Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance
- 37 Downloads
Physical Unclonable Functions (PUFs) and, in particular, strong PUFs such as the XOR Arbiter PUF have gained much research interest as an authentication mechanism for embedded systems. One of the biggest problems of strong PUFs is their vulnerability to so called machine learning attacks. In this paper, we take a closer look at one aspect of machine learning attacks that has not yet gained the needed attention: the generation of the sub-challenges in XOR Arbiter PUFs fed to the individual Arbiter PUFs. Specifically, we look at one of the most popular ways to generate sub-challenges based on a combination of permutations and XORs as it has been described for the “Lightweight Secure PUF”. Previous research suggested that using such a sub-challenge generation increases the machine learning resistance significantly.
Our contribution in the field of sub-challenge generation is three-fold: First, drastically improving attack results by Rührmair et al., we describe a novel attack that can break the Lightweight Secure PUF in time roughly equivalent to an XOR Arbiter PUF without transformation of the challenge input. Second, we give a mathematical model that gives insight into the weakness of the Lightweight Secure PUF and provides a way to study generation of sub-challenges in general. Third, we propose a new, efficient, and cost-effective way for sub-challenge generation that mitigates the attack strategy we used and outperforms the Lightweight Secure PUF in both machine learning resistance and resource overhead.
- 2.Becker, G.T., Kumar, R., et al.: Active and passive side-channel attacks on delay based PUF designs. IACR Cryptology ePrint Archive 2014, 287 (2014)Google Scholar
- 3.Chen, Q., Csaba, G., Lugli, P., Schlichtmann, U., Rührmair, U.: The bistable ring PUF: a new architecture for strong physical unclonable functions. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 134–141. IEEE (2011)Google Scholar
- 4.Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 137–142. IEEE (2013)Google Scholar
- 5.Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS), pp. 148–160. ACM (2002)Google Scholar
- 6.Lim, D.: Extracting secret keys from integrated circuits. Department Electrical Engineering Computer Science, Massachusetts Institute Technology, Cambridge (2004)Google Scholar
- 7.Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: IEEE/ACM International Conference on Computer-Aided Design (ICCAD 2008), pp. 670–673. IEEE (2008)Google Scholar
- 8.Nguyen, P.H., Sahoo, D.P., Chakraborty, R.S., Mukhopadhyay, D.: Security analysis of arbiter PUF and its lightweight compositions under predictability test. ACM Trans. Des. Autom. Electron. Syst. (TODAES) 22(2), 20 (2017)Google Scholar
- 10.Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS), pp. 237–249. ACM (2010)Google Scholar
- 15.Sölter, J.: Cryptanalysis of electrical PUFs via machine learning algorithms. M.Sc. thesis, Technische Universität München (2009)Google Scholar
- 16.Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference (DAC), pp. 9–14. ACM (2007)Google Scholar
- 19.Vijayakumar, A., Patil, V.C., Prado, C.B., Kundu, S.: Machine learning resistant strong PUF: possible or a pipe dream? In: 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), pp. 19–24. IEEE (2016)Google Scholar
- 23.Yu, M.D., Verbauwhede, I., Devadas, S., M’Raïhi, D.: A noise bifurcation architecture for linear additive physical functions. In: IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 124–129. IEEE (2014)Google Scholar