An attack on PUF-Based session key exchange and a hardware-based countermeasure: erasable PUFs

Authors:
Ulrich Rührmair;Christian Jaeger;Michael Algasinger
Affiliations:
Computer Science Department, Technische Universität München, Garching, Germany;Walter Schottky Institut, Technische Universität München, Garching, Germany;Walter Schottky Institut, Technische Universität München, Garching, Germany
Venue:
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Year:
2011

Citing 10
Cited 1

Identification and authentication of integrated circuits: Research Articles

Concurrency and Computation: Practice & Experience - Computer Security
Physical unclonable functions for device authentication and secret key generation

Proceedings of the 44th annual Design Automation Conference
FPGA Intrinsic PUFs and Their Use for IP Protection

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Lightweight secure PUFs

Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design
Extended abstract: The butterfly PUF protecting IP on every FPGA

HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Reconfigurable Physical Unclonable Functions - Enabling technology for tamper-resistant storage

HST '09 Proceedings of the 2009 IEEE International Workshop on Hardware-Oriented Security and Trust
Modeling attacks on physical unclonable functions

Proceedings of the 17th ACM conference on Computer and communications security
Oblivious transfer based on physical unclonable functions

TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
Read-proof hardware from protective coatings

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Security applications of diodes with unique current-voltage characteristics

FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security

A formal definition and a new security mechanism of physical unclonable functions

MMB'12/DFT'12 Proceedings of the 16th international GI/ITG conference on Measurement, Modelling, and Evaluation of Computing Systems and Dependability and Fault Tolerance

Quantified Score

Hi-index	0.00

Visualization

Abstract

We observe a security issue in protocols for session key exchange that are based on Strong Physical Unclonable Functions (PUFs). The problem is illustrated by cryptanalyzing a recent scheme of Tuyls and Skoric [1], which has been proposed for use in a bank card scenario. Under realistic assumptions, for example that the adversary Eve can eavesdrop the communication between the players and gains physical access to the PUF twice, she can derive previous session keys in this scheme. The observed problem seems to require the introduction of a new PUF variant, so-called "Erasable PUFs". Having defined this new primitive, we execute some first steps towards its practical implementation, and argue that Erasable PUFs could be implemented securely via ALILE-based crossbar structures.