[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:16.05,Default,,0000,0000,0000,,{\i1}33C3 preroll music{\i0}
Dialogue: 0,0:00:16.05,0:00:22.53,Default,,0000,0000,0000,,Herald: Ok, please welcome Pol van Aubel,\NPhD student at Radboud University in
Dialogue: 0,0:00:22.53,0:00:29.54,Default,,0000,0000,0000,,Nijmegen, and he's going to give a talk\Nof physically uncloneable functions.
Dialogue: 0,0:00:29.54,0:00:31.73,Default,,0000,0000,0000,,A warm round of applause, please.
Dialogue: 0,0:00:31.73,0:00:38.81,Default,,0000,0000,0000,,{\i1}applause{\i0}\NThank you.
Dialogue: 0,0:00:38.81,0:00:42.25,Default,,0000,0000,0000,,Pol: Thank you, thank you for having me,\Nthank you for having me on prime time,
Dialogue: 0,0:00:42.25,0:00:45.33,Default,,0000,0000,0000,,when everybody is finally awake,\Nbut not yet drunk.
Dialogue: 0,0:00:45.33,0:00:46.33,Default,,0000,0000,0000,,{\i1}mild laughter{\i0}
Dialogue: 0,0:00:46.33,0:00:52.68,Default,,0000,0000,0000,,And, thank you for letting me compete with\Nthe space track. So, well, my Herald just
Dialogue: 0,0:00:52.68,0:01:00.35,Default,,0000,0000,0000,,explained who I am, but the work in this\Ntalk is actually mostly not from me. It's
Dialogue: 0,0:01:00.35,0:01:06.30,Default,,0000,0000,0000,,by many many authors, and there will be\Ncitations on almost every slide. Don't pay
Dialogue: 0,0:01:06.30,0:01:10.68,Default,,0000,0000,0000,,attention to those. It was simply too hard\Nfor me to make two different sets of
Dialogue: 0,0:01:10.68,0:01:17.04,Default,,0000,0000,0000,,slides. Download the slides afterwards, if\Nsomething interests you. The entire intent
Dialogue: 0,0:01:17.04,0:01:20.72,Default,,0000,0000,0000,,of this talk is to get you interested in\Nthis material, get you reading the papers,
Dialogue: 0,0:01:20.72,0:01:25.22,Default,,0000,0000,0000,,and get you implementing this stuff\Nyourself. So, without further ado, and
Dialogue: 0,0:01:25.22,0:01:30.79,Default,,0000,0000,0000,,without any further egocentric blathering,\Nlet's look at the problem we're trying to
Dialogue: 0,0:01:30.79,0:01:40.33,Default,,0000,0000,0000,,solve. In computer security, since the\N1980's, we've noticed that we might want
Dialogue: 0,0:01:40.33,0:01:46.04,Default,,0000,0000,0000,,unique identification and authentication\Nof devices. And then, specifically, integrated
Dialogue: 0,0:01:46.04,0:01:52.42,Default,,0000,0000,0000,,circuits. So, we want to distinguish\Nchips, uniquely, from the same
Dialogue: 0,0:01:52.42,0:02:00.23,Default,,0000,0000,0000,,manufacturing masks, even, and with high\Naccuracy, unforgeably. Eh, simple task,
Dialogue: 0,0:02:00.23,0:02:07.29,Default,,0000,0000,0000,,right? So, in order to explain how we get\Nto physically uncloneable functions, I'm
Dialogue: 0,0:02:07.29,0:02:11.26,Default,,0000,0000,0000,,first going to explain some history in\Nanti-counterfeiting. And
Dialogue: 0,0:02:11.26,0:02:15.63,Default,,0000,0000,0000,,anti-counterfeiting, you can think of\Nmoney, you can think of magstripe cards,
Dialogue: 0,0:02:15.63,0:02:22.42,Default,,0000,0000,0000,,you can think of identity documents, and\Nnuke counters, or as they are commonly
Dialogue: 0,0:02:22.42,0:02:28.96,Default,,0000,0000,0000,,called in literature, "Treaty Limited\NItem" identifiers. So let's start with
Dialogue: 0,0:02:28.96,0:02:35.91,Default,,0000,0000,0000,,money. Historically, money has been\Nprotected with highly intricate imagery.
Dialogue: 0,0:02:35.91,0:02:41.98,Default,,0000,0000,0000,,This is an example from right after the US\NRevolution, and I personally really like
Dialogue: 0,0:02:41.98,0:02:47.01,Default,,0000,0000,0000,,the, let's see, the "To Counterfeit is\NDeath". Because, you know, while it was a
Dialogue: 0,0:02:47.01,0:02:52.60,Default,,0000,0000,0000,,crime against the state, you were drawn\Nand quartered when you did it. Then we
Dialogue: 0,0:02:52.60,0:02:56.34,Default,,0000,0000,0000,,fast forward a few centuries, and I would\Nlike to know from the audience, who has
Dialogue: 0,0:02:56.34,0:03:02.26,Default,,0000,0000,0000,,ever seen this? ... Quite a lot. Can\Nanybody tell me what it is?
Dialogue: 0,0:03:02.26,0:03:04.87,Default,,0000,0000,0000,,{\i1}audience comment{\i0} (inaudible)
Dialogue: 0,0:03:04.87,0:03:12.61,Default,,0000,0000,0000,,The EURion constellation. It's\Nintended to prevent photocopiers from
Dialogue: 0,0:03:12.61,0:03:17.22,Default,,0000,0000,0000,,copying your money. So basically, when the\Nphotocopier detects this thing, it'll just
Dialogue: 0,0:03:17.22,0:03:22.29,Default,,0000,0000,0000,,not... it'll just say, "I don't want to\Ncopy." You can actually use this on your
Dialogue: 0,0:03:22.29,0:03:29.48,Default,,0000,0000,0000,,own stuff if you want. But, we see a\Ncommon theme in those entire few
Dialogue: 0,0:03:29.48,0:03:35.06,Default,,0000,0000,0000,,centuries, namely, you mark all valid\Nbills the same, and then you make sure
Dialogue: 0,0:03:35.06,0:03:41.77,Default,,0000,0000,0000,,that you can check the marks in order to\Nidentify that it is legitimate. An
Dialogue: 0,0:03:41.77,0:03:47.98,Default,,0000,0000,0000,,alternative to this would be to have\Ndifferent marks for each bill, and sign
Dialogue: 0,0:03:47.98,0:03:54.62,Default,,0000,0000,0000,,that marking. But, you get into a whole\Nbunch of questions, like, how do I then
Dialogue: 0,0:03:54.62,0:04:01.25,Default,,0000,0000,0000,,prevent somebody from copying that\Nbill-specific valid mark a hundred
Dialogue: 0,0:04:01.25,0:04:04.75,Default,,0000,0000,0000,,thousand times, and just, you know,\Ncopying the signature as well. It's not as
Dialogue: 0,0:04:04.75,0:04:17.19,Default,,0000,0000,0000,,though anybody is checking paper money\Nonline. So, back in 1983, Bader proposed
Dialogue: 0,0:04:17.19,0:04:23.54,Default,,0000,0000,0000,,an anti-counterfeiting measure, which\Nbasically meant you sprinkle random-length
Dialogue: 0,0:04:23.54,0:04:30.57,Default,,0000,0000,0000,,cuts of optical fibers into your paper,\Nbefore it becomes paper, the... mull. (?)
