The present invention relates to a method of creating challenge-response pairs, a method of authenticating a plurality of physical tokens, a system for creating challenge-response pairs and a device for authenticating a plurality of physical tokens.
A Physical Uncloneable Function (PUF) is a structure used for creating a tamper-resistant environment in which parties may establish a shared secret. A PUF is a physical token to which an input—a challenge—is provided. When the challenge is provided to the PUF, it produces a random analog output referred to as a response. Because of its complexity and the physical laws it complies with, the token is considered to be ‘uncloneable’, i.e. unfeasible to physically replicate and/or computationally model. A PUF is sometimes also referred to as a Physical Random Function. A PUF can be substantially strengthened if it is combined with a control function. In practice, the PUF and an algorithm that is inseparable from the PUF is comprised within a tamper-resistant chip. The PUF can only be accessed via the algorithm and any attempt to by-pass or manipulate the algorithm will destroy the PUF. The algorithm, which is implemented in hardware, software or a combination thereof, governs the input and output of the PUF. For instance, frequent challenging of the PUF is prohibited, certain classes of challenges are prohibited, the physical output of the PUF is hidden, only cryptographically protected data is revealed, etc. Such measures substantially strengthen the security, since an attacker cannot challenge the PUF at will and cannot interpret the responses. This type of PUF is referred to as a controlled PUF (CPUF).
An example of a PUF is a 3D optical medium containing light scatterers at random positions. The input—i.e. the challenge—can be e.g. angle of incidence of a laser beam that illuminates the PUF, and the output—i.e. the response—is a speckle pattern. In an enrollment phase, a challenge is provided to the PUF, which produces a unique and unpredictable response to the challenge. The challenge and the corresponding response may be stored at a verifier with whom authentication subsequently is to be undertaken. If enrollment data are encrypted, hashed or in any other appropriate manner cryptographically protected, it can in principle be stored anywhere in the world. For instance, it may be stored in connection to the PUF itself. This frees an enroller from the obligation of maintaining a database. Typically, in an authentication phase, the verifier provides a proving party with the challenge that was stored in the enrollment phase. If the proving party is able to return a response to the challenge, which response matches the response that was stored in the enrollment phase, the proving party is considered to have proven access to a shared secret, and is thus authenticated by the verifier. Both the enrollment phase and the authentication phase should be undertaken without revealing the shared secret, i.e. the response, which typically involves setting up secure channels by means of encryption.
PUFs are e.g. implemented in tokens employed by users to authenticate themselves and thus get access to certain data, services or devices. The tokens may for example comprise smartcards communicating by means of radio frequency signals or via a wired interface (such as USB) with the device to be accessed.
In certain types of mathematical secret sharing schemes known in the art, different sets of information are given to a number (N) of people. Much like fitting pieces together in a jigsaw puzzle, these information sets are combined such that they reveal a secret. In general, if fewer than N people combine their information sets, they learn nothing about the secret, even though variations exist where it is sufficient to combine k pieces (k<N). An essential feature in existing secret sharing schemes is that a proof is provided that a certain number of different information sets have been combined. This can serve as a proof that a sufficient number of authorized participants have agreed to something, e.g. opening a safe. An example of a prior art secret sharing scheme uses polynomials. The secret comprises a y-axis coordinate in a 2D plane, namely the coordinate where a secret polynomial of degree k-1 intersects the y-axis. Every participant receives a different polynomial coordinate. If k people combine their data, they can reconstruct the polynomial and compute the coordinate where the secret polynomial intersects the y-axis.
In some situations, it is desirable to prove not only that information sets have been combined, but that physical carriers of the information sets actually are (or have been) located in the same place. Such a ‘physical’ proof could e.g. prove that a group of people have been present together in the same room at the same time. In prior art secret sharing schemes, such proofs are not reliable, since the information sets on which a proof is to be based can be copied and communicated at high speed over arbitrary distances.
An object of the present invention is to solve the problems mentioned in the above and to enable a group of people or devices to provide a physical proof that they actually have been physically gathered.
This is attained by a method of creating a challenge-response pair in accordance with claim 1, a method of authenticating a plurality of physical tokens in accordance with claim 14, a system for creating a challenge-response pair in accordance with claim 20 and a device for authenticating a plurality of physical tokens in accordance with claim 25.
In a first aspect of the present invention, there is provided a method comprising the steps of interconnecting a plurality of physical tokens in a sequence, supplying the sequence of physical tokens with a challenge, wherein the sequence of physical tokens is arranged such that a response of a token is passed on as a challenge to a subsequent token until a final physical token produces a response, whereby a challenge-response pair is created. Further, the method comprises the step of storing the challenge supplied to the sequence of physical tokens.
