Today, a wide variety of applications—from banking to access control to electronic passports—are based on identity cards, i.e. smart cards. These can be equipped with cryptographic modules and guarantee a high level of security for systems and users. However, designers and manufacturers of smartcards and security ICs are continuously aiming at further enhancing their cards' security.
In order to further improve security of an identity card, Physical Unclonable Functions (PUFs) can be provided. PUFs are functions embodied in physical structures which are easy to evaluate but hard to predict. Furthermore, implementations are difficult to duplicate, even if the exact manufacturing process is known and available. Consequently, security architectures based on PUFs promise inherent unclonability, physical tamper resistance and secure establishment of device-unique cryptographic keys. Well-known bare silicon PUFs aim at ensuring the security of the circuit itself but do not grant tamper resistance to the card in which it is embedded.
The challenge-response behaviour of a PUF is determined by sub-micron physical characteristics formed by manufacturing process variations which are not reproducible, not even by the original manufacturer. PUFs enable the generation of a device-unique secret based on physical properties rather than on binary memory mechanisms such as fuses. During the last decade, several PUF constructions have been proposed and realized as described in Lim, Daihyun and Lee, Jae W. and Gassend, Blaise and Suh, G. Edward and van Dijk, Marten and Devadas, Srinivas, Extracting secret keys from integrated circuits. In IEEE Transactions on Very Large Scale Integration (VLSI) Systems, volume 13, no 10, pages 1200-1205. IEEE, 2005. Further reference is made to Thomas Esbach, Walter Fumy, Olga Kulikovska, Dominik Merli, Dieter Schuster, Frederic Stumpf, “A new security architecture for smartcards utilising PUFs”, to be published in “Securing Electronic Business Processes—Highlights of the Information Security Solutions Europe 2012 Conference”.
PUFs are usually based on silicon structures and utilize tiny deviations in the electronic circuitry well below the tolerances of fabrication processes. These non-reproducible deviations make the circuitry unique and are often referred to as ‘chip fingerprints’.
However, in spite of intensive research, PUF implementations remain few and far between and are rarely considered in the context of high-end security architectures.