SQ-PUF: پروتکل احراز هویت مبتنی برPUF مقاوم در برابر حملات یادگیری ماشین
محورهای موضوعی : مهندسی برق و کامپیوترسید ابوالفضل سجادی هزاوه 1 , بیژن علیزاده 2 *
1 - دانشكده مهندسی برق و كامپیوتر، دانشکدگان فنی، دانشگاه تهران
2 - دانشكده مهندسی برق و كامپیوتر، دانشکدگان فنی، دانشگاه تهران
کلید واژه: اینترنت اشیا, یادگیری ماشین, احراز هویت, امنیت شبکه, توابع غیرهمسان فیزیکی,
چکیده مقاله :
توابع غیرهمسان فیزیکی (PUF) سختافزاری را برای تولید الگویی منحصربهفرد از چالش- پاسخ با اهداف احراز هویت و رمزگذاری ارائه میدهند. یکی از ویژگیهای مهم در این مدارها غیرقابل پیشبینیبودن است؛ به این معنی که یک مهاجم نمیتواند پاسخهای آینده را از مشاهدات قبلی پیشبینی کند. با این حال نشان داده شده که الگوریتمهای یادگیری ماشین، تهدیدی قابل توجه برای PUF ها هستند؛ زیرا آنها قادر به مدلسازی دقیق رفتار PUF میباشند. در این مقاله، ما تهدیدات امنیتیPUF را تحلیل و یک روش احراز هویت مبتنی بر PUF به نام SQ-PUF را ارائه میکنیم که میتواند در برابر حملات یادگیری ماشین مقاومت خوبی از خود نشان دهد. توانایی شبیهسازی یا پیشبینی آن را با مبهمسازی همبستگی بین جفتهای چالش- پاسخها دشوار کردیم. نتایج تجربی نشان میدهند که برخلاف PUFهای موجود، حتی با مجموعهای از دادههای بزرگ هم نمیتوان به مدل SQ-PUF حمله موفقی داشت و بیشترین دقت پیشبینی %۵۳ است که نشاندهنده غیرقابل پیشبینیبودن این مدل میباشد. علاوه بر این، یکنواختی و یکتایی در این مدل تقریباً با مقدار ایدهآل در A-PUF یکسان باقی مانده است.
Physically unclonable functions (PUFs) provide hardware to generate a unique challenge-response pattern for authentication and encryption purposes. An essential feature of these circuits is their unpredictability, meaning that an adversary cannot sufficiently predict future responses from previous observations. However, machine learning algorithms have been demonstrated to be a severe threat to PUFs since they are capable of accurately modeling their behavior. In this work, we analyze PUF security threats and propose a PUF-based authentication mechanism called SQ-PUF, which can provide good resistance to machine learning attacks. In order to make it harder to simulate or predict, we obfuscated the correlation between challenge-response pairs. Experimental results show that, unlike existing PUFs, even with a large data set, the SQ-PUF model cannot be successfully attacked with a maximum prediction accuracy of 53%, indicating that this model is unpredictable. In addition, the uniformity in this model remains almost the same as the ideal value in A-PUF.
[1] S. Hemavathy and V. S. Kanchana Bhaaskaran, "Arbiter PUF-a review of design, composition, and security aspects," IEEE Access, vol. 11, pp. 33979-34004, 2023.
[2] A. Shamsoshoara, A. Korenda, F. Afghah, and S. Zeadally, "A survey on physical unclonable function (PUF)-based security solutions for internet of things," Computer Networks, vol. 183, Article ID: 107593, Dec. 2020.
[3] H. Ning, F. Farha, A. Ullah, and L. Mao, "Physical unclonable function: architectures, applications and challenges for dependable security," IET Circuits, Devices & Systems, vol. 14, no. 4, pp. 407-424, Jul. 2020.
[4] B. Gassend, D. Lim, D. Clarke, M. Van Dijk, and S. Devadas, "Identification and authentication of integrated circuits," Concurrency Computation Practice and Experience, vol. 16, no. 11, pp. 1077-1098, 2004.
[5] J. W. Lee, et al., "A technique to build a secret key in integrated circuits for identification and authentication applications," in Proc. IEEE Symp. on VLSI Circuits, Digest of Technical Papers, pp. 176-179, Honolulu, HI, USA, 17-19 Jun. 2004.
