I just noticed that NXP has issued a press release about strengthening smartcard security with some technology referred to as ‘PUF’. I suspect that many of you, like me, have not encountered this acronym before, so I decided to investigate.
Curiously, and hence the title of this blog, the first thing that came to mind was that 60’s song “Puff, the Magic Dragon”. This may be showing my age a bit but as I read a bit more about PUF I think there may be some magic here after all!
PUF stands for ‘physically unclonable function’, which Wikipedia defines as ‘a function that is embodied in a physical structure and is easy to evaluate but hard to predict’. I also learnt that this cryptographic technology dates from the early 1980s, when papers from DW Bauder and G Simmons of Sandia National Laboratories (Albuquerque, New Mexico) reference its use for authentication purposes. PUF is also referred to as a physical one-way function but clearly POWF is not as memorable as PUF. Ultimately though, whatever you call it, the key attribute of a PUF device, from a practical standpoint, is that it should be easy to make but impossible to duplicate.
Getting back to the NXP announcement, I see that PUF technology will be applied to smartcard chips and related devices to improve their security. Evoking more public confidence in the security of smartcards is clearly vital in light of the increasingly sophisticated techniques being used by the criminal fraternity, especially as we contemplate the wider and growing use of smartcard type technology in NFC-enabled smartphones that can be used for contactless mobile payments.
So how does PUF work? Well there’s not time or space now to go into a lot of detail but rest assured we’ll return to this subject in future blogs. For now it is best considered as a means to prevent the reverse-engineering of an integrated circuit by using the unique ‘fingerprint’ inherent in every semiconductor device to protect the encryption key that is at the heart of such security devices.
So PUF is not magic, it is simply the application of anti-cloning technology to strengthen the security of smart card chips.