PUFs 'n Stuff: Getting the most of the digital world through physical identities

Presented at TROOPERS17 (2017), March 21, 2017, 11:30 a.m. (Unknown duration).

Physically un-clonable functions (PUFs) can be used to provide good sources of device-specific keying material without needing specialized hardware. These functions expose the manufacturing variance that naturally occurs during the fabrication of modern ICs. A few PUFs present on common systems will be discussed and demonstrated as part of the open-source PUFLib before the talk will show how these functions can be used to provide the basis for seamless DLP, watermarking and device authentication to captive portals. This talk aims to show how it's possible to draw the physical world into the digital domain for enhanced security and assurances of trust by tying identity to physical traits that cannot easily be stolen over passwords/keys that only reside in (cloneable) software.


Presenters:

  • Anders Fogh
    Anders Fogh is a co-founder and the vice president of engineering at Protect Software GmbH. He has led numerous low level engineering efforts in the past 11 years. Prior to that he worked at VOB GmbH and Pinnacle System where he was responsible for major developments in video and CD/DVD recording software. Since 1993 he has been an avid malware hobbyist and has reverse engineering experience with operating systems from DOS to present day OSs as well as devices ranging from DVD players to USB sticks. He holds a master's degree in economics from the University of Aarhus. He was the first to suggest a software solution to the row hammer bug and spoke at Black Hat 2015 with Nishat Herath on the topic of using performance counters for security outcomes.
  • Jacob Torrey
    Jacob is an Advising Research Engineer at Assured Information Security, Inc. where he leads the Computer Architectures group and acts as the site lead for the Colorado branch. Jacob has worked extensively with low-level x86 and MCU architectures, having written a BIOS, OS, hypervisor and SMM handler. His major interest is how to (mis)use an existing architecture to implement a capability currently beyond the limitations of the architecture. He has spoken at many top-tier security conferences including Black Hat USA, THREADS, SysCan and ORNL's CISRC as well having his work profiled by WIRED.

Links:

Similar Presentations: