PUFs: Physical Unclonable Functions

[sbellem]

Introduction to PUFs

See PUFs.md.

---

Not sure where it's best to start, but perhaps this article (if you have access):
Physical unclonable functions by Yansong Gao, Said F. Al-Sarawi & Derek Abbott

OR: Physical Unclonable Functions for Device Authentication and Secret Key Generation

Because the PUF circuit is rather simple, attackers can try to construct a precise timing model and learn the parameters from many input-output pairs [8]. To prevent these model-building attacks, the PUF circuit output can be obfuscated by XOR’ing multiple outputs or a PUF output can be used as one of the MUX control signals. Note that the model building attack is irrelevant for the cryptographic key generation where the PUF output is never directly exposed. G. Edward Suh, Srinivas Devadas

First well-known PUF: Physical One-Way Functions

https://nbviewer.org/github/rpappu/pdf-publications/blob/master/Pappu-Science-2002.pdf

Remote Attestation

• A lightweight remote attestation using PUFs and hash-based signatures for low-end IoT devices
• SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust

Malicious PUFs

Feasibility and Infeasibility of Secure Computation with Malicious PUFs

New PUFs

https://arxiv.org/abs/2310.19587 https://pubs.aip.org/aip/sci/article/2019/29/290009/360043/Fingerprinting-silicon-chips-just-got-easier

Applications

PUF-derived IoT identities in a zero-knowledge protocol for blockchain

In this paper, an alternative authentication approach in which an MCU generates a secret key internally is introduced, exploiting manufacturing variability as a physical unclonable function (PUF). As the key is generated by the device itself, manufacturers save the expense of a secure environment for external key generation. In production, once chips are loaded with a firmware, it is only necessary to run an internal characterization and pass on the resulting public key, mask and helper data to be stored for authentication and recovery. Further external memory access is prevented, e.g., by blowing the JTAG security fuse. As the secret key is regenerated (with the same result each time) rather than stored in non-volatile memory, it is very hard to clone and the cost of a secure element can be saved.

The case for such IoT devices is strengthened further in combination with a distributed ledger, or blockchain. First of all, the immutability and distributed trust provided by a blockchain can make the device authentication independent of the manufacturer. Secondly, a business process implemented in chaincode that relies on IoT inputs can validate device signatures to ensure the authenticity and integrity of those inputs.

Replacing the central database operated by a manufacturer with a blockchain makes the system independent of the manufacturer. The chaincode will still allow only the manufacturer to create new machine entries on the distributed ledger but as the ledger content is distributed to all participants (multiple manufacturers, retailers, owners, etc.) the manufacturer is relieved of administering the system and guaranteeing its availability. A central database would go offline when the manufacturer goes out of business whereas a blockchain can survive.

Given the security disadvantages of symmetric authentication schemes (keeping a database of keys to authenticate with the risk of being hacked or lost, the risk of cloning, and barriers for third-party authentication, among others) our approach instead uses public-key cryptography based on learning parity with noise (LPN) problems, and in particular zero-knowledge (ZK) protocols to further simplify the management of device public keys. The blockchain may make the public keys generated by each device available for anyone to use in their own authentication system.

As for the second aspect, even a low-cost device can prevent manipulation of its communication with a blockchain by signing its messages with our PUF-derived keys, making the proposal suitable for any resources-limited device connected to the blockchain [9]. The chain code, in turn, can also validate the device signatures to ensure data integrity and authenticity, extending the trust the blockchain provides into the IoT device.

This paper proposes using an SRAM-based PUF to generate cryptographic keys that are employed in a zero-knowledge proof to authenticate an IoT device. We present an efficient implementation in an MCU and show that even low-cost devices can perform the required computational tasks sufficiently fast. Experimental results demonstrate that our approach is robust against temperature variations and that collisions of device identities are unlikely.

A survey on physical unclonable function (PUF)-based security solutions for Internet of Things

Concerns/Questions

As per Physical unclonable functions:

Authentication can also be executed remotely, once the CRP (challenge–response pair) is recorded in a secure database only known by the trusted party (server).

This seems to be relating to what is called remote attestation in the context of popular TEEs like SGX. In the context of SGX, for instance, the chip manufacturer is considered to be a trusted party, for various reasons (e.g: https://github.com/sbellem/qtee/issues/2).

Hacking & Cryptanalysis

• https://github.com/nils-wisiol/pypuf (cryptanalysis)
• https://asvin.io/physically-unclonable-function-setup/
• https://github.com/nils-wisiol/LP-PUF
• https://github.com/stnolting/fpga_puf
• https://www.crypto.ruhr-uni-bochum.de/imperia/md/crypto/kiltz/ulrich_paper_47.pdf

References

Physical Unclonable Functions for Device Authentication and Secret Key Generation Feasibility and Infeasibility of Secure Computation with Malicious PUFs

[sbellem]

https://www.nature.com/articles/s41467-023-36508-x

[sbellem]

https://semiengineering.com/pufs-promise-better-security/

[sbellem]

https://www.cryptoquantique.com/products/qdid/