@inproceedings{3b73e7fd2ada4fa695a857e9e3f57806,
title = "Robust authentication using physically unclonable functions",
abstract = "In this work we utilize a physically unclonable function (PUF) to improve resilience of authentication protocols to various types of compromise. As an example application, we consider users who authenticate at an ATM using their bank-issued PUF and a password. We present a scheme that is provably secure and achieves strong security properties. In particular, we ensure that (i) the user is unable to authenticate without her device; (ii) the device cannot be used by someone else to successfully authenticate as the user; (iii) the device cannot be duplicated (e.g., by a bank employee); (iv) an adversary with full access to the bank's personal and authentication records is unable to impersonate the user even if he obtains access to the device before and/or after the setup; (v) the device does not need to store any information. We also give an extension that endows the solution with emergency capabilities: if a user is coerced into opening her secrets and giving the coercer full access to the device, she gives the coercer alternative secrets whose use notifies the bank of the coercion in such a way that the coercer is unable to distinguish between emergency and normal operation of the protocol.",
author = "Frikken, \{Keith B.\} and Marina Blanton and Atallah, \{Mikhail J.\}",
year = "2009",
doi = "10.1007/978-3-642-04474-8\_22",
language = "English",
isbn = "3642044735",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "262--277",
booktitle = "Information Security - 12th International Conference, ISC 2009, Proceedings",
address = "Germany",
note = "12th Information Security Conference, ISC 2009 ; Conference date: 07-09-2009 Through 09-09-2009",
}