Abstract
One of the most common types of Physical Unclonable Functions (PUFs) is the ring oscillator PUF (RO-PUF), a type of PUF in which the output bits are obtained by comparing the oscillation frequencies of different ring oscillators. One application of RO-PUFs is to be used as strong PUFs: a reader sends a challenge to the RO-PUF and the RO-PUF’s response is compared with an expected response to authenticate the PUF. In this work we introduce a method to choose challenge-response pairs so that a high number of challenge-response pairs is provided but the system has a good tolerance to modeling attacks, a type of attacks in which an attacker guesses the response to a new challenge by using his knowledge about the previously-exchanged challenge-response pairs. Our method targets tag-constrained applications, i.e. applications in which there are strong limitations of cost, area and power on the system in which the PUF has to be implemented.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: ACM Conference on Computer and Communications Security, pp. 148–160. ACM Press (2002)
Sadeghi, A.-R., Naccache, D.: Towards Hardware-Intrinsic Security: Foundations and Practice, 1st edn. Springer, New York (2010)
Skorobogatov, S.P.: Semi-invasive attacks - a new approach to hardware security analysis. University of Cambridge, Computer Laboratory, Techical Report UCAM-CL-TR-630, April 2005
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer, New York (2007)
Merli, D., Schuster, D., et al.: Semi-invasive EM attack on FPGA RO pufs and countermeasures. In: Proceedings of the Workshop on Embedded Systems Security, ser. WESS ’11, pp. 2:1–2:9 (2011)
Rührmair, U., Sehnke, F., Sölter, J., et al.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, ser. CCS ’10, pp. 237–249 (2010)
Kumar, S.S., Guajardo, J., Maes, R., et al.: Extended abstract: The butterfly PUF protecting IP on every FPGA. In: Proceedings of the IEEE International Workshop on Hardware-Oriented Security and Trust, pp. 67–70 (2008)
Selimis, G., Konijnenburg, M., Ashouei, M., et al.: Evaluation of 90nm 6T-SRAM as physical unclonable function for secure key generation in wireless sensor nodes. In: IEEE International Symposium on Circuits and Systems, pp. 567–570 (2011)
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)
Gassend, B., Clarke, D., et al.: Controlled physical random functions. In: Proceedings of the 18th Annual Computer Security Conference (2002)
Yu, M.-D.M., Devadas, S.: Secure and robust error correction for physical unclonable functions. IEEE Des. Test Comput. 27, 48–65 (2010)
Paral, Z., Devadas, S.: Reliable and efficient PUF-based key generation using pattern matching. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 128–133 (2011)
Suh, G.E., O’Donnell, C.W., et al.: AEGIS: A single-chip secure processor. Information Security. Techical Report, pp. 63–73 (2005)
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: Proceedings of the 44th Annual Design Automation Conference, pp. 9–14 (2007)
Lim, D.: Extracting Secret Keys from Integrated Circuits. MIT, Cambridge (2004)
Sehnke, F., Osendorfer, C., Sölter, J., Schmidhuber, J., Rührmair, U.: Policy gradients for cryptanalysis. In: Diamantaras, K., Duch, W., Iliadis, L.S. (eds.) ICANN 2010, Part III. LNCS, vol. 6354, pp. 168–177. Springer, Heidelberg (2010)
Maiti, A., Kim, I., Schaumont, P.: A robust physical unclonable function with enhanced challenge-response set. IEEE Trans. Inf. Forensics Secur. 7(1), 333–345 (2012)
Yin, C.-E., Qu, G.: Lisa: Maximizing ro puf’s secret extraction. In: 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 100–105 (2010)
Yin, C.-E., Qu, G., Zhou, Q.: Design and implementation of a group-based ro puf. In: Proceedings of the Conference on Design, Automation and Test in Europe, ser. DATE ’13,pp. 416–421 (2013)
Acknowledgment
This work was supported in part the research grant No 621-2010-4388 from the Swedish Research Council and in part by the research grant No SM12-0005 from the Swedish Foundation for Strategic Research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix
A Appendix
Algorithm 1 can be implemented with \(O(n^4)\) complexity.
The algorithm keeps a pool \(C\) of available challenges which shrinks as challenges are selected or become unusable, and an \(n \times n\) matrix \(O\) whose entry at row \(i\) and column \(j\) (entry \(O(i,j)\)) is \(1\) if it is known that \(f_i>f_j\).
At the beginning of the algorithm, the matrix is initialized with all zeroes and the pool of available challenges is initialized with all \(\frac{n (n-1)}{2}\) possible challenges.
On the first step of the algorithm, one challenge “\(f_i>f_j?\)” is chosen randomly among all \(\frac{n (n-1)}{2}\) possible challenges in \(C\). The response determines the relation between \(f_i\) and \(f_j\) and a \(1\) is inserted in the matrix either at position \(O(i,j)\) or at position \(O(j,i)\).
In subsequent steps of the algorithm, when a new randomly chosen CRP determines that \(f_i > f_j\), a \(1\) is written in the matrix at position \(O(i, j)\) and also at position \(O(i, k)\), with \(k\) being all the values for which matrix entry \(O(j,k)\) is \(1\): for these entries, the attacker knows that \(f_i > f_j\) and that \(f_j > f_k\), and therefore can deduce that \(f_i > f_k\).
Then the algorithm looks at all frequencies \(f_l\) which are known to be slower than \(f_j\). A \(1\) is written in \(O(i,l)\): for these entries, the attacker knows that \(f_i>f_j\) and that \(f_j>f_l\), and therefore can deduce that \(f_i>f_l\). A \(1\) is also written in \(O(m,l)\), with \(f_m\) being all the frequencies that are known to be bigger than \(f_i\) (for which \(O(m,i)\) is one): for these entries, the attacker knows that \(f_m>f_i\), that \(f_i>f_j\) and that \(f_j>f_l\), and therefore can deduce that \(f_m>f_l\).
Every time that a \(1\) is written in \(O(x,y)\), the challenge “\(f(x)>f(y)?\)” or “\(f(y)>f(x)?\)” is eliminated from the pool \(C\) of available challenges because the attacker can predict the response with \(100\,\%\) certitude.
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Mansouri, S.S., Dubrova, E. (2014). Protecting Ring Oscillator Physical Unclonable Functions Against Modeling Attacks. In: Lee, HS., Han, DG. (eds) Information Security and Cryptology -- ICISC 2013. ICISC 2013. Lecture Notes in Computer Science(), vol 8565. Springer, Cham. https://doi.org/10.1007/978-3-319-12160-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-12160-4_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-12159-8
Online ISBN: 978-3-319-12160-4
eBook Packages: Computer ScienceComputer Science (R0)