Robust keys from physical unclonable functions

Weak physical unclonable functions (PUFs) can instantiate read-proof hardware tokens (Tuyls et al. 2006, CHES) where benign variation, such as changing temperature, yields a consistent key, but invasive attempts to learn the key destroy it. Previous approaches evaluate security by measuring how much an invasive attack changes the derived key (Pappu et al. 2002, Science). If some attack insufficiently changes the derived key, an expert must redesign the hardware. An unexplored alternative uses software to enhance token response to known physical attacks. Our approach draws on machine learning. We propose a variant of linear discriminant analysis (LDA), called PUF LDA, which reduces noise levels in PUF instances while enhancing changes from known attacks. We compare PUF LDA with standard techniques using an optical coating PUF and the following feature types: raw pixels, fast Fourier transform, short-time Fourier transform, and wavelets. We measure the true positive rate for valid detection at a 0% false positive rate (no mistakes on samples taken after an attack). PUF LDA improves the true positive rate from 50% on average (with a large variance across PUFs) to near 100%. While a well-designed physical process is irreplaceable, PUF LDA enables system designers to improve the PUF reliability-security tradeoff by incorporating attacks without redesigning the hardware token.

[1]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[2]  Frederik Armknecht,et al.  A Formalization of the Security Features of Physical Functions , 2011, 2011 IEEE Symposium on Security and Privacy.

[3]  Patrick Schaumont,et al.  A large scale characterization of RO-PUF , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[4]  Calyampudi R. Rao,et al.  Linear Statistical Inference and Its Applications. , 1975 .

[5]  Karl Pearson F.R.S. LIII. On lines and planes of closest fit to systems of points in space , 1901 .

[6]  N. L. Johnson,et al.  Linear Statistical Inference and Its Applications , 1966 .

[7]  Frank Sehnke,et al.  On the Foundations of Physical Unclonable Functions , 2009, IACR Cryptol. ePrint Arch..

[8]  Ingrid Daubechies,et al.  The wavelet transform, time-frequency localization and signal analysis , 1990, IEEE Trans. Inf. Theory.

[9]  Frederik Armknecht,et al.  A Formal Foundation for the Security Features of Physical Functions , 2011, S&P 2011.

[10]  Chi-En Daniel Yin,et al.  LISA: Maximizing RO PUF's secret extraction , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[11]  R. Fisher THE USE OF MULTIPLE MEASUREMENTS IN TAXONOMIC PROBLEMS , 1936 .

[12]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[13]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[14]  J. Friedman Regularized Discriminant Analysis , 1989 .

[15]  John Daugman,et al.  Probing the Uniqueness and Randomness of IrisCodes: Results From 200 Billion Iris Pair Comparisons , 2006, Proceedings of the IEEE.

[16]  Boris Skoric,et al.  Read-Proof Hardware from Protective Coatings , 2006, CHES.

[17]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[18]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[19]  Jorge Guajardo,et al.  Extended abstract: The butterfly PUF protecting IP on every FPGA , 2008, 2008 IEEE International Workshop on Hardware-Oriented Security and Trust.

[20]  Blaise L. P. Gassend,et al.  Physical random functions , 2003 .