WO2018162938A1

WO2018162938A1 - Methods and system for labeling and detecting a clone-resistant physical unit

Info

Publication number: WO2018162938A1
Application number: PCT/IB2017/000285
Authority: WO
Inventors: Wael Adi; Souher ALDROUBI; Peter Meinlschmidt
Original assignee: Fraunhofer-Gesellschaft Zur Forderung Der Angewandten Forschung E.V.; Technische Universität Braunschweig
Priority date: 2017-03-10
Filing date: 2017-03-10
Publication date: 2018-09-13
Also published as: EP3593274A1

Abstract

A technology for fabricating and identifying clone-resistant physical units is proposed. Several possible applications in emerging interconnected environment, smart-homes and smart-cities are illustrated. Possible concepts for realization technologies to approach a DNA-like structure identity are proposed. The targeted outcomes are expected to exhibit novel low-cost fabrication technologies towards clone-resistant physical units and building structures for emerging near future applications.

Description

Methods and system for labeling and detecting a clone-resistant physical unit

Technical field of the invention

The invention is related to the field of labeling and identifying a physical unit and to a system being able to carry out the methods. The invention is related also to allowing carrying out re-identifying protocols and methods. In the recent decades, a particular information revolution took place, integrating all modern life infrastructures together by the increasing ability of items to communicate with each other, the so called Internet of Things (loT). The emerging mass amount of integration information systems in all life environment and transactions raises exceedingly the question of how to securely identify entities by automated means in a networked world of information and physical entities whatever and wherever they are located. It has always been difficult to identify physical units properly. Stones where engraved by stone masons to label them to be deployed and as for the basis of payment. Coins where minted and artefacts where signed by the originating artist. Nevertheless, at all times forgers or counterfeiters tried to copy the identification labels or methods to obtain an advantage and to participate of the success of the original manufacturer or to gain benefits and to share the benefits with the original manufacturer.

In modern times, the labeling of physical units or items becomes more and more important. Almost all structures or products are a combination of a number of physical units or items and in the vast majority of physical units or complex structures third party suppliers are involved, which provide at least a part of the system components. A proper identification of the components as well as for example spare parts or replacement parts is important to maintain the proper function of the complex products or physical units, and to protect the intellectual property rights of its originator or manufacturer. In addition to that, the guarantee, liability, forensic and legal issues of products can easily be managed and resolved with a reliable identification.

There is an increasing need for securely identifying physical units or building structures or components of complex products located at certain geographical coordinates or just identify physical units as being where and what they are supposed to be. Such secured identification can become a highly essential anchor to establish secured future smart-cities, smart-states and generally a smart physical environment with its multidimensional properties. Furthermore, secured identification and labeling can become essential for enabling a communication between or among different physical units or complex structures to allow a communication or to block a communication.

It is postulated that "unclonable" or "clone-resistant" physical units, building structures or components would become an essential requirement, especially in the near future smart-homes, smart-city or smart-production environment. There is an emerging need to network virtually everything into the internet of things (loT) infrastructure. A plenty of enhanced surveillance, safety and security applications in emerging smart environment linked to electronic government or electronic management are expected to be possible or feasible only when such unclonable or clone-resistant units do exist. An unclonable identity is a very essential requirement to establish a secure communication in the internet of things environment, because any measurement values or any communication with an entity can be totally worthless or misleading if the entity is not identified securely.

It is known to attach electronic units to physical units or items after or during manufacturing. One example is an unremovable, electronic RF-ID-unit integrated in an item, for example in an OSB-panel, MDF-panel or chip board panel. The objectives of this invention are to refine and improve such techniques regarding provable and unclonable-uniqueness in future products and systems. Several methods for identification of a physical object depending on its individual random structure are known, e.g. using marking layers, micro particle coating compositions, roughness of the surface, microdots and microscopic fingerprints, electronic or conventional printed labels. Relevant prior art documents are for example DE 10 2013 009 830 A1 , US 201 1/0101088 A1 , DE 10 2013 013 108 A1, US 2008/0219503 A1 , US 2012/0243797 A1 , US 2003/0002029 A1 , US 7,1 15,301 B2, US 2003/0126889 A1 , US 4,329,393, DE 10 2008 034 022 A1 , DE 10 2008 015 466 A1 , DE 10 2004 002 410 A1 , US 4,329,393 and WO 2011/069630 A1.

Brief summary of the invention

The method for labeling a physical unit comprises the steps of providing at least one electronic unit working on a challenge-response principal as an identification protocol. In US 2012/0002803A1 , which is incorporated in this application by reference, the electronic unit is provided with a secret digital secret unknown function with the particular capabilities to encipher/decipher (a Secret Unknown Cipher SUC) data or deliver huge sequences of data which is impossible to clone, model, simulate or store (Secret Unknown Hash Function SUHF) and a transceiver to communicate information in both directions. In an embodiment, the electronic unit is provided with a data storage and a transmitter. By joining or connecting the physical unit with the at least one electronic unit it is possible to extract an identity from the physical unit and to establish a joint structural-electronic identity, so- called "structronic identity". In an embodiment it is possible to assign an identity to the physical unit and to establish the structural-electronic identity. A number of different responses are extracted from the stored unknown function from at least one electronic unit, providing a DNA-like joint provable identity form both the physical structure and the electronic unit, e. g. in building constructions, in automobile industry, and in other parts, items, units or constructions. Each individual response corresponds to a specific challenge, which has to be transmitted to the at least one electronic unit for receiving a corresponding "response". The "response" is a joint combination of contributions from both said electronic unit and physical structure. After receiving a challenge, the transmitter provides a response signal as a reaction to the specific challenge. The response signal is created by the electronic unit on a one on one-assignment of a specific challenge to a specific response. With such a method it is possible to create a clone-resistant, DNA-like identity to a physical unit. It is possible to accommodate in each relevant, involved physical unit or entity a unique, clone-resistant provable identity.

