Latent Space Modeling for Cloning Encrypted PUF-Based Authentication

  • Vishalini Laguduva RamnathEmail author
  • Sathyanarayanan N. Aakur
  • Srinivas Katkoori
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 574)


Physically Unclonable Functions (PUFs) have emerged as a lightweight, viable security protocol in the Internet of Things (IoT) framework. While there have been recent works on crypt-analysis of PUF-based models, they require physical access to the device and knowledge of the underlying architecture along with unlimited access to the challenge-response pairs in plain text without encryption. In this work, we are the first to tackle the problem of encrypted PUF-based authentication in an IoT framework. We propose a novel, generative framework based on variational autoencoders that is PUF architecture-independent and can handle encryption protocols on the transmitted CRPs. We show that the proposed framework can successfully clone three (3) different PUF architectures encrypted using two (2) different encryption protocols in DES and AES. We also show that the proposed approach outperforms a brute-force machine learning-based attack model by over \(20\%\).


Physically Unclonable Function Cloning Encryption Latent space modeling 


  1. 1.
    Aman, M.N., Chua, K.C., Sikdar, B.: Hardware primitives-based security protocols for the internet of things. In: Cryptographic Security Solutions for the Internet of Things, pp. 117–141. IGI Global (2019)Google Scholar
  2. 2.
    Aman, M.N., Taneja, S., Sikdar, B., Chua, K.C., Alioto, M.: Token-based security for the internet of things with dynamic energy-quality tradeoff. IEEE Internet Things J. 6(2), 2843–2859 (2018)CrossRefGoogle Scholar
  3. 3.
    Aman, M.N., Chua, K.C., Sikdar, B.: Position paper: physical unclonable functions for IoT security. In: Proceedings of the 2nd ACM International Workshop on IoT Privacy, Trust, and Security, pp. 10–13. ACM (2016)Google Scholar
  4. 4.
    Becker, G.T., Kumar, R., et al.: Active and passive side-channel attacks on delay based PUF designs. IACR Cryptology ePrint Archive 2014, 287 (2014)Google Scholar
  5. 5.
    Bokefode, J.D., Bhise, A.S., Satarkar, P.A., Modani, D.G.: Developing a secure cloud storage system for storing IoT data by applying role based encryption. Procedia Comput. Sci. 89, 43–50 (2016)CrossRefGoogle Scholar
  6. 6.
    Braeken, A.: PUF based authentication protocol for IoT. Symmetry 10(8), 352 (2018)CrossRefGoogle Scholar
  7. 7.
    Chatterjee, U., Chakraborty, R.S., Mukhopadhyay, D.: A PUF-based secure communication protocol for IoT. ACM Trans. Embed. Comput. Syst. (TECS) 16(3), 67 (2017)Google Scholar
  8. 8.
    Chatterjee, U., et al.: Building PUF based authentication and key exchange protocol for IoT without explicit CRPs in verifier database. IEEE Trans. Dependable Secure Comput. 16(3), 424–437 (2018)CrossRefGoogle Scholar
  9. 9.
    Coppersmith, D.: The data encryption standard (DES) and its strength against attacks. IBM J. Res. Dev. 38(3), 243–250 (1994)CrossRefGoogle Scholar
  10. 10.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES-the Advanced Encryption Standard. Springer, Heidelberg (2013). Scholar
  11. 11.
    Delvaux, J., Verbauwhede, I.: Side channel modeling attacks on 65nm arbiter PUFs exploiting CMOS device noise. In: 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), pp. 137–142. IEEE (2013)Google Scholar
  12. 12.
    Ganji, F., Tajik, S., Fäßler, F., Seifert, J.P.: Strong machine learning attack against PUFs with no mathematical model. Cryptology ePrint Archive, Report 2016/606 (2016).
  13. 13.
    Gao, Y., et al.: Obfuscated challenge-response: a secure lightweight authentication mechanism for PUF-based pervasive devices. In: 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), pp. 1–6. IEEE (2016)Google Scholar
  14. 14.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Controlled physical random functions. In: Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC 2002, pp. 149–160. IEEE Computer Society, Washington (2002).
  15. 15.
    Gassend, B., Clarke, D., Van Dijk, M., Devadas, S.: Silicon physical random functions. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 148–160. ACM (2002)Google Scholar
  16. 16.
    Herder, C., Yu, M.D., Koushanfar, F., Devadas, S.: Physical unclonable functions and applications: a tutorial. Proc. IEEE 102(8), 1126–1141 (2014). Scholar
  17. 17.
    Idriss, T., Idriss, H., Bayoumi, M.: A PUF-based paradigm for IoT security. In: 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), pp. 700–705. IEEE (2016)Google Scholar
  18. 18.
    Ishai, Y., Prabhakaran, M., Sahai, A., Wagner, D.: Private circuits II: keeping secrets in tamperable circuits. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 308–327. Springer, Heidelberg (2006). Scholar
  19. 19.
    Mahmoud, A., Rührmair, U., Majzoobi, M., Koushanfar, F.: Combined Modeling and Side Channel Attacks on Strong PUFs. Cryptology ePrint Archive, Report 2013/632 (2013).
  20. 20.
    Ostrovsky, R., Scafuro, A., Visconti, I., Wadia, A.: Universally composable secure computation with (malicious) physically uncloneable functions. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 702–718. Springer, Heidelberg (2013). Scholar
  21. 21.
    Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002). Scholar
  22. 22.
    Rostami, M., Majzoobi, M., Koushanfar, F., Wallach, D.S., Devadas, S.: Robust and reverse-engineering resilient PUF authentication and key-exchange by substring matching. IEEE Trans. Emerg. Top. Comput. 2(1), 37–49 (2014)CrossRefGoogle Scholar
  23. 23.
    Rührmair, U.: Oblivious transfer based on physical unclonable functions. In: Acquisti, A., Smith, S.W., Sadeghi, A.-R. (eds.) Trust 2010. LNCS, vol. 6101, pp. 430–440. Springer, Heidelberg (2010). Scholar
  24. 24.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 237–249. ACM, New York (2010).
  25. 25.
    Rührmair, U., Xu, X., Sölter, J., Mahmoud, A., Koushanfar, F., Burleson, W.: Power and Timing Side Channels for PUFs and their Efficient Exploitation. Cryptology ePrint Archive, Report 2013/851 (2013).
  26. 26.
    Rührmair, U., Holcomb, D.E.: PUFs at a glance. In: Proceedings of the Conference on Design, Automation & Test in Europe, p. 347. European Design and Automation Association (2014)Google Scholar
  27. 27.
    Sehgal, A., Perelman, V., Kuryla, S., Schonwalder, J.: Management of resource constrained devices in the internet of things. IEEE Commun. Mag. 50(12), 144–149 (2012)CrossRefGoogle Scholar
  28. 28.
    Stallings, W., Brown, L., Bauer, M.D., Bhattacharjee, A.K.: Computer Security: Principles and Practice. Pearson Education, London (2012)Google Scholar
  29. 29.
    Stergiou, C., Psannis, K.E., Kim, B.G., Gupta, B.: Secure integration of IoT and cloud computing. Future Gener. Comput. Syst. 78, 964–975 (2018)CrossRefGoogle Scholar
  30. 30.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 2007 44th ACM/IEEE Design Automation Conference, pp. 9–14, June 2007Google Scholar
  31. 31.
    Suo, H., Wan, J., Zou, C., Liu, J.: Security in the internet of things: a review. In: 2012 International Conference on Computer Science and Electronics Engineering, vol. 3, pp. 648–651. IEEE (2012)Google Scholar
  32. 32.
    Wang, X., Zhang, J., Schooler, E.M., Ion, M.: Performance evaluation of attribute-based encryption: toward data privacy in the IoT. In: 2014 IEEE International Conference on Communications (ICC), pp. 725–730. IEEE (2014)Google Scholar
  33. 33.
    Yang, K., Forte, D., Tehranipoor, M.: Protecting endpoint devices in IoT supply chain. In: Proceedings of the IEEE/ACM International Conference on Computer-Aided Design, pp. 351–356. IEEE Press (2015)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2020

Authors and Affiliations

  • Vishalini Laguduva Ramnath
    • 1
    Email author
  • Sathyanarayanan N. Aakur
    • 1
    • 2
  • Srinivas Katkoori
    • 1
  1. 1.Department of Computer Science and EngineeringUniversity of South FloridaTampaUSA
  2. 2.Department of Computer ScienceOklahoma State UniversityStillwaterUSA

Personalised recommendations