Mohammad Javad Adel,Mohammad Hadi Rezayati,Mohammad Hossein Moaiyeri,Abdolah Amirany,Kian Jafari

DOI: https://doi.org/10.1038/s41598-024-71730-7

2024-09-04

Abstract:The ubiquitous presence of electronic devices demands robust hardware security mechanisms to safeguard sensitive information from threats. This paper presents a physical unclonable function (PUF) circuit based on magnetoresistive random access memory (MRAM). The circuit utilizes inherent characteristics arising from fabrication variations, specifically magnetic tunnel junction (MTJ) cell resistance, to produce corresponding outputs for applied challenges. In contrast to Arbiter PUF, the proposed effectively satisfies the strict avalanche criterion (SAC). Additionally, the grid-like structure of the proposed circuit preserves its resistance against machine learning-based modeling attacks. Various machine learning (ML) attacks employing multilayer perceptron (MLP), linear regression (LR), and support vector machine (SVM) networks are simulated for two-array and four-array architectures. The MLP-attack prediction accuracy was 53.61% for a two-array circuit and 49.87% for a four-array circuit, showcasing robust performance even under the worst-case process variations. In addition, deep learning-based modeling attacks in considerable high dimensions utilizing multiple networks such as convolutional neural network (CNN), recurrent neural network (RNN), MLP, and Larq are used with the accuracy of 50.31%, 50.25%, 50.31%, and 50.31%, respectively. The efficiency of the proposed circuit at the layout level is also investigated for simplified two-array architecture. The simulation results indicate that the proposed circuit offers intra and inter-hamming distance (HD) with a mean of 0.98% and 49.96%, respectively, and a mean diffuseness of 49.09%.

Haoqiang Guo,Lu Peng,Jian Zhang,Fang Qi,Lide Duan

DOI: https://doi.org/10.48550/arXiv.2008.01219

IF: 4.729

2020-08-03

Signal Processing

Abstract:Recent studies identify that Deep learning Neural Networks (DNNs) are vulnerable to subtle perturbations, which are not perceptible to human visual system but can fool the DNN models and lead to wrong outputs. A class of adversarial attack network algorithms has been proposed to generate robust physical perturbations under different circumstances. These algorithms are the first efforts to move forward secure deep learning by providing an avenue to train future defense networks, however, the intrinsic complexity of them prevents their broader usage. In this paper, we propose the first hardware accelerator for adversarial attacks based on memristor crossbar arrays. Our design significantly improves the throughput of a visual adversarial perturbation system, which can further improve the robustness and security of future deep learning systems. Based on the algorithm uniqueness, we propose four implementations for the adversarial attack accelerator ($A^3$) to improve the throughput, energy efficiency, and computational efficiency.

Mohammad Hashemi,Steffi Roy,Domenic Forte,Fatemeh Ganji

DOI: https://doi.org/10.48550/arXiv.2208.03806

2022-08-08

Abstract:Recent work has highlighted the risks of intellectual property (IP) piracy of deep learning (DL) models from the side-channel leakage of DL hardware accelerators. In response, to provide side-channel leakage resiliency to DL hardware accelerators, several approaches have been proposed, mainly borrowed from the methodologies devised for cryptographic implementations. Therefore, as expected, the same challenges posed by the complex design of such countermeasures should be dealt with. This is despite the fact that fundamental cryptographic approaches, specifically secure and private function evaluation, could potentially improve the robustness against side-channel leakage. To examine this and weigh the costs and benefits, we introduce hardware garbled NN (HWGN2), a DL hardware accelerator implemented on FPGA. HWGN2 also provides NN designers with the flexibility to protect their IP in real-time applications, where hardware resources are heavily constrained, through a hardware-communication cost trade-off. Concretely, we apply garbled circuits, implemented using a MIPS architecture that achieves up to 62.5x fewer logical and 66x less memory utilization than the state-of-the-art approaches at the price of communication overhead. Further, the side-channel resiliency of HWGN2 is demonstrated by employing the test vector leakage assessment (TVLA) test against both power and electromagnetic side-channels. This is in addition to the inherent feature of HWGN2: it ensures the privacy of users' input, including the architecture of NNs. We also demonstrate a natural extension to the malicious security modeljust as a by-product of our implementation.

Cryptography and Security

Mohammed Saeed Alkatheiri,Ahmad O. Aseeri,Yu Zhuang

DOI: https://doi.org/10.1007/s13369-023-08643-6

IF: 2.807

2024-01-20

Arabian Journal for Science and Engineering

Abstract:Authentication is critical for Internet-of-Things. The traditional approach of using cryptographic keys is subject to invasive attacks. Being unclonable even by the manufacturers, physical unclonable functions (PUFs) leverage integrated circuits' manufacturing variations to produce responses unique for individual devices, and hence are of great potential as security primitives. While physically unclonable, many PUFs were reported to be mathematically cloneable by machine learning-based modeling methods. The feed-forward arbiter PUFs (FF PUFs) are among the PUFs with strong resistance against machine learning attacks. Existing studies revealed that only a very small group of FF PUFs with special loop patterns had been broken, and the vast majority of FF PUFs are still secure against all machine learning attack methods tried so far. In this paper, we introduce a neural network that can successfully attack FF PUFs with any loop patterns, with training time even magnitudes lower than existing methods attacking PUFs of the restrictive loop patterns. Experimental results show that, on the one hand, FF PUFs are not secure against attacks even with a large number of complex feed-forward loops, hence susceptible to attacks by response-prediction-based malicious software. On the other hand, the new approach of designing problem-tailored attack methods points to a new way to identify PUF security risks which might be difficult to discover by general-purpose machine learning methods.

multidisciplinary sciences

Yongliang Chen

DOI: https://doi.org/10.1109/itc-asia53059.2021.9808420

2021-01-01

Abstract:The modeling attack is a serious threat to the physical unclonable function (PUF) circuits. The double-layer PUF was reported as a PUF scheme to resist the machine learning attacks, and its test chip was fabricated and tested. This work attacks the double-layer PUF successfully by an intentionally designed artificial neural network (ANN) model based on the working principle of the target PUF. To enhance the anti-modeling-attack capability of the double-layer PUF, the XORing and the dimensional extension techniques are proposed. The attack results show that the prediction accuracy of the proposed ANN-based model with the XORing and 3D extension techniques is as low as 50.09% in average. It manifests that the proposed security enhancement techniques are able to improve the resilience of the double-layer PUF against the modeling attacks effectively.

Gaoxiang Li,Yu Zhuang

2024-06-08

Abstract:Physical Unclonable Functions (PUFs) are emerging as promising security primitives for IoT devices, providing device fingerprints based on physical characteristics. Despite their strengths, PUFs are vulnerable to machine learning (ML) attacks, including conventional and reliability-based attacks. Conventional ML attacks have been effective in revealing vulnerabilities of many PUFs, and reliability-based ML attacks are more powerful tools that have detected vulnerabilities of some PUFs that are resistant to conventional ML attacks. Since reliability-based ML attacks leverage information of PUFs' unreliability, we were tempted to examine the feasibility of building defense using reliability enhancing techniques, and have discovered that majority voting with reasonably high repeats provides effective defense against existing reliability-based ML attack methods. It is known that majority voting reduces but does not eliminate unreliability, we are motivated to investigate if new attack methods exist that can capture the low unreliability of highly but not-perfectly reliable PUFs, which led to the development of a new reliability representation and the new representation-enabled attack method that has experimentally cracked PUFs enhanced with majority voting of high repetitions.

