|
Quantum Readout is a method to verify the authenticity of an object. The method is secure provided that the object cannot be copied or physically emulated. ==Hands-off versus hands-on authentication of objects== When authenticating an object, one can distinguish two cases. * Hands-on athentication: The object is fully under the control of the verifier. The verifier can see if the object is of the correct type, size, weight etc.. E.g. he can see the difference between a real tooth and a hologram representing the tooth. * Hands-off authentication: The verifier does not have full control. E.g. he has line-of-sight but cannot touch the object. In the hands-on scenario, Physical Unclonable Functions (PUFs) of various types can serve as great authentication tokens. Their physical unclonability, combined with the verifier's ability to detect spoofing, makes it exceedingly hard for an attacker to create an object that will pass as a PUF clone. However, hands-on authentication requires that the holder of the PUF relinquishes control of it, which may not be acceptable, especially if there is the risk that the verifier is an impostor. In the hands-off scenario, however, reliable authentication is much more difficult to achieve. It is prudent to assume that the challenge-response behavior of each PUF is known publicly. (An attacker may get hold of a genuine PUF for a while and perform a lot of measurements on it without being discovered.) This is a "worst case" assumption as customary in security research. It poses no problem in the hands-on case, but in the hands-off case it means that spoofing becomes a real danger. Imagine for instance authentication of an optical PUF through a glass fiber. The attacker does not have the PUF, but he knows everything about it. He receives the challenge (laser light) through the fiber. Instead of scattering the light off a physical object, he does the following: (i) measure the incoming wave front; (ii) look up the corresponding response in his database; (iii) prepare laser light in the correct response state and send it back to the verifier. This attack is known as "digital emulation". For a long time spoofing in the hands-off scenario has seemed to be a fundamental problem that cannot be solved. The traditional approach to remote object authentication is to somehow enforce a hands-on environment, e.g. by having a tamper-proof trusted remote device probing the object. Drawbacks of this approach are (a) cost and (b) unknown degree of security in the face of ever more sophisticated attacks. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Quantum readout of PUFs」の詳細全文を読む スポンサード リンク
|