According to another aspect, a number of different responses were stored in the data storage of the at least one electronic unit, providing a DNA-like provable identity for the physical structure, e. g. in building constructions, in automobile industry, in any special construction, and in other parts, items, units or constructions. Each response is assigned to a specific challenge, which has to be transmitted to the at least one electronic unit for receiving a response.

According to an aspect, the electronic unit is undetachably connected to the physical unit during a manufacturing process of the physical unit. To undetachably connect the electronic unit to the physical unit means that the electronic unit cannot be removed from the physical unit without damaging or destroying the electronic unit or without damaging or altering the identity-profile and the structural integrity of the physical unit. The electronic unit can be embedded and/or injected in the physical unit such that the electronic unit is surrounded, preferably completely surrounded by the physical unit, for example within the material of building element, automotive part, machine part, machine tool, artefact or other similar structures.

According to another aspect, a method for labeling a physical unit comprises the step of providing the electronic unit with a transceiver, connecting the transceiver with the secret function storage of the electronic unit and retrieving responses from both the joint secret function storage and the structure properties response. The Structronic-Response (SR) coming from both electronic unit and structure. The retrieved "Structronic-Responses" are stored securely in a secret data storage by the trusted verifier (TV). The TV can securely re-identify a unit by challenging it by a randomly selected challenge expecting, when the unit is authentic to deliver the correct corresponding response SR. Any selected SR should be used just once in the lifetime of the structure for ultimate security. By splitting the location of manufacturing and individualization process, it is possible to securely re-identify the respective units by the manufacturer or by a certified authority any time after leaving the manufacturer or after delivery to the customer. The manufacturer is not neces- sarily a part of the individualization and security process.

According to another aspect, a method for labeling a physical unit comprises the step of providing the electronic unit with a receiver, connecting the receiver with the data storage of the electronic unit and filing responses in the data storage after connecting the electronic unit with the physical unit. By filing responses in the data storage after connecting the electronic unit with the physical unit it is possible to implement the electronic or to connect the electronic unit with the physical unit at a location separate from the data transfer and by this from the individualization of the physical unit with the filed data. By splitting the location of manufacturing and individualization, it is possible to securely identify the respective units by the manufacturer or by a certified authority before leaving the manufacturer or before delivery to the customer.

According to another aspect, more than 1000 responses, preferably more than 100000 responses are filed in the storage for creating an electronic identity to provide an unclonable or quasi-unclonable physical unit, because it is almost impossible or very unlikely that with such a number of responses an attacker or counterfeiter would be able to provide by accident exactly one of the correct secret challenge - response pairs.

According to another aspect, the method comprises the step of connecting more than one electronic unit with the physical unit and connecting at least two of the electronic units with each other and transmitting a response of a first electronic unit as a challenge of a second electronic unit, so that a series of challenges and responses are created and that, after a determined number of internal challenges and responses, a transmitter provides the final response signal as a reaction of the first challenge. By such a combination of two or more electronic units permanently connected to the physical unit, the number of possible combinations are significantly increased and the security level is increased as well.

According to another aspect, a method comprises implementing a physically unclonable function in the physical unit or in the electronic unit. A physically unclonable function (PUF), which is based preferably on the structural properties of the physical unit or other material-related or manufacturing-related properties or data of the physical unit.

According to another aspect, the method comprises the steps of providing at least one sensor, the sensor is configured to detect material properties or structural properties of the physical unit, connecting the sensor with or integrating the sensor into the physical unit and detecting material properties or structural properties as a response to a challenge and outputting a structure dependent value as a response to the challenge. By means of this, a structure-born DNA-like identity is based on some born and unpredictable natural properties, which do originally exist in the physical unit or element according to its own individual structure resulting from the fabrication procedures. Different structures result from a fabrication process even when all elements are equally treated due to unpredictable and uncontrollable alternations in the material, material composition, temperature, pressure or other manufacturing parameters. The reason is that some randomly distributed mixtures of material are created in an unclonable, possibly unique and highly non- reproducible form, which means that the physical unit, item or part is impossible to be re-produced. This results in some inherited features, flaws and amorphous material distribution within the body of the element, part or physical unit. The resulting physical unclonable function PUF or structural physically unclonable function is linked to an electronically secured transponder to be sensed and form an integrated "struc-tronic" unit, which can be remotely identified by using the challenge- response procedure or challenge-response protocol. A remote identifier device can induce the necessary energy and stimulus providing individual challenges and reads their corresponding responsees.

