{"title":"Cryptanalysis of Strong Physically Unclonable Functions","authors":"Liliya Kraleva;Mohammad Mahzoun;Raluca Posteuca;Dilara Toprakhisar;Tomer Ashur;Ingrid Verbauwhede","doi":"10.1109/OJSSCS.2022.3227009","DOIUrl":null,"url":null,"abstract":"Physically unclonable functions (PUFs) are being proposed as a low-cost alternative to permanently store secret keys or provide device authentication without requiring nonvolatile memory, large e-fuses, or other dedicated processing steps. In the literature, PUFs are split into two main categories. The so-called strong PUFs are mainly used for authentication purposes; hence, also called authentication PUFs. They promise to be lightweight by avoiding extensive digital post-processing and cryptography. The so-called weak PUFs, also called key generation PUFs, can only provide authentication when combined with a cryptographic authentication protocol. Over the years, multiple research results have demonstrated that Strong PUFs can be modeled and attacked by machine learning (ML) techniques. Hence, the general assumption is that the security of a strong PUF is solely dependent on its security against ML attacks. The goal of this article is to debunk this myth, by analyzing and breaking three recently published Strong PUFs (Suresh et al., VLSI Circuits 2020; Liu et al., ISSCC 2021; and Jeloka et al., VLSI Circuits 2017). The attacks presented in this article have practical complexities and use generic symmetric key cryptanalysis techniques.","PeriodicalId":100633,"journal":{"name":"IEEE Open Journal of the Solid-State Circuits Society","volume":"3 ","pages":"32-40"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/iel7/8782712/10019316/09971721.pdf","citationCount":"3","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Open Journal of the Solid-State Circuits Society","FirstCategoryId":"1085","ListUrlMain":"https://ieeexplore.ieee.org/document/9971721/","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 3
Abstract
Physically unclonable functions (PUFs) are being proposed as a low-cost alternative to permanently store secret keys or provide device authentication without requiring nonvolatile memory, large e-fuses, or other dedicated processing steps. In the literature, PUFs are split into two main categories. The so-called strong PUFs are mainly used for authentication purposes; hence, also called authentication PUFs. They promise to be lightweight by avoiding extensive digital post-processing and cryptography. The so-called weak PUFs, also called key generation PUFs, can only provide authentication when combined with a cryptographic authentication protocol. Over the years, multiple research results have demonstrated that Strong PUFs can be modeled and attacked by machine learning (ML) techniques. Hence, the general assumption is that the security of a strong PUF is solely dependent on its security against ML attacks. The goal of this article is to debunk this myth, by analyzing and breaking three recently published Strong PUFs (Suresh et al., VLSI Circuits 2020; Liu et al., ISSCC 2021; and Jeloka et al., VLSI Circuits 2017). The attacks presented in this article have practical complexities and use generic symmetric key cryptanalysis techniques.
物理上不可克隆的功能(PUF)被提出作为一种低成本的替代方案,用于永久存储密钥或提供设备认证,而不需要非易失性存储器、大型电子熔丝或其他专用处理步骤。在文献中,PUF分为两大类。所谓的强PUF主要用于身份验证目的;因此也称为认证PUF。它们承诺通过避免大量的数字后处理和加密来实现轻量级。所谓的弱PUF,也称为密钥生成PUF,只能在与加密身份验证协议结合时提供身份验证。多年来,多项研究结果表明,强PUF可以通过机器学习(ML)技术进行建模和攻击。因此,一般的假设是,强PUF的安全性完全取决于其对ML攻击的安全性。本文的目的是通过分析和打破最近发表的三个强PUF(Suresh et al.,VLSI Circuits 2020;Liu et al.,ISSCC 2021;以及Jeloka et al.,超大规模集成电路2017)来揭穿这个神话。本文提出的攻击具有实际的复杂性,并且使用通用的对称密钥密码分析技术。