PUF Goes the Hacker


James Plusquellic’s invention may revolutionize computer security

A “PUF.” It sounds innocuous. But it could change how computer chips function and put hackers, counterfeiters, and thieves right out of business.

James Plusquellic, associate professor of electrical and computer engineering, has developed a new type of physical unclonable function (PUF), a process that measures the physical properties of a computer chip and, when queried about that measurement, generates a randomized response. PUF technology was developed over a decade ago, but Plusquellic has refined it and patented the result.

Plusquellic’s PUF is a circuit built into a computer chip that measures process variations within the chip. Specifically, the PUF measures minute changes in the resistance of metal wires created by the imprecise fabrication process used to make the chip. Those variations are unique to each copy. “This PUF really takes security to a new level,” says Plusquellic. “Think of it as the DNA of each chip.” He says that his approach to measuring variations in metal resistance, which is very stable and predictable, is more reliable than other processes that gauge changes in the more delicate transistors on a chip.

Plusquellic’s PUF converts measurements of those resistance variations into a unique identifier — a string of ones and zeros — that provides the chip with a “fingerprint.” That identifier, which cannot be cloned and never needs to be stored in memory or on disk because it’s generated upon request, can be used as an encryption key or to distinguish a genuine chip from a counterfeit. The encryption keys created by the PUF could create an unhackable cell phone transaction with a bank, completely secure computer access to a top secret file, or protect the chips that control a computer-driven car.

Unlike other security devices that are applied by the manufacturer, the PUF’s signature is secret. The manufacturer doesn’t know it and invasive efforts to steal it would destroy the chip. “This PUF gets everyone out of the loop. Nobody can sabotage or steal your information from a database because the PUF has a unique identifier that isn’t recorded anywhere,” explains Plusquellic.

After patenting the PUF with STC.UNM in 2010, Plusquellic launched a company to take it to market in 2013. The company, called Magic Dragon Technologies, already has a great deal of interest from major manufacturers and chip foundries. He says that’s good news for everyone. “This PUF is going to give us a real leg up on the bad guys.”

IEEE Golden Core Award

Co-founder International Workshop on Hardware-Oriented Security and Trust (HOST) Research Award