The Bistable Ring PUF: A new architecture for strong Physical Unclonable Functions.
ABSTRACT This paper introduces a new architecture for circuit- based Physical Unclonable Functions (PUFs) which we call the Bistable Ring PUF (BR-PUF). Based on experimental results obtained from FPGA-based implementations of the BR-PUF, the quality of this new design is discussed in different aspects, including uniqueness and reliability. On the basis of the observed complexity in the challenge-response behavior of BR-PUFs, we argue that this new PUF could be a promising candidate for Strong PUFs. Our design shows noticeable temperature sensitivity, but we discuss how this problem can be addressed by additional hardware and protocol measures.
Conference Paper: On the potential of PUF for pseudonym generation in vehicular networks[Show abstract] [Hide abstract]
ABSTRACT: Most proposals for security of vehicular networks foresee the generation of a comparatively large number of changing pseudonyms to prevent vehicles from being identified or tracked. Most proposals rely on communication with backend pseudonym providers to refill a vehicle's pseudonym pool which creates a number of problems, one being secure storage and handling of a large amount of private key material. In this paper we investigate the usage of Physical Unclonable Functions (PUFs) and Public PUFs (PPUFs) instead of Hardware Security Modules for this purpose. We describe a possible solution that uses PUF and Fuzzy Extractors to provide the necessary stability.Vehicular Networking Conference (VNC), 2012 IEEE; 01/2012
- [Show abstract] [Hide abstract]
ABSTRACT: One of the most common types of Physical Unclonable Functions (PUFs) is the ring oscillator PUF (RO-PUF), in which the output bits are obtained by comparing the oscillation frequencies of different ring oscillators. In this paper we design a new type of ring oscillator PUF in which the different inverters composing the ring oscillators can be supplied by different voltages. The new RO-PUF can be used to (1) increase the maximum number of possible challenge/response pairs produced by the PUF; (2) generate a high number of bits while consuming a low area; (3) improve the reliability of the PUF in case of temperature variations. We present the basic idea of the new RO-PUF and then discuss its applications.07/2012;
Conference Paper: PUFs in Security Protocols: Attack Models and Security Evaluations[Show abstract] [Hide abstract]
ABSTRACT: In recent years, PUF-based schemes have not only been suggested for the basic security tasks of tamper sensitive key storage or system identification, but also for more complex cryptographic protocols like oblivious transfer (OT), bit commitment (BC), or key exchange (KE). In these works, so-called "Strong PUFs" are regarded as a new, fundamental cryptographic primitive of their own, comparable to the bounded storage model, quantum cryptography, or noisebased cryptography. This paper continues this line of research, investigating the correct adversarial attack model and the actual security of such protocols. In its first part, we define and compare different attack models. They reach from a clean, first setting termed the "stand-alone, good PUF model" to stronger scenarios like the "bad PUF model" and the "PUF re-use model". We argue why these attack models are realistic, and that existing protocols would be faced with them if used in practice. In the second part, we execute exemplary security analyses of existing schemes in the new attack models. The evaluated protocols include recent schemes from Brzuska et al. published at Crypto 2011  and from Ostrovsky et al. . While a number of protocols are certainly secure in their own, original attack models, the security of none of the considered protocols for OT, BC, or KE is maintained in all of the new, realistic scenarios. One consequence of our work is that the design of advanced cryptographic PUF protocols needs to be strongly reconsidered. Furthermore, it suggests that Strong PUFs require additional hardware properties in order to be broadly usable in such protocols: Firstly, they should ideally be "erasable", meaning that single PUF-responses can be erased without affecting other responses. If the area efficient implementation of this feature turns out to be difficult, new forms of Controlled PUFs  (such as Logically Erasable and Logically Reconfigurable PUFs ) may suffice in certain applications. Se- ondly, PUFs should be "certifiable", meaning that one can verify that the PUF has been produced faithfully and has not been manipulated in any way afterwards. The combined implementation of these features represents a pressing and challenging problem, which we pose to the PUF hardware community in this work.Security and Privacy (SP), 2013 IEEE Symposium on; 01/2013