![Page 1: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/1.jpg)
Secure Computation Laboratory
Department of Electrical & Computer Engineering
University of Connecticut
PUFs and Modeling Attacks on PUFs: A tutorial
Marten van Dijk
Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
![Page 2: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/2.jpg)
Content
2
PUF’s
introductionPUF’s attacks
Attack’s Flow
Logistic Regression
base MLMA on
APUF
Covariance Matrix
Adaption Evolution
Strategy base MLMA on
APUF and XOR PUF
Concept Applications Categories
Weak PUF (POK):
RO PUF
Strong PUF : APUF,
XORPUF, LPN PUF
Reliability:
Fuzzy Extractor
![Page 3: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/3.jpg)
Physically Unclonable Functions - PUF
Challenge-Response behavior of a given PUF can not be physically cloned and it is unique, i.e., different PUF instances have different Challenge-Response Behaviors
3
![Page 4: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/4.jpg)
Process variations – basement for PUF
4
Courtesy of [1]
Courtesy of [2]
Courtesy of [3]
![Page 5: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/5.jpg)
PUF-based Applications
5
Courtesy of [4]
IP’s protection/ authentication
Courtesy of [5]
Secret key generation
![Page 6: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/6.jpg)
PUF’s classification
6
PUF
Weak PUF
(POK): RO PUF Strong PUF : APUF,
XORPUF, LPN PUF
![Page 7: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/7.jpg)
Weak PUF: Ring Oscillator PUF
7
Courtesy of [9]
Ring Oscillator (RO) Ring Oscillator PUF (RO PUF)
![Page 8: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/8.jpg)
Strong PUF Constructions
Arbiter PUF (APUF)
XOR Arbiter PUF (XOR PUF)
LPN based PUF
8
![Page 9: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/9.jpg)
Arbiter PUF [1]
Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, Srinivas Devadas:Silicon physical random functions. ACM Conference on Computer and Communications Security 2002: 148-160
9
![Page 10: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/10.jpg)
APUF [2]
10
![Page 11: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/11.jpg)
APUF linear delay model [1]
11
Encoding C[i] = 0 (or 1) as +1 (or -1)
![Page 12: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/12.jpg)
APUF linear delay model [2]
12
![Page 13: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/13.jpg)
APUF linear delay model [3]
13
![Page 14: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/14.jpg)
APUF linear delay model [4]
14
The response r = 1 if ∆ < 0. Otherwise, r = 0
![Page 15: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/15.jpg)
Proof of APUF’s linear delay Model
15
![Page 16: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/16.jpg)
XOR PUF
16
![Page 17: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/17.jpg)
Learning Parity with Noise
17
![Page 18: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/18.jpg)
LPN-based PUF
18
LPN-based PUF is a strong PUF design which is based on LPN problem, POK and cryptographic primitives
TRNG and Hash function. (See [10])
![Page 19: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/19.jpg)
Reliability Problem in PUF and Fuzzy Extractor [1]
ALL PUFs exploit the process variations which are not a stable feature. Thus PUF can generate different responses when a challenge is evaluated many times.
Not reliable + not full entroy: cannot directly use POK’s output as secret key
Need a methodology to generate a secret key r which is reliable and has full entropy from POK’s output.
19
POK
w0
w1 ≠w0
rAlgorithm
![Page 20: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/20.jpg)
Reliability Problem in PUF and Fuzzy Extractor [2]
20
POK
w0
w1 ≠w0
rAlgorithm Fuzzy
Extractor
Extractor
Sketch/Gen
w0
r
P: helper dataExtractor
Rec/Decw1
rw0
Gen
p
Fuzzy Extractor: Generation Phase (Gen) and Reproduction Phase (Rep)
Rep
![Page 21: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/21.jpg)
Reliability Problem in PUF and Fuzzy Extractor [3]
21
Courtesy of [11]
![Page 22: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/22.jpg)
Machine Learning Techniques based Modeling Attacks
Logistic Regression
Covariance Matrix Adaption Evolution Strategy
22
![Page 23: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/23.jpg)
Introduction on MLMA
Machine learning techniques based modelling attack (MLMA or MA): using the machine learning technique to model a PUF design
Typically, a mathematical structure of the target PUF design is required. In this context, the mathematical structure is the delay model
The goal: Learning the unknown variables w=(w[0],….,w[n-1],w[n]=1) from the recorded challenge-response pairs (CRPs)
Support Vector Machine (SVM), Logistic Regression (LR), Covariance Matric Adaptation Evolution Strategy (CMA-ES), etc.
23
![Page 24: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/24.jpg)
Basic Steps in MLMA1. Building the model
2. Access the PUF and record a set of CRPs S={(c,r)}
3. Partition the set S into sets S1 and S2
4. Determine which MLMA technique is used
5. The set S1 is used for the phase called: training phase. In this phase, the MLMA is used to learn the unknown variables, i.e., vector w (APUF)
6. The set S2 is used to test the prediction accuracy of model, 𝑤 (APUF)
Note that: the discussion on MLMA in this presentation is based on [6]
24
S={(c,r)}
S1={(c,r)}
S2={(c,r)}
PUF P
Model M
Accuracy
Model M
MLMA
![Page 25: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/25.jpg)
Logistic Regression
25
Courtersy of [7]
![Page 26: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/26.jpg)
Maximum Likelihood Estimator
26
APUF A
𝜃 = 𝑤X1=(C1,R1),
X2=(C2,R2),
….
