Information Systems Frontiers

, Volume 11, Issue 1, pp 19–41 | Cite as

Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions

  • Jorge Guajardo
  • Boris Škorić
  • Pim Tuyls
  • Sandeep S. Kumar
  • Thijs Bel
  • Antoon H. M. Blom
  • Geert-Jan Schrijen


Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment and storage of keys in sensor networks and radio frequency identification systems based on the use of Physical Unclonable Functions (PUFs). In addition, to providing an overview of different existing PUF realizations, we introduce a PUF realization aimed at ultra-low cost applications. We then show how the properties of Fuzzy Extractors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. We also provide an overview of PUF applications aimed at solving the counterfeiting of goods and devices.


Physical unclonable functions Intrinsic PUF SRAMs LC-PUFs  Fuzzy extractor Helper data algorithm Sensor nodes Key distribution 


  1. Anderson, R., Chan, H., & Perrig, A. (2004). Key infection: Smart trust for smart dust. In IEEE international conference on network protocols — ICNP 2004 (pp. 206–215). IEEE Computer Society, 5–8 October.Google Scholar
  2. Balfanz, D., Smetters, D. K., Stewart, P., & Chi Wong, H. (2002). Talking to strangers: Authentication in ad-hoc wireless networks. In Network and distributed system security symposium — NDSS 2002.Google Scholar
  3. Bellaouar, A., & Elmasry, M. I. (1995). Low-power digital VLSI design. Circuits and systems (1st ed.). Dordrecht: Kluwer Academic.Google Scholar
  4. Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In D. R. Stinson (Ed.), Advances in cryptology — CRYPTO ’93, 22–26 August, LNCS (Vol. 773, pp. 232–249). New York: Springer.Google Scholar
  5. Bhavnagarwala, A. J., Tang, X., & Meindl, J. D. (2001). The impact of intrinsic device fluctuations on CMOS SRAM cell stability. IEEE Journal of Solid-State Circuits, 36(4), 658–665, April.CrossRefGoogle Scholar
  6. Bird, N., Conrado, C., Guajardo, J., Maubach, S., Schrijen, G.-J., S̆korić, B., et al. (2007). ALGSICS—combining physics and cryptography to enhance security and privacy in RFID systems. In F. Stajano, C. Meadows, S. Capkun, & T. Moore (Eds.), Security and privacy in ad-hoc and sensor networks — ESAS 2007, 2–3 July, LNCS (Vol. 4572, pp. 187–202). New York: Springer.CrossRefGoogle Scholar
  7. Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., & Szydlo, M. (2005). Security analysis of a cryptographically-enabled rfid device. In P. McDaniel (Ed.), USENIX security symposium—security ’05 (pp. 1–16).Google Scholar
  8. Boyen, X. (2004). Reusable cryptographic fuzzy extractors. In V. Atluri, B. Pfitzmann, & P. D. McDaniel (Eds.), ACM conference on computer and communications security — ACM CCS 2004, 25–29 October (pp. 82–91). New York: ACM.CrossRefGoogle Scholar
  9. Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., & Smith, A. (2005). Secure remote authentication using biometric data. In R. Cramer (Ed.), Advances in cryptology — eurocrypt 2005, LNCS (Vol. 3494, pp. 147–163). New York: Springer.Google Scholar
  10. Cagalj, M., Capkun, S., & Hubaux, J. (2006). Key agreement in peer-to-peer wireless networks. Proceedings of the IEEE (Special Issue on Cryptography and Security), 94(2).Google Scholar
  11. Carluccio, D., Kasper, T., & Paar, C. (2006). Implementation details of a multi purpose ISO 14443 RFID -tool. Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 181–197. ECRYPT Network of Excellence, July.
  12. Carluccio, D., Lemke, K., & Paar, C. (2006). E-passport: The global traceability or how to feel like an ups package. Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 167–180. ECRYPT Network of Excellence, July.
