A machine learning-based security vulnerability study of XOR Arbiter PUFs for resource-constraints internet of things



Journal Title

Journal ISSN

Volume Title



The newly appearing Physical Unclonable Function (PUF) is a new method for improving security in physical systems and addressing the problems associated with traditional cryptographic approaches that rely on non-volatile memory for storing secret keys. It utilizes the manufacturing variations in integrated circuits to produce responses unique for individual PUF devices, and are not reproducible even by the PUF manufacturer, or anyone who obtained the PUF circuit design, hence possessing great potential to achieve secure authentication.

PUFs of different designs have different properties, and it is essential for secure application developers who utilize PUFs in their applications to have a good knowledge of all important properties of PUFs. Therefore, investigating these properties provide valuable information for PUF designers and researchers to discover potential risks and develop new PUFs designs that eliminate or reduce some of the weaknesses of existing PUFs. One type of PUF properties, such as randomness, diffuseness, uniqueness, etc., can be examined and measured directly from silicon implementation, while the other type, i.e., mathematical clonability, needs to be examined by means of intensive computation to determine information leakage of PUF circuit design. Both types are important and complementary, and the later reveals severe consequences of potential insecurity. This line of thought is one main motivation of this dissertation research in examining the breakability of the state-of-the-art PUFs.

XOR Arbiter PUFs are a class of delay-based PUFs that are among the most resistant types of PUFs against mathematical clonability. The dissertation introduces an efficient approach to break XOR Arbiter PUFs using a modified version of neural network-based machine learning method, leading to the discovery of a vulnerability of XOR arbiter PUFs, that can handle datasets larger than memory capacity. This machine learning method, presented in chapter 3, employs a technique for handling dataset beyond memory capacity that was first introduced in our unsupervised learning method for efficient clustering of big datasets, presented in chapter 4. To further enhance the machine learning PUF breaking method and unsupervised learning method, a general algorithmic procedure is developed for how to utilize non blocking IO operations to speed up processing large disk-resident big datasets, presented in chapter 5. Finally, the conclusion of the dissertation in presented chapter conclusion.



Physical unclonable functions, Hardware security, Machine learning, Internet of things