Original material properties or structural properties, or material properties or structural properties established during the manufacturing or resulting from the manufacturing of the physical unit and/or subsequently unpredictably modified material properties or structural properties or data of material properties or structural properties are sensed or stored in the storage and outputted as a response of a specific challenge. The total number of possible unpredictable challenge-response pairs is infinite, such that it is impossible to store, to model or to simulate and this makes them and as a result the physical unit impossible to copy or clone. In biology, mu- tations are changes in the nucleotide sequence of the genetic material of an organism. These mutations can occur deliberately under cellular control during processes or by being exposed to external influences, which would come up with new DNA-like structural changes. The engineering simulation to this biological mutation can be assigned as "hyper mutation", which means to motivate changes by injecting entities or expose the structure to influences that are able to create reproducible permanent responses when they are challenged later. This challenge- response space is unpredictable and mostly unique and unclonable especially if its space is sufficient large and hard or impossible to predict, copy, model or simulate. The hyper mutation process will provide DNA-like markers to be used in what might be called structure-physically unclonable function, approaching the bio mapping technique which links specific gene markers to the paired specific individual identities. This "mutation" can be intentionally caused or created during the fabrication process for later identification purposes.

According to another aspect, the date stored in the data storage, the permanently stored secret functions or the structure features of the physical unit can be changed after fabrication of the physical unit. Implementing or injecting the DNA- like identity of the physical unit is performed by an end-user or a trusted authority after the fabrication at the end-user-site without involving the manufacturer in a so called "post-fabrication-mutation" operation. The manufacturer of the physical unit is kept basically out of the security process which results in higher private security and independency.

The method for identifying a physical unit comprising the steps of providing at least one electronic unit working on a challenge-response principle. The electronic unit is directed and configured to work on the challenge-response principle and is provided with a secret unknown function and a transmitter or a data storage and a transmitter. The method further comprises the step of connecting the physical unit permanently and irreversibly with the at least one electronic unit and storing a number or list of different challenge-response pairs of different responses in the data storage or a secured data storage by a verifier, whereas each response corresponds to a specific challenge so that the transmitter provides a response signal as a reaction of the challenge on the structure and its electronic unit. The method further comprises the step of presenting a challenge from the secured list to the electronic unit and deleting the presented challenge as well as its corresponding response permanently from the list after receiving a correct response. A correct response or authenticating response is an expected response, which means a response, which corresponds to the respective challenge as in the secured stored list.

According to another aspect, the method comprises the step of comparing the received response with the expected response and outputting a confirmation signal when the received response matches the expected response and outputting an error signal when the received response does not match with the expected response stored in the secured identification pairs list. By outputting a confirmation signal or an error signal, a person or a device can check whether the examined physical unit is an authentic physical unit or the correct physical unit or a counterfeit physical unit or an incorrect physical unit.

According to another aspect, the electronic unit is undetectably connected to the physical unit during the manufacturing process of the physical unit, especially embedded in the physical unit and completely surrounded by material to avoid access to electronic unit from outside without damaging the physical unit, the physical unit's properties and hence its identity.

The electronic unit may be provided with a receiver and the receiver may be connected with the data storage and responses may be filed in the data storage after connecting the electronic unit with the physical unit. According to another aspect, more than 100, preferably more than 100000 responses are filed in the data storage.

According to another aspect, the electronic unit may be provided with a receiver and the receiver may be connected to a self-reconfiguring intelligent function resulting after a single event trigger with a permanent secret unknown function which is unpredictable, un-removable, and hard to clone or to model and impossible to store all its challenge-response pairs. According to another aspect, a randomly selected set of several hundreds of challenge-response pairs are randomly selected and securely stored securely by the verifier for later re-identification of the physical structure together with its incorporated electronic unit.

According to another aspect, the method comprises the step of connecting more than one electronic unit with a physically unit, connecting at least two of the electronic units with each other and transmitting a response of a first electronic unit as a challenge of a second electronic unit.

According to another aspect, physically unclonable function may be implemented in the physical unit and/or in the electronic unit to assign a structural-electronic joint identity to the physical unit.

According to another aspect, the method comprises the steps of providing at least one sensor, the sensor is configured to detect material properties or structural properties of the physical unit, connecting the sensor with the physical unit or integrating the sensor into the physical unit and detecting material properties or structural properties present in the physical unit as a response to a challenge and out- putting identifying values or detected values of material properties or structural properties as a response to the challenge.

According to another aspect, the method comprises the step of storing original material properties or structural properties, storing material properties or structural properties established during the manufacturing or resulting from the manufacturing of the physical unit and/or storing subsequently modified material properties or structural properties or data of material properties are structural properties in the data storage and outputting the stored data as a response to a challenge.

A system for conducting a method for labeling or identifying a physical unit comprises at least one electronical unit, which is permanently connected to or embedded in a physical unit. The electronic unit works on a challenge-response principle and is provided with a data storage and a transmitter. A number of different responses is stored in the data storage, whereas each response is assigned to a specific challenge. The transmitter provides a response signal as a reaction of a specific challenge. A presenting unit, configured to present a challenge from list to the electronic unit is part of the system and an evaluation unit is configured to receive a response from the transmitter and to compare the received response with an expected response. The expected response is a response which is assigned to a specific challenge in the list.

According to another aspect, the electronic unit is coupled with at least one sensor, which in turn is connected with or integrated in the physical unit. According to another aspect, the electronic unit is coupled with at least one actuator, for example an ultrasonic source, an optical source, a vibration source, etc , which is internally connected with or integrated in the physical unit. The sensor may detect material properties, structural properties or challenges, for example electromagnetic evaluation, acoustic signals, vibrations or other signals like ultrasound waves. The actuator may emit ultrasound signals, optical signals, vibrational signals or the like.

