Abstract
The contamination of electronic component supply chains by counterfeit hardware devices is a serious and growing risk in today’s globalized marketplace. Current practice for detecting counterfeit semiconductors includes visual checking, electrical testing, and reliability testing which can require significant investments in expertise, equipment, and time. Additionally, best practices have been developed in industry worldwide to combat counterfeiting in many of its variants. Although the current approaches improve the situation significantly, they do not provide extensive technical means to detect counterfeiting. However, new approaches in this area are beginning to emerge. Suh and Devadas recently proposed a low cost device authentication scheme which relies on physically unclonable functions (PUFs) to implement a challenge–response authentication protocol. There are several constraints in their authentication scheme, e.g., their scheme requires a secure online database and relies on PUF constructions that exhibit a large number of challenge–response pairs. In this paper, we introduce a new device authentication scheme using PUFs for device anti-counterfeiting. Our scheme is simple and practical as it does not require any online databases and is not tied to any PUF implementations. We evaluate our authentication scheme on 96 discrete SRAM PUF devices and show that our scheme works well in practice. For hardware devices which already have SRAM and non-volatile storage embedded, our scheme takes almost no additional cost.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
1-1990—IEEE Standard Test Access Port and Boundary-Scan Architecture. http://standards.ieee.org/findstds/standard/1149.1-1990.html
Armknecht, F., Maes, R., Sadeghi, A.-R., Sunar, B., Tuyls, P.: PUF-PRFs: a new tamper-resilient cryptographic primitive. In: Advances in Cryptology—EUROCRYPT 2009 Poster Session, pp. 96–102 (2000)
Armknecht, F., Maes, R., Sadeghi, A.-R., Sunar, B., Tuyls, P.: Memory leakage-resilient encryption based on physically unclonable functions. In: Advances in Cryptology—ASIACRYPT. LNCS, vol. 5912, pp. 685–702 (2009)
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Advances in Cryptology—EUROCRYPT. LNCS, vol. 3027, pp. 523–540 (2004)
Federal Information Processing Standard 140–2: Security Requirements for Cryptographic Modules. http://csrc.nist.gov/groups/STM/cmvp/standards.html#02
Federal Information Processing Standard 186–3: Digital Signature Standard (DSS). http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled physical random functions. In: Proceedings of the 18th Annual Computer Security Conference (2002)
Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: ACM Conference on Computer and Communications Security, pp. 148–160. ACM Press, New York, NY, USA (2002)
Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Cryptographic Hardware and Embedded Systems Workshop. LNCS, vol. 4727, pp. 63–80 (2007)
Holcomb, D., Burleson, W., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)
ISO/IEC16022:2006 Data Matrix bar code symbology specification. http://www.iso.org/iso/catalogue_detail.htm?csnumber=44230
Koeberl, P., Li, J., Maes, R., Rajan, A., Vishik, C., Wójcik, M.: Evaluation of a PUF device authentication scheme on a discrete 0.13um SRAM. In: 3rd International Conference on Trusted Systems (INTRUST). LNCS, vol. 7222, pp. 271–288 (2011)
Maes, R., Tuyls, P., Verbauwhede, I.: Intrinsic PUFs from flip-flops on reconfigurable devices. In: 3rd Benelux Workshop on Information and System Security (WISSec 2008), p. 17, Eindhoven, NL (2008)
Pappu, R.S.: Physical one-way functions. PhD thesis, Massachusetts Institute of Technology, March (2001)
Semiconductor Industry Association. http://www.sia-online.org/
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Design Automation Conference, pp. 9–14. ACM Press, New York, NY, USA (2007)
S. T20–1109. Specification for authentication of semiconductors and related products, (2009.) http://www.semi.org/
Trusted Computing Group. TCG TPM specification 1.2, 2003. http://www.trustedcomputinggroup.org
Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Topics in Cryptology—CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Berlin (2006)
United States Government Accountability Office. Defense supplier base: DOD should leverage ongoing initiatives in developing its program to mitigate risk of counterfeit parts. GAO-10-389, March 2010
van der Leest, V., Schrijen, G.-J., Handschuh, H., Tuyls, P.: Hardware intrinsic security from D flip-flops. In: Proceedings of the 5th ACM Workshop on Scalable Trusted Computing, STC 2010, pp. 53–62, ACM, New York, NY, USA (2010)
Acknowledgments
Part of this work has been supported by the European Commission through the FP7 programme UNIQUE. We thank Intrinsic-ID for providing the SRAM PUF data so that we could perform the evaluation of our scheme. We thank the anonymous reviewers of TRUST’11 for providing helpful comments to the preliminary version of this paper.
Author information
Authors and Affiliations
Corresponding author
Additional information
A preliminary version of this paper was presented at the 4th International Conference on Trust and Trustworthy Computing (TRUST’11), Pittsburgh, USA, June 2011.
Rights and permissions
About this article
Cite this article
Koeberl, P., Li, J., Maes, R. et al. A practical device authentication scheme using SRAM PUFs. J Cryptogr Eng 2, 255–269 (2012). https://doi.org/10.1007/s13389-012-0043-1
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-012-0043-1