  13. Carter, L., & Wegman, M. N. (1979). Universal classes of hash functions. Journal of Computer and System Sciences, 18(2), 143–154.CrossRefGoogle Scholar
  14. Castelluccia, C., & Francillon, A. (2007). TinyRNG, a cryptographic random number generator for wireless sensor network nodes. In International symposium on modeling and optimization in mobile, ad hoc, and wireless networks — IEEE WiOpt 2007. IEEE, April.Google Scholar
  15. Castelluccia, C., & Mutaf, P. (2005). Shake them up!: A movement-based pairing protocol for CPU-constrained devices. In K. G. Shin, D. Kotz, & B. D. Noble, (Eds.), International conference on mobile systems, applications, and services — MobiSys ’05 (pp. 51–64). New York: ACM.CrossRefGoogle Scholar
  16. Chan, H., & Perrig, A. (2003). Security and privacy in sensor networks. IEEE Computer, 36(10), 103–105.Google Scholar
  17. Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In IEEE symposium on security and privacy — S&P 2003 (pp. 197–215). Los Alamitos: IEEE Computer Society.Google Scholar
  18. Cheng, B., Roy, S., & Asenov, A. (2004). The impact of random doping effects on CMOS SRAM cell. In European solid state circuits conference (pp. 219–222). Washington, DC: IEEE Computer Society.CrossRefGoogle Scholar
  19. DeJean, G., & Kirovski, D. (2006). Making RFIDs unique—radio frequency certificates of authenticity. In IEEE antennas and propagation society international symposium, 9–14 July (pp. 1039–1042). Piscataway: IEEE.CrossRefGoogle Scholar
  20. Deng, J., Hartung, C., Han, R., & Mishra, S. (2005). A practical study of transitory master key establishment forwireless sensor networks. In International conference on security and privacy for emerging areas in communications networks — SECURECOMM’05 (pp. 289–302). Washington, DC: IEEE Computer Society.CrossRefGoogle Scholar
  21. Dodis, Y., Reyzin, M., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In C. Cachin, & J. Camenisch (Eds.), Advances in cryptology—EUROCRYPT 2004, LNCS (Vol. 3027, pp. 523–540). New York: Springer.Google Scholar
  22. Du, W., Deng, J., Han, Y. S., & Varshney, P. K. (2003). A pairwise key pre-distribution scheme for wireless sensor networks. In S. Jajodia, V. Atluri, & T. Jaeger (Eds.), ACM conference on computer and communications security—CCS 2003 (pp. 42–51). New York: ACM.CrossRefGoogle Scholar
  23. Eagle, J. (2002). RFID: The early years 1980-1990.
  24. Engels, D. W., & Sarma, S. (2005). Standardization requirements within the RFID class structure framework. Technical report, Auto-ID Laboratories, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, January.
  25. Eschenauer, L., & Gligor, V. D. (2002). A key-management scheme for distributed sensor networks. In V. Atluri (Ed.), ACM conference on computer and communications security—CCS 2002 (pp. 41–47). New York: ACM.CrossRefGoogle Scholar
  26. Gassend, B. (2003). Physical random functions. Master’s thesis, Computer Science and Artificial Intelligence Laboratory, MIT. Computation Structures Group Memo 458. February.Google Scholar
  27. Gassend, B., Clarke, D., van Dijk, M., & Devadas, S. (2002). Controlled physical random functions. In Annual computer security applications conference—ACSAC 2002 (p. 149). Washington, DC: IEEE Computer Society.CrossRefGoogle Scholar
  28. Gassend, B., Clarke, D. E., van Dijk, M., & Devadas, S. (2002). Silicon physical unknown functions. In V. Atluri, (Ed.), ACM conference on computer and communications security — CCS 2002, November (pp. 148–160). New York: ACM.CrossRefGoogle Scholar
  29. Guajardo, J., Blümel, R., Krieger, U., & Paar, C. (2001). Efficient implementation of elliptic curve cryptosystems on the TI MSP 430x33x family of microcontrollers. In K. Kwangjo (Ed.), International workshop on practice and theory in public key cryptography—PKC 2001, 13–15 February, LNCS (Vol. 1992, pp. 365–382). New York: Springer.Google Scholar
