Physically Unclonable Digital ID

2015 IEEE International Conference on Mobile Services Pub Date : 2015-06-27 DOI:10.1109/MobServ.2015.24

Sung Choi, David Zage, Yung Ryn Choe, Brent Wasilow

{"title":"Physically Unclonable Digital ID","authors":"Sung Choi, David Zage, Yung Ryn Choe, Brent Wasilow","doi":"10.1109/MobServ.2015.24","DOIUrl":null,"url":null,"abstract":"The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than $400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDID have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications.","PeriodicalId":166267,"journal":{"name":"2015 IEEE International Conference on Mobile Services","volume":"50 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 IEEE International Conference on Mobile Services","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MobServ.2015.24","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than $400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDID have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications.

查看原文本刊更多论文

物理上不可克隆的数字ID

战略与国际研究中心估计，网络犯罪每年造成的损失超过4000亿美元。最值得注意的是最近发生的数字身份盗窃事件，导致数百万账户受损。这些攻击强调了使用可克隆静态信息的安全问题。一种可能的解决方案是使用一种称为物理不可克隆功能(PUF)的物理设备。puf可用于创建加密密钥、生成随机数或对设备进行身份验证。虽然这个概念显示出了希望，但当前的PUF实现本身就存在问题:行为不一致、昂贵、容易受到建模攻击，而且是永久性的。因此，我们提出了一种新的解决方案，通过该解决方案，在两个通信端点(如移动设备)之间创建不可克隆的动态数字身份。这种物理不可克隆数字ID (PUDID)是通过在数据起源点注入一个数据置乱PUF设备来创建的，该设备对应于接收端唯一且匹配的解码器/硬件身份验证。这个装置是利用宏观的、有意的异常来设计的，使其生产成本低廉。由于挑战响应对和一系列散列函数的分离，PUDID可以抵抗密码分析。PUDID的独特之处在于，通过将PUF设备身份与动态人类身份相结合，我们可以创建真正的双因素身份验证。我们还提出了一种替代解决方案，通过将防篡改功能与一系列散列函数相结合，完全消除了对PUF机制的需求。这种防篡改装置，被称为准pudid (Q-PUDID)，使用黑盒机制以不可预测的方式修改输入数据。通过模拟PUF属性，Q-PUDID能够避免传统的PUF挑战，从而在使用或不使用低性能PUF机制的情况下提供高性能的物理身份保证。本文分析了PUDID和Q-PUDID在移动设备上的三种不同应用场景，以展示它们相对于传统PUDID的独特优势，并概述了在许多应用中放置的潜力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 IEEE International Conference on Mobile Services

自引率

0.00%

发文量