Physically unclonable functions (PUF) seem tailor-made for IoT security.
Some chipmakers, under pressure to add security to rapidly growing numbers of IoT devices, have rediscovered a “fingerprinting” technique used primarily as an anti-counterfeiting measure.
Physically unclonable functions (PUFs) are used to assign a unique identification number based on inconsistencies in the speed with which current causes a series of logic gates to open or close. So otherwise identical chips will deliver different results in identical test circuits due to random variation in the speed with which those gates respond to a test, according to a 2007 paper by MIT researcher Srini Devadas, who discovered the pattern and founded the company Verayo to commercialize systems that use it.
These “fingerprints” have been used largely as an anti-counterfeiting measure or to allow authentication of the chip as part of a secure-boot sequence and in FPGAs, ASIUCs, NFC RFIDs and other chips.
More recently, however, chip companies and researchers have been exploring PUF as a way to create unique, undiscoverable, unchangeable identification numbers that can serve as the private key in public/private key networks and become the basis for much more complex encryption designed to secure communication among devices, not just verify security of a single chip.