Paper 2018/350

The Interpose PUF: Secure PUF Design against State-of-the-art Machine Learning Attacks

Phuong Ha Nguyen and Durga Prasad Sahoo and Chenglu Jin and Kaleel Mahmood and Ulrich Rührmair and Marten van Dijk

Abstract

Silicon Physically Unclonable Functions (PUFs) have been proposed as an emerging hardware security primitive in various applications such as device identification, authentication and cryptographic key generation. Despite their potential, PUF designs based on the Arbiter PUF (APUF) are vulnerable to classical machine learning attacks, which use challenge response pairs. Classical machine learning can be mitigated in the $x$-XOR APUF when enough APUF components have been employed (high $x$). However, reliability based machine learning attacks cannot be prevented by increasing $x$. In this paper, we study the most prominent reliability based machine learning attack, the CMA-ES reliability attack. This work is the first to provide analysis and experimentation to explain under which conditions the CMA-ES reliability attack succeeds and where it fails. Based on these insights, we develop two key contributions. First, we demonstrate how the accuracy of the CMA-ES reliability attack can be improved through enhanced modeling. Second, we propose a new PUF design, the $(x,y)$-Interpose PUF. Through theory and simulation, we show our new PUF model is not vulnerable to the CMA-ES reliability attack, classical machine learning attacks and special attacks that approximate the Interpose PUF as an XOR APUF. In addition, we determine that the security of the IPUF can be reduced to the security of an XOR APUF under classical machine learning attacks, whose complexity depends exponentially on the number of component APUFs in the XOR APUF as shown in the literature. We also show our proposed $(x,y)$-Interpose PUF design is twice as reliable as an $(x+y)$ XOR APUF while using the same hardware overhead as an $(x+y)$ XOR APUF.