Dialogue: 0,0:04:30.57,0:04:38.65,Default,,0000,0000,0000,,And then, you make the money, and you use\Nbasically a light bar scanner, so whatever
Dialogue: 0,0:04:38.65,0:04:43.01,Default,,0000,0000,0000,,a photocopier does as well. And then there\Nwill be a dot pattern that appears around
Dialogue: 0,0:04:43.01,0:04:47.81,Default,,0000,0000,0000,,the light bar. And you extract that dot\Npattern, you make that into a series of
Dialogue: 0,0:04:47.81,0:04:54.19,Default,,0000,0000,0000,,bits, and you sign that dot pattern. And then\Nyou print the signature onto the bill. Now
Dialogue: 0,0:04:54.19,0:04:57.24,Default,,0000,0000,0000,,there's several problems with this, which\Nare all explained in those papers, I don't
Dialogue: 0,0:04:57.24,0:05:04.98,Default,,0000,0000,0000,,have time to go into that, but in\Nprinciple, this works. Then, next, cards.
Dialogue: 0,0:05:04.98,0:05:09.13,Default,,0000,0000,0000,,You know magnetic stripes and PIN, the way\Nwe used to use them in Europe, I think you
Dialogue: 0,0:05:09.13,0:05:16.11,Default,,0000,0000,0000,,still use them in the US, I'm not sure...\NBut because nobody knows how to copy
Dialogue: 0,0:05:16.11,0:05:24.77,Default,,0000,0000,0000,,magstripes, right? So, you add stuff to\Nthe card, so that it becomes detectable
Dialogue: 0,0:05:24.77,0:05:30.30,Default,,0000,0000,0000,,when somebody has copied the card onto a\Nforgery. So, you use holograms. So far as
Dialogue: 0,0:05:30.30,0:05:35.80,Default,,0000,0000,0000,,I know, holograms are also copyable, now,\NI don't have a literature reference there,
Dialogue: 0,0:05:35.80,0:05:47.32,Default,,0000,0000,0000,,but... stuff can be done. Now somebody in\N1980 already proposed this: You randomly
Dialogue: 0,0:05:47.32,0:05:57.40,Default,,0000,0000,0000,,disperse magnetic fibers in a coating, you\Nscan those fibers with a, well,
Dialogue: 0,0:05:57.40,0:06:03.50,Default,,0000,0000,0000,,electromagnetic sensing device, and turn\Nthem into pulses and AND the pulses with clock
Dialogue: 0,0:06:03.50,0:06:08.53,Default,,0000,0000,0000,,etc., turn them into bits again, sign\Nthat pattern etc. Then there's also
Dialogue: 0,0:06:08.53,0:06:12.34,Default,,0000,0000,0000,,this nice proposal where you randomly\Ndisperse conductive particles in an
Dialogue: 0,0:06:12.34,0:06:17.78,Default,,0000,0000,0000,,insulating material, scan it with microwave,\Nit's basically the same principle from
Dialogue: 0,0:06:17.78,0:06:25.71,Default,,0000,0000,0000,,also the 1980s. Next, identity documents,\Nsomebody proposed using the translucency
Dialogue: 0,0:06:25.71,0:06:34.34,Default,,0000,0000,0000,,of a paper strip in an identity document,\Nscan that strip, turn the translucency
Dialogue: 0,0:06:34.34,0:06:40.57,Default,,0000,0000,0000,,pattern into a bitmask, sign the bitmask,\Netc. Now, Simmons already said that
Dialogue: 0,0:06:40.57,0:06:44.27,Default,,0000,0000,0000,,this was too easily cloneable, because,\Nyou know, you can just take a photograph
Dialogue: 0,0:06:44.27,0:06:51.23,Default,,0000,0000,0000,,of this and reproduce it through\Nphotographic techniques. So translucency
Dialogue: 0,0:06:51.23,0:06:57.12,Default,,0000,0000,0000,,isn't really nice. Now you could also\Npotentially use the exact
Dialogue: 0,0:06:57.12,0:07:03.98,Default,,0000,0000,0000,,three-dimensional cotton fiber pattern of\Nthe paper. But that proposal was also in
Dialogue: 0,0:07:03.98,0:07:14.47,Default,,0000,0000,0000,,1991, and Simmons also said, this is\Ninfeasible to do. However, in 1999,
Dialogue: 0,0:07:14.47,0:07:18.60,Default,,0000,0000,0000,,somebody came up with something similar,\Nthey take the texture hash of a postal
Dialogue: 0,0:07:18.60,0:07:23.95,Default,,0000,0000,0000,,envelope, so you just print a square on\Nthe envelope, take a high resolution
Dialogue: 0,0:07:23.95,0:07:30.91,Default,,0000,0000,0000,,picture of that, and then hash that with a\Ncertain hashing code that ensures that all
Dialogue: 0,0:07:30.91,0:07:40.62,Default,,0000,0000,0000,,these things collapse into the same bit\Npattern every time. This works. Then
Dialogue: 0,0:07:40.62,0:07:46.99,Default,,0000,0000,0000,,finally, those Treaty Limited Items, the\Nreflective particle tags, you basically
Dialogue: 0,0:07:46.99,0:07:52.56,Default,,0000,0000,0000,,affix such a tag to the surface of a\Ntreaty-limited item, then you cure them
Dialogue: 0,0:07:52.56,0:07:57.61,Default,,0000,0000,0000,,with ultraviolet light, so that you turn\Nit into a glass-like substance, which
Dialogue: 0,0:07:57.61,0:08:03.50,Default,,0000,0000,0000,,makes a tamper evident, if I try to take\Nit off, the glass breaks, and it also
Dialogue: 0,0:08:03.50,0:08:08.35,Default,,0000,0000,0000,,preserves the particle orientation, and\Nthen you put a laser onto it, you look at the
Dialogue: 0,0:08:08.35,0:08:13.76,Default,,0000,0000,0000,,reflective pattern, and you have your\Nidentifier. So, if you ever have a bunch
Dialogue: 0,0:08:13.76,0:08:19.75,Default,,0000,0000,0000,,of nukes to count, that might be\Ninteresting. The common theme here is that
Dialogue: 0,0:08:19.75,0:08:27.22,Default,,0000,0000,0000,,we are using an intrinsic aspect of an\Nitem that's infeasible to copy, but easily
Dialogue: 0,0:08:27.22,0:08:35.94,Default,,0000,0000,0000,,readable. It's unpredictable, and it\Nshould ideally be unchanging. Which brings
Dialogue: 0,0:08:35.94,0:08:46.42,Default,,0000,0000,0000,,us to a proposal in 2001 of physical\None-way-functions. Basically the idea was,
Dialogue: 0,0:08:46.42,0:08:55.28,Default,,0000,0000,0000,,you have an epoxy with miniscule glass\Nspheres, you cure the epoxy, you make it
Dialogue: 0,0:08:55.28,0:08:58.12,Default,,0000,0000,0000,,into a ten by ten by two and a half\Nmillimeters, don't know the exact
Dialogue: 0,0:08:58.12,0:09:06.35,Default,,0000,0000,0000,,dimensions anymore, ... I say "sphere", I\Nmean, what's it called, cube... cuboids,
