Abstract
Virtually all applications which provide or require a security service need a secret key. In an ambient world, where (potentially) sensitive information is continually being gathered about us, it is critical that those keys be both securely deployed and safeguarded from compromise. In this paper, we provide solutions for secure key deployment and storage of keys in sensor networks and radio frequency identification systems based on the use of Physical Unclonable Functions (PUFs). In addition, to providing an overview of different existing PUF realizations, we introduce a PUF realization aimed at ultra-low cost applications. We then show how the properties of Fuzzy Extractors or Helper Data algorithms can be used to securely deploy secret keys to a low cost wireless node. Our protocols are more efficient (round complexity) and allow for lower costs compared to previously proposed ones. We also provide an overview of PUF applications aimed at solving the counterfeiting of goods and devices.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
We use the term RFID in this paper in very broad sense. In particular, we consider an RFID tag as any device that communicates in the radio frequency range of the spectrum and that can be used for identification purposes. For a taxonomy of RFID tags see for example Sarma and Engels (2003), Engels and Sarma (2005).
There are known tamper resistance methods to protect cryptographic material but, to our knowledge, none that would be economically viable for cheap applications such as RFID or sensor nodes.
Note that this stands in sharp contrast to Quantum Cryptography where cloning is impossible due to the basic laws of nature. In the case of PUFs, there is a very small (but non-zero) probability that the structure can be cloned.
As in Bellare and Rogaway (1993), we do not consider it to be an attack if the adversary only relays messages between the intended parties as this can not be prevented. In this case, (as noted in Bellare and Rogaway (1993)) the adversary is simply acting as a wire. Thus, a man-in-the-middle attack requires modification of the messages as well.
References
Anderson, R., Chan, H., & Perrig, A. (2004). Key infection: Smart trust for smart dust. In IEEE international conference on network protocols — ICNP 2004 (pp. 206–215). IEEE Computer Society, 5–8 October.
Balfanz, D., Smetters, D. K., Stewart, P., & Chi Wong, H. (2002). Talking to strangers: Authentication in ad-hoc wireless networks. In Network and distributed system security symposium — NDSS 2002.
Bellaouar, A., & Elmasry, M. I. (1995). Low-power digital VLSI design. Circuits and systems (1st ed.). Dordrecht: Kluwer Academic.
Bellare, M., & Rogaway, P. (1993). Entity authentication and key distribution. In D. R. Stinson (Ed.), Advances in cryptology — CRYPTO ’93, 22–26 August, LNCS (Vol. 773, pp. 232–249). New York: Springer.
Bhavnagarwala, A. J., Tang, X., & Meindl, J. D. (2001). The impact of intrinsic device fluctuations on CMOS SRAM cell stability. IEEE Journal of Solid-State Circuits, 36(4), 658–665, April.
Bird, N., Conrado, C., Guajardo, J., Maubach, S., Schrijen, G.-J., S̆korić, B., et al. (2007). ALGSICS—combining physics and cryptography to enhance security and privacy in RFID systems. In F. Stajano, C. Meadows, S. Capkun, & T. Moore (Eds.), Security and privacy in ad-hoc and sensor networks — ESAS 2007, 2–3 July, LNCS (Vol. 4572, pp. 187–202). New York: Springer.
Bono, S., Green, M., Stubblefield, A., Juels, A., Rubin, A., & Szydlo, M. (2005). Security analysis of a cryptographically-enabled rfid device. In P. McDaniel (Ed.), USENIX security symposium—security ’05 (pp. 1–16).
Boyen, X. (2004). Reusable cryptographic fuzzy extractors. In V. Atluri, B. Pfitzmann, & P. D. McDaniel (Eds.), ACM conference on computer and communications security — ACM CCS 2004, 25–29 October (pp. 82–91). New York: ACM.
Boyen, X., Dodis, Y., Katz, J., Ostrovsky, R., & Smith, A. (2005). Secure remote authentication using biometric data. In R. Cramer (Ed.), Advances in cryptology — eurocrypt 2005, LNCS (Vol. 3494, pp. 147–163). New York: Springer.
Cagalj, M., Capkun, S., & Hubaux, J. (2006). Key agreement in peer-to-peer wireless networks. Proceedings of the IEEE (Special Issue on Cryptography and Security), 94(2).
Carluccio, D., Kasper, T., & Paar, C. (2006). Implementation details of a multi purpose ISO 14443 RFID -tool. Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 181–197. ECRYPT Network of Excellence, July. http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm.
Carluccio, D., Lemke, K., & Paar, C. (2006). E-passport: The global traceability or how to feel like an ups package. Printed handout of Workshop on RFID Security – RFIDSec 06, pp. 167–180. ECRYPT Network of Excellence, July. http://events.iaik.tugraz.at/RFIDSec06/Program/index.htm.
Carter, L., & Wegman, M. N. (1979). Universal classes of hash functions. Journal of Computer and System Sciences, 18(2), 143–154.
Castelluccia, C., & Francillon, A. (2007). TinyRNG, a cryptographic random number generator for wireless sensor network nodes. In International symposium on modeling and optimization in mobile, ad hoc, and wireless networks — IEEE WiOpt 2007. IEEE, April.
Castelluccia, C., & Mutaf, P. (2005). Shake them up!: A movement-based pairing protocol for CPU-constrained devices. In K. G. Shin, D. Kotz, & B. D. Noble, (Eds.), International conference on mobile systems, applications, and services — MobiSys ’05 (pp. 51–64). New York: ACM.
Chan, H., & Perrig, A. (2003). Security and privacy in sensor networks. IEEE Computer, 36(10), 103–105.
Chan, H., Perrig, A., & Song, D. (2003). Random key predistribution schemes for sensor networks. In IEEE symposium on security and privacy — S&P 2003 (pp. 197–215). Los Alamitos: IEEE Computer Society.
Cheng, B., Roy, S., & Asenov, A. (2004). The impact of random doping effects on CMOS SRAM cell. In European solid state circuits conference (pp. 219–222). Washington, DC: IEEE Computer Society.
DeJean, G., & Kirovski, D. (2006). Making RFIDs unique—radio frequency certificates of authenticity. In IEEE antennas and propagation society international symposium, 9–14 July (pp. 1039–1042). Piscataway: IEEE.
Deng, J., Hartung, C., Han, R., & Mishra, S. (2005). A practical study of transitory master key establishment forwireless sensor networks. In International conference on security and privacy for emerging areas in communications networks — SECURECOMM’05 (pp. 289–302). Washington, DC: IEEE Computer Society.
Dodis, Y., Reyzin, M., & Smith, A. (2004). Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In C. Cachin, & J. Camenisch (Eds.), Advances in cryptology—EUROCRYPT 2004, LNCS (Vol. 3027, pp. 523–540). New York: Springer.
Du, W., Deng, J., Han, Y. S., & Varshney, P. K. (2003). A pairwise key pre-distribution scheme for wireless sensor networks. In S. Jajodia, V. Atluri, & T. Jaeger (Eds.), ACM conference on computer and communications security—CCS 2003 (pp. 42–51). New York: ACM.
Eagle, J. (2002). RFID: The early years 1980-1990. http://members.surfbest.net/eaglesnest/rfidhist.htm.
Engels, D. W., & Sarma, S. (2005). Standardization requirements within the RFID class structure framework. Technical report, Auto-ID Laboratories, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, January. http://ken.mit.edu/web/.
Eschenauer, L., & Gligor, V. D. (2002). A key-management scheme for distributed sensor networks. In V. Atluri (Ed.), ACM conference on computer and communications security—CCS 2002 (pp. 41–47). New York: ACM.
Gassend, B. (2003). Physical random functions. Master’s thesis, Computer Science and Artificial Intelligence Laboratory, MIT. Computation Structures Group Memo 458. February.
Gassend, B., Clarke, D., van Dijk, M., & Devadas, S. (2002). Controlled physical random functions. In Annual computer security applications conference—ACSAC 2002 (p. 149). Washington, DC: IEEE Computer Society.
Gassend, B., Clarke, D. E., van Dijk, M., & Devadas, S. (2002). Silicon physical unknown functions. In V. Atluri, (Ed.), ACM conference on computer and communications security — CCS 2002, November (pp. 148–160). New York: ACM.
Guajardo, J., Blümel, R., Krieger, U., & Paar, C. (2001). Efficient implementation of elliptic curve cryptosystems on the TI MSP 430x33x family of microcontrollers. In K. Kwangjo (Ed.), International workshop on practice and theory in public key cryptography—PKC 2001, 13–15 February, LNCS (Vol. 1992, pp. 365–382). New York: Springer.
Guajardo, J., Kumar, S. S., Schrijen, G.-J., & Tuyls, P. (2007a). FPGA intrinsic PUFs and their use for IP protection. In P. Paillier, & I. Verbauwhede (Eds.), Cryptographic hardware and embedded systems—CHES 2007, 10–13 September LNCS (Vol. 4727, pp. 63–80). New York: Springer.
Guajardo, J., Kumar, S. S., Schrijen, G.-J., & Tuyls, P. (2007b). Physical unclonable functions and public key crypto for FPGA IP protection. In International conference on field programmable logic and applications—FPL 2007, 27–30 August (pp. 189–195). Piscataway: IEEE.
Guajardo, J., Kumar, S. S., Schrijen, G.-J., & Tuyls, P. (2008a). Brand and IP protection with physical unclonable functions. In IEEE international symposium on circuits and systems — ISCAS 2008, 18–21 May (pp. 3186–3189). Piscataway: IEEE.
Guajardo, J., Tuyls, P., Bird, N., Conrado, C., Maubach, S., Schrijen, G.-J., et al. (2008b). RFID security: Cryptography and physics perspectives. In P. Kitsos, & Y. Zhang (Eds.), RFID security: Techniques, protocols and system-on-chip design. New York: Springer (in press).
Holcomb, D. E., Burleson, W. P., & Fu, K. (2007). Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. Conference on RFID Security 07, 11–13 July.
Holmquist, L. E., Mattern, F., Schiele, B., Alahuhta, P., Beigl, M., & Gellersen, H.-W. (2001). Smart-its friends: A technique for users to easily establish connections between smart artefacts. In Ubicomp 2001: Ubiquitous computing, third international conference (pp. 116–122).
Hsu, V., Kahn, J. M., & Pister, K. S. J. (1998). Wireless communications for smart dust. Electronics Research Laboratory Technical Memorandum Number M98/2, University California Berkeley.
ICC Policy Statement (2004). The fight against piracy and counterfeiting of intellectual property. Submitted to the 35th World Congress, Marrakech, Document no 450/986, ICC, 1 June 2004.
Juels, A. (2006). RFID security and privacy: A research survey. IEEE Journal on Selected Areas in Communications, 24(2), 381–394, February. http://www.rsasecurity.com/rsalabs/node.asp?id=2029.
Juels, A., Pappu, R., & Garfinkel, S. (2005). RFID privacy: An overview of problems and proposed solutions. IEEE Security and Privacy, 3(3), 34–43, May/June. http://www.rsasecurity.com/rsalabs/node.asp?id=2029.
Juels, A., & Wattenberg, M. (1999). A fuzzy commitment scheme. In J. Motiwalla, & G. Tsudik (Eds.), ACM conference on computer and communications security—ACM CCS ’99, 1–4 November (pp. 28–36). New York: ACM.
Kahng, A. B., Lach, J., Mangione-Smith, W. H., Mantik, S., Markov, I. L., Potkonjak, M., et al. (1998). Watermarking techniques for intellectual property protection. In Design automation conference—DAC ’98 (pp. 776–781). New York: ACM.
Kaps, J.-P., Yuksel, K., & Sunar, B. (2005). Energy scalable universal hashing. IEEE Transactions on Computers, 54(12), 1484–1495.
Kean, T. (2002). Cryptographic rights management of FPGA intellectual property cores. In ACM/SIGDA international symposium on field-programmable gate arrays—FPGA 2002 (pp. 113–118).
Krawczyk, H. (1994). LFSR-based hashing and authentication. In Y. Desmedt (Ed.), Advances in Cryptology - CRYPTO ’94, 21–25 August, LNCS (Vol. 839, pp. 129–139). New York: Springer.
Kuo, C., Luk, M., Negi, R., & Perrig, A. (2007). Message-in-a-bottle: User-friendly and secure key deployment for sensor nodes. In International conference on embedded networked sensor systems—SenSys ’07 (pp. 233–246). New York: ACM.
Lacey, M. (2006). Panama: Tainted syrup now linked to deaths. The New York Times. http://www.nytimes.com, October 13, World Briefing — Americas.
Landt, J. (2001). Shrouds of time—The history of RFID. Whitepaper, AIM Inc., 1 October. http://www.transcore.com/pdf/AIM shrouds_of_time.pdf.
Lester, J., Hannaford, B., & Borriello, G. (2004). “Are you with me?”—using accelerometers to determine if two devices are carried by the same person. In Pervasive computing, second international conference (pp. 33–50).
Lim, D., Lee, J. W., Gassend, B., Suh, G. E., van Dijk, M., & Devadas, S. (2005). Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, 13(10), 1200–1205, October.
Linnartz, J.-P., & Tuyls, P. (2003). New shielding functions to enhance privacy and prevent misuse of biometric templates. In J. Kittler, & M. S. Nixon (Eds.), Audio-and video-based biometrie person authentication—AVBPA 2003, 9–11 June, LNCS (Vol. 2688, pp. 393–402). New York: Springer.
Liu, D., Ning, P., & Du, W. (2005). Group-based key pre-distribution in wireless sensor networks. In M. Jakobsson, & R. Poovendran (Eds.), ACM workshop on wireless security — WiSe 2005 (pp. 11–20). New York: ACM.
Lorincz, K., Malan, D., Fulford-Jones, T. R. F., Nawoj, A., Clavel, A., Shnayder, V., et al. (2004). Sensor networks for emergency response: Challenges and opportunities. IEEE pervasive computing, special issue on pervasive computing for first response (pp. 16–23). Oct–Dec.
McCune, J. M., Perrig, A., & Reiter, M. K. (2005). Seeing-is-believing: Using camera phones for human-verifiable authentication. In IEEE symposium on security and privacy — S&P 2005, 8–11 May (pp. 110–124). Los Alamitos: IEEE Computer Society.
Menezes, A., van Oorschot, P., & Vanstone, S. (1997). Handbook of Applied Cryptography. Boca Raton: CRC.
Nevelsteen, W. & Preneel, B. (1999). Software performance of universal hash functions. In J. Stern (Ed.), Advances in cryptology — EUROCRYPT’99, 2–6 May, LNCS (Vol. 1592, pp. 24–41). New York: Springer.
O’Donnel, C. W., Suh, G. E., & Devadas, S. (2004). PUF-based random number generation. Technical Memo MIT-CSAIL-CSG-481, MIT CSAIL, November.
Oren, Y., & Shamir, A. (2006). Power analysis of RFID tags. Original announcement at RSA Conference 2006, 14 February. http://www.wisdom.weizmann.ac.il/~yossio/rfid/.
Pappu, R. S. (2001). Physical one-way functions. PhD thesis, Massachusetts Institute of Technology, March. http://pubs.media.mit.edu/pubs/papers/01.03.pappuphd.powf.pdf.
Pappu, R. S., Recht, B., Taylor, J., & Gershenfeld, N. (2002). Physical one-way functions. Science, 297(6), 2026–2030. http://web.media.mit.edu/~brecht/papers/02.PapEA.powf.pdf.
Perrig, A., Stankovic, J. A., & Wagner, D. (2004). Security in wireless sensor networks. Communications of the ACM, 47(6), 53–57.
Perrig, A., Szewczyk, R., Tygar, J. D., Wen, V., & Culler, D. E. (2002). SPINS: Security protocols for sensor networks. Wireless Networks, 8(5), 521–534.
Przydatek, B., Xiaodong Song, D., & Perrig, A. (2003). SIA: Secure information aggregation in sensor networks. In I. F. Akyildiz, D. Estrin, D. E. Culler, & M. B. Srivastava (Eds.), International conference on embedded networked sensor systems — SenSys 2003, 5–7 November (pp. 255–265). New York: ACM.
Ramkumar, M., & Memon, N. (2005). An efficient key predistribution scheme for ad hoc network security. IEEE Journal on Selected Areas in Communications, 23(3), 611–621.
Rasmussen, K. B., & Capkun, S. (2007). Implications of radio fingerprinting on the security of sensor networks. In International conference on security and privacy in communication networkds—SecureComm 2007, 17–20 September. Piscataway: IEEE.
Sarma, S., & Engels, D. W. (2003). On the future of RFID tags and protocols. Technical report mit-autoid-tr-018, Auto-ID Center, Massachusetts Institute of Technology, Cambridge, MA 02139-4307, USA, 1 June 2003. Early Released July. http://www.epcglobalinc.org/standards_technology/specifications.html.
Seevinck, E., List, F. J., & Lohstroh, J. (1987). Static-noise margin analysis of MOS SRAM cells. IEEE Journal of Solid-State Circuits, 22(5), 748–754, Oct.
Shnayder, V., Chen, B., Lorincz, K., Fulford-Jones, T. R. F., & Welsh, M. (2005). Sensor networks for medical care. In J. Redi, H. Balakrishnan, & F. Zhao (Eds.), International conference on embedded networked sensor systems — SenSys 2005, 2–4 November (p. 314). New York: ACM.