According to another aspect, the electronic comprises at least one piezoelectric element, which may be stimulated by an ultrasonic wave train creating an acoustic signal wave response. The piezoelectric element may be stimulated by an ultrasonic signal train creating an acoustic signal wave response at another piezoelectric element which can act as sensor as well as actuator.

According to another aspect, the electronic unit or units or sensors may be distributed in the physical unit, preferably evenly or homogeneously distributed in or at the physical unit. The electronic units or sensors may be distributed evenly or homogeneously in all 3 dimensions of the physical unit, to establish a 3-dimensional (3D) distribution. By the proposed 3-D distributed and diffusible entities it is possible to detect more precisely tiny changes within the structure and to give more specific information than the know structural monitoring, as the used sensors are normally located in the most critical points only and can only interpret local changes.

According to another aspect, the electronic unit comprises an interface configured to receive data representing responses from outside the physical unit and to transmit the data to the data storage. According to another aspect, the electronic unit comprises an interface configured to receive challenges from outside the physical unit and to transmit the challenges to the data storage or to microprocessor for processing the received challenges.

According to another aspect, the interface is an acoustical, optical or piezoelectric interface.

According to another aspect, the challenge is an acoustical, optical or piezoelectric or a combination of many simultaneous measurable stimulus and response behavior within the structure's material.

To identify the physical unit, the challenge-response technique is applied. The identification protocol may proceed as follows. A proving authority generates from a DNA-like unknown function a list of L challenge-response pairs (Ci, Ri) and keeps them secret for itself. This list of challenge-response pair is kept secret by the authority, which will serve later to re-identify the object remotely. An object or physical unit is considered authentic, if it delivers the correct response to any selected C-R pair from the list. The used C-R pair should be deleted from the list and will never be used again forsecurity reasons.

Brief description of the drawings:

The present invention is described in conjunction with the appended figures:

Figure 1- illustrates a basic structure of an unclonable physical structure identity.

Figure 2- illustrates i-fabrication and post-fabrication identity alternations.

Figure 3- illustrates a model of a DNA-like structure identity.

Figure 4- illustrates an automated remote secured identification. Figure 5- illustrates a model for embedding ultrasound piezoelectric transducers in a physical unit.

Figure 6- illustrates an analysis of an ultrasonic wave trying stimulation.

Figure 7- illustrates a basic application scenario for automated secure certification of physical unit.

Figure 8- illustrates a basic application scenario for identifying artefacts.

Figure 9- illustrates a basic scenario for a smart home application.

Figurel O- illustrates a model of a sensor-actuator piezoelectric element.

Figure 11 illustrates a schema of biological DNA-mapping.

Figure 12 illustrates classes for born and mutated structure identities.

Figure 13 illustrates classifications of mutated in-fabrication structure identities.

Figure 14 illustrates classifications of mutated post-fabrication structure identities.

A concept for physical structure identity assigned as "struc-tronic identity" is proposed, having the effect of a DNA-like provable identity for physical units, especially building units. The invention is not restricted to building units but can also be used on other physical units such as automotive parts, communication devices, IT- equipment, household devices, weapons, safety-relevant item or complex structures. It serves as a robust security anchor in a smart environment, a smart home and smart city environments and in the increasing field of interconnected items, units, devices or components. A large variety of data is collected from sensors and devices implanted in physical units, devices, items or buildings to achieve value- added services. A fundamental requirement is to accommodate in each relevant, involved physical unit or physical entity a uniquely clone-resistant provable identity.

The basic concept of the proposed DNA-like structure identification is inspired from the biological DNA. As it is well known, DNA exists in virtually every cell of the human body or any biological body and is considered as a robust identification entity, which provides un-ambiguous and almost unclonable proof of identity. Even when only about 1% of the total basis differs from one individual to another, these particular sites referred to as SNP are used for identification. The markers through the genome are used to identify individuals by linking the genotype or particular markers with the phenotype or the trait of interest. In biology, this is called 'mapping'. This linking helps the scientist to associate a particular 'marker' with a specific case or 'identity' as illustrated in Fig. 11.

To imitate this robust natural biological identifying technique, similar born 'markers' or attributes are used, which tend to be most probably unique and individual in each entity in a physical unit or physical structure. Such attributes are then deployed for uniquely identifying physical units like building structure entities, artefacts, devices, spare parts or the like. Fig. 3 shows a model for the targeted approach for a DNA like identity similar to the biological DNA.

A challenge-response mechanism is used to re-identify the structure by stimulating a randomly selected challenge C, to locate a particular property P, and deliver a response R, from a particular part of a very long chain.

The Challenge-Response technique deployed in cryptographic identification is applied. The identification protocol in summary proceeds as follows:

The proving authority generates from the DNA-like function (as in Fig. 3) a list of L- challenge-response pairs (Ci, Ri). This list is kept secret by the authority, which will serve later to re-identify the object remotely. An object is considered authentic, if it delivers the correct response to any randomly selected C-R pair from the list. The used C-R pair should preferably be deleted from the list and never be used again for optimum security.

