Lightweight Strategy for XOR PUFs as Security Primitives for Resource-constrained IoT device 1stGaoxiang Li
2025-05-03
0
0
1.07MB
11 页
10玖币
侵权投诉
Lightweight Strategy for XOR PUFs as Security
Primitives for Resource-constrained IoT device
1st Gaoxiang Li
Department of Computer Science
Texas Tech University
Lubbock, TX 79409, USA
email address or ORCID
2nd Yu Zhuang
Department of Computer Science
Texas Tech University
City, Country
email address or ORCID
3rd Khalid T. Mursi
College of Computer Science and Engineering
University of Jeddah
City, Country
email address or ORCID
Abstract—Physical Unclonable Functions (PUFs) are promising
security primitives for resource-constrained IoT devices. And
the XOR Arbiter PUF (XOR-PUF) is one of the most studied
PUFs, out of an effort to improve the resistance against machine
learning attacks of probably the most lightweight delay-based
PUFs – the Arbiter PUFs. However, recent attack studies reveal
that even XOR-PUFs with large XOR sizes are still not safe
against machine learning attacks. Increasing PUF stages or
components and using different challenges for different com-
ponents are two ways to improve the security of APUF-based
PUFs, but more stages or components lead to more hardware
cost and higher operation power, and different challenges for
different components require the transmission of more bits
during operations, which also leads to higher power consumption.
In this paper, we present a strategy that combines the choice of
XOR Arbiter PUF (XOR-PUF) architecture parameters with the
way XOR-PUFs are used to achieve lightweights in hardware
cost and energy consumption as well as security against machine
learning attacks. Experimental evaluations show that with the
proposed strategy, highly lightweight component-differentially
challenged XOR-PUFs can withstand the most powerful machine
learning attacks developed so far and maintain excellent intra-
device and inter-device performance, rendering this strategy a
potential blueprint for the fabrication and use of XOR-PUFs for
resource-constrained IoT applications.
Index Terms—IoT security; XOR-PUF; CDC-XPUF; machine
learning modeling attack
I. INTRODUCTION
A. Overview and Motivation
The Internet of Things (IoTs) has a wide and deep par-
ticipation in business and everyday life, forming a variety
of networks. Many of them place a premium on security
to ensure the integrity of their communications. However,
many network nodes, such as sensors and IoT devices, are
resource constrained and cannot support traditional cryp-
tographic protocols, which are not lightweight. Physically
Unclonable Functions [1]–[4] (PUFs) have the potential to
provide a lightweight cryptography solution to the omnipresent
resource-constrained IoT. Unlike traditional methods, PUFs
rely on inherent variations within integrated circuits to provide
unique responses. Due to this lightweight feature, PUFs are
appealing for resource-constrained IoT device identification
and authentication [5]–[8].
PUFs can be divided into two types: weak PUFs and strong
PUFs [5]. Weak PUF has a limited challenge-response pairs
(CRP) space, so it is suitable for cryptographic key generation.
Strong PUF, on the other hand, has an exponentially huge CRP
space, which is suitable for challenge-response authentication
protocols. Arbiter PUF (APUF) and its variant, XOR Arbiter
PUF (XOR-PUF), are the most common implementations of
strong PUFs.
However, strong PUFs are not necessarily ”strong” in terms
of modeling attack resistance. Though physically unclonable,
some PUFs are “mathematically clonable” in the sense that
the responses of a PUF can be predicted by machine learning
(ML) modeling attacks. Previous studies have demonstrated
that APUF is extremely vulnerable to ML modeling attacks.
And its most widely studied variant, XOR-PUF, which is
proposed to improve ML modeling attack resistance, is still
incapable of surviving most recent ML modeling attacks [9]–
[16].
