Securing PUFs Against ML Modeling Attacks via an Efficient Challenge-Response Approach

Abstract

Physical Unclonable Functions (PUFs) are lightweight security primitives capable of providing functionalities such as device authentication and identification. Such lightweight solutions are particularly important for small resource-constrained devices that cannot support many of the standard security mechanisms like e.g., TPMs. Even though PUFs are constructed to be unpredictable and unclonable, they have been susceptible to Machine Learning (ML) modeling attacks. Mitigation of these attacks typically requires additional hardware, causing potential deviation from the lightweight nature of low-end embedded devices. In this paper, we analyze the technical details that lead to the success of the previous ML modeling attacks, and utilize these findings to devise a novel challenge-response approach that improves PUF's security, more specifically the 4-XOR and 5-XOR PUFs, without additional hardware requirements. Our experimental results show that the proposed approach reduces modeling accuracies of state-of-the-art ML attacks by 10-15%, lowering the success rate of attacks significantly while remaining practical in the implementation.