### Active and Passive Side-Channel Attacks on Delay Based PUF Designs

Georg T. Becker and Raghavan Kumar

##### Abstract

Physical Unclonable Functions (PUFs) have emerged as a lightweight alternative to traditional cryptography. The fact that no secret key needs to be stored in non-volatile memory makes PUFs especially well suited for embedded systems in which securely generating and storing secret keys is difficult and expensive. Compared to traditional cryptography, PUFs are often believed to be more resistant to implementation attacks. In this paper we will take a closer look at this assumption. Using a controlled Arbiter PUF as an example, we show that just like traditional cryptography strong PUFs are susceptible to implementation attacks. By combining machine learning with with side-channel analysis we are able to attack designed based on Arbiter PUFs that on are resistant to normal machine learning attacks. We use two different side-channels for our attacks: a passive power side-channel and an active fault attack based on altering the supply voltage of the controlled PUF. Even in the presence of considerable noise both attacks can accurately model the Controlled Arbiter PUF. Hence, the assumption that PUFs are generally more resistant against side-channel attacks is not necessarily true and side-channel resistance needs to be considered when PUF designs are evaluated.

Available format(s)
Publication info
Preprint. MINOR revision.
Keywords
Side-channel analysismachine learningPhysical Unclonable FunctionArbiter-PUFfault attackCPA
Contact author(s)
Georg Becker @ rub de
History
Short URL
https://ia.cr/2014/287

CC BY

BibTeX

@misc{cryptoeprint:2014/287,
author = {Georg T.  Becker and Raghavan Kumar},
title = {Active and Passive Side-Channel Attacks on Delay Based PUF Designs},
howpublished = {Cryptology ePrint Archive, Paper 2014/287},
year = {2014},
note = {\url{https://eprint.iacr.org/2014/287}},
url = {https://eprint.iacr.org/2014/287}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.