PUFs, protection, privacy, PRNGs: an overview of physically unclonable functions

Presented at 33C3 (2016), Dec. 29, 2016, 10:45 p.m. (30 minutes).

A physically unclonable function, or PUF, is some physical structure with properties that are easy to verify, hard to predict, and practically impossible to clone. Ideally, this means it's a device-unique unchanging identifier, which can be used for improving security. However, it can be at odds with privacy and anonymity. This talk will give you an overview of the thirty years of history behind PUFs, and will include the most recent advances in research. The functions, structure, and design will be discussed, as well as devices and materials that have properties to base PUFs on.

What do CPU registers, sticks of RAM, shared memory in GPUs, and paper have in common? They all have unique properties that are impossible[1] to reproduce, even when using the same manufacturing process. These properties can be turned into physically unclonable functions, or PUFs for short, yielding an object-bound unique identifier. This makes you trackable, but since you're being tracked anyway, you might as well put some of this to good use.

The idea of PUFs is not new, and can be traced back several decades to anti-counterfeiting measures in currency. Since then, several formalizations have been proposed, new types of PUFs have been invented, implemented, attacked, and scrutinized. PUFs can be used to identify and authenticate devices. They can be used to secure your boot process. Some PUF constructions can be used to enhance your random number generation. You might be using devices right now that have properties that can be turned into PUFs, provided you have the tools and want to do some programming.

This talk will take you on a brief tour of the history of PUFs. Along the way, it will show you how a PUF is constructed, what its properties should be, what it can be used for, what materials and devices are known to be suitable for building one, and how you might go about searching for them in your own devices.

[1] For certain definitions of impossible.


Presenters:

  • Pol Van Aubel
    Pol Van Aubel is a frequent attendee of CCC and hacker camps. He's a PhD student in the Digital Security group at Radboud University Nijmegen, the Netherlands, trying to improve the security of industrial control systems with research focusing on efficient anomaly detection for real-time systems. He also does some research on physically unclonable functions. He teaches courses on software and network security to first- and second-year Bachelor's students. Online he goes by the handle MacGyver, which was once thrust upon him for always carrying a Swiss army knife and duct tape. He is a Hurricane Electric certified IPv6 Sage, loves good coffee, and has many stickers on his laptop.

Links:

Similar Presentations: