Recyclable PUFs: Logically Reconfigurable PUFs

  • Stefan Katzenbeisser
  • Ünal Koçabas
  • Vincent van der Leest
  • Ahmad-Reza Sadeghi
  • Geert-Jan Schrijen
  • Heike Schröder
  • Christian Wachsmann
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6917)


We introduce the concept of Logically Reconfigurable Physical Unclonable Functions (LR-PUFs). In contrast to classical Physically Unclonable Functions (PUFs) LR-PUFs can be dynamically ‘reconfigured’ after deployment such that their challenge/response behavior changes in a random manner. To this end, we amend a conventional PUF with a stateful control logic that transforms challenges and responses of the PUF. We present and evaluate two different constructions for LR-PUFs that are simple, efficient and can easily be implemented. Moreover, we introduce a formal security model for LR-PUFs and prove that both constructions are secure under reasonable assumptions. Finally, we demonstrate that LR-PUFs enable the construction of securely recyclable access tokens, such as electronic tickets: LR-PUFs enhance security against manipulation and forgery, while reconfiguration allows secure re-use of tokens for subsequent transactions.


Hash Function Control Logic Block Cipher Physically Unclonable Function Gate Equiv 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Akdemir, K.D., Wang, Z., Karpovsky, M.G., Sunar, B.: Design of cryptographic devices resilient to fault injection attacks using nonlinear robust codes. In: Fault Analysis in Cryptography (2011)Google Scholar
  2. 2.
    Armknecht, F., Maes, R., Sadeghi, A.R., Standaert, F.X., Wachsmann, C.: A formal foundation for the security features of physical functions. In: IEEE Symposium on Security and Privacy, pp. 397–412. IEEE Computer Society, Los Alamitos (2011)CrossRefGoogle Scholar
  3. 3.
    Armknecht, F., Maes, R., Sadeghi, A.R., Sunar, B., Tuyls, P.: Memory leakage-resilient encryption based on physically unclonable functions. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 685–702. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Armknecht, F., Sadeghi, A.R., Visconti, I., Wachsmann, C.: On RFID privacy with mutual authentication and tag corruption. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 493–510. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    Bogdanov, A., Knudsen, L., Leander, G., Paar, C., Poschmann, A., Robshaw, M., Seurin, Y., Vikkelsoe, C.: PRESENT: An ultra-lightweight block cipher. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 450–466. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  6. 6.
    Californians Against Waste: E-waste laws in other states (April 2011),
  7. 7.
    Calypso Networks Association: Website (April 2011),
  8. 8.
    Courtois, N.T., Nohl, K., O’Neil, S.: Algebraic attacks on the Crypto-1 stream cipher in MiFare Classic and Oyster Cards. Cryptology ePrint Archive, Report 2008/166 (2008)Google Scholar
  9. 9.
    European Commission: Waste electrical and electronic equipment website (April 2011),
  10. 10.
    Garcia, F.D., de Koning Gans, G., Muijrers, R., van Rossum, P., Verdult, R., Schreur, R.W., Jacobs, B.: Dismantling MIFARE classic. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 97–114. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled physical random functions. In: Computer Security Applications Conference, pp. 149–160. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  12. 12.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: ACM Conference on Computer and Communications Security (ACM CCS), pp. 148–160 (2002)Google Scholar
  13. 13.
    Gassend, B., Lim, D., Clarke, D., van Dijk, M., Devadas, S.: Identification and authentication of integrated circuits. Concurrency and Computation: Practice and Experience 16(11), 1077–1098 (2004)CrossRefGoogle Scholar
  14. 14.
    Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Conference on RFID Security (RFIDSec) (2007)Google Scholar
  16. 16.
    Intrinsic ID: Product webpage (April 2011),
  17. 17.
    Juels, A.: RFID security and privacy: A research survey. Journal of Selected Areas in Communication 24(2), 381–395 (2006)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Katzenbeisser, S., Ünal Kocabas, van der Leest, V., Sadeghi, A.R., Schrijen, G.J., Schröder, H., Wachsmann, C.: Recyclable PUFs: Logically reconfigurable PUFs (full version) (June 2011),
  19. 19.
    Kumar, S., Guajardo, J., Maes, R., Schrijen, G.J., Tuyls, P.: Extended abstract: The butterfly PUF protecting IP on every FPGA. In: IEEE Workshop on Hardware-Oriented Security and Trust (HOST), pp. 67–70 (2008)Google Scholar
  20. 20.
    Kursawe, K., Sadeghi, A.R., Schellekens, D., Tuyls, P., Scoric, B.: Reconfigurable physical unclonable functions — Enabling technology for tamper-resistant storage. In: IEEE International Workshop on Hardware-Oriented Security and Trust (HOST), pp. 22–29. IEEE Computer Society, San Francisco (2009)CrossRefGoogle Scholar
  21. 21.
    Lai, X., Massey, J.: Hash functions based on block ciphers. In: Rueppel, R.A. (ed.) EUROCRYPT 1992. LNCS, vol. 658, pp. 55–70. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  22. 22.
    Lao, Y., Parhi, K.K.: Novel reconfigurable silicon unclonable functions. In: Workshop on Foundations of Dependable and Secure Cyber-Physical Systems (FDSCPS) (April 11, 2011)Google Scholar