Cryptography and Security,Machine Learning

Mahdieh Grailoo,Zain Ul Abideen,Mairo Leier,Samuel Pagliarini

DOI: https://doi.org/10.48550/arXiv.2204.00292

2022-04-01

Abstract:Neural networks (NNs) are already deployed in hardware today, becoming valuable intellectual property (IP) as many hours are invested in their training and optimization. Therefore, attackers may be interested in copying, reverse engineering, or even modifying this IP. The current practices in hardware obfuscation, including the widely studied logic locking technique, are insufficient to protect the actual IP of a well-trained NN: its weights. Simply hiding the weights behind a key-based scheme is inefficient (resource-hungry) and inadequate (attackers can exploit knowledge distillation). This paper proposes an intuitive method to poison the predictions that prevent distillation-based attacks; this is the first work to consider such a poisoning approach in hardware-implemented NNs. The proposed technique obfuscates a NN so an attacker cannot train the NN entirely or accurately. We elaborate a threat model which highlights the difference between random logic obfuscation and the obfuscation of NN IP. Based on this threat model, our security analysis shows that the poisoning successfully and significantly reduces the accuracy of the stolen NN model on various representative datasets. Moreover, the accuracy and prediction distributions are maintained, no functionality is disturbed, nor are high overheads incurred. Finally, we highlight that our proposed approach is flexible and does not require manipulation of the NN toolchain.

Cryptography and Security,Hardware Architecture,Machine Learning

Yi-Fei Pu,Zhang Yi,Ji-Liu Zhou

DOI: https://doi.org/10.1142/S0129065717500034

Abstract:This paper presents a state-of-the-art application of fractional hopfield neural networks (FHNNs) to defend against chip cloning attacks, and provides insight into the reason that the proposed method is superior to physically unclonable functions (PUFs). In the past decade, PUFs have been evolving as one of the best types of hardware security. However, the development of the PUFs has been somewhat limited by its implementation cost, its temperature variation effect, its electromagnetic interference effect, the amount of entropy in it, etc. Therefore, it is imperative to discover, through promising mathematical methods and physical modules, some novel mechanisms to overcome the aforementioned weaknesses of the PUFs. Motivated by this need, in this paper, we propose applying the FHNNs to defend against chip cloning attacks. At first, we implement the arbitrary-order fractor of a FHNN. Secondly, we describe the implementation cost of the FHNNs. Thirdly, we propose the achievement of the constant-order performance of a FHNN when ambient temperature varies. Fourthly, we analyze the electrical performance stability of the FHNNs under electromagnetic disturbance conditions. Fifthly, we study the amount of entropy of the FHNNs. Lastly, we perform experiments to analyze the pass-band width of the fractor of an arbitrary-order FHNN and the defense against chip cloning attacks capability of the FHNNs. In particular, the capabilities of defense against chip cloning attacks, anti-electromagnetic interference, and anti-temperature variation of a FHNN are illustrated experimentally in detail. Some significant advantages of the FHNNs are that their implementation cost is considerably lower than that of the PUFs, their electrical performance is much more stable than that of the PUFs under different temperature conditions, their electrical performance stability of the FHNNs under electromagnetic disturbance conditions is much more robust than that of the PUFs, and their amount of entropy is significantly higher than that of the PUFs with the same rank circuit scale.

Elena R. Henderson,Jessie M. Henderson,Hiva Shahoei,William V. Oxford,Eric C. Larson,Duncan L. MacFarlane,Mitchell A. Thornton

