Skip to main content
SpringerLink
Log in

Robust Authentication Using Physically Unclonable Functions

  • Conference paper
Information Security (ISC 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Included in the following conference series:

Abstract

In this work we utilize a physically unclonable function (PUF) to improve resilience of authentication protocols to various types of compromise. As an example application, we consider users who authenticate at an ATM using their bank-issued PUF and a password. We present a scheme that is provably secure and achieves strong security properties. In particular, we ensure that (i) the user is unable to authenticate without her device; (ii) the device cannot be used by someone else to successfully authenticate as the user; (iii) the device cannot be duplicated (e.g., by a bank employee); (iv) an adversary with full access to the bank’s personal and authentication records is unable to impersonate the user even if he obtains access to the device before and/or after the setup; (v) the device does not need to store any information. We also give an extension that endows the solution with emergency capabilities: if a user is coerced into opening her secrets and giving the coercer full access to the device, she gives the coercer alternative secrets whose use notifies the bank of the coercion in such a way that the coercer is unable to distinguish between emergency and normal operation of the protocol.

Portions of this work were supported by grants NSF-CNS-0627488 and AFOSR-FA9550-09-1-0223, and by sponsors of CERIAS.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Clark, J., Hengartner, U.: Panic passwords: Authenticating under duress. In: USENIX Workshop on Hot Topics in Security, HotSec 2008 (2008)

    Google Scholar 

  2. Suh, G., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: DAC, pp. 9–14 (2007)

    Google Scholar 

  3. Ozturk, E., Hammouri, G., Sunar, B.: Towards robust low cost authentication for pervasive devices. In: IEEE International Conference on Pervasive Computing and Communications, pp. 170–178 (2008)

    Google Scholar 

  4. Simpson, E., Schaumont, P.: Offline hardware/software authentication for reconfigurable platforms. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 311–323. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  5. Guajardo, J., Kumar, S., Schrijen, G.J., Tuyls, P.: Physical unclonable functions and public-key crypto for FPGA IP protection. In: International Conference on Field Programmable Logic and Applications, pp. 189–195 (2007)

    Google Scholar 

  6. Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Tuyls, P., Batina, L.: RFID-tags for anti-counterfeiting. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 115–131. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Bolotnyy, L., Robins, G.: Physically unclonable function-based security and privacy in RFID systems. In: IEEE International Conference on Pervasive Computing and Communications (PerCom 2007), pp. 211–220 (2007)

    Google Scholar 

  9. Batina, L., Guajardo, J., Kerins, T., Mentens, N., Tuyls, P., Verbauwhede, I.: Public-key cryptography for RFID-tags. In: Pervasive Computing and Communications Workshops, pp. 217–222 (2007)

    Google Scholar 

  10. Hammouri, G., Sunar, B.: PUF-HB: A tamper-resilient HB based authentication protocol. In: Bellovin, S.M., Gennaro, R., Keromytis, A.D., Yung, M. (eds.) ACNS 2008. LNCS, vol. 5037, pp. 346–365. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Hammouri, G., Ozturk, E., Birand, B., Sunar, B.: Unclonable lightweight authentication scheme. In: Chen, L., Ryan, M.D., Wang, G. (eds.) ICICS 2008. LNCS, vol. 5308, pp. 33–48. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  12. Park, Y.M., Park, S.K.: Two factor authenticated key exchange (TAKE) protocol in public wireless LANs. IEICE Transactions on Communications E87-B(5), 1382–1385 (2004)

    Google Scholar 

  13. Pietro, R.D., Me, G., Strangio, M.: A two-factor mobile authentication scheme for secure financial transactions. In: International Conference on Mobile Business (ICMB 2005), pp. 28–34 (2005)

    Google Scholar 

  14. Bhargav-Spantzel, A., Sqicciarini, A., Modi, S., Young, M., Bertino, E., Elliott, S.: Privacy preserving multi-factor authentication with biometrics. Journal of Computer Security 15(5), 529–560 (2007)

    Article  Google Scholar 

  15. Stebila, D., Udupi, P., Chang, S.: Multi-factor password-authenticated key exchange. Technical Report ePrint Cryptology Archive 2008/214 (2008)

    Google Scholar 

  16. Boyen, X.: Reusable cryptographic fuzzy extractors. In: ACM Conference on Computer and Communications Security (CCS 2004), pp. 82–91 (2004)

    Google Scholar 

  17. Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: ACM Conference on Computer and Communications Security (CCS 2002), pp. 148–160 (2002)

    Google Scholar 

  18. Skoric, B., Tuyls, P.: Secret key generation from classical physics. Philips Research Book Series (2005)

    Google Scholar 

  19. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. Chaum, D., Evertse, J.H., van de Graaf, J.: An improved protocol for demonstrating possession of discrete logarithms and some generalizations. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 127–141. Springer, Heidelberg (1988)

    Chapter  Google Scholar 

  21. Schnorr, C.: Efficient signature generation by smart cards. Journal of Cryptology 4(3), 161–174 (1991)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science and Software Engineering, Miami University, USA

    Keith B. Frikken

  2. Department of Computer Science and Engineering, University of Notre Dame, USA

    Marina Blanton

  3. Department of Computer Science, Purdue University, USA

    Mikhail J. Atallah

Authors
  1. Keith B. Frikken
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marina Blanton
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mikhail J. Atallah
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy

    Pierangela Samarati

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy

    Fabio Martinelli

  4. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy

    Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Frikken, K.B., Blanton, M., Atallah, M.J. (2009). Robust Authentication Using Physically Unclonable Functions. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-04474-8_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-04473-1

  • Online ISBN: 978-3-642-04474-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation