Abstract
To compensate for the poor reliability of Physical Unclonable Function (PUF) primitives, some low complexity solutions not requiring error-correcting codes (ECC) have been proposed. One simple method is to discard less reliable bits, which are indicated in the helper data stored inside the PUF. To avoid discarding bits, the Two-metric Helper Data (TMH) method, which particularly applies to oscillation-based PUFs, allows to keep all bits by using different metrics when deriving the PUF response. However, oscillation-based PUFs are sensitive to side-channel analysis (SCA) since the frequencies of the oscillations can be observed by current or electromagnetic measurements. This paper studies the security of PUFs using TMH in order to obtain both reliable and robust PUF responses. We show that PUFs using TMH are sensitive to SCA, but can be greatly improved by using temporal masking and adapted extraction metrics. In case of public helper data, an efficient protection requires the randomization of the measurement order. We study two different solutions, providing interesting insights into trade-offs between security and complexity.
This work was partly funded by the German Ministry of Education and Research in the project SecForCARs under grant number 01KIS0795 and under the SPARTA project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement number 830892.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Note that the device observes only \(\sigma _{osc.}\) during reconstruction, i.e., the attacker is always in a worse position compared to the reconstruction.
- 2.
- 3.
We also investigated inserting a zero randomly at the beginning or end of the state before masking. For index zero we selected the Loop PUF under the all zero/all one challenge. However, the results were equivalent to the ones shown in this work.
- 4.
Intel(R) Core(TM) i7-6700 CPU; 3.40 GHz; 4 cores; 16 GB RAM.
- 5.
Note: For the standard normal distribution \(\mu =0\), \(\sigma =1\), the resulting value are \(|\pm T1|=0.31863936\), \(|\pm a|=0.67448975\) and \(|\pm T2|=1.15034938\). Depending on \(\sigma \), the value are scaled accordingly. Notably the points that define the octiles are not equidistant.
References
Becker, G.T.: Robust fuzzy extractors and helper data manipulation attacks revisited: theory versus practice. IEEE Trans. Dependable Secure Comput. 16(5), 783–795 (2019). https://doi.org/10.1109/TDSC.2017.2762675
Cherif, Z., Danger, J., Guilley, S., Bossuet, L.: An easy-to-design PUF based on a single oscillator: the loop PUF. In: 2012 15th Euromicro Conference on Digital System Design, pp. 156–162, September 2012. https://doi.org/10.1109/DSD.2012.22
Danger, J.L., Guilley, S., Schaub, A.: Two-metric helper data for highly robust and secure delay PUFs. In: 2019 IEEE 8th International Workshop on Advances in Sensors and Interfaces (IWASI), pp. 184–188. IEEE (2019)
Delvaux, J., Verbauwhede, I.: Attacking PUF-based pattern matching key generators via helper data manipulation. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 106–131. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-04852-9_6
Delvaux, J., Verbauwhede, I.: Key-recovery attacks on various RO PUF constructions via helper data manipulation. In: 2014 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1–6 (2014). https://doi.org/10.7873/DATE.2014.085
Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: how to generate strong keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_31
Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA intrinsic PUFs and their use for IP protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74735-2_5
Houghton, A.: Error Coding for Engineers. Springer, Boston (2001). https://doi.org/10.1007/978-1-4615-1509-8
Katzenbeisser, S., Kocabaş, Ü., Rožić, V., Sadeghi, A.-R., Verbauwhede, I., Wachsmann, C.: PUFs: myth, fact or busted? A security evaluation of physically unclonable functions (PUFs) cast in silicon. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 283–301. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_17
Maes, R., Van Herrewege, A., Verbauwhede, I.: PUFKY: a fully functional PUF-based cryptographic key generator. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 302–319. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33027-8_18
Merli, D., Heyszl, J., Heinz, B., Schuster, D., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of RO PUFs. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 19–24, June 2013. https://doi.org/10.1109/HST.2013.6581559
Merli, D., Schuster, D., Stumpf, F., Sigl, G.: Semi-invasive EM attack on FPGA RO PUFs and countermeasures. In: 6th Workshop on Embedded Systems Security (WESS 2011). ACM, March 2011. https://doi.org/10.1145/2072274.2072276
Merli, D., Stumpf, F., Sigl, G.: Protecting PUF error correction by codeword masking. IACR Cryptology ePrint Archive 334 (2013). http://eprint.iacr.org/2013/334
Pehl, M., Hiller, M., Sigl, G.: Secret key generation for physical unclonable functions, pp. 362–389. Cambridge University Press (2017). https://doi.org/10.1017/9781316450840.014