Shoup, V. (1996). On fast and provably secure message authentication based on universal hashing. In N. Koblitz (Ed.), Advances in cryptology - CRYPTO ’96, 18–22 August, LNCS (Vol. 1109, pp 313–328). New York: Springer.
Simpson, E., & Schaumont, P. (2006). Offline hardware/software authentication for reconfigurable platforms. In L. Goubin, & M. Matsui (Eds.), Cryptographic hardware and embedded systems—CHES 2006, 10–13 October, LNCS (Vol. 4249, pp. 311–323). New York: Springer.
Staake, T., Thiesse, F., & Fleisch, E. (2005). Extending the EPC network – The potential of RFID in anti-counterfeiting. In A. Omicini, H. Haddad, L. M. Liebrock, & Wainwright, R. L. (Eds.), ACM symposium on applied computing — SAC 2005, 13-17 March (pp. 1607–1612). New York: ACM.
Stajano, F. (2000). The resurrecting duckling—what next? In B. Christianson, B. Crispo, & M. Roe (Eds.), Security protocols workshop. Revised papers, 3–5 April, LNCS (Vol. 2133, pp. 204–214). New York: Springer.
Stajano, F., & Anderson, R. J. (1999). The resurrecting duckling: Security issues for ad-hoc wireless networks. In B. Christianson, B. Crispo, J. A. Malcolm, M. Roe (Eds.), Security protocols, LNCS, 19–21 April (Vol. 1796, pp. 172–182). New York: Springer.
Su, Y., Holleman, J., & Otis, B. (2007). A 1.6pJ/bit 96% stable chip-ID generating cicuit using process variations. In ISSCC ’07: IEEE international solid-state circuits conference (pp. 406–408). Washington, DC: IEEE Computer Society.
Tuyls, P., Schrijen, G.-J., S̆korić, B., van Geloven, J., Verhaegh, N., & Wolters, R. (2006). Read-proof hardware from protective coatings. In L. Goubin, & M. Matsui (Eds.), Cryptographic hardware and embedded systems — CHES 2006, 10–13 October, LNCS (Vol. 4249, pp. 369–383). New York: Springer.
S̆korić, B., Tuyls, P., & Ophey, W. (2005). Robust key extraction from physical uncloneable functions. In J. Ioannidis, A. D. Keromytis, & M. Yung (Eds.), Applied cryptography and network security—ACNS 2005, LNCS (Vol. 3531, pp. 407–422), 7–10 June.
S̆korić, B., Schirjen, G.-J., Ophey, W., Wolters, R., Verhaegh, N., & Geloven, J.v. (2007). Experimental hardware for coating PUFs and optical PUFs. In P. Tuyls, B. S̆korić, & T. Kevenaar (Eds.), Security with noisy data 1st edn. (pp. 255–268). New York: Springer.
Weiser, M. (1991). The computer for the twenty-first century. Scientific American Magazine, 94–100, September.
Werner-Allen, G., Lorincz, K., Welsh, M., Marcillo, O., Johnson, J., Ruiz, M., et al. (2006). Deploying a wireless sensor network on an active volcano. IEEE Internet Computing, 10(2), 18–25.
Wong, J. L., Feng, J., Kirovski, D., & Potkonjak, M. (2004). Security in sensor networks: watermarking techniques. In C. S. Raghavendra, K. M. Sivalingam, & T. Znati (Eds.), Wireless sensor networks, (pp. 305–323). Dordrecht: Kluwer Academic.
Zhu, S., Setia, S., & Jajodia, S. (2003). Leap: Efficient security mechanisms for large-scale distributed sensor networks. In S. Jajodia, V. Atluri, & T. Jaeger (Eds.), ACM conference on computer and communications security — CCS 2003 (pp. 62–72). New York: ACM.
Zhu, S., Setia, S., & Jajodia, S. (2006). Leap+: Efficient security mechanisms for large-scale distributed sensor networks. ACM Transactions on Sensor Networks, 2(4), 500–528.
ZigBee Specification (2005). Technical Report Document 053474r06. Version 1.0, ZigBee Alliance, June.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Guajardo, J., Škorić, B., Tuyls, P. et al. Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions. Inf Syst Front 11, 19–41 (2009). https://doi.org/10.1007/s10796-008-9142-z
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-008-9142-z