https://community.nxp.com/t5/LPC-Microcontrollers/LPCXpresso55S69-PUF-based-challenge-response-function-what-s-the/m-p/1769846#M54893 <P>Hi, I am looking to send an arbitrary challenge (could be random data of a specified length for example) to the LPCXpresso55S69 and receive a response based on some internal PUF logic. <STRONG>NOTE: I have the LPC connected to an arduino mkr 1010 WiFi through USART which will be communicating with a server using wifi and I am merely looking to use the 55S69 as a PUF challenge-response function in my system.</STRONG><BR /><BR />1. I have been looking at the manuals for a while now, and it seems like the (KEK) is encrypted (and can be decrypted with the AC). First of all, does this mean that a threat with physical access could technically extract the AC if stored in flash, and reconstruct/decrypt the KEK?</P><P>2. To achieve my desired functionality, would I have to do the following steps (?):</P><P>SETUP (OFFLINE):</P><OL><LI>Enroll PUF, then START it using the activation code.</LI><LI>GenerateKey and receive a derived key using the KEK</LI><LI>Send both KEK AC and derived key AC to Arduino -&gt; Server</LI><LI>Server sends request request to arduino -&gt; 55s69 with the KEK AC + derived key AC + CHALLENGE in order to use the PUF to encrypt the challenge or other manipulations in order to generate a response.</LI></OL><P>2. Did I understand the functionalities correctly, and is there a better way of doing this? I technically don't care about any return value from the PUF and or AES engine as long as it is a consistent response.</P><P>3. Is there a way to extract a consistent response from the PUF with respect to a certain input without using these two sequential AC steps?</P><P>Regards, Henrik</P> Wed, 06 Dec 2023 15:00:57 GMT hmo058 2023-12-06T15:00:57Z https://community.nxp.com/t5/LPC-Microcontrollers/LPCXpresso55S69-PUF-based-challenge-response-function-what-s-the/m-p/1769846#M54893 <P>Hi, I am looking to send an arbitrary challenge (could be random data of a specified length for example) to the LPCXpresso55S69 and receive a response based on some internal PUF logic. <STRONG>NOTE: I have the LPC connected to an arduino mkr 1010 WiFi through USART which will be communicating with a server using wifi and I am merely looking to use the 55S69 as a PUF challenge-response function in my system.</STRONG><BR /><BR />1. I have been looking at the manuals for a while now, and it seems like the (KEK) is encrypted (and can be decrypted with the AC). First of all, does this mean that a threat with physical access could technically extract the AC if stored in flash, and reconstruct/decrypt the KEK?</P><P>2. To achieve my desired functionality, would I have to do the following steps (?):</P><P>SETUP (OFFLINE):</P><OL><LI>Enroll PUF, then START it using the activation code.</LI><LI>GenerateKey and receive a derived key using the KEK</LI><LI>Send both KEK AC and derived key AC to Arduino -&gt; Server</LI><LI>Server sends request request to arduino -&gt; 55s69 with the KEK AC + derived key AC + CHALLENGE in order to use the PUF to encrypt the challenge or other manipulations in order to generate a response.</LI></OL><P>2. Did I understand the functionalities correctly, and is there a better way of doing this? I technically don't care about any return value from the PUF and or AES engine as long as it is a consistent response.</P><P>3. Is there a way to extract a consistent response from the PUF with respect to a certain input without using these two sequential AC steps?</P><P>Regards, Henrik</P> Wed, 06 Dec 2023 15:00:57 GMT https://community.nxp.com/t5/LPC-Microcontrollers/LPCXpresso55S69-PUF-based-challenge-response-function-what-s-the/m-p/1769846#M54893 hmo058 2023-12-06T15:00:57Z https://community.nxp.com/t5/LPC-Microcontrollers/LPCXpresso55S69-PUF-based-challenge-response-function-what-s-the/m-p/1770384#M54897 <P>Hi,</P> <P>For the PUF function, the PUF is used to save key, but the key saved in PUF can not be read out even if you open the package.</P> <P>For example, you can save the AES key to the PUF, when AC(activation code), you can enable the key, the AES can encrypt/decrypt massage with the key saved in PUF with a dedicated channel to get the key from PUF.</P> <P>This is SDK package website:</P> <P><A href="https://mcuxpresso.nxp.com/en/welcome" target="_blank">https://mcuxpresso.nxp.com/en/welcome</A></P> <P>You can download sdk for LPC55S69.</P> <P>There is example of PUF in driver_examples group.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="xiangjun_rong_0-1701921057677.png" style="width: 400px;"><img src="https://community.nxp.com/t5/image/serverpage/image-id/253310i6FBA9331EC73A581/image-size/medium?v=v2&amp;px=400" role="button" title="xiangjun_rong_0-1701921057677.png" alt="xiangjun_rong_0-1701921057677.png" /></span></P> <P>&nbsp;</P> <P>Hope it can help you</P> <P>BR</P> <P>XiangJun Rong</P> Thu, 07 Dec 2023 03:51:57 GMT https://community.nxp.com/t5/LPC-Microcontrollers/LPCXpresso55S69-PUF-based-challenge-response-function-what-s-the/m-p/1770384#M54897 xiangjun_rong 2023-12-07T03:51:57Z