Semi-invasive EM attack on FPGA RO PUFs and countermeasures

Authors:
Dominik Merli;Dieter Schuster;Frederic Stumpf;Georg Sigl
Affiliations:
Fraunhofer Research Institution AISEC, Munich, Germany;Fraunhofer Research Institution AISEC, Munich, Germany;Fraunhofer Research Institution AISEC, Munich, Germany;Institute for Security in Information Technology, TU München, Munich, Germany
Venue:
WESS '11 Proceedings of the Workshop on Embedded Systems Security
Year:
2011

Citing 12
Cited 0

Silicon physical random functions

Proceedings of the 9th ACM conference on Computer and communications security
Physical unclonable functions for device authentication and secret key generation

Proceedings of the 44th annual Design Automation Conference
Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data

SIAM Journal on Computing
FPGA Intrinsic PUFs and Their Use for IP Protection

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Electromagnetic Radiations of FPGAs: High Spatial Resolution Cartography and Attack on a Cryptographic Module

ACM Transactions on Reconfigurable Technology and Systems (TRETS)
Extended abstract: The butterfly PUF protecting IP on every FPGA

HST '08 Proceedings of the 2008 IEEE International Workshop on Hardware-Oriented Security and Trust
Modeling attacks on physical unclonable functions

Proceedings of the 17th ACM conference on Computer and communications security
Improving the quality of ring oscillator PUFs on FPGAs

WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Optical Fault Masking Attacks

FDTC '10 Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography
Side-channel analysis of PUFs and fuzzy extractors

TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Offline hardware/software authentication for reconfigurable platforms

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Read-proof hardware from protective coatings

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

It is often argued that Physical Unclonable Functions (PUFs) are resistant against invasive and semi-invasive attacks since these attacks would damage the underlying PUF structure resulting in a different PUF response. In this paper, we demonstrate exemplarily that this assumption does not hold for a Ring Oscillator (RO) PUF implemented on a Xilinx Spartan 3 FPGA, where we were able to perform a semi-invasive attack. We present analysis methods to identify ring oscillator frequencies and to map them to their corresponding oscillators. We practically prove that it is possible to recover the generated RO PUF response bits with this approach. To harden RO PUFs against side-channel analysis, we also propose a RO PUF concept not leaking useful information through the side-channel of electro-magnetic radiation.