Strong Machine Learning Attack Against PUFs with No Mathematical Model

Although numerous attacks revealed the vulnerability of different PUF families to non-invasive Machine Learning ML attacks, the question is still open whether all PUFs might be learnable. Until now, virtually all ML attacks rely on the assumption that a mathematical model of the PUF functionality is known a priori. However, this is not always the case, and attention should be paid to this important aspect of ML attacks. This paper aims to address this issue by providing a provable framework for ML attacks against a PUF family, whose underlying mathematical model is unknown. We prove that this PUF family is inherently vulnerable to our novel PAC Probably Approximately Correct learning framework. We apply our ML algorithm on the Bistable Ring PUF BR-PUF family, which is one of the most interesting and prime examples of a PUF with an unknown mathematical model. We practically evaluate our ML algorithm through extensive experiments on BR-PUFs implemented on Field-Programmable Gate Arrays FPGA. In line with our theoretical findings, our experimental results strongly confirm the effectiveness and applicability of our attack. This is also interesting since our complex proof heavily relies on the spectral properties of Boolean functions, which are known to hold only asymptotically. Along with this proof, we further provide the theorem that all PUFs must have some challenge bit positions, which have larger influences on the responses than other challenge bits.

[1]  Roel Maes,et al.  Physically Unclonable Functions , 2013, Springer Berlin Heidelberg.

[2]  Ronald L. Rivest,et al.  Learning decision lists , 2004, Machine Learning.

[3]  T. Sanders,et al.  Analysis of Boolean Functions , 2012, ArXiv.

[4]  Ryan O'Donnell,et al.  Learning functions of k relevant variables , 2004, J. Comput. Syst. Sci..

[5]  Shmuel Safra,et al.  Threshold Phenomena and Influence, with Some Perspectives from Mathematics, Computer Science, and Economics , 2005 .

[6]  Ronitt Rubinfeld,et al.  Approximating the Influence of Monotone Boolean Functions in $O(\sqrt{n})$ Query Complexity , 2011, APPROX-RANDOM.

[7]  Arenberg Doctoral,et al.  Physically Unclonable Functions: Constructions, Properties and Applications , 2012 .

[8]  Frederik Armknecht,et al.  Towards a Unified Security Model for Physically Unclonable Functions , 2016, CT-RSA.

[9]  Jean-Pierre Seifert,et al.  Physical Characterization of Arbiter PUFs , 2014, IACR Cryptol. ePrint Arch..

[10]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[11]  David Harris,et al.  CMOS VLSI Design: A Circuits and Systems Perspective , 2004 .

[12]  Umesh V. Vazirani,et al.  An Introduction to Computational Learning Theory , 1994 .

[13]  Jean-Pierre Seifert,et al.  Let Me Prove It to You: RO PUFs Are Provably Learnable , 2015, ICISC.

[14]  Alex M. Andrew,et al.  Boosting: Foundations and Algorithms , 2012 .

[15]  Daniel E. Holcomb,et al.  Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags , 2007 .

[16]  Vikraman Arvind,et al.  Parameterized Learnability of k -Juntas and Related Problems , 2007, ALT.

[17]  Farinaz Koushanfar Hardware Metering: A Survey , 2012 .

[18]  Stephen A. Benton,et al.  Physical one-way functions , 2001 .

[19]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[20]  Ulrich Rührmair,et al.  Security Evaluation and Enhancement of Bistable Ring PUFs , 2015, RFIDSec.

[21]  Dana Angluin,et al.  Queries and concept learning , 1988, Machine Learning.

[22]  Jean-Pierre Seifert,et al.  Breaking and entering through the silicon , 2013, CCS.

[23]  Jean-Pierre Seifert,et al.  Cloning Physically Unclonable Functions , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[24]  Jean-Pierre Seifert,et al.  PAC learning of arbiter PUFs , 2016, Journal of Cryptographic Engineering.

[25]  R. Schapire The Strength of Weak Learnability , 1990, Machine Learning.

[26]  Jean-Pierre Seifert,et al.  Why Attackers Win: On the Learnability of XOR Arbiter PUFs , 2015, TRUST.

[27]  R. Pappu,et al.  Physical One-Way Functions , 2002, Science.

[28]  Cliff Wang,et al.  Introduction to Hardware Security and Trust , 2011 .

[29]  Rajat Subhra Chakraborty,et al.  Model building attacks on Physically Unclonable Functions using genetic programming , 2013, 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[30]  Srinivas Devadas,et al.  Modeling attacks on physical unclonable functions , 2010, CCS '10.

[31]  Manfred K. Warmuth,et al.  Learning integer lattices , 1990, COLT '90.

[32]  Ulrich Rührmair,et al.  The Bistable Ring PUF: A new architecture for strong Physical Unclonable Functions , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[33]  Thomas Siegenthaler,et al.  Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[34]  Frederik Armknecht,et al.  A Formalization of the Security Features of Physical Functions , 2011, 2011 IEEE Symposium on Security and Privacy.

[35]  Jorge Guajardo,et al.  FPGA Intrinsic PUFs and Their Use for IP Protection , 2007, CHES.

[36]  Hans Ulrich Simon,et al.  On learning ring-sum-expansions , 1990, COLT '90.

[37]  Shmuel Safra,et al.  Threshold Phenomena and Influence: Perspectives from Mathematics, Computer Science, and Economics , 2006, Computational Complexity and Statistical Physics.

[38]  Yoav Freund,et al.  Boosting a weak learning algorithm by majority , 1995, COLT '90.

[39]  Ehud Friedgut,et al.  Boolean Functions With Low Average Sensitivity Depend On Few Coordinates , 1998, Comb..

[40]  Srinivas Devadas,et al.  Silicon physical random functions , 2002, CCS '02.

[41]  Robert Hesselbarth,et al.  Evaluation of Bistable Ring PUFs Using Single Layer Neural Networks , 2014, TRUST.

[42]  Pat Langley,et al.  Selection of Relevant Features and Examples in Machine Learning , 1997, Artif. Intell..

[43]  Kazuo Sakiyama,et al.  Security evaluation of bistable ring PUFs on FPGAs using differential and linear analysis , 2014, 2014 Federated Conference on Computer Science and Information Systems.

[44]  Frans M. J. Willems,et al.  Secure Key Generation from Biased PUFs , 2015, CHES.

[45]  Marten van Dijk,et al.  A technique to build a secret key in integrated circuits for identification and authentication applications , 2004, 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No.04CH37525).