Physically Unclonable Functions (PUFs) are computer hardware circuits, or hardware security primitives, that can easily be built into computer chips. They are expected to become essential in securing next generation communication / authentication protocols among Internet of Things devices. However, much PUF research has been ad hoc and experimental in nature, with little fundamental understanding of their strengths and limits. For example, while ideally the behavior of a PUF should be unpredictable, thus unclonable, some "strong" PUFs have been shown to be "machine learnable". This means that by overhearing a large amount of the data exhibited by the PUF during communication phases, it is possible to predict the behavior of the PUF with high accuracy, thus enabling an attacker to mimic the PUF behavior, posing a dire challenge to the security foundation. Why this is possible is not fully understood, and this project's goal is to develop a new framework for understanding, in a systematic, theoretically explained way, the fundamental limits and properties of PUFs. This has the potential to transform how strong PUFs should be designed and used for authentication in fundamental ways: ad hoc approaches will be replaced by provably optimal designs built on sound theory to leverage the full potential of these functions.
PUFs are promising as fundamental security primitives that, when mass fabricated on chips, may provide devices with a low-cost digital "fingerprint" by exploiting the random disorder in the manufacturing process. This PUF "fingerprint" provides richer content than a simple barcode by offering a unique output function that may be "challenged" with an input bit vector. As each input interacts with the random elements in the architectural configuration to produce a "response," such challenge-response pairs (CRPs) provided by the PUF can be used to uniquely identify or authenticate a device. The investigators aim to find out---analytically in closed form expressions--- how predictable a PUF becomes given knowledge of a (small) set of observed CRPs. This problem is approached through a new collaboration between two female researchers with expertise in computer engineering and information theory. PUFs will be modeled statistically, which will allow for the derivation of conditional probability mass functions (and associated provably optimal predictors) of the PUF response to one (or more) challenge(s) given knowledge of the response to one (or more) other challenge(s).
This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.