Hi, I am looking to send an arbitrary challenge (could be random data of a specified length for example) to the LPCXpresso55S69 and receive a response based on some internal PUF logic. NOTE: I have the LPC connected to an arduino mkr 1010 WiFi through USART which will be communicating with a server using wifi and I am merely looking to use the 55S69 as a PUF challenge-response function in my system.
1. I have been looking at the manuals for a while now, and it seems like the (KEK) is encrypted (and can be decrypted with the AC). First of all, does this mean that a threat with physical access could technically extract the AC if stored in flash, and reconstruct/decrypt the KEK?
2. To achieve my desired functionality, would I have to do the following steps (?):
SETUP (OFFLINE):
- Enroll PUF, then START it using the activation code.
- GenerateKey and receive a derived key using the KEK
- Send both KEK AC and derived key AC to Arduino -> Server
- Server sends request request to arduino -> 55s69 with the KEK AC + derived key AC + CHALLENGE in order to use the PUF to encrypt the challenge or other manipulations in order to generate a response.
2. Did I understand the functionalities correctly, and is there a better way of doing this? I technically don't care about any return value from the PUF and or AES engine as long as it is a consistent response.
3. Is there a way to extract a consistent response from the PUF with respect to a certain input without using these two sequential AC steps?
Regards, Henrik
