A modeling attack resistant deception technique for securing lightweight-PUF based authentication

A modeling attack resistant deception technique for securing lightweight-PUF based authentication

Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted que...

Full description

Saved in:
Bibliographic Details
Main Authors: Gu, Chongyan, Chang, Chip Hong, Liu, Weiqiang, Yu, Shichao, Wang, Yale, O’Neill, Máire
Other Authors: School of Electrical and Electronic Engineering
Format: Article
Language:English
Published: 2021
Subjects:
Engineering::Electrical and electronic engineering
Machine Learning Attacks
Physical Unclonable Function
Authentication Protocol
Deception Protocol
Poison Attack
Online Access:https://hdl.handle.net/10356/152417
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-152417
record_format dspace
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Electrical and electronic engineering
Machine Learning Attacks
Physical Unclonable Function
Authentication Protocol
Deception Protocol
Poison Attack
spellingShingle Engineering::Electrical and electronic engineering
Machine Learning Attacks
Physical Unclonable Function
Authentication Protocol
Deception Protocol
Poison Attack
Gu, Chongyan
Chang, Chip Hong
Liu, Weiqiang
Yu, Shichao
Wang, Yale
O’Neill, Máire
A modeling attack resistant deception technique for securing lightweight-PUF based authentication
description Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. Although PUF itself is lightweight, the ancillary cryptographic primitives required to support secure handshaking in classical PUF-based authentication protocol is not necessarily so. In this paper, we present a modeling attack resistant PUFbased mutual authentication scheme to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF design or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device with a monolithic integration of a genuine Strong PUF (SPUF), a fake PUF, a pseudo random number generator (PRNG), a register, a binary counter, a comparator and a simple controller. The hardware encapsulation makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time-consuming upon device deployment through the same interface. A genuine server can perform a mutual authentication with the device using a combined fresh challenge contributed by both the server and the device. The message exchanged in clear cannot be manipulated by the adversary to derive unused authentic CRPs. The adversary will have to either wait for an impractically long time to collect enough real CRPs by directly querying the device or the ML model derived from the collected CRPs will be poisoned to expose the imposer when it is used to perform a spoofing attack. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful guess. Our implementation results on field programmable gate array (FPGA) device and security analysis have corroborated the low hardware overheads and attack resistance of the proposed deception protocol.
author2 School of Electrical and Electronic Engineering
author_facet School of Electrical and Electronic Engineering
Gu, Chongyan
Chang, Chip Hong
Liu, Weiqiang
Yu, Shichao
Wang, Yale
O’Neill, Máire
format Article
author Gu, Chongyan
Chang, Chip Hong
Liu, Weiqiang
Yu, Shichao
Wang, Yale
O’Neill, Máire
author_sort Gu, Chongyan
title A modeling attack resistant deception technique for securing lightweight-PUF based authentication
title_short A modeling attack resistant deception technique for securing lightweight-PUF based authentication
title_full A modeling attack resistant deception technique for securing lightweight-PUF based authentication
title_fullStr A modeling attack resistant deception technique for securing lightweight-PUF based authentication
title_full_unstemmed A modeling attack resistant deception technique for securing lightweight-PUF based authentication
title_sort modeling attack resistant deception technique for securing lightweight-puf based authentication
publishDate 2021
url https://hdl.handle.net/10356/152417
_version_ 1709685312884572160
spelling sg-ntu-dr.10356-1524172021-08-11T06:05:59Z A modeling attack resistant deception technique for securing lightweight-PUF based authentication Gu, Chongyan Chang, Chip Hong Liu, Weiqiang Yu, Shichao Wang, Yale O’Neill, Máire School of Electrical and Electronic Engineering Centre for Integrated Circuits and Systems Engineering::Electrical and electronic engineering Machine Learning Attacks Physical Unclonable Function Authentication Protocol Deception Protocol Poison Attack Silicon physical unclonable function (PUF) has emerged as a promising spoof-proof solution for low-cost device authentication. Due to practical constraints in preventing phishing through public network or insecure communication channels, simple PUF-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. Although PUF itself is lightweight, the ancillary cryptographic primitives required to support secure handshaking in classical PUF-based authentication protocol is not necessarily so. In this paper, we present a modeling attack resistant PUFbased mutual authentication scheme to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF design or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device with a monolithic integration of a genuine Strong PUF (SPUF), a fake PUF, a pseudo random number generator (PRNG), a register, a binary counter, a comparator and a simple controller. The hardware encapsulation makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time-consuming upon device deployment through the same interface. A genuine server can perform a mutual authentication with the device using a combined fresh challenge contributed by both the server and the device. The message exchanged in clear cannot be manipulated by the adversary to derive unused authentic CRPs. The adversary will have to either wait for an impractically long time to collect enough real CRPs by directly querying the device or the ML model derived from the collected CRPs will be poisoned to expose the imposer when it is used to perform a spoofing attack. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful guess. Our implementation results on field programmable gate array (FPGA) device and security analysis have corroborated the low hardware overheads and attack resistance of the proposed deception protocol. Ministry of Education (MOE) Accepted version This work was supported in part by the Singapore MOE Tier 1 under Grant MOE2018-T1-001-131 RG87/18(S); in part by the Engineering and Physical Sciences Research Council (EPSRC) under Grant EP/N508664/-CSIT2; and in part by the National Natural Science Foundation of China under Grant 62022041 and Grant 61771239. 2021-08-11T06:05:59Z 2021-08-11T06:05:59Z 2020 Journal Article Gu, C., Chang, C. H., Liu, W., Yu, S., Wang, Y. & O’Neill, M. (2020). A modeling attack resistant deception technique for securing lightweight-PUF based authentication. IEEE Transactions On Computer-Aided Design of Integrated Circuits and Systems, 40(6), 1183-1196. https://dx.doi.org/10.1109/TCAD.2020.3036807 0278-0070 https://hdl.handle.net/10356/152417 10.1109/TCAD.2020.3036807 6 40 1183 1196 en MOE2018-T1-001-131 (RG87/18) IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems © 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The published version is available at: https://doi.org/10.1109/TCAD.2020.3036807 application/pdf

Similar Items