2024-04-03

Abstract:Physically unclonable functions (PUFs) are designed to act as device 'fingerprints.' Given an input challenge, the PUF circuit should produce an unpredictable response for use in situations such as root-of-trust applications and other hardware-level cybersecurity applications. PUFs are typically subcircuits present within integrated circuits (ICs), and while conventional IC PUFs are well-understood, several implementations have proven vulnerable to malicious exploits, including those perpetrated by machine learning (ML)-based attacks. Such attacks can be difficult to prevent because they are often designed to work even when relatively few challenge-response pairs are known in advance. Hence the need for both more resilient PUF designs and analysis of ML-attack susceptibility. Previous work has developed a PUF for photonic integrated circuits (PICs). A PIC PUF not only produces unpredictable responses given manufacturing-introduced tolerances, but is also less prone to electromagnetic radiation eavesdropping attacks than a purely electronic IC PUF. In this work, we analyze the resilience of the proposed photonic PUF when subjected to ML-based attacks. Specifically, we describe a computational PUF model for producing the large datasets required for training ML attacks; we analyze the quality of the model; and we discuss the modeled PUF's susceptibility to ML-based attacks. We find that the modeled PUF generates distributions that resemble uniform white noise, explaining the exhibited resilience to neural-network-based attacks designed to exploit latent relationships between challenges and responses. Preliminary analysis suggests that the PUF exhibits similar resilience to generative adversarial networks, and continued development will show whether more-sophisticated ML approaches better compromise the PUF and -- if so -- how design modifications might improve resilience.

Cryptography and Security,Optics

Jiliang Zhang,Shuang Peng,Yupeng Hu,Fei Peng,Wei Hu,Jinmei Lai,Jing Ye,Xiangqi Wang

DOI: https://doi.org/10.1109/ats49688.2020.9301586

2020-01-01

Abstract:With the rapid advancements of the artificial intelligence, machine learning, especially neural networks, have shown huge superiority over humans in image recognition, autonomous vehicles and medical diagnosis. However, its opacity and inexplicability provide many chances for malicious attackers. Recent researches have shown that neural networks are vulnerable to adversarial example (AE) attacks. In the testing stage, it fools the model by adding subtle perturbations to the original sample to misclassify the input, which poses a serious threat to safety-critical areas such as autonomous driving. In order to mitigate this threat, this paper proposes a hardware-assisted randomization method against AEs, where an approximate computing technique in hardware, voltage over-scaling (VOS), is used to randomize the training set of the model, then the processed data are used to generate multiple neural network models, finally multiple redundant models are used for the integrated classification and detection of the AEs. Various AE attacks on the proposed defense are evaluated to prove its effectiveness.

Qian Wang,Mingze Gao,Gang Qu

DOI: https://doi.org/10.1145/3194554.3194590

2018-01-01

Abstract:Silicon Physical Unclonable Function (PUF) is arguably the most promising hardware security primitive. In particular, PUFs that are capable of generating a large amount of challenge response pairs (CRPs) can be used in many security applications. However, these CRPs can also be exploited by machine learning attacks to model the PUF and predict its response. In this paper, we first show that, based on data in the public domain, two popular PUFs that can generate CRPs (i.e., arbiter PUF and reconfigurable ring oscillator (RO) PUF) can be broken by simple logistic regression (LR) attack with about 99% accuracy. We then propose a feedback structure to XOR the PUF response with the challenge and challenge the PUF again to generate the response. Results show that this successfully reduces LR's learning accuracy to the lower 50%, but artificial neural network (ANN) learning attack still has an 80% success rate. Therefore, we propose a configurable ring oscillator based dual-mode PUF which works with both odd number of inverters (like the reconfigurable RO PUF) and even number of inverters (like a bistable ring (BR) PUF). Since currently there are no known attacks that can model both RO PUF and BR PUF, the dual-mode PUF will be resistant to modeling attacks as long as we can hide its working mode from the attackers, which we achieve with two practical methods. Finally, we implement the proposed dual-mode PUF on Nexys 4 FPGA boards and collect real measurement to show that it reduces the learning accuracy of LR and ANN to the mid-50% and low 60%, respectively. In addition, it meets the PUF requirements of uniqueness, randomness, and robustness.

