Why Attackers Win: On the Learnability of XOR Arbiter PUFs

Aiming to find an ultimate solution to the problem of secure storage and hardware authentication, Physically Unclonable Functions (PUFs) appear to be promising primitives. While arbiter PUFs utilized in cryptographic protocols are becoming one of the most popular PUF instances, their vulnerabilities to Machine Learning (ML) attacks have been observed earlier. These attacks, as cost-effective approaches, can clone the challenge-response behavior of an arbiter PUF by collecting a subset of challenge-response pairs (CRPs). As a countermeasure against this type of attacks, PUF manufacturers shifted their focus to non-linear architectures, such as XOR arbiter PUFs with a large number of arbiter PUF chains. However, the natural question arises whether an XOR arbiter PUF with an arbitrarily large number of parallel arbiter chains can be considered secure. On the other hand, even if a mature ML approach with a significantly high accuracy is adopted, the eventual delivery of a model for an XOR arbiter PUF should be ensured. To address these issues, this paper presents a respective PAC learning framework. Regarding our framework, we are able to establish a theoretical limit on the number of arbiter chains, where an XOR arbiter PUF can be learned in polynomial time, with given levels of accuracy and confidence. In addition, we state how an XOR arbiter PUF with noisy responses can be provably PAC learned. Finally, on the basis of learning theory concepts, we conclude that no secure XOR arbiter PUF relying on current IC technologies can be manufactured.

[1]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[2]  Srinivas Devadas,et al.  Robust and Reverse-Engineering Resilient PUF Authentication and Key-Exchange by Substring Matching , 2014, IEEE Transactions on Emerging Topics in Computing.

[3]  Nick Littlestone,et al.  From on-line to batch learning , 1989, COLT '89.

[4]  Shai Ben-David,et al.  Understanding Machine Learning: From Theory to Algorithms , 2014 .

[5]  Miodrag Potkonjak,et al.  Lightweight secure PUFs , 2008, ICCAD 2008.

[6]  Roel Maes,et al.  Physically Unclonable Functions , 2012, Springer Berlin Heidelberg.

[7]  Jeroen Delvaux,et al.  Secure Lightweight Entity Authentication with Strong PUFs: Mission Impossible II , 2014, IACR Cryptol. ePrint Arch..

[8]  Srinivas Devadas,et al.  FPGA PUF using programmable delay lines , 2010, 2010 IEEE International Workshop on Information Forensics and Security.

[9]  Roni Khardon,et al.  Noise Tolerant Variants of the Perceptron Algorithm , 2007, J. Mach. Learn. Res..

[10]  Srinivas Devadas,et al.  PUF Modeling Attacks on Simulated and Silicon Data , 2013, IEEE Transactions on Information Forensics and Security.

[11]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[12]  David Naccache,et al.  Towards Hardware-Intrinsic Security - Foundations and Practice , 2010, Information Security and Cryptography.

[13]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[14]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[15]  Yoav Freund,et al.  Large Margin Classification Using the Perceptron Algorithm , 1998, COLT.

[16]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).

[17]  David Haussler,et al.  Learnability and the Vapnik-Chervonenkis dimension , 1989, JACM.

[18]  Srinivas Devadas,et al.  A noise bifurcation architecture for linear additive physical functions , 2014, 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[19]  Georg T. Becker,et al.  On the Scaling of Machine Learning Attacks on PUFs with Application to Noise Bifurcation , 2015, RFIDSec.

[20]  Tom Bylander,et al.  Learning linear threshold functions in the presence of classification noise , 1994, COLT '94.

[21]  Ingrid Verbauwhede,et al.  Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions , 2010, Towards Hardware-Intrinsic Security.

[22]  N. Littlestone Learning Quickly When Irrelevant Attributes Abound: A New Linear-Threshold Algorithm , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[23]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[24]  Rocco A. Servedio,et al.  Efficient algorithms in computational learning theory , 2001 .

[25]  Srinivas Devadas,et al.  Identification and authentication of integrated circuits , 2004, Concurr. Pract. Exp..

[26]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[27]  Berk Sunar,et al.  A tamper-proof and lightweight authentication scheme , 2008, Pervasive Mob. Comput..

[28]  Jan Sölter,et al.  Efficient Power and Timing Side Channels for Physical Unclonable Functions , 2014, CHES.

[29]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[30]  D. Angluin,et al.  Learning From Noisy Examples , 1988, Machine Learning.