Authenticating and Protecting Digital Information in Portable Devices

Srini Devadas

Secret keys embedded in portable and consumer devices protect owners from electronic fraud and content providers from illegal use of content. Those keys are vulnerable to attack by a motivated adversary or owner, since available protection schemes are too expensive and bulky for most applications. This project proposes Physical Unclonable Functions (PUFs) as a more secure alternative to digital keys.

The conventional way of protecting a digital secret key in a microchip or integrated circuit is to house it in an expensive, tamper-resistant package. PUFs would let the chip itself act as the key. At the microscopic scale, circuits are never identical, even on chips manufactured the same way. The PUF is a simple circuit with a huge number of paths and a sub-circuit that acts as a stopwatch. Timing input delays along a few hundred of the paths can generate a unique fingerprint for each apparently identical chip. That fingerprint can act as a key to, for instance, unlock proprietary software or authenticate an on-line transaction.

With PUFs, each device would be bound to a unique random unclonable function that serves as its identity.

The technology from this project was spun out into a startup company, Verayo, Inc.