On the Physical Security of Physically Unclonable Functions

Modern electronic embedded devices have become indispensable parts of our daily lives. End user devices, such as smartphones, smartwatches, and smart home appliances, gather data in an unprecedented way and make ubiquitous computing feasible.

In this chapter, we first review the definition of an ideal Physically Unclonable Function (PUF) and explore the functionality of two popular delay-based PUFs, namely Arbiter PUF and ring-oscillator (RO) PUF. Second, we study the internal architecture of reconfigurable hardware and discuss the security issues of FPGAs during configuration. Moreover, we survey the PUF implementations on these platforms. Afterward, we review the optical semi-invasive techniques, which are used in this work to attack PUF implementations on reconfigurable hardware.

In this chapter, we present the deployed reconfigurable hardware and PoC PUF implementations on them for our experiments. Afterward, we introduce the electrical and optical setups used for PEM, LFI, and LVP/LVI.

In this chapter, we demonstrate that the primary security assumption on the infeasibility of direct delay measurements in delay-based PUFs is not valid. By performing an experiment on a PoC Arbiter PUF implementation on reconfigurable hardware, it becomes apparent that The Arbiter PUF family and more generally, the delay-based PUFs can be characterized by a high-resolution temporal photonic emission analysis. This approach does require neither any access to the PUF’s response nor a significant number of challenges to characterizing the PUF.

In this chapter, we demonstrate the vulnerabilities of the soft PUF implementations on the reconfigurable hardware against LFI attacks. The building blocks of a soft PUF implementation are realized by identical programmable logic cells. It is evident that any faults in the configuration memory of deployed logic cells change the logical functionality of that cell, and consequently, could affect the PUF behavior. We present an LFI attack against PoC XOR Arbiter PUF and RO PUF implementations used in the key generation and authentication scenarios. As a result, fault injection enables us to deactivate different PUF chains in an XOR Arbiter PUF, which simplifies a modeling attack against such architectures. In a similar way, we can disable arbitrarily chosen ring oscillators in different RO PUF variants to reduce and bias the entropy of the generated numbers.

In this chapter, we demonstrate that all Intrinsic soft and hard PUF implementations in reconfigurable hardware, regardless of their architecture, are vulnerable to optical contactless probing. Since in a real scenario the implemented soft or hard PUFs inside of FPGAs are controlled PUFs, a non-invasive access to the CRPs of the PUFs is restricted by either physical or algorithmic countermeasures. Hence, most of the reported modeling techniques and semi-invasive techniques, including EM, PEM, and LFI, are ineffective to attack the PUF. In this fashion, the unprocessed challenges can be transferred within the FSBL to the FPGA, which is processed later on the device by non-linear functions and applied to the PUF. The response of the PUF will also be generated and processed inside the device and cannot be observed in a non-invasive way. We show how the attacker can deploy LVI to locate circuitry of interest, such as key registers and ring-oscillators of an RO PUF, by knowing or estimating the frequency of different operations. We further present how LVP enables us to probe volatile and on-die-only data streams on the chip without having any physical contact to the transistors or wires. Furthermore, one can perform LVP to characterize high frequency signals, such as the output of ring-oscillators of an RO PUF. For our practical evaluation, we consider a PoC RO PUF implementation in key generation mode inside the FPGA. We further propose an approach to using PUFs as physical sensors to monitor the integrity of reconfigurable hardware against LVP and LVI attacks.

Reconfigurability, flexibility and lower time-to-market have made the reconfigurable hardware the platform of choice for designing embedded devices.