Increasing PUF stages or components and using different
challenges for different components are two ways to improve
the security of APUF-based PUFs. To begin, as the number
of components or stages increases, the cost of hardware and
operational power increases proportionately, rendering them
unsuitable for resource-constrained IoT devices. Second, pre-
vious research [8], [17]–[19] established that XOR-PUF with
different challenges for different components (CDC-XPUF)
can provide significant resistance to machine learning model-
ing attacks within the same XOR-PUF architecture. However,
the number of transmission bits required by CDC-XPUFs
is high, increasing overall hardware overhead and operating
power. As a result, the current CDC-XPUF design is still
unsuitable for IoT devices with limited resources. Therefore,
there is a rising concern that XOR-PUF designs may suffer as
a result of PUF designers’ being forced to provide security at
the expense of dramatically increased overhead.
To begin, as the number of components or stages increases,
the cost of hardware and operational power increases propor-
tionately, rendering them unsuitable for resource-constrained
IoT devices. Second, previous research [8], [17]–[19] estab-
lished that XOR-PUF with different challenges for different
components (CDC-XPUF) can provide significant resistance
to machine learning modeling attacks within the same XOR-
PUF architecture.
In this paper, we describe a new lightweight CDC-XPUF
arXiv:2210.01749v1 [cs.CR] 4 Oct 2022
strategy that achieves low hardware cost and energy con-
sumption while also providing security against ML modeling
attacks. Inspired by the different effects on modeling attack
resistance between components and stages, we take a different
approach by combining a lightweight XOR-PUF architecture
parameter strategy that reduces the number of stages while
increasing the number of components with the option of using
XOR-PUFs with component-differentially sub-challenges. Our
experimental results show that,
•by reducing the number of stages while increasing the
number of components in conventional CDC-XPUF ar-
chitecture, our lightweight CDC-XPUFs can maintain
high modeling attack resistance while significantly reduce
up to 90% hardware cost.
•the required transmission bits of lightweight CDC-XPUFs
can be reduced to the same level as traditional XOR-PUFs
and still maintain exponentially many challenge-response
pairs (CRPs).
•intra-device and inter-device performance evaluation on
FPGA hardware implementations confirm the lightweight
CDC-XPUFs could attain solid uniqueness, randomness
and improved reliability performance.
B. Background Information on PUFs
In order to clarify technical discussions in later sections,
we will briefly describe the mechanism of the arbiter PUF,
XOR-PUF, and CDC-XPUF in this subsection.
Fig. 1. An aibiter PUF with n bits of challenge
1) The arbiter PUFs: Fig.1 shows a simple case of an
arbiter PUF. A n-bit arbiter PUF is made up of nstages,
each with two multiplexers (MUXs). When giving a rising
signal, the signal enters the arbiter PUF from stage one and
splits into two signals. The two signals are routed through
gates at each stage, and the propagation paths are determined
by the challenge bit to the multiplexers at each stage. Finally,
two signals reach the D flip-flop, which acts as an arbiter to
determine whether the signal on the top path or the signal on
the lower path arrives first. If the top path signal arrives first,
the D flip-flop returns 1; otherwise, it returns 0.
2) The XOR-PUFs and CDC-XPUFs: Due to arbiter PUFs’
weak resistance to ML modeling attacks, a new PUF was
proposed in [20] which increased a non-linear XOR gate to
multiple arbiter PUFs to produce the final response. This type
of PUF is known as the XOR arbiter PUF. Fig.2 illustrates
a simple case of n-bit 3-XOR-PUF. An n-XOR-PUF is made
up of ncomponent arbiter PUFs (also known as streams or
sub-challenge) in which the responses of all ncomponent
Fig. 2. An XOR-PUF with 3 sub-stream and n bits of each stream
arbiter PUFs are XORed at XOR gate to produce one single bit
response. It is worth noting that all component arbiter PUFs
in an XOR-PUF are fed the same challenge bits.
Studies in [9], [10] show that XOR-PUFs could attain
higher modeling attack resistance than arbiter PUFs. When
equipped with lockdown scheme mutual authentication [8] to
eliminate open-access interface, for XOR-PUFs with 64 stages
and more than 9 component arbiter PUFs, all modeling attacks
developed so far were not able to crack the XOR-PUF within
the limited number of available CRPs (100 million). However,
extending the number of streams and challenge stages will
raise the cost and power consumption of a PUF, which is an
important issue for resource-constrained IoT devices. Also, the
expanding number of streams will lower the reliability of PUFs
and increase the risk of reliability side-channel attacks [21].
