Authentication Token Based on a Controlled PUF

Much stronger authentication is achievable if the PUF in the token is a con- trolled one. In the simplest case, the protocol of Sect. 10.6.2 can be used. The CPUF computes all the hashes and encryptions/decryptions itself, and uses the ATM as a simple conduit for the messages. Hence, the ATM does not have to be trusted any more. A more sophisticated use of the POK(s) inside the CPUF is to employ asymmetric cryptography. As will be explained below, one advantage is that the bank no longer needs to maintain a CRP database for each PUF. Another advantage is that the authenticity of the CPUF can be verified by anyone, not just the bank. In [20] it was shown that the measurement processing for a coating PUF and the cryptography for a Schnorr zero-knowledge (ZK) protocol can be realized in surprisingly little hardware: 5 kilogates in total. This means that it can be implemented on an RFID tag. Hence, it is possible to make an unclonable RFID tag with strong ZK authentication.

Enrolment

The enroller (a TA) selects a random PUF challenge C for a CPUF with identifier i. The challenge is fed into the CPUF. The CPUF transforms the response into a bitstring, which it treats as an asymmetric private key S. Then the CPUF generates the corresponding public key P and outputs P . The TA creates a certificate, signed with his own private key, stating that the CPUF with identifier i has public key P associated with the challenge C. The certificate is stored in/on the CPUF.

146 P. Tuyls, B. ˇSkori´c Authentication

The verifier obtains the certificate from the CPUF. He checks the signature using the TA’s public key. If the signature is invalid, the authentication fails. Then he sends C to the CPUF. Finally he runs the interactive ZK protocol with the CPUF [20], where the CPUF has to prove its knowledge of the PUF- based secret S associated with the challenge C and the public key P .

Remarks

In contrast to CPUF protocols based on symmetric cryptography, there is no bootstrapping mode [10]: the private key is never revealed to the outside world. Note that the computation of the public key inside the CPUF requires one exponentiation. Any CPUF capable of running a Schnorr ZK protocol is capable of performing this operation.

10.7 Conclusion

Physical unclonable functions can be used for a wide variety of security-related applications: Identification, authentication, tamper evidence, detection and re- sistance, anti-counterfeiting, copy protection, brand protection, key storage, certified execution and certified measurements. To prevent physical cloning, the production process should be uncontrolled, and uncontrollable in principle except at great expense. To prevent cloning by modelling, a response should be the result of complex physical interactions between the challenge and the disordered PUF structure. Furthermore, to prevent both forms of cloning the PUF must be hard to probe. Any PUF-based application needs a physical structure meeting these requirements, a device for applying challenges, a de- tector and a good cryptographic protocol. If a reproducible bitstring has to be derived, then helper data are needed as well. For several types of PUF (coating, silicon and optical), it is clear that all these components can be in- tegrated in a small device. As the intrinsic cost of the PUF material itself is negligible, this means that PUF devices can have a low cost. The strength of an uncontrolled PUF can be expressed as the number of independent CRPs that it supports. The amount of POK key material that can be stored is roughly given by this number times the measurement entropy of a single mea- surement. The strength of a CPUF is based on the difficulty of disentangling the PUF and the control layer. In a switched-off device, a POK is protected much better than a digitally stored key. The cryptography involved in PUF applications requires modest resources. The authentication protocol described in Sect. 10.6.2, for instance, needs no public key operations, but only symmet- ric operations and a one-way hash function. Furthermore, in several scenarios involving asymmetric cryptography (e.g. anti-counterfeiting) the device con- taining the PUF is completely passive, while the hard work is done by the

10 Strong Authentication with Physical Unclonable Functions 147

enroller and the verifier. Finally, even if the PUF device needs to do asymmet- ric cryptography, efficient (ZK) implementations exist that keep the hardware cost at a minimum, so that implementation is possible even on an RFID tag.

Acknowledgements

We thank Jan van Geloven, Hennie Kretschman, Wil Ophey, Geert-Jan Schri- jen, Nynke Verhaegh and Rob Wolters for useful discussions.

