Physical Proximity Verification based on Physical Unclonable Functions

Abstract: There are rapidly growing concerns about security of hardware implementing cryptographic algorithms. A compromised device can potentially be used as an entry point for cyberattacks on other devices connected to the network, as evidenced by the recent Spectre and Meltdown CPU bugs. The attack surface of future mobile networks with billions of connected devices will be enormous. This brings a need for new methods for designing secure hardware that constrain the hardware attack surface and protect against classes of attacks that exploit hardware vulnerabilities. Physical Unclonable Functions (PUFs) have been proposed as a low-cost cryptographic primitive suitable for resource-constrained IoT devices. PUFs can be applied to uniquely identify a hardware device and to protect it against counterfeiting and tampering. In this thesis, we show how PUFs can be used for verifying physical proximity of two objects, e.g. a SIM card and a mobile phone. This makes possible checking if a SIM card is indeed located in a mobile phone in order to prevent subscription fraud. The key idea is to decompose a PUF into two parts and to place these parts into the two objects so that only when the objects are physically close to each other the composed PUF computes a correct response to a given challenge. Due to the uniqueness of the PUF responses for a given chip, a correct response provides assurance on the authenticity of two objects as well as their physical proximity. We present an FPGA prototype of the proposed PUF-based physical proximity verification method and discuss it advantages and disadvantages.