By Topic

Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

The purchase and pricing options are temporarily unavailable. Please try again later.
3 Author(s)
Hospodar, G. ; IBBT, KU Leuven, Leuven, Belgium ; Maes, R. ; Verbauwhede, I.

Arbiter Physically Unclonable Functions (PUFs) have been proposed as efficient hardware security primitives for generating device-unique authentication responses and cryptographic keys. However, the assumed possibility of modeling their underlying challenge-response behavior causes uncertainty about their actual applicability. In this work, we apply well-known machine learning techniques on challenge-response pairs (CRPs) from 64-stage Arbiter PUFs realized in 65nm CMOS, in order to evaluate the effectiveness of such modeling attacks on a modern silicon implementation. We show that a 90%-accurate model can be built from a training set of merely 500 CRPs, and that 5000 CRPs are sufficient to perfectly model the PUFs. To study the implications of these attacks, there is need for a new methodology to assess the security of PUFs suffering from modeling. We propose such a methodology and apply it to our machine learning results, yielding strict bounds on the usability of Arbiter PUFs. We conclude that plain 64-stage Arbiter PUFs are not secure for challenge-response authentication, and the number of extractable secret key bits is limited to at most 600.

Published in:

Information Forensics and Security (WIFS), 2012 IEEE International Workshop on

Date of Conference:

2-5 Dec. 2012