Schaub, A., Danger, J., Guilley, S., Rioul, O.: An improved analysis of reliability and entropy for delay PUFs. In: 21st Euromicro Conference on Digital System Design, DSD 2018, Prague, Czech Republic, 29–31 August 2018, pp. 553–560 (2018). https://doi.org/10.1109/DSD.2018.00096
Shiozaki, M., Fujino, T.: Simple electromagnetic analysis attacks based on geometric leak on an ASIC implementation of ring-oscillator PUF. In: Proceedings of the 3rd ACM Workshop on Attacks and Solutions in Hardware Security Workshop, ASHES 2019, pp. 13–21. ACM, New York (2019). https://doi.org/10.1145/3338508.3359569
Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE Proceedings of the Design Automation Conference (DAC 2007), pp. 9–14 (2007)
Tebelmann, L., Danger, J.-L., Pehl, M.: Self-secured PUF: protecting the loop PUF by masking. In: Bertoni, G.M., Regazzoni, F. (eds.) COSADE 2020. LNCS, vol. 12244, pp. 293–314. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68773-1_14
Tebelmann, L., Pehl, M., Sigl, G.: EM side-channel analysis of BCH-based error correction for PUF-based key generation. In: Proceedings of the 2017 Workshop on Attacks and Solutions in Hardware Security, ASHES 2017, pp. 43–52. ACM, New York (2017). https://doi.org/10.1145/3139324.3139328
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Attacker with Helper Data Access and No Temporal Masking
A Attacker with Helper Data Access and No Temporal Masking
We assume that the attacker can read the helper data, but the temporal masking countermeasure is not activated. We show how this additional information affects the attack highlighting that the TMH scheme without further protection enables SCA. This notion is rather of theoretical interest as without temporal masking, the frequency difference \(df_{}\) would be revealed independently of the helper data scheme. However, the results show that the reliability information of the TMH can also be exploited by the attacker and improves the attack compared to the scenario without helper data knowledge.
Figures 8a and 8b depict the attack scenario assuming helper data knowledge. As an example, the use of metric M1 is depicted, where an attacker can use the bounds \(-{T1}^{\star }\) and \({T2}^{\star }\)instead of \(\pm a^{\star }\) if no helper data is known. Compared to Figs. 2a and 2b, the red area below the distribution of observed values is significantly smaller. This indicates that the attacker benefits from the reliability information encoded in the helper data and is formalized in the following.
Assuming metric M1 and the value \(df_{}> a\) during enrollment the actual PUF bit is \(k_{C}\) = 0 according to Eqs. (2) and (3). The attacker will know that M1 is the metric but any observed value \({T1}^{\star }\le df^{\prime }_{C}< {T2}^{\star }\) is decoded as \(\hat{k}_{C}=1\ne k_{C}\). In other words any perturbation \({T1}^{\star }-df_{}< \epsilon < {T2}^{\star }-df_{} \) will lead to an error in the attack. Now for \(df^{\star }_{}\sim \mathcal {N}(df_{}, \sigma _{adv.})\), the probability for this event is
The boundaries \(-{T1}^{\star }\) and \({T2}^{\star }\) depend on the noise the attacker facesFootnote 5, thus Eq. (14) establishes a relationship between the SNR and failure probability. Similarly, for the case when the metric is M1 and \(k_{C}=1\), the failure probability is:
In an analogous way the failure probability for metric M2 with \(k_{C}=0\) is defined as
and for metric M2 with \(k_{C}=1\) it results in
From the probabilities in Eqs. (14) to (17), which define the entire support of \(df_{}\), the overall success probability to recover a PUF bit is given by
Figure 9 depicts the success probability for different levels of noise \(\sigma _{adv.}\) an attacker faces and depending on the enrollment value \(df_{}\). The results show that \(df_{}\approx \pm a\) and \(df_{}\approx 0\) contain most uncertainty for the attacker, i.e., it is most likely that the estimated value for the PUF bit \(k^{\prime }_{C}\) is wrong. The attacker faces the highest uncertainty for values of \(df_{}\) close to the boundary between \(\hat{k}_{}= 0\) and \(\hat{k}_{}= 1\). On the one hand, this means the attack will not yield a 100% success rate for all PUF bits. On the other hand, the attacker is provided with reliability information for the attack results that allow for developing a smart guessing strategy.
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Tebelmann, L., Kühne, U., Danger, JL., Pehl, M. (2021). Analysis and Protection of the Two-Metric Helper Data Scheme. In: Bhasin, S., De Santis, F. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2021. Lecture Notes in Computer Science(), vol 12910. Springer, Cham. https://doi.org/10.1007/978-3-030-89915-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-89915-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89914-1
Online ISBN: 978-3-030-89915-8
eBook Packages: Computer ScienceComputer Science (R0)