Physically Unclonable Function
Encyclopedia
In practical cryptography
, a Physical Unclonable Function or PUF is a function that is embodied in a physical structure and is easy to evaluate but hard to predict. Further, an individual PUF device must be easy to make but practically impossible to duplicate, even given the exact manufacturing process that produced it. In this respect it is the hardware analog of a one-way function
. Early references that exploit the physical properties of disordered systems for authentication purposes date back to Bauder in 1983 and Simmons in 1984. Naccache and Frémanteau provided an authentication scheme in 1992 for memory cards. The terms POWF (Physical One-Way Function) and PUF (Physical Unclonable Function) were coined in 2001 and 2002, the latter publication describing the first integrated PUF where unlike PUFs based on optics, the measurement circuitry and the PUF are integrated onto the same electrical circuit (and fabricated on silicon).
Rather than embodying a single cryptographic key, PUFs implement challenge-response authentication
. When a physical stimulus is applied to the structure, it reacts in an unpredictable way due to the complex interaction of the stimulus with the physical microstructure of the device. This exact microstructure depends on physical factors introduced during manufacture which are unpredictable (like a Fair coin
). The applied stimulus is called the challenge, and the reaction of the PUF is called the response. A specific challenge and its corresponding response together form a challenge-response pair or CRP. The device's identity is established by the properties of the microstructure itself. As this structure is not directly revealed by the challenge-response mechanism such a device is resistant to spoofing attack
s.
PUFs can be implemented with a very small hardware investment. Unlike a ROM containing a table of responses to all possible challenges, which would require hardware exponential in the number of challenge bits, a PUF can be constructed in hardware proportional to the number of challenge and response bits.
Unclonability means that each PUF device has a unique and unpredictable way of mapping challenges to responses, even if it was manufactured with the same process as a similar device, and it is infeasible to construct a PUF with the same challenge-response behavior as another given PUF because exact control over the manufacturing process is infeasible. Mathematical unclonability means that it should be very hard to compute an unknown response given the other CRPs or some of the properties of the random components from a PUF. This is because a response is created by a complex interaction of the challenge with many or all of the random components. In other words, given the design of the PUF system, without knowing all of the physical properties of the random components, the CRPs are highly unpredictable. The combination of physical and mathematical unclonability renders a PUF truly unclonable.
Different sources of physical randomness
can be used in PUFs. A distinction is made between PUFs in which physical randomness is explicitly introduced and PUFs that use randomness that is intrinsically present in a physical system
.
, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.
with light scattering particles. When a laser
beam shines on the material, a random and unique speckle pattern
will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise. We say the optical PUF is practically unclonable.
. Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric
particles. Because of the random placement, size and dielectric strength
of the particles, the capacitance
between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove (a part of) the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. In it was shown how an unclonable RFID Tag is built with Coating PUFs.
is set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.
A PUF based on a delay loop, i.e., a ring oscillator with logic, is described in. This was the publication that introduced the PUF acronym and the first integrated PUF of any type. A multiplexor-based PUF is described in. A secure processor design using a PUF is described in. A multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications is described in.
On top of this they permit the implementation of secure secret key storage without storing the key in digital form.
An example would be an RFID tag
, which can easily be cloned. When equipped with a PUF however, creating a clone in a reasonable timeframe can be next to impossible.
. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer. The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.
When the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. In fact, using a standard size card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million. Further, because the PUF is magnetic, we know that each card will carry a distinctive, repeatable and readable magnetic signal.
The personal data encoded on the magnetic stripe contributes another layer of randomness. When the card is encoded with personal identifying information, the odds of two encoded magstripe cards having an identical magnetic signature are approximately 1 in 10 Billion. The encoded data can be used as a marker to locate significant elements of the PUF. This signature can be digitized and is generally called a magnetic fingerprint. An example of its use is in the Magneprint brand system.
The magnetic head acts as a stimulus on the PUF and amplifies the random magnetic signal. Because of the complex interaction of the magnetic head, influenced by speed, pressure, direction and acceleration, with the random components of the PUF, each swipe of the head over the magnetic PUF will yield a stochastic, but very distinctive signal. Think of it as a song with thousands of notes. The odds of the same notes recurring in an exact pattern from a single card swiped many times are 1 in 100 million, but overall the melody remains very recognizable.
