Conference Paper

The Bistable Ring PUF: A new architecture for strong Physical Unclonable Functions.

DOI: 10.1109/HST.2011.5955011 Conference: HOST 2011, Proceedings of the 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 5-6 June 2011, San Diego, California, USA
Source: DBLP

ABSTRACT This paper introduces a new architecture for circuit- based Physical Unclonable Functions (PUFs) which we call the Bistable Ring PUF (BR-PUF). Based on experimental results obtained from FPGA-based implementations of the BR-PUF, the quality of this new design is discussed in different aspects, including uniqueness and reliability. On the basis of the observed complexity in the challenge-response behavior of BR-PUFs, we argue that this new PUF could be a promising candidate for Strong PUFs. Our design shows noticeable temperature sensitivity, but we discuss how this problem can be addressed by additional hardware and protocol measures.

  • [Show abstract] [Hide abstract]
    ABSTRACT: In recent years, PUF-based schemes have not only been suggested for the basic security tasks of tamper sensitive key storage or system identification, but also for more complex cryptographic protocols like oblivious transfer (OT), bit commitment (BC), or key exchange (KE). In these works, so-called "Strong PUFs" are regarded as a new, fundamental cryptographic primitive of their own, comparable to the bounded storage model, quantum cryptography, or noisebased cryptography. This paper continues this line of research, investigating the correct adversarial attack model and the actual security of such protocols. In its first part, we define and compare different attack models. They reach from a clean, first setting termed the "stand-alone, good PUF model" to stronger scenarios like the "bad PUF model" and the "PUF re-use model". We argue why these attack models are realistic, and that existing protocols would be faced with them if used in practice. In the second part, we execute exemplary security analyses of existing schemes in the new attack models. The evaluated protocols include recent schemes from Brzuska et al. published at Crypto 2011 [1] and from Ostrovsky et al. [18]. While a number of protocols are certainly secure in their own, original attack models, the security of none of the considered protocols for OT, BC, or KE is maintained in all of the new, realistic scenarios. One consequence of our work is that the design of advanced cryptographic PUF protocols needs to be strongly reconsidered. Furthermore, it suggests that Strong PUFs require additional hardware properties in order to be broadly usable in such protocols: Firstly, they should ideally be "erasable", meaning that single PUF-responses can be erased without affecting other responses. If the area efficient implementation of this feature turns out to be difficult, new forms of Controlled PUFs [8] (such as Logically Erasable and Logically Reconfigurable PUFs [13]) may suffice in certain applications. Se- ondly, PUFs should be "certifiable", meaning that one can verify that the PUF has been produced faithfully and has not been manipulated in any way afterwards. The combined implementation of these features represents a pressing and challenging problem, which we pose to the PUF hardware community in this work.
    Security and Privacy (SP), 2013 IEEE Symposium on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: Silicon physically unclonable functions (PUFs) are circuits that exploit modern manufacturing variations to generate unique signatures for chip authentication and cryptographic key generation. Existing research has focused on improving PUF quality at architectural or design levels, but has ignored opportunities available during fabrication, which is the source of systematic and random variation in (ICs)/PUFs. For typical ICs (where security is not a concern), optical proximity correction (OPC) is used to suppress both these types of variations. However, several prior works have shown that only systematic variations negatively impact PUF quality and random variations are beneficial for PUFs. In this paper, we propose two PUF-aware OPC cost functions: 1) P-OPC generates a PUF lithography mask that increases all variations in PUF circuitry (the opposite of state-of-the-art OPC), and 2) SVC-OPC generates mask patterns that reduce the systematic variation found in PUFs for better quality. Simulation results for ring oscillator (RO) PUFs show that the proposed techniques can improve PUF signature quality compared to current state-of-the-art OPC.
    IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems 01/2013; 32(12):1879-1891. · 1.09 Impact Factor
  • [Show abstract] [Hide abstract]
    ABSTRACT: We discuss numerical modeling attacks on several proposed strong physical unclonable functions (PUFs). Given a set of challenge-response pairs (CRPs) of a Strong PUF, the goal of our attacks is to construct a computer algorithm which behaves indistinguishably from the original PUF on almost all CRPs. If successful, this algorithm can subsequently impersonate the Strong PUF, and can be cloned and distributed arbitrarily. It breaks the security of any applications that rest on the Strong PUF's unpredictability and physical unclonability. Our method is less relevant for other PUF types such as Weak PUFs. The Strong PUFs that we could attack successfully include standard Arbiter PUFs of essentially arbitrary sizes, and XOR Arbiter PUFs, Lightweight Secure PUFs, and Feed-Forward Arbiter PUFs up to certain sizes and complexities. We also investigate the hardness of certain Ring Oscillator PUF architectures in typical Strong PUF applications. Our attacks are based upon various machine learning techniques, including a specially tailored variant of logistic regression and evolution strategies. Our results are mostly obtained on CRPs from numerical simulations that use established digital models of the respective PUFs. For a subset of the considered PUFs-namely standard Arbiter PUFs and XOR Arbiter PUFs-we also lead proofs of concept on silicon data from both FPGAs and ASICs. Over four million silicon CRPs are used in this process. The performance on silicon CRPs is very close to simulated CRPs, confirming a conjecture from earlier versions of this work. Our findings lead to new design requirements for secure electrical Strong PUFs, and will be useful to PUF designers and attackers alike.
    IEEE Transactions on Information Forensics and Security 01/2013; 8(11):1876-1891. · 1.90 Impact Factor