Identities for Embedded Systems Enabled by Physical Unclonable Functions

  • Dominik Merli
  • Georg Sigl
  • Claudia Eckert
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8260)


Embedded systems, such as automotive control units, industrial automation systems, RFID tags or mobile devices are dominated by integrated circuits implementing their functionality. Since these systems operate in increasingly networked or untrusted environments, their protection against attacks and malicious manipulations becomes a critical security issue. Physical Unclonable Functions (PUFs) represent an interesting solution to enable security on embedded systems, since they allow identification and authentication of CMOS devices without non-volatile memory. In this paper, we explain benefits and applications of PUFs and give an overview of popular implementations. Further, we show that PUFs face hardware as well as modeling attacks. Therefore, specific analyses and hardening has to be performed, in order to establish PUFs as a reliable security primitive for embedded systems.


Physical Unclonable Functions Applications Implementations Attacks Countermeasures 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R.J.: Security Engineering: A Guide to Building Dependable Distributed Systems, 1st edn. John Wiley & Sons, Inc., New York (2001)Google Scholar
  2. 2.
    Beckmann, N., Potkonjak, M.: Hardware-based public-key cryptography with public physically unclonable functions. In: Katzenbeisser, S., Sadeghi, A.-R. (eds.) IH 2009. LNCS, vol. 5806, pp. 206–220. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  3. 3.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on FPGAs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Chen, Q., Csaba, G., Lugli, P., Schlichtmann, U., Rührmair, U.: The bistable ring PUF: A new architecture for strong physical unclonable functions. In: IEEE Int. Symposium on Hardware-Oriented Security and Trust (June 2011)Google Scholar
  5. 5.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Esbach, T., Fumy, W., Kulikovska, O., Merli, D., Schuster, D., Stumpf, F.: A new security architecture for smartcards utilizing PUFs. In: Proceedings of the 14th Information Security Solutions Europe Conference (ISSE 2012). Vieweg+Teubner Verlag (2012)Google Scholar
  7. 7.
    Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier. Technical report, Symantex Security Response (February 2011)Google Scholar
  8. 8.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 148–160. ACM, New York (2002)Google Scholar
  10. 10.
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Hiller, M., Merli, D., Stumpf, F., Sigl, G.: Complementary IBS: Application specific error correction for PUFs. In: 2012 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6 (June 2012)Google Scholar
  12. 12.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  13. 13.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: WOST 1999: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p. 2. USENIX Association, Berkeley (1999)Google Scholar
  15. 15.
    Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S.: Experimental security analysis of a modern automobile. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 447–462 (May 2010)Google Scholar
  16. 16.
    Krawczyk, H.: LFSR-based hashing and authentication. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 129–139. Springer, Heidelberg (1994)Google Scholar
  17. 17.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Merli, D., Heyszl, J., Heinz, B., Schuster, D., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of RO PUFs. In: Proceedings of the IEEE Int. Symposium of Hardware-Oriented Security and Trust. IEEE (June 2013)Google Scholar
  19. 19.
    Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In: 6th Workshop on Embedded Systems Security (WESS 2011), Taipei, Taiwan. ACM (October 2011)Google Scholar
  20. 20.
    Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Side-channel analysis of PUFs and fuzzy extractors. In: McCune, J.M., Balacheff, B., Perrig, A., Sadeghi, A.-R., Sasse, A., Beres, Y. (eds.) Trust 2011. LNCS, vol. 6740, pp. 33–47. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Merli, D., Stumpf, F., Sigl, G.: Protecting PUF error correction by codeword masking. Cryptology ePrint Archive, Report 2013/334 (2013),
  22. 22.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smard Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Rührmair, U.: Simpl systems: On a public key variant of physical unclonable functions. Technical report, Cryptology ePrint Archive, International Association for Cryptologic Research (2009)Google Scholar
  24. 24.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 237–249. ACM, New York (2010)CrossRefGoogle Scholar
  25. 25.
    Skorobogatov, S.P.: Semi-invasive attacks – A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge, Computer Laboratory (April 2005)Google Scholar
  26. 26.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE Design Automation Conference, DAC 2007, pp. 9–14 (2007)Google Scholar
  27. 27.
    Tuyls, P., Schrijen, G.-J., Škorić, B., van Geloven, J., Verhaegh, N., Wolters, R.: Read-proof hardware from protective coatings. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 369–383. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  28. 28.
    Yu, M.-D.M., Devadas, S.: Secure and robust error correction for physical unclonable functions. IEEE Des. Test 27(1), 48–65 (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Dominik Merli
    • 1
  • Georg Sigl
    • 2
  • Claudia Eckert
    • 3
  1. 1.Fraunhofer Research Institution for Applied and Integrated Security (AISEC)MunichGermany
  2. 2.Institute for Security in Information TechnologyTechnische Universität MünchenMunichGermany
  3. 3.Department of Computer Science, Chair for IT SecurityTechnische Universität MünchenMunichGermany

Personalised recommendations