-
Generative AI Models: Opportunities and Risks for Industry and Authorities
Authors:
Tobias Alt,
Andrea Ibisch,
Clemens Meiser,
Anna Wilhelm,
Raphael Zimmer,
Jonas Ditz,
Dominique Dresen,
Christoph Droste,
Jens Karschau,
Friederike Laus,
Oliver Müller,
Matthias Neu,
Rainer Plaga,
Carola Plesch,
Britta Sennewald,
Thomas Thaeren,
Kristina Unverricht,
Steffen Waurick
Abstract:
Generative AI models are capable of performing a wide variety of tasks that have traditionally required creativity and human understanding. During training, they learn patterns from existing data and can subsequently generate new content such as texts, images, audio, and videos that align with these patterns. Due to their versatility and generally high-quality results, they represent, on the one h…
▽ More
Generative AI models are capable of performing a wide variety of tasks that have traditionally required creativity and human understanding. During training, they learn patterns from existing data and can subsequently generate new content such as texts, images, audio, and videos that align with these patterns. Due to their versatility and generally high-quality results, they represent, on the one hand, an opportunity for digitalisation. On the other hand, the use of generative AI models introduces novel IT security risks that must be considered as part of a comprehensive analysis of the IT security threat landscape. In response to this risk potential, companies or authorities intending to use generative AI should conduct an individual risk analysis before integrating it into their workflows. The same applies to developers and operators, as many risks associated with generative AI must be addressed during development or can only be influenced by the operating organisation. Based on this, existing security measures can be adapted, and additional measures implemented.
△ Less
Submitted 3 February, 2025; v1 submitted 7 June, 2024;
originally announced June 2024.
-
An arbiter PUF secured by remote random reconfigurations of an FPGA
Authors:
Alexander Spenke,
Ralph Breithaupt,
Rainer Plaga
Abstract:
We present a practical and highly secure method for the authentication of chips based on a new concept for implementing strong Physical Unclonable Function (PUF) on field programmable gate arrays (FPGA). Its qualitatively novel feature is a remote reconfiguration in which the delay stages of the PUF are arranged to a random pattern within a subset of the FPGA's gates. Before the reconfiguration is…
▽ More
We present a practical and highly secure method for the authentication of chips based on a new concept for implementing strong Physical Unclonable Function (PUF) on field programmable gate arrays (FPGA). Its qualitatively novel feature is a remote reconfiguration in which the delay stages of the PUF are arranged to a random pattern within a subset of the FPGA's gates. Before the reconfiguration is performed during authentication the PUF simply does not exist. Hence even if an attacker has the chip under control previously she can gain no useful information about the PUF. This feature, together with a strict renunciation of any error correction and challenge selection criteria that depend on individual properties of the PUF that goes into the field make our strong PUF construction immune to all machine learning attacks presented in the literature. More sophisticated attacks on our strong-PUF construction will be difficult, because they require the attacker to learn or directly measure the properties of the complete FPGA. A fully functional reference implementation for a secure "chip biometrics" is presented. We remotely configure ten 64-stage arbiter PUFs out of 1428 lookup tables within a time of 25 seconds and then receive one "fingerprint" from each PUF within 1 msec.
△ Less
Submitted 12 October, 2016;
originally announced October 2016.
-
A new Definition and Classification of Physical Unclonable Functions
Authors:
Rainer Plaga,
Dominik Merli
Abstract:
A new definition of "Physical Unclonable Functions" (PUFs), the first one that fully captures its intuitive idea among experts, is presented. A PUF is an information-storage system with a security mechanism that is
1. meant to impede the duplication of a precisely described storage-functionality in another, separate system and
2. remains effective against an attacker with temporary access to t…
▽ More
A new definition of "Physical Unclonable Functions" (PUFs), the first one that fully captures its intuitive idea among experts, is presented. A PUF is an information-storage system with a security mechanism that is
1. meant to impede the duplication of a precisely described storage-functionality in another, separate system and
2. remains effective against an attacker with temporary access to the whole original system.
A novel classification scheme of the security objectives and mechanisms of PUFs is proposed and its usefulness to aid future research and security evaluation is demonstrated. One class of PUF security mechanisms that prevents an attacker to apply all addresses at which secrets are stored in the information-storage system, is shown to be closely analogous to cryptographic encryption. Its development marks the dawn of a new fundamental primitive of hardware-security engineering: cryptostorage. These results firmly establish PUFs as a fundamental concept of hardware security.
△ Less
Submitted 26 January, 2015;
originally announced January 2015.
-
A formal definition and a new security mechanism of physical unclonable functions
Authors:
Rainer Plaga,
Frank Koob
Abstract:
The characteristic novelty of what is generally meant by a "physical unclonable function" (PUF) is precisely defined, in order to supply a firm basis for security evaluations and the proposal of new security mechanisms. A PUF is defined as a hardware device which implements a physical function with an output value that changes with its argument. A PUF can be clonable, but a secure PUF must be uncl…
▽ More
The characteristic novelty of what is generally meant by a "physical unclonable function" (PUF) is precisely defined, in order to supply a firm basis for security evaluations and the proposal of new security mechanisms. A PUF is defined as a hardware device which implements a physical function with an output value that changes with its argument. A PUF can be clonable, but a secure PUF must be unclonable. This proposed meaning of a PUF is cleanly delineated from the closely related concepts of "conventional unclonable function", "physically obfuscated key", "random-number generator", "controlled PUF" and "strong PUF". The structure of a systematic security evaluation of a PUF enabled by the proposed formal definition is outlined. Practically all current and novel physical (but not conventional) unclonable physical functions are PUFs by our definition. Thereby the proposed definition captures the existing intuition about what is a PUF and remains flexible enough to encompass further research. In a second part we quantitatively characterize two classes of PUF security mechanisms, the standard one, based on a minimum secret read-out time, and a novel one, based on challenge-dependent erasure of stored information. The new mechanism is shown to allow in principle the construction of a "quantum-PUF", that is absolutely secure while not requiring the storage of an exponentially large secret. The construction of a PUF that is mathematically and physically unclonable in principle does not contradict the laws of physics.
△ Less
Submitted 4 April, 2012;
originally announced April 2012.
