Thank you for reaching out PUFsecurity’s blog!
This blog will be retired in June 2023.
Please visit our new resource library and subscribe to the newsletter on pufsecurity.com.
Abstract
Due to the emerging technology nature of PUF as new security primitives and the lack of comprehensive understandings on specific vulnerabilities that PUFs might introduce and the specific attacker models that are germane to PUFs, currently we are facing a situation that not only the methodologies and criteria for testing and assessing the security of PUFs are still evolving, but also the effective mitigations and secure design rules are still under intensive research.
In this column, we will first discuss the importance of providing high security assurance in PUF. Next, we will address the potential vulnerabilities of PUFs and the limitations of the existing PUF security testing/verification approaches. Finally, we will assert why and how formal methods can be used to significantly improve the security verification of PUF and raise the confidence level in PUF security assurance.
Introduction
PUF began to gain attention in the smartcard market during 2010 to 2013 as a promising way to provide “silicon fingerprints” and creating cryptographic keys that are unique to individual smartcards. Nowadays, PUF has even established itself as a secure alternative to battery-backed storage of secret keys (e.g., HSM, TPM) in commercial FPGAs and SoCs, such as the Xilinx Zynq Ultrascale and Altera Stratix 10. Due to the emerging technology nature of PUFs as new security primitives and the lack of comprehensive understandings on specific vulnerabilities that PUFs might introduce and the specific attacker models that are germane to PUFs, we face a situation that not only the methodologies and criteria for testing and assessing the security of PUFs are still evolving, but also the effective mitigations and secure design rules are still under intensive research…
Please read the complete content on our new resource library.