Extensive Examination of XOR Arbiter PUFs as Security Primitives for Resource-Constrained IoT Devices

Abstract

Communication security is essential for the proper functioning of the Internet of Things. Traditional approaches that rely on cryptographic keys are vulnerable to side-channel attacks. Physical Unclonable Functions (PUFs), leveraging unavoidable and irreproducible variations of integrated circuits to produce responses unique for individual PUF devices, are emerging as promising candidates as security primitives to provide keyless solutions. Before a PUF can be adopted for real applications, the PUF must be thoroughly examined to understand its various properties for its application feasibility. In this paper, we study XOR PUFs for broad ranges of values for circuit architecture parameters. XOR PUFs have been extensively studied, and have been shown to be unable to withstand machine learning attacks for 64-bit XOR PUFs with less than ten component PUFs. Attack methods employed in existing studies need a large number of challenge-response pairs (CRPs), which are obtainable only if the PUF has an open access interface. When PUF-embedded devices equipped with mutual authentication or response obfuscating techniques, it is difficult for attackers to accumulate large numbers of CRPs. With only a small number of accumulated CRPs available to attackers, small size PUFs, like XOR PUFs with a small number of component PUFs and stages, may become resistant to machine learning attacks. Since smaller sizes mean less resource-demanding, it is worthwhile to examine such PUFs which have usually been considered unsafe against attacks. Such are thoughts that have been motivating us in this paper to explore the PUF performances for a wide range of values of the PUF architecture parameters.