Xn=(Cn,Rn)
𝜃 = 𝑤
(C1,R’1),
(C2,R’2),
….
(Cn,R’n)
Maximum matchings
(Ri = Ri’)
X1=(C1,R1),
X2=(C2,R2),
….
Xn=(Cn,Rn)
![Page 27: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/27.jpg)
Logistic Regression: Math Background [1]
Let us define
Define the logistic sigmoid function:
Define
27
![Page 28: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/28.jpg)
Logistic Regression: Math Background [2]
28
![Page 29: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/29.jpg)
Logistic Regression: Math Background [3]
Why the correct w should be found by maximizing the function l ?
29
![Page 30: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/30.jpg)
Logistic Regression: Math Background [4]
30
• To find the optimal w of function l, we should
compute the gradient of function l, i.e.
• According to LR algorithm, w is randomly
regenerated at very beginning
• We repeat the following steps until is close
to 0
Step 1: compute
Step 2: update
• When the algorithm stops, w is the desired
model
![Page 31: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/31.jpg)
Logistic Regression: Pseudo Code of LR
31
![Page 32: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/32.jpg)
Enhanced LR Algorithm
Basically, the efficiency of LR can be significantly enhanced by combining Resilient Back Propagation (Rprop)
The Rprop algorithm is described in the following paper: http://deeplearning.cs.cmu.edu/pdfs/Rprop.pdf
In the LR algorithm above, 𝜂 is a constant but in Rprop algorithm, 𝜂 is dynamically changed in each iteration
32
![Page 33: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/33.jpg)
Arbiter: Repeatability –short-term Reliability
33
(C,1),
(C,2),
….
(C,M)
APUF A
(R1=0),
(R2=1),
….
(RM=0)
R = (R1+R2+...+RM)/M
![Page 34: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/34.jpg)
Arbiter PUF: Repeatability and Noise
34
![Page 35: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/35.jpg)
Idea of Attack on APUF using Repeatability
35
[3]: The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES2015, Georg T. Becker
[5]: Side Channel Modeling Attacks on 65nm Arbiter PUFs Exploiting CMOS Device Noise, Delvaux, J., Verbauwhede, I.
![Page 36: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/36.jpg)
CMA ES
36
Courtesy of [7]
Matlab Code of CMAES is available at [8]
![Page 37: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/37.jpg)
CMA-ES Algorithm
37
Courtesy of [8]
![Page 38: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/38.jpg)
CMAES on APUF based on Repeatability: Attack Strategy
38
![Page 39: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/39.jpg)
XOR PUF
40
![Page 40: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/40.jpg)
CMAES based attack on XOR PUF Fact 1: CMAES based attack on x-XOR PUF is done in the similar way as described for APUF
Fact 2: CMAES based attack on x-XOR PUF is a divide-and-conquer attack, i.e., all the models M0, M1, …, M(x-1) for A0, A1, …., A(x-1) are recovered. It is done by repeating CMAES many times until all x different models M0, …, M(x-1) are built
Fact 3: Each run of CMAES always produces a model M which may be the model of a certain APUF instance among x APUFs. Thus, we need to run CMAES on XORPUF many times, number of runs > x.
41
![Page 41: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/41.jpg)
Why CMAES on XOR PUF works
42
Fact 3: Now, the CMAES-based algorithm tries to find model M which can have highest correlation coefficient with set Q and thus, M likely converges to A0 because A0 has largest noise rate.
Fact 4: If we repeat the attack many times and each time, new set Q is generated, then the models of all APUF instances will be built due to Fact 1, 2 and 3.
Fact 1
Fact 3
Fact 2
![Page 42: PUFs and Modeling Attacks on PUFs: A tutorial · Secure Computation Laboratory Department of Electrical & Computer Engineering University of Connecticut PUFs and Modeling Attacks](https://reader033.vdocuments.us/reader033/viewer/2022041904/5e62a2537813d112da5963fd/html5/thumbnails/42.jpg)
Literature1. http://image.slidesharecdn.com/secureesweb-131229032029-phpapp02/95/secure-embedded-systems-17-
638.jpg?cb=1388287390
2. https://www.gsaglobal.org/forum/2009/3/articles_tuyls.asp
3. http://rijndael.ece.vt.edu/puf/background.html
4. http://images.slideplayer.com/13/3927633/slides/slide_10.jpg
5. http://studiopresence.com/client/verayo/page_images/how_pufs_work_ill2.jpg
6. Cryptanalysis of electrical PUFs via machine learning algorithms – Master Thesis of Jan Solter
7. The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES, September 16 th , 2015, Georg T. Becker
8. https://en.wikipedia.org/wiki/CMA-ES
9. Physical unclonable functions for device authentication and secret key generation. DAC2007, G. E. Suh and S. Devadas
10. Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions. Charles Herder, Ling Ren, Marten van Dijk, Meng-Day (Mandel) Yu, and Srinivas Devadas.
11. http://www.cs.haifa.ac.il/~orrd/PrivDay/2015/Benjamin-Slides.pdf
12. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. EuroCrypt2004. Yevgeniy Dodis, Leonid Reyzin and Adam Smith
43