[6] M. Majzoobi, F. Koushanfar, and M. Potkonjak, "Techniques for design and implementation of secure reconfigurable PUFs," ACM Trans. Reconfigurable Technol Syst, vol. 2, no. 1, Article ID: 5, 33 pp., Mar. 2009.
[7] A. Ashtari, A. Shabani, and B. Alizadeh, "A new RF-PUF based authentication of internet of things using random forest classification," in Proc. of 16th Int. ISC Conf. on Information Security and Cryptology, ISCISC'19, pp. 21-26, Mashhad, Iran, 28-29 Aug. 2019.
[8] B. Chatterjee, D. Das, and S. Sen, "RF-PUF: IoT security enhancement through authentication of wireless nodes using in-situ machine learning," in Proc. of the IEEE Int. Sym. on Hardware Oriented Security and Trust, HOST'18, pp. 205-208, May 2018.
[9] G. E. Suh and S. Devadas, "Physical unclonable functions for device authentication and secret key generation," in Proc. 44th ACM/IEEE Design Automation Conf., pp. 9-14, San Diego, CA, USA, 4-8 Jun. 2007.
[10] P. K. Sadhu and V. P. Yanambaka, "MC-PUF: a robust lightweight controlled physical unclonable function for resource constrained environments," in Proc. of IEEE Computer Society Annual Symposium on VLSI, ISVLSI'22, pp. 452-453, Nicosia, Cyprus, 4-6 Jul. 2022.
[11] M. H. Ishak, M. S. Mispan, W. Y. Chiew, M. R. Kamaruddin, and M. A. Korobkov, "Secure lightweight obfuscated delay-based physical unclonable function design on FPGA," Bulletin of Electrical Engineering and Informatics, vol. 11, no. 2, pp. 1075-1083, Apr. 2022.
[12] S. Abdolinezhad and A. Sikora, "A lightweight mutual authentication protocol based on physical unclonable functions," in Proc. of the IEEE Int. Symp. on Hardware Oriented Security and Trust, HOST'22, pp. 161-164, McLean, VA, USA, 27-30 2022.
[13] A. Vijayakumar and S. Kundu, "A novel modeling attack resistant PUF design based on non-linear voltage transfer characteristics," in Proc. Design, Automation and Test in Europe, DATE'15, pp. 653-658, Grenoble, France, 9-13 Mar. Apr. 2015.
[14] M. Majzoobi, F. Koushanfar, and M. Potkonjak, "Lightweight secure PUFs," in Proc. IEEE/ACM Int. Conf. on Computer-Aided Design, Digest of Technical Papers, ICCAD'08, pp. 670-673, San Jose, CA, USA, 10-13 Nov. 2008.
[15] D. P. Sahoo, S. Saha, D. Mukhopadhyay, R. S. Chakraborty, and H. Kapoor, "Composite PUF: a new design paradigm for physically unclonable functions on FPGA," in Proc. of the IEEE Int. Symp. on Hardware-Oriented Security and Trust, HOST'14, pp. 50-55, Arlington, VA, USA, 6-7 May 2014.
[16] D. E. Holcomb, W. Burleson, and K. Fu, Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID tags, 2007.
[17] P. Tuyls, et al., "Read-proof hardware from protective coatings," in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer Verlag, pp. 369-383, Oct. 2006.
[18] M. Sauer, P. Raiola, L. Feiten, B. Becker, U. Rührmair, and I. Polian, "Sensitized path PUF: a lightweight embedded physical unclonable function," in Proc. of the Design, Automation and Test in Europe, DATE'17, pp. 680-685, Lausanne, Switzerland, 27-31 Mar. 2017.
[19] D. Canaday, W. A. S. Barbosa, and A. Pomerance, "A novel attack on machine-learning resistant physical unclonable functions," in Proc. of the IEEE Int. Symp. on Hardware Oriented Security and Trust, HOST'22, pp. 25-28, McLean, VA, USA, 27-30 Jun. 2022.
[20] J. Ye, Q. Guo, Y. Hu, H. Li, and X. Li, "Modeling attacks on strong physical unclonable functions strengthened by random number and weak PUF," in Proc. of the IEEE VLSI Test Symposium, Computer Society, 6 pp., San Francisco, CA, USA, 22-25 Apr. 2018.
[21] U. Rührmair and J. Sölter, "PUF modeling attacks: an introduction and overview," in Proc. Design, Automation and Test in Europe, DATE'14, 6 pp., Dresden, Germany, 24-28 Mar. 2014.
[22] Y. Wen and Y. Lao, "PUF modeling attack using active learning," in Proc. IEEE Int. Symp. on Circuits and Systems, 5 pp., Florence, Italy, 27-30 May 2018.
[23] J. Delvaux, "Security analysis of PUF-based key generation and entity authentication-KU Leuven," KU Leuven and Shanghai Jiao Tong University, 2017. Accessed: Aug. 26, 2021. [Online]. Available: https://limo.libis.be/primo-explore/fulldisplay?docid=LIRIAS1662341&context=L&vid=Lirias&search_scope=Lirias&tab=default_tab&lang=en_US&fromSitemap=1
[24] J. Delvaux, "Machine-learning attacks on PolyPUFs, OB-PUFs, RPUFs, LHS-PUFs, and PUF-FSMs," IEEE Trans. on Information Forensics and Security, vol. 14, no. 8, pp. 2043-2058, Aug. 2019.
[25] M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas, "Slender PUF protocol: a lightweight, robust, and secure authentication by substring matching," in Proc. IEEE CS Security and Privacy Workshops, SPW'12, pp. 33-44, San Francisco, CA, USA, 24-25 May 2012.
[26] S. T. C. Konigsmark, D. Chen, and M. D. F. Wong, "PolyPUF: physically secure self-divergence," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 35, no. 7, pp. 1053-1066, Jul. 2016.
[27] J. Ye, Y. Hu, and X. Li, "RPUF: physical unclonable function with randomized challenge to resist modeling attack," in Proc. of the IEEE Asian Hardware Oriented Security and Trust Symp., Asian HOST'16, 6 pp., Yilan, Taiwan, 19-20 Dec. 2016.
[28] Y. Gao, et al., "Obfuscated challenge-response: a secure lightweight authentication mechanism for PUF-based pervasive devices," in Proc. IEEE Int. Conf. on Pervasive Computing and Communication Workshops, PerCom Workshops, 6 pp., Sydney, Australia, 14-18 Mar. 2016.
[29] G. T. Becker and R. Kumar, "Active and passive side-channel attacks on delay based PUF designs," IACR Cryptology ePrint Archive, vol. 2014, Article ID:287, 2014, [Online]. Available: http://eprint.iacr.org/2014/287.pdf
[30] J. Shi, Y. Lu, and J. Zhang, "Approximation attacks on strong PUFs," IEEE Trans. on Computer-Aided Design of Integrated Circuits and Systems, vol. 39, no. 10, pp. 2138-2151, Oct. 2020.
[31] I. G. Târşa, G. D. Budariu, and C. Grozea, "Study on a true random number generator design for FPGA," in Proc. 8th Int. Conf. on Communications, COMM'10, pp. 461-464, Bucharest, Romania, 10-12 Jun. 2010.
[32] T. Arciuolo and K. M. Elleithy, "Parallel, true random number generator (P-TRNG): using parallelism for fast true random number generation in hardware," in Proc. IEEE 11th Annual Computing and Communication Workshop and Conf., CCWC'21, pp. 987-992, NV, USA, 27-30 Jan. 2021.
[33] R. S. Durga, et al., "Design and synthesis of LFSR based random number generator," in Proc. of the 3rd Int. Conf. on Smart Systems and Inventive Technology, ICSSIT, pp. 438-442, Tirunelveli, India, 20-22 Aug. 2020.
[34] A. Maiti and P. Schaumont, "The impact of aging on a physical unclonable function," IEEE Trans. Very Large Scale Integr VLSI Syst, vol. 22, no. 9, pp. 1854-1864, Sept. 2014. [35] R. L. Sembiring, R. R. Pahlevi, and P. Sukarno, "Randomness, uniqueness, and steadiness evaluation of physical unclonable functions," in Proc. 9th Int. Conf. on Information and Communication Technology, ICoICT'2021, pp. 429-433, Yogyakarta, Indonesia, 3-5 Aug. 2021.