server performs a fuzzy match across a
reference set of preselected responses
(collected during provisioning) for the
entire population to determine which
device is being accessed. Then the server can fetch the corresponding authentication verification model for that device, to be used for the authentication
phase. The nonvolatile storage bits on
the chip that would otherwise be used
to store the serial number to identify
the device can be eliminated.
In certain use cases, where the RFID/
NFC is used for identification only, and
no on-chip data storage is needed to
store ancillary data associated with a
tagged product, it may be possible to
eliminate all nonvolatile storage from
an RFID/NFC device by using a PUF to
provide the identification. Eliminating
on-chip nonvolatile storage is a potential source for savings in terms of silicon area and manufacturing cost.
Authentication. Item-level authentication is an obvious use case for the
challenge/response silicon PUF. This
is a case of server-to-device entity authentication. As mentioned previously,
it is also possible to run the entity authentication protocol in the reverse
direction, for device-to-server entity authentication. In the lockdown protocol
scenario,
20 running the entity authentication in both directions is used to
limit response-bits exposure.
It is possible to extend the aforementioned mutual entity
authentication functionality to perform data
authentication and, in particular, to
authenticate a relatively small number
of data bytes. This protocol extension
provides server-to-device data authentication as well as device-to-server data
authentication. For example, a read/
write interface can be implemented between the server and the device, so only
authenticated read/write commands
from the server are acted upon by the
device. If the server read/write commands are modified in transit, the device could detect the bit modifications.
This can be achieved by incorporat-
ing the data bytes as a part of the chal-
lenge. The server first receives the serial
number (id) from the device as well as a
device-side challenge Cd. Then it sends
to the device a server-side challenge Cs,
command bytes B, and a response R,
where R = PUFid (Cs || Cd || B) emu-
lated using the server-side model. The
individual without the burden of spe-
cialized reader hardware distribution.
Identification, Authentication,
Authorization
In 2004, Bruce Schneier wrote about the
importance of distinguishing three interrelated security services: identification,
authentication, and authorization.
13
While we have discussed PUFs mostly in
the context of item-level authentication,
they can also be used to provide each of
the three security services.
Identification. As described by Schneier, an identifier needs to distinguish one
member of a population from another
member. Schneier also stated that conventional human biometric measurements such as fingerprint scans or iris
scans cannot be used for identification;
a separate identifier is needed so the biometric reading can be matched against
a single reference biometric template
vs. all the templates for the population.
This is because, for a human biometric
reading, if a match is performed across
all templates in a population, the collision probability is too high (for example, on the order of 1 in 10,000 or 1
in 100,00010, 18). This means that out of a
reasonably sized population larger than
a small city, there is a high probability
that two biometric readings would be
regarded as coming from the same individual if a separate identifier were not
used. Human biometrics can be used
for authentication if a person has already
been identified through other means.
When a silicon PUF is used, the collision probability can be made well below those for human biometrics—for
example, it can be made below 1 in 1
trillion without the use of a separate
public identifier. A silicon PUF implementation can scale the uniqueness
information content better than a human biometric scheme, allowing the
former to be used for identification.
Although the NFC PUF IC implementation described earlier uses a serial
number to identify the device, if a challenge/response PUF authentication occurs, it is feasible to use the PUF to
identify the device. A preselected challenge,
possibly hardwired into the chip, can
have the corresponding preselected
response designated as an identifier.
When different devices are queried,
each device outputs a unique preselected response that is possibly noisy. The
A modern
NFC-enabled
smartphone,
when used with
a PUF NFC tag,
democratizes
authentication,
putting the power
of authentication
in the hands of a
private individual
without the burden
of specialized
reader hardware
distribution.