The present embodiments relate to deriving a device-specific value from a physical unclonable function.
Physical unclonable functions are known for the purpose of reliably identifying objects based on intrinsic physical properties. A physical property of an article (e.g., a semiconductor circuit) is used as an individual fingerprint in this context. A physical unclonable function has a challenge applied to the physical unclonable function and delivers a response that, when cloning the device, is meant to be ungeneratable when the same challenge is applied. A response is meant to be unpredictable and hence not able, even if the challenge is known, to be produced on another, cloned circuit. Hence, authentication may be achieved by the physical unclonable function (e.g., by virtue of a response or a value derived therefrom), such as a cryptographic key, being able to be generated only if there is access to the unaltered, unmanipulated circuit with the physical unclonable function implemented thereon.
Similarly, a physical unclonable function may be used to test whether a device or semiconductor circuit is an original product. In this case, too, a response is evaluated, for example, that may not be generated on a cloned or manipulated device or semiconductor circuit.
In the context of cryptographic security mechanisms, there is provision for the use of physical unclonable functions in order to avoid storing a cryptographic key in a memory or manually inputting the key. The production of a cryptographic key by applying a challenge to a physical unclonable function is a secure key memory.
In the context of the production of cryptographic keys and when using a physical unclonable function for checking identity or testing originality, a device-specific or hardware-specific identifier is to be provided in reproducible form.
The prior art includes physical unclonable functions or challenges that are applied to the physical unclonable function being tested in an initialization phase for their suitability for use for key derivation or authenticity testing. In this context, it is, for example, generally known practice to use a static random access memory (SRAM) physical unclonable function (PUF). An initial state of memory cell is used as a device-specific property. This requires a check to determine which memory cells are stable. Only stable cells are used for the subsequent ascertainment of a key or identifier.
The use of physical unclonable functions for producing cryptographic keys involves the use of Fuzzy Key Extractors, which use auxiliary data records to perform an error correction code method. Production of the auxiliary data is complex, and auxiliary data records that are produced are to be stored in suitable memory chips. This provides reproducible and secure generation of a cryptographic key. At the same time, the auxiliary data is to not contain a reference to the key, so that an error correction code is complex to produce.
Regardless of whether production of a device-specific cryptographic key or identifier involves the use of the raw response values from a physical unclonable function or of post-processed responses, the problem frequently arises in practice that the bit values obtained for a physical unclonable function have a bias (e.g., tend predominantly either toward bit values of 0 or toward bit values of 1). The information-theoretic entropy per data bit is thus less than 1 bit. The post-processing of responses from a physical unclonable function requires more data as input than may be attained as output. To achieve a particular level of security, a complex post-processing method is thus also provided for the entropy per data bit. If a PUF configuration has a strong tendency in the responses toward one bit value (e.g., a tendency toward 0 for the bits of a multibit response), then it is easier to guess keys, and the security of a cryptographic method is reduced. Distinction between different devices or an integrity check accordingly also requires the same bit pattern to be prevented from appearing repeatedly.