  23. 23.
    Lee, J.W., Lim, D., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication application. In: Symposium on VLSI Circuits, pp. 176–179 (2004)Google Scholar
  24. 24.
    van der Leest, V., Schrijen, G.J., Handschuh, H., Tuyls, P.: Hardware intrinsic security from D flip-flops. In: ACM Workshop on Scalable Trusted Computing (ACM STC), pp. 53–62 (2010)Google Scholar
  25. 25.
  26. 26.
    Lim, D., Lee, J.W., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Transactions on VLSI Systems 13(10), 1200–1205 (2005)CrossRefGoogle Scholar
  27. 27.
    Lin, L., Holcomb, D., Krishnappa, D.K., Shabadi, P., Burleson, W.: Low-power sub-threshold design of secure physical unclonable functions. In: ACM/IEEE International Symposium on Low Power Electronics and Design (ISLPED), pp. 43–48 (2010)Google Scholar
  28. 28.
    Maes, R., Tuyls, P., Verbauwhede, I.: Intrinsic PUFs from flip-flops on reconfigurable devices. In: Workshop on Information and System Security (WISSec), p. 17 (2008)Google Scholar
  29. 29.
    Maes, R., Verbauwhede, I.: Physically unclonable functions: A study on the state of the art and future research directions. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. Information Security and Cryptography, pp. 3–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  30. 30.
    Maiti, A., Casarona, J., McHale, L., Schaumont, P.: A large scale characterization of RO-PUF. In: IEEE Symposium on Hardware-Oriented Security and Trust (HOST), pp. 94–99 (2010)Google Scholar
  31. 31.
    Monnet, Y., Renaudin, M., Leveugle, R.: Designing resistant circuits against malicious faults injection using asynchronous logic. IEEE Trans. Comput. 55, 1104–1115 (2006), CrossRefGoogle Scholar
  32. 32.
    Nohl, K., Plötz, H.: MiFare — Little security despite obscurity (2007),
  33. 33.
    NXP Semiconductors: MiFare applications (April 2008),
  34. 34.
    NXP Semiconductors: MiFare smartcard ICs (February 2011),
  35. 35.
    Octopus Holdings: Website (April 2011),
  36. 36.
    OV-Chipkaart: Website (April 2011),
  37. 37.
    Öztürk, E., Hammouri, G., Sunar, B.: Towards robust low cost authentication for pervasive devices. In: IEEE International Conference on Pervasive Computing and Communications (PERCOM 2008). IEEE Computer Society, Los Alamitos (2008)Google Scholar
  38. 38.
    Pappu, R.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology (March 2001)Google Scholar
  39. 39.
    Pappu, R.S., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297, 2026–2030 (2002)CrossRefGoogle Scholar
  40. 40.
    Ranasinghe, D.C., Engels, D.W., Cole, P.H.: Security and privacy: Modest proposals for low-cost RFID systems. In: Auto-ID Labs Research Workshop (September 2004)Google Scholar
  41. 41.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: ACM conference on Computer and communications security (ACM CCS), pp. 237–249 (2010)Google Scholar
  42. 42.
    Sadeghi, A.R., Visconti, I., Wachsmann, C.: PUF-enhanced RFID security and privacy. In: Workshop on Secure Component and System Identification, SECSI (2010)Google Scholar
  43. 43.
    Schreur, R.W., van Rossum, P., Garcia, F., Teepe, W., Hoepman, J.H., Jacobs, B., de Koning Gans, G., Verdult, R., Muijrers, R., Kali, R., Kali, V.: Security flaw in MiFare Classic (March 2008),
  44. 44.
    Skorobogatov, S.: Semi-invasive attacks — A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge, 15 JJ Thomson Avenue, Cambridge CB03 0FD, UK (April 2005)Google Scholar
  45. 45.
    Skorobogatov, S.: Local heating attacks on Flash memory devices. In: IEEE International Workshop on Hardware-Oriented Security and Trust (HOST 2009), pp. 1–6. IEEE, Los Alamitos (July 27, 2009)CrossRefGoogle Scholar
  46. 46.
    Soybali, M., Ors, B., Saldamli, G.: Implementation of a PUF circuit on an FPGA. In: IFIP International Conference on New Technologies Mobility and Security (2011)Google Scholar
  47. 47.
    Su, Y., Holleman, J., Otis, B.: A 1.6pJ/bit 96% stable chip-ID generating circuit using process variations. In: IEEE International Solid-State Circuits Conference (ISSCC), pp. 406–611 (2007)Google Scholar
  48. 48.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Design Automation Conference, pp. 9–14 (2007)Google Scholar
  49. 49.
    Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  50. 50.
    Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  51. 51.
    Verayo, Inc.: Product webpage (April 2011),
  52. 52.
    Škorić, B., Tuyls, P., Ophey, W.: Robust key extraction from physical uncloneable functions. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 407–422. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  53. 53.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and privacy aspects of low-cost radio frequency identification systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 50–59. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  54. 54.

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Stefan Katzenbeisser
    • 1
  • Ünal Koçabas
    • 1
  • Vincent van der Leest
    • 2
  • Ahmad-Reza Sadeghi
    • 3
  • Geert-Jan Schrijen
    • 2
  • Heike Schröder
    • 1
  • Christian Wachsmann
    • 1
  1. 1.Technische Universität Darmstadt (CASED)Germany
  2. 2.Intrinsic-IDEindhovenThe Netherlands
  3. 3.Technische Universität Darmstadt and Fraunhofer SIT DarmstadtGermany

Personalised recommendations