Dialogue: 0,0:09:06.35,0:09:10.96,Default,,0000,0000,0000,,something like that... And then you illuminate\Nit by a laser, and then you get a speckle
Dialogue: 0,0:09:10.96,0:09:14.77,Default,,0000,0000,0000,,pattern out of that, because the laser\Nwill disperse in a really unpredictable
Dialogue: 0,0:09:14.77,0:09:22.66,Default,,0000,0000,0000,,pattern, and you capture that at 320 by\N240 pixels, you turn that into a 2400 bit
Dialogue: 0,0:09:22.66,0:09:27.25,Default,,0000,0000,0000,,key with a so called Gabor transform. I have\Nno idea how the math behind that works because
Dialogue: 0,0:09:27.25,0:09:34.31,Default,,0000,0000,0000,,that's not my field of expertise. And you\Nget interesting properties like drilling a
Dialogue: 0,0:09:34.31,0:09:39.42,Default,,0000,0000,0000,,hole here causes half the bits to flip, so\Nit’s tamper resistant, and it mirrors the
Dialogue: 0,0:09:39.42,0:09:45.48,Default,,0000,0000,0000,,way one-way functions work, like SHA-1 and\NSHA-256: ideally, if you flip one bit in
Dialogue: 0,0:09:45.48,0:09:51.31,Default,,0000,0000,0000,,your input, half your output bits are\Nflipped. So this paper is really the first
Dialogue: 0,0:09:51.31,0:10:00.74,Default,,0000,0000,0000,,paper that proposed this as a connection\Nwith cryptography. So here, reading the
Dialogue: 0,0:10:00.74,0:10:06.24,Default,,0000,0000,0000,,structure is feasible, because, you know,\Nyou have this glass pattern, you can just
Dialogue: 0,0:10:06.24,0:10:10.27,Default,,0000,0000,0000,,– I say just, but you can use\Nmicroscopic techniques to read it out
Dialogue: 0,0:10:10.27,0:10:18.13,Default,,0000,0000,0000,,exactly, but good luck with having this\Nsub-micron accuracy for all those glass
Dialogue: 0,0:10:18.13,0:10:31.06,Default,,0000,0000,0000,,spheres in the epoxy. So, you can, in\Ntheory, if you know the structure, emulate
Dialogue: 0,0:10:31.06,0:10:37.78,Default,,0000,0000,0000,,or simulate how a laser passes through\Nthis. But it requires a lot of
Dialogue: 0,0:10:37.78,0:10:44.74,Default,,0000,0000,0000,,computational power, and in order to...\Nyou also can't build a database of responses
Dialogue: 0,0:10:44.74,0:10:52.80,Default,,0000,0000,0000,,to challenges, because imagine that the\Nchallenge to the structure is a laser at
Dialogue: 0,0:10:52.80,0:10:57.53,Default,,0000,0000,0000,,different orientations, like, I can say a\Nlaser under an angle of 5 degrees, or 10
Dialogue: 0,0:10:57.53,0:11:02.76,Default,,0000,0000,0000,,degrees or 20 degrees, and at different\Nlocations, and all those responses will be
Dialogue: 0,0:11:02.76,0:11:10.25,Default,,0000,0000,0000,,different. So this challenge-response space\Nis infeasibly huge. So the protocol here
Dialogue: 0,0:11:10.25,0:11:17.28,Default,,0000,0000,0000,,would be, first, you read this thing on a\Ntrusted terminal, and you create a random
Dialogue: 0,0:11:17.28,0:11:21.97,Default,,0000,0000,0000,,collection of challenge-response pairs.\NYour challenges have to be kept secret
Dialogue: 0,0:11:21.97,0:11:27.37,Default,,0000,0000,0000,,because, next, you get an authentication\Nrequest from an untrusted terminal, and
Dialogue: 0,0:11:27.37,0:11:34.70,Default,,0000,0000,0000,,you challenge that terminal. And the idea\Nwould be that it is infeasible to send the
Dialogue: 0,0:11:34.70,0:11:42.77,Default,,0000,0000,0000,,correct response key if you don't have the\Ndevice containing this PUF, er, this
Dialogue: 0,0:11:42.77,0:11:46.92,Default,,0000,0000,0000,,physical one-way function. So you then\Nreceive the response key, and you reject
Dialogue: 0,0:11:46.92,0:11:55.95,Default,,0000,0000,0000,,this if the key differs by too many bits.\NBecause it won't be a perfect match. There
Dialogue: 0,0:11:55.95,0:12:01.26,Default,,0000,0000,0000,,might be scratches, there might be slight\Nmicron differences in the orientations, it
Dialogue: 0,0:12:01.26,0:12:08.62,Default,,0000,0000,0000,,might be a bad camera, you get some\Ndifferences, and the way you then do this
Dialogue: 0,0:12:08.62,0:12:18.100,Default,,0000,0000,0000,,is you calculate the least probable\Nacceptance rate of a counterfeit device
Dialogue: 0,0:12:18.100,0:12:23.77,Default,,0000,0000,0000,,that you want, and then you get to this\Namount of bits. And then you can get a
Dialogue: 0,0:12:23.77,0:12:28.62,Default,,0000,0000,0000,,better match rate if you repeat steps\N(4) - (6) a few times, and if you run
Dialogue: 0,0:12:28.62,0:12:36.51,Default,,0000,0000,0000,,out of challenge pairs you can just go\Nback to (1). That's the general idea. So
Dialogue: 0,0:12:36.51,0:12:39.49,Default,,0000,0000,0000,,this is the first paper that made this\Nconnection with cryptography, it has a
Dialogue: 0,0:12:39.49,0:12:44.94,Default,,0000,0000,0000,,defined protocol, but there are several\Nnot-so-nice things, like, you have special
Dialogue: 0,0:12:44.94,0:12:50.65,Default,,0000,0000,0000,,equipment required, and we would really\Nlike to have the same possibility in
Dialogue: 0,0:12:50.65,0:12:55.93,Default,,0000,0000,0000,,silicon and silicon only. Now in this\Npaper already, the proposal was that you
Dialogue: 0,0:12:55.93,0:13:03.31,Default,,0000,0000,0000,,might be able to have a similar approach,\Nif you scatter electrons... uhhh... I
Dialogue: 0,0:13:03.31,0:13:07.28,Default,,0000,0000,0000,,don't understand what this says, but I\Nknow that it is not what we're going to
Dialogue: 0,0:13:07.28,0:13:14.53,Default,,0000,0000,0000,,see next. As an aside, if you do this kind\Nof thing, then you get to read very old
Dialogue: 0,0:13:14.53,0:13:21.91,Default,,0000,0000,0000,,papers. So, wasn't it nice, back when you\Ncould say this: "In the fuel rod placement
Dialogue: 0,0:13:21.91,0:13:26.51,Default,,0000,0000,0000,,monitor … high radiation levels in the "hot"\Ncell provided the general tamper resistance."
