for anti-spoofing capability, i'd like to research a way to verify in the server-side that a connection is used by a genuine piece of software and not by an impersonating tool.
I've read about the PUF concept (Physical Unclonable Functions) but I haven't saw it has any application on software products. I wonder if there's a way to extract unique data from a specific running process that is large enough to prevent full recoding for a long time.
This means that even if someone can run my software in a monitored environment with network debug tools, he'll be able to intercept a small subset of unique characteristics that relate to the running process, but he'll never be able to record the entire range of unique characteristics, so if building mimic tool, it will be likely that it'll fail on verification of those characteristics in a periodical test.