Skip to main content

Advertisement

Springer Nature Link
Log in

Having no mathematical model may not secure PUFs

  • CHES 2016
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Although numerous attacks revealed the vulnerability of different PUF families to noninvasive machine learning (ML) attacks, the question is still open whether all PUFs might be learnable. Until now, virtually all ML attacks rely on the assumption that a mathematical model of the PUF functionality is known a priori. However, this is not always the case, and attention should be paid to this important aspect of ML attacks. This paper aims to address this issue by providing a provable framework for ML attacks against a PUF family, whose underlying mathematical model is unknown. We prove that this PUF family is inherently vulnerable to our novel probably approximately correct learning framework. We apply our ML algorithm on the Bistable Ring PUF (BR-PUF) family, which is one of the most interesting and prime examples of a PUF with an unknown mathematical model. We practically evaluate our ML algorithm through extensive experiments on BR-PUFs implemented on field-programmable gate arrays. In line with our theoretical findings, our experimental results strongly confirm the effectiveness and applicability of our attack. This is also interesting since our complex proof heavily relies on the spectral properties of Boolean functions, which are known to hold only asymptotically. Along with this proof, we further provide the theorem that all PUFs must have some challenge bit positions, which have larger influences on the responses than other challenge bits.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Matlab–The Language of Technical Computing. http://www.mathworks.com/products/matlab//

  2. Almuallim, H., Dietterich, T.G.: Learning with many irrelevant features. In: Proceedings of the Ninth National Conference on Artificial Intelligence (1991)

  3. Altera: Cyclone IV Device Handbook. Altera Corporation, San Jose (2014)

    Google Scholar 

  4. Angluin, D.: Queries and concept learning. Mach. Learn. 2(4), 319–342 (1988)

    MathSciNet  Google Scholar 

  5. Armknecht, F., Maes, R., Sadeghi, A., Standaert, O.X., Wachsmann, C.: A formalization of the security features of physical functions. In: 2011 IEEE Symposium on Security and Privacy (SP), pp 397–412 (2011)

  6. Armknecht, F., Moriyama, D., Sadeghi, A.R., Yung, M.: Towards a unified security model for physically unclonable functions. In: Topics in Cryptology-CT-RSA 2016: The Cryptographers’ Track at the RSA Conference, vol. 9610, p. 271. Springer (2016)

  7. Arvind, V., Köbler, J., Lindner, W.: Parameterized learnability of K-juntas and related problems. In: Algorithmic Learning Theory, pp. 120–134. Springer (2007)

  8. Blum, A.L., Langley, P.: Selection of relevant features and examples in machine learning. Artif. Intell. 97(1), 245–271 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  9. Blumer, A., Ehrenfeucht, A., Haussler, D., Warmuth, M.K.: Learnability and the Vapnik–Chervonenkis dimension. J. ACM 36(4), 929–965 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  10. Bshouty, N.H., Jackson, J.C., Tamon, C.: Uniform-distribution attribute noise learnability. Inf. Comput. 187(2), 277–290 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  11. Chen, Q., Csaba, G., Lugli, P., Schlichtmann, U., Rührmair, U.: The Bistable Ring PUF: a new architecture for strong physical unclonable functions. In: 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 134–141. IEEE (2011)

  12. Ehrenfeucht, A., Haussler, D., Kearns, M., Valiant, L.: A general lower bound on the number of examples needed for learning. Inf. Comput. 82(3), 247–261 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  13. Fischer, P., Simon, H.U.: On learning ring-sum-expansions. SIAM J. Comput. 21(1), 181–192 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  14. Freund, Y.: Boosting a weak learning algorithm by majority. Inf. Comput. 121(2), 256–285 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  15. Freund, Y., Schapire, R.E.: A decision-theoretic generalization of on-line learning and an application to boosting. J. Comput. Syst. Sci. 55(1), 119–139 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  16. Friedgut, E.: Boolean functions with low average sensitivity depend on few coordinates. Combinatorica 18(1), 27–35 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  17. Ganji, F., Tajik, S., Fäßler, F., Seifert, J.P.: Strong machine learning attack against PUFs with no mathematical model. In: International Conference on Cryptographic Hardware and Embedded Systems—CHES 2016, pp. 391–411. Springer (2016)

  18. Ganji, F., Tajik, S., Seifert, J.P.: Let me prove it to you: RO PUFs are provably learnable. In: The 18th Annual International Conference on Information Security and Cryptology (2015)

  19. Ganji, F., Tajik, S., Seifert, J.P.: Why attackers win: on the learnability of XOR arbiter PUFs. In: Trust and Trustworthy Computing, pp. 22–39. Springer (2015)

  20. Ganji, F., Tajik, S., Seifert, J.P.: PAC learning of arbiter PUFs. J. Cryptogr. Eng. 6(3), 249–258 (2016)

    Article  Google Scholar 

  21. Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 148–160 (2002)

  22. Goldreich, O.: Property Testing: Current Research and Surveys, vol. 6390. Springer, Berlin (2010)

    MATH  Google Scholar 

  23. Guajardo, J., Kumar, S.S., Schrijen, G.J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Cryptographic Hardware and Embedded Systems—CHES 2007, pp. 63–80. Springer (2007)

  24. Guijarro, D., Tarui, J., Tsukiji, T.: Finding relevant variables in PAC model with membership queries. In: International Conference on Algorithmic Learning Theory, pp. 313–322. Springer (1999)

  25. Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The WEKA data mining software: an update. ACM SIGKDD Explor. Newsl. 11(1), 10–18 (2009)

    Article  Google Scholar 

  26. Helfmeier, C., Boit, C., Nedospasov, D., Seifert, J.P.: Cloning physically unclonable functions. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 1–6 (2013)

  27. Helfmeier, C., Nedospasov, D., Tarnovsky, C., Krissler, J.S., Boit, C., Seifert, J.P.: Breaking and entering through the silicon. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp. 733–744. ACM (2013)

  28. Helmbold, D., Sloan, R., Warmuth, M.K.: Learning integer lattices. SIAM J. Comput. 21(2), 240–266 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  29. Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM state as a fingerprint and source of true random numbers for RFID tags. In: Proceedings of the Conference on RFID Security, vol. 7 (2007)

  30. Kahn, J., Kalai, G., Linial, N.: The influence of variables on Boolean functions. In: 29th Annual Symposium on Foundations of Computer Science, pp. 68–80. IEEE (1988)

  31. Kalai, A., Servedio, R.A.: Boosting in the presence of noise. In: Proceedings of the Thirty-Fifth Annual ACM Symposium on Theory of Computing, pp. 195–205. ACM (2003)

  32. Kalai, G., Safra, S.: Threshold phenomena and influence: perspectives from mathematics, computer science, and economics. In: Computational Complexity and Statistical Physics, Santa Fe Institute Studies in the Science of Complexity, pp. 25–60 (2006)

  33. Kearns, M.J., Vazirani, U.V.: An Introduction to Computational Learning Theory. MIT Press, Cambridge (1994)

    Google Scholar 

  34. Koushanfar, F.: Hardware metering: a survey. In: Tehranipoor, M., Wang, C. (eds.) Introduction to Hardware Security and Trust, pp. 103–122. Springer, New York (2012)

    Chapter  Google Scholar 

  35. Lee, J.W., Lim, D., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: 2004 Symposium on VLSI Circuits, 2004. Digest of Technical Papers, pp. 176–179 (2004)

  36. Linial, N., Mansour, Y., Rivest, R.L.: Results on learnability and the Vapnik–Chervonenkis dimension. Inf. Comput. 90(1), 33–49 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  37. Maes, R.: Physically Unclonable Functions: Constructions, Properties and Applications. Springer, Berlin (2013)

    Book  MATH  Google Scholar 

  38. Maes, R., van der Leest, V., van der Sluis, E., Willems, F.: Secure key generation from biased PUFs. In: Cryptographic Hardware and Embedded Systems—CHES 2015, pp. 517–534. Springer (2015)

  39. Mossel, E., O’Donnell, R., Servedio, R.A.: Learning functions of k relevant variables. J. Comput. Syst. Sci. 69(3), 421–434 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  40. O’Donnell, R.: Analysis of Boolean Functions. Cambridge University Press, Cambridge (2014)

    Book  MATH  Google Scholar 

  41. Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)

    Article  Google Scholar 

  42. Parnas, M., Ron, D., Samorodnitsky, A.: Proclaiming dictators and juntas or testing Boolean formulae. In: Goemans, M., Jansen, K., Rolim, J.D.P., Trevisan, L. (eds.) Approximation, Randomization, and Combinatorial Optimization: Algorithms and Techniques, pp. 273–285. Springer, Berlin (2001)

    Chapter  Google Scholar 

  43. Rivest, R.L.: Learning decision lists. Mach. Learn. 2(3), 229–246 (1987)

    Google Scholar 

  44. Ron, D., Rubinfeld, R., Safra, M., Samorodnitsky, A., Weinstein, O.: Approximating the influence of monotone Boolean functions in \(O(\sqrt{n})\) query complexity. ACM Trans. Comput. Theory (TOCT) 4(4), 11 (2012)

    MATH  Google Scholar 

  45. Rührmair, U., Busch, H., Katzenbeisser, S.: Strong PUFs: models, constructions, and security proofs. In: Sadeghi, A.R., Naccache, D. (eds.) Towards Hardware-Intrinsic Security, pp. 79–96. Springer, Berlin (2010)

    Chapter  Google Scholar 

  46. Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 237–249 (2010)

  47. Saha, I., Jeldi, R.R., Chakraborty, R.S.: Model building attacks on physically unclonable functions using genetic programming. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 41–44. IEEE (2013)

  48. Schapire, R.E.: The strength of weak learnability. Mach. Learn. 5(2), 197–227 (1990)

    Google Scholar 

  49. Schapire, R.E., Freund, Y.: Boosting: Foundations and Algorithms. MIT Press, Cambridge (2012)

    MATH  Google Scholar 

  50. Schuster, D., Hesselbarth, R.: Evaluation of Bistable Ring PUFs using single layer neural networks. In: Holz, T., Ioannidis, S. (eds.) Trust and Trustworthy Computing, pp. 101–109. Springer, Switzerland (2014)

    Google Scholar 

  51. Servedio, R.A., Tan, L.Y., Wright, J.: Adaptivity helps for testing juntas. In: Proceedings of the 30th Conference on Computational Complexity, pp. 264–279 (2015)

  52. Siegenthaler, T.: Correlation-immunity of nonlinear combining functions for cryptographic applications (corresp.). IEEE Trans. Inf. Theory 30(5), 776–780 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  53. Tajik, S., Dietz, E., Frohmann, S., Seifert, J.P., Nedospasov, D., Helfmeier, C., Boit, C., Dittrich, H.: Physical characterization of arbiter PUFs. In: Cryptographic Hardware and Embedded Systems—CHES 2014, pp. 493–509. Springer (2014)

  54. Vapnik, V.: Estimation of Dependences Based on Empirical Data: Springer Series in Statistics. Springer, New York (1982)

    MATH  Google Scholar 

  55. Vapnik, V., Chervonenkis, A.Y.: On the uniform convergence of relative frequencies of events to their probabilities. Theory Probab. Appl. 16(2), 264 (1971)

    Article  MATH  Google Scholar 

  56. Weste, N.H.E., Harris, D.: CMOS VLSI Design: A Circuits and Systems Perspective, 4th edn. Addison Wesley, Reading (2010)

    Google Scholar 

  57. Xu, X., Rührmair, U., Holcomb, D.E., Burleson, W.P.: Security evaluation and enhancement of Bistable Ring PUFs. In: Radio Frequency Identification, pp. 3–16. Springer (2015)

  58. Yamamoto, D., Takenaka, M., Sakiyama, K., Torii, N.: Security evaluation of Bistable Ring PUFs on FPGAs using differential and linear analysis. In: 2014 Federated Conference on Computer Science and Information Systems (FedCSIS), pp. 911–918 (2014)

Download references

Acknowledgements

We would like to thank Prof. Dr. Frederik Armknecht for the fruitful discussion as well as pointing out the Siegenthaler’s paper. We acknowledge the effort made by Julian Fietkau, who has prepared the experimental setup required to do the K-junta test. Furthermore, the authors greatly appreciate the support that they received from Helmholtz Research School on Security Technologies.

Author information

Authors and Affiliations

  1. Security in Telecommunications, Department of Software Engineering and Theoretical Computer Science, Technische Universität Berlin, Berlin, Germany

    Fatemeh Ganji, Shahin Tajik, Fabian Fäßler & Jean-Pierre Seifert

Authors
  1. Fatemeh Ganji
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. Shahin Tajik
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. Fabian Fäßler
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Jean-Pierre Seifert
    View author publications

    You can also search for this author inPubMed Google Scholar

Corresponding author

Correspondence to Fatemeh Ganji.

Additional information

This paper is an extended version of the paper [17], presented at CHES 2016. In comparison with it, the novelties are: Further experimental results on property testing and machine learning have been reported. Moreover, these results and their practical implications have been subsequently discussed. Last but not least, broader theoretical perspectives which offer new insights necessary for understanding our framework have been adopted and discussed.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ganji, F., Tajik, S., Fäßler, F. et al. Having no mathematical model may not secure PUFs. J Cryptogr Eng 7, 113–128 (2017). https://doi.org/10.1007/s13389-017-0159-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-017-0159-4

Keywords