Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance

  • Nils WisiolEmail author
  • Georg T. Becker
  • Marian Margraf
  • Tudor A. A. Soroceanu
  • Johannes Tobisch
  • Benjamin Zengin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11833)


Physical Unclonable Functions (PUFs) and, in particular, strong PUFs such as the XOR Arbiter PUF have gained much research interest as an authentication mechanism for embedded systems. One of the biggest problems of strong PUFs is their vulnerability to so called machine learning attacks. In this paper, we take a closer look at one aspect of machine learning attacks that has not yet gained the needed attention: the generation of the sub-challenges in XOR Arbiter PUFs fed to the individual Arbiter PUFs. Specifically, we look at one of the most popular ways to generate sub-challenges based on a combination of permutations and XORs as it has been described for the “Lightweight Secure PUF”. Previous research suggested that using such a sub-challenge generation increases the machine learning resistance significantly.

Our contribution in the field of sub-challenge generation is three-fold: First, drastically improving attack results by Rührmair et al., we describe a novel attack that can break the Lightweight Secure PUF in time roughly equivalent to an XOR Arbiter PUF without transformation of the challenge input. Second, we give a mathematical model that gives insight into the weakness of the Lightweight Secure PUF and provides a way to study generation of sub-challenges in general. Third, we propose a new, efficient, and cost-effective way for sub-challenge generation that mitigates the attack strategy we used and outperforms the Lightweight Secure PUF in both machine learning resistance and resource overhead.


  1. 1.
    Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015). Scholar
  2. 2.
    Becker, G.T., Kumar, R., et al.: Active and passive side-channel attacks on delay based PUF designs. IACR Cryptology ePrint Archive 2014, 287 (2014)Google Scholar
  3. 3.
    Chen, Q., Csaba, G., Lugli, P., Schlichtmann, U., Rührmair, U.: The bistable ring PUF: a new architecture for strong physical unclonable functions. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 134–141. IEEE (2011)Google Scholar
  4. 4.
    Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 137–142. IEEE (2013)Google Scholar
  5. 5.
    Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pp. 148–160. ACM (2002)Google Scholar
  6. 6.
    Lim, D.: Extracting secret keys from integrated circuits. Department Electrical Engineering Computer Science, Massachusetts Institute Technology, Cambridge (2004)Google Scholar
  7. 7.
    Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: IEEE/ACM International Conference on Computer-Aided Design (ICCAD 2008), pp. 670–673. IEEE (2008)Google Scholar
  8. 8.
    Nguyen, P.H., Sahoo, D.P., Chakraborty, R.S., Mukhopadhyay, D.: Security analysis of arbiter PUF and its lightweight compositions under predictability test. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 22(2), 20 (2017)Google Scholar
  9. 9.
    Rostami, M., Majzoobi, M., Koushanfar, F., Wallach, D.S., Devadas, S.: Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Trans. Emerg. Topics Comput. 2(1), 37–49 (2014)CrossRefGoogle Scholar
  10. 10.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pp. 237–249. ACM (2010)Google Scholar
  11. 11.
    Rührmair, U., et al.: PUF modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forensics Secur. 8(11), 1876–1891 (2013)CrossRefGoogle Scholar
  12. 12.
    Rührmair, U., et al.: Efficient power and timing side channels for physical unclonable functions. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 476–492. Springer, Heidelberg (2014). Scholar
  13. 13.
    Sahoo, D.P., Mukhopadhyay, D., Chakraborty, R.S., Nguyen, P.H.: A multiplexer-based arbiter PUF composition with enhanced reliability and security. IEEE Trans. Comput. 67(3), 403–417 (2018)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Schuster, D., Hesselbarth, R.: Evaluation of bistable ring PUFs using single layer neural networks. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 101–109. Springer, Cham (2014). Scholar
  15. 15.
    Sölter, J.: Cryptanalysis of electrical PUFs via machine learning algorithms. M.Sc. thesis, Technische Universität München (2009)Google Scholar
  16. 16.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference (DAC), pp. 9–14. ACM (2007)Google Scholar
  17. 17.
    Tajik, S., et al.: Physical characterization of arbiter PUFs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 493–509. Springer, Heidelberg (2014). Scholar
  18. 18.
    Tobisch, J., Becker, G.T.: On the scaling of machine learning attacks on PUFs with application to noise bifurcation. In: Mangard, S., Schaumont, P. (eds.) RFIDSec 2015. LNCS, vol. 9440, pp. 17–31. Springer, Cham (2015). Scholar
  19. 19.
    Vijayakumar, A., Patil, V.C., Prado, C.B., Kundu, S.: Machine learning resistant strong PUF: possible or a pipe dream? In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 19–24. IEEE (2016)Google Scholar
  20. 20.
    Wisiol, N., Margraf, M.: Why attackers lose: design and security analysis of arbitrarily large XOR arbiter PUFs. J. Cryptogr. Eng. 9(3), 221–230 (2019). Scholar
  21. 21.
    Xu, X., Rührmair, U., Holcomb, D.E., Burleson, W.: Security evaluation and enhancement of bistable ring PUFs. In: Mangard, S., Schaumont, P. (eds.) RFIDSec 2015. LNCS, vol. 9440, pp. 3–16. Springer, Cham (2015). Scholar
  22. 22.
    Yu, M.D., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., Verbauwhede, I.: A lockdown technique to prevent machine learning on PUFs for lightweight authentication. IEEE Trans. Multi-Scale Comput. Syst. 2(3), 146–159 (2016)CrossRefGoogle Scholar
  23. 23.
    Yu, M.D., Verbauwhede, I., Devadas, S., M’Raïhi, D.: A noise bifurcation architecture for linear additive physical functions. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 124–129. IEEE (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Chair for Security in Telecommunications of Technische Universität BerlinBerlinGermany
  2. 2.Digital Society Institute at the ESMT BerlinBerlinGermany
  3. 3.Institute of Computer Science of Freie Universität BerlinBerlinGermany
  4. 4.Horst Görtz Institute for IT-Security at Ruhr-Universität BochumBochumGermany
  5. 5.Fraunhofer Institute for Applied and Integrated Security at BerlinBerlinGermany

Personalised recommendations