In the creation of the defined "struc-tronic" identity, the properties that can be considered as significant "markers", should fulfil the following characteristics: Prova- ble, unclonable, unchangeable, unique, unpredictable, measurable, impossible to model and possibly diffusible in all the structure's body if willing to imitate the real DNA in every one of its properties. Such "markers" could be "natural born properties" or "mutated" ones. Therefore, we may differentiate between three possible classes/types of "struc-tronic", DNA-like identity, namely born structure's DNA and mutated structure's DNA, which can be differentiated as either "In-Fabrication" mutations or "Post-Fabrication" mutations. Mutations are unpredictable add-on changes in the physical structure to create measurable properties which are impossible to refabricate, model, copy or simulate. Add -on changes could be any mixing of additional material or inducing intractable permanent changes leading to repeatedly measurable individual responses for individual challenges.

A structure's born DNA-like identity is based on some born natural properties which do originally exist in the element according to its own individual natural structure resulting from the fabrication procedures. As a matter of fact, different structure properties result often even when all elements are equally treated. The reason is that some randomly distributed mixtures of material result with some particular unclonable, possibly unique and highly non-reproducible form (impossible to be reproduced). Such inherited features, flaws, and amorphous material structures are distributed randomly within the body of the element, such that any attack on the structure's body would change its properties and hence its identity. Fig. 1 shows a possible model and usage scenario in which the inherited structure PUF (S-PUF), with its unique born properties is linked to an electronic secured transponder, made unclonable for example as in US 2012/0002803A1 disclosed, to be sensed and form an integrated joint "struc-tronic" unit, which can be remotely identified by using the challenge- response mechanism. A remote identifier device can induce the necessary energy and the challenge sequence C, and reads its joint corresponding response R, contributed from both structure and the electronic unit.

In biology, mutations are changes in the nucleotide sequence of the genetic material of an organism. These mutations can occur deliberately under cellular control during processes or by being exposed to an external factor, what will come up with new DNA structure changes. The engineering simulation to this bio- mutation assigned as "hyper mutation" which means to motivate changes by injecting entities that are able to create re-producible response when they are challenged later. This challenge-response space should be mostly unique and unclonable especially when its space is sufficiently large such that it is hard or impossible to rebuild, model or store.

Such hyper mutation process should provide DNA-like "markers" to be used in what might be called structure- physically unclonable function or "S-PUF" approaching the bio mapping technique which links specific gene markers to the paired specific identities, as indicated in Fig 1 1. This mutation can be caused during the fabrication process, that is in-fabrication. Fig 2 shows a generic model for a suggested technique to inject and/or activate a mutation into a structural element during fabrication in order to create a mutated "struc-tronic" unit, which is unique, permanent, unclonable and can be re-identified later.

Post-Fabrication mutation is the same as In-Fabrication type; however, injecting the DNA-ldentity is performed by the end-user and/or a trusted authority after the fabrication at the„end-user"-site without involving the manufacturer in that "Post- Fabrication Mutation" operation. That is, the manufacturer is kept basically out of the security game which results with higher security and independency.

Fig. 4 shows a possible remote sensing and identification as a three-way protocol: In a first step, the internal Electronic Transponder Unit or "ETU" is challenged to sense a DNA-like entity by inducing sufficient electromagnetic energy to deliver the corresponding DNA-response. In a second step, the response is received by an acquisition unit, which is linked to the network. The unit could be a hand-held low-cost device or a permanently mounted one. In a third step, the network manages the identification process by the help of a responsible trusted authority server with its complete resources and powerful capacity.

The DNA like identity can be created according to two creation categories as shown in Fig. 12:

Category 1 : Based on using natural inherited (born) properties/markers of the physical structure. (Fig. 12)

Category 2: based on using mutated attributes, that can be created during fabrica- tion, namely in "in-fabrication process" (deeply injected or diffused) or in "post- fabrication process" by intentionally creating irreversible changes within the material, as shown in Fig. 13 and Fig. 14.

Markers are tiny parts of a very large (preferably infinite) number of attributes/properties derived from the physical structure. The properties that can be deployed for the proposed S-PUF should be provable, unclonable, unchangeable, with high probability of uniqueness, measurable, unpredictable, secret, resilient, consistent and possibly diffusible in the whole physical body, When the structure is physically attacked, the attributes change and hence the identity can be destruct- ed.

Markers/ attributes can be extracted from the physical structure for example from the amorphous material distribution or/and micro-crystal or nano- structures or/and adopting properties as electromagnetic, electrical, acoustic, optical, radiation or chemical profile/ propagation as shown in Fig. 14.

The properties that can be deployed for the proposed S-PUF should be measurable, unique and structure-insensitive. They should differ even if equally fabricated. Any attempt to fabricate a structure as a duplicate should be virtually impossible or at least infinitely complex. The material properties used as identification markers should be non-replaceable and be an essential operational part of the structure. The sensing and stimulation technology could use smart materials, which incorporate built-in or intrinsic sensors, actuators and control mechanisms. This would allow sensing the response of any random stimulus. The material should respond consistently in a predetermined manner and extent, in adequately short time, reverting to its original state as soon as the stimulus is removed. This means that time constraint could also be seen as security improving technique. Possible components of a smart material can be - but is not limited to - one or several selections of the following example technologies:

Piezoelectric materials (actuators - sensors).

Shape memory alloys (actuators - sensors).

Electrostrictive materials.

Magnetostrictive materials.

Fiber- optic materials and sensors.

Micro electro-mechanical systems (chemical-pressure sensors-micro pumps). Micro opto-electro mechanical systems.

Smart Nano particles.

