Abstract
Physical unclonable functions (PUFs), physical objects that are practically
unclonable because of their andom and uncontrollable manufacturing variations,
are becoming increasingly popular as security primitives and unique identifiers
in a fully digitized world. One of the central PUF premises states that both
friends and foes, both legitimate manufacturers and external attackers alike,
cannot clone a PUF, producing two instances that are the same. Using the latest
nanofabrication techniques, we show that this premise is not always met: We
demonstrate the possibility of effective PUF duplication through sophisticated
manufacturers by producing 63 copies of a non-trivial optical scattering
structure which exhibit essentially the same scattering behavior. The remaining
minuscule differences are close to or below noise levels, whence the duplicates
have to be considered fully equivalent from a PUF perspective. The possibility
for manufacturer-based optical PUF duplication has positive and negative
consequences at the same time: While fully breaking the security of certain
schemes, it enables new applications, too. For example, it facilitates
unforgeable labels for valuable items; the first key-free group identification
schemes over digital networks; or new types of encryption/decryption devices
that do not contain secret keys.
unclonable because of their andom and uncontrollable manufacturing variations,
are becoming increasingly popular as security primitives and unique identifiers
in a fully digitized world. One of the central PUF premises states that both
friends and foes, both legitimate manufacturers and external attackers alike,
cannot clone a PUF, producing two instances that are the same. Using the latest
nanofabrication techniques, we show that this premise is not always met: We
demonstrate the possibility of effective PUF duplication through sophisticated
manufacturers by producing 63 copies of a non-trivial optical scattering
structure which exhibit essentially the same scattering behavior. The remaining
minuscule differences are close to or below noise levels, whence the duplicates
have to be considered fully equivalent from a PUF perspective. The possibility
for manufacturer-based optical PUF duplication has positive and negative
consequences at the same time: While fully breaking the security of certain
schemes, it enables new applications, too. For example, it facilitates
unforgeable labels for valuable items; the first key-free group identification
schemes over digital networks; or new types of encryption/decryption devices
that do not contain secret keys.
Original language | English |
---|---|
Number of pages | 9 |
Publication status | Published - 26 Dec 2022 |