International Association for Cryptologic Research (IACR)
Abstract
We discuss the first power and timing side channels
on Strong Physical Unclonable Functions (Strong PUFs) in the
literature, and describe their efficient exploitation via adapted
machine learning (ML) techniques. Our method is illustrated by
the example of the two currently most secure (CCS 2010, IEEE
T-IFS 2013) electrical Strong PUFs, so-called XOR Arbiter PUFs
and Lightweight PUFs. It allows us for the first time to tackle
these two architectures with a polynomial attack complexity.
In greater detail, our power and timing side channels provide
information on the single outputs of the many parallel Arbiter
PUFs inside an XOR Arbiter PUF or Lightweight PUF. They
indicate how many of these single outputs (in sum) were equal
to one (and how many were equal to zero) before the outputs
entered the final XOR gate. Taken for itself, this side channel
information is of little value, since it does not tell which of the
single outputs were zero or one, respectively. But we show that if
combined with suitably adapted machine learning techniques, it
allows very efficient attacks on the two above PUFs, i.e., attacks
that merely use linearly many challenge-response pairs and lowdegree
polynomial computation times. Without countermeasures,
the two PUFs can hence no longer be called secure, regardless of
their sizes. For comparison, the best-performing pure modeling
attacks on the above two PUFs are known to have an exponential
complexity (CCS 2010, IEEE T-IFS 2013).
The practical viability of new our attacks is firstly demonstrated
by ML experiments on numerically simulated CRPs. We
thereby confirm attacks on the two above PUFs for up to 16
XORs and challenge bitlengths of up to 512. Secondly, we execute
a full experimental proof-of-concept for our timing side channel,
successfully attacking FPGA-implementations of the two above
PUF types for 8, 12, and 16 XORs, and bitlengths 64, 128, 256
and 512. In earlier works (CCS 2010, IEEE T-IFS 2013), 8 XOR
architectures with bitlength 512 had been explicitly suggested as
secure and beyond the reach of foreseeable attacks.
Besides the abovementioned new power and timing side
channels, two other central innovations of our paper are our
tailormade, polynomial ML-algorithm that integrates the side
channel information, and the implementation of Arbiter PUF
variants with up to 16 XORs and bitlength 512 in silicon. To our
knowledge, such sizes have never been implemented before in the
literature. Finally, we discuss efficient countermeasures against
our power and timing side channels. They could and should be
used to secure future Arbiter PUF generations against the latter