Dialogue: 0,0:13:26.51,0:13:30.10,Default,,0000,0000,0000,,Or: "The seismic sensors … would detect any\Nattempt to gain physical access to the
Dialogue: 0,0:13:30.10,0:13:33.46,Default,,0000,0000,0000,,package long before the information\Nsecurity is in jeopardy." Now I wouldn't
Dialogue: 0,0:13:33.46,0:13:39.55,Default,,0000,0000,0000,,actually take that one as a bet because\NI know you guys, but, uhhm, the first one
Dialogue: 0,0:13:39.55,0:13:45.49,Default,,0000,0000,0000,,is pretty good. And you get to see things\Nlike this. This is how RSA was done in
Dialogue: 0,0:13:45.49,0:13:53.73,Default,,0000,0000,0000,,1984. This is a – I think – that's an\NISA, maybe pre-ISA bus, I dont know... So
Dialogue: 0,0:13:53.73,0:13:59.96,Default,,0000,0000,0000,,this is how that was done. And the text is\Nreally beautiful: they scanned an old,
Dialogue: 0,0:13:59.96,0:14:05.57,Default,,0000,0000,0000,,basically typed on a typing machine paper.\NThis is available online, by the
Dialogue: 0,0:14:05.57,0:14:11.77,Default,,0000,0000,0000,,way, if you have university access...\Nsorry... Then, there are other solutions
Dialogue: 0,0:14:11.77,0:14:13.93,Default,,0000,0000,0000,,to this problem, of course. You have\Nhardware security modules, you have
Dialogue: 0,0:14:13.93,0:14:18.92,Default,,0000,0000,0000,,smartcards, you have trusted platform\Nmodules... actually, I found out we only
Dialogue: 0,0:14:18.92,0:14:23.50,Default,,0000,0000,0000,,have those since 2006, I felt [like] they\Nwere older?... But you still have the
Dialogue: 0,0:14:23.50,0:14:26.82,Default,,0000,0000,0000,,problem of key management, right? Because\Nthe key isn't tied to the platform. If I
Dialogue: 0,0:14:26.82,0:14:31.76,Default,,0000,0000,0000,,can extract the key, and put it into\Nanother trusted platform module, or
Dialogue: 0,0:14:31.76,0:14:37.88,Default,,0000,0000,0000,,another hardware security module, then\Nwe're still dead in the water. So the aspects of
Dialogue: 0,0:14:37.88,0:14:42.70,Default,,0000,0000,0000,,these things is the key never leaves the\Ndevice – ideally – but then how does
Dialogue: 0,0:14:42.70,0:14:46.77,Default,,0000,0000,0000,,the key enter the device? You can enter\Nnew keys, you can enter key-encrypting
Dialogue: 0,0:14:46.77,0:14:52.13,Default,,0000,0000,0000,,keys to decrypt keys that you never see,\Nthat another hardware security module exports,
Dialogue: 0,0:14:52.13,0:14:58.85,Default,,0000,0000,0000,,it's all interesting crypto, but you also\Nget the problem of what can the key do,
Dialogue: 0,0:14:58.85,0:15:04.72,Default,,0000,0000,0000,,are you limited to 1024 bits RSA, and is\Nit possible to emulate all this once you
Dialogue: 0,0:15:04.72,0:15:13.48,Default,,0000,0000,0000,,have the key, right? We really want to\Nhave other aspects to our function. Now,
Dialogue: 0,0:15:13.48,0:15:21.37,Default,,0000,0000,0000,,this is the first name for PUFs, "silicon\Nphysical random functions", but they
Dialogue: 0,0:15:21.37,0:15:28.45,Default,,0000,0000,0000,,already knew that "PRF" might have some\Nthree letter acronym that clashes with
Dialogue: 0,0:15:28.45,0:15:31.28,Default,,0000,0000,0000,,"pseudo-random function", so they decided\Nto go for "physical uncloneable
Dialogue: 0,0:15:31.28,0:15:34.52,Default,,0000,0000,0000,,functions". There's an interesting\Ndiscussion going on whether it should be
Dialogue: 0,0:15:34.52,0:15:41.15,Default,,0000,0000,0000,,"physical" or "physically"... not going\Ninto that. The idea is, tamper resistance
Dialogue: 0,0:15:41.15,0:15:46.69,Default,,0000,0000,0000,,in general is expensive, is difficult,\Nit's just... let's look at a different
Dialogue: 0,0:15:46.69,0:15:51.68,Default,,0000,0000,0000,,approach. There is enough process\Nvariation across identical integrated
Dialogue: 0,0:15:51.68,0:15:55.51,Default,,0000,0000,0000,,circuits, where... yeah, so, they're not\Nidentical because of those process
Dialogue: 0,0:15:55.51,0:16:02.73,Default,,0000,0000,0000,,variations. And already in 2000 somebody\Nmade a... Lofstrom, Daasch and Taylor had
Dialogue: 0,0:16:02.73,0:16:14.23,Default,,0000,0000,0000,,a small paper on specific special device\Nidentification circuits. But, if you want
Dialogue: 0,0:16:14.23,0:16:17.40,Default,,0000,0000,0000,,to use those for secure device\Nidentification and authentication, then
Dialogue: 0,0:16:17.40,0:16:23.81,Default,,0000,0000,0000,,just a single such circuit is not enough.\NYou need more. So, what do you do? You
Dialogue: 0,0:16:23.81,0:16:28.89,Default,,0000,0000,0000,,build this. And I don't think it's\Nreally feasible, ... basically, this is
Dialogue: 0,0:16:28.89,0:16:33.12,Default,,0000,0000,0000,,the entire circuit, you have a delay\Ncircuit here, ...this is a ring oscillator
Dialogue: 0,0:16:33.12,0:16:40.53,Default,,0000,0000,0000,,PUF. So you have a delay circuit here,\Nthis is a self-oscillating loop,
Dialogue: 0,0:16:40.53,0:16:46.11,Default,,0000,0000,0000,,basically, this feeds back into this. And\Nthe challenge here is a bit for each of
Dialogue: 0,0:16:46.11,0:16:54.11,Default,,0000,0000,0000,,these blocks. And what the bit says: if\Nit's one then you pass through, if it's
Dialogue: 0,0:16:54.11,0:16:58.31,Default,,0000,0000,0000,,zero you pass over. So if you have a\Ndifferent challenge, you have a different
Dialogue: 0,0:16:58.31,0:17:03.51,Default,,0000,0000,0000,,path through this PUF. So ideally, for\Neach challenge, it should be unpredictable
Dialogue: 0,0:17:03.51,0:17:12.03,Default,,0000,0000,0000,,whether this final arbiter block here...\Nuhh, somewhere over there... gives a one
Dialogue: 0,0:17:12.03,0:17:19.51,Default,,0000,0000,0000,,or a zero, and then you count the pulses,\Nand you identify your circuits. Now
Dialogue: 0,0:17:19.51,0:17:24.93,Default,,0000,0000,0000,,attacks on this were also quite well\Nstudied in this paper... possible attacks.
