Abstract
We demonstrate that XOR Arbiter PUFs with an even number of arbiter chains have inherently biased responses, even if all arbiter chains are perfectly unbiased. This rebukes the believe that XOR Arbiter PUFs are, like Arbiter PUFs, unbiased when ideally implemented and proves that independently manufactured Arbiter PUFs are not statistically independent.
As an immediate result of this work, we suggest to use XOR Arbiter PUFs with odd numbers of arbiter chains whenever possible. Furthermore, our analysis technique can be applied to future types of PUF designs and can hence be used to identify design weaknesses, in particular when using Arbiter PUFs as building blocks and when developing designs with challenge pre-processing. We support our theoretical findings through simulations of prominent PUF designs. Finally, we discuss consequences for the parameter recommendations of the Interpose PUF.
Investigating the reason of the systematic bias of XOR Arbiter PUF, we exhibit that Arbiter PUFs suffer from a systematic uniqueness weakness.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The sgn function returns the sign of the argument. In our setting, \({\text {sgn}}0\) will only occur with probability zero; for completeness we define \({\text {sgn}}0=1\).
- 2.
Notice that when using \(-1\) and 1 to represent bit values, the standard product of bit values corresponds to the logical XOR operation.
- 3.
In fact, some parameters have different variances [2], but this is immaterial to the discussion in this paper.
- 4.
An approximation of the bias \(\text {E}_{\textit{\textbf{c}}}\left[ r(\textit{\textbf{c}})\right] \) in dependence of the threshold value can be obtained using the Berry-Esseen-Theorem to approximate \(\sum _{i,j}w_{1,i}w_{2,j}x_{1}x_{2}\) for \(i\ne j\) as a Gaussian random variable with variance \(\sigma ^{2}\) over uniformly chosen random challenges, resulting in \(\text {E}_{\textit{\textbf{c}}}\left[ r(\textit{\textbf{c}})\right] \approx \text {erf}\left( \frac{\sum _{i=1}^{n}w_{1,i}w_{2,i}}{\sigma \sqrt{2}}\right) ;\)the value \(\sum _{i=1}^{n}w_{1,i}w_{2,i}\) in turn follows (in the manufacturing random process) a distribution composed of the sum of product-normal distributions, which has increasing variance for increasing n. Extending the setting, for higher (but even) k the distribution narrows as the variance of the product-normal distribution narrows. The later effect can be observed in our simulations, cf. Fig. 2.
- 5.
The software used for simulation and analysis publicly available as free software at https://github.com/nils-wisiol/pypuf/tree/2020-systematic-bias.
References
Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_27
Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65 nm arbiter PUFs exploiting CMOS device noise. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 137–142. IEEE (2013)
Gassend, B., Lim, D., Clarke, D., van Dijk, M., Devadas, S.: Identification and authentication of integrated circuits. Concurr. Comput. Pract. Exp. 16(11), 1077–1098 (2004). https://onlinelibrary.wiley.com/doi/abs/10.1002/cpe.805
Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_17
Maes, R., Rozic, V., Verbauwhede, I., Koeberl, P., van der Sluis, E., van der Leest, V.: Experimental evaluation of physically unclonable functions in 65 nm CMOS. In: 2012 Proceedings of the ESSCIRC (ESSCIRC), pp. 486–489. IEEE, Bordeaux, September 2012. http://ieeexplore.ieee.org/document/6341361/
Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2008, pp. 670–673. IEEE Press, Piscataway (2008). http://dl.acm.org/citation.cfm?id=1509456.1509603
Nguyen, P.H., Sahoo, D.P., Jin, C., Mahmood, K., Rührmair, U.: The Interpose PUF: Secure PUF Design against State-of-the-art Machine Learning Attacks, p. 48 (2018)
Rührmair, U., Busch, H., Katzenbeisser, S.: Strong PUFs: models, constructions, and security proofs. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. ISC, pp. 79–96. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14452-3_4
Rukhin, A., et al.: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST Special Publication 800-22, p. 131 (2010)
Sahoo, D.P., Nguyen, P.H., Chakraborty, R.S., Mukhopadhyay, D.: Architectural Bias: A Novel Statistical Metric to Evaluate Arbiter PUF Variants, p. 14 (2016). https://eprint.iacr.org/2016/057
Santikellur, P., Bhattacharyay, A., Chakraborty, R.S.: Deep Learning based Model Building Attacks on Arbiter PUF Compositions, p. 10 (2019)
Schaub, A., Rioul, O., Joseph, Boutros, J.J.: Entropy Estimation of Physically Unclonable Functions via Chow Parameters. arXiv:1907.05494 [cs, math], July 2019
Sölter, J.: Cryptanalysis of electrical PUFs via machine learning algorithms, p. 52 (2009)
Tajik, S., et al.: Physical characterization of arbiter PUFs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 493–509. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_27
Wisiol, N., Becker, G.T., Margraf, M., Soroceanu, T.A.A., Tobisch, J., Zengin, B.: Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance, p. 9 (2019). https://eprint.iacr.org/2019/799
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 International Financial Cryptography Association
About this paper
Cite this paper
Wisiol, N., Pirnay, N. (2020). Short Paper: XOR Arbiter PUFs Have Systematic Response Bias. In: Bonneau, J., Heninger, N. (eds) Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12059. Springer, Cham. https://doi.org/10.1007/978-3-030-51280-4_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-51280-4_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-51279-8
Online ISBN: 978-3-030-51280-4
eBook Packages: Computer ScienceComputer Science (R0)