On the Scaling of Machine Learning Attacks on PUFs with Application to Noise Bifurcation

Tobisch, Johannes; Becker, Georg T.

doi:10.1007/978-3-319-24837-0_2

Cited by 95 publications

(81 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Now we analyze the Bochum results with respect to our protocol II, which contains a noise s.c. attack countermeasure. The results that apply are no longer those from [18] (which requires noise s.c. information), but the ones in [17], which are shown as red-thick lines. For an 8-XOR PUF, 4·10 7 CRPs were used, which supports 1·10 4 authentication events.…”

Section: Ruhr-university Bochum Attacks (2015)mentioning

confidence: 97%

“…It attempts to produce an exponential number of CRPs from a linear number of circuit components where the response bits are difficult to predict. Practical strong PUFs are composed of linear circuits in order to prevent physical noise amplification and are therefore prone to modeling attacks, e.g., using machine learning [14], [15], [16], [17], [18].…”

Section: Strong and Weak Pufsmentioning

confidence: 99%

“…Machine learning attacks on strong PUFs were proposed in [19], [20] and certain constructs broken in [14], [17], [18], [21], [22], [23]. Recent machine learning attacks exploited PUF noise measurements as side-channel information [18], [24], [25] or performed noise filtering to improve the signalto-noise ratio [23], [26], [27].…”

Section: Machine Learning and Side-channel Attacksmentioning

confidence: 99%

“…This class of s.c. attack can be eliminated by preventing repeated challenges [18]. If so, the red-thin results are no longer relevant, and the Bochum red-thick results now apply [17].…”

Section: Ruhr-university Bochum Attacks (2015)mentioning

confidence: 99%

See 3 more Smart Citations

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

Hiller

Delvaux

et al. 2016

IEEE Trans. Multi-Scale Comp. Syst.

175

150

View full text Add to dashboard Cite

Abstract. We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosenchallenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework.

show abstract

Section: Ruhr-university Bochum Attacks (2015)mentioning

confidence: 97%

Section: Strong and Weak Pufsmentioning

confidence: 99%

Section: Machine Learning and Side-channel Attacksmentioning

confidence: 99%

“…This class of s.c. attack can be eliminated by preventing repeated challenges [18]. If so, the red-thin results are no longer relevant, and the Bochum red-thick results now apply [17].…”

Section: Ruhr-university Bochum Attacks (2015)mentioning

confidence: 99%

See 2 more Smart Citations

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

Hiller

Delvaux

et al. 2016

IEEE Trans. Multi-Scale Comp. Syst.

175

150

View full text Add to dashboard Cite

show abstract

“…These techniques increase the unpredictability of the PUFs, however, still they incurred high area overhead. There is also another technique of obfuscating the PUF responses which utilizes noise bifurcation [69]. The downside of this technique is that the software model must be developed and stored on the server's side.…”

Section: Comparison Analysis Of Defense Mechanisms Against Attacksmentioning

confidence: 99%

Defense Mechanisms against Machine Learning Modeling Attacks on Strong Physical Unclonable Functions for IOT Authentication: A Review

Noor¹,

Daud²,

Ahmad³

et al. 2017

ijacsa

View full text Add to dashboard Cite

Abstract-Security component in IoT system are very crucial because the devices within the IoT system are exposed to numerous malicious attacks. Typical security components in IoT system performs authentication, authorization, message and content integrity check. Regarding authentication, it is normally performed using classical authentication scheme using crypto module. However, the utilization of the crypto module in IoT authentication is not feasible because of the distributed nature of the IoT system which complicates the message cipher and decipher process. Thus, the Physical Unclonable Function (PUF) is suggested to replace crypto module for IoT authentication because it only utilizes responses from set of challenges instead of cryptographic keys to authenticate devices. PUF can generate large number of challenge-response pairs (CRPs) which is good for authentication because the unpredictability is high. However, with the emergence of machine learning modeling, the CRPs now can be predicted through machine learning algorithms. Various defense mechanisms were proposed to counter machine learning modeling attacks (ML-MA). Although they were experimentally proven to be able to increase resiliency against ML-MA, they caused the generated responses to be instable and incurred high area overhead. Thus, there is a need to design the best defense mechanism which is not only resistant to ML-MA but also produces reliable responses and reduces area overhead. This paper presents an analysis on defense mechanisms against ML-MA on strong PUFs for IoT authentication.

show abstract

Fault-Tolerant Implementations of Physically Unclonable Functions on FPGA

et al. 2018

View full text Add to dashboard Cite

On the Scaling of Machine Learning Attacks on PUFs with Application to Noise Bifurcation

Cited by 95 publications

References 10 publications

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

Defense Mechanisms against Machine Learning Modeling Attacks on Strong Physical Unclonable Functions for IOT Authentication: A Review

Fault-Tolerant Implementations of Physically Unclonable Functions on FPGA

Contact Info

Product

Resources

About