In a second aspect of the present invention, there is provided a method comprising the steps of supplying a sequence of interconnected physical tokens with a challenge created during enrollment, the sequence of physical tokens being arranged such that a response of a token is passed on as a challenge to a subsequent token until a final physical token produces a response. Further, the method comprises the steps of receiving information based on the response of the final physical token and comparing the information based on the response of the final physical token with information based on a response corresponding to said challenge created during enrollment, wherein the physical tokens comprised in the sequence are authenticated if there is correspondence between the information based on the response of the final physical token and the information based on the response created during enrollment.
In a third aspect of the present invention, there is provided a system comprising a plurality of physical tokens interconnecting in a sequence and enrolling means for supplying the sequence of physical tokens with a challenge, wherein the sequence of physical tokens is arranged such that a response of a token is passed on as a challenge to a subsequent token until a final physical token produces a response, whereby a challenge-response pair is created.
In a fourth aspect of the present invention, there is provided a device comprising means for supplying a sequence of interconnected physical tokens with a challenge created during enrollment, said sequence of physical tokens being arranged such that a response of a token is passed on as a challenge to a subsequent token until a final physical token produces a response, means for receiving information based on the response of the final physical token, and means for comparing the information based on the response of the final physical token with information based on a response corresponding to the challenge created during enrollment, wherein the physical tokens comprised in the sequence are authenticated if there is correspondence between the information based on the response of the final physical token and the information based on the response created during enrollment.
A basic idea of the invention is to interconnect a plurality of physical tokens, such as a plurality of uncloneable functions (PUFs), in a sequence, provide the sequence with a challenge and use a response of a PUF as a challenge to a subsequent PUF in the sequence. When a final PUF is reached in the sequence and produces a response, a challenge-response pair (CRP) has been created, which pair comprises the challenge provided to the sequence of PUFs and the response produced by the final PUF. At least the challenge of this CRP is then stored, as will be discussed in the following. Hence, assume that a group of e.g. three PUFs are interconnected in sequence and a challenge is provided to a first PUF. The first PUF produces a response to the challenge and passes this response on to a second PUF, which in a similar manner produces a response that is provided to a third (and final) PUF. A resulting challenge-response pair (CRP) is then created, which pair comprises the challenge provided to the first PUF and the response produced by the third PUF. Hence, the PUFs are interconnected, or concatenated, in the sense that a physical output (i.e. response) of a PUF is used as a physical input (i.e. challenge) to a subsequent PUF. Preferably, creation of the challenge-response pair occurs in an enrollment phase.
The challenge and the corresponding response may be stored at a verifier with whom authentication subsequently is to be undertaken. However, if enrollment data are encrypted, hashed or in any other appropriate manner cryptographically protected, it can virtually be stored anywhere. For instance, it may be stored in connection to the PUF itself. This frees an enroller from the obligation of maintaining a database of CRPs. A response of a PUF is information which in general should not be made publicly available, since an eavesdropper having access to a response may be able to deceive a verifier.
Further, the party performing the actual enrollment (i.e. the enroller) is not necessarily the same as the party who subsequently performs verification (i.e. the verifier). For instance, a bank may centrally enroll a user, while verification of the user typically is undertaken at a local bank office. Furthermore, the challenge and the response are not necessarily stored together, but may be separated and stored in different physical locations. Alternatively, the response is not stored at all. In practice, a plurality of CRPs are created in the enrollment phase, and at least the challenge of the CRP is stored, such that the CRP can be re-created. As is understood by a skilled person, if the enrolling party and the verifying party are not the same, it may for security reasons be necessary to provide a CRP with a signature of the enroller, such that the verifier is ensured that the CRP has been created by means of a trusted enroller. The signature of the enroller is further necessary when a CRP is physically stored where the enroller cannot control it, such as in vicinity of any one of the PUFs in an enrolled sequence. In cases where the enrollment data is kept in a secure location, no signature is necessary.
If ad-hoc enrollment of a plurality of users that are not known in advance is to be performed, it may be mandatory that each user identifies himself/herself to the enrolling party. This may be performed by using a private key of the respective user to create a corresponding digital signature.
