International Journal of Open Information Technologies

A physically unclonable function is a hardware device whose instances have several unique parameters and characteristics, i.e. it is impossible to create two instances with identical values of these characteristics due to the properties of the physical production process. We can assume that these characteristics take on random values. This kind of physical randomness can be used in various cryptographic protocols and mechanisms. Physically unclonable functions require few resources, so they are promising for use in devices with limited resources such as RFID tags.  The paper investigates the possibility of using physically unclonable functions in cryptographic protocols to solve the following problems: generating random values, identification and authentication.

The advantage of using physically unclonable functions to generate random parameters is that the obtained values do not need to be stored in memory, because parameters can be regenerated on the fly. This is an excellent advantage since protocol parameters often need to be stored in secure memory, which is an expensive resource. However, some measurement errors often occur while obtaining physical devices' characteristics, so it is necessary to use some form of error-correction. The paper describes the basic constructions used for these purposes.

Today many authentication protocols based on physically unclonable functions have been proposed. They can be divided into two classes: password authentication protocols with key generation based on physically unclonable functions and authentication protocols based on challenge-response pairs. The article discusses the existing authentication protocols, their advantages and disadvantages.

The paper also considers the possibility of creating a mathematical model of physically unclonable functions. Modern machine learning methods allow us to create a mathematical "clone" of a device instance. This fact is a significant disadvantage of physically unclonable functions.  As a result, we conclude that physically unclonable functions are promising for use in devices with limited resources.  At the same time, most of the currently proposed designs have a few practical disadvantages and are vulnerable to attacks based on machine learning methods. This fact suggests that it is too early to consider physically unclonable functions as a structural element of cryptographic mechanisms and protocols.

Pappu R. Physical One-Way Functions // Science. 2002. Vol. 297, № 5589. P. 2026–2030.

Gassend B. et al. Silicon physical random functions // Proceedings of the 9th ACM conference on Computer and communications security - CCS ’02. Washington, DC, USA: ACM Press, 2002. P. 148.

Security with Noisy Data / ed. Tuyls P., Skoric B., Kevenaar T. London: Springer London, 2007.

Zynq UltraScale+ MPSoC Device: Technical Reference Manual.

Maes R. Physically Unclonable Functions:Constructions, Properties and Applications. 2012. P. 260.

Guajardo J. et al. FPGA Intrinsic PUFs and Their Use for IP Protection // Cryptographic Hardware and Embedded Systems - CHES 2007 / ed. Paillier P., Verbauwhede I. Berlin, Heidelberg: Springer Berlin Heidelberg, 2007. Vol. 4727. P. 63–80.

Rührmair U., Busch H., Katzenbeisser S. Strong PUFs: Models, Constructions, and Security Proofs // Towards Hardware-Intrinsic Security / ed. Sadeghi A.-R., Naccache D. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. P. 79–96.

Daihyun Lim et al. Extracting secret keys from integrated circuits // IEEE Trans. VLSI Syst. 2005. Vol. 13, № 10. P. 1200–1205.

Lee J.W. et al. A technique to build a secret key in integrated circuits for identification and authentication applications // 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525). Honolulu, HI, USA: Widerkehr and Associates, 2004. P. 176–179.

Ganji F., Tajik S., Seifert J.-P. PAC learning of arbiter PUFs // J Cryptogr Eng. 2016. Vol. 6, № 3. P. 249–258.

Nguyen P.H. et al. Security Analysis of Arbiter PUF and Its Lightweight Compositions Under Predictability Test // ACM Trans. Des. Autom. Electron. Syst. 2016. Vol. 22, № 2. P. 1–28.

R ührmair U. et al. Modeling attacks on physical unclonable functions // Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. Chicago, Illinois, USA: ACM Press, 2010. P. 237.

Gassend B.L.P. Physical Random Functions. P. 89.

Santikellur P., Bhattacharyay A., Chakraborty R.S. Deep Learning based Model Building Attacks on Arbiter PUF Compositions. P. 10.

Majzoobi M., Koushanfar F., Potkonjak M. Lightweight secure PUFs // 2008 IEEE/ACM International Conference on Computer-Aided Design. San Jose, CA, USA: IEEE, 2008. P. 670–673.

Nguyen P.H. et al. The Interpose PUF: Secure PUF Design against State-of-the-art Machine Learning Attacks. P. 48.

Usmani M.A. et al. Efficient PUF-Based Key Generation in FPGAs Using Per-Device Configuration // IEEE Trans. VLSI Syst. 2019. Vol. 27, № 2. P. 364–375.

