Lightweight and Machine Learning Attack Resistant Physical Unclonable Functions

Abstract: More and more embedded devices such as smart home appliances are being connected to the Internet. Implementing lightweight security at a low cost thus becomes increasingly relevant to prevent malicious network entries using less protected devices. Physical Unclonable Functions (PUFs), and more specifically Arbiter Physical Unclonable Functions (APUFs), are cryptographic primitives that have looked promising for achieving the mentioned requirements. Unfortunately, the APUF as well as many constructions based on it have either been shown weak to machine learning modeling attacks or are not sufficiently lightweight to fit on small embedded devices. Throughout the thesis, software called PyPuf has been used to simulate APUFs. By implementing file parsing in PyPuf it is now possible to generate a software model of an APUF realized in hardware. This thesis explores methods of protecting the APUF from machine learning modeling attacks. Together with a team of researchers at KTH, Royal Institute of Technology in Stockholm, I propose a lightweight PUF construction called the Cyclic Redundancy Check Physical Unclonable Function (CRC-PUF), in which inputs are obfuscated using a technique based on a Cyclic Redundancy Check (CRC). By changing the CRC generator polynomial between input evaluations, the probability of successfully recovering the obfuscated input is at most 2−86 for 128-bit inputs. The output protection technique of combining multiple APUF chains was also explored by comparing XOR with majority vote.