Abstract
Resistance to modeling attacks is an important issue for Physical Unclonable Functions (PUFs). Deep learning, the state-of-the-art modeling attack, has recently been shown to be able to break many newly developed PUFs. Since then, many more complex PUF structures or challenge obfuscations have been proposed to resist deep learning attacks. However, the proposed methods typically focus on increasing the nonlinearity of PUF structure and challenge-response mapping. In this paper, we explore another direction with a multi-mode poisoning approach for a classic PUF (MMP PUF) in which each working mode is a simple add-on function for a classic PUF. By dividing the original challenge space for each working mode, the proposed MMP PUF generates a multi-modal challenge-response dataset that poisons machine learning algorithms. To validate the idea, we design two working mode types, challenge shift and response flip, as examples with widely-used delay-based Arbiter PUF. Experimental results show that our approach respectively achieves 74.37%, 68.08%, and 50.09% accuracy for dual-mode shift, quad-mode circular shift and dual-mode flip with deep learning models trained on over 3 million challenge-response pairs.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Awano, H., Sato, T.: Ising-PUF: a machine learning attack resistant PUF featuring lattice like arrangement of arbiter-PUFs. In: Proceedings of DATE, pp. 1447–1452 (2018)
Babaei, A., Schiele, G.: Physical unclonable functions in the internet of things: state of the art and open challenges. Sensors 19, 3208 (2019)
Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of ICML, pp. 1467–1474 (2012)
Chollet, F., et al.: Keras (2015). https://keras.io
Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled physical random functions. In: Proceedings of ACSAC, pp. 149–160 (2002)
Kearns, M., Li, M.: Learning in the presence of malicious errors. In: Proceedings of STOC, pp. 267–280 (1988)
Khalafalla, M., Gebotys, C.: PUFs deep attacks: enhanced modeling attacks using deep learning techniques to break the security of double arbiter PUFs. In: Proceedings of DATE, pp. 204–209 (2019)
Ma, Q., Gu, C., Hanley, N., Wang, C., Liu, W., O’Neill, M.: A machine learning attack resistant multi-PUF design on FPGA. In: Proceedings of ASP-DAC, pp. 97–104 (2018)
Machida, T., Yamamoto, D., Iwamoto, M., Sakiyama, K.: A new arbiter PUF for enhancing unpredictability on FPGA. Sci. World J. 2015 (2015)
Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: Proceedings of IEEE/ACM ICCAD, pp. 670–673 (2008)
Mispan, M.S., Su, H., Zwolinski, M., Halak, B.: Cost-efficient design for modeling attacks resistant PUFs. In: Proceedings of DATE, pp. 467–472 (2018)
Nguyen, P.H., Sahoo, D.P., Chakraborty, R.S., Mukhopadhyay, D.: Security analysis of arbiter PUF and its lightweight compositions under predictability test. ACM TODAES 22(2), December 2016
Nguyen, P.H., Sahoo, D.P., Jin, C., Mahmood, K., Ruhrmair, U., van Dijk,M.: The interpose PUF: secure PUF design against state-of-the-art machine learning attacks. In: TCHES, vol. 2019, no. 4, pp. 243–290, August 2019
Rührmair, U., et al.: PUF modeling attacks on simulated and silicon data. IEEE TIFS 8(11), 1876–1891 (2013)
Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of CCS, pp. 237–249. ACM (2010)
Sahoo, D.P., Mukhopadhyay, D., Chakraborty, R.S., Nguyen, P.H.: A multiplexer-based arbiter PUF composition with enhanced reliability and security. IEEE TC 67(3), 403–417 (2018)
Santikellur, P., Bhattacharyay, A., Chakraborty, R.S.: Deep learning based model building attacks on arbiter PUF compositions. IACR Cryptol. ePrint Arch. 2019, 566 (2019)
Wang, Q., Gao, M., Qu, G.: A machine learning attack resistant dual-mode PUF. In: Proceedings of ACM GLSVLSI, pp. 177–182 (2018)
Wang, S., Chen, Y., Li, K.S.: Adversarial attack against modeling attack on PUFs. In: Proceedings of ACM/IEEE DAC, pp. 1–6 (2019)
Zalivaka, S.S., Ivaniuk, A.A., Chang, C.: Low-cost fortification of arbiter PUF against modeling attack. In: Proceedings of IEEE ISCAS, pp. 1–4 (2017)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Lin, CC., Chen, MS. (2021). Attack Is the Best Defense: A Multi-Mode Poisoning PUF Against Machine Learning Attacks. In: Karlapalem, K., et al. Advances in Knowledge Discovery and Data Mining. PAKDD 2021. Lecture Notes in Computer Science(), vol 12712. Springer, Cham. https://doi.org/10.1007/978-3-030-75762-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-030-75762-5_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75761-8
Online ISBN: 978-3-030-75762-5
eBook Packages: Computer ScienceComputer Science (R0)