Physical structures have many properties, which can serve to create unclonable or clone-resistant DNA-like identity. The following lists some types of different identified categories:

• Physical properties like: specific gravity, density, apparent density, bulk density, solidity and porosity, fill rate and possibly void age and hydro properties.

• Thermal properties: like thermal conductivity, thermal capacity, thermal deformation.

• Mechanical properties: like strength, elasticity, plasticity, brittle- ness, toughness, hardness, abrasive resistance and durability.

• Electrical properties: like resistance, impedance and capacitance.

• Chemical properties: like crystallization, corrosion resistance, chemical temperature, aging and solubility.

•

First theoretical investigations showed that systems involving piezoelectric or fiber- optical structures embedded in a building structure, could deliver promising, relatively low-cost clone-resistant mappings, which are hard to model or predict. Systems involving in-fabrication or post-fabrication one-way integration of such actuators and sensors as modelled in Fig. 2 are expected to result with low-cost and aging-consistent S-PUF entities.

Piezoelectric material is low-cost and attractive means for both actuators and sensors or transducers. It converts for example a deformation applied on it to an electric signal and vice versa an applied signal into deformation; up to 4% volume deformation is possible. A mechanical oscillation is reached by repeatedly expanding and contracting when a alternating voltage is applied on it. Fig. 10 shows the same piezoelectric material serving both functions as actuator and sensor. Among the several types of piezoelectric elements, piezoelectric ceramic (PZT: lead zirconate titanate) is most commonly used for its high conversion efficiency. Fig.5 shows a possible setup scenario for embedding piezoelectric elements together with intelligent microelectronic unit in a building structure to compose a "struc-tronic" DNA-like physical identity. In this scenario, the applied electromagnetic challenge induces sufficient energy to the unit to activate/power it and generate internally a set of random signal sequences as challenge , of ultrasonic waves (or possibly optical waves) at different frequencies that stimulates the structure. The acoustic waves propagate, refract, diffract and reflect within the internal structure of the building element creating in each individual unit individual response Ri correspondent to the given acoustic (possibly optical) challenge C,. The pair Ci - R, is likely unique, unclonable and able to prove the individual building unit authenticity. The resulting piezoelectric stimulation and responses is expected to have usable resolution. Several senders and receivers could be deployed for higher information response diversity (key-entropy).

Applying such a proposed scenario creates a "struc-tronic" DNA like identity, which is cryptographically significant if the input space C, and output space R, are sufficiently large such that it is not possible to store, predict or to model in order to attain a clone resistant security level. Referring to Fig. 6: If k is the number of stimulating acoustic time-slots applied, and t is the number of frequency choices in each slot location, then, the number of possible challenges is:

Number of possible challenges is Z = t^k

For example: for t=32=2⁵ possible frequencies in k=20 slots results with number of possibilities of Z=(2⁵)²⁰=2¹⁰⁰ which is acceptable as a cryptographic security level (key entropy=100 bits).

Assume that only a limited fixed numbers of p positions/time slots were occupied out of k positions, then the number of challen e possibilities becomes:

This discrete function has a maximum at p=k/2

The term

That is - t ^{1 k l 2} (2)

For k=20 positions having t=32 frequencies and occupying only p=10 (that is half of the slots) then:

Even 2 represent a result from moderate implementation complexity, however coming up with cryptographically acceptable level of security. A complexity around or more than 2⁸⁰ is considered today as infeasible in space and time to model and hence acceptable for today's security levels.

A similar procedure and construction can be adopted by using fiber optic propagation and optical sensors and sources instead of piezoelectric elements correspondingly.

Fiber-optical entities can be integrated in the fabrication process and attached randomly to optical sources as stimulus (challenge sources) and sensors to measure (responses) in different time-slots and frequencies optical refraction, diffraction and reflection within the unit-under-check to repeatedly create a personal property profile for the physical unit which is impossible to store, model or refabricate.

The following use-cases demonstrate the usage of the proposed technology:

Certifying the usage of special building elements with certified quality for later liability, guarantees the proof of specification by automated remote sensing. The secured identities of certified building units fabricated by some manufacturer can then be automatically proved on site. The units can then be considered as undeniable products of a certain manufacturer with full provable responsibility. Fig. 7 shows a possible fabrication and use procedure of building units, which would be- come impossible or hard to clone. A possible use procedure can be set in 5 stages.

In stage 1 , the units are fabricated equally by the same fabrication process. In stage 2, the manufacturer/or a trusted authority creates a certified, clone-resistant or possibly unclonable identity in each individual unit. In Stage 3, the units are distributed by any unsecure third party. In Stage 4, the units are consumed/integrated in a building construction. In stage 5, a surveillance engineer can check them on site electronically and remotely sensed by an automated fast process to get the assurance that no fake or cloned elements are involved.

This provable, unclonable or clone-resistant identity can serve also later in tracing liability, guarantee and forensic procedures as well. This is quite essential for special constructions requiring approvable and traceable liability. In addition to that, such secure unique identities in precast concrete elements can also allow automated distant-supervision of a construction process when the construction sequence is pre-determined or for automated highly secured constructions, even in unsecure environment. The resulting identification is also authentic for juridical disputes and legal evaluation.

Ancient artifacts are usually authenticated by using very sophisticated analysis like high Tec-nanoscale scanning electron microscope or other expensive and complex techniques in special labs. Such expensive authentication can be frequently required for different purposes. Fig. 8 shows a possible scenario for a reliable remote secured authentication of an artifact depending on the proposed secure structure identity to avoid the complicated conventional reinvestigation procedures.

