Intrinsic ID PUFs are ISO/IEC 20897 Compliant

Intrinsic ID has tested its PUF technology in accordance to the International Standard ISO/IEC 20897-1:2020 and International Standard ISO/IEC 20897-2:2022. The positive outcomes of these tests have been bundled in a report, which can be obtained by any interested party through contacting Intrinsic ID.

The following security requirements have been positively evaluated for Intrinsic ID PUF technology:

• Steadiness
• Randomness
• Uniqueness
• Tamper-resistance
• Physical unclonability

The report concludes: “The assessment presented in this report indicates that the PUF solution based on an SRAM PUF implementation and the Intrinsic ID QuiddiKey HW IP module fits nicely within the framework put forward by ISO/IEC 20897. In addition, the presented test and evaluation results indicate that for a representative SRAM PUF implementation, this PUF solution is able to meet the ISO/IEC 20897 security requirements for the security parameter generation use case.”

ISO/IEC 20897-1:2020

Information security, cybersecurity and privacy protection — Physically unclonable functions — Part 1: Security requirements

This document specifies the security requirements for physically unclonable functions (PUFs). Specified security requirements concern the output properties, tamper-resistance and unclonability of a single and a batch of PUFs. Since it depends on the application which security requirements a PUF needs to meet, this documents also describes the typical use cases of a PUF.

Amongst PUF use cases, random number generation is out of scope in this document.

ISO/IEC 20897-2:2022

Information security, cybersecurity and privacy protection — Physically unclonable functions — Part 2: Test and evaluation methods

This document specifies the test and evaluation methods for physically unclonable functions (PUFs). The test and evaluation methods consist of inspection of the design rationale of the PUF and comparison between statistical analyses of the responses from a batch of PUFs or a unique PUF versus specified thresholds.

This document is related to ISO/IEC 19790 which specifies security requirements for cryptographic modules. In those modules, critical security parameters (key) and public security parameters (product serial number, identification code, etc.) are the assets to protect. PUF is one solution to avoid storing security parameters, thereby increasing the overall security of a cryptographic module.