Publications, Conferences:

  • IZS 2018, Zurich
    “Capacity of a Dual Enrollment System with Two Keys based on an SRAM-PUF”,
    L. Kusters, and F.M.J. Willems, 2018 Zurich Seminar on Information and Communication (IZS), pp. 79 - 83, Zurich, Switzerland, February 21 - 23, 2018.
    ABSTRACT: We investigate the capacity of an SRAM-PUF based secrecy system that produces two secret keys during two consecutive enrollments. We determined the region of secret-key rates that are achievable and show that the total secret-key capacity is larger than for a single enrollment system. In our achievability proofs we focussed on linear codes.
  • WIC 2018, Enschede
    “Zero-Secrecy Leakage for Multiple Enrollments of Physical Unclonable Functions”,
    L. Kusters, O. G¨ unl ¨u (TU Munich), and F.M.J. Willems, Proceedings of the 2018 Symposium on Information Theory and Signal Processing in the Benelux, 31 May - 1 June 2018, Enschede, The Netherlands, pp.
    ABSTRACT: We use physical unclonable functions (PUFs) to generate secret keys. We analyze the performance of the helper data scheme when the enrollment process is repeated multiple times. We show that codes exist such that the scheme remains secure after two enrollments, when all PUF observations are performed over the same channel. Furthermore, we show that a fuzzy commitment scheme remains secure after any number of enrollments, for PUF sources that meet a certain symmetry condition. We show that the temperature dependent model for SRAM-PUF meets this symmetry condition. Furthermore, we argue that many source-channel model pairs exist that meet the symmetry condition, and give some examples.
  • ISIT 2018, Vail, Colorado
    “Capacity of a Multiple Enrollment System Based on an SRAM-PUF: Forgetful Setting”,
    L. Kusters and F.M.J. Willems, 2018 International Symposium on Information Theory (ISIT), Vail, Colorado, USA, June 17 - 22, 2018.
    ABSTRACT: We use an SRAM Physical Unclonable Function (PUF) to generate secret keys for authentication purposes. During enrollment, an encoder generates a secret key and corresponding helper data based on an SRAM-PUF observation vector. Later, the device identity is verified by its ability to reconstruct the same key. We define the multiple enrollment forgetful setting. Here, during each consecutive enrollment the previous key is replaced by a new (larger) key based on a new observation of the SRAM-PUF. Furthermore, additional helper data is published after each enrollment. We show that all helper messages together do not reveal information about the relevant secret. Furthermore, the achievable secret-key rate increases with each enrollment, up to a limit that depends on the statistics of the source. For the SRAM-PUF this limit is given by the mutual information between the observation variable and the cell-state.
  • IoT Journal, 2019
    “Secret Key Generation Over Biased Physical Unclonable Functions With Polar Codes”,
    Bin Chen and F.M.J. Willems, IEEE Internet of Things Journal, Volume: 6 , No. 1 , Feb. 2019, pp. 435 - 445.
    ABSTRACT: Internet-of-Things (IoT) devices are usually small, low cost, and have limited resources, which makes them vulnerable to physical and cloning attacks. To secure IoT devices, physical unclonable functions (PUFs) are relatively new security primitives used for device authentication and device-specific secret-key generation. In this paper, we focus on designing a robust construction to derive secret keys from static randomaccess memory (SRAM)-PUFs, which enjoy the uniqueness and randomness properties stemming from the manufacturing variations of SRAM memory cells. We make use of a polar code construction. Based on the fact that SRAM memory can often be found in today’s IoT devices, and since polar codes have been selected as error-correction technique in the fifth generation standard, this makes the proposed scheme a promising candidate for reducing the extra cost and securing resource-constrained IoT devices. In this paper, we propose a novel construction method to eliminate the effect of noise and bias in SRAM-PUFs. We shall prove that the secrecy leakage of the helper data about the secretkey can be made negligible due to polarization and proper code construction design. Results show that the proposed scheme provides a significant improvement of the reliability (achieve a failure probability below 10 -6 ) and of the realizable secret-key rate, which is also evaluated by the theoretical analysis. In addition, the proposed scheme provides the possibility to tradeoff complexity, secrecy, and reliability with the same code construction for different IoT applications.
