Cryptology ePrint Archive: Report 2016/769

Low-temperature data remanence attacks against intrinsic SRAM PUFs

Nikolaos Athanasios Anagnostopoulos and Stefan Katzenbeisser and Markus Rosenstihl and André Schaller and Sebastian Gabmeyer and Tolga Arul

Abstract: In this paper, we present the first systematic investigation of data remanence effects on an intrinsic Static Random Access Memory Physical Unclonable Function (SRAM PUF) implemented on a commercial off-the-shelf (COTS) device in a temperature range between -110° C and -40° C. Although previous studies investigated data remanence in SRAMs only at temperatures above -50° C, our experimental results clearly indicate that the extended temperature region we examine has dramatic effects on the security of intrinsic SRAM PUFs. We propose a number of different attacks and experimentally verify that data remanence effects can be exploited successfully to attack intrinsic SRAM PUFs on a COTS device, where the (micro)processor and the SRAM reside on the same die. Our experimental attack writes a bit-string to memory and freezes the device. Due to data remanence effects the attacker-known bit-string remains in memory and is subsequently read out by the bootloader to generate the PUF response. In this way, the attacker is able to construct a forged secret key by manipulating the PUF response. Finally, we also discuss and assess potential countermeasures against the attacks we examine.

Category / Keywords: Data remanence, static random access memory (SRAM), physical unclonable function (PUF), low temperature, attack

Date: received 9 Aug 2016

Contact author: anagnostopoulos at cdc informatik tu-darmstadt de

Available format(s): PDF | BibTeX Citation

Version: 20160812:172319 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]