Let Me Prove It to You: RO PUFs Are Provably Learnable

The last decade has witnessed a major change in the methods of Integrated Circuit (IC) fingerprinting and random key generation.The invention of Physically Unclonable functions (PUFs) was a milestone in the development of these methods. Ring-oscillator (RO) PUFs are one of the popular intrinsic PUF instances in authentication and random number generation applications. Similar to other types of PUFs, unpredictability and unclonability are the key requirements for the security of RO-PUFs. However, these requirements cannot be perfectly met for RO-PUFs, as demonstrated by studies investigating different attacks against RO-PUFs. In addition to semi-invasive attacks, modeling attacks have been proposed that aim to predict the response to an arbitrarily chosen challenge. To this end, the adversary collects only a small number of challenge response pairs (CRPs), and then attempts to constitute a model of the challenge-response behavior of the PUF. Nevertheless, it is not ensured that a model will be delivered after learning the seen CRPs, whose number is solely estimated instead of being properly proved. Aiming to address these issues, this paper presents a Probably Approximately Correct (PAC) learning framework enabling the learning of an RO-PUF for arbitrary levels of accuracy and confidence. Indeed, we prove that a polynomial-size Decision List (DL) can represent an RO-PUF. Thus, an arbitrarily chosen RO-PUF can be PAC learned by collecting only a polynomial number of CRPs. The “hidden” polynomial size of the respective representation of an RO-PUF therefore accounts for the success of the previously proposed (heuristic) attacks. However, our proposed bound is provably better, when comparing the number of CRPs required for our attack with already existing bounds calculated by applying heuristic techniques. Finally, by conducting experiments we complement the proof provided in our PAC learning framework.

[1]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[2]  Patrick Schaumont,et al.  A large scale characterization of RO-PUF , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[3]  Georg Sigl,et al.  Side-Channel Analysis of PUFs and Fuzzy Extractors , 2011, TRUST.

[4]  Srinivas Devadas,et al.  Physical Unclonable Functions and Applications: A Tutorial , 2014, Proceedings of the IEEE.

[5]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[6]  Srinivas Devadas,et al.  Recombination of Physical Unclonable Functions , 2010 .

[7]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[8]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[9]  Patrick Schaumont,et al.  A Robust Physical Unclonable Function With Enhanced Challenge-Response Set , 2012, IEEE Transactions on Information Forensics and Security.

[10]  Jean-Pierre Seifert,et al.  Breaking and entering through the silicon , 2013, CCS.

[11]  Jean-Pierre Seifert,et al.  Laser Fault Attack on Physically Unclonable Functions , 2015, 2015 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[12]  R. Rivest Learning Decision Lists , 1987, Machine Learning.

[13]  Jan Sölter,et al.  Efficient Power and Timing Side Channels for Physical Unclonable Functions , 2014, CHES.

[14]  Jean-Pierre Seifert,et al.  Why Attackers Win: On the Learnability of XOR Arbiter PUFs , 2015, TRUST.

[15]  Rajat Subhra Chakraborty,et al.  Model building attacks on Physically Unclonable Functions using genetic programming , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[16]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[17]  David Haussler,et al.  Classifying learnable geometric concepts with the Vapnik-Chervonenkis dimension , 1986, STOC '86.

[18]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[19]  Jean-Pierre Seifert,et al.  Lattice Basis Reduction Attack against Physically Unclonable Functions , 2015, CCS.

[20]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[21]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[22]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[23]  Debdeep Mukhopadhyay,et al.  Efficient attacks on robust ring oscillator PUF with enhanced challenge-response set , 2015, 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[24]  Srinivas Devadas,et al.  Lightweight and Secure PUF Key Storage Using Limits of Machine Learning , 2011, CHES.

[25]  Srinivas Devadas,et al.  Performance metrics and empirical results of a PUF cryptographic key generation ASIC , 2012, 2012 IEEE International Symposium on Hardware-Oriented Security and Trust.

[26]  Roel Maes,et al.  Physically Unclonable Functions , 2012, Springer Berlin Heidelberg.

[27]  Patrick Schaumont,et al.  Improving the quality of a Physical Unclonable Function using configurable Ring Oscillators , 2009, 2009 International Conference on Field Programmable Logic and Applications.

[28]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.