PUF-Based Authority Device Scheme

With the rise of the Internet-of-Things, followed a tendency to create unified architectures with a great number of edge nodes and inherent security risks due to centralisation. At the same time, security and privacy defenders advocate for decentralised solutions which divide the control and the responsibility among the entirety of the network nodes. However, spreading the responsibility among a great number of parties also leads to increased risk of leakage for secret information. A solution to achieving the best of both worlds could be the primitive of unclonability which forms the basis of any relationship, be it human or between devices, as it provides proof of uniqueness for the communicating entities. This uniqueness also has a direct effect on the value of an unclonable object since no other copies exist to share this value. From the IoT perspective, unclonability can offer strong security guarantees, distinction among otherwise identical edge nodes, and higher levels of control over the system by its owners. Unclonability has been realised on a physical level via the use of Physical Unclonable Functions (PUFs) but methods to expand it to fully formed security frameworks have not been developed. In this report we attempt to set the foundations for the development of an unclonability stack, propagating the primitive from the unclonable chips of PUFs, to devices, network links and eventually through to unclonable systems. To that end, we also present an Authority Device Scheme (ADS) and discuss its security properties, along with a basic prototype. The role of the ’authority devices’ is that of a consolidated, observable root of ownership, which can be verifiably handed over or destroyed, all the while without requiring a central authority for the normal operation of the system. As such, these devices are used to bootstrap the operation of a network system and introduce network nodes to each other, enabling them to form groups or neighbourhoods. This is achieved via asymmetric cryptography with secrets that are generated on demand by PUFs and never saved in persistent storage. After their introduction, nodes are able to identify and interact with their peers, exchange keys and form relationships that enable novel features in the higher layers of the stack.