A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication

We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown prot...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:IEEE transactions on multi-scale computing systems 2016-07, Vol.2 (3), p.146-159
Hauptverfasser: Yu, Meng-Day, Hiller, Matthias, Delvaux, Jeroen, Sowell, Richard, Devadas, Srinivas, Verbauwhede, Ingrid
Format: Artikel
Sprache:eng
Schlagworte:
Authentication
computationally unrestricted adversary
Cryptography
heuristic security
machine learning
Manufacturing
Physical unclonable function
probably approximately correct (PAC) learning
Protocols
Servers
Silicon
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 159
container_issue 3
container_start_page 146
container_title IEEE transactions on multi-scale computing systems
container_volume 2
creator Yu, Meng-Day
Hiller, Matthias
Delvaux, Jeroen
Sowell, Richard
Devadas, Srinivas
Verbauwhede, Ingrid
description We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosen-challenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1,000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework.
doi_str_mv 10.1109/TMSCS.2016.2553027
format Article
fullrecord <record><control><sourceid>crossref_RIE</sourceid><recordid>TN_cdi_ieee_primary_7450665</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>7450665</ieee_id><sourcerecordid>10_1109_TMSCS_2016_2553027</sourcerecordid><originalsourceid>FETCH-LOGICAL-c311t-3f929e9526597bb8edf72b3e38bba7b0dedb8b62a207f27b11fc63a5bee4a89a3</originalsourceid><addsrcrecordid>eNpNkM1OAjEUhRujiQR5Ad30BQb7Q9uZJSGiJkMkAeJy0nZumfrTameQ-PYOQoybe-7ifGfxIXRNyZhSUtyuF6vZaswIlWMmBCdMnaEB45xlSkl5_u-_RKO2fSGkrxLClRig5ykuo32t4z7gNdgm-M8d4C7iZYIvCB1eaNv4ALgEnYIPWxwDXm7mLXYx4dJvm24Ph4unu67pAW9152O4QhdOv7UwOuUQbeZ369lDVj7dP86mZWY5pV3GXcEKKASTolDG5FA7xQwHnhujlSE11CY3kmlGlGPKUOqs5FoYgInOC82HiB13bYptm8BVH8m_6_RdUVId7FS_dqqDnepkp4dujpAHgD9ATQSRUvAftYBiFQ</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication</title><source>IEEE Electronic Library (IEL)</source><creator>Yu, Meng-Day ; Hiller, Matthias ; Delvaux, Jeroen ; Sowell, Richard ; Devadas, Srinivas ; Verbauwhede, Ingrid</creator><creatorcontrib>Yu, Meng-Day ; Hiller, Matthias ; Delvaux, Jeroen ; Sowell, Richard ; Devadas, Srinivas ; Verbauwhede, Ingrid</creatorcontrib><description>We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosen-challenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1,000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework.</description><identifier>ISSN: 2332-7766</identifier><identifier>EISSN: 2332-7766</identifier><identifier>DOI: 10.1109/TMSCS.2016.2553027</identifier><identifier>CODEN: ITMCFM</identifier><language>eng</language><publisher>IEEE</publisher><subject>Authentication ; computationally unrestricted adversary ; Cryptography ; heuristic security ; machine learning ; Manufacturing ; Physical unclonable function ; probably approximately correct (PAC) learning ; Protocols ; Servers ; Silicon</subject><ispartof>IEEE transactions on multi-scale computing systems, 2016-07, Vol.2 (3), p.146-159</ispartof><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c311t-3f929e9526597bb8edf72b3e38bba7b0dedb8b62a207f27b11fc63a5bee4a89a3</citedby><cites>FETCH-LOGICAL-c311t-3f929e9526597bb8edf72b3e38bba7b0dedb8b62a207f27b11fc63a5bee4a89a3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/7450665$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>314,780,784,796,27924,27925,54758</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/7450665$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Yu, Meng-Day</creatorcontrib><creatorcontrib>Hiller, Matthias</creatorcontrib><creatorcontrib>Delvaux, Jeroen</creatorcontrib><creatorcontrib>Sowell, Richard</creatorcontrib><creatorcontrib>Devadas, Srinivas</creatorcontrib><creatorcontrib>Verbauwhede, Ingrid</creatorcontrib><title>A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication</title><title>IEEE transactions on multi-scale computing systems</title><addtitle>TMSCS</addtitle><description>We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosen-challenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1,000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework.</description><subject>Authentication</subject><subject>computationally unrestricted adversary</subject><subject>Cryptography</subject><subject>heuristic security</subject><subject>machine learning</subject><subject>Manufacturing</subject><subject>Physical unclonable function</subject><subject>probably approximately correct (PAC) learning</subject><subject>Protocols</subject><subject>Servers</subject><subject>Silicon</subject><issn>2332-7766</issn><issn>2332-7766</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2016</creationdate><recordtype>article</recordtype><sourceid>RIE</sourceid><recordid>eNpNkM1OAjEUhRujiQR5Ad30BQb7Q9uZJSGiJkMkAeJy0nZumfrTameQ-PYOQoybe-7ifGfxIXRNyZhSUtyuF6vZaswIlWMmBCdMnaEB45xlSkl5_u-_RKO2fSGkrxLClRig5ykuo32t4z7gNdgm-M8d4C7iZYIvCB1eaNv4ALgEnYIPWxwDXm7mLXYx4dJvm24Ph4unu67pAW9152O4QhdOv7UwOuUQbeZ369lDVj7dP86mZWY5pV3GXcEKKASTolDG5FA7xQwHnhujlSE11CY3kmlGlGPKUOqs5FoYgInOC82HiB13bYptm8BVH8m_6_RdUVId7FS_dqqDnepkp4dujpAHgD9ATQSRUvAftYBiFQ</recordid><startdate>201607</startdate><enddate>201607</enddate><creator>Yu, Meng-Day</creator><creator>Hiller, Matthias</creator><creator>Delvaux, Jeroen</creator><creator>Sowell, Richard</creator><creator>Devadas, Srinivas</creator><creator>Verbauwhede, Ingrid</creator><general>IEEE</general><scope>97E</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>201607</creationdate><title>A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication</title><author>Yu, Meng-Day ; Hiller, Matthias ; Delvaux, Jeroen ; Sowell, Richard ; Devadas, Srinivas ; Verbauwhede, Ingrid</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c311t-3f929e9526597bb8edf72b3e38bba7b0dedb8b62a207f27b11fc63a5bee4a89a3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2016</creationdate><topic>Authentication</topic><topic>computationally unrestricted adversary</topic><topic>Cryptography</topic><topic>heuristic security</topic><topic>machine learning</topic><topic>Manufacturing</topic><topic>Physical unclonable function</topic><topic>probably approximately correct (PAC) learning</topic><topic>Protocols</topic><topic>Servers</topic><topic>Silicon</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Yu, Meng-Day</creatorcontrib><creatorcontrib>Hiller, Matthias</creatorcontrib><creatorcontrib>Delvaux, Jeroen</creatorcontrib><creatorcontrib>Sowell, Richard</creatorcontrib><creatorcontrib>Devadas, Srinivas</creatorcontrib><creatorcontrib>Verbauwhede, Ingrid</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><jtitle>IEEE transactions on multi-scale computing systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Yu, Meng-Day</au><au>Hiller, Matthias</au><au>Delvaux, Jeroen</au><au>Sowell, Richard</au><au>Devadas, Srinivas</au><au>Verbauwhede, Ingrid</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication</atitle><jtitle>IEEE transactions on multi-scale computing systems</jtitle><stitle>TMSCS</stitle><date>2016-07</date><risdate>2016</risdate><volume>2</volume><issue>3</issue><spage>146</spage><epage>159</epage><pages>146-159</pages><issn>2332-7766</issn><eissn>2332-7766</eissn><coden>ITMCFM</coden><abstract>We present a lightweight PUF-based authentication approach that is practical in settings where a server authenticates a device, and for use cases where the number of authentications is limited over a device's lifetime. Our scheme uses a server-managed challenge/response pair (CRP) lockdown protocol: unlike prior approaches, an adaptive chosen-challenge adversary with machine learning capabilities cannot obtain new CRPs without the server's implicit permission. The adversary is faced with the problem of deriving a PUF model with a limited amount of machine learning training data. Our system-level approach allows a so-called strong PUF to be used for lightweight authentication in a manner that is heuristically secure against today's best machine learning methods through a worst-case CRP exposure algorithmic validation. We also present a degenerate instantiation using a weak PUF that is secure against computationally unrestricted adversaries, which includes any learning adversary, for practical device lifetimes and read-out rates. We validate our approach using silicon PUF data, and demonstrate the feasibility of supporting 10, 1,000, and 1M authentications, including practical configurations that are not learnable with polynomial resources, e.g., the number of CRPs and the attack runtime, using recent results based on the probably-approximately-correct (PAC) complexity-theoretic framework.</abstract><pub>IEEE</pub><doi>10.1109/TMSCS.2016.2553027</doi><tpages>14</tpages><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier ISSN: 2332-7766
ispartof IEEE transactions on multi-scale computing systems, 2016-07, Vol.2 (3), p.146-159
issn 2332-7766
2332-7766
language eng
recordid cdi_ieee_primary_7450665
source IEEE Electronic Library (IEL)
subjects Authentication
computationally unrestricted adversary
Cryptography
heuristic security
machine learning
Manufacturing
Physical unclonable function
probably approximately correct (PAC) learning
Protocols
Servers
Silicon
title A Lockdown Technique to Prevent Machine Learning on PUFs for Lightweight Authentication
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-29T01%3A39%3A39IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref_RIE&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=A%20Lockdown%20Technique%20to%20Prevent%20Machine%20Learning%20on%20PUFs%20for%20Lightweight%20Authentication&rft.jtitle=IEEE%20transactions%20on%20multi-scale%20computing%20systems&rft.au=Yu,%20Meng-Day&rft.date=2016-07&rft.volume=2&rft.issue=3&rft.spage=146&rft.epage=159&rft.pages=146-159&rft.issn=2332-7766&rft.eissn=2332-7766&rft.coden=ITMCFM&rft_id=info:doi/10.1109/TMSCS.2016.2553027&rft_dat=%3Ccrossref_RIE%3E10_1109_TMSCS_2016_2553027%3C/crossref_RIE%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=7450665&rfr_iscdi=true