Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Breaking the lightweight secure PUF: Understanding the relation of input transformations and machine learning resistance

: Wisiol, N.; Becker, G.T.; Margraf, M.; Soroceanu, T.A.A.; Tobisch, J.; Zengin, B.


Belaid, Sonia:
Smart Card Research and Advanced Applications. 18th International Conference, CARDIS 2019 : Prague, Czech Republic, November 11-13, 2019, Revised Selected Papers
Cham: Springer Nature, 2020 (Lecture Notes in Computer Science 11833)
ISBN: 978-3-030-42067-3 (Print)
ISBN: 978-3-030-42068-0 (Online)
International Conference on Smart Card Research and Advanced Applications (CARDIS) <18, 2019, Prague>
Fraunhofer AISEC ()

Physical Unclonable Functions (PUFs) and, in particular, strong PUFs such as the XOR Arbiter PUF have gained much research interest as an authentication mechanism for embedded systems. One of the biggest problems of strong PUFs is their vulnerability to so called machine learning attacks. In this paper, we take a closer look at one aspect of machine learning attacks that has not yet gained the needed attention: the generation of the sub-challenges in XOR Arbiter PUFs fed to the individual Arbiter PUFs. Specifically, we look at one of the most popular ways to generate sub-challenges based on a combination of permutations and XORs as it has been described for the “Lightweight Secure PUF”. Previous research suggested that using such a sub-challenge generation increases the machine learning resistance significantly.
Our contribution in the field of sub-challenge generation is three-fold: First, drastically improving attack results by Rührmair et al., we describe a novel attack that can break the Lightweight Secure PUF in time roughly equivalent to an XOR Arbiter PUF without transformation of the challenge input. Second, we give a mathematical model that gives insight into the weakness of the Lightweight Secure PUF and provides a way to study generation of sub-challenges in general. Third, we propose a new, efficient, and cost-effective way for sub-challenge generation that mitigates the attack strategy we used and outperforms the Lightweight Secure PUF in both machine learning resistance and resource overhead.