Side-Channel Analysis of PUFs and Fuzzy Extractors
Embedded security systems based on Physical Unclonable Functions (PUFs) offer interesting protection properties, such as tamper resistance and unclonability. However, to establish PUFs as a high security primitive in the long run, their vulnerability to side-channel attacks has to be investigated. For this purpose, we analysed the side-channel leakage of PUF architectures and fuzzy extractor implementations. We identified several attack vectors within common PUF constructions and introduce two side-channel attacks on fuzzy extractors. Our proof-of-concept attack on an FPGA implementation of a fuzzy extractor shows that it is possible to extract the cryptographic key derived from a PUF by side-channel analysis.
Side-Channel Analysis of PUFs and Fuzzy Extractors
4th International Conference on Trust and Trustworthy Computing (Trust 2011)
| Authors: | Dominik Merli, Dieter Schuster, Frederic Stumpf, and Georg Sigl |
| Year/month: | 2011/6 |
| Booktitle: | 4th International Conference on Trust and Trustworthy Computing (Trust 2011) |
| Series: | Lecture Notes in Computer Science |
| Address: | Pittsburgh, PA USA |
| Publisher: | Springer-Verlag |
| Note: | accepted for publication |
| Fulltext: |
Abstract |
|
| Embedded security systems based on Physical Unclonable Functions (PUFs) offer interesting protection properties, such as tamper resistance and unclonability. However, to establish PUFs as a high security primitive in the long run, their vulnerability to side-channel attacks has to be investigated. For this purpose, we analysed the side-channel leakage of PUF architectures and fuzzy extractor implementations. We identified several attack vectors within common PUF constructions and introduce two side-channel attacks on fuzzy extractors. Our proof-of-concept attack on an FPGA implementation of a fuzzy extractor shows that it is possible to extract the cryptographic key derived from a PUF by side-channel analysis. | |
Bibtex:
@inproceedings { Trust2011,author = { Dominik Merli and Dieter Schuster and Frederic Stumpf and Georg Sigl},
title = { Side-Channel Analysis of PUFs and Fuzzy Extractors },
year = { 2011 },
month = { June },
booktitle = { 4th International Conference on Trust and Trustworthy Computing (Trust 2011) },
series = { Lecture Notes in Computer Science },
address = { Pittsburgh, PA USA },
note = { accepted for publication },
publisher = { Springer-Verlag },
}