Dialogue: 0,0:17:24.93,0:17:28.72,Default,,0000,0000,0000,,So, you have the duplication attack, which\Nis basically cloning, which should be
Dialogue: 0,0:17:28.72,0:17:32.99,Default,,0000,0000,0000,,impossible. Right, that's the general\Nidea: Cloning should be impossible. There
Dialogue: 0,0:17:32.99,0:17:40.64,Default,,0000,0000,0000,,is emulation from measuring, so, you build\Na model from this by measuring the exact
Dialogue: 0,0:17:40.64,0:17:46.89,Default,,0000,0000,0000,,distances between logical units inside the\NPUF, or the length of the wires inside the
Dialogue: 0,0:17:46.89,0:17:52.24,Default,,0000,0000,0000,,PUF, also deemed infeasible because how\Nare you going to measure this without
Dialogue: 0,0:17:52.24,0:17:58.64,Default,,0000,0000,0000,,destroying the PUF. This is back in 2001. Then\Nthere was emulation from modeling, so basically, if
Dialogue: 0,0:17:58.64,0:18:02.48,Default,,0000,0000,0000,,you get these challenge-response pairs, if\Nyou get enough of them, you can apply some
Dialogue: 0,0:18:02.48,0:18:07.95,Default,,0000,0000,0000,,nice maching-learning algorithms to that,\Nand then you get prediction of responses.
Dialogue: 0,0:18:07.95,0:18:10.91,Default,,0000,0000,0000,,And, finally, you have the control\Nalgorithm attack, which is
Dialogue: 0,0:18:10.91,0:18:16.18,Default,,0000,0000,0000,,attacking the PUF's control algorithm\Nwithout ever getting into the PUF. If you
Dialogue: 0,0:18:16.18,0:18:24.04,Default,,0000,0000,0000,,can do that, then your PUF is useless. So,\Nthey also proposed controlled physically
Dialogue: 0,0:18:24.04,0:18:30.09,Default,,0000,0000,0000,,uncloneable functions, which is the same\Nbut with bells on. So you have an access
Dialogue: 0,0:18:30.09,0:18:37.96,Default,,0000,0000,0000,,function for the PUF, which is part of the\NPUF. This is to prevent against that final
Dialogue: 0,0:18:37.96,0:18:44.77,Default,,0000,0000,0000,,attack. So basically you overlay the logic\Nof the access function with the PUF, so
Dialogue: 0,0:18:44.77,0:18:49.65,Default,,0000,0000,0000,,that to access the logic of the access\Nfunction, you have to break the PUF. And
Dialogue: 0,0:18:49.65,0:18:56.29,Default,,0000,0000,0000,,if you break the PUF, everything breaks,\Nno longer works. So this gives additional
Dialogue: 0,0:18:56.29,0:19:01.72,Default,,0000,0000,0000,,properties. An uncontrolled PUF can only\Nbe used for device authentication. This
Dialogue: 0,0:19:01.72,0:19:10.03,Default,,0000,0000,0000,,can be used to have nice things like proof\Nof execution on a specific device.
Dialogue: 0,0:19:10.03,0:19:14.48,Default,,0000,0000,0000,,Potentially [for] things that I don't have an\Nopinion on: on code that only runs on specific
Dialogue: 0,0:19:14.48,0:19:20.38,Default,,0000,0000,0000,,devices, but basically whatever you need a\Nsecure cryptographic key for, you should
Dialogue: 0,0:19:20.38,0:19:23.75,Default,,0000,0000,0000,,really be using a controlled PUF. Is\Nthe idea. But you can still do device
Dialogue: 0,0:19:23.75,0:19:28.99,Default,,0000,0000,0000,,identification. So, how does a controlled\NPUF look? You have a random hash here, you
Dialogue: 0,0:19:28.99,0:19:34.70,Default,,0000,0000,0000,,have a potential ID here, you have the PUF\Nhere, Challenge, ID, Personality into the
Dialogue: 0,0:19:34.70,0:19:38.77,Default,,0000,0000,0000,,random hash, you run that through the PUF,\Ndo some error correction, because PUFs are
Dialogue: 0,0:19:38.77,0:19:42.64,Default,,0000,0000,0000,,not ideal, and then the random hash again,\Nand then the response. This is to prevent
Dialogue: 0,0:19:42.64,0:19:50.09,Default,,0000,0000,0000,,all these attacks. If you're interested in\Nthis, read the paper. Then, in 2011, a
Dialogue: 0,0:19:50.09,0:19:54.57,Default,,0000,0000,0000,,formal model was proposed, what do we\Nreally need from PUFs? First, we need
Dialogue: 0,0:19:54.57,0:20:00.50,Default,,0000,0000,0000,,robustness. Across evaluations, we need\Nthe same response. We need physical
Dialogue: 0,0:20:00.50,0:20:04.34,Default,,0000,0000,0000,,uncloneability, it really shouldn't be\Npossible to clone these things, and we
Dialogue: 0,0:20:04.34,0:20:12.01,Default,,0000,0000,0000,,need unpredictability. Now, these two are\Npotentially a lot, so we'll get into that
Dialogue: 0,0:20:12.01,0:20:18.32,Default,,0000,0000,0000,,on the final slide, I think... And since then,\Nsince 2001 there have been a lot of proposals
Dialogue: 0,0:20:18.32,0:20:23.56,Default,,0000,0000,0000,,and attacks on PUFs. So, first, there are\Nthe Arbiter PUFs, which are all delay
Dialogue: 0,0:20:23.56,0:20:31.14,Default,,0000,0000,0000,,based. So, the general idea here is that\Nif you run a signal through a chip, it is
Dialogue: 0,0:20:31.14,0:20:36.50,Default,,0000,0000,0000,,delayed by a certain amount. But the\Namount is unique per chip. But it turns