  30. Guajardo, J., Kumar, S. S., Schrijen, G.-J., & Tuyls, P. (2007a). FPGA intrinsic PUFs and their use for IP protection. In P. Paillier, & I. Verbauwhede (Eds.), Cryptographic hardware and embedded systems—CHES 2007, 10–13 September LNCS (Vol. 4727, pp. 63–80). New York: Springer.CrossRefGoogle Scholar
  31. Guajardo, J., Kumar, S. S., Schrijen, G.-J., & Tuyls, P. (2007b). Physical unclonable functions and public key crypto for FPGA IP protection. In International conference on field programmable logic and applications—FPL 2007, 27–30 August (pp. 189–195). Piscataway: IEEE.CrossRefGoogle Scholar
  32. Guajardo, J., Kumar, S. S., Schrijen, G.-J., & Tuyls, P. (2008a). Brand and IP protection with physical unclonable functions. In IEEE international symposium on circuits and systems — ISCAS 2008, 18–21 May (pp. 3186–3189). Piscataway: IEEE.CrossRefGoogle Scholar
  33. Guajardo, J., Tuyls, P., Bird, N., Conrado, C., Maubach, S., Schrijen, G.-J., et al. (2008b). RFID security: Cryptography and physics perspectives. In P. Kitsos, & Y. Zhang (Eds.), RFID security: Techniques, protocols and system-on-chip design. New York: Springer (in press).Google Scholar
  34. Holcomb, D. E., Burleson, W. P., & Fu, K. (2007). Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. Conference on RFID Security 07, 11–13 July.Google Scholar
  35. Holmquist, L. E., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., & Gellersen, H.-W. (2001). Smart-its friends: A technique for users to easily establish connections between smart artefacts. In Ubicomp 2001: Ubiquitous computing, third international conference (pp. 116–122).Google Scholar
  36. Hsu, V., Kahn, J. M., & Pister, K. S. J. (1998). Wireless communications for smart dust. Electronics Research Laboratory Technical Memorandum Number M98/2, University California Berkeley.Google Scholar
  37. ICC Policy Statement (2004). The fight against piracy and counterfeiting of intellectual property. Submitted to the 35th World Congress, Marrakech, Document no 450/986, ICC, 1 June 2004.Google Scholar
  38. Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394, February. Scholar
  39. Juels, A., Pappu, R., & Garfinkel, S. (2005). RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, 3(3), 34–43, May/June. Scholar
  40. Juels, A., & Wattenberg, M. (1999). A fuzzy commitment scheme. In J. Motiwalla, & G. Tsudik (Eds.), ACM conference on computer and communications security—ACM CCS ’99, 1–4 November (pp. 28–36). New York: ACM.CrossRefGoogle Scholar
  41. Kahng, A. B., Lach, J., Mangione-Smith, W. H., Mantik, S., Markov, I. L., Potkonjak, M., et al. (1998). Watermarking techniques for intellectual property protection. In Design automation conference—DAC ’98 (pp. 776–781). New York: ACM.Google Scholar
  42. Kaps, J.-P., Yuksel, K., & Sunar, B. (2005). Energy scalable universal hashing. IEEE Transactions on Computers, 54(12), 1484–1495.CrossRefGoogle Scholar
  43. Kean, T. (2002). Cryptographic rights management of FPGA intellectual property cores. In ACM/SIGDA international symposium on field-programmable gate arrays—FPGA 2002 (pp. 113–118).Google Scholar
  44. Krawczyk, H. (1994). LFSR-based hashing and authentication. In Y. Desmedt (Ed.), Advances in Cryptology - CRYPTO ’94, 21–25 August, LNCS (Vol. 839, pp. 129–139). New York: Springer.Google Scholar
  45. Kuo, C., Luk, M., Negi, R., & Perrig, A. (2007). Message-in-a-bottle: User-friendly and secure key deployment for sensor nodes. In International conference on embedded networked sensor systems—SenSys ’07 (pp. 233–246). New York: ACM.CrossRefGoogle Scholar
  46. Lacey, M. (2006). Panama: Tainted syrup now linked to deaths. The New York Times., October 13, World Briefing — Americas.
  47. Landt, J. (2001). Shrouds of time—The history of RFID. Whitepaper, AIM Inc., 1 October. shrouds_of_time.pdf.
  48. Lester, J., Hannaford, B., & Borriello, G. (2004). “Are you with me?”—using accelerometers to determine if two devices are carried by the same person. In Pervasive computing, second international conference (pp. 33–50).Google Scholar
  49. Lim, D., Lee, J. W., Gassend, B., Suh, G. E., van Dijk, M., & Devadas, S. (2005). Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 13(10), 1200–1205, October.CrossRefGoogle Scholar
  50. Linnartz, J.-P., & Tuyls, P. (2003). New shielding functions to enhance privacy and prevent misuse of biometric templates. In J. Kittler, & M. S. Nixon (Eds.), Audio-and video-based biometrie person authentication—AVBPA 2003, 9–11 June, LNCS (Vol. 2688, pp. 393–402). New York: Springer.CrossRefGoogle Scholar
  51. Liu, D., Ning, P., & Du, W. (2005). Group-based key pre-distribution in wireless sensor networks. In M. Jakobsson, & R. Poovendran (Eds.), ACM workshop on wireless security — WiSe 2005 (pp. 11–20). New York: ACM.CrossRefGoogle Scholar
  52. Lorincz, K., Malan, D., Fulford-Jones, T. R. F., Nawoj, A., Clavel, A., Shnayder, V., et al. (2004). Sensor networks for emergency response: Challenges and opportunities. IEEE pervasive computing, special issue on pervasive computing for first response (pp. 16–23). Oct–Dec.Google Scholar
  53. McCune, J. M., Perrig, A., & Reiter, M. K. (2005). Seeing-is-believing: Using camera phones for human-verifiable authentication. In IEEE symposium on security and privacy — S&P 2005, 8–11 May (pp. 110–124). Los Alamitos: IEEE Computer Society.Google Scholar
  54. Menezes, A., van Oorschot, P., & Vanstone, S. (1997). Handbook of Applied Cryptography. Boca Raton: CRC.Google Scholar
  55. Nevelsteen, W. & Preneel, B. (1999). Software performance of universal hash functions. In J. Stern (Ed.), Advances in cryptology — EUROCRYPT’99, 2–6 May, LNCS (Vol. 1592, pp. 24–41). New York: Springer.Google Scholar
  56. O’Donnel, C. W., Suh, G. E., & Devadas, S. (2004). PUF-based random number generation. Technical Memo MIT-CSAIL-CSG-481, MIT CSAIL, November.Google Scholar
  57. Oren, Y., & Shamir, A. (2006). Power analysis of RFID tags. Original announcement at RSA Conference 2006, 14 February.
  58. Pappu, R. S. (2001). Physical one-way functions. PhD thesis, Massachusetts Institute of Technology, March.
  59. Pappu, R. S., Recht, B., Taylor, J., & Gershenfeld, N. (2002). Physical one-way functions. Science, 297(6), 2026–2030. Scholar
  60. Perrig, A., Stankovic, J. A., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53–57.CrossRefGoogle Scholar
  61. Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., & Culler, D. E. (2002). SPINS: Security protocols for sensor networks. Wireless Networks, 8(5), 521–534.CrossRefGoogle Scholar
  62. Przydatek, B., Xiaodong Song, D., & Perrig, A. (2003). SIA: Secure information aggregation in sensor networks. In I. F. Akyildiz, D. Estrin, D. E. Culler, & M. B. Srivastava (Eds.), International conference on embedded networked sensor systems — SenSys 2003, 5–7 November (pp. 255–265). New York: ACM.CrossRefGoogle Scholar
  63. Ramkumar, M., & Memon, N. (2005). An efficient key predistribution scheme for ad hoc network security. IEEE Journal on Selected Areas in Communications, 23(3), 611–621.CrossRefGoogle Scholar
  64. Rasmussen, K. B., & Capkun, S. (2007). Implications of radio fingerprinting on the security of sensor networks. In International conference on security and privacy in communication networkds—SecureComm 2007, 17–20 September. Piscataway: IEEE.Google Scholar
  65. Sarma, S., & Engels, D. W. (2003). On the future of RFID tags and protocols. Technical report mit-autoid-tr-018, Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, 1 June 2003. Early Released July.