Yu M.-D. et al. Lightweight and Secure PUF Key Storage Using Limits of Machine Learning // Cryptographic Hardware and Embedded Systems – CHES 2011 / ed. Preneel B., Takagi T. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. Vol. 6917. P. 358–373.

Zhang J., Qu G. Physical Unclonable Function-based Key Sharing via Machine Leaning for IoT Security // IEEE Trans. Ind. Electron. 2019. P. 1–1.

Dodis Y., Reyzin L., Smith A. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. P. 18.

Kang H. et al. Cryptographie key generation from PUF data using efficient fuzzy extractors // 16th International Conference on Advanced Communication Technology. Pyeongchang, Korea (South): Global IT Research Institute (GIRI), 2014. P. 23–26.

Merli D. et al. Side-Channel Analysis of PUFs and Fuzzy Extractors // Trust and Trustworthy Computing / ed. McCune J.M. et al. Berlin, Heidelberg: Springer Berlin Heidelberg, 2011. Vol. 6740. P. 33–47.

Delvaux J. Security Analysis of PUF-Based Key Generation and Entity Authentication. P. 258.

Gassend B. et al. Controlled physical random functions // 18th Annual Computer Security Applications Conference, 2002. Proceedings. Las Vegas, NV, USA: IEEE Comput. Soc, 2002. P. 149–160.

Gassend B. et al. Controlled physical random functions and applications // ACM Trans. Inf. Syst. Secur. 2008. Vol. 10, № 4. P. 1–22.

Sadeghi A.-R., Visconti I., Wachsmann C. Enhancing RFID Security and Privacy by Physically Unclonable Functions // Towards Hardware-Intrinsic Security / ed. Sadeghi A.-R., Naccache D. Berlin, Heidelberg: Springer Berlin Heidelberg, 2010. P. 281–305.

Majzoobi M. et al. Slender PUF Protocol: A Lightweight, Robust, and Secure Authentication by Substring Matching // 2012 IEEE Symposium on Security and Privacy Workshops. San Francisco, CA, USA: IEEE, 2012. P. 33–44.

Yu M.-D. et al. A noise bifurcation architecture for linear additive physical functions // 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST). Arlington, VA, USA: IEEE, 2014. P. 124–129.

Yu M.-D. et al. A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication // IEEE Trans. Multi-Scale Comp. Syst. 2016. Vol. 2, № 3. P. 146–159.

Van Herrewege A. et al. Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs // Financial Cryptography and Data Security / ed. Keromytis A.D. Berlin, Heidelberg: Springer Berlin Heidelberg, 2012. Vol. 7397. P. 374–389.

Becker G.T., Kumar R. Active and Passive Side-Channel Attacks on Delay Based PUF Designs. P. 14.

Ruhrmair U. et al. PUF Modeling Attacks on Simulated and Silicon Data // IEEE Trans.Inform.Forensic Secur. 2013. Vol. 8, № 11. P. 1876–1891.

Ruhrmair U., Solter J. PUF modeling attacks: An introduction and overview // Design, Automation & Test in Europe Conference & Exhibition (DATE), 2014. Dresden, Germany: IEEE Conference Publications, 2014. P. 1–6.

Delvaux J. Machine-Learning Attacks on PolyPUFs, OB-PUFs, RPUFs, LHS-PUFs, and PUF–FSMs // IEEE Trans.Inform.Forensic Secur. 2019. Vol. 14, № 8. P. 2043–2058.

Gao Y. et al. Obfuscated challenge-response: A secure lightweight authentication mechanism for PUF-based pervasive devices // 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops). Sydney, Australia: IEEE, 2016. P. 1–6.

Gao Y. et al. PUF-FSM: A Controlled Strong PUF // IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 2017. P. 1–1.

Idriss T., Bayoumi M. Lightweight highly secure PUF protocol for mutual authentication and secret message exchange // 2017 IEEE International Conference on RFID Technology & Application (RFID-TA). Warsaw: IEEE, 2017. P. 214–219.

Konigsmark S.T.C., Chen D., Wong M.D.F. PolyPUF: Physically Secure Self-Divergence // IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 2016. Vol. 35, № 7. P. 1053–1066.

Ye J., Hu Y., Li X. RPUF: Physical Unclonable Function with Randomized Challenge to resist modeling attack // 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST). Yilan, Taiwan: IEEE, 2016. P. 1–6.