TY - JOUR
T1 - A Modeling Attack Resistant Deception Technique for Securing Lightweight-PUF based Authentication
AU - Gu, Chongyan
AU - Chang, Chip Hong
AU - Liu, Weiqiang
AU - Yu, Shichao
AU - Wang, Yale
AU - O'Neill, Maire
PY - 2020/11/10
Y1 - 2020/11/10
N2 - Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. Although PUF itself is lightweight, the ancillary cryptographic primitives required to support secure handshaking in classical PUF-based authentication protocol is not necessarily so. In this paper, we present a modeling attack resistant PUFbased mutual authentication scheme to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF design or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device with a monolithic integration of a genuine Strong PUF (SPUF), a fake PUF, a pseudo random number generator (PRNG), a register, a binary counter, a comparator and a simple controller. The hardware encapsulation makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time-consuming upon device deployment through the same interface. A genuine server can perform a mutual authentication with the device using a combined fresh challenge contributed by both the server and the device. The message exchanged in clear cannot be manipulated by the adversary to derive unused authentic CRPs. The adversary will have to either wait for an impractically long time to collect enough real CRPs by directly querying the device or the ML model derived from the collected CRPs will be poisoned to expose the imposer when it is used to perform a spoofing attack. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time pen...
AB - Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. Although PUF itself is lightweight, the ancillary cryptographic primitives required to support secure handshaking in classical PUF-based authentication protocol is not necessarily so. In this paper, we present a modeling attack resistant PUFbased mutual authentication scheme to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF design or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device with a monolithic integration of a genuine Strong PUF (SPUF), a fake PUF, a pseudo random number generator (PRNG), a register, a binary counter, a comparator and a simple controller. The hardware encapsulation makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time-consuming upon device deployment through the same interface. A genuine server can perform a mutual authentication with the device using a combined fresh challenge contributed by both the server and the device. The message exchanged in clear cannot be manipulated by the adversary to derive unused authentic CRPs. The adversary will have to either wait for an impractically long time to collect enough real CRPs by directly querying the device or the ML model derived from the collected CRPs will be poisoned to expose the imposer when it is used to perform a spoofing attack. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time pen...
U2 - 10.1109/TCAD.2020.3036807
DO - 10.1109/TCAD.2020.3036807
M3 - Article
SN - 0278-0070
JO - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
JF - IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems
ER -