pufs and modeling attacks on pufs: a tutorialcryptanalysis of electrical pufs via machine learning...
TRANSCRIPT
Secure Computation Laboratory
Department of Electrical & Computer Engineering
University of Connecticut
PUFs and Modeling Attacks on PUFs: A tutorial
Marten van Dijk
Syed Kamran Haider, Chenglu Jin, Phuong Ha Nguyen
Content
2
PUF’s
introductionPUF’s attacks
Attack’s Flow
Logistic Regression
base MLMA on
APUF
Covariance Matrix
Adaption Evolution
Strategy base MLMA on
APUF and XOR PUF
Concept Applications Categories
Weak PUF (POK):
RO PUF
Strong PUF : APUF,
XORPUF, LPN PUF
Reliability:
Fuzzy Extractor
Physically Unclonable Functions - PUF
Challenge-Response behavior of a given PUF can not be physically cloned and it is unique, i.e., different PUF instances have different Challenge-Response Behaviors
3
Process variations – basement for PUF
4
Courtesy of [1]
Courtesy of [2]
Courtesy of [3]
PUF-based Applications
5
Courtesy of [4]
IP’s protection/ authentication
Courtesy of [5]
Secret key generation
PUF’s classification
6
PUF
Weak PUF
(POK): RO PUF Strong PUF : APUF,
XORPUF, LPN PUF
Weak PUF: Ring Oscillator PUF
7
Courtesy of [9]
Ring Oscillator (RO) Ring Oscillator PUF (RO PUF)
Strong PUF Constructions
Arbiter PUF (APUF)
XOR Arbiter PUF (XOR PUF)
LPN based PUF
8
Arbiter PUF [1]
Blaise Gassend, Dwaine E. Clarke, Marten van Dijk, Srinivas Devadas:Silicon physical random functions. ACM Conference on Computer and Communications Security 2002: 148-160
9
APUF [2]
10
APUF linear delay model [1]
11
Encoding C[i] = 0 (or 1) as +1 (or -1)
APUF linear delay model [2]
12
APUF linear delay model [3]
13
APUF linear delay model [4]
14
The response r = 1 if ∆ < 0. Otherwise, r = 0
Proof of APUF’s linear delay Model
15
XOR PUF
16
Learning Parity with Noise
17
LPN-based PUF
18
LPN-based PUF is a strong PUF design which is based on LPN problem, POK and cryptographic primitives
TRNG and Hash function. (See [10])
Reliability Problem in PUF and Fuzzy Extractor [1]
ALL PUFs exploit the process variations which are not a stable feature. Thus PUF can generate different responses when a challenge is evaluated many times.
Not reliable + not full entroy: cannot directly use POK’s output as secret key
Need a methodology to generate a secret key r which is reliable and has full entropy from POK’s output.
19
POK
w0
w1 ≠w0
rAlgorithm
Reliability Problem in PUF and Fuzzy Extractor [2]
20
POK
w0
w1 ≠w0
rAlgorithm Fuzzy
Extractor
Extractor
Sketch/Gen
w0
r
P: helper dataExtractor
Rec/Decw1
rw0
Gen
p
Fuzzy Extractor: Generation Phase (Gen) and Reproduction Phase (Rep)
Rep
Reliability Problem in PUF and Fuzzy Extractor [3]
21
Courtesy of [11]
Machine Learning Techniques based Modeling Attacks
Logistic Regression
Covariance Matrix Adaption Evolution Strategy
22
Introduction on MLMA
Machine learning techniques based modelling attack (MLMA or MA): using the machine learning technique to model a PUF design
Typically, a mathematical structure of the target PUF design is required. In this context, the mathematical structure is the delay model
The goal: Learning the unknown variables w=(w[0],….,w[n-1],w[n]=1) from the recorded challenge-response pairs (CRPs)
Support Vector Machine (SVM), Logistic Regression (LR), Covariance Matric Adaptation Evolution Strategy (CMA-ES), etc.
23
Basic Steps in MLMA1. Building the model
2. Access the PUF and record a set of CRPs S={(c,r)}
3. Partition the set S into sets S1 and S2
4. Determine which MLMA technique is used
5. The set S1 is used for the phase called: training phase. In this phase, the MLMA is used to learn the unknown variables, i.e., vector w (APUF)
6. The set S2 is used to test the prediction accuracy of model, 𝑤 (APUF)
Note that: the discussion on MLMA in this presentation is based on [6]
24
S={(c,r)}
S1={(c,r)}
S2={(c,r)}
PUF P
Model M
Accuracy
Model M
MLMA
Logistic Regression
25
Courtersy of [7]
Maximum Likelihood Estimator
26
APUF A
𝜃 = 𝑤X1=(C1,R1),
X2=(C2,R2),
….
