Cross-PUF Attacks on Arbiter-PUFs through their Power Side-Channel

Abstract

The silicon primitives known as Physically Unclonable Functions (PUFs) are used for various security purposes including key generation, device authentication, etc. Due to the imperfections in manufacturing process, PUFs produce their unique outputs (responses) for given input signals (challenges) fed to identical circuitry designs. Although PUFs are deployed to preserve security and are assumed to be unclonable, their functionality may still be compromised by modeling attacks. However, such attacks only target one single PUF aiming at reversing its behavior (based on a subset of its challengeresponse pairs), and are not useful for attacking other PUFs. Moreover a subset of the target PUF’s response has to be known by the attacker. This paper moves one step forward and investigates the possibility of Cross-PUF attacks in which a particular PUF’s power fingerprints can be used to break another PUF’s security. In these Cross-PUF attacks, the attacker has at his disposal a reference PUF, and uses its power side-channel to train a machine learning model which can be deployed to attack other identical PUFs. The experimental results show the high success of the proposed attacks even in presence of noise and temperature differences between the target PUF and the one used to train the model. We target arbiter-PUFs but we deduce that the findings extend to all its derivatives, e.g., XOR-PUFs and Feed-Forward-PUFs.