Paper 2015/471

A Challenge Obfuscation Method for Thwarting Model Building Attacks on PUFs

Yansong Gao, Damith C. Ranasinghe, Gefei Li, Said F. Al-Sarawi, Omid Kavehei, and Derek Abbott


Physical Unclonable Functions (PUFs), as novel lightweight hardware security primitives, provide a higher level security with lower power and area overhead in comparison with traditional cryptographic solutions. However, it has been demonstrated that PUFs are vulnerable to model building attacks, especially those using linear additive functions such as Arbiter PUF (APUF) and k-sum PUF as building units. Nevertheless, both APUFs and k-sum PUFs are highly desirable security primitives, especially for authentication, because they are capable of producing a huge number of challenge response pairs (CRPs) and can be easily integrated into silicon. In this paper, we actually rely on the demonstrated vulnerability of PUFs to model building attacks as well as the relative ease with which this can be achieved to develop a new parameter-based authentication protocol based on obfuscating challenges sent to PUFs and their subsequent recovery. We show, using statistical analysis and model building attacks using published approaches, that constructing a model using machine learning techniques are infeasible when our proposed method is employed. Finally, we also demonstrate that our challenge obfuscation and recovery method can be successfully used for secure key exchange between two parties.

Available format(s)
Publication info
Preprint. MINOR revision.
Physical Uncloanble Functionobfuscationmodel building attackshardware securityauthentication.
Contact author(s)
Yansong gao @ adelaide edu au
damith @ adelaide edu au
2015-05-19: received
Short URL
Creative Commons Attribution


      author = {Yansong Gao and Damith C.  Ranasinghe and Gefei Li and Said F.  Al-Sarawi and Omid Kavehei and Derek Abbott},
      title = {A Challenge Obfuscation Method for Thwarting Model Building Attacks on PUFs},
      howpublished = {Cryptology ePrint Archive, Paper 2015/471},
      year = {2015},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.