Protection Profile for PUF-Based Devices

  • Andrea Kolberger
  • Ingrid Schaumüller-Bichl
  • Verena Brunner
  • Martin Deutschmann
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 428)


Physically Unclonable Functions (PUFs) are a promising technology in cryptographic application areas. The idea of PUFs is to make use of the unique “fingerprint” of the IC, to enable generation of secrets or keys without storing sensitive data permanently in memory. Since PUFs are “noisy” functions, some kind of post processing is required to reliably reconstruct the respective PUF response. Based on potential threats and vulnerabilities as well as the security requirements for PUF-based tokens we developed a draft version of a Protection Profile according to Common Criteria. This paper discusses the central parts of this Protection Profile, namely the Target of Evaluation (TOE), PUF-specific security functional requirements (SFRs), and requirements on the operational environment regarding the whole life cycle of the TOE.


Post Processing Common Criterion Post Processing Method SRAM Cell Helper Data 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and General Model. CCMB-2012-09-001, Version 3.1, Revision 4 (September 2012)Google Scholar
  2. 2.
    Common Criteria for Information Technology Security Evaluation, Part 2: Security Functional Components. CCMB-2012-09-002, Version 3.1, Revision 4 (September 2012)Google Scholar
  3. 3.
    Common Criteria for Information Technology Security Evaluation, Part 3: Security Assurance Components. CCMB-2012-09-003, Version 3.1, Revision 4 (September 2012)Google Scholar
  4. 4.
    Eurosmart Security IC Platform Protection Profile. Version 1.0, BSI-PP-0035 (June 2007)Google Scholar
  5. 5.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient Helper Data Key Extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. SIAM Journal on Computing, 38(1):97–139 (2008)Google Scholar
  7. 7.
    Fruhashi, K., Shiozaki, M., Fukushima, A., Murayama, T., Fujino, T.: The arbiter-PUF with high uniqueness utilizing novel arbiter circuit with Delay-Time Measurement. In: IEEE International Symposium on Circuits and Systems (ISCAS) 2011, pp. 2325–2328 (2011)Google Scholar
  8. 8.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled Physical Random Functions. In: IEEE (ed.) Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC 2002), USA (2002)Google Scholar
  9. 9.
    Handschuh, H.: Hardware-Anchored Security Based on SRAM PUFs, Part 1. IEEE Security Privacy 10(3), 80–83 (2012)CrossRefGoogle Scholar
  10. 10.
    Van Herrewege, A., Katzenbeisser, S., Maes, R., Peeters, R., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 374–389. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  11. 11.
    Maes, R., Verbauwhede, I.: Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions. In: Sadeghi, A.-R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, Information Security and Cryptography, pp. 3–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Schrijen, G.-J., van der Leest, V.: Comparative analysis of SRAM memories used as PUF primitives. In: Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1319–1324 (2012)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2014

Authors and Affiliations

  • Andrea Kolberger
    • 1
  • Ingrid Schaumüller-Bichl
    • 1
  • Verena Brunner
    • 2
  • Martin Deutschmann
    • 2
  1. 1.Department Secure Information SystemsUniversity of Applied Sciences Upper AustriaHagenbergAustria
  2. 2.Technikon Forschungs- und Planungsgesellschaft mbHVillach

Personalised recommendations