The stochastic behavior of the PUF in concert with the stimulus of the head makes the magnetic stripe card an excellent tool for Dynamic Token Authentication, Forensic Identification, Key generation, One-Time Passwords, and Digital Signatures.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, a Physical Unclonable Function or PUF is a function that is embodied in a physical structure and is easy to evaluate but hard to predict. Further, an individual PUF device must be easy to make but practically impossible to duplicate, even given the exact manufacturing process that produced it. In this respect it is the hardware analog of a one-way function
One-way function
In computer science, a one-way function is a function that is easy to compute on every input, but hard to invert given the image of a random input. Here "easy" and "hard" are to be understood in the sense of computational complexity theory, specifically the theory of polynomial time problems...
. Early references that exploit the physical properties of disordered systems for authentication purposes date back to Bauder in 1983 and Simmons in 1984. Naccache and Frémanteau provided an authentication scheme in 1992 for memory cards. The terms POWF (Physical One-Way Function) and PUF (Physical Unclonable Function) were coined in 2001 and 2002, the latter publication describing the first integrated PUF where unlike PUFs based on optics, the measurement circuitry and the PUF are integrated onto the same electrical circuit (and fabricated on silicon).
Rather than embodying a single cryptographic key, PUFs implement challenge-response authentication
Challenge-response authentication
In computer security, challenge-response authentication is a family of protocols in which one party presents a question and another party must provide a valid answer to be authenticated....
. When a physical stimulus is applied to the structure, it reacts in an unpredictable way due to the complex interaction of the stimulus with the physical microstructure of the device. This exact microstructure depends on physical factors introduced during manufacture which are unpredictable (like a Fair coin
Fair coin
In probability theory and statistics, a sequence of independent Bernoulli trials with probability 1/2 of success on each trial is metaphorically called a fair coin. One for which the probability is not 1/2 is called a biased or unfair coin...
). The applied stimulus is called the challenge, and the reaction of the PUF is called the response. A specific challenge and its corresponding response together form a challenge-response pair or CRP. The device's identity is established by the properties of the microstructure itself. As this structure is not directly revealed by the challenge-response mechanism such a device is resistant to spoofing attack
Spoofing attack
In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
s.
PUFs can be implemented with a very small hardware investment. Unlike a ROM containing a table of responses to all possible challenges, which would require hardware exponential in the number of challenge bits, a PUF can be constructed in hardware proportional to the number of challenge and response bits.
Unclonability means that each PUF device has a unique and unpredictable way of mapping challenges to responses, even if it was manufactured with the same process as a similar device, and it is infeasible to construct a PUF with the same challenge-response behavior as another given PUF because exact control over the manufacturing process is infeasible. Mathematical unclonability means that it should be very hard to compute an unknown response given the other CRPs or some of the properties of the random components from a PUF. This is because a response is created by a complex interaction of the challenge with many or all of the random components. In other words, given the design of the PUF system, without knowing all of the physical properties of the random components, the CRPs are highly unpredictable. The combination of physical and mathematical unclonability renders a PUF truly unclonable.
Different sources of physical randomness
Randomness
Randomness has somewhat differing meanings as used in various fields. It also has common meanings which are connected to the notion of predictability of events....
can be used in PUFs. A distinction is made between PUFs in which physical randomness is explicitly introduced and PUFs that use randomness that is intrinsically present in a physical system
Physical system
In physics, the word system has a technical meaning, namely, it is the portion of the physical universe chosen for analysis. Everything outside the system is known as the environment, which in analysis is ignored except for its effects on the system. The cut between system and the world is a free...
.
Types of PUFs
All PUFs are subject to environmental variations such as temperature, supply voltage and Electromagnetic interferenceElectromagnetic interference
Electromagnetic interference is disturbance that affects an electrical circuit due to either electromagnetic induction or electromagnetic radiation emitted from an external source. The disturbance may interrupt, obstruct, or otherwise degrade or limit the effective performance of the circuit...
, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.
PUFs using explicitly-introduced randomness
This type of PUF can have a much greater ability to distinguish devices from one another and have minimal environmental variations compared to PUFs that utilize intrinsic randomness. This is due to the use of different underlying principles and the ability for parameters to be directly controlled and optimized.Optical PUF
An optical PUF which was termed POWF consists of a transparent material that is dopedDoping (semiconductor)
In semiconductor production, doping intentionally introduces impurities into an extremely pure semiconductor for the purpose of modulating its electrical properties. The impurities are dependent upon the type of semiconductor. Lightly and moderately doped semiconductors are referred to as extrinsic...
with light scattering particles. When a laser
Laser
A laser is a device that emits light through a process of optical amplification based on the stimulated emission of photons. The term "laser" originated as an acronym for Light Amplification by Stimulated Emission of Radiation...
beam shines on the material, a random and unique speckle pattern
Speckle pattern
A speckle pattern is a random intensity pattern produced by the mutual interference of a set of wavefronts. This phenomenon has been investigated by scientists since the time of Newton, but speckles have come into prominence since the invention of the laser and have now found a variety of...
will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise. We say the optical PUF is practically unclonable.
