Physical unclonable function

PUFs are implemented in integrated circuits, including FPGAs,[3] and can be used in applications with high-security requirements, more specifically cryptography, Internet of Things (IOT) devices [4] and privacy protection.

[12][13] PUFs are now established as a secure alternative to battery-backed storage of secret keys in commercial FPGAs, such as the Xilinx Zynq Ultrascale+,[14] and Altera Stratix 10.

[citation needed] PUFs can be implemented with a very small hardware investment compared to other cryptographic primitives that provide unpredictable input/output behavior, such as pseudo-random functions.

Mathematical unclonability means that it should be very hard to compute an unknown response given the other CRPs or some of the properties of the random components from a PUF.

In other words, given the design of the PUF system, without knowing all of the physical properties of the random components, the CRPs are highly unpredictable.

For "strong PUFs" one can train a neural network on observed challenge-response pairs and use it to predict unobserved responses.

[21] These range from PUFs that evaluate an intrinsic element of a pre-existing integrated electronic system[22] to concepts that involve explicitly introducing random particle distributions to the surface of physical objects for authentication.

[23] All PUFs are subject to environmental variations such as temperature, supply voltage and electromagnetic interference, which can affect their performance.

It is also important to ensure that the environment is suitable for the needed security level,[24] as otherwise attacks taking advantage of temperature and other variations may be possible.

A team at Ruhr Universität of Bochum, Germany, demonstrated a method to create a model of XOR Arbiter PUFs and thus be able to predict their response to any kind of challenge.

Using this method and a $25 device or an NFC-enabled smartphone, the team was able to successfully clone PUF-based RFID cards stored in the wallet of users while it was in their back pocket.

[50][51] These algorithms trace their roots back to well-established fields of research, namely property testing, machine learning theory, and Boolean analysis.

Such decorrelation methods can help to overcome the correlation-based information leakages about the PUF outputs even if the ambient temperature and supply voltage change.

[10] Optical PUFs offer a promising approach to developing entity authentication schemes that are robust against many of the aforementioned attacks.

However, their security against emulation attacks can be ensured only in the case of quantum readout (see below), or when the database of challenge-response pairs is somehow encrypted.

[53] Optical PUFs can be made very easily: a varnish containing glitter, a metallic paint, or a frosted finish obtained by sandblasting a surface, for example, are practically impossible to clone.

Theoretical investigations suggest that optical PUFs with nonlinear multiple-scattering media, may be more robust than their linear counterparts against the potential cloning of the medium.

PUFs act as digital uniquely identifying fingerprints [ 1 ]