On the Scaling of Machine Learning Attacks on PUFs with Application to Noise Bifurcation

Physical Unclonable Functions PUFs are seen as a promising alternative to traditional cryptographic algorithms for secure and lightweight device authentication. However, most strong PUF proposals can be attacked using machine learning algorithms in which a precise software model of the PUF is determined. One of the most popular strong PUFs is the XOR Arbiter PUF. In this paper, we examine the machine learning resistance of the XOR Arbiter PUF by replicating the attack by Ruhrmaieri¾?et al.from CCS 2010. Using a more efficient implementation we are able to confirm the predicted exponential increase in needed number of responses for increasing XORs. However, our results show that the machine learning performance does not only depend on the PUF design and and the number of used response bits, but also on the specific PUF instance under attack. This is an important observation for machine learning attacks on PUFs in general. This instance-dependent behavior makes it difficult to determine precise lower bounds of the required number of challenge and response pairs CRPs and hence such numbers should always be treated with caution. Furthermore, we examine a machine learning countermeasure called noise bifurcation that was recently introduced at HOST 2014. In noise bifurcation, the machine learning resistance of XOR Arbiter PUFs is increased at the cost of using more responses during the authentication process. However, we show that noise bifurcation has a much smaller impact on the machine learning resistance than the results from HOST 2014 suggest.

[1]  Jeroen Delvaux,et al.  Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible II , 2014, IACR Cryptol. ePrint Arch..

[2]  Srinivas Devadas,et al.  A noise bifurcation architecture for linear additive physical functions , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[3]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[4]  Srinivas Devadas,et al.  Identification and authentication of integrated circuits: Research Articles , 2004 .

[5]  Stefan Katzenbeisser,et al.  Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs , 2012, Financial Cryptography.

[6]  Srinivas Devadas,et al.  PUF Modeling Attacks on Simulated and Silicon Data , 2013, IEEE Transactions on Information Forensics and Security.

[7]  Srinivas Devadas,et al.  Slender PUF Protocol: A Lightweight, Robust, and Secure Authentication by Substring Matching , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[8]  Srinivas Devadas,et al.  Identification and authentication of integrated circuits , 2004, Concurr. Pract. Exp..

[9]  Miodrag Potkonjak,et al.  Lightweight secure PUFs , 2008, ICCAD 2008.

[10]  MahmoudAhmed,et al.  PUF Modeling Attacks on Simulated and Silicon Data , 2013 .

[11]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[12]  Ieee Circuits,et al.  Digest of technical papers , 1984 .

[13]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[14]  Srinivas Devadas,et al.  Controlled physical random functions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[15]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[16]  Frederik Armknecht,et al.  A Formalization of the Security Features of Physical Functions , 2011, 2011 IEEE Symposium on Security and Privacy.