Visible to the public A Modeling Attack Resistant Deception Technique for Securing PUF based Authentication

TitleA Modeling Attack Resistant Deception Technique for Securing PUF based Authentication
Publication TypeConference Paper
Year of Publication2019
AuthorsGu, Chongyan, Chang, Chip Hong, Liu, Weiqiang, Yu, Shichao, Ma, Qingqing, O'Neill, Maire
Conference Name2019 Asian Hardware Oriented Security and Trust Symposium (AsianHOST)
Date Publisheddec
Keywordsactive deception protocol, attack resistant deception technique, authentic CRP, authentication, authentication protocol, binary channel, Buildings, challenge response pairs, cryptographic protocols, false PUF multiplexing, false trust, Generators, learning (artificial intelligence), machine learning attacks, ML attack, Multiplexing, mutual authentication, physical unclonable function (PUF), physical unclonable function-based authentication protocol, policy-based governance, Policy-Governed Secure Collaboration, Protocols, pubcrawl, PUF-based authentication method, Registers, replay attacks, resilience, Resiliency, Resistance, resource-rich server authentication, Scalability, Servers

Due to practical constraints in preventing phishing through public network or insecure communication channels, simple physical unclonable function (PDF)-based authentication protocol with unrestricted queries and transparent responses is vulnerable to modeling and replay attacks. In this paper, we present a PUF-based authentication method to mitigate the practical limitations in applications where a resource-rich server authenticates a device with no strong restriction imposed on the type of PUF designs or any additional protection on the binary channel used for the authentication. Our scheme uses an active deception protocol to prevent machine learning (ML) attacks on a device. The monolithic system makes collection of challenge response pairs (CRPs) easy for model building during enrollment but prohibitively time consuming upon device deployment. A genuine server can perform a mutual authentication with the device at any time with a combined fresh challenge contributed by both the server and the device. The message exchanged in clear does not expose the authentic CRPs. The false PUF multiplexing is fortified against prediction of waiting time by doubling the time penalty for every unsuccessful authentication.

Citation Keygu_modeling_2019