Abstract
Physical unclonable functions (PUFs) are emerging as a promising class of hardware primitives for delivering security for IoT devices. Cryptographic key-based security mechanisms are heavyweight by demanding resources more than many resource-constraint IoT devices can provide, and are also vulnerable to side-channel invasive attacks. PUFs utilize integrated circuits' manufacturing variations to produce responses unique for individual devices, and hence cannot be reproduced. An important goal of security research is to discover all possible insecure risks, which can provide secure application developers useful information so that they can avoid the risk-containing components or mechanisms. While physically unclonable, some PUFs have been found to be mathematically clonable by machine learning methods. Large XOR arbiter PUFs is one group of PUFs that were shown to withstand existing attack methods unless long training time is used in the machine learning process. In this paper, we investigate the effectiveness of a neural network method in attacking large XOR PUFs, a neural network method modified to handle training datasets possibly larger than memory capacity. Our study shows that the modified neural network method attains high prediction accuracy while consuming substantially less time for large XOR PUFs than the fastest machine learning code used in all earlier studies known to us. Some of the large XOR PUFs that took existing machine learning codes several days of parallel computing time on high-performance computing servers have been broken by our method in less than two hours, indicating vulnerability of even large XOR PUFs. Discovery of all potential vulnerabilities of a PUF is important since secure application developers need such information for deciding which PUF to choose, and an unidentified vulnerability can lead to security risks for IoT devices.