Coating PUF
A coating PUF can be built in the top layer of an ICIntegrated circuit
An integrated circuit or monolithic integrated circuit is an electronic circuit manufactured by the patterned diffusion of trace elements into the surface of a thin substrate of semiconductor material...
. Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric
Dielectric
A dielectric is an electrical insulator that can be polarized by an applied electric field. When a dielectric is placed in an electric field, electric charges do not flow through the material, as in a conductor, but only slightly shift from their average equilibrium positions causing dielectric...
particles. Because of the random placement, size and dielectric strength
Dielectric strength
In physics, the term dielectric strength has the following meanings:*Of an insulating material, the maximum electric field strength that it can withstand intrinsically without breaking down, i.e., without experiencing failure of its insulating properties....
of the particles, the capacitance
Capacitance
In electromagnetism and electronics, capacitance is the ability of a capacitor to store energy in an electric field. Capacitance is also a measure of the amount of electric potential energy stored for a given electric potential. A common form of energy storage device is a parallel-plate capacitor...
between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove (a part of) the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. In it was shown how an unclonable RFID Tag is built with Coating PUFs.
PUFs using intrinsic randomness
Unlike PUFs that utilize explicitly-introduced randomness, PUFs using intrinsic randomness are highly attractive because they can be included in a design without modifications to the manufacturing process.Delay PUF
A delay PUF exploits the random variations in delays of wires and gates on silicon. Given an input challenge, a race conditionis set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.
A PUF based on a delay loop, i.e., a ring oscillator with logic, is described in. This was the publication that introduced the PUF acronym and the first integrated PUF of any type. A multiplexor-based PUF is described in. A secure processor design using a PUF is described in. A multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications is described in.
SRAM PUF
These PUFs are present in all ICs having SRAM memory on board. Their behavior and application for anti-counterfeiting purposes were investigated in detail in, and inOn top of this they permit the implementation of secure secret key storage without storing the key in digital form.
An example would be an RFID tag
Radio Frequency Identification
Radio-frequency identification is a technology that uses radio waves to transfer data from an electronic tag, called RFID tag or label, attached to an object, through a reader for the purpose of identifying and tracking the object. Some RFID tags can be read from several meters away and beyond the...
, which can easily be cloned. When equipped with a PUF however, creating a clone in a reasonable timeframe can be next to impossible.
Butterfly PUF
The Butterfly PUF was introduced in . The Butterfly PUF is based on cross-coupling of two latches or flip-flops. The mechanism being this PUF is similar to the one behind the SRAM PUF but has the advantage that it can be implemented on any SRAM FPGA.Bistable Ring PUF
Recently a new PUF called the Bistable Ring PUF was introduced . The Bistable Ring PUF is based on the idea that a ring of even number of inverters has two possible stable states. By duplicating the inverters and adding multiplexers between stages, it is possible to generate exponentially large number of challenge-response pairs from the Bistable Ring PUF.Magnetic PUF
A magnetic PUF exists on a magnetic stripe cardMagnetic stripe card
A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card...
. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer. The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.
When the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. In fact, using a standard size card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million. Further, because the PUF is magnetic, we know that each card will carry a distinctive, repeatable and readable magnetic signal.
Personalizing the PUF
The personal data encoded on the magnetic stripe contributes another layer of randomness. When the card is encoded with personal identifying information, the odds of two encoded magstripe cards having an identical magnetic signature are approximately 1 in 10 Billion. The encoded data can be used as a marker to locate significant elements of the PUF. This signature can be digitized and is generally called a magnetic fingerprint. An example of its use is in the Magneprint brand system.
Stimulating the PUF
The magnetic head acts as a stimulus on the PUF and amplifies the random magnetic signal. Because of the complex interaction of the magnetic head, influenced by speed, pressure, direction and acceleration, with the random components of the PUF, each swipe of the head over the magnetic PUF will yield a stochastic, but very distinctive signal. Think of it as a song with thousands of notes. The odds of the same notes recurring in an exact pattern from a single card swiped many times are 1 in 100 million, but overall the melody remains very recognizable.
Uses for a Magnetic PUF
The stochastic behavior of the PUF in concert with the stimulus of the head makes the magnetic stripe card an excellent tool for Dynamic Token Authentication, Forensic Identification, Key generation, One-Time Passwords, and Digital Signatures.