Skip to main content
SpringerLink
Log in

Rock’n’roll PUFs: crafting provably secure pufs from less secure ones (extended version)

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

The era of PUFs has been characterized by the efforts put into research and the development of PUFs that are resilient against attacks, in particular, machine learning attacks. Due to the lack of systematic and provable methods for this purpose, we have witnessed the ever-continuing competition between PUF designers/manufacturers, cryptanalysts, and of course, adversaries that maliciously break the security of PUFs. This is despite a series of acknowledged principles developed in cryptography and complexity theory, under the umbrella term “hardness amplification”. This paper aims at narrowing the gap between these studies and hardware security, specifically for applications in the domain of PUFs. To this end, this paper provides an example of somewhat hard PUFs and demonstrates how to build a strongly secure construction out of these considerably weaker primitives. Our theoretical findings are discussed in an exhaustive manner and supported by the silicon results captured from real-world PUFs.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. The algorithms are available under https://www.trust-hub.org/software.

References

  1. Lee, J.W., Lim, D., Gassend, B., Suh, G.E., Van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: Symposium on VLSI Circuits, Digest of Technical Papers, pp. 176–179 (2004)

  2. Sahoo, D.P., Saha, S., Mukhopadhyay, D., Chakraborty, R.S., Kapoor, H.: Composite PUF: a new design paradigm for physically unclonable functions on FPGA. In: International Symposium on Hardware-Oriented Security and Trust, pp. 50–55. IEEE (2014)

  3. Sahoo, D.P., Mukhopadhyay, D., Chakraborty, R.S.: Formal design of composite physically unclonable function. In: WKSH on Security Proofs for Embedded Systems, pp. 84–97. Santa Barbara, CA (2013)

  4. Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, pp. 237–249 (2010)

  5. Ganji, F., Tajik, S., Seifert, J.-P.: Why attackers win: on the learnability of XOR arbiter PUFs. In: Intrl Conf. on Trust and Trustworthy Computing, pp. 22–39. Springer, Cham (2015)

  6. Becker, G.T.: The gap between promise and reality: on the insecurity of XOR arbiter PUFs. In: Cryptographic Hardware and Embedded System, pp. 535–555. Springer, Berlin, Heidelberg (2015)

  7. Ganji, F., Tajik, S., Fäßler, F., Seifert, J.P.: Having no mathematical model may not secure PUFs. J. Cryptogr. Eng. (2017). https://doi.org/10.1007/s13389-017-0159-4

    Article  MATH  Google Scholar 

  8. Majzoobi, M., Koushanfar, F., Devadas, S.: FPGA PUF using programmable delay lines. In: IEEE International WKSH on Information Forensics and Security, pp. 1–6 (2010)

  9. Armknecht, F., Maes, R., Sadeghi, A., Standaert, O.X., Wachsmann, C.: A formalization of the security features of physical functions. In: IEEE Symposium on Security and Privacy, pp. 397–412 (2011)

  10. O’Donnell, R.: Hardness amplification within NP. J. Comput. Syst. Sci. 69(1), 68–94 (2004)

    Article  MathSciNet  Google Scholar 

  11. Blumer, A., Ehrenfeucht, A., Haussler, D., Warmuth, M.K.: Learnability and the Vapnik–Chervonenkis dimension. J. ACM 36(4), 929–965 (1989)

    Article  MathSciNet  Google Scholar 

  12. Spenke, A., Breithaupt, R., Plaga, R.: An arbiter PUF secured by remote random reconfigurations of an FPGA. In: International Conference on Trust and Trustworthy Computing, pp. 140–158. Springer (2016)

  13. Ye, J., Gong, Y., Hu, Y., Li, X.: Polymorphic PUF: exploiting reconfigurability of CPU+ FPGA SoC to resist modeling attack. In: Asian Hardware Oriented Security and Trust Symposium, pp. 43–48. IEEE (2017)

  14. Maes, R.: An accurate probabilistic reliability model for silicon PUFs. In: Cryptographic Hardware and Embedded System, pp. 73–89. Springer, Berlin, Heidelberg (2013)

  15. Ganji, F., Tajik, S., Seifert, J.P.: A Fourier analysis based attack against physically unclonable functions. In: International Conference on Financial Cryptography and Data Security. Springer (2018)

  16. Majzoobi, M., Koushanfar, F., Potkonjak, M.: Techniques for design and implementation of secure reconfigurable PUFs. ACM Trans. Reconfig. Technol. Syst. 2, 1–33 (2009)

    Article  Google Scholar 

  17. Matulef, K., O’Donnell, R., Rubinfeld, R., Servedio, R.A.: Testing halfspaces. SIAM J. Comput. 39(5), 2004–2047 (2010)

    Article  MathSciNet  Google Scholar 

  18. Angluin, D., Laird, P.: Learning from noisy examples. Mach. Learn. 2(4), 343–370 (1988)

    Google Scholar 

  19. Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Controlled physical random functions. In: Computer Security Applications Conference, pp. 149–160 (2002)

  20. Sahoo, D.P., Mukhopadhyay, D., Chakraborty, R.S., Nguyen, P.H.: A multiplexer-based arbiter PUF composition with enhanced reliability and security. IEEE Trans. Comput. 67(3), 403–417 (2018)

    Article  MathSciNet  Google Scholar 

  21. Xilinx Inc.: Vivado Design Suite User Guide. Using Constraints, UG903. https://www.xilinx.com/support/documentation/sw_manuals/xilinx2018_3/ug903-vivado-using-constraints.pdf (2018). Accessed 29 Apr 2020

  22. Gehrer, S., Sigl, G.: Using the reconfigurability of modern FPGAs for highly efficient PUF-based key generation. In: 2015 10th International Symposium on Reconfigurable Communication-Centric Systems-on-Chip, pp. 1–6. IEEE (2015)

