IACR News item: 27 February 2013
Ulrich Rührmair, Jan Sölter, Frank Sehnke, Xiaolin Xu, Ahmed Mahmoud, Vera Stoyanova, Gideon Dror, Jürgen Schmidhuber and
ePrint ReportPhysical Unclonable Functions (PUFs) can be broken by numerical
modeling attacks. Given a set of challenge-response pairs
(CRPs) of a Strong PUF, our attacks construct a computer
algorithm which behaves indistinguishably from the original PUF
on almost all CRPs. This algorithm can subsequently impersonate
the PUF, and can be cloned and distributed arbitrarily. This
breaks the security of almost all applications and protocols that
are based on the respective PUF.
The PUFs we attacked successfully include standard Arbiter
PUFs and Ring Oscillator PUFs of arbitrary sizes, and XOR
Arbiter PUFs, Lightweight Secure PUFs, and Feed-Forward
Arbiter PUFs of up to a given size and complexity. The attacks
are based upon various machine learning techniques, including
a specially tailored variant of Logistic Regression and Evolution
Strategies.
Our results were obtained on a large number of CRPs
coming from numerical simulations, as well as four million CRPs
collected from FPGAs and ASICs. The performance on silicon
CRPs is very close to simulated CRPs, confirming a conjecture
from earlier versions of this work. Our findings lead to new
design requirements for secure electrical PUFs, and will be useful
to PUF designers and attackers alike.
Additional news items may be found on the IACR news page.