A physical unclonable function (PUF) is a disordered physical system that can be challenged with external stimuli, and that reacts to the external stimuli to produce a response, resulting in a challenge-response pair. The concept of a challenge-response pair is well-known in the field of security, and a PUF is a hardware-based security concept in which a disordering of the physical system, commonly on a nano-scale, is relied upon in producing the response to the challenge, such that the response depends on the particular instantiation of the system. That is to say, for a given challenge, the response of the device is unique to a device in the sense that a clone of the device will respond with a different response.
Early PUF systems were generally optical systems. It has long been known that the speckle pattern of reflection of laser light from a surface is unpredictable, due to the micro- or nano-scale disordering or roughness of most surfaces, and optical-based PUFs make use of this disorder to provide a “fingerprint” speckle pattern which is unique to the specific individual surface. Since a copy or clone of the device will not have an identical surface, the speckle pattern will be different, and it may thus be possible to uniquely identify the device.
It is also known to produce magnetic PUFs based on the nanoscale disordering of particles in thin-film magnetic layers, and coating-based PUFS which typically utilise randomly distributed dielectric materials resulting in unpredictable capacitance fields.
Silicon (or other semiconductor) based PUFs may be desirable, due to the vast experience in semiconductor technology. An example of a silicon device based PUF is a SRAM (static random access memory) PUF. These are based on the repeatable, but unpredictable, differences between individual cells in a memory array, due to variations e.g. in doping levels. An example of such a SRAM PUF is described by J. Guajardo, S. et al, in “FPGA intrinsic PUFs and their use for IP protection”, Cryptographic Hardware and Embedded Systems—CHES 2007, pages 63-80. However SRAM PUFs are generally considered to be “weak” in a cryptographic sense. It would be desirable to provide an alternative type of physical unclonable function.