Skip to main content
Log in

Cross-PUF Attacks: Targeting FPGA Implementation of Arbiter-PUFs

  • Published:
Journal of Electronic Testing Aims and scope Submit manuscript

Abstract

The hardware primitives known as Physically Unclonable Functions (PUFs) generate unique signatures based on uncontrollable variations which occur during the manufacturing process of silicon chips. These signatures are in turn used for securing Integrated Circuits either as a secret key for cryptographic modules, or as a medium for authenticating devices. Naturally being a security primitive, PUFs are the target for attacks as such it is important to mitigate such vulnerabilities. This paper in particular investigates PUFs’ vulnerability to power-based modeling attacks. Here, we expand upon our previous simulation based Cross-PUF attacks by targeting PUFs realized in real-silicon; namely, we consider PUFs deployed in Field-Programmable Gate Array (FPGA) fabrics. In Cross-PUF attacks, a model of a reference PUF is used to attack another PUF realized from the same HSPICE simulated design or the same bitstream in FPGA. We also investigate the impact of such attacks on multi-bit parallel PUFs. The HSPICE simulation results are compared vis-a-vis with the FPGA implementation outcome of these attacks confirming the effectiveness of such simulations. Finally we show that a combination of Dual Rail logic and Random Initialization logic, named DRILL, can be effectively used to thwart such power-based modeling attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16

Similar content being viewed by others

Data Availability

All data generated or analyzed during this study are within the paper.

Notes

  1. For the sake of brevity, we omitted the experimental results of another two algorithms, namely Decision Tree and Random Forest, since SVM provides a higher accuracy than that of those two.

References

  1. Aghaie A, Moradi A (2021) Inconsistency of Simulation and Practice in Delay-based Strong PUFs. Cryptology ePrint Archive, Report 2021/482. https://ia.cr/2021/482

  2. Anusha G, Kumar A, Kandpal K (2020) A fully on-chip low-dropout regulator for SoC applications. Procedia Comput Sci 171:1009–1017

    Article  Google Scholar 

  3. Bassham L et al (2010) A statistical test suite for random and pseudorandom number generators for cryptographic applications. URL https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=906762

  4. Becker GT, Kumar R (2014) Active and passive side-channel attacks on delay based PUF designs. International Association for Cryptologic Research Cryptology Archive p 287

  5. Becker GT (2015) The gap between promise and reality: On the insecurity of XOR arbiter PUFs. In: Proc. International Workshop on Cryptographic Hardware and Embedded Systems. Springer, pp 535–555

  6. Bruneau N, Danger JL, Facon A, Guilley S, Hamaguchi S, Hori Y, Kang Y, Schaub A (2018) Development of the unified security requirements of PUFs during the standardization process. In: Proc. International Conference on Security for Information Technology and Communications. Springer, pp 314–330

  7. Chatterjee D, Mukhopadhyay D, Hazra A (2020) Interpose PUF can be PAC Learned. International Association for Cryptologic Research Cryptology ePrint Archive p 471

  8. Cherif Z, Danger J-L, Guilley S, Bossuet L (2012) An easy-to-design PUF based on a single oscillator: the loop PUF. In: Proc. 15th Euromicro Conference on Digital System Design, pp 156–162

  9. Delvaux J, Verbauwhede I (2013) Side channel modeling attacks on 65 nm arbiter PUFs exploiting CMOS device noise. In: Proc. Int’l Symp. on Hardware-Oriented Security and Trust (HOST), pp 137–142

  10. Ebrahimabadi M, Younis M, Karimi N (2022) A puf-based modeling-attack resilient authentication protocol for IoT devices. IEEE Internet Things J 9(5):3684–3703

    Article  Google Scholar 

  11. Eastland N (2021) Structure of an FPGA. URL https://digilent.com/blog/structure-of-an-fpga/

  12. Fukushima K et al (2016) Delay PUF assessment method based on side-channel and modeling analyzes: The final piece of all-in-one assessment methodology. In: IEEE Trustcom/BigDataSE/ISPA, pp 201–207

