Skip to main content

ML for Attack and Defense of PUFs: Current Status and Future Directions

  • Conference paper
  • First Online:
Distributed Computing and Artificial Intelligence, Special Sessions I, 20th International Conference (DCAI 2023)

Abstract

The integration of IoT devices is becoming increasingly inevitable in the development of next-generation systems and applications. Due to such a wide adoption, IoT devices handle large quantities of private and sensitive data, and operate safety-critical systems. As such, failure to comply with security requirements would prove to be catastrophic. However, the resource-constrained nature of IoT devices is a fundamental limitation in designing their security features. To tackle the problem of implementing lightweight security functionalities that enable trusted communications, Physical Unclonable Functions (PUFs) have been proposed. Exploiting the manufacturing variations of Integrated Circuits (ICs), these primitives aim to give devices a unique identifier that no attacker can violate or clone. That said, in the past decade many studies have shown the great threat that Machine Learning (ML) poses to the security of Physical Unclonable Functions. In this paper, we provide an up-to-date situation of this field of research, as well as our current work and future directions.

This work is supported by the IoTalentum project, funded by the European Union Horizon 2020 research and innovation program within the framework of Marie Skłodowska-Curie Actions ITN-ETN with grant number 953442.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Technically, the concept of PUF can be traced back even further [11]. However, it was not properly defined yet and its use for resource-constrained devices was not envisioned.

References

  1. Alkatheiri, M.S., Zhuang, Y.: Towards fast and accurate machine learning attacks of feed-forward arbiter PUFs. In: 2017 IEEE Conference on Dependable and Secure Computing, pp. 181–187 (2017). https://doi.org/10.1109/DESEC.2017.8073845

  2. Becker, G.T.: The Gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Güneysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 535–555. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_27

    Chapter  Google Scholar 

  3. Cheruvu, S., Kumar, A., Smith, N., Wheeler, D.M.: Demystifying Internet of Things Security. Apress, Berkeley, CA (2020). https://doi.org/10.1007/978-1-4842-2896-8

    Book  Google Scholar 

  4. Delvaux, J., Gu, D., Schellekens, D., Verbauwhede, I.: Secure lightweight entity authentication with strong PUFs: mission impossible? In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 451–475. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_25

    Chapter  Google Scholar 

  5. Ferens, M., Dushku, E., Kosta, S.: Securing PUFs against ml modeling attacks via an efficient challenge-response approach. In: IEEE International Workshop on the Security, Privacy, and Digital Forensics of Mobile Systems and Networks (Mobisec) (2023, in press)

    Google Scholar 

  6. Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled physical random functions. In: 18th Annual Computer Security Applications Conference, 2002. Proceedings, pp. 149–160 (2002). https://doi.org/10.1109/CSAC.2002.1176287

  7. Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 148–160. CCS ’02, Association for Computing Machinery, New York, NY, USA (2002). https://doi.org/10.1145/586110.586132

  8. Gassend, B., Dijk, M.V., Clarke, D., Torlak, E., Devadas, S., Tuyls, P.: Controlled physical random functions and applications 10(4) (2008). https://doi.org/10.1145/1284680.1284683

  9. Gassend, B., Lim, D., Clarke, D., van Dijk, M., Devadas, S.: Identification and authentication of integrated circuits. Concurr. Comput. Pract. Exp. 16(11), 1077–1098 (2004). https://doi.org/10.1002/cpe.805

    Article  Google Scholar 

  10. Lim, D., Lee, J., Gassend, B., Suh, G., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 13(10), 1200–1205 (2005). https://doi.org/10.1109/TVLSI.2005.859470

  11. Maes, R., Verbauwhede, I.: Physically Unclonable Functions: A Study on the State of the Art and Future Research Directions, pp. 3–37. Springer, Berlin, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14452-3_1

  12. Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure PUFs. In: 2008 IEEE/ACM International Conference on Computer-Aided Design, pp. 670–673 (2008). https://doi.org/10.1109/ICCAD.2008.4681648

  13. Majzoobi, M., Koushanfar, F., Potkonjak, M.: Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans. Reconfigurable Technol. Syst. 2(1) (2009). https://doi.org/10.1145/1502781.1502786

  14. Majzoobi, M., Rostami, M., Koushanfar, F., Wallach, D.S., Devadas, S.: Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching. In: 2012 IEEE Symposium on Security and Privacy Workshops, pp. 33–44 (2012). https://doi.org/10.1109/SPW.2012.30

  15. Nguyen, P.H., Sahoo, D.P., Jin, C., Mahmood, K., Rührmair, U., van Dijk, M.: The interpose PUF: secure PUF design against state-of-the-art machine learning attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(4), 243–290 (2019). https://doi.org/10.13154/tches.v2019.i4.243-290

  16. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002). https://doi.org/10.1126/science.1074376

    Article  Google Scholar 

  17. Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 237–249. CCS ’10, Association for Computing Machinery, New York, NY, USA (2010). https://doi.org/10.1145/1866307.1866335

  18. Rührmair, U., et al.: PUF modeling attacks on simulated and silicon data. IEEE Trans. Inf. Forensics Secur. 8(11), 1876–1891 (2013). https://doi.org/10.1109/TIFS.2013.2279798

    Article  Google Scholar 

  19. Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 2007 44th ACM/IEEE Design Automation Conference, pp. 9–14 (2007)

    Google Scholar 

  20. Wisiol, N., et al.: Splitting the interpose PUF: a novel modeling attack strategy. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(3), 97–120 (2020). https://doi.org/10.13154/tches.v2020.i3.97-120

  21. Wu, L., Hu, Y., Zhang, K., Li, W., Xu, X., Chang, W.: FLAM-PUF: a response-feedback-based lightweight anti-machine-learning-attack PUF. IEEE Trans. Comput. Aided Des. Integr. Circuits Syst. 41(11), 4433–4444 (2022). https://doi.org/10.1109/TCAD.2022.3197696

    Article  Google Scholar 

  22. Yu, M.D., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., Verbauwhede, I.: A lockdown technique to prevent machine learning on PUFs for lightweight authentication. IEEE Trans. Multi-Scale Comput. Syst. 2(3), 146–159 (2016). https://doi.org/10.1109/TMSCS.2016.2553027

    Article  Google Scholar 

  23. Zhang, J., Shen, C., Guo, Z., Wu, Q., Chang, W.: CT PUF: configurable tristate PUF against machine learning attacks for IoT security. IEEE Internet Things J. 9(16), 14452–14462 (2022). https://doi.org/10.1109/JIOT.2021.3090475

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Mieszko Ferens .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ferens, M., Dushku, E., Kosta, S. (2023). ML for Attack and Defense of PUFs: Current Status and Future Directions. In: Mehmood, R., et al. Distributed Computing and Artificial Intelligence, Special Sessions I, 20th International Conference. DCAI 2023. Lecture Notes in Networks and Systems, vol 741. Springer, Cham. https://doi.org/10.1007/978-3-031-38318-2_38

Download citation

Publish with us

Policies and ethics