Towards a Unified Security Model for Physically Unclonable Functions

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9610)


The use of Physically Unclonable Functions (PUFs) in cryptographic protocols attracted an increased interest over recent years. Since sound security analysis requires a concise specification of the alleged properties of the PUF, there have been numerous trials to provide formal security models for PUFs. However, all these approaches have been tailored to specific types of applications or specific PUF instantiations. For the sake of applicability, composability, and comparability, however, there is a strong need for a unified security model for PUFs (to satisfy, for example, a need to answer whether a future protocol requirements match a new and coming PUF realization properties).

In this work, we propose a PUF model which generalizes various existing PUF models and includes security properties that have not been modeled so far. We prove the relation between some of the properties, and also discuss the relation of our model to existing ones.


Physically unclonable function Security model Specifications 


  1. 1.
    Armknecht, F., Maes, R., Sadeghi, A., Standaert, F., Wachsmann, C.: A formalization of the security features of physical functions. In: IEEE S&P 2011, pp. 397–412. IEEE Computer Society (2011)Google Scholar
  2. 2.
    Armknecht, F., Maes, R., Sadeghi, A.-R., Sunar, B., Tuyls, P.: Memory leakage-resilient encryption based on physically unclonable functions. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 685–702. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Boureanu, I., Ohkubo, M., Vaudenay, S.: The limits of composable crypto with transferable setup devices. In: Bao, F., Miller, S., Zhou, J., Ahn, G. (eds.) ASIACCS 2015, pp. 381–392. ACM (2015)Google Scholar
  5. 5.
    Boyen, X.: Reusable cryptographic fuzzy extractors. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) ACMCCS 2004, pp. 82–91. ACM (2004)Google Scholar
  6. 6.
    Brzuska, C., Fischlin, M., Schröder, H., Katzenbeisser, S.: Physically uncloneable functions in the universal composition framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 51–70. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Busch, H., Katzenbeisser, S., Baecher, P.: PUF-based authentication protocols – revisited. In: Youm, H.Y., Yung, M. (eds.) WISA 2009. LNCS, vol. 5932, pp. 296–308. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Dachman-Soled, D., Fleischhacker, N., Katz, J., Lysyanskaya, A., Schröder, D.: Feasibility and infeasibility of secure computation with malicious PUFs. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part II. LNCS, vol. 8617, pp. 405–420. Springer, Heidelberg (2014)Google Scholar
  9. 9.
    Delvaux, J., Gu, D., Peeters, R., Verbauwhede, I.: A survey on lightweight entity authentication with strong PUFs. IACR Cryptology ePrint Archive, p. 977 (2014)Google Scholar
  10. 10.
    van Dijk, M., Rührmair, U.: Physical unclonable functions in cryptographic protocols: security proofs and impossibility results. Cryptology ePrint Archive, Report 2012/228 (2012)Google Scholar
  11. 11.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)CrossRefMathSciNetzbMATHGoogle Scholar
  12. 12.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) ACMCCS 2002, pp. 148–160. ACM (2002)Google Scholar
  13. 13.
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Hammouri, G., Sunar, B.: PUF-HB: a tamper-resilient HB based authentication protocol. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 346–365. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)CrossRefMathSciNetzbMATHGoogle Scholar
  16. 16.
    Hofer, M., Boehm, C.: An alternative to error correction for SRAM-like PUFs. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 335–350. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Kardas, S., Celik, S., Bingöl, M.A., Kiraz, M.S., Demirci, H., Levi, A.: k-strong privacy for radio frequency identification authentication protocols based on physically unclonable functions. Wire;. Commun. Mob. Comput 15, 2150–2166 (2013)CrossRefGoogle Scholar
  18. 18.
    Katzenbeisser, S., Kocabaş, U., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  19. 19.
    Krishna, A.R., Narasimhan, S., Wang, X., Bhunia, S.: MECCA: a robust low-overhead PUF using embedded memory array. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 407–420. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    Maes, R.: Physically Unclonable Functions - Constructions, Properties and Applications. Springer, Heidelberg (2013)CrossRefzbMATHGoogle Scholar
  21. 21.
    Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  22. 22.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Majzoobi, M., Rostami, M., Koushanfar, F., Wallach, D.S., Devadas, S.: Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching. In: IEEE S&P 2012, pp. 33–44. IEEE Computer Society (2012)Google Scholar
  24. 24.
    Oren, Y., Sadeghi, A.-R., Wachsmann, C.: On the effectiveness of the remanence decay side-channel to clone memory-based PUFs. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 107–125. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  25. 25.
    Ostrovsky, R., Scafuro, A., Visconti, I., Wadia, A.: Universally composable secure computation with (malicious) physically uncloneable functions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 702–718. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  26. 26.
    Pappu, R.: Physical one-way functions. PhD thesis, MIT (2001)Google Scholar
  27. 27.
    Rührmair, U., van Dijk, M.: Pufs in security protocols: attack models and security evaluations. In: IEEE S&P 2013, pp. 286–300. IEEE Computer Society (2013)Google Scholar
  28. 28.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACMCCS 2010, pp. 237–249. ACM (2010)Google Scholar
  29. 29.
    Sadeghi, A., Visconti, I., Wachsmann, C.: PUF-enhanced RFID security and privacy. In: SECSI (2010), pp. 366–382 (2010)Google Scholar
  30. 30.
    Saha, I., Jeldi, R.R., Chakraborty, R.S.: Model building attacks on physically unclonable functions using genetic programming. In: HOST 2013, pp. 41–44. IEEE Computer Society (2013)Google Scholar
  31. 31.
    Tuyls, P., Skoric, B.: Strong authentication with physical unclonable functions. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy, and Trust in Modern Data Management, pp. 133–148. Springer, Heidelberg (2007)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.University of MannheimMannheimGermany
  2. 2.NICTKoganeiJapan
  3. 3.TU DarmstadtDarmstadtGermany
  4. 4.Google and Columbia UniversityNew YorkUSA

Personalised recommendations