3

I have read that one of the PUF's application is software licensing, but do not know how. I have been reading different articles and forums (such as here), but still not clear for me.

One vague point for me is that PUF is a hardware and I do not think that vendors provide a separate hardware rather than maybe just a CD including the software.

I also want to know what is the functionality of PUF in this application? Key generator (like explained here)? or chip ID (like explained here - minute 16)? I found a protocol explained in here, but it is not very clear if PUF can act as product key, hardware ID, or activation number.

I was wondering if some one can explain it to me or give me some references.

Shannon
  • 273
  • 2
  • 7

2 Answers2

1

You're right about hardware activation devices for desktop applications. Dangling dongles outa your printer port is quite legacy. New applications tend to use some form of on-line activation system. You see this in games and Windows.

But it is becoming more common in the embedded world, where it can act as product key, hardware ID, or activation number. Consider the most fundamental behaviour of a PUF. It allows a challenge–response protocol to generate a non clone-able set of values, each usually (but not necessarily) one bit wide, with some degree of repeat ability. Using fuzzy extraction, secure sketches, error correction and compression, a single number can be produced with very good reliability. The PUF (oscillator based) with multiple challenge-response pairs would live within an FPGA like so:-

pufs

And that's it: a set of bits. Use the set as you will. It could very well simply be the (uncloneable) device ID. PUFKY is a design for a random 128 bit cryptographic key extracted from ring oscillators. Intel have Stratix FPGAs/SoCs that incorporate on-board SRAM PUFs for protection against counterfeiting, cloning or reverse engineering. It can also be the key for cryptographic communications from the chip. You can see where the PUF fits into the Stratix:-

stratix

Circling back to software activation, a PUF is the evolved in-built "dongle" of yesteryear protecting modern software. It's just that the 'software' these days can be intellectual property like IP cores, gate/block configurations, digital signal processing algorithms etc. and communications data within and around embedded devices.

Paul Uszak
  • 15,905
  • 2
  • 32
  • 83
0

PUF is like a hardware-based HMAC with an unextractable key. The commercial softwares collects some information about the user, hash it with the PUF, then store the result.

The software compares the hash with the output of the PUF everytime when the software is started, if the result is different, the software then prompts you to re-activate it again or buy additional license.

That's one way PUF is used in software licensing.

DannyNiu
  • 10,640
  • 2
  • 27
  • 64