Cryptology ePrint Archive: Report 2020/145

Self-Secured PUF: Protecting the Loop PUF by Masking

Lars Tebelmann and Jean-Luc Danger and Michael Pehl

Abstract: Physical Unclonable Functions (PUFs) provide means to generate chip individual keys, especially for low-cost applications such as the Internet of Things (IoT). They are intrinsically robust against reverse engineering, and more cost-effective than non-volatile memory (NVM). For several PUF primitives, countermeasures have been proposed to mitigate side-channel weaknesses. However, most mitigation techniques require substantial design effort and/or complexity overhead, which cannot be tolerated in low-cost IoT scenarios. In this paper, we first analyze side-channel vulnerabilities of the Loop PUF, an area efficient PUF implementation with a configurable delay path based on a single ring oscillator (RO). We provide side-channel analysis (SCA) results from power and electromagnetic measurements. We confirm that oscillation frequencies are easily observable and distinguishable, breaking the security of unprotected Loop PUF implementations. Second, we present a low-cost countermeasure based on temporal masking to thwart SCA that requires only one bit of randomness per PUF response bit. The randomness is extracted from the PUF itself creating a self-secured PUF. The concept is highly effective regarding security, low complexity, and low design constraints making it ideal for applications like IoT. Finally, we discuss trade-offs of side-channel resistance, reliability, and latency as well as the transfer of the countermeasure to other RO-based PUFs.

Category / Keywords: Physically Unclonable Function; Side-Channel Analysis; RO PUF; Loop PUF; Masking; Countermeasure; IoT

Original Publication (in the same form): COSADE 2020

Date: received 10 Feb 2020

Contact author: lars tebelmann at tum de

Available format(s): PDF | BibTeX Citation

Note: The paper is to be published at COSADE 2020.

Version: 20200210:194302 (All versions of this report)

Short URL: ia.cr/2020/145


[ Cryptology ePrint archive ]