Despite the fact that there are many alternative APUF
variants and many new PUF designs proposed, such as
Lightweight Secure PUFs [22], FF-PUFs [3], [23], [24], and
Interpose PUF [25], to the best of our knowledge, they are still
vulnerable to ML modeling attacks [26]–[30]. In this paper,
we will only focus on the most widely studied APUF variant
– XOR-PUFs.
For CDC-XPUFs, they share the same architecture as XOR-
PUFs, which includes different multiple arbiter PUF compo-
nents and XOR gates. The only difference between CDC-
XPUF and XOR-PUF is that CDC-XPUF’s each different
component arbiter PUF receives different challenge inputs,
while the XOR-PUF receives the same challenges for all its
component arbiter PUFs.
Studies [8], [17]–[19] show that applying different chal-
lenges to different components of an XOR-PUF can decrease
the vulnerability of the PUF against ML modeling attacks.
Existing ML attack methods for 64-bit CDC-XPUFs with
four components can attain a success rate lower than 90%
even if using more than one million CRPs. All the previous
experimental results show that the 64-bit CDC-XPUF with
four or more components is unbreakable or too expensive to
Fig. 3. An XOR-PUF with 3 Component Differential Challenges and n bits
of each challenges
break with existing attack methods. Therefore, these CDC-
XPUFs can be considered as potentially good candidates in
terms of security performance. The fact that CDC-XPUFs
have high requirements for the number of transmission bits,
on the other hand, increases the overall hardware overhead
and operation power of CDC-XPUFs, and this issue has yet
to be overcome. As a result, it is worthwhile to conduct a
comprehensive study on CDC-XPUFs.
As for another kind of malicious attack to PUFs, CDC-
XPUFs are more vulnerable to reliability attacks [8], [21]
than traditional XOR-PUFs. But this reliability attack can be
prevented by applying a lockdown protocol to block the open
interface. Although our lightweight CDC-XPUFs architecture
will improve the reliability, it is not the purpose of this paper
to investigate resistance to reliability attacks. In this paper, we
will only focus on the machine learning modeling attack and
assume that the lockdown authentication protocol is in place.
C. Organization of this Paper
The remaining of this paper is organized as follows. Section
II gives a general overview of PUFs. The motivation for
lightweight CDC-XPUFs design and its implementation are
presented in section II. And the evaluation metric and tools for
lightweight CDC-XPUFs will be presented in section III. In
section IV, the experimental result of security evaluation based
on simulator CRP and performance evaluation for lightweight
CDC-XPUFs on simulator and FPGA implementations will be
presented. Finally, concluding remarks are given in section V.
II. LIGHTWEIGHT CDC-XPUFS DESIGN
As previously stated, CDC-XPUF is proposed to improve
ML modeling attack resistance and maintain the architecture
lightweight. However, the drawback that different challenges
for different components in CDC-XPUFs require the trans-
mission of more bits during operations, which also leads to
higher power consumption. As a result, we are motivated to
investigate a more lightweight CDC-XPUF to achieve low
requirement of transmission bits. In this section, we will
describe a new lightweight CDC-XPUF design strategy to
reduce overall hardware cost while maintaining high ML
attack resistance.
A. Factors impacting ML modeling attack resistance of
APUF-based PUF
In general, there are two main factors influencing the ML
modeling attack resistance of APUF-based PUF: the number
of stages inside each arbiter PUF component and the number
of component (the size of XOR-gate). To ensure security
against ML attacks, both increasing the number of stages
and increasing the number of components can improve the
modeling attack resistance. However, the impact on the ML
attack resistance of these two factors is not equivalent.
