Traditionally, the security of anti-counterfeiting solutions is based on graphic and optical elements (ultraviolet inks, watermarks, holograms) obtained from components or production tools that are considered too difficult and too expensive for a counterfeiter to obtain. However, in addition to the fact that they do not allow an identification of each unit, they may also require an additional verification phase, implying operators and external readers that are quite costly in time and money. More recently, Radio Frequency Identification (RFID) based solutions were developed as alternative to comply with requirements of the supply-chain, such as helping to track and trace goods, but their strongly limited resources make it incompatible with recommended cryptographic primitives management. A similar issue exists on most embedded systems were the identifiers and keys are simply stored in non-volatile memory (NVM) instead of using secure elements to cut engineering and material costs.
The idea of Physical Unclonable Functions (PUFs) has since emerged and gained interest, in part to limit attacks on NVM chips which allow to extract their content and thus potentially recover secret keys. It consists in a unique and unforgeable fingerprint providing an identity to an object. More precisely, the concept relies on the minor random variations of a measurable property that two instances of an object will exhibit due to the impossibility to control the production process at infinitesimal level. So, a PUF could be based on elements already part of the design hence saving area and consumption compared to expensive solutions such as secure elements, while still providing better security than NVM since the identity is extracted from physical measurements only when the information is needed. In addition, it becomes possible to use them for authentication or key generation if they fulfil the statistical properties of unicity, reproducibility, and unpredictability, thus forming an economical and efficient cryptographic primitive. They are of particular interest in anti-counterfeiting and cybersecurity domains, where both of which attempt to address now ubiquitous societal issues [1, 2].
These arguments have encouraged various projects to develop the concept, each potentially using a different approach and conceptual formalism, until it became difficult to draw up an exhaustive list of all the PUF constructions proposed over time and define successful benchmarking performance indicators able to handle several selection criteria (safety level, consumption, physical dimensions, and cost). But even if direct benchmarking is complex, we can still distinguish several categories of PUFs according to the physical property evaluated. For instance, McGrath et al. [3] take into account a considerable number of constructions and sort them in 3 manners (property-driven, parameter-driven and timeline-based) to propose an interesting survey. Similarly, the paper from Ning et al. [4] is a bit more recent and also provides a valuable categorization of PUF constructions presented in the literature, either as silicon PUFs or non-silicon PUFs (the former category includes delay-based PUFs, memory-based PUFs and analog electronic PUFs sub-categories). Both references reflect the diversity of proposals that can be found in the literature nowadays. However, the proposed classifications remain very qualitative and in no way quantitative. As far as we know, it is not possible to directly assess the security level of a PUF construction and put it in comparison with others for easy benchmarking and security level assessment. Despite the community has developed through the years a framework composed of several design agnostic quality factors [5] to compare the uniqueness, the reproducibility, and the unpredictability of proposed constructions, each argument in favour of a solution must be checked in the context of final application. Providing measurable “security” is hence not readily available.
Nevertheless, we might note that optical PUFs, among all possible PUFs categories, have drawn particular attention since the work of Pappu et al. [6] in 2002 due to the complexity of observed physical phenomena that make the PUFs quite difficult to reproduce or clone. The high volumetric information density and stochasticity of the production process tend to suggest a solution more secure than memory based PUFs for which Helfmeier et al. [7] could reproduce a Static Random Access Memory (SRAM) PUF for example. Optical properties supposedly make it more difficult in comparison to establish a mathematical simulation or a physical clone of one token. However, they suffer from several limits such as the capacity to be integrated and miniaturised on a device [8]. Our goal is to address these two limitations.
In this paper, we will start by discussing the amount of information that can be encoded in the newly introduced optical PUF based on micro-patterned oxide thin films, especially considering that multifunctional materials allow a multidimensional/multi-value matrix to be used as a database, which should be one of its main advantages over competing solutions. We will also propose a simple model to provide a measurable formalism to benchmark the various PUFs with our proposed multi-dimensional PUF formalism. This model PUF consists in a small area of patterned complex oxide thin film deposition with modulated properties at each position; the integrated security element involves a sandwich structure, with a grating of micro-LEDs to irradiate the fingerprint, the fingerprint itself, and a CMOS sensor to measure the transmitted light of the LED through the thin film.