  13. Gassend B, Clarke D, van Dijk M, Devadas S (2002) Controlled physical random functions. In: Proc. 18th Annual Computer Security Applications Conf., pp 149–160. https://doi.org/10.1109/CSAC.2002.1176287

  14. Gassend B, Clarke D, van Dijk M, Devadas S (2002) Silicon physical random functions. In: Proc. ACM Conference on Computer and Communications Security, pp 148–160

  15. Guntur H, Ishii J, Satoh A (2014) Side-channel attack user reference architecture board SAKURA-G. In: Proc. IEEE 3rd Global Conference on Consumer Electronics, GCCE. Tokyo, Japan, 7-10 October 2014, pp 271–274. https://doi.org/10.1109/GCCE.2014.7031104

  16. Herder C, Yu M, Koushanfar F, Devadas S (2014) Physical unclonable functions and applications: A tutorial. Proc IEEE 102(8):1126–1141

    Article  Google Scholar 

  17. ISO/IEC 20897-1 (2020) Information security, cybersecurity and privacy protection – Physically unclonable functions – Part 1: Security requirements. https://www.iso.org/standard/76353.html

  18. Jiang Q, Zhang X, Zhang N, Tian Y, Ma X, Ma JQ (2019) Two-factor authentication protocol using physical unclonable function for IoV. In: Proc. IEEE/CIC International Conference on Communications in China (ICCC), pp 195–200

  19. Karimi N, Danger J-L, Guilley S (2018) Impact of aging on the reliability of delay PUFs. J Electron Test: Theory Appl 34(5):571–586

    Article  Google Scholar 

  20. Kim SJ (2021) Integrated and Distributed Digital Low-Drop-Out Regulators with Event-Driven Controls and Side-Channel Attack Resistance. Columbia University

  21. Koushanfar F (2011) Integrated circuits metering for piracy protection and digital rights management: An overview. In: Proceedings of the 21st Edition of the Great Lakes Symposium on Great Lakes Symposium on VLSI, Association for Computing Machinery, New York, NY, USA, p 449–454. https://doi.org/10.1145/1973009.1973110

  22. Kroeger T, Cheng W, Guilley S, Danger J-L, Karimi N (2020) Cross-PUF attacks on arbiter-PUFs through their power side-channel. In: Proc. IEEE International Test Conference (ITC), pp 1–5

  23. Kroeger T, Cheng W, Guilley S, Danger J-L, Karimi N (2021) Enhancing the resiliency of multi-bit parallel arbiter-PUF and its derivatives against power attacks. In: Bhasin S, De Santis F (eds) Constructive side-channel analysis and secure design. COSADE 2021. Lecture notes in computer science, vol 12910, pp 303–321

  24. Kroeger T, Cheng W, Guilley S, Danger JL, Karimi N (2021) Making obfuscated PUFs secure against power side-channel based modeling attacks. In: Proc. Design Automation and Test Europe (DATE)

  25. Kroeger T, Cheng W, Guilley S, Danger J-L, Karimi N (2022) Assessment and mitigation of power side-channel-based cross-PUF attacks on arbiter-PUFs and their derivatives. IEEE Trans Very Large Scale Integr VLSI Syst 30(2):187–200. https://doi.org/10.1109/TVLSI.2021.3129141

    Article  Google Scholar 

  26. Labrado C, Thapliyal H, Mohanty SP (2022) Fortifying Vehicular Security through Low Overhead Physically Unclonable Functions. ACM J Emerg Technol Comput Syst 18(1):8:1–8:18. https://doi.org/10.1145/3442443

  27. Mahmoud A, Rührmair U, Majzoobi M, Koushanfar F (2013) Combined modeling and side channel attacks on strong PUFs. International Association for Cryptologic Research Cryptology ePrint Archive 2013:632

  28. Mangard S, Oswald E, Popp T (2006) Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer

  29. Maiti A, Gunreddy V, Schaumont P (2013) A Systematic Method to Evaluate and Compare the Performance of Physical Unclonable Functions. Springer, New York, New York, NY, pp 245–267