In stage 1 , sophisticated expensive lab analysis is deployed to determine the authenticity of an ancient artifact. In stage 2, a unique non-removable identity is injected or attached permanently in/to the original artifact allowing reliable and provable authentication. In stage 3, two equally looking artifacts, an original and a cloned one are presented. In stage 4, the checking authority can remotely challenge both artifacts. In stage 5, a responses' list is sent to a verification server and only the artifact with the secured unclonable identity is approved. Creating such a unique and unclonable identity could play an essential role in protecting and preserving the cultural heritage of artifacts or monuments as they can be remotely and securely identified even under severe restrictions in automated and fast fashion. This application scenario is not limited to artifacts but it can be applied to any valuable object to prove it is authenticity/ identity in an automated way (e.g. automated watermarks reidentification).

Smart buildings and smart cities are becoming more and more near future targets to incorporate intelligent components in virtually any entity in every day's life environment. Smart Home environments are typically equipped with different kinds of sensors and tracking devices for context-aware service provisioning. On one hand, customers want to take advantage of new comfort and benefit of personalized context-aware services. On the other hand, the question arises, how to build up trust into inherently untrusted services in a potentially hostile environment. It should be possible to guarantee that the information that the owner gets from his smart home is sent for sure by his own home not a cloned pretending one. This requires unambiguous, provable and clone-resistant entities. Fig.9 shows a concept for a secured building identity to serve in possible emerging smart homes applications.

In stage 1 , a smart home is equipped with different devices for context-aware service provisioning and certified clone resistant building entities. In stage 2, a tamper proof, unclonable monitoring camera is attached to a certified building element with unclonable provable identity forming together a unique certified integrated unit. In Stage 3, an attacker uses the same cloned camera but detached from the original building element trying to communicate pretending being the original one. In Stage 4, a trusted authority can check the identity of both senders remotely by challenging both units. In stage 5, a list of responses is sent to a verification centre to be securely identified. In stage 6, the true identity is approved and the fake one is denied.

Looking forward to the emerging future smart cities, unclonable location is required. Since GSM location coordinates are possible to be faked, then a secured unclonable identified building unit can provide a remote undeniable, trustable endorsement as proof of claimer's location -who claims to share its location- whenever required. This provides a trustable secured witness for unclonable geographic location.

This DNA like identity for physical structures can help not only for authentication purposes, but also in checking the structure stability of the device or physical unit in hard to reach circumstances, such as water resources or special constructions, which are required to be distantly monitored. Moreover, it can help for re- identifying the structure by checking its DNA like identity as in crashed planes or space shuttles. In general, this unclonable provable identity can be helpful for special structures like tanks, bridges, dams, nuclear reactors or any other structures that require high safety and security standards.

By applying the proposed technology, physical structures can be used as trusted and secured witnesses to assure unclonable geographic location. As a secured identified building element can provide a remote, undeniable and trustable endorsement as proof of claimer's location who claims to share its location.

The DNA like identity can be irreversibly injected to existing structures for authentication and re-identification purposes as a tool to remotely re-identify an artefact after its authenticity is determined through sophisticated labs investigations. Irreversibly injected means, that the identity will be destroyed if the injected entities were to be removed.

Physical structures or physical units provided with this unclonable identity can be life-long easily tracked and re-identified. For building elements, the authentication and the construction procedure can be checked remotely on the site.

For special constructions, which need regular expensive inspections, e.g. glass fiber rotor blades, a real time and life-long structural health monitoring is possible. The struc-tronic identity can provide a secure automatic cryptographically authenticated history memory of the life-cycle of the physical unit or physical element, which might be important for liability and reliability purposes.

The struc-tronic identity provides many advantages as providing secured and certified measurements by the unclonable identity without the need to send a person to prove the state and identity of the rotor blades, enabeling automated certified material health measurements for liability and guarrantee issues.

The proposed 3-D well distributed and diffusible entities can be employed to react to more precise and tiny changes within the structure (be more sensitive) and to give more specific info than the structural health monitoring entities which are normally located in the most critical points and interpret local changes.

Creating for example an identification profile in a glue line enables the production of re-identifiable glue which helps to ensure that a far producing factory used this glue through a recommended technique. By this, automated certified quality assurence/measurements for liability and guarrantee issues are possible.

Undeniable proofs are created in such cases.

The unclonable identity is a very essential requirement to establish any secure communication in the internet of things environment. In that case any measured sensor value (as electricity counter) on open communication network can be authenticated by the said struc-tronic identity.

Distributed ultrasonic generators and sensors can be used to create the DNA-like properties of the physical structure which are hard to model, copy, store and hence impossible to reproduce resulting with unclonable properties, as shown in Fig.5. Ultrasonic sensors and sources can be placed randomly in the unit body by an irreversible process. The generation of different frequencies at different time slots from different sources should result with the measured unclonable individual responses for each single unit after fabrication.

Fibre-optical entities can be integrated in the fabrication process and attached randomly to optical sources stimulus and sensors to measure in different time- slots and frequencies optical refraction, diffraction and reflection within the unit under check to repeatedly create a personal property profile for the physical unit which is impossible to store, model or refabricate. The trusted authority challenges the unit by a secretly selected part of the unlimited challenge-response pairs to re- identify the unit. This can be seen marker as usually biological DNA-Chains are checked to be re-identified.

