A Deep Learning Attack Countermeasure with Intentional Noise for a PUF-Based Authentication Scheme

  • Risa YashiroEmail author
  • Yohei Hori
  • Toshihiro Katashita
  • Kazuo Sakiyama
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12001)


We propose a scheme to prevent the machine learning (ML) attacks against physically unclonable functions (PUFs). A silicon PUF is a security primitive in a semiconductor chip that generates a unique identifier by exploiting device variations. However, some PUF implementations are vulnerable to ML attacks, in which an attacker tries to obtain the mathematical clone of the target PUF to predict its responses. Our scheme adds intentional noise to the responses to disturb ML by an attacker so that the clone fails to be authenticated, while the original PUF can still be correctly authenticated using an error correction code (ECC). The effectiveness of this scheme is not very obvious because the attacker can also use the ECC. We apply the countermeasure to n-XOR arbiter PUFs to investigate the feasibility of the proposed scheme. We explain the relationship between the prediction accuracy of the clone and the number of intentional noise bits. Our scheme can successfully distinguish a clone from the legitimate PUF in the case of 5-XOR PUF.


Physical unclonable function Machine learning attack Authentication Noise Fuzzy extractor 



This paper is based on the results obtained from the project commissioned by the New Energy and Industrial Technology Development Organization (NEDO).


  1. 1.
    Awano, H., Iizuka, T., Ikeda, M.: PUFNet: a deep neural network based modeling attack for physically unclonable function. In: Proceedings of the ISCAS 2019, pp. 1–4 (2019)Google Scholar
  2. 2.
    Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015). Scholar
  3. 3.
    Chaudhry, P.E., Zimmerman, A.: Protecting Your Intellectual Property Rights: Understanding the Role of Management, Governments, Consumers and Pirates. Springer, New York (2012). Scholar
  4. 4.
    Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise. In: Proceedings of the HOST 2013, pp. 137–142 (2013)Google Scholar
  5. 5.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). Scholar
  6. 6.
    Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the CCS 2002, pp. 148–160 (2002)Google Scholar
  7. 7.
    Herder, C., Ren, L., Van Dijk, M., Yu, M., Devadas, S.: Trapdoor computational fuzzy extractors and stateless cryptographically-secure physical unclonable functions. IEEE Trans. Dependable Secure Comput. 14, 65–82 (2016)CrossRefGoogle Scholar
  8. 8.
    Hori, Y., Katashita, T., Kang, H., Satoh, A., Kawamura, S., Kobara, K.: Evaluation of physical unclonable functions for 28-nm process field-programmable gate arrays. J. Inf. Process. 22(2), 344–356 (2014)Google Scholar
  9. 9.
    Jin, C., et al.: FPGA implementation of a cryptographically-secure PUF based on learning parity with noise. Cryptography 1(3), 23 (2017)CrossRefGoogle Scholar
  10. 10.
    Khalafalla, M., Gebotys, C.: PUFs deep attacks: enhanced modeling attacks using deep learning techniques to break the security of double arbiter PUFs. In: Proceedings of the DATE 2019, pp. 204–209 (2019)Google Scholar
  11. 11.
    Lee, J.W., Lim, D., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: VLSI Circuits. Digest of Technical Papers, pp. 176–179 (2004)Google Scholar
  12. 12.
    Lim, D.: Extracting secret keys from integrated circuits. Master’s thesis, Massachusetts Institute of Technology (2004)Google Scholar
  13. 13.
    Machida, T., Yamamoto, D., Iwamoto, M., Sakiyama, K.: A new arbiter PUF for enhancing unpredictability on FPGA. Sci. World J. 2015 (2015) Google Scholar
  14. 14.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for SRAM PUFs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009). Scholar
  15. 15.
    Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012). Scholar
  16. 16.
    Pappu, R.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology (2001)Google Scholar
  17. 17.
    Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)CrossRefGoogle Scholar
  18. 18.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the CCS 2010, pp. 237–249 (2010)Google Scholar
  19. 19.
    Santikellur, P., Bhattacharyay, A., Chakraborty, R.S.: Modeling\(\_\)of\(\_\)APUF\(\_\)compositions.
  20. 20.
    Santikellur, P., Bhattacharyay, A., Chakraborty, R.S.: Deep learning based model building attacks on arbiter PUF compositions. Cryptology ePrint Archive, Report 2019/566 (2019).
  21. 21.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the DAC 2007, pp. 9–14 (2007)Google Scholar
  22. 22.
    Van Herrewege, A., et al.: Reverse fuzzy extractors: enabling lightweight mutual authentication for PUF-enabled RFIDs. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 374–389. Springer, Heidelberg (2012). Scholar
  23. 23.
    Yashiro, R., Machida, T., Iwamoto, M., Sakiyama, K.: Deep-learning-based security evaluation on authentication systems using arbiter PUF and its variants. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 267–285. Springer, Cham (2016). Scholar
  24. 24.
    Yuejiang, W.: Improving security and reliability of physical unclonable functions using machine learning. Master’s thesis, Clemson University (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Risa Yashiro
    • 1
    • 2
    Email author
  • Yohei Hori
    • 1
  • Toshihiro Katashita
    • 1
  • Kazuo Sakiyama
    • 2
  1. 1.National Institute of Advanced Industrial Science and Technology (AIST)TsukubaJapan
  2. 2.The University of Electro-CommunicationsChofuJapan

Personalised recommendations