Pengpeng Ren,Yongkang Xue,Linglin Jing,Lining Zhang,Runsheng Wang,Zhigang Ji

DOI: https://doi.org/10.1007/s11432-022-3722-8

2023-01-01

Science China Information Sciences

Abstract:The physical unclonable functions (PUFs) are novel cryptographic primitives in modern hardware security systems. Compared with traditional alternatives based on digital keys and non-volatile memory (NVM), the PUF system shows great unclonability, high efficiency, and physical attack resilience. However, the conventional PUF design suffers from weak machine learning immunity, high storage overhead, and unreliability, making it difficult to implement in the Internet of Things (IoT) and edge computing applications. This paper presents a new PUF design that could solve the proposed obstacles. By utilizing the emission probability of traps commonly found in nano-scaled transistors, a model-based PUF system with strong machine learning resistance could be achieved. This PUF design, called Prob-PUF, needs fewer challenge-response pairs (CRPs) space and reveals superior resistance to modeling attacks due to the mixture of stable/random bits in its output response. Moreover, the Prob-PUF system could reach a high level of uniqueness and robustness, making it a potential candidate for future cryptographically secured protocols within the IoT.

Zhao He,Maxim S. Elizarov,Ning Li,Fei Xiang,Andrea Fratalocchi

2024-03-21

Abstract:Quantum artificial intelligence is a frontier of artificial intelligence research, pioneering quantum AI-powered circuits to address problems beyond the reach of deep learning with classical architectures. This work implements a large-scale quantum-activated recurrent neural network possessing more than 3 trillion hardware nodes/cm$^2$, originating from repeatable atomic-scale nucleation dynamics in an amorphous material integrated on-chip, controlled with 0.07 nW electric power per readout channel. Compared to the best-performing reservoirs currently reported, this implementation increases the scale of the network by two orders of magnitude and reduces the power consumption by six, reaching power efficiencies in the range of the human brain, dissipating 0.2 nW/neuron. When interrogated by a classical input, the chip implements a large-scale hardware security model, enabling dictionary-free authentication secure against statistical inference attacks, including AI's present and future development, even for an adversary with a copy of all the classical components available. Experimental tests report 99.6% reliability, 100% user authentication accuracy, and an ideal 50% key uniqueness. Due to its quantum nature, the chip supports a bit density per feature size area three times higher than the best technology available, with the capacity to store more than $2^{1104}$ keys in a footprint of 1 cm$^2$. Such a quantum-powered platform could help counteract the emerging form of warfare led by the cybercrime industry in breaching authentication to target small to large-scale facilities, from private users to intelligent energy grids.

Disordered Systems and Neural Networks,Artificial Intelligence,Cryptography and Security

Shengjie Zhou,Yongliang Chen,Xiaole Cui,Yun Liu

DOI: https://doi.org/10.1109/host54066.2022.9839861

2024-01-01

Abstract:Physical unclonable function (PUF) is regarded as the root of trust of integrated circuits. However, the modeling attack poses a great threat to the PUF circuits. Recently, the non-linear characteristic in the sub-threshold region of MOSFET transistors was applied to construct the PUF circuit against the modeling attacks. This work attacks the sub-threshold current array PUF (SCA-PUF) using an artificial neural network (ANN) model. The ANN model is deliberately designed based on the working principle of the target PUF. In the attacks, the linear functions are used to approximate the nonlinear characteristics of the sub-threshold region, by using the first-order Taylor expansion. The attack results show that the prediction accuracy of the ANN based method reaches 94.4% with 1000 training CRPs, whereas the prediction accuracy of LR algorithm and SVM algorithm are only 75.2% and 77.8%, respectively. It shows that the SCA-PUF is also vulnerable to the modeling attacks, and the ANN method is more powerful compared with the LR and SVM algorithms for the attacks of SCA-PUF.

Zezhong Tu,Yongkang Xue,Pengpeng Ren,Feng Hao,Runsheng Wang,Meng Li,Jianfu Zhang,Zhigang Ji,Ru Huang

DOI: https://doi.org/10.1109/led.2021.3130606

IF: 4.8157

2022-01-01

IEEE Electron Device Letters

Abstract:A novel strong physical unclonable function (PUF), called Probability-based PUF (Prob-PUF), is proposed using the stochastic process of trap emission in nano-scaled transistors. For the first time, the information of trap emission probability is used in the PUF design. This new approach offers ideal immunity to machine learning (ML) attacks. Since Prob-PUF only stores a mathematical model, it naturally avoids the dilemma between the requirement of a large number of challenge-response pairs (CRPs) and the limited storage space, making it a potential solution for future secure storage.

