We address security and privacy problems for digital devices and biometrics from an information-theoretic optimality perspective, where a secret key is generated for authentication, identification, message encryption/decryption, or secure computations. A physical unclonable function (PUF) is a promising solution for local security in digital devices and this review gives the most relevant summary for information theorists, coding theorists, and signal processing community members who are interested in optimal PUF constructions. Low-complexity signal processing methods such as transform coding that are developed to make the information-theoretic analysis tractable are discussed. The optimal trade-offs between the secret-key, privacy-leakage, and storage rates for multiple PUF measurements are given. Proposed optimal code constructions that jointly design the vector quantizer and error-correction code parameters are listed. These constructions include modern and algebraic codes such as polar codes and convolutional codes, both of which can achieve small block-error probabilities at short block lengths, corresponding to a small number of PUF circuits. Open problems in the PUF literature from a signal processing, information theory, coding theory, and hardware complexity perspectives and their combinations are listed to stimulate further advancements in the research on local privacy and security.

We present a new Multiple-Observations (MO) helper data scheme for secret-key binding to an SRAM PUF. This MO scheme binds a single key to multiple enrollment observations of the SRAM PUF. Performance is improved in comparison to classic schemes which generate helper data based on a single enrollment observation. The performance increase can be explained by the fact that the reliabilities of the different SRAM cells are modeled (implicitly) in the helper data. We prove that the scheme achieves secret-key capacity for any number of enrollment observations, and, therefore it is optimal. We evaluate performance of the scheme using Monte Carlo simulations, where an off-the-shelf LDPC code is used to implement the linear error-correcting code. Another scheme that models the reliabilities of the SRAM cells is the so-called Soft-Decision (SD) helper data scheme. The SD scheme considers the one-probabilities of the SRAM cells as an input, which in practice are not observable. We present a new strategy for the SD scheme that considers the binary SRAM-PUF observations as an input instead and show that the new strategy is optimal and achieves the same reconstruction performance as the MO scheme. Finally, we present a variation on the MO helper data scheme that updates the helper data sequentially after each successful reconstruction of the key. As a result, the error-correcting performance of the scheme is improved over time.

The majority of E-commerce transactions reveal private information such as customers' identities, order contents, and payment information during the transaction. Other personal information such as health conditions, religion, and even ethnicity may be also deduced. Even when deploying electronic cryptocurrencies such as Bitcoin, anonymity cannot be fully guaranteed. Also, many anonymous payment schemes suffer from possible double spending circumstances. E-commerce privacy is basically a difficult problem as it involves parties with concurring interests. Three major e-commerce requirements are highly difficult to resolve: anonymous purchase, anonymous delivery, and anonymous payment. This work presents a possible e-commerce system addressing all three anonymity requirements for electronic-items business on open networks. The system offers anonymous entities authentication mechanisms up to completing a fair anonymous e-commerce transaction. The system is based on deploying a physically clone-resistant hardware token for each relevant involved party. The tokens are made clone-resistant by accommodating a Secret Unknown Cipher (SUC) in each hardware-token as a digital PUF-like identity. A set of novel generic system-setups for units, protocols and e-commerce schemes is introduced. The proposed anonymization is basically attained by virtually-replacing relevant e-commerce entities by low-cost, unique and clone-resistant tokens/units using SUCs. The units act as trustable anonymous, authenticated and non-replaceable entities monitored by their acting users.