Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible II

Physically unclonable functions PUFs exploit the unavoidable manufacturing variations of an integrated circuit IC. Their input-output behavior serves as a unique IC 'fingerprint'. Therefore, they have been envisioned as an IC authentication mechanism, in particular for the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review eight prominent proposals in chronological order: from the original strong PUF proposal to the more complicated converse and slender PUF proposals. The novelty of our work is threefold. First, we employ a unified notation and framework for ease of understanding. Second, we initiate direct comparison between protocols, which has been neglected in each of the proposals. Third, we reveal numerous security and practicality issues. To such an extent, that we cannot support the use of any proposal in its current form. All proposals aim to compensate the lack of cryptographic properties of the strong PUF. However, proper compensation seems to oppose the lightweight objective.

[1]  Daniel E. Holcomb,et al.  Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers , 2009, IEEE Transactions on Computers.

[2]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[3]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[4]  Srinivas Devadas,et al.  Controlled physical random functions , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[5]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[6]  Roel Maes Physically Unclonable Functions: Constructions, Properties and Applications (Fysisch onkloonbare functies: constructies, eigenschappen en toepassingen) , 2012 .

[7]  Srinivas Devadas,et al.  Slender PUF Protocol: A Lightweight, Robust, and Secure Authentication by Substring Matching , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[8]  Berk Sunar,et al.  A tamper-proof and lightweight authentication scheme , 2008, Pervasive Mob. Comput..

[9]  Stefan Katzenbeisser,et al.  Converse PUF-Based Authentication , 2012, TRUST.

[10]  Srinivas Devadas,et al.  Robust and Reverse-Engineering Resilient PUF Authentication and Key-Exchange by Substring Matching , 2014, IEEE Transactions on Emerging Topics in Computing.

[11]  Y Sakaki,et al.  Resetting central and peripheral circadian oscillators in transgenic rats. , 2000, Science.

[12]  Suela Kodra Fuzzy extractors : How to generate strong keys from biometrics and other noisy data , 2015 .

[13]  Srinivas Devadas,et al.  Controlled physical random functions and applications , 2008, TSEC.

[14]  Ahmad-Reza Sadeghi,et al.  PUF-based secure test wrapper design for cryptographic SoC testing , 2012, 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[15]  Jeroen Delvaux,et al.  Attacking PUF-Based Pattern Matching Key Generators via Helper Data Manipulation , 2014, CT-RSA.

[16]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[17]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[18]  Berk Sunar,et al.  Towards Robust Low Cost Authentication for Pervasive Devices , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[19]  Stefan Katzenbeisser,et al.  Reverse Fuzzy Extractors: Enabling Lightweight Mutual Authentication for PUF-Enabled RFIDs , 2012, Financial Cryptography.

[20]  Miodrag Potkonjak,et al.  Testing Techniques for Hardware Security , 2008, 2008 IEEE International Test Conference.

[21]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[22]  Stefan Katzenbeisser,et al.  Recyclable PUFs: Logically Reconfigurable PUFs , 2011, CHES.

[23]  Helper Data,et al.  Reliable and efficient PUF-based key generation using pattern matching , 2011 .

[24]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[25]  Srinivas Devadas,et al.  Reliable and efficient PUF-based key generation using pattern matching , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[26]  Sergei Skorobogatov,et al.  Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[27]  Ingrid Verbauwhede,et al.  Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability , 2012, 2012 IEEE International Workshop on Information Forensics and Security (WIFS).