A lightweight PUF-based authentication protocol

Gaoxiang Li; Yu Zhuang

arxiv: 2405.13146 · v1 · submitted 2024-05-21 · 💻 cs.CR

A lightweight PUF-based authentication protocol

Yu Zhuang , Gaoxiang Li This is my paper

Pith reviewed 2026-05-24 01:10 UTC · model grok-4.3

classification 💻 cs.CR

keywords lightweight authenticationphysical unclonable functionarbiter PUFmodeling attacksIoT securitychallenge obfuscationco-design

0 comments

The pith

An arbiter PUF with zero-transistor challenge obfuscation resists modeling attacks when the protocol supplies the required condition.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper sets out a co-design of hardware and protocol for lightweight authentication on resource-limited IoT devices. An arbiter PUF is augmented by a zero-transistor interface that conceals the actual challenge bits presented to the PUF. This combination yields modeling-attack resistance once a stated condition is satisfied. The protocol is constructed to enforce exactly that condition while adding almost no area or operational cost. The result is an authentication method that stays simple and small yet blocks the attacks that normally defeat arbiter PUFs.

Core claim

The obfuscated PUF possesses rigorously proven potential and experimentally supported performance against modeling attacks when a condition is met, and the protocol provides the condition required by the PUF and leverages the PUF's modeling resistance to arrive at low resource overhead and high operational simplicity.

What carries the argument

The zero-transistor interface that obfuscates true challenge bits fed to the arbiter PUF, together with the protocol that enforces the modeling-resistance condition.

Load-bearing premise

The protocol can reliably enforce the specific condition needed for the obfuscated PUF's modeling resistance without creating new vulnerabilities or extra overhead.

What would settle it

A successful modeling attack on the system when the protocol is followed exactly, or a measurement showing that the zero-transistor interface does not sufficiently hide challenge bits.

Figures

Figures reproduced from arXiv: 2405.13146 by Gaoxiang Li, Yu Zhuang.

read the original abstract

Lightweight authentication is essential for resource-constrained Internet-of-Things (IoT). Implementable with low resource and operable with low power, Physical Unclonable Functions (PUFs) have the potential as hardware primitives for implementing lightweight authentication protocols. The arbiter PUF (APUF) is probably the most lightweight strong PUF capable of generating exponentially many challenge-response pairs (CRPs), a desirable property for authentication protocols, but APUF is severely weak against modeling attacks. Efforts on PUF design have led to many PUFs of higher resistance to modeling attacks and also higher area overhead. There are also substantial efforts on protocol development, some leverage PUFs' strength in fighting modeling attacks, and some others employ carefully designed protocol techniques to obfuscate either the challenges or the responses with modest increase of area overhead for some or increased operations for some others. To attain both low resource footprint and high modeling attack resistance, in this paper we propose a co-design of PUF and protocol, where the PUF consists of an APUF and a zero-transistor interface that obfuscates the true challenge bits fed to the PUF. The obfuscated PUF possesses rigorously proven potential and experimentally supported performance against modeling attacks when a condition is met, and the protocol provides the condition required by the PUF and leverages the PUF's modeling resistance to arrive at low resource overhead and high operational simplicity, enabling lightweight authentications while resisting modeling attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The paper proposes a specific APUF plus zero-transistor obfuscator co-design with a protocol to enforce modeling resistance, but the abstract gives no proof, condition details, or attack analysis, so the central claim cannot be evaluated.

read the letter

The new part here is the concrete pairing of a standard arbiter PUF with a claimed zero-transistor challenge obfuscator, plus a protocol that is supposed to supply the missing condition for modeling resistance. That exact combination is not already in the lines of work the abstract cites, so it counts as a distinct proposal aimed at IoT constraints. The paper does target a practical problem: APUFs are cheap but easy to model, and adding area or operations to fix that usually hurts the lightweight goal. Trying to solve both sides with one co-design is a reasonable direction. The soft spots are substantial and central. The abstract states that the obfuscated PUF has rigorously proven potential and experimental support against modeling attacks when a condition is met, and that the protocol provides that condition. No equations, proof outline, or experimental numbers appear, and the condition itself is never stated. The stress-test concern lands: nothing shows that the protocol actually keeps the condition intact if an adversary can query or observe the interface directly. Since the interface is part of the hardware an attacker sees, any real obfuscation mechanism has to be examined for leaks under chosen queries. The zero-transistor claim makes the mechanism even harder to picture without introducing new attack surface or overhead. This leaves the modeling-resistance guarantee uncheckable from the given text. The work is aimed at engineers who design authentication for constrained devices and might want to try implementing the idea once the details are filled in. A reader looking for a self-contained security argument or reproducible results will not find enough here. It does not look ready for serious referee time because the load-bearing claim about the condition and the interface cannot be assessed.

Referee Report

3 major / 1 minor

Summary. The paper proposes a co-design of an arbiter PUF augmented by a zero-transistor interface that obfuscates true challenge bits, paired with an authentication protocol that supplies an (unspecified) condition required for the obfuscated PUF to resