Reliable Secret Sharing With Physical Random Functions

A Physical Random Function (PUF) is a random function that maps challenges to responses and that can only be evaluated with the help of a complex physical system. It stores key material as a combination of large amounts of hard to measure physical state. If a PUF can only be accessed via an algorithm that is physically linked to the PUF in an inseparable way (i.e., any attempt to circumvent the algorithm will lead to the destruction of the PUF), then it can be used to establish a shared secret key between a remote user and a physical device with the PUF. Once established, the secret key can be used for a wide range of applications including certified execution and software licensing. A practical implementation of a PUF does not immediately lead to a function; the responses are noisy. To make the PUF reliable, together with the challenge, extra redundant information is provided to the PUF. The redundant information is used to correct the noise and generate the shared key. The input to the PUF is transmitted over a public channel, hence, any adversary learns the redundant information and may (in combination with information obtained by experiments with PUFs) distill knowledge about the shared key. To make the PUF securely reliable, we introduce one-pass protocols which can be used for certified execution of a program with encrypted input. We show that the existence of such protocols is equivalent to the existence of fuzzy extractors. We present a practical example based on experiments with chip realizations of silicon PUFs (SPUFs). Finally, we show how responses can be reused in identifying and authenticating SPUFs while staying resistant against replay attacks. This work was funded by Acer Inc., Delta Electronics Inc., HP Corp., NTT Inc., Nokia Research Center, and Philips Research under the MIT Project Oxygen partnership. Visiting researcher from Philips Research, Prof Holstlaan 4, Eindhoven, The Netherlands. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Copyright 2004 ACM X-XXXXX-XX-X/XX/XX ...$5.00.