Paper 2016/606

Strong Machine Learning Attack against PUFs with No Mathematical Model

Fatemeh Ganji, Shahin Tajik, Fabian Fäßler, and Jean-Pierre Seifert

Abstract

Although numerous attacks revealed the vulnerability of different PUF families to non-invasive Machine Learning (ML) attacks, the question is still open whether all PUFs might be learnable. Until now, virtually all ML attacks rely on the assumption that a mathematical model of the PUF functionality is known a priori. However, this is not always the case, and attention should be paid to this important aspect of ML attacks. This paper aims to address this issue by providing a provable framework for ML attacks against a PUF family, whose underlying mathematical model is unknown. We prove that this PUF family is inherently vulnerable to our novel PAC (Probably Approximately Correct) learning framework. We apply our ML algorithm on the Bistable Ring PUF (BR-PUF) family, which is one of the most interesting and prime examples of a PUF with an unknown mathematical model. We practically evaluate our ML algorithm through extensive experiments on BR-PUFs implemented on Field-Programmable Gate Arrays (FPGA). In line with our theoretical findings, our experimental results strongly confirm the effectiveness and applicability of our attack. This is also interesting since our complex proof heavily relies on the spectral properties of Boolean functions, which are known to hold only asymptotically. Along with this proof, we further provide the theorem that all PUFs must have some challenge bit positions, which have larger influences on the responses than other challenge bits.

Metadata
Available format(s)
PDF
Publication info
Published by the IACR in CHES 2016
Keywords
Machine LearningPAC LearningBoosting TechniqueFourier AnalysisPhysically Unclonable Functions (PUFs)
Contact author(s)
stajik @ sec t-labs tu-berlin de
History
2016-06-14: received
Short URL
https://ia.cr/2016/606
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/606,
      author = {Fatemeh Ganji and Shahin Tajik and Fabian Fäßler and Jean-Pierre Seifert},
      title = {Strong Machine Learning Attack against {PUFs} with No Mathematical Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/606},
      year = {2016},
      url = {https://eprint.iacr.org/2016/606}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.