Paper 2021/830

Analysis and Protection of the Two-metric Helper Data Scheme

Lars Tebelmann, Ulrich Kühne, Jean-Luc Danger, and Michael Pehl

Abstract

To compensate for the poor reliability of Physical Unclonable Function (PUF) primitives, some low complexity solutions not requiring error-correcting codes (ECC) have been proposed. One simple method is to discard less reliable bits, which are indicated in the helper data stored inside the PUF. To avoid discarding bits, the Two-metric Helper Data (TMH) method, which particularly applies to oscillation-based PUFs, allows to keep all bits by using different metrics when deriving the PUF response. However, oscillation-based PUFs are sensitive to side-channel analysis (SCA) since the frequencies of the oscillations can be observed by current or electromagnetic measurements. This paper studies the security of PUFs using TMH in order to obtain both reliable and robust PUF responses. We show that PUFs using TMH are sensitive to SCA, but can be greatly improved by using temporal masking and adapted extraction metrics. In case of public helper data, an efficient protection requires the randomization of the measurement order. We study two different solutions, providing interesting insights into trade-offs between security and complexity.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. COSADE 2021
Keywords
PUFSide-Channel AnalysisTwo-metric Helper DataLFSR-based ProtectionPermutationCountermeasures
Contact author(s)
lars tebelmann @ tum de
History
2021-06-21: received
Short URL
https://ia.cr/2021/830
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/830,
      author = {Lars Tebelmann and Ulrich Kühne and Jean-Luc Danger and Michael Pehl},
      title = {Analysis and Protection of the Two-metric Helper Data Scheme},
      howpublished = {Cryptology {ePrint} Archive, Paper 2021/830},
      year = {2021},
      url = {https://eprint.iacr.org/2021/830}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.