Few years ago, sophisticated physical and aggressive attacks have evolved to recover secrets from integrated circuits. This poses a threat to smart cards, RFID tags, FPGA implementations, WSN and many other applications which rely on secrets stored inside a digital device. Therefore, secure systems have to comply with tamper resistance, unclonability, and security against known attacks requirements while maintaining minimal power consumption and optimized utilisation of resources according to Dr. Johann Heyszl, AISEC Hardware Security Unit at Fraunhofer.
The uniqueness of this approach is that Physical Unclonable Functions (PUFs) represent a promising approach to meet the requirements of high-security applications. For instance, several PUF structures were proposed in the scientific community, e.g., Optical PUFs, Silicon PUFs or Coating PUFs. The basic idea is to exploit unavoidable variations of a specific process, such as the manufacturing of a silicon integrated circuit. In this case the circuit paths are subject to variations in thickness, length or material consistency, which can be extracted by special circuits based on race conditions or ring oscillators. A PUF can be used in two different ways: the extracted information can be used to securely derive a cryptographic key or another possibility is to apply challenges to the extraction circuit in order to obtain a secure challenge-response primitive.
The main advantages of PUFs are: physical tampering (e.g. decapsulation) will destroy/change the secret. Secondly, fully characterising a PUF structure is at least very complex, if not impossible and finally, manufacturing an identical copy of a PUF is not possible
At Fraunhofer AISEC, the applicability of PUFs for modern security systems is evaluated because secure key generation based on unique physical properties can serve as a basis for many cryptographic devices. Therefore, an FPGA-prototype based on a Ring Oscillator PUF structure was implemented and is continuously analysed and improved. Further, suitable fuzzy extractors / helper data generators have been designed, consisting of error-correcting techniques and hash functions to counteract noise and environmental influences. These modules are currently optimized for practical applications. Besides developing and comparing different PUF architectures and optimizing their resource usage in embedded systems, Fraunhofer AISEC also analyses and develops PUF-utilising security protocols. In our opinion, this is a further important step towards real-world applications based on PUFs.
Building Secure Reliable Hardware Roots-of-Trust: Are PUFs Enough?
Security Applications for Physically Unclonable Functions