  • WIC 2019, Ghent
    “Selection and Balancing for Debiasing of SRAM-PUF”,
    L. Kusters, and F.M.J. Willems, Proceedings of the 2019 Symposium on Information Theory and Signal Processing in the Benelux, 28-29 May 2019, Ghent, Belgium, pp. 60
  • TIFS 2019
    “Secret-Key Capacity Regions for Multiple Enrollments with an SRAM-PUF”,
    L. Kusters and F.M.J. Willems, IEEE Transactions on Information Forensics and Security, Vol. 14, No. 9, pp. 2276 - 2287, September 2019.
    ABSTRACT: We introduce the multiple enrollment scheme for SRAM-PUFs. During each enrollment the binary power-on values of the SRAM are observed, and a corresponding key and helper data are generated. Each key can later be reconstructed from an additional observation and the helper data. The helper data do not reveal information about the keys to an attacker. It is our goal to use the additional enrollments to consecutively increase the entropy of the generated key material. We analyze two alternative settings. First, we present a regular setting, where each additional key is independent of all previous keys. Secondly, we introduce a key-replacement setting, where instead of an additional independent key, a new key (of increased length) is generated that replaces the old key. We characterize the capacity regions for both settings. We show that the total achievable secret-key rate is equal to the mutual information between all enrollment observations and a single (reconstruction) observation. We derive our results based on a statistical model for SRAM-PUF that has been proposed in the literature. This model implies a permutation symmetry property of SRAM-PUF which plays a key role in our proofs.
  • Submission WIFS 2019, Delft
    “Debiasing of SRAM PUFs: Selection and Balancing”,
    L. Kusters and F.M.J. Willems. Submitted to Workshop of Information Forensics and Security (WIFS), December 9 - 12, 2019, Delft, The Netherlands.
    ABSTRACT: Fuzzy commitment is used to bind a secret key to an SRAM-PUF observation vector. The fuzzy commitment scheme is secure as long as the observation vector has full entropy. Here, we assume that the observation vectors are biased, and explore two elementary schemes for debiasing: selection and balancing. We study the performance of the schemes from an information theoretic perspective.
  • Keynote WIFS 2019, Delft
    “An Information-Theoretical Approach Toward SRAM-PUF Authentication”,
    F.M.J. Willems, Invited Keynote at Workshop of Information Forensics and Security (WIFS), December 9 - 12, 2019, Delft, The Netherlands.


  • D1.1 “Report on state-of-the-art solutions and gap analysis”
    The report summarizes a thorough review of state-of-the-art developments on device, technique and scientific level including weak spots and the assessment of closing the security gaps via retrofitting.
  • D1.2 “Use case development and requirements report”
    In this report, the selection and choice of the use cases in RESCURE as well as their requirements within the system architecture are elaborated.
  • D1.3 “System architecture and specifications”
    This report includes the preselection of suitable IoT devices, the specifications for the RESCURE system architecture and includes the outcome of the investigations on multiple enrolment methods.
  • D2.1 “Report on the RESCURE IoT Building Blocks”
    This report includes the outcome of the developments in respect of the IoT building blocks as well as the analysis of the IoT devices and the final selection, which are used in the RESCURE system.
  • D2.2 “Report on the RESCURE Backend Building Blocks”
    This report includes the outcome of the developments in respect of the backend building blocks as well as on intrusion-detection backend mechanisms.
  • D2.3 “Report on anti-ageing and post-processing methods”
    This report includes a thorough summary of the research work (post-processing, entropy extraction, anti-ageing) performed in work package WP2.
  • D3.1 “RESCURE Prototype”
    This deliverable is of type “demonstrator” and highlights the outcome of task 3.1. The deliverable accompanies with a written report describing the structure and the functionality of the RESCURE prototype.
  • D3.2 “Report on prototype testing”
    This report includes the outcomes of Task 3.2, including the testing and evaluation procedure of the RESCURE prototype.
  • D4.1 “Mid-term Report”
    This management report outlines the progress of the project and summarize the achievements of the first 12 months.
  • D4.2 “Report on Dissemination and Exploitation”
    This report describes how the partners exploit and disseminate the results of the RESCURE project.
  • D4.3 “End Report”
    This management report summarizes the overall achievements of the RESCURE project, focussing on the second period from M13 – M24. Updates on dissemination and exploitation and an outlook beyond the project lifetime are listed as well.