Yean Ru Chen,Tzu Fan Wang,Si-Han Chen,Yi-Chun Kao

DOI: https://doi.org/10.1016/j.micpro.2023.104845

IF: 3.503

2023-04-29

Microprocessors and Microsystems

Abstract:With the significant success of machine learning, there are plenty of innovative neural network designs nowadays. The related applications become more and more pervasive in our daily life, even in life-critical domains such as autopilot and medical diagnosis, etc. In these domains, whether the AI-based system is "secure" or not is a critical issue. In this work, we first present six Hardware Trojan attacks with demonstrations of their impacts on the hardware design of neural networks. When data leakage occurrs, we encode the leakage data to the output and make it more difficult to be detected. Most of our attacks can either achieve more than 98% attack success rate or leak out confidential data without causing any functional violation, with less than 1.5% overhead. We also discuss how to effectively and efficiently detect these Hardware Trojans with formal verification methods and further propose a risk assessment process to constitute a priority guidance to suggest security verification tasks of neuron network hardware. Based on our results, we strongly suggest that security specification and total verification are essential to neuron network designs.

computer science, theory & methods,engineering, electrical & electronic, hardware & architecture

Fan Yao,Adnan Siraj Rakin,Deliang Fan

DOI: https://doi.org/10.48550/arXiv.2003.13746

2020-03-31

Abstract:Security of machine learning is increasingly becoming a major concern due to the ubiquitous deployment of deep learning in many security-sensitive domains. Many prior studies have shown external attacks such as adversarial examples that tamper with the integrity of DNNs using maliciously crafted inputs. However, the security implication of internal threats (i.e., hardware vulnerability) to DNN models has not yet been well understood. In this paper, we demonstrate the first hardware-based attack on quantized deep neural networks-DeepHammer-that deterministically induces bit flips in model weights to compromise DNN inference by exploiting the rowhammer vulnerability. DeepHammer performs aggressive bit search in the DNN model to identify the most vulnerable weight bits that are flippable under system constraints. To trigger deterministic bit flips across multiple pages within reasonable amount of time, we develop novel system-level techniques that enable fast deployment of victim pages, memory-efficient rowhammering and precise flipping of targeted bits. DeepHammer can deliberately degrade the inference accuracy of the victim DNN system to a level that is only as good as random guess, thus completely depleting the intelligence of targeted DNN systems. We systematically demonstrate our attacks on real systems against 12 DNN architectures with 4 different datasets and different application domains. Our evaluation shows that DeepHammer is able to successfully tamper DNN inference behavior at run-time within a few minutes. We further discuss several mitigation techniques from both algorithm and system levels to protect DNNs against such attacks. Our work highlights the need to incorporate security mechanisms in future deep learning system to enhance the robustness of DNN against hardware-based deterministic fault injections.

Cryptography and Security,Machine Learning

Nils Wisiol,Bipana Thapaliya,Khalid T. Mursi,Jean-Pierre Seifert,Yu Zhuang

DOI: https://doi.org/10.1109/tifs.2022.3189533

IF: 7.231

2022-08-02

IEEE Transactions on Information Forensics and Security

Abstract:By revisiting, improving, and extending recent neural-network based modeling attacks on XOR Arbiter PUFs from the literature, we show that XOR Arbiter PUFs, (XOR) Feed-Forward Arbiter PUFs, and Interpose PUFs can be attacked faster, up to larger security parameters, and with an order of magnitude fewer challenge-response pairs than previously known both in simulation and in silicon data. To support our claim, we discuss the differences and similarities of recently proposed modeling attacks and offer a fair comparison of the performance of these attacks by implementing all of them using the popular machine learning framework Keras and comparing their performance against the well-studied Logistic Regression attack. Our findings show that neural-network-based modeling attacks have the potential to outperform traditional modeling attacks on PUFs and must hence become part of the standard toolbox for PUF security analysis; the code and discussion in this paper can serve as a basis for the extension of our results to PUF designs beyond the scope of this work.

