Physical Unclonable Functions,a unique, inborn, unclonable hardware level key

&quot;PUFrt builds upon eMemory’s anti-fuse OTP (NeoFuse) and Quantum Tunneling PUF (NeoPUF) technologies to provide self-encrypted anti-Fuse OTPwith on-chip PUF. The inborn HUK utilizes the NeoPUF’s guaranteed randomness...&quot;<p>With enough new buzzwords, all things are possible.<p>The idea here seem to be a security token that generates its own random key and never lets it out of the device. Reasonable enough. The claim is that this is resistant to physical attack to obtain the secret key. Yet that&#x27;s an unlikely attack vector. If you have physical possession of the token long enough to extract its unique private key by elaborate means, why do you need to clone it?<p>The usual problems with such devices involve replay attacks, or remote access attacks. (A remote access attack is when a token is used to open one door, and the door has been compromised to pass through the challenge&#x2F;response from another more important door elsewhere, allowing an attacker to open the more important door.)<p>This isn&#x27;t relevant to DRM. DRM for broadcast media requires that there be many protected copies of the <i>same</i> decrypt key. This thing is for unique keys only.<p>It seems strange that such a device would have a JTAG port, even if it is &quot;disabled after the manufacturing process&quot;.

I wonder how much worthless stuff we&#x27;ll have in the future because a cosmic ray happened to destroy the only copy of a vital key somewhere.

I hope this technology ends up being an utter failure, because it seems way more useful for DRM than for any legitimate security. After all, the entire premise of it is to help devices keep secrets from their owners.

This seems like great engineering (I am not competent enough to comment on that side of things), but I wanted to point out that &quot;physically unclonable&quot; here seems more like marketing speak, not something fundamentally unclonable. What they have might be very difficult to clone, but unless it is practically quantum-mechanical, then the laws of physics permit its exact measurement and copying.

While this might have niche uses, I will say no thank you. Last thing we need is more tech for device attestation and DRM diminishing the property rights of buyers.

Could someone explain how this compares to something like ChipDNA? (I had a hard time parsing the substance out of all the buzzwords)

I am not sold on PUFs because the way I have seen them described so far raise all the red flags of bad crypto. It was funny to read the article that started with the Kirchoff principles because I was going to start a comment about just how PUFs were the most recent chancer having a go in a long line of systems designed to sidestep Kirchoff principles.<p>The steelman cases I think for PUFs are a) that it could be a solution for device attestation (theoretically, you can use the PUF as a secret diversification component in a KDF), or b) use it the way initialization keys are used in secure elements today, where they are the bootstrapping keys for a protocol that installs personalized device keys. (e.g. a temporary, weak attestation)<p>I agree with another commenter here that the use case for this is DRM, but the econmics of why to use PUFs over more dynamic and resiliant actual cryptosystems haven&#x27;t been compelling so far. The cases I&#x27;ve read, &quot;more security!&quot; is both dubious, and past the point of marginal diminishing returns on increased security. Sure, you can never have too much assurance, but how much are you really going to pay for, and at what flexiiblity&#x2F;switching cost?<p>For PUFs to be used in case b), they would have to be more economical than provisioning secure elements, and the certification and accreditation of the PUF modules would be a big part of those economics. Their failure mode is also catastrophic, as you can&#x27;t update the PUF component across a device ecosystem, so the use cases are automatically narrow, like maybe disposable drones.<p>Everything about my reading about them so far as been designed to persuade people who are not equiped to reason about them, and sometimes discredit anyone who is. The hidden counterfactuals to me are that it depends on standards bodies approving one, as nobody serious is going to touch it otherwise, and then a customer is going to take on a PUF module vendor and have their entire product line and supply chain depend on the company that produces it. There are still precedents for that, as that&#x27;s what companies like Gemalto, Oburthur and any other peers do, but those companies are such that it doesn&#x27;t matter what their tech does because they are unique entities among tech companies. If one of them had a PUF product that was competitive with their other business, it would be just another tech that was effectively mandated on an industry top down.<p>It also seems to presume that the problems in security have anything to do with our ability to produce sufficient entropy&#x2F;randomness (instead of verifying its integrity) and the reliance on a single or few points of centralized PUF key generation means it is <i>guaranteed</i> to be sabotaged by IC actors.<p>The conversation goes something like, &quot;we have a physical secret thing nobody can ever find, but you can verify it!&quot; and you ask, &quot;how do I know nobody else knows it?&quot; and they say, &quot;you trust us!&quot; so you ask, &quot;can your insurance handle replacing my entire market cap?&quot; and they say, &quot;not necessary because of physics! where is your physics degree from again?&quot; and it usually ends there, with a PUF vendor mystified at how their potential customer can make so much revenue but still be so stupid as to reject the brilliance of their discovery.