For the first factor, inside the arbiter PUF component, the
response rof the additive delay model [24], which stipulates
that the time it takes for each of the two signals to arrive
at the arbiter are the summation of the delays incurred at all
stages of the PUF. Based on the additive delay model, can be
represented as
r=Sgn(v(n) +
n
X
i=1
w(i)φ(i)),(1)
where φ’s are transformed challenge [24] given by
φ(i) = (2ci−1)(2ci+1 −1) ·····(2cn−1),(2)
with cibeing the challenge bit at stage i,vand w’s being
parameters quantifying gate delays at different stages, and
Sgn(·)the sign function. In (1), the term inside the Sgn(·)
function is linear with respect to the transformed challenge
φ’s. The model represented by (1) is hence a linear classifi-
cation problem with the separating hyperplane represented by
equation
w(1)φ(1) + w(2)φ(2) + ·····+w(n)φ(n) + v(n)=0,
which results from setting to 0 the term inside the Sgn(·)
function in (1).
For the second factor, inter the outputs from all arbiter PUF
components, the response of the k-XOR arbiter PUF can be
expressed as:
r=M
j=1...k
rj,(3)
where rjis the internal output of the jth component ar-
biter PUF. The XOR operation increases non-linearity of
the relationship between the response rand the transformed
challenges φ’s. Every additional arbiter PUF increases non-
linearity as well as the dimension of the parameter space to be
machine-learned by attackers [10], leading to higher resistance
against machine learning attacks [31].
As a rule, an non-linear classification problem is more
difficult problem than the linear classification problem. As
well, based on our experience and earlier reports about PUF
modeling attack resistance, the ML modeling attack resistance
of XOR-PUFs grows much greater as the number of compo-
nents increases compared to the number of stages. Therefore,
摘要:
展开>>
收起<<
LightweightStrategyforXORPUFsasSecurityPrimitivesforResource-constrainedIoTdevice1stGaoxiangLiDepartmentofComputerScienceTexasTechUniversityLubbock,TX79409,USAemailaddressorORCID2ndYuZhuangDepartmentofComputerScienceTexasTechUniversityCity,CountryemailaddressorORCID3rdKhalidT.MursiCollegeofComputerS...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
Michael Moorcock - Elric 6 - StormbringerVIP免费
2024-12-08 12 -
Michael Crichton - PreyVIP免费
2024-12-08 14 -
Mercedes Lackey - WintermoonVIP免费
2024-12-08 10 -
Mercedes Lackey - SE 1- Born To RunVIP免费
2024-12-08 10 -
Mercedes Lackey - Heralds of Valdemar 1 - Arrows Of The QueeVIP免费
2024-12-08 15 -
Melville, Herman - TypeeVIP免费
2024-12-08 18 -
MaryJanice Davidson - [Betsy 5] - Undead and Unpopular (v1.0)VIP免费
2024-12-08 27 -
Marion Zimmer Bradley - Darkover - The Heirs of HammerfellVIP免费
2024-12-08 25 -
MacDonnell, J E - 096 - Execute!VIP免费
2024-12-08 16 -
Lovecraft, H P - The Dream Quest Of Unknown KadadthVIP免费
2024-12-08 30
分类:图书资源
价格:10玖币
属性:11 页
大小:1.07MB
格式:PDF
时间:2025-05-03
作者详情
相关内容
-
2015年6月英语四级真题答案及解析(卷二)
分类:外语学习
时间:2025-05-02
标签:无
格式:PDF
价格:5.8 玖币
-
2015年6月英语四级真题答案及解析(卷三)
分类:外语学习
时间:2025-05-02
标签:无
格式:PDF
价格:5.8 玖币
-
2016年12月六级(第二套)真题
分类:外语学习
时间:2025-05-02
标签:无
格式:PDF
价格:5.8 玖币
-
2016年12月六级(第三套)真题
分类:外语学习
时间:2025-05-02
标签:无
格式:PDF
价格:5.8 玖币
-
2016年12月六级(第一套)真题
分类:外语学习
时间:2025-05-02
标签:无
格式:PDF
价格:5.8 玖币
渝公网安备50010702506394
