TY - GEN
T1 - A machine learning-based security vulnerability study on XOR PUFs for resource-constraint internet of things
AU - Aseeri, Ahmad O.
AU - Zhuang, Yu
AU - Alkatheiri, Mohammed Saeed
N1 - Funding Information:
The research was supported in part by National Science Foundation under Grant No. CNS-1526055.
Publisher Copyright:
© 2018 IEEE.
PY - 2018/9/26
Y1 - 2018/9/26
N2 - Physical unclonable functions (PUFs) are emerging as a promising class of hardware primitives for delivering security for IoT devices. Cryptographic key-based security mechanisms are heavyweight by demanding resources more than many resource-constraint IoT devices can provide, and are also vulnerable to side-channel invasive attacks. PUFs utilize integrated circuits' manufacturing variations to produce responses unique for individual devices, and hence cannot be reproduced. An important goal of security research is to discover all possible insecure risks, which can provide secure application developers useful information so that they can avoid the risk-containing components or mechanisms. While physically unclonable, some PUFs have been found to be mathematically clonable by machine learning methods. Large XOR arbiter PUFs is one group of PUFs that were shown to withstand existing attack methods unless long training time is used in the machine learning process. In this paper, we investigate the effectiveness of a neural network method in attacking large XOR PUFs, a neural network method modified to handle training datasets possibly larger than memory capacity. Our study shows that the modified neural network method attains high prediction accuracy while consuming substantially less time for large XOR PUFs than the fastest machine learning code used in all earlier studies known to us. Some of the large XOR PUFs that took existing machine learning codes several days of parallel computing time on high-performance computing servers have been broken by our method in less than two hours, indicating vulnerability of even large XOR PUFs. Discovery of all potential vulnerabilities of a PUF is important since secure application developers need such information for deciding which PUF to choose, and an unidentified vulnerability can lead to security risks for IoT devices.
AB - Physical unclonable functions (PUFs) are emerging as a promising class of hardware primitives for delivering security for IoT devices. Cryptographic key-based security mechanisms are heavyweight by demanding resources more than many resource-constraint IoT devices can provide, and are also vulnerable to side-channel invasive attacks. PUFs utilize integrated circuits' manufacturing variations to produce responses unique for individual devices, and hence cannot be reproduced. An important goal of security research is to discover all possible insecure risks, which can provide secure application developers useful information so that they can avoid the risk-containing components or mechanisms. While physically unclonable, some PUFs have been found to be mathematically clonable by machine learning methods. Large XOR arbiter PUFs is one group of PUFs that were shown to withstand existing attack methods unless long training time is used in the machine learning process. In this paper, we investigate the effectiveness of a neural network method in attacking large XOR PUFs, a neural network method modified to handle training datasets possibly larger than memory capacity. Our study shows that the modified neural network method attains high prediction accuracy while consuming substantially less time for large XOR PUFs than the fastest machine learning code used in all earlier studies known to us. Some of the large XOR PUFs that took existing machine learning codes several days of parallel computing time on high-performance computing servers have been broken by our method in less than two hours, indicating vulnerability of even large XOR PUFs. Discovery of all potential vulnerabilities of a PUF is important since secure application developers need such information for deciding which PUF to choose, and an unidentified vulnerability can lead to security risks for IoT devices.
KW - Hardware security
KW - Internet of things
KW - Machine learning
KW - Physical unclonable functions
UR - http://www.scopus.com/inward/record.url?scp=85055623634&partnerID=8YFLogxK
U2 - 10.1109/ICIOT.2018.00014
DO - 10.1109/ICIOT.2018.00014
M3 - Conference contribution
AN - SCOPUS:85055623634
T3 - Proceedings - 2018 IEEE International Congress on Internet of Things, ICIOT 2018 - Part of the 2018 IEEE World Congress on Services
SP - 49
EP - 56
BT - Proceedings - 2018 IEEE International Congress on Internet of Things, ICIOT 2018 - Part of the 2018 IEEE World Congress on Services
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 2 July 2018 through 7 July 2018
ER -