Physical Unclonable Functions (PUFs)
Security against Physical Attacks
Tamper resistance, unclonability, security against known attacks – secure systems have to comply with all these requirements while maintaining minimal power consumption and optimized utilisation of resources. In the last years, sophisticated physical and invasive attacks have evolved to recover secrets from integrated circuits. This poses a threat to smart cards, RFID tags, FPGA implementations and many other applications which rely on secrets stored inside a digital device.
Physical Unclonable Functions (PUFs) represent a promising approach to meet the requirements of high-security applications. Several PUF structures were proposed in the scientific community, e.g., Optical PUFs, Silicon PUFs or Coating PUFs. The basic idea is to exploit unavoidable variations of a specific process, such as the manufacturing of a silicon integrated circuit. In this case the circuit paths are subject to variations in thickness, length or material consistency, which can be extracted by special circuits based on race conditions or ring oscillators. A PUF can be used in two different ways: the extracted information can be used to securely derive a cryptographic key or another possibility is to apply challenges to the extraction circuit in order to obtain a secure challenge-response primitive.
The main advantages of PUFs are:
- physical tampering (e.g. decapsulation) will destroy/change the secret
- fully characterising a PUF structure is at least very complex, if not impossible
- manufacturing an identical copy of a PUF is not possible
At Fraunhofer AISEC, the applicability of PUFs for modern security systems is evaluated because secure key generation based on unique physical properties can serve as a basis for many cryptographic devices. Therefore, an FPGA-prototype based on a Ring Oscillator PUF structure was implemented and is continuously analysed and improved. Further, suitable fuzzy extractors / helper data generators have been designed, consisting of error-correcting techniques and hash functions to counteract noise and environmental influences. These modules are currently optimized for practical applications. Besides developing and comparing different PUF architectures and optimizing their resource usage in embedded systems, Fraunhofer AISEC also analyses and develops PUF-utilising security protocols. In our opinion, this is a further important step towards real-world applications based on PUFs.