Subsequently, in an authentication phase, the physical uncloneable functions that were concatenated in the enrollment phase are re-concatenated. The verifier at which authentication is to be performed selects a challenge from a CRP which was created and stored in the enrollment phase. The selected challenge is supplied to the first PUF, which produces a response and feeds this response as a challenge to the subsequent second PUF. The second PUF produces a response which is provided to the final third PUF. The final PUF responds to this challenge by producing a final response. If the final response matches the stored response comprised in said CRP, the verifier is convinced that the first, second and third PUF are physically present in the same location, i.e. that they have been physically interconnected. Hence, a proof of PUF interconnection is supplied. Note that in this exemplifying embodiment, three PUFs are interconnected. Clearly, any number of PUFs may be concatenated in an established sequence to create a CRP in the enrollment phase. Similarly, in the authentication phase, the same PUFs must be interconnected in the established sequence for authentication to be successful. The present invention advantageously utilizes the uncloneability property of PUFs, which ensures that the characteristic of a PUF is unfeasible to replicate.
In accordance with an embodiment of the present invention, the PUFs are associated with a user by means of e.g. an identifier linking the PUFs to the user. This is advantageous, since a user has to present and interconnect a plurality of PUFs to be authenticated at a verifier. This strengthens security compared to prior art authentication systems in which a user only have to create a response to a given challenge using one single PUF.
In accordance with another embodiment of the present invention, after enrollment has taken place, each PUF is associated with a different user by means of e.g. an identifier linking the PUF to the user. Apart from the above mentioned proof of interconnection, the PUF may also be used for private purposes such as withdrawing money or getting access to data that is personal (or at least non-accessible to the public). This has the advantage that users are discouraged to give away their PUF, e.g. for the purpose of creating a fake proof that they have been present to interconnect their PUFs with other PUFs.
After enrollment has taken place, the PUFs are handed over to the user(s) with whom they are associated, if the PUFs not already have been assigned to the users. The users are not necessarily informed about the order of concatenation of the PUFs when authentication is to be undertaken. In case they are not given the concatenation order, the order in itself becomes a secret which can be considered to strengthen security in a system; if the users do not know the concatenation order employed during enrollment, it will in practice be unfeasible to guess the order when a larger number of PUFs are concatenated.
In an embodiment of the invention, after enrollment has taken place, the enroller encrypts a secret (e.g. a random number or a randomly generated message) with a cryptographic key based on a response, to a certain challenge, of a concatenation of PUFs. Thus, an encrypted data set ER(m) is created, wherein ER(m) denotes encryption of a message m with the response R. In this embodiment, the response need not be stored. The enroller (or a verifier) then distributes the PUFs to the user(s) together with the challenge and the encrypted secret (and order of concatenation, if the order is not already known by the users). The user(s) will only be able to decrypt the cryptographically protected secret if the PUFs are concatenated such that a correct response may be created to the distributed challenge, i.e. the concatenation order that was used during enrollment must be used during authentication. Note that the key employed to encrypt the secret may be created in a number of different ways. For instance, the key may consist of a hash of the response, or may be the actual response. Further, the enroller may challenge the sequence of PUFs with a plurality of challenges, while the ordering of the PUFs is constant, and derive a cryptographic key from the resulting responses. In the authentication phase, the PUFs must be provided with the plurality of challenges to re-create the key for decrypting the encrypted secret.
In another embodiment, a plurality of different PUF concatenations are enrolled, each with a separate challenge and a separate unique response to the challenge. The enroller encrypts the secret with a cryptographic key derived from the responses. The users receive their respective PUFs, the challenges and the corresponding concatenation orders. In order to create a plain text copy of the secret, they have to create the same PUF concatenations as during enrollment, challenge each concatenation of PUFs, and obtain the correct responses. By combining their responses such that a decryption key may be derived, the secret can be decrypted.
In yet another embodiment, the encryption of the secret involves mathematical secret sharing.
In a further embodiment of the present invention, a challenge is provided to the PUF located first in a sequence of physically interconnected PUFs, and the response of the first PUF is provided as a challenge to a second PUF in the chain an so on, as has been described in the above, until the last PUF in the chain produces a response. The challenge provided to the first PUF and the response produced by the last PUF constitutes a challenge-response pair. A challenge-response data set is created comprising the challenge-response pair, an identifier for each PUF employed to create the challenge-response pair and order of concatenation of the PUFs. As previously has been discussed, the response to a challenge is not necessarily stored. In that case, the response is not included in the data set. This challenge-response data set may be signed by the enrolling party. Preferably, the users to whom the PUFs belong prepare a statement that they have been gathered (possibly under particular circumstances for a particular purpose) and attach this statement to the challenge-response data set. Then, each user signs the complete statement, including the challenge-response data set, using his or her private key. Now, the digitally signed challenge-response data set is stored and serves as a proof that these users not only agree to the statement, but also that they actually have been physically together (at some moment in time). Later, if someone questions the validity of the proof, for instance in a court, the users can meet and the court can verify that they are able to generate the response to the challenge of the challenge-response data set. This particular embodiment is not necessarily implemented in an environment in which enrollment of PUFs is undertaken. It may advantageously be employed for generating an ad-hoc proof for any unforeseen combination of PUFs. Nevertheless, this embodiment can advantageously be employed when enrolling a plurality of PUFs, as has been discussed in the above.
