Paper 2016/769

Low-temperature data remanence attacks against intrinsic SRAM PUFs

Nikolaos Athanasios Anagnostopoulos, Stefan Katzenbeisser, Markus Rosenstihl, André Schaller, Sebastian Gabmeyer, and Tolga Arul


In this paper, we present the first systematic investigation of data remanence effects on an intrinsic Static Random Access Memory Physical Unclonable Function (SRAM PUF) implemented on a commercial off-the-shelf (COTS) device in a temperature range between -110° C and -40° C. Although previous studies investigated data remanence in SRAMs only at temperatures above -50° C, our experimental results clearly indicate that the extended temperature region we examine has dramatic effects on the security of intrinsic SRAM PUFs. We propose a number of different attacks and experimentally verify that data remanence effects can be exploited successfully to attack intrinsic SRAM PUFs on a COTS device, where the (micro)processor and the SRAM reside on the same die. Our experimental attack writes a bit-string to memory and freezes the device. Due to data remanence effects the attacker-known bit-string remains in memory and is subsequently read out by the bootloader to generate the PUF response. In this way, the attacker is able to construct a forged secret key by manipulating the PUF response. Finally, we also discuss and assess potential countermeasures against the attacks we examine.

Available format(s)
Publication info
Preprint. MINOR revision.
Data remanencestatic random access memory (SRAM)physical unclonable function (PUF)low temperatureattack
Contact author(s)
anagnostopoulos @ cdc informatik tu-darmstadt de
2016-08-12: received
Short URL
Creative Commons Attribution


      author = {Nikolaos Athanasios Anagnostopoulos and Stefan Katzenbeisser and Markus Rosenstihl and André Schaller and Sebastian Gabmeyer and Tolga Arul},
      title = {Low-temperature data remanence attacks against intrinsic SRAM PUFs},
      howpublished = {Cryptology ePrint Archive, Paper 2016/769},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.