Dialogue: 0,0:20:36.50,0:20:43.25,Default,,0000,0000,0000,,out that you can pretty easily model this.\NAnd even the Bistable Ring PUF, which is
Dialogue: 0,0:20:43.25,0:20:50.87,Default,,0000,0000,0000,,fairly recent, I think, you can do some\Nfancy machine learning... I highly
Dialogue: 0,0:20:50.87,0:20:54.92,Default,,0000,0000,0000,,recommend this paper, "Pac learning of\Narbiter PUFs". Basically, the idea is, you
Dialogue: 0,0:20:54.92,0:21:00.45,Default,,0000,0000,0000,,have 30000 challenge-response pairs, and\Nthat is enough to give you 100% accuracy
Dialogue: 0,0:21:00.45,0:21:07.44,Default,,0000,0000,0000,,on a 256-bit challenge PUF. That's not\Ngood. This doesn't really work, if you can
Dialogue: 0,0:21:07.44,0:21:16.67,Default,,0000,0000,0000,,model it that way. And you can also use\Noptical measuring of signals through
Dialogue: 0,0:21:16.67,0:21:21.70,Default,,0000,0000,0000,,devices at six pico-second accuracy. So\Nthese things might not be around for much
Dialogue: 0,0:21:21.70,0:21:28.43,Default,,0000,0000,0000,,longer. Then there are memory-based PUFs.\NThey are based on bistable memory, which
Dialogue: 0,0:21:28.43,0:21:35.54,Default,,0000,0000,0000,,basically looks like this, and it's also\Ndelay-based, but here it's unique to this
Dialogue: 0,0:21:35.54,0:21:40.69,Default,,0000,0000,0000,,cell. You have a block of these cells,\Nthey are all independent, so you get a
Dialogue: 0,0:21:40.69,0:21:48.26,Default,,0000,0000,0000,,pattern out of this. These cells go to one\Nor zero, and they are pretty fairly stable
Dialogue: 0,0:21:48.26,0:21:54.48,Default,,0000,0000,0000,,in doing it. I'll show you a picture later of\Nwhat happens if you have a nice PUF of
Dialogue: 0,0:21:54.48,0:22:00.03,Default,,0000,0000,0000,,this type and if you don't have a nice PUF\Nof this type. However, if you have a SRAM
Dialogue: 0,0:22:00.03,0:22:06.51,Default,,0000,0000,0000,,PUF, for instance, you have fairly limited\NSRAM. So you can just, in principle, read
Dialogue: 0,0:22:06.51,0:22:11.99,Default,,0000,0000,0000,,all this out and store all the bits in a\Ndatabase. And then you can, er, clone the
Dialogue: 0,0:22:11.99,0:22:20.83,Default,,0000,0000,0000,,PUF. Because you can use focused ion beams\Nto trim the SRAM of another chip into the
Dialogue: 0,0:22:20.83,0:22:26.36,Default,,0000,0000,0000,,correct orientation. And, well, emulation,\Nif you have this database, you can just
Dialogue: 0,0:22:26.36,0:22:32.02,Default,,0000,0000,0000,,respond from your database. So, this is,\Nin some literature, termed a "weak PUF",
Dialogue: 0,0:22:32.02,0:22:37.59,Default,,0000,0000,0000,,but it's probably still the most useful\None we have right now. This is usually
Dialogue: 0,0:22:37.59,0:22:41.89,Default,,0000,0000,0000,,also what's in your devices if it's\Nclaimed to have a physical uncloneable
Dialogue: 0,0:22:41.89,0:22:47.94,Default,,0000,0000,0000,,function. But they are of the control\Nvariety most of the time. Then finally,
Dialogue: 0,0:22:47.94,0:22:53.77,Default,,0000,0000,0000,,recently somebody proposed, I think that\Nwas, yeah, Schaller, Xiong, and
Dialogue: 0,0:22:53.77,0:23:00.46,Default,,0000,0000,0000,,Anagnosto... can not pronounce it. But the\Ndecay-based PUFs, the idea is, you have
Dialogue: 0,0:23:00.46,0:23:07.29,Default,,0000,0000,0000,,DRAM, take the power off, put the power\Nback on, look how it decayed. No attacks
Dialogue: 0,0:23:07.29,0:23:16.10,Default,,0000,0000,0000,,on that that I have seen yet. So, the\Nfinal few minutes of this talk will be
Dialogue: 0,0:23:16.10,0:23:26.81,Default,,0000,0000,0000,,about your very own memory PUFs. Which is\Ntrivial. Right? ...No. It's not, actually.
Dialogue: 0,0:23:26.81,0:23:31.71,Default,,0000,0000,0000,,And all this time before, you might think,\Nwhy would we even bother with this? It
Dialogue: 0,0:23:31.71,0:23:37.63,Default,,0000,0000,0000,,seems to be hopeless for PUFs, there is\Nnot enough randomness in the silicon, but
Dialogue: 0,0:23:37.63,0:23:42.18,Default,,0000,0000,0000,,I disagree. Because for one, some\Nprotection is better than none, which is
Dialogue: 0,0:23:42.18,0:23:49.36,Default,,0000,0000,0000,,what most system-on-chip devices have. And\Ntwo, I do not believe in silver bullets.
Dialogue: 0,0:23:49.36,0:23:55.97,Default,,0000,0000,0000,,This should be part of a greater security\Nmechanism. So if nothing else, if all you
Dialogue: 0,0:23:55.97,0:24:03.10,Default,,0000,0000,0000,,want from this talk is some interesting\Npaper to read, just one, read this one.
Dialogue: 0,0:24:03.10,0:24:06.66,Default,,0000,0000,0000,,That's on slide 39, it's called\N"Lightweight anti-counterfeiting solution
Dialogue: 0,0:24:06.66,0:24:12.22,Default,,0000,0000,0000,,for low and commodity hardware using\Ninherent PUFs." And, preferably, you also
Dialogue: 0,0:24:12.22,0:24:17.30,Default,,0000,0000,0000,,read this related one, "PUF based software\Nprotection for low end embedded devices."