Shuai Chen,Bing Li,Ziheng Chen,Yan Zhang,Caicai Wang,Cheng Tao

DOI: https://doi.org/10.1109/jiot.2021.3065836

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:Physical unclonable function (PUF) has emerged as an attractive hardware primitive for lightweight authentication in the Internet of Things (IoT). However, strong-PUF-based authentication schemes are threatened by powerful machine learning attacks. Therefore, dedicated lightweight protocols are required to preserve the privacy of the embedded strong PUF. In this article, we show that the "availability" and "reliability" features of Shamir's secret sharing (SSS) can be applied to address the security issue. In protocol A, the mappings between challenges and responses are randomly shuffled to resist the machine learning attacks. Leveraging the "availability" feature of SSS, the verification process is unaffected by the randomized challenge–response pairs (CRPs) at the server end. Moreover, the "reliability" feature of SSS provides the error-tolerant characteristic in our protocol, which is suitable for the noisy PUFs. Protocol A also presented a method to securely store the CRPs at the server side. The improved protocol A optimizes protocol A by eliminating the response storage and matching process at the server end. In protocol B, we present a mutual authentication protocol, where no response is exposed to the adversary. Protocol B can be classified as the lightweight protocol because it can avoid the use of cryptographic algorithms and error-correcting codes. We rigorously analyze and prove the security of our protocols with formal security proofs, informal security analysis, and several selected machine learning techniques, including logistic regression (LR), the deep neural network (DNN), approximate attack, AutoGluon-Tabular, and a new brute-force machine learning attack. Furthermore, we present an efficient implementation of our protocols on FPGA. The experimental results sh-w the feasibility and practicability of our protocols under different parameters.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yansong Gao,Jianrong Yao,Lihui Pang,Wei Yang,Anmin Fu,Said F. Al-Sarawi,Derek Abbott

DOI: https://doi.org/10.48550/arXiv.2207.09744

2023-01-10

Abstract:To improve the modeling resilience of silicon strong physical unclonable functions (PUFs), in particular, the APUFs, that yield a very large number of challenge response pairs (CRPs), a number of composited APUF variants such as XOR-APUF, interpose-PUF (iPUF), feed-forward APUF (FF-APUF),and OAX-APUF have been devised. When examining their security in terms of modeling resilience, utilizing multiple information sources such as power side channel information (SCI) or/and reliability SCI given a challenge is under-explored, which poses a challenge to their supposed modeling resilience in practice. Building upon multi-label/head deep learning model architecture,this work proposes Multi-Label Multi-Side-channel-information enabled deep learning Attacks (MLMSA) to thoroughly evaluate the modeling resilience of aforementioned APUF variants. Despite its simplicity, MLMSA can successfully break large-scaled APUF variants, which has not previously been achieved. More precisely, the MLMSA breaks 128-stage 30-XOR-APUF, (9, 9)- and (2, 18)-iPUFs, and (2, 2, 30)-OAX-APUF when CRPs, power SCI and reliability SCI are concurrently used. It breaks 128-stage 12-XOR-APUF and (2, 2, 9)-OAX-APUF even when only the easy-to-obtain reliability SCI and CRPs are exploited. The 128-stage six-loop FF-APUF and one-loop 20-XOR-FF-APUF can be broken by simultaneously using reliability SCI and CRPs. All these attacks are normally completed within an hour with a standard personalcomputer. Therefore, MLMSA is a useful technique for evaluating other existing or any emerging strong PUF designs.

Cryptography and Security