Protection Profile for PUF-based Devices

Publication, 2014


A. Kolberger, I. Schaumüller-Bichl, V. Brunner, M. Deutschmann - Protection Profile for PUF-based Devices - ICT Systems Security and Privacy Protection, Marrakech, Morocco, 2014, pp. 91-98


Physically Unclonable Functions (PUFs) are a promising technology in cryptographic application areas. The idea of PUFs is to make use of the unique "fingerprint" of the IC, to enable generation of secrets or keys without storing sensitive data permanently in memory. Since PUFs are "noisy" functions, some kind of post processing is required to reliably reconstruct the respective PUF response. Based on potential threats and vulnerabilities as well as the security requirements for PUF-based tokens we developed a draft version of a Protection Profile according to Common Criteria. This paper discusses the central parts of this Protection Profile, namely the Target of Evaluation (TOE), PUF-specific security functional requirements (SFRs), and requirements on the operational environment regarding the whole life cycle of the TOE.