Dialogue: 0,0:24:17.30,0:24:22.40,Default,,0000,0000,0000,,Don't be fooled by the terms "IP\Nprotection" and "license model". This is a
Dialogue: 0,0:24:22.40,0:24:26.48,Default,,0000,0000,0000,,Secure Boot environment. You want it, in\Nyour Raspberry Pi, for instance. I don't
Dialogue: 0,0:24:26.48,0:24:30.93,Default,,0000,0000,0000,,know whether Raspberry Pis have it, that's\Nfor you to find out. So what you'll need
Dialogue: 0,0:24:30.93,0:24:39.38,Default,,0000,0000,0000,,is a device with a masked ROM to hold the\Nboot loader, like the first stage of code
Dialogue: 0,0:24:39.38,0:24:45.16,Default,,0000,0000,0000,,needs to be under your control. You need\Nto have that modifiable startup code, you
Dialogue: 0,0:24:45.16,0:24:50.69,Default,,0000,0000,0000,,need to be able to modify it, obviously.\NAnd you need on-board SRAM, to build the
Dialogue: 0,0:24:50.69,0:24:56.86,Default,,0000,0000,0000,,PUF from. And then you need some\Nnon-volatile memory for encrypted firmware
Dialogue: 0,0:24:56.86,0:25:05.84,Default,,0000,0000,0000,,and helper data. So, in the puffin\Nproject, which that earlier pic was a result
Dialogue: 0,0:25:05.84,0:25:16.95,Default,,0000,0000,0000,,of... So, there are several results here.\NThis is an STM32F100B microcontroller,
Dialogue: 0,0:25:16.95,0:25:21.59,Default,,0000,0000,0000,,this is PandaBoard, which is pretty much like a\Nmobile phone actually, so what you want to
Dialogue: 0,0:25:21.59,0:25:27.16,Default,,0000,0000,0000,,see is this. White noise. This part is a\NPUF-like memory range, this part is
Dialogue: 0,0:25:27.16,0:25:32.11,Default,,0000,0000,0000,,probably spoiled by the bootloader or\Nsomething like that or the wrong code, but
Dialogue: 0,0:25:32.11,0:25:39.86,Default,,0000,0000,0000,,this you can use. This looks good. So,\Nonce you have such a white-noise area, you
Dialogue: 0,0:25:39.86,0:25:46.11,Default,,0000,0000,0000,,start measuring a lot of times, and then\Nyou compute the Hamming distance between
Dialogue: 0,0:25:46.11,0:25:49.83,Default,,0000,0000,0000,,lots of measurements from lots of\Ndifferent devices. And you want it to look
Dialogue: 0,0:25:49.83,0:25:54.94,Default,,0000,0000,0000,,like this, you want it be around half.\NBecause that means that every device will
Dialogue: 0,0:25:54.94,0:26:02.95,Default,,0000,0000,0000,,look different. By about 50%. You also measure\Nthe inner class Hamming distance, which is same
Dialogue: 0,0:26:02.95,0:26:08.90,Default,,0000,0000,0000,,measurements from the same PUF, and you\Nwant that to be below 0.1. You don't want
Dialogue: 0,0:26:08.90,0:26:13.94,Default,,0000,0000,0000,,that to be too inaccurate, because then\Nyour error correction becomes too complex
Dialogue: 0,0:26:13.94,0:26:18.68,Default,,0000,0000,0000,,and starts leaking information, and you\Nwill need error correction, using for
Dialogue: 0,0:26:18.68,0:26:28.93,Default,,0000,0000,0000,,example Golay codes. So this first paper I\Nmentioned, the... this one... the
Dialogue: 0,0:26:28.93,0:26:33.13,Default,,0000,0000,0000,,lightweight anti-counterfeiting one, this\Nis also from that paper. Read it, it also
Dialogue: 0,0:26:33.13,0:26:36.43,Default,,0000,0000,0000,,explains how this fuzzy extraction works.\NIf you're interested in this, there's lots
Dialogue: 0,0:26:36.43,0:26:42.56,Default,,0000,0000,0000,,of scientific literature out there. And\Nthen finally, you build this fuzzy
Dialogue: 0,0:26:42.56,0:26:49.45,Default,,0000,0000,0000,,extractor, and then you enrol your chip.\NAnd you generate some helper data for
Dialogue: 0,0:26:49.45,0:26:53.87,Default,,0000,0000,0000,,this error correction, and then once you\Nchallenge the chip you send this
Dialogue: 0,0:26:53.87,0:26:58.71,Default,,0000,0000,0000,,error-correcting data with the challenge.\NAnd in the end the idea would be that you
Dialogue: 0,0:26:58.71,0:27:04.69,Default,,0000,0000,0000,,get a secret S' from every chip. Now how\Ncan you use this? You have the bootloader
Dialogue: 0,0:27:04.69,0:27:08.70,Default,,0000,0000,0000,,in the masked ROM, this is the first-stage\Nbootloader, it challenges the PUF, and
Dialogue: 0,0:27:08.70,0:27:13.80,Default,,0000,0000,0000,,decrypts the second-stage bootloader,\Nwhich comes from external memory. And then
Dialogue: 0,0:27:13.80,0:27:18.50,Default,,0000,0000,0000,,you boot the embedded operating system.\NSo, this should look familiar to a lot of
Dialogue: 0,0:27:18.50,0:27:23.90,Default,,0000,0000,0000,,you, because this is basically also how\Ndevice attestation on x86 works if you're
Dialogue: 0,0:27:23.90,0:27:34.96,Default,,0000,0000,0000,,using trusted platform modules. So, in a\Nbit more detail, same procedure, query the
Dialogue: 0,0:27:34.96,0:27:38.68,Default,,0000,0000,0000,,PUF, decrypt and call, here the key also\Nends up, and you decrypt and call the
Dialogue: 0,0:27:38.68,0:27:45.97,Default,,0000,0000,0000,,kernel, and then finally, this is how it\Nreally looks in real detail. And even if
Dialogue: 0,0:27:45.97,0:27:51.97,Default,,0000,0000,0000,,you don't want to build this, you'll still\Nhave this: So, remember when I showed you
Dialogue: 0,0:27:51.97,0:27:58.50,Default,,0000,0000,0000,,the inner class Hamming distance, the 10% of\Ndifferences between meausurements? That's
Dialogue: 0,0:27:58.50,0:28:03.25,Default,,0000,0000,0000,,caused by the red dots. Those are the\Nunstable SRAM cells. You can use those as
Dialogue: 0,0:28:03.25,0:28:07.50,Default,,0000,0000,0000,,seeds for a random function. And\Nhopefully, you won't have this. This looks
Dialogue: 0,0:28:07.50,0:28:11.64,Default,,0000,0000,0000,,wrong, this is not a PUF, this is too\Npredictable. Unfortunately, all this won't
Dialogue: 0,0:28:11.64,0:28:16.35,Default,,0000,0000,0000,,be possible on x86, because we looked for\Nthe PUFs in the CPUs, but Intel and AMD
Dialogue: 0,0:28:16.35,0:28:22.97,Default,,0000,0000,0000,,both explicitly zero everything. Finally,\Na word on privacy. I don't have too much
Dialogue: 0,0:28:22.97,0:28:28.12,Default,,0000,0000,0000,,time for this, but I really liked the fact\Nthey mentioned they feel that users... users
Dialogue: 0,0:28:28.12,0:28:32.02,Default,,0000,0000,0000,,feel that they can be tracked if you have\Na unique identifier. As though, its not a
Dialogue: 0,0:28:32.02,0:28:39.06,Default,,0000,0000,0000,,valid concern. Damn the users, being paranoid.\NNow, back to the controlled PUF. You can
Dialogue: 0,0:28:39.06,0:28:43.49,Default,,0000,0000,0000,,add personality IDs as a user. If they\Nchallenge it, you add a personality, so
Dialogue: 0,0:28:43.49,0:28:47.02,Default,,0000,0000,0000,,one application reading the PUF gets a\Ndifferent ID from another application,
Dialogue: 0,0:28:47.02,0:28:50.94,Default,,0000,0000,0000,,which changes the entire output of the\Nhash function, no paranoia required
Dialogue: 0,0:28:50.94,0:28:59.91,Default,,0000,0000,0000,,anymore. Hopefully. Finally, the references.\NGoogle Scholar is your friend. The rest of
Dialogue: 0,0:28:59.91,0:29:05.60,Default,,0000,0000,0000,,the slides are... all kinds of\Nreferences... Read it! You've already seen
Dialogue: 0,0:29:05.60,0:29:08.94,Default,,0000,0000,0000,,all of those, read it,\Nthank you for your attention.
