Side-Channel Analysis of PUFs and Fuzzy Extractors

  • Dominik Merli
  • Dieter Schuster
  • Frederic Stumpf
  • Georg Sigl
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6740)


Embedded security systems based on Physical Unclonable Functions (PUFs) offer interesting protection properties, such as tamper resistance and unclonability. However, to establish PUFs as a high security primitive in the long run, their vulnerability to side-channel attacks has to be investigated. For this purpose, we analysed the side-channel leakage of PUF architectures and fuzzy extractor implementations. We identified several attack vectors within common PUF constructions and introduce two side-channel attacks on fuzzy extractors. Our proof-of-concept attack on an FPGA implementation of a fuzzy extractor shows that it is possible to extract the cryptographic key derived from a PUF by side-channel analysis.


Physical Unclonable Function (PUF) Side-Channel Analysis (SCA) Fuzzy Extractor Helper Data FPGA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bösch, C., Guajardo, J., Sadeghi, A.-R., Shokrollahi, J., Tuyls, P.: Efficient helper data key extractor on fpgas. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 181–197. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Dai, J., Wang, L.: A study of side-channel effects in reliability-enhancing techniques. In: Proceedings of the 2009 24th IEEE International Symposium on Defect and Fault Tolerance in VLSI Systems, DFT 2009, pp. 236–244. IEEE Computer Society, Washington, DC (2009)CrossRefGoogle Scholar
  3. 3.
    Dodis, Y., Ostrovsky, R., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate strong keys from biometrics and other noisy data. SIAM J. Comput. 38(1), 97–139 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  5. 5.
    Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: WOST 1999: Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, pages 2–2. USENIX Association, Berkeley (1999)Google Scholar
  6. 6.
    Lim, D., Lee, J.W., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: Extracting secret keys from integrated circuits. IEEE Transactions on Very Large Scale Integration (VLSI) Systems 13(10), 1200–1205 (2005)CrossRefGoogle Scholar
  7. 7.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-overhead implementation of a soft decision helper data algorithm for sram pufs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Majzoobi, M., Koushanfar, F., Potkonjak, M.: Lightweight secure pufs. In: ICCAD 2008: Proceedings of the 2008 IEEE/ACM International Conference on Computer-Aided Design, pp. 670–673. IEEE Press, Piscataway (2008)CrossRefGoogle Scholar
  9. 9.
    Merli, D., Stumpf, F., Eckert, C.: Improving the quality of ring oscillator pufs on fpgas. In: 5th Workshop on Embedded Systems Security (WESS 2010). ACM Press, Scottsdale (2010)Google Scholar
  10. 10.
    Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)CrossRefGoogle Scholar
  11. 11.
    Peeters, E., Standaert, F.-X., Quisquater, J.-J.: Power and electromagnetic analysis: Improved model, consequences and comparisons. Integration 40(1), 52–60 (2007)Google Scholar
  12. 12.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 237–249. ACM Press, New York (2010)CrossRefGoogle Scholar
  13. 13.
    Rührmair, U., Sölter, J., Sehnke, F.: On the foundations of physical unclonable functions. Cryptology ePrint Archive, Report 2009/277 (2009),
  14. 14.
    Sauvage, L., Guilley, S., Mathieu, Y.: Electromagnetic radiations of fpgas: High spatial resolution cartography and attack on a cryptographic module. ACM Trans. Reconfigurable Technol. Syst., 2:4:1–4:24 (March 2009)Google Scholar
  15. 15.
    Skorobogatov, S.: Flash memory ‘Bumping” attacks. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 158–172. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Suh, G.E., Devadas, S.: Physical unclonable functions for device authentication and secret key generation. In: 44th ACM/IEEE Design Automation Conference, DAC 2007, pp. 9–14 (2007)Google Scholar
  17. 17.
    Tuyls, P., Škorić, B.: Strong Authentication with Physical Unclonable Functions. In: Petkovi, M., Jonker, W. (eds.) Security, Privacy and Trust in Modern Data Management. Data-Centric Systems and Applications. Springer, Heidelberg (2007)Google Scholar
  18. 18.
    Tuyls, P., Škorić, B., Stallinga, S., Akkermans, A.H.M., Ophey, W.: Information-theoretic security analysis of physical uncloneable functions. In: S. Patrick, A., Yung, M. (eds.) FC 2005. LNCS, vol. 3570, pp. 141–155. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Dominik Merli
    • 1
  • Dieter Schuster
    • 1
  • Frederic Stumpf
    • 1
  • Georg Sigl
    • 2
  1. 1.Fraunhofer Institute for Secure Information TechnologyMunichGermany
  2. 2.Institute for Security in Information TechnologyTechnische Universität MünchenMunichGermany

Personalised recommendations