PUFFIN offers graphics card breakthrough versus break-in

Oct 09, 2012 by Nancy Owano report

(Phys.org)—The PUFFIN Project has come up with research that suggests GPU manufacturing processes leave each product with a unique kind of fingerprint. PUFFIN stands for physically unclonable functions found in standard PC components. What might appear to be identical graphics processors nonetheless differ. The differences cannot be duplicated. According to Threatpost, the Kasperksy Lab Security News Service, the project's lead researcher, Dr. Tanja Lange of Eindhoven Institute for the Protection of Systems and Information, said that the manufacturing differences were unclonable. The researchers have software that can spot the fine differences between GPUs.

The team's work is seen as significant in that it might lead to a new kind of user authentication.

In explaining their findings, they said that Physically Unclonable Functions (PUFs) offer a way to protect objects against counterfeiting. They allow "a root of trust" in a hardware system through generating unique "fingerprints" and deriving from the underlying physical properties of the silicon.

"Today they are typically found in specially designed and result from the silicon properties of individual transistors. They exist in many forms, among which are the so-called SRAM PUFs."

This is a collaborative research effort that includes the Technische Universiteit Eindhoven in The Netherlands, Technical University of Darmstadt in Germany, Katholieke Universiteit Leuven in Belgium, and the Dutch , Intrinsic ID. The so-called fingerprinting for a piece of hardware is seen as especially relevant to the online gaming industry, for both vendors and players.

Heavy gamers with high-end and customized machines accessing games from their computers could benefit from an online 's installation of software on its servers. When a gamer logs into the game, the software scans the graphics card for its unique "fingerprint," and matches it against the fingerprint on file. If the log-in name and password do not match the fingerprint, the company asks for more authentication and if that does not bring satisfactory results, the user is blocked.

"Any passionate gamer knows the investment it takes to create a good character and the dangers of identity theft to which he is exposed by playing," said the project team. They pointed out that the operator of the gaming platform can push the extra security feature via a software update without any need for action on the user side.

The PUFFIN Project is to run its research until February 2015 with a total budget of 1.3 million euros. Moving forward, the project team intends to study and show the existence of SRAM PUFs and other types of PUFs, from standard PCs and laptops to mobile phones and consumer electronics.

Explore further: Ride-sharing could cut cabs' road time by 30 percent

More information: www.puffin.eu.org/

Related Stories

Fingerprint makes chips counterfeit-proof

Feb 08, 2011

Product counterfeiters are increasingly targeting chips and electronic components, with attacks on hardware modules becoming commonplace. Tailor-made security technology utilizes a component‘s individual ...

Software Helps Developers Get Started with PIV Cards

Jul 10, 2008

The National Institute of Standards and Technology has developed two demonstration software packages that show how Personal Identity Verification (PIV) cards can be used with Windows and Linux systems to perform ...

New Internet ID Card Prevents Online Fraud

Mar 31, 2008

Times are getting hard for anyone trying to get away with online fraud. That’s because Siemens, in cooperation with a partner company, has developed an Internet ID card the size of an ATM card that enables ...

Recommended for you

Ride-sharing could cut cabs' road time by 30 percent

19 hours ago

Cellphone apps that find users car rides in real time are exploding in popularity: The car-service company Uber was recently valued at $18 billion, and even as it faces legal wrangles, a number of companies ...

Avatars make the Internet sign to deaf people

Aug 29, 2014

It is challenging for deaf people to learn a sound-based language, since they are physically not able to hear those sounds. Hence, most of them struggle with written language as well as with text reading ...

Chameleon: Cloud computing for computer science

Aug 26, 2014

Cloud computing has changed the way we work, the way we communicate online, even the way we relax at night with a movie. But even as "the cloud" starts to cross over into popular parlance, the full potential ...

User comments : 12

Adjust slider to filter visible comments by rank

Display comments: newest first

kochevnik
1 / 5 (2) Oct 09, 2012
CPU id revisited
Bowler_4007
1 / 5 (2) Oct 09, 2012
CPU id revisited

GPU
Sanescience
not rated yet Oct 09, 2012
I would be shocked if Uniloc doesn't think this is covered under their patents. Not that they do anything with their patents.
VendicarD
5 / 5 (1) Oct 10, 2012
Change your video card and lose your access?
Urgelt
5 / 5 (3) Oct 10, 2012
Yes, VendicarD, that's what they're proposing.

So you no longer will lease IP for your use on any machine. You will lease it for a particular piece of silicon - which gets replaced every few years, so you'll have to shell out payment every time you upgrade.

This is a continuation of the copyright industry's aim to restrict user rights. It's just more rent-seeking behavior by capitalist oligopolies.
omatwankr
2.3 / 5 (3) Oct 10, 2012
Goes hand in hand with...

http://www.market...number=1

Your right to resell your own stuff is in peril
"That's being challenged now for products that are made abroad, and if the Supreme Court upholds an appellate court ruling, it would mean that the copyright holders of anything you own that has been made in China, Japan or Europe, for example, would have to give you permission to sell it."

O'ranter out
indio007
1 / 5 (1) Oct 10, 2012
We already have anti-counterfeiting, It's called bitcoin.
antialias_physorg
not rated yet Oct 10, 2012
Bitcoin? You mean this kind of safety?:
http://www.pcworl...als.html

While it's only indirectly a counterfeiting bitcoins (only within one system) the problem is that with bitcoins the amount of counterfeit coins you can create once you are in is virtually limitless. This means that if ever there is an economy that works on bitcoins it can be brought down to its knees (with infinite instant inflation) by a similar hack of only one database.
dschlink
not rated yet Oct 10, 2012
Rather a problem for people with multiple computers, none of which have GPUs.
indio007
1 / 5 (1) Oct 11, 2012
Bitcoin? You mean this kind of safety?:
http://www.pcworl...als.html

While it's only indirectly a counterfeiting bitcoins (only within one system) the problem is that with bitcoins the amount of counterfeit coins you can create once you are in is virtually limitless. This means that if ever there is an economy that works on bitcoins it can be brought down to its knees (with infinite instant inflation) by a similar hack of only one database.


That was Mtgox's internal ledgering system not the actual Bitcoin network. You would have to fork the blockchain with a 51% attack.

You only need 135 petaflops of parallel processing power.
It would be more profitable to just mine BTC instead of forking the chain and crashing the market the moment your discovered . Which would be about 5 minutes.
antialias_physorg
not rated yet Oct 11, 2012
That was Mtgox's internal ledgering system not the actual Bitcoin network.

The problem is that by creating bitcoins within a system you can deflate the value of the stuff being traded in that system (as they did in the incident) - thus buying real world goods for, basically, nothing (but potentially trillions of bitcoins).

Which means that after just one such hack on a widely available/tradeable good (say, energy or water or stocks) in a bitcoin-run economy you have devalued the bitcoin to nothingness within seconds. Not good.

Until now I've not been a fan of buying stuff like gold, but if we ever get a full bitcoin economy I'll start hoarding valuables.
chromosome2
not rated yet Oct 11, 2012
It seems software like this would need to runs as root or even part of the kernel or gpu drivers.. I worry that if such a thing became mainstream, it would tie software developers to proprietary drivers and/or operating systems..