Xn=(Cn,Rn)
𝜃 = 𝑤
(C1,R’1),
(C2,R’2),
….
(Cn,R’n)
Maximum matchings
(Ri = Ri’)
X1=(C1,R1),
X2=(C2,R2),
….
Xn=(Cn,Rn)
Logistic Regression: Math Background [1]
Let us define
Define the logistic sigmoid function:
Define
27
Logistic Regression: Math Background [2]
28
Logistic Regression: Math Background [3]
Why the correct w should be found by maximizing the function l ?
29
Logistic Regression: Math Background [4]
30
• To find the optimal w of function l, we should
compute the gradient of function l, i.e.
• According to LR algorithm, w is randomly
regenerated at very beginning
• We repeat the following steps until is close
to 0
Step 1: compute
Step 2: update
• When the algorithm stops, w is the desired
model
Logistic Regression: Pseudo Code of LR
31
Enhanced LR Algorithm
Basically, the efficiency of LR can be significantly enhanced by combining Resilient Back Propagation (Rprop)
The Rprop algorithm is described in the following paper: http://deeplearning.cs.cmu.edu/pdfs/Rprop.pdf
In the LR algorithm above, 𝜂 is a constant but in Rprop algorithm, 𝜂 is dynamically changed in each iteration
32
Arbiter: Repeatability –short-term Reliability
33
(C,1),
(C,2),
….
(C,M)
APUF A
(R1=0),
(R2=1),
….
(RM=0)
R = (R1+R2+...+RM)/M
Arbiter PUF: Repeatability and Noise
34
Idea of Attack on APUF using Repeatability
35
[3]: The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES2015, Georg T. Becker
[5]: Side Channel Modeling Attacks on 65nm Arbiter PUFs Exploiting CMOS Device Noise, Delvaux, J., Verbauwhede, I.
CMA ES
36
Courtesy of [7]
Matlab Code of CMAES is available at [8]
CMA-ES Algorithm
37
Courtesy of [8]
CMAES on APUF based on Repeatability: Attack Strategy
38
XOR PUF
40
CMAES based attack on XOR PUF Fact 1: CMAES based attack on x-XOR PUF is done in the similar way as described for APUF
Fact 2: CMAES based attack on x-XOR PUF is a divide-and-conquer attack, i.e., all the models M0, M1, …, M(x-1) for A0, A1, …., A(x-1) are recovered. It is done by repeating CMAES many times until all x different models M0, …, M(x-1) are built
Fact 3: Each run of CMAES always produces a model M which may be the model of a certain APUF instance among x APUFs. Thus, we need to run CMAES on XORPUF many times, number of runs > x.
41
Why CMAES on XOR PUF works
42
Fact 3: Now, the CMAES-based algorithm tries to find model M which can have highest correlation coefficient with set Q and thus, M likely converges to A0 because A0 has largest noise rate.
Fact 4: If we repeat the attack many times and each time, new set Q is generated, then the models of all APUF instances will be built due to Fact 1, 2 and 3.
Fact 1
Fact 3
Fact 2
Literature1. http://image.slidesharecdn.com/secureesweb-131229032029-phpapp02/95/secure-embedded-systems-17-
638.jpg?cb=1388287390
2. https://www.gsaglobal.org/forum/2009/3/articles_tuyls.asp
3. http://rijndael.ece.vt.edu/puf/background.html
4. http://images.slideplayer.com/13/3927633/slides/slide_10.jpg
5. http://studiopresence.com/client/verayo/page_images/how_pufs_work_ill2.jpg
6. Cryptanalysis of electrical PUFs via machine learning algorithms – Master Thesis of Jan Solter
7. The Gap Between Promise and Reality: On the Insecurity of XOR Arbiter PUFs CHES, September 16 th , 2015, Georg T. Becker
8. https://en.wikipedia.org/wiki/CMA-ES
9. Physical unclonable functions for device authentication and secret key generation. DAC2007, G. E. Suh and S. Devadas
10. Trapdoor Computational Fuzzy Extractors and Stateless Cryptographically-Secure Physical Unclonable Functions. Charles Herder, Ling Ren, Marten van Dijk, Meng-Day (Mandel) Yu, and Srinivas Devadas.
11. http://www.cs.haifa.ac.il/~orrd/PrivDay/2015/Benjamin-Slides.pdf
12. Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data. EuroCrypt2004. Yevgeniy Dodis, Leonid Reyzin and Adam Smith
43