Unclonable Identity

From MgmtWiki
Jump to: navigation, search

Full Title or Meme

An Unclonable Identity is based on some physical measurement that cannot be reproduced else where.

Context

  • Security Tokens have existed since prehistory using some physical stamp with wax or ink to create an impression that could not be duplicated with then existing technology.
  • The most common private Identifier on the web today is a Private Key that is created and kept secret by the owner of the key.
  • Most naturally occurring materials will have some random characterizes which are randomly disbursed throughout the material.

Problem

  • To function as an Identifier, the material object needs to have some element of randomness that can be read out of the object producing some repeatable string.
  • It is still necessary to ensure that it is the material object that is being read, and not just a replay of a prior read out.

Solutions

Lots of attempts have been made to create a physical unclonable function (PUF), some of which are listed here.

  1. Optical - puts scattered defects in an optical media that have been called a "Speckle Pattern".
  2. Coating - puts a pattern on the top of, for example, a silicon chip that can be read by the chip, but is covered by a material which is opaque and part of the pattern's read out capability.
  3. Delay - based on delays in materials, like silicon, that are able to be reliably read out.
  4. SRAM - naturally comes with defects that can be read out. Many patents and products are now available using this to hide a crypto key[1] or create an RFID chip.[2]
  5. Quantum - which are completely unclonable, but hard to maintain over any period of time longer than a second. Application have been found in establishing secure communications channels.

References

  1. Intrinsic ID, QuiddiKey reliably reconstructs the same cryptographic key under all environmental circumstances https://www.intrinsic-id.com/products/quiddikey/
  2. R. Colin Johnson, Unclonable 'silicon DNA' secures RFID tags EE Times (2010-03-02) https://www.eetimes.com/document.asp?doc_id=1173168