Fault Injection Modeling Attacks on 65 nm Arbiter and RO Sum PUFs via Environmental Changes

Physically Unclonable Functions (PUFs) are emerging as hardware security primitives. So-called strong PUFs provide a mechanism to authenticate chips which is inherently unique for every manufactured sample. To prevent cloning, modeling of the challenge-response pair (CRP) behavior should be infeasible. Machine learning (ML) algorithms are a well-known threat. Recently, repeatability imperfections of PUF responses have been identified as another threat. CMOS device noise renders a significant fraction of the CRPs unstable, hereby providing a side channel for modeling attacks. In previous work, 65 nm arbiter PUFs have been modeled as such with accuracies exceeding 97%. However, more PUF evaluations were required than for state-of-the-art ML approaches. In this work, we accelerate repeatability attacks by increasing the fraction of unstable CRPs. Response evaluation faults are triggered via environmental changes hereby. The attack speed, which is proportional to the fraction of unstable CRPs, increases with a factor 2.4 for both arbiter and ring oscillator (RO) sum PUFs. Data originates from a 65 nm silicon chip and hence not from simulations.

[1]  Jeroen Delvaux,et al.  Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[2]  Jean-Pierre Seifert,et al.  Cloning Physically Unclonable Functions , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[3]  Srinivas Devadas,et al.  Recombination of Physical Unclonable Functions , 2010 .

[4]  Srinivas Devadas,et al.  Security Based on Physical Unclonability and Disorder , 2012 .

[5]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[6]  Ingrid Verbauwhede,et al.  Experimental evaluation of Physically Unclonable Functions in 65 nm CMOS , 2012, 2012 Proceedings of the ESSCIRC (ESSCIRC).

[7]  Kelin Kuhn,et al.  Managing Process Variation in Intel’s 45nm CMOS Technology , 2008 .

[8]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[9]  Georg Sigl,et al.  Semi-invasive EM attack on FPGA RO PUFs and countermeasures , 2011 .

[10]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[11]  Ingrid Verbauwhede,et al.  Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability , 2012, 2012 IEEE International Workshop on Information Forensics and Security (WIFS).

[12]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[13]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[14]  Srinivas Devadas,et al.  Controlled physical random functions and applications , 2008, TSEC.

[15]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[16]  Georg Sigl,et al.  Side-Channel Analysis of PUFs and Fuzzy Extractors , 2011, TRUST.

[17]  Daisuke Suzuki,et al.  The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes , 2010, CHES.

[18]  Bogdan M. Wilamowski,et al.  Noise in Semiconductor Devices , 2011 .