On the physical security of physically unclonable functions [article]

Shahin Tajik, Technische Universität Berlin, Technische Universität Berlin, Jean-Pierre Seifert
Reconfigurable hardware is the primary component of electronic embedded devices employed in several applications ranging from wireless communication to cloud computing. Due to their significant role these modern platforms are targets of intellectual property (IP) piracy and tampering. Cloning of a design or manipulation of its content is carried out by conducting physical attacks (e.g., side-channel analysis and fault attacks) against these devices. Although different countermeasures against
more » ... sical attacks have been integrated into the modern reconfigurable hardware, a proper protection mechanism on these platforms against semi-invasive attacks conducted from the chip backside is still missing. The main and foremost reason that the chip backside protection is ignored by the vendors is the misconception that semi-invasive attacks cannot be scaled to the very latest nanoscale technologies without further effort and cost. Moreover, it is assumed that integrating novel hardware intrinsic-based solutions for key storage, such as Physically Unclonable Functions (PUFs), make the conventional semi-invasive memory readout techniques virtually impossible. In this work, we investigate the susceptibility of Intrinsic PUF implementations on reconfigurable hardware to optical semi-invasive attacks from the chip backside. We conduct different classes of optical attacks, particularly photonic emission analysis, laser fault injection, and optical contactless probing. By applying these techniques, we demonstrate that the secrets generated by a PUF can be predicted, manipulated or directly probed without affecting the behavior of the PUF. We further discuss the cost and feasibility of launching such attacks against the very latest hardware technologies in a real scenario. We discuss why PUFs are not tamper-evident in their current configuration, and therefore, PUFs alone cannot raise the security level of key storage, as one would expect in the first place. Moreover, we review the potential and already realized countermeasures, [...]
doi:10.14279/depositonce-6175 fatcat:k7hzpko6e5fy7fgv5vwvzurztm