Analysis and experimental evaluation of image-based PUFs

Physically unclonable functions (PUFs) arebecoming popular tools for various applications, such as anti-counterfeiting schemes. The security of a PUF-based system relies on the properties of its underlying PUF. Usually, evaluating PUF properties is not simple as it involves assessing a physical phenomenon. A recent work (Armknecht et al. in A formalization of the security features of physical functions. In: IEEE Symposium on Security and Privacy, pp. 397–412, 2011) proposed a generic security framework of physical functions allowing a sound analysis of security properties of PUFs. In this paper, we specialize this generic framework to model a system based on a particular category of PUFs called image-based PUFs. These PUFs are based on random visual features of the physical objects. The model enables a systematic design of the system ingredients and allows for concrete evaluation of its security properties, namely and physical unclonability which are required by anti-counterfeiting systems. As a practical , the components of the model are instantiated by Laser-Written PUF, White Light Interferometry evaluation, two binary image hashing procedures namely, Random Binary Hashing and Gabor Binary Hashing, respectively, and code-offset fuzzy extraction. We experimentally evaluate security properties of this example for both image hashing methods. Our results show that, for this particular example, adaptive image hashing outperforms the non-adaptive one. The experiments also confirm the usefulness of the formalizations provided by Armknecht et al. (A formalization of the security features of physical functions. In: IEEE Symposium on Security and Privacy, pp. 397–412, 2011) to a practical example. In particular, the formalizations provide an asset for evaluating the concrete trade-off between robustness and physical unclonability. To the best of our knowledge, this experimental evaluation of explicit trade-off between robustness and physical unclonability has been performed for the first time in this paper.