This document is the first version of the design and specifications of a photonic-PUF based security prototype that will be developed for the needs of the KONFIDO action (Grant Agreement No: 727528). It embodies deliverable D5.3, which is part of Task 5.2 – “Design and Specifications of PUF based security solutions”, under Work Package 5 (WP5) – “Security mechanisms detailed design for trusted data exchange and storage”.

Briefly, one of the key technologies that will be integrated in the KONFIDO federated architecture is the physical unclonable functions (PUFs). A PUF, which is a feature of a physical object that is unique, unclonable and inherent, can be considered as an object’s fingerprint. In the context of KONFIDO, PUF modules will be developed and used i) as true random number generators that will feed key generation modules, and ii) potentially as challenge-response providers for authentication purposes. The latter case is currently under evaluation, whose results will be documented in the forthcoming D5.4, which constitutes the second and definitive version of this deliverable. The goal of the developed PUF modules, in combination with the other KONFIDO technological pillars (Trusted Execution Environment, Homomorphic Encryption, SIEM, disruptive Logging and Auditing, and eIDAS-compliant Authentication), is to strengthen the cross-border data exchange mechanisms, in terms of security.

Although the basic principle of operation of PUFs has a decade long history, in the context of Task 5.2 we aim to provide a holistic analysis that will allow the design of custom solutions with optimized features that will be quantified through carefully chosen key performance indicators (KPIs). Towards this direction and in compliance with the description of work, the first phase of this effort includes:

• An in-depth literature review and scanning of the intellectual property landscape to identify newly emerging technical solutions that were not available at the time of submission. In this context, the literature review confirmed the validity of employing photonic PUFs instead of typical electronic schemes. Furthermore, the deficiencies of current optical PUFs are presented, to highlight the need for novel implementations.

• Description and theoretical analysis of a novel optical PUF system based on optical waveguides that aims to address the deficiencies of the state-of-the-art.

• Description of the mathematical tools used for the statistical analysis of ideal speckle sources. Demonstration that the proposed scheme statistical behaviour can be efficiently formulated using such approaches.

• Technical description about the development of detailed numerical model that can quantitatively simulate the proposed PUF scheme. The developed model is based on ray-tracing and can provide information about the underlying physical mechanism, whereas at the same can be used as a design tool for optimization of a typical PUF.

• Technical description of a detailed numerical model, that can fully describe the physical mechanisms of the alternative PUF implementation that relies on the coherent interaction of high order transversal modes in an optical waveguide. The numerical model developed is used for performance extraction and as a sophisticated design tool for the upcoming experimental realization.

• Specification extraction based on the features and optimization parameters extracted through the numerical analysis in terms of critical metrics like robustness, unpredictability, unclonability and resilience to machine learning are presented.

• Technical details about the development and deployment of the first versions of two independent software evaluation platforms that incorporate all the key metrics for PUF performance. The first version is a lightweight platform that can be employed for real-time performance analysis, during experimental measurements, whereas the second version includes a more sophisticated hyper-set of evaluation tools that incorporates a fully functional authentication/encryption framework, information theory metrics and the NIST, DIEHARDER suits. This platform can be used offline on generated data for evaluation.

Overall, D5.3 presents all the technical background and rationale of PUF modules in the context of KONFIDO, highlighting the basic system requirements and performance metrics, in terms of security. Moreover, it provides the details regarding the employment of these modules in KONFIDO and their interaction with the other modules considered in the KONFIDO architecture.