Dialogue: 0,0:29:08.94,0:29:17.79,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:29:17.79,0:29:22.15,Default,,0000,0000,0000,,Herald: Thank you, Pol. We have\Ntime for maybe two questions.
Dialogue: 0,0:29:22.15,0:29:26.00,Default,,0000,0000,0000,,Please come up to the mics... Mic 3!
Dialogue: 0,0:29:26.00,0:29:32.46,Default,,0000,0000,0000,,Mic 3: What do you think about MEMS-based\Nphysically uncloneable functions, where
Dialogue: 0,0:29:32.46,0:29:36.97,Default,,0000,0000,0000,,they basically use the accelerometer\Nsensors, and the deviations in these
Dialogue: 0,0:29:36.97,0:29:40.77,Default,,0000,0000,0000,,sensors by inducing challenges\Nas controlled vibration?
Dialogue: 0,0:29:40.77,0:29:44.14,Default,,0000,0000,0000,,Pol: Sorry, I missed the\Nfirst word of your question.
Dialogue: 0,0:29:44.14,0:29:48.36,Default,,0000,0000,0000,,Mik 3: The MEMS-based… basically the\Ntechnology that is being used to build
Dialogue: 0,0:29:48.36,0:29:55.23,Default,,0000,0000,0000,,accelerometers in silicon. So Bosch has\Nsome PUF chips based on that, where they
Dialogue: 0,0:29:55.23,0:29:59.29,Default,,0000,0000,0000,,have arrays of these MEMS-chips, and then\Na controlled vibrator to induce the
Dialogue: 0,0:29:59.29,0:30:00.29,Default,,0000,0000,0000,,challenge into that.
Dialogue: 0,0:30:00.29,0:30:05.24,Default,,0000,0000,0000,,Pol: I think they're probably more secure\Nthan silicon-based PUFs, because they are
Dialogue: 0,0:30:05.24,0:30:09.81,Default,,0000,0000,0000,,built for randomness, whereas we're here\Ntrying to extract randomness from an
Dialogue: 0,0:30:09.81,0:30:15.01,Default,,0000,0000,0000,,existing circuit. Yeah, they're\Ninteresting. Use them if you can, but most
Dialogue: 0,0:30:15.01,0:30:19.89,Default,,0000,0000,0000,,people don't have the option.
Dialogue: 0,0:30:19.89,0:30:20.93,Default,,0000,0000,0000,,Mik 3: Thank you.
Dialogue: 0,0:30:20.93,0:30:24.62,Default,,0000,0000,0000,,Herald: More questions?\NPol: Up there!
Dialogue: 0,0:30:24.62,0:30:27.76,Default,,0000,0000,0000,,Herald: Ok, Mic 7!
Dialogue: 0,0:30:27.76,0:30:32.37,Default,,0000,0000,0000,,Mic 7: Hi, thanks for your talk, I'd never\Nheard of PUFs. I recently went on a
Dialogue: 0,0:30:32.37,0:30:36.98,Default,,0000,0000,0000,,quest to find a usable smartcard that met\Nall the things I wanted to do, like open
Dialogue: 0,0:30:36.98,0:30:45.63,Default,,0000,0000,0000,,source, et cetera. Can you expand a bit on\Nhow PUFs could be used with an OpenPGP
Dialogue: 0,0:30:45.63,0:30:49.55,Default,,0000,0000,0000,,smartcard or similar?
Dialogue: 0,0:30:49.55,0:30:54.35,Default,,0000,0000,0000,,Pol: Short answer: no. I have no idea\Nwhether OpenPGP will ever support anything
Dialogue: 0,0:30:54.35,0:31:01.29,Default,,0000,0000,0000,,like this. You have the PKCS protocols,\NI know that in theory this is possible.
Dialogue: 0,0:31:01.29,0:31:04.71,Default,,0000,0000,0000,,I don't know whether anything has\Nimplemented it. There are PUFs on
Dialogue: 0,0:31:04.71,0:31:10.31,Default,,0000,0000,0000,,smartcards, but whether.. We haven't looked\Ninto this, I don't know of anyone who has.
Dialogue: 0,0:31:10.31,0:31:11.03,Default,,0000,0000,0000,,Mic 7: Thank you.
Dialogue: 0,0:31:11.03,0:31:13.75,Default,,0000,0000,0000,,Pol: But that doesn't mean\Nit doesn't exist.
Dialogue: 0,0:31:13.75,0:31:16.61,Default,,0000,0000,0000,,Herald: That would be all.\NPlease give it up for Pol, one more time.
Dialogue: 0,0:31:16.61,0:31:20.24,Default,,0000,0000,0000,,Pol: Thanks!\N{\i1}applause{\i0}
Dialogue: 0,0:31:20.24,0:31:25.41,Default,,0000,0000,0000,,{\i1}postroll music{\i0}
Dialogue: 0,0:31:25.41,0:31:44.00,Default,,0000,0000,0000,,subtitles created by c3subtitles.de\Nin the year 2017. Join, and help us!