Author:

Abstract:

Physically unclonable functions or PUFs are innovative physical security primitives which produce unclonable and inherent instance-specific measurements of physical objects; PUFs are in many ways the inanimate equivalent of biometrics for human beings. Since they are able to securely generate and store secrets, PUFs allow to bootstrap the physical implementation of an information security system. In this thesis, we discuss PUFs in all their facets: the multitude of their physical constructions, the algorithmic and physical properties which describe them, and the techniques required to deploy them in security applications. We present our contributions on each of these aspects.We first give an unprecedented extensive overview and classification of PUF constructions, with a focus on intrinsic PUFs. We identify significant subclasses, implementation properties and general design techniques used to amplify sub-microscopic physical distinctions into observable digital response vectors. We list the useful properties attributed to PUFs and capture them in descriptive yet clear definitions. Through an elaborate comparative analysis, we distinguish truly PUF-defining properties from nice-to-have but not strictly required qualities. Additionally, we describe a formal framework for deploying PUFs and similar physical primitives in cryptographic reductions.In order to objectively compare the quality of different PUF constructions, we contributed to the development of a silicon test platform carrying six different intrinsic PUF structures. Based on experimental data from 192 distinct test devices, including measurements at temperature and supply voltage corner cases, we assess the reliability, the uniqueness and the unpredictability of each of these constructions and summarize them in concise yet meaningful statistics.Their instance-specific and unclonable nature enables to use PUFs as entity identifiers. In combination with appropriate processing algorithms, they can even authenticate entities and securely generate and store secrets. We present new techniques to achieve PUF-based entity identification, entity authentication, and secure key generation. We additionally propose practical designs implementing these techniques, and derive and calculate meaningful measures for assessing the performance of different PUF constructions in these applications based on the quality of their response statistics. Finally, as a proof of concept, we present a fully functional prototype implementation of a PUF-based cryptographic key generator, demonstrating the full benefit of using PUFs and the efficiency of the introduced processing techniques.