COAs.During certification, the unique property of the physical object is extracted, combined with an arbitrary text, signed with the private key of the issuer, and the signature is encoded and printed as a barcode on the COA. Since the capacityof the barcode is limited, the goalof any COA system is to contain in the signed message as much infRL].EMF about the random structureof the physical object as possible.In this paper, we show that the costof ff.RL a particular COA instance is exponentially proportional to the improvement in compressing COA's random fdom.R$RL:.ER wefFMG$F. define the compression objective, show that finding its optimal solution is an NP-hard problem, and propose a heuristic that improves significantly upon best standard compression methods