NAND Flash Can Verify a Device's Identity 34
itwbennett writes "Researchers at UC San Diego and Cornell University have developed software that they say can detect variations in flash behavior that are unique to each chip. The system uses 'physically unclonable functions' (PUFs), or variations in manufacturing that are unique to each element of each flash chip. Swanson described one PUF that his team has worked with, called Program Disturb. It uses a type of manufacturing flaw that doesn't affect normal operation but causes problems under test conditions." Related: from last October, another description of such error-based identity assignment.
Re:Which can be defeated (Score:2, Interesting)
Actually that would be very difficult. The PUF has a large enough input range so that not all outputs can conceivably be retrieved. After manufacture, the device will be tested with just a few of these inputs (chosen randomly for each device) which are held securely in a database along with its serial number. To test the device, a subset of those inputs are used again with the PUF and if the outputs match within a certain tolerance then the device is genuine, otherwise it is counterfeit.
The fact that the input space is so large and the particular function results chosen at random and kept secret, makes a man in the middle attack infeasible.