    Google Scholar 

  30. Majzoobi M, Koushanfar F, Devadas S (2010) FPGA PUF using programmable delay lines. In: Proc. IEEE Int’l Workshop on Information Forensics and Security, pp 1–6

  31. Mars A, Adi W (2018) New Concept for Physically-Secured E-Coins Circulations. In: Adaptive Hardware and Systems, pp 333–338

  32. Nagata M, Miki T, Miura N (2022) Physical attack protection techniques for ic chip level hardware security. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 30(1):5–14

  33. Nangate 45 nm open cell library. “http://www.nangate.com

  34. Nguyen PH et al (2019) The Interpose PUF: Secure PUF Design against State-of-the-art Machine Learning Attacks. Trans on Cryptographic Hardware and Embedded Systems (CHES) p 243–290

  35. Pappu R, Recht B, Taylor J, Gershenfeld N (2002) Physical one-way functions. Science 297(5589):2026–2030. https://doi.org/10.1126/science.1074376

    Article  Google Scholar 

  36. Rührmair U et al (2010) Modeling Attacks on Physical Unclonable Functions. In: ACM Conference on Computer and Communications Security, pp 237–249

  37. Rührmair U, Sölter J (2014) PUF modeling attacks: An introduction and overview. In: Proc. Design Automation and Test Europe (DATE), pp 1–6

  38. Rührmair U, Xu X, Sölter J, Mahmoud A, Majzoobi M, Koushanfar F, Burleson W (2014) Efficient power and timing side channels for physical unclonable functions. In: Batina L, Robshaw M (eds) Cryptographic hardware and embedded systems – CHES 2014. Lecture notes in computer science, vol 8731. Springer, pp 476–492

  39. Santikellur P, Bhattacharyay A, Chakraborty RS (2019) Deep learning based model building attacks on arbiter PUF compositions. Cryptology ePrint Archive

  40. Soybali M, Ors B, Saldamli G (2011) Implementation of a PUF circuit on a FPGA. In: Proc. International Conference on New Technologies, Mobility and Security, pp 1–5

  41. Spartan-6 FPGA Family. URL https://www.xilinx.com/products/silicon-devices/fpga/spartan-6.html

  42. Tebelmann L, Danger JL, Pehl M (2020) Self-secured PUF: protecting the loop PUF by masking. Constructive Side-Channel Analysis and Secure Design (COSADE) 12244:293–314

    Article  Google Scholar 

  43. Wisiol N, Mühl C, Pirnay N, Nguyen PH, Margraf M, Seifert J-P, van Dijk M, Rührmair U (2020) Splitting the interpose PUF: A novel modeling attack strategy. Trans on Cryptographic Hardware and Embedded Systems (CHES) 3:97–120

    Article  Google Scholar 

  44. Yu W (2017) Exploiting on-chip voltage regulators as a countermeasure against power analysis attack. PhD thesis, University of South Florida. https://digitalcommons.usf.edu/cgi/viewcontent.cgi?article=8183&context=etd

  45. Yu W, Uzun OA, Köse S (2015) Leveraging on-chip voltage regulators as a countermeasure against side-channel attacks. In: Proc. 52nd Annual Design Automation Conf., ACM, pp 1–6

Download references

Funding

This work has partly benefited from the bilateral MESRI-BMBF project “APRIORI” from the ANR Cybersecurity 2020 call. It is also part of the Horizon 2020 “SPARTA” project under grant agreement number 830892. It was also benefited from National Science Foundation Award (grant number: 1920079).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Trevor Kroeger.

Ethics declarations

Competing Interests

The authors declare that there are no competing interests.

Conflict of Interests

The authors declare that they have no conflict of interest.

Additional information

Responsible Editor: V. D. Agrawal

Publisher’s Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kroeger, T., Cheng, W., Danger, JL. et al. Cross-PUF Attacks: Targeting FPGA Implementation of Arbiter-PUFs. J Electron Test 38, 261–277 (2022). https://doi.org/10.1007/s10836-022-06012-z

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10836-022-06012-z

Keywords

Navigation