MXPUF: Secure PUF Design against State-of-the-art Modeling Attacks

Silicon Physical Unclonable Functions (PUFs) have been proposed as an emerging hardware security primitive in various security applications such as device identification, authentication, and cryptographic key generation. Current so-called ‘strong’ PUFs, which allow a large challenge response space, are compositions of Arbiter PUFs (APUFs), e.g. the x-XOR APUF. Wide scale deployment of state-ofthe-art compositions of APUFs, however, has stagnated due to various mathematical and physical attacks leading to software models that break the unclonability property of PUFs. The current state-of-the-art attack by Becker, CHES 2015, shows that the XOR APUF can be broken by modeling its APUF components separately thanks to CMA-ES, a machine learning algorithm, based on reliability information of measured XOR APUF responses. Thus, it is an important problem to design a strong PUF which can resist not only traditional modeling attacks but also Becker’s attack. In this paper, we propose a new strong PUF design called (x, y)-MXPUF, which consists of two layers; the upper layer is an n-bit x-XOR APUF, and the lower layer is an (n+1)-bit y-XOR APUF. The response of x-XOR APUF for an n-bit challenge c in the upper layer is inserted at the middle of c to construct a new (n + 1)-bit challenge for the y-XOR APUF in the lower layer giving the final response bit of the (x, y)-MXPUF. The reliability of (x, y)-MXPUF can be theoretically and experimentally shown to be twice the reliability of (x + y)-XOR PUF. In the context of traditional modeling attacks, when we keep the same hardware size, the security of (x, y)-MXPUF is only slightly weaker than that of (x+ y)-XOR PUF. Our main contribution proves that the (x, y)-MXPUF is secure against Becker’s attack.