Machine Learning of Physical Unclonable Functions using Helper Data

Emanuele Strieder,Christoph Frisch,Michael Pehl

doi:10.46586/tches.v2021.i2.1-36

Abstract

Physical Unclonable Functions (PUFs) are used in various key-generation schemes and protocols. Such schemes are deemed to be secure even for PUFs with challenge-response behavior, as long as no responses and no reliability information about the PUF are exposed. This work, however, reveals a pitfall in these constructions: When using state-of-the-art helper data algorithms to correct noisy PUF responses, an attacker can exploit the publicly accessible helper data and challenges. We show that with this public information and the knowledge of the underlying error correcting code, an attacker can break the security of the system: The redundancy in the error correcting code reveals machine learnable features and labels. Learning these features and labels results in a predictive model for the dependencies between different challenge-response pairs (CRPs) without direct access to the actual PUF response. We provide results based on simulated data of a k-SUM PUF model and an Arbiter PUF model. We also demonstrate the attack for a k-SUM PUF model generated from real data and discuss the impact on more recent PUF constructions such as the Multiplexer PUF and the Interpose PUF. The analysis reveals that especially the frequently used repetition code is vulnerable: For a SUM-PUF in combination with a repetition code, e.g., already the observation of 800 challenges and helper data bits suffices to reduce the entropy of the key down to one bit. The analysis also shows that even other linear block codes like the BCH, the Reed-Muller, or the Single Parity Check code are affected by the problem. The code-dependent insights we gain from the analysis allow us to suggest mitigation strategies for the identified attack. While the shown vulnerability advances Machine Learning (ML) towards realistic attacks on key-storage systems with PUFs, our analysis also facilitates a better understanding and evaluation of existing approaches and protocols with PUFs. Therefore, it brings the community one step closer to a more complete leakage assessment of PUFs.

Highlights

An ever increasing amount of embedded devices requires cryptographic keys to ensure security
Today, such Physical Unclonable Functions (PUFs) can be expected to be learnable if an attacker has access to reliability information of MultiChallenge PUFs (MCPUFs) responses or the responses themselves
Hardly any risk has been identified regarding Machine Learning (ML), when MCPUFs are used in settings where no such information is revealed to an attacker

Summary

Introduction

An ever increasing amount of embedded devices requires cryptographic keys to ensure security. Post-processing is needed to derive a key from the PUF response. Correcting Codes For key-storage with PUFs, ECCs are required. As a common design criterion, the error correction capability has to ensure that despite a high bit error probability in the PUF response, a sufficiently long key can be derived with negligible error probability. Previous works like [MSSS11] assume, e.g., error probabilities of 15% for each bit in the PUF response and derive a 128 bit key with an error probability of below 10−6. Instead of using one large code, which has high implementation costs, the task of error correction is managed by two concatenated smaller codes. The inner code has a low rate (i.e. lots of redundant information) to correct the incoming high bit error probability to a moderate one.

Results

Discussion

Conclusion