Physically Unclonable Digital ID
| Title | Physically Unclonable Digital ID |
| Publication Type | Conference Paper |
| Year of Publication | 2015 |
| Authors | Choi, S., Zage, D., Choe, Y. R., Wasilow, B. |
| Conference Name | 2015 IEEE International Conference on Mobile Services |
| Date Published | jun |
| Keywords | Access Control, authentication, authorisation, biometrics, center for strategic and international studies, clonable static information, Cloning, computer security, cryptanalysis, cryptography, cyber security, descrambler-hardware authentication, device authentication, digital identity thefts, digital signatures, dynamic human identity, encryption keys, Hash functions, identification of persons, identity management systems, Immune system, mobile hardware security, Optical imaging, Optical sensors, physically unclonable digital ID, physically unclonable function, pubcrawl170109, PUF, Q-PUDID, quasi-PUDID, random number generation, Servers, two-factor authentication |
| Abstract | The Center for Strategic and International Studies estimates the annual cost from cyber crime to be more than \$400 billion. Most notable is the recent digital identity thefts that compromised millions of accounts. These attacks emphasize the security problems of using clonable static information. One possible solution is the use of a physical device known as a Physically Unclonable Function (PUF). PUFs can be used to create encryption keys, generate random numbers, or authenticate devices. While the concept shows promise, current PUF implementations are inherently problematic: inconsistent behavior, expensive, susceptible to modeling attacks, and permanent. Therefore, we propose a new solution by which an unclonable, dynamic digital identity is created between two communication endpoints such as mobile devices. This Physically Unclonable Digital ID (PUDID) is created by injecting a data scrambling PUF device at the data origin point that corresponds to a unique and matching descrambler/hardware authentication at the receiving end. This device is designed using macroscopic, intentional anomalies, making them inexpensive to produce. PUDID is resistant to cryptanalysis due to the separation of the challenge response pair and a series of hash functions. PUDID is also unique in that by combining the PUF device identity with a dynamic human identity, we can create true two-factor authentication. We also propose an alternative solution that eliminates the need for a PUF mechanism altogether by combining tamper resistant capabilities with a series of hash functions. This tamper resistant device, referred to as a Quasi-PUDID (Q-PUDID), modifies input data, using a black-box mechanism, in an unpredictable way. By mimicking PUF attributes, Q-PUDID is able to avoid traditional PUF challenges thereby providing high-performing physical identity assurance with or without a low performing PUF mechanism. Three different application scenarios with mobile devices for PUDID and Q-PUDI- have been analyzed to show their unique advantages over traditional PUFs and outline the potential for placement in a host of applications. |
| URL | https://ieeexplore.ieee.org/document/7226678 |
| DOI | 10.1109/MobServ.2015.24 |
| Citation Key | choi_physically_2015 |
- physically unclonable function
- Hash functions
- identification of persons
- identity management systems
- Immune system
- mobile hardware security
- Optical imaging
- Optical sensors
- physically unclonable digital ID
- encryption keys
- pubcrawl170109
- PUF
- Q-PUDID
- quasi-PUDID
- random number generation
- Servers
- two-factor authentication
- Access Control
- dynamic human identity
- digital signatures
- digital identity thefts
- device authentication
- descrambler-hardware authentication
- cyber security
- Cryptography
- cryptanalysis
- computer security
- Cloning
- clonable static information
- center for strategic and international studies
- biometrics
- authorisation
- authentication