A technology for fabricating and identifying clone-resistant physical units is proposed. Several possible applications in emerging inerconnected enviroment, smart-homes and smart-cities are illustrated. Possible concepts for realization technologies to approach a DNA-like structure identity are proposed. The targeted outcomes are expected to exhibit novel low-cost fabrication technologies towards clone-resistant physical units and building structures for emerging near future applications.

Claims

1. Method for labelling a physical unit, comprising the steps:

providing at least one electronic unit for identification of the physical unit andworking on a challenge-response-principle, said electronic unit is provided with a transmitter;

connecting the physical unit permanently with said at least one electronic unit, whereas each response is assigned to a specific challenge, so that the transmitter provides a response signal as a reaction of the challenge.

2. Method according to claim 1 , whereas the electronic unit is undetachably connected to the physical unit during a manufacturing process of the physical unit.

Method according to claim 2, whereas the electronic unit is embedded in the physical unit.

Method according to claim 1 , with the steps of providing the electronic unit with a data storage and storing and a number of different responses in the data storage.

5. Method according to claim 1 , providing the electronic unit with a data storage and a receiver, connecting the receiver with the data storage and filing responses in the data storage after connecting the electronic unit with the physical unit.

6. Method according to claim 1 , filing more than 1000 responses, preferably more than 100000 responses in the data storage.

7. Method according to claim 1 , connecting more than one electronic unit with the physical unit, connecting at least two of the electronic units with each other and transmitting a response of a first electronic unit as a challenge of a second electronic unit.

8. Method according to claim 1 , implementing a physically unclonable function in the physical unit or in the electronic unit.

9. Method according to claim 1 , providing at least one sensor, the sensor is configured to detect material properties or structural properties of the physical unit, connecting the sensor with or integrating the sensor into the physical unit and detecting material properties or structural properties as a response to a challenge and outputting a detected value as response to the challenge.

10. Method according to claim 8, whereas original material properties or structural properties, material properties or structural properties established during the manufacturing or resulting from the manufacturing of the physical unit and/or subsequently modified material properties or structural properties or data of material properties or structural properties are stored in the data storage and/or are outputted as a response of a challenge.

1 1. Method for identifying a physical unit comprising the steps:

providing at least one electronic unit working on a challenge-response- principle, said electronic unit is provided with a transmitter;

connecting the physical unit permanently with said at least one electronic unit, whereas each response is assigned to a specific challenge, so that the transmitter provides a response signal as a reaction of the challenge;

presenting a challenge from a list to the electronic unit and deleting the presented challenge and the received response permanently from the list after receiving a correct response.

12. Method according to claim 11 , with the step of comparing the received response with the expected response and outputting a confirmation signal when the received response matches the expected response and outputting an error signal when the received response does not match with the expected response.

13. Method according to claim 11 , whereas the electronic unit is undetachably connected to the physical unit during a manufacturing process of the physical unit.

14. Method according to claim 11 , whereas the electronic unit is embedded in the physical unit.

15. Method according to claim 11 , with the steps of providing a data storage

connected with the electronic unit and storing and a number of different responses in the data storage.

16. Method according to claim 15, providing the electronic unit with a receiver, connecting the receiver with the data storage and filing responses in the data storage after connecting the electronic unit with the physical unit.

17. Method according to claim 15, filing more than 1000 responses, preferably more than 100000 responses in the data storage.

18. Method according to claim 11 , connecting more than one electronic unit with the physical unit, connecting at least two of the electronic units with each other and transmitting a response of a first electronic unit as a challenge of a second electronic unit.

19. Method according to claim 11 , implementing a physically unclonable function in the physical unit or in the electronic unit.

20. Method according to claim 11 , providing at least one sensor, the sensor is configured to detect material properties or structural properties of the pysical unit, connecting the sensor with or integrating the sensor into the physical unit and detecting material properties or structural properties as a response to a challenge and outputting a detected value as response to the challenge.

21 Method according to claim 20, whereas original material properties or structural properties, material properties or structural properties established during the manufacturing or resulting from the manufacturing of the physical unit and/or subsequently modified material properties or structural properties or data of material properties or structural properties are stored in the data storage and/or are outputted as a response of a challenge.

22. System for conducting a method according to claim 1 or 10, whereas at least one electronic unit is permanently connected to or embedded in a physical unit, said electronic unit works on a challenge-response-principle,

said electronic unit is provided with a transmitter;

whereas each response is assigned to a specific challenge,

the transmitter provides a response signal as a reaction of the challenge; a presenting unit, configured to present a challenge from a list to the electronic unit;

an evaluation unit configured to receive a response from the transmitter and to compare the received response with an expected response.

23. System according to claim 22, whereas the electronic unit is coupled with at least one sensor connected with the physical unit or integrated in the physical unit.

24. System according to claim 22, whereas the electronic unit is provided with a data storage.

25. System according to claim 24, whereas the electronic unit comprises an interface configured to receive data representing responses from outside the physical unit and to transmit the data to the data storage.

26. System according to claim 20, whereas the electronic unit comprises an interface configured to receive challenges from outside the physical unit and to transmit the challenges to electronic unit.

27. System according to claim 25 or 26, whereas the interface is an acoustical, optical or piezo-electrical interface.