It should be understood that it may be necessary to store the order in which PUFs are concatenated in the enrollment phase in case the order to be employed in the authentication phase is not known in advance. Otherwise, the users do not know in which order to concatenate their PUFs to produce a valid response to a given challenge.
Further features of, and advantages with, the present invention will become apparent when studying the appended claims and the following description. Those skilled in the art realize that different features of the present invention can be combined to create embodiments other than those described in the following.
A detailed description of preferred embodiments of the present invention will be given in the following with reference made to the accompanying drawings, in which:
For instance, a controlled PUF (CPUF) is employed, which comprises a PUF combined with a control function. Typically, the PUF and an algorithm that is inseparable from the PUF is comprised within a tamper-resistant chip. The PUF can only be accessed via the algorithm and any attempt to by-pass or manipulate the algorithm will destroy the PUF. In general, the chip comprises computing means 105 and storing means 106, which execute the algorithm and store software for implementing it. Typically, the enrolling party 104 also comprises computing means 107 and storing means 108. The PUF used may e.g. be a 3D optical medium containing light scatterers at random positions. The input (i.e. the challenge) to the PUF can for instance be a laser beam originating from a laser diode comprised in the chip, and the output (i.e. the response) is a speckle pattern detected by light detecting elements arranged in the chip. The chip is arranged with an input via which a challenge may be supplied and an output via which a response may be provided. The challenge is typically provided to a CPUF in the form of digital data which is converted in the CPUF into operating parameters of the laser diode, e.g. luminance, such that an appropriate challenge is supplied to the PUF. When the resulting speckle pattern, i.e. the response, is detected, it is converted into digital data which can exit the CPUF via its output.
The challenge C provided to the first PUF 101 is typically embodied in the form of a digital bit stream distributed by the enrolling party 104, which bit stream is converted by the processing means of the chip into operating parameters of the laser diode. The bit stream may e.g. control the wavelength of the laser diode, wherein different bit streams will result in different challenges provided to the PUF. The first PUF 101 thus produces a response R′ to the challenge C and passes this response on to the second PUF 102, which in a similar manner produces a response R′ that is provided to the third, final PUF 104. A challenge-response pair (CRP) comprising C and R is hence created, and the PUFs have been enrolled at the enrolling party 104.
Note that the manner in which the challenge C is supplied to the first PUF 201 may vary depending on where the challenge is stored. If the challenge is stored at any one of the PUFs 201, 202, 203 it may not be necessary for the verifier 204 to supply the challenge, even though that scenario also is possible.
The second PUF produces a response R′ which is provided to the third, final PUF 203. The final PUF responds to this challenge by producing a final response R′. If the final response matches the response of the enrolled CRP, the verifier is convinced that the first, second and third PUF are physically present in the same location, i.e. that they have been physically interconnected. Hence, a proof of PUF interconnection is supplied. In another embodiment of the present invention, a plurality of PUFs are interconnected in a first order during enrollment and a CRP is created as described in connection to
In
It should be noted that even though the PUFs should be physically interconnected during enrollment and authentication, enrollment and authentication data may be received from/transferred to a remote location. As is understood by the skilled person, this reception/transmission may e.g. comprise submitting data via the Internet of some other appropriate network.
Further, error correction schemes may be used, e.g. to correct a final response from a sequence of PUFs such that noise is eliminated and reproducible data is obtained. For instance, helper data schemes known in the art may be employed. In order to combine the deriving of challenge-response pairs with cryptographic techniques, helper data may be derived during the enrollment phase. The helper data guarantees that a unique response can be derived from a challenge during the authentication as well as during the enrolment phase. Hence, the helper data scheme brings robustness in that it enables correction of noisy authentication data such that the data obtained at authentication matches the enrollment data that it is expected to be identical with. Of course, other appropriate error correction schemes may be envisaged by the skilled person.
Even though the invention has been described with reference to specific exemplifying embodiments thereof, many different alterations, modifications and the like will become apparent for those skilled in the art. The described embodiments are therefore not intended to limit the scope of the invention, as defined by the appended claims.
Number | Date | Country | Kind |
---|---|---|---|
05111419.7 | Nov 2005 | EP | regional |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/IB2006/054442 | 11/27/2006 | WO | 00 | 5/27/2008 |