  23. Inc., T.M.: MATLAB—The Language of Technical Computing. http://www.mathworks.com/products/matlab//

  24. Fischer, E., Kindler, G., Ron, D., Safra, S., Samorodnitsky, A.: Testing juntas. In: The 43rd Annual IEEE Symposium on Foundations of Computer Science, pp. 103–112 (2002)

  25. Ganji, F., Tajik, S., Stauss, P., Seifert, J.-P., Forte, D., Tehranipoor, M.: Theoretical and Practical Approaches for Hardness Amplification of PUFs (2019). https://eprint.iacr.org/2019/534. Accessed 20 Apr 2020

  26. Bshouty, N.H., Jackson, J.C., Tamon, C.: Uniform-distribution attribute noise learnability. Inf. Comput. 187(2), 277–290 (2003)

    Article  MathSciNet  Google Scholar 

  27. Linial, N., Mansour, Y., Nisan, N.: Constant depth circuits, fourier transform, and learnability. J. ACM 40(3), 607–620 (1993)

    Article  MathSciNet  Google Scholar 

  28. O’Donnell, R.W.: Computational Applications of Noise Sensitivity. Ph.D. thesis, Massachusetts Institute of Technology (2003)

  29. Klivans, A.R., O’Donnell, R., Servedio, R.A.: Learning intersections and thresholds of halfspaces. In: Proceedings the 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002, pp. 177–186 (2002)

  30. Rostami, M., Majzoobi, M., Koushanfar, F., Wallach, D., Devadas, S.: Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Trans. Emerg. Top. Comput. 2(1), 37–49 (2014)

    Article  Google Scholar 

  31. Yu, M.D., Hiller, M., Delvaux, J., Sowell, R., Devadas, S., Verbauwhede, I.: A lockdown technique to prevent machine learning on PUFs for lightweight authentication. IEEE Trans. Multi-Scale Comput. Syst. (2016). https://doi.org/10.1109/TMSCS.2016.2553027

    Article  Google Scholar 

  32. Delvaux, J.: Security Analysis of PUF-Based Key Generation and Entity Authentication. Ph.D. thesis, Ph. D. dissertation, Shanghai Jiao Tong University, China (2017)

  33. Schapire, R.E., Freund, Y.: Boosting: Foundations and Algorithms. MIT Press, Cambridge (2012)

    MATH  Google Scholar 

  34. Dietterich, T.G.: Ensemble methods in machine learning. In: International WKSH on Multiple Classifier System, pp. 1–15. Springer (2000)

  35. Servedio, R.A.: Smooth boosting and learning with malicious noise. J. Mach. Learn. Res. 4(Sep), 633–648 (2003)

    MathSciNet  MATH  Google Scholar 

  36. Klivans, A.R., Long, P.M., Servedio, R.A.: Learning halfspaces with malicious noise. J. Mach. Learn. Res. 10(Dec), 2715–2740 (2009)

    MathSciNet  MATH  Google Scholar 

  37. Yu, M.D.M., Verbauwhede, I., Devadas, S., MRaihi, D.: A noise bifurcation architecture for linear additive physical functions. In: IEEE International Symposium on Hardware-Oriented Security and Trust, pp. 124–129 (2014)

  38. Tobisch, J., Becker, G.T.: On the scaling of machine learning attacks on PUFs with application to noise bifurcation. In: International WKSH on Radio Frequency Identification: Security and Privacy Issues, pp. 17–31. Springer (2015)

  39. Goldman, S.A., Sloan, R.H.: Can PAC learning algorithms tolerate random attribute noise? Algorithmica 14(1), 70–84 (1995)

    Article  MathSciNet  Google Scholar 

  40. Delvaux, J., Verbauwhede, I.: Fault injection modeling attacks on 65 nm Arbiter and RO sum PUFs via environmental changes. IEEE Trans. Circuits Syst. I 61(6), 1701–1713 (2014)

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank the organizers of the Dagstuhl Seminar on Hardware Security (Dagstuhl Seminar 16202), and especially, Prof. Dr.-Ing. Georg Sigl. In particular, the discussion session on “PUFs and Security Components” inspired us to explore the question of which other combining functions, rather than the XOR function, can be helpful in the context of PUFs. We also thank Dr. Rainer Plaga from Bundesamt für Sicherheit in der Informationstechnik (BSI) for the fruitful discussion on the security of Arbiter PUFs that we have had in 2016. Last but not least, the author would like to acknowledge the support of the National Science Foundation, CISE Community Research Infrastructure (CRI) Program under Grant agreement No. 1513239, National Institute of Standards and Technology under Grant No. 60NANB16D248 and AFOSR under award Number FA 9550-14-1-0351.

Author information

Authors and Affiliations

  1. Florida Institute for Cybersecurity Research, University of Florida, 601 Gale Lemerand Dr, Gainesville, FL, 32603, USA

    Fatemeh Ganji, Shahin Tajik, Mark Tehranipoor & Domenic Forte

  2. Security in Telecommunications Group, Technische Universität Berlin, Fakultät IV, Sekr. TEL16, Ernst-Reuter-Platz 7, 10587, Berlin, Germany

    Pascal Stauss & Jean-Pierre Seifert

Authors
  1. Fatemeh Ganji
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shahin Tajik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pascal Stauss
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Mark Tehranipoor
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Domenic Forte
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Fatemeh Ganji.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ganji, F., Tajik, S., Stauss, P. et al. Rock’n’roll PUFs: crafting provably secure pufs from less secure ones (extended version). J Cryptogr Eng 11, 105–118 (2021). https://doi.org/10.1007/s13389-020-00226-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-020-00226-7

Keywords

Search

Navigation