RFID Security Alliance Member Comments About PUF Technology

Verayo recently announced that they have released the worlds first unclonable RFID chip at RFID World in Las Vegas. Both Verayo and Veratag incorporate similar principles to achieve unclonability in their designs, in the sense that they rely on capturing differences introduced in manufacturing. In theory, this appears to be quite "solid". Both Verayo and Veratag are members of the RFID Security Alliance.

Celebrated security researcher Karsten Nohl is also a member of the RFID Security Alliance, and is well known for his research and commentary on RFID security. Karsten recently commented on PUF technology:

Verayo is the second company to announce the "World’s first unclonable RFID tag" based on a physically unclonable function (PUF), after Veratag announced a similar product based on PUF technology. The security claims of these and other PUF-based products seem dubious since the current realization of PUFs defies basic principles of cryptography. The announcement states:
This new RFID chip is based on recently announced breakthrough technology called Physical Unclonable Functions (PUF). PUF technology is a type of electronic DNA or fingerprinting technology for silicon chips that makes each chip unclonable.
It might be besides the point that neither DNA, nor fingerprints are unclonable. The failure of proprietary security, which has been a constant theme on this blog, has led many to conclude that only well-reviewed security primitives can be strong. PUF technology tries to achieve security in exactly the opposite way: the PUF circuit is designed in a way so that not even the designer understands how outputs are derived from inputs. Security-by-obscurity par excellence.
Every circuit, including PUFs, is a deterministic function; the only difference in PUF circuits is that some inputs to the function vary across different tags. For a PUF to be cryptographically strong, one would hence need to show that

1. the fixed part of the circuit (the cipher) is strong by cryptographic metrics,
2. the number of device-dependent inputs (the secret key) is large and
3. the entropy of these inputs is high.

PUFs are a wonderful idea for using manufacturing variance constructively, but in their current realization, PUFs fail to convince that they are strong building blocks for security systems.

It is important to note that while Nohl, Verayo, and Veratag are all members of the RFID Security Alliance this does not preclude scrutiny of security claims made by members of the RFIDSA, nor commentary of the same. It is also important to emphasize that this level of scrutiny is critical for the "vetting" of designs and technologies.