References

1. D.W. Bauder, An Anti-Counterfeiting Concept for Currency, Systems Research Report PTK-11990, Sandia National Laboratories, 1983.

2. R. Pappu, Physical One-Way Functions, Ph.D. thesis, MIT 2001.

3. R. Pappu, B. Recht, J. Taylor, N. Gershenfeld, Physical One-Way Functions, Science Vol. 297, Sept 2002, p. 2026.

4. P. Tuyls, B. ˇSkori´c, S. Stallinga, A.H.M. Akkermans, W. Ophey, Information- Theoretic Security Analysis of Physical Uncloneable Functions, A.S. Patrick and M. Yung (eds.): Proc. 9th Conf. on Financial Cryptography and Data Security, March 2005, LNCS 3570, pp. 141–155.

5. Unicate BV’s ‘3DAS’ system,

http://www.andreae.com/Unicate/Appendix%201.htm, 1999.

6. D. Kirovski, A Point-Subset Compression Algorithm for Fiber-based Certificates of Authenticity, IEEE Proc. ISIT 2004, p.173.

7. J.D.R Buchanan, R.P. Cowburn, A. Jausovec, D. Petit, P. Seem, G. Xiong, D. Atkinson, K. Fenton, D.A. Allwood, M.T. Bryan, Forgery: ‘Fingerprinting’ doc- uments and packaging , Nature 436, p. 475 (28 Jul 2005), Brief Communications 8. P. Tuyls, B. ˇSkori´c, Secret Key Generation from Classical Physics, in ‘Hardware Technology Drivers of Ambient Intelligence’, S. Mukherjee et al (eds.), Philips Research Book Series Vol.5 Kluwer, 2005.

9. B. ˇSkori´c, P. Tuyls, W. Ophey, Robust key extraction from Physical Uncloneable Functions, Ioannidis, Keromytis, Yung (Eds.): Proc. ACNS 2005, LNCS 3531, pp.407–422.

10. B. Gassend, D. Clarke, M. van Dijk, S. Devadas, Controlled Physical Random Functions, Proc. 18th Annual Computer Security Applications Conf., Dec. 2002. 11. B. Gassend, Physical Random Functions, Master’s thesis, MIT 2003.

12. B. Gassend, D. Clarke, M. van Dijk, S. Devadas, Silicon Physical Random Func- tions, Proc. 9th ACM Conf. on Computer and Communications Security, 2002. 13. R. Posch, Protecting Devices by Active Coating, Journal of Universal Computer

Science, vol. 4, no. 7 (1998), pp. 652–668.

14. M. Magnor, P. Dorn, W. Rudolph, Simulation of confocal microscopy through scattering media with and without time gating, J.Opt.Soc.Am. B, vol. 19, no. 11 (2001), 1695–1700.

15. H. Furstenberg, Noncommuting Random Matrices, Trans. Am. Math. Soc. 108, 377, 1963.

148 P. Tuyls, B. ˇSkori´c

16. Y. Dodis, L. Reyzin and A. Smith, Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data, Adv. in Cryptology – Eurocrypt 2004, LNCS 3027, pp. 523–540, 2004.

17. J.P. Linnartz and P. Tuyls, New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates, Proc. 4th International Conference on Audio and Video Based Biometric Person Authentication, LNCS 2688, Springer- Verlag, pp. 238–250,2003.

18. A. Juels, M. Wattenberg, A Fuzzy Commitment Scheme, in G. Tsudik, ed., Sixth ACM Conference on Computer and Communications Security, 28–36, ACM Press. 1999.

19. B. ˇSkori´c, S. Maubach, T. Kevenaar, P. Tuyls, Information-theoretic analysis of capacitive Physical Unclonable Functions, J. Appl. Phys. 100, 024902 (2006). 20. P. Tuyls and L. Batina, RFID-Tags for Anti-Counterfeiting, in ‘Topics in Cryp-

tology’ - CT-RSA 2006, The Cryptographers’ Track at the RSA Conference, LNCS 3860, D. Pointcheval (ed.), Springer-Verlag, pp. 115–131, 2006.

Part III