Table of Contents
Fetching ...

Unified Framework for Qualifying Security Boundary of PUFs Against Machine Learning Attacks

Hongming Fei, Zilong Hu, Prosanta Gope, Biplab Sikdar

TL;DR

This work addresses the lack of principled metrics for assessing the resistance of delay-based PUFs to machine-learning modelling attacks. It introduces a formal, architecture-agnostic unpredictability game and a GPU-accelerated Monte Carlo evaluation to quantify adversarial advantage without relying on specific ML models. Applied to Arbiter, XOR, FF-XOR, and CT-PUFs, the framework reveals that even a single observed CRP can induce non-trivial predictability on unseen challenges, with XOR and FF-XOR providing diminishing returns beyond moderate complexity and CT-PUF showing latent vulnerability. The resulting, provable security bounds enable proactive, interpretable screening of PUF designs for hardware-rooted security in IoT applications, complementing traditional empirical MLA benchmarks.

Abstract

Physical Unclonable Functions (PUFs) serve as lightweight, hardware-intrinsic entropy sources widely deployed in IoT security applications. However, delay-based PUFs are vulnerable to Machine Learning Attacks (MLAs), undermining their assumed unclonability. There are no valid metrics for evaluating PUF MLA resistance, but empirical modelling experiments, which lack theoretical guarantees and are highly sensitive to advances in machine learning techniques. To address the fundamental gap between PUF designs and security qualifications, this work proposes a novel, formal, and unified framework for evaluating PUF security against modelling attacks by providing security lower bounds, independent of specific attack models or learning algorithms. We mathematically characterise the adversary's advantage in predicting responses to unseen challenges based solely on observed challenge-response pairs (CRPs), formulating the problem as a conditional probability estimation over the space of candidate PUFs. We present our analysis on previous "broken" PUFs, e.g., Arbiter PUFs, XOR PUFs, Feed-Forward PUFs, and for the first time compare their MLA resistance in a formal way. In addition, we evaluate the currently "secure" CT PUF, and show its security boundary. We demonstrate that the proposed approach systematically quantifies PUF resilience, captures subtle security differences, and provides actionable, theoretically grounded security guarantees for the practical deployment of PUFs.

Unified Framework for Qualifying Security Boundary of PUFs Against Machine Learning Attacks

TL;DR

This work addresses the lack of principled metrics for assessing the resistance of delay-based PUFs to machine-learning modelling attacks. It introduces a formal, architecture-agnostic unpredictability game and a GPU-accelerated Monte Carlo evaluation to quantify adversarial advantage without relying on specific ML models. Applied to Arbiter, XOR, FF-XOR, and CT-PUFs, the framework reveals that even a single observed CRP can induce non-trivial predictability on unseen challenges, with XOR and FF-XOR providing diminishing returns beyond moderate complexity and CT-PUF showing latent vulnerability. The resulting, provable security bounds enable proactive, interpretable screening of PUF designs for hardware-rooted security in IoT applications, complementing traditional empirical MLA benchmarks.

Abstract

Physical Unclonable Functions (PUFs) serve as lightweight, hardware-intrinsic entropy sources widely deployed in IoT security applications. However, delay-based PUFs are vulnerable to Machine Learning Attacks (MLAs), undermining their assumed unclonability. There are no valid metrics for evaluating PUF MLA resistance, but empirical modelling experiments, which lack theoretical guarantees and are highly sensitive to advances in machine learning techniques. To address the fundamental gap between PUF designs and security qualifications, this work proposes a novel, formal, and unified framework for evaluating PUF security against modelling attacks by providing security lower bounds, independent of specific attack models or learning algorithms. We mathematically characterise the adversary's advantage in predicting responses to unseen challenges based solely on observed challenge-response pairs (CRPs), formulating the problem as a conditional probability estimation over the space of candidate PUFs. We present our analysis on previous "broken" PUFs, e.g., Arbiter PUFs, XOR PUFs, Feed-Forward PUFs, and for the first time compare their MLA resistance in a formal way. In addition, we evaluate the currently "secure" CT PUF, and show its security boundary. We demonstrate that the proposed approach systematically quantifies PUF resilience, captures subtle security differences, and provides actionable, theoretically grounded security guarantees for the practical deployment of PUFs.
Paper Structure (33 sections, 29 equations, 8 figures, 2 tables, 1 algorithm)

This paper contains 33 sections, 29 equations, 8 figures, 2 tables, 1 algorithm.

Figures (8)

  • Figure 1: Comparison Between the Traditional MLA Resistance Analysis Framework and the Proposed Unified Framework.
  • Figure 2: Delay path of an Arbiter PUF.
  • Figure 3: Unseen CRP Prediction Game $\mathbf{Exp}_{\mathbf{\mathcal{PUF},\mathcal{A}}}^{Unpredict}(\mathrm{N})$.
  • Figure 4: Proposed Unified Framework Analysing $\mathbf{Exp}_{\mathbf{\mathcal{PUF},\mathcal{A}}}^{Unpredict}(\mathrm{N})$.
  • Figure 5: Response Bias of 1000 CRPs for PUFs with and without Observing One CRP
  • ...and 3 more figures