Short Paper: XOR Arbiter PUFs Have Systematic Response Bias

Wisiol, Nils; Pirnay, Niklas

doi:10.1007/978-3-030-51280-4_4

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12059))

Included in the following conference series:

International Conference on Financial Cryptography and Data Security

2518 Accesses
3 Citations

Abstract

We demonstrate that XOR Arbiter PUFs with an even number of arbiter chains have inherently biased responses, even if all arbiter chains are perfectly unbiased. This rebukes the believe that XOR Arbiter PUFs are, like Arbiter PUFs, unbiased when ideally implemented and proves that independently manufactured Arbiter PUFs are not statistically independent.

As an immediate result of this work, we suggest to use XOR Arbiter PUFs with odd numbers of arbiter chains whenever possible. Furthermore, our analysis technique can be applied to future types of PUF designs and can hence be used to identify design weaknesses, in particular when using Arbiter PUFs as building blocks and when developing designs with challenge pre-processing. We support our theoretical findings through simulations of prominent PUF designs. Finally, we discuss consequences for the parameter recommendations of the Interpose PUF.

Investigating the reason of the systematic bias of XOR Arbiter PUF, we exhibit that Arbiter PUFs suffer from a systematic uniqueness weakness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
The sgn function returns the sign of the argument. In our setting, \({\text {sgn}}0\) will only occur with probability zero; for completeness we define \({\text {sgn}}0=1\).
2.
Notice that when using \(-1\) and 1 to represent bit values, the standard product of bit values corresponds to the logical XOR operation.
3.
In fact, some parameters have different variances [2], but this is immaterial to the discussion in this paper.
4.
An approximation of the bias \(\text {E}_{\textit{\textbf{c}}}\left[ r(\textit{\textbf{c}})\right] \) in dependence of the threshold value can be obtained using the Berry-Esseen-Theorem to approximate \(\sum _{i,j}w_{1,i}w_{2,j}x_{1}x_{2}\) for \(i\ne j\) as a Gaussian random variable with variance \(\sigma ^{2}\) over uniformly chosen random challenges, resulting in \(\text {E}_{\textit{\textbf{c}}}\left[ r(\textit{\textbf{c}})\right] \approx \text {erf}\left( \frac{\sum _{i=1}^{n}w_{1,i}w_{2,i}}{\sigma \sqrt{2}}\right) ;\)the value \(\sum _{i=1}^{n}w_{1,i}w_{2,i}\) in turn follows (in the manufacturing random process) a distribution composed of the sum of product-normal distributions, which has increasing variance for increasing n. Extending the setting, for higher (but even) k the distribution narrows as the variance of the product-normal distribution narrows. The later effect can be observed in our simulations, cf. Fig. 2.
5.
The software used for simulation and analysis publicly available as free software at https://github.com/nils-wisiol/pypuf/tree/2020-systematic-bias.

References

Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_27
Chapter Google Scholar
Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65 nm arbiter PUFs exploiting CMOS device noise. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 137–142. IEEE (2013)
Google Scholar
Gassend, B., Lim, D., Clarke, D., van Dijk, M., Devadas, S.: Identification and authentication of integrated circuits. Concurr. Comput. Pract. Exp. 16(11), 1077–1098 (2004). https://onlinelibrary.wiley.com/doi/abs/10.1002/cpe.805
Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_17
Chapter Google Scholar
Maes, R., Rozic, V., Verbauwhede, I., Koeberl, P., van der Sluis, E., van der Leest, V.: Experimental evaluation of physically unclonable functions in 65 nm CMOS. In: 2012 Proceedings of the ESSCIRC (ESSCIRC), pp. 486–489. IEEE, Bordeaux, September 2012. http://ieeexplore.ieee.org/document/6341361/
Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design, ICCAD 2008, pp. 670–673. IEEE Press, Piscataway (2008). http://dl.acm.org/citation.cfm?id=1509456.1509603
Nguyen, P.H., Sahoo, D.P., Jin, C., Mahmood, K., Rührmair, U.: The Interpose PUF: Secure PUF Design against State-of-the-art Machine Learning Attacks, p. 48 (2018)
Google Scholar
Rührmair, U., Busch, H., Katzenbeisser, S.: Strong PUFs: models, constructions, and security proofs. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security. ISC, pp. 79–96. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14452-3_4
Chapter Google Scholar
Rukhin, A., et al.: A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications. NIST Special Publication 800-22, p. 131 (2010)
Google Scholar
Sahoo, D.P., Nguyen, P.H., Chakraborty, R.S., Mukhopadhyay, D.: Architectural Bias: A Novel Statistical Metric to Evaluate Arbiter PUF Variants, p. 14 (2016). https://eprint.iacr.org/2016/057
Santikellur, P., Bhattacharyay, A., Chakraborty, R.S.: Deep Learning based Model Building Attacks on Arbiter PUF Compositions, p. 10 (2019)
Google Scholar
Schaub, A., Rioul, O., Joseph, Boutros, J.J.: Entropy Estimation of Physically Unclonable Functions via Chow Parameters. arXiv:1907.05494 [cs, math], July 2019
Sölter, J.: Cryptanalysis of electrical PUFs via machine learning algorithms, p. 52 (2009)
Google Scholar
Tajik, S., et al.: Physical characterization of arbiter PUFs. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 493–509. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_27
Chapter Google Scholar
Wisiol, N., Becker, G.T., Margraf, M., Soroceanu, T.A.A., Tobisch, J., Zengin, B.: Breaking the Lightweight Secure PUF: Understanding the Relation of Input Transformations and Machine Learning Resistance, p. 9 (2019). https://eprint.iacr.org/2019/799

Download references

Author information

Authors and Affiliations

Chair for Security in Telecommunications, Technische Universität Berlin, Berlin, Germany
Nils Wisiol & Niklas Pirnay

Authors

Nils Wisiol
View author publications
You can also search for this author in PubMed Google Scholar
Niklas Pirnay
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nils Wisiol .

Editor information

Editors and Affiliations

New York University, New York City, NY, USA
Joseph Bonneau
University of California, La Jolla, CA, USA
Nadia Heninger

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Wisiol, N., Pirnay, N. (2020). Short Paper: XOR Arbiter PUFs Have Systematic Response Bias. In: Bonneau, J., Heninger, N. (eds) Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12059. Springer, Cham. https://doi.org/10.1007/978-3-030-51280-4_4

Download citation

DOI: https://doi.org/10.1007/978-3-030-51280-4_4
Published: 18 July 2020
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-51279-8
Online ISBN: 978-3-030-51280-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics