SQ-PUF: A Resistant PUF-Based Authentication Protocol against Machine-Learning Attack
Subject Areas : electrical and computer engineeringAbolfazl Sajadi 1 , Bijan Alizadeh 2
1 - University of Tehran
2 - University of Tehran
Keywords: Internet of things (IoTs), machine learning, authentication, network security, physically unclonable functions (PUFs),
Abstract :
Physically unclonable functions (PUFs) provide hardware to generate a unique challenge-response pattern for authentication and encryption purposes. An essential feature of these circuits is their unpredictability, meaning that an adversary cannot sufficiently predict future responses from previous observations. However, machine learning algorithms have been demonstrated to be a severe threat to PUFs since they are capable of accurately modeling their behavior. In this work, we analyze PUF security threats and propose a PUF-based authentication mechanism called SQ-PUF, which can provide good resistance to machine learning attacks. In order to make it harder to simulate or predict, we obfuscated the correlation between challenge-response pairs. Experimental results show that, unlike existing PUFs, even with a large data set, the SQ-PUF model cannot be successfully attacked with a maximum prediction accuracy of 53%, indicating that this model is unpredictable. In addition, the uniformity in this model remains almost the same as the ideal value in A-PUF.
[1] S. Hemavathy and V. S. Kanchana Bhaaskaran, "Arbiter PUF-a review of design, composition, and security aspects," IEEE Access, vol. 11, pp. 33979-34004, 2023.
[2] A. Shamsoshoara, A. Korenda, F. Afghah, and S. Zeadally, "A survey on physical unclonable function (PUF)-based security solutions for internet of things," Computer Networks, vol. 183, Article ID: 107593, Dec. 2020.
[3] H. Ning, F. Farha, A. Ullah, and L. Mao, "Physical unclonable function: architectures, applications and challenges for dependable security," IET Circuits, Devices & Systems, vol. 14, no. 4, pp. 407-424, Jul. 2020.
[4] B. Gassend, D. Lim, D. Clarke, M. Van Dijk, and S. Devadas, "Identification and authentication of integrated circuits," Concurrency Computation Practice and Experience, vol. 16, no. 11, pp. 1077-1098, 2004.
[5] J. W. Lee, et al., "A technique to build a secret key in integrated circuits for identification and authentication applications," in Proc. IEEE Symp. on VLSI Circuits, Digest of Technical Papers, pp. 176-179, Honolulu, HI, USA, 17-19 Jun. 2004.
[6] M. Majzoobi, F. Koushanfar, and M. Potkonjak, "Techniques for design and implementation of secure reconfigurable PUFs," ACM Trans. Reconfigurable Technol Syst, vol. 2, no. 1, Article ID: 5, 33 pp., Mar. 2009.
[7] A. Ashtari, A. Shabani, and B. Alizadeh, "A new RF-PUF based authentication of internet of things using random forest classification," in Proc. of 16th Int. ISC Conf. on Information Security and Cryptology, ISCISC'19, pp. 21-26, Mashhad, Iran, 28-29 Aug. 2019.
[8] B. Chatterjee, D. Das, and S. Sen, "RF-PUF: IoT security enhancement through authentication of wireless nodes using in-situ machine learning," in Proc. of the IEEE Int. Sym. on Hardware Oriented Security and Trust, HOST'18, pp. 205-208, May 2018.
[9] G. E. Suh and S. Devadas, "Physical unclonable functions for device authentication and secret key generation," in Proc. 44th ACM/IEEE Design Automation Conf., pp. 9-14, San Diego, CA, USA, 4-8 Jun. 2007.
[10] P. K. Sadhu and V. P. Yanambaka, "MC-PUF: a robust lightweight controlled physical unclonable function for resource constrained environments," in Proc. of IEEE Computer Society Annual Symposium on VLSI, ISVLSI'22, pp. 452-453, Nicosia, Cyprus, 4-6 Jul. 2022.
[11] M. H. Ishak, M. S. Mispan, W. Y. Chiew, M. R. Kamaruddin, and M. A. Korobkov, "Secure lightweight obfuscated delay-based physical unclonable function design on FPGA," Bulletin of Electrical Engineering and Informatics, vol. 11, no. 2, pp. 1075-1083, Apr. 2022.
[12] S. Abdolinezhad and A. Sikora, "A lightweight mutual authentication protocol based on physical unclonable functions," in Proc. of the IEEE Int. Symp. on Hardware Oriented Security and Trust, HOST'22, pp. 161-164, McLean, VA, USA, 27-30 2022.
[13] A. Vijayakumar and S. Kundu, "A novel modeling attack resistant PUF design based on non-linear voltage transfer characteristics," in Proc. Design, Automation and Test in Europe, DATE'15, pp. 653-658, Grenoble, France, 9-13 Mar. Apr. 2015.
[14] M. Majzoobi, F. Koushanfar, and M. Potkonjak, "Lightweight secure PUFs," in Proc. IEEE/ACM Int. Conf. on Computer-Aided Design, Digest of Technical Papers, ICCAD'08, pp. 670-673, San Jose, CA, USA, 10-13 Nov. 2008.
[15] D. P. Sahoo, S. Saha, D. Mukhopadhyay, R. S. Chakraborty, and H. Kapoor, "Composite PUF: a new design paradigm for physically unclonable functions on FPGA," in Proc. of the IEEE Int. Symp. on Hardware-Oriented Security and Trust, HOST'14, pp. 50-55, Arlington, VA, USA, 6-7 May 2014.
[16] D. E. Holcomb, W. Burleson, and K. Fu, Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID tags, 2007.
[17] P. Tuyls, et al., "Read-proof hardware from protective coatings," in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, pp. 369-383, Oct. 2006.
[18] M. Sauer, P. Raiola, L. Feiten, B. Becker, U. Rührmair, and I. Polian, "Sensitized path PUF: a lightweight embedded physical unclonable function," in Proc. of the Design, Automation and Test in Europe, DATE'17, pp. 680-685, Lausanne, Switzerland, 27-31 Mar. 2017.
[19] D. Canaday, W. A. S. Barbosa, and A. Pomerance, "A novel attack on machine-learning resistant physical unclonable functions," in Proc. of the IEEE Int. Symp. on Hardware Oriented Security and Trust, HOST'22, pp. 25-28, McLean, VA, USA, 27-30 Jun. 2022.
[20] J. Ye, Q. Guo, Y. Hu, H. Li, and X. Li, "Modeling attacks on strong physical unclonable functions strengthened by random number and weak PUF," in Proc. of the IEEE VLSI Test Symposium, Computer Society, 6 pp., San Francisco, CA, USA, 22-25 Apr. 2018.
[21] U. Rührmair and J. Sölter, "PUF modeling attacks: an introduction and overview," in Proc. Design, Automation and Test in Europe, DATE'14, 6 pp., Dresden, Germany, 24-28 Mar. 2014.
[22] Y. Wen and Y. Lao, "PUF modeling attack using active learning," in Proc. IEEE Int. Symp. on Circuits and Systems, 5 pp., Florence, Italy, 27-30 May 2018.
[23] J. Delvaux, "Security analysis of PUF-based key generation and entity authentication-KU Leuven," KU Leuven and Shanghai Jiao Tong University, 2017. Accessed: Aug. 26, 2021. [Online]. Available: https://limo.libis.be/primo-explore/fulldisplay?docid=LIRIAS1662341&context=L&vid=Lirias&search_scope=Lirias&tab=default_tab&lang=en_US&fromSitemap=1
[24] J. Delvaux, "Machine-learning attacks on PolyPUFs, OB-PUFs, RPUFs, LHS-PUFs, and PUF-FSMs," IEEE Trans. on Information Forensics and Security, vol. 14, no. 8, pp. 2043-2058, Aug. 2019.
[25] M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas, "Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching," in Proc. IEEE CS Security and Privacy Workshops, SPW'12, pp. 33-44, San Francisco, CA, USA, 24-25 May 2012.
[26] S. T. C. Konigsmark, D. Chen, and M. D. F. Wong, "PolyPUF: physically secure self-divergence," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 7, pp. 1053-1066, Jul. 2016.
[27] J. Ye, Y. Hu, and X. Li, "RPUF: physical unclonable function with randomized challenge to resist modeling attack," in Proc. of the IEEE Asian Hardware Oriented Security and Trust Symp., Asian HOST'16, 6 pp., Yilan, Taiwan, 19-20 Dec. 2016.
[28] Y. Gao, et al., "Obfuscated challenge-response: a secure lightweight authentication mechanism for PUF-based pervasive devices," in Proc. IEEE Int. Conf. on Pervasive Computing and Communication Workshops, PerCom Workshops, 6 pp., Sydney, Australia, 14-18 Mar. 2016.
[29] G. T. Becker and R. Kumar, "Active and passive side-channel attacks on delay based PUF designs," IACR Cryptology ePrint Archive, vol. 2014, Article ID:287, 2014, [Online]. Available: http://eprint.iacr.org/2014/287.pdf
[30] J. Shi, Y. Lu, and J. Zhang, "Approximation attacks on strong PUFs," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 10, pp. 2138-2151, Oct. 2020.
[31] I. G. Târşa, G. D. Budariu, and C. Grozea, "Study on a true random number generator design for FPGA," in Proc. 8th Int. Conf. on Communications, COMM'10, pp. 461-464, Bucharest, Romania, 10-12 Jun. 2010.
[32] T. Arciuolo and K. M. Elleithy, "Parallel, true random number generator (P-TRNG): using parallelism for fast true random number generation in hardware," in Proc. IEEE 11th Annual Computing and Communication Workshop and Conf., CCWC'21, pp. 987-992, NV, USA, 27-30 Jan. 2021.
[33] R. S. Durga, et al., "Design and synthesis of LFSR based random number generator," in Proc. of the 3rd Int. Conf. on Smart Systems and Inventive Technology, ICSSIT, pp. 438-442, Tirunelveli, India, 20-22 Aug. 2020.
[34] A. Maiti and P. Schaumont, "The impact of aging on a physical unclonable function," IEEE Trans. Very Large Scale Integr VLSI Syst, vol. 22, no. 9, pp. 1854-1864, Sept. 2014. [35] R. L. Sembiring, R. R. Pahlevi, and P. Sukarno, "Randomness, uniqueness, and steadiness evaluation of physical unclonable functions," in Proc. 9th Int. Conf. on Information and Communication Technology, ICoICT'2021, pp. 429-433, Yogyakarta, Indonesia, 3-5 Aug. 2021.