  66. Seevinck, E., List, F. J., & Lohstroh, J. (1987). Static-noise margin analysis of MOS SRAM cells. IEEE Journal of Solid-State Circuits, 22(5), 748–754, Oct.CrossRefGoogle Scholar
  67. Shnayder, V., Chen, B., Lorincz, K., Fulford-Jones, T. R. F., & Welsh, M. (2005). Sensor networks for medical care. In J. Redi, H. Balakrishnan, & F. Zhao (Eds.), International conference on embedded networked sensor systems — SenSys 2005, 2–4 November (p. 314). New York: ACM.CrossRefGoogle Scholar
  68. Shoup, V. (1996). On fast and provably secure message authentication based on universal hashing. In N. Koblitz (Ed.), Advances in cryptology - CRYPTO ’96, 18–22 August, LNCS (Vol. 1109, pp 313–328). New York: Springer.Google Scholar
  69. Simpson, E., & Schaumont, P. (2006). Offline hardware/software authentication for reconfigurable platforms. In L. Goubin, & M. Matsui (Eds.), Cryptographic hardware and embedded systems—CHES 2006, 10–13 October, LNCS (Vol. 4249, pp. 311–323). New York: Springer.CrossRefGoogle Scholar
  70. Staake, T., Thiesse, F., & Fleisch, E. (2005). Extending the EPC network – The potential of RFID in anti-counterfeiting. In A. Omicini, H. Haddad, L. M. Liebrock, & Wainwright, R. L. (Eds.), ACM symposium on applied computing — SAC 2005, 13-17 March (pp. 1607–1612). New York: ACM.CrossRefGoogle Scholar
  71. Stajano, F. (2000). The resurrecting duckling—what next? In B. Christianson, B. Crispo, & M. Roe (Eds.), Security protocols workshop. Revised papers, 3–5 April, LNCS (Vol. 2133, pp. 204–214). New York: Springer.Google Scholar
  72. Stajano, F., & Anderson, R. J. (1999). The resurrecting duckling: Security issues for ad-hoc wireless networks. In B. Christianson, B. Crispo, J. A. Malcolm, M. Roe (Eds.), Security protocols, LNCS, 19–21 April (Vol. 1796, pp. 172–182). New York: Springer.CrossRefGoogle Scholar
  73. Su, Y., Holleman, J., & Otis, B. (2007). A 1.6pJ/bit 96% stable chip-ID generating cicuit using process variations. In ISSCC ’07: IEEE international solid-state circuits conference (pp. 406–408). Washington, DC: IEEE Computer Society.Google Scholar
  74. Tuyls, P., Schrijen, G.-J., S̆korić, B., van Geloven, J., Verhaegh, N., & Wolters, R. (2006). Read-proof hardware from protective coatings. In L. Goubin, & M. Matsui (Eds.), Cryptographic hardware and embedded systems — CHES 2006, 10–13 October, LNCS (Vol. 4249, pp. 369–383). New York: Springer.CrossRefGoogle Scholar
  75. S̆korić, B., Tuyls, P., & Ophey, W. (2005). Robust key extraction from physical uncloneable functions. In J. Ioannidis, A. D. Keromytis, & M. Yung (Eds.), Applied cryptography and network security—ACNS 2005, LNCS (Vol. 3531, pp. 407–422), 7–10 June.Google Scholar
  76. S̆korić, B., Schirjen, G.-J., Ophey, W., Wolters, R., Verhaegh, N., & Geloven, J.v. (2007). Experimental hardware for coating PUFs and optical PUFs. In P. Tuyls, B. S̆korić, & T. Kevenaar (Eds.), Security with noisy data 1st edn. (pp. 255–268). New York: Springer.Google Scholar
  77. Weiser, M. (1991). The computer for the twenty-first century. Scientific American Magazine, 94–100, September.Google Scholar
  78. Werner-Allen, G., Lorincz, K., Welsh, M., Marcillo, O., Johnson, J., Ruiz, M., et al. (2006). Deploying a wireless sensor network on an active volcano. IEEE Internet Computing, 10(2), 18–25.CrossRefGoogle Scholar
  79. Wong, J. L., Feng, J., Kirovski, D., & Potkonjak, M. (2004). Security in sensor networks: watermarking techniques. In C. S. Raghavendra, K. M. Sivalingam, & T. Znati (Eds.), Wireless sensor networks, (pp. 305–323). Dordrecht: Kluwer Academic.Google Scholar
  80. Zhu, S., Setia, S., & Jajodia, S. (2003). Leap: Efficient security mechanisms for large-scale distributed sensor networks. In S. Jajodia, V. Atluri, & T. Jaeger (Eds.), ACM conference on computer and communications security — CCS 2003 (pp. 62–72). New York: ACM.CrossRefGoogle Scholar
  81. Zhu, S., Setia, S., & Jajodia, S. (2006). Leap+: Efficient security mechanisms for large-scale distributed sensor networks. ACM Transactions on Sensor Networks, 2(4), 500–528.CrossRefGoogle Scholar
  82. ZigBee Specification (2005). Technical Report Document 053474r06. Version 1.0, ZigBee Alliance, June.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • Jorge Guajardo
    • 1
  • Boris Škorić
    • 1
  • Pim Tuyls
    • 1
  • Sandeep S. Kumar
    • 1
  • Thijs Bel
    • 1
  • Antoon H. M. Blom
    • 2
  • Geert-Jan Schrijen
    • 1
  1. 1.Philips Research EuropeEindhovenThe Netherlands
  2. 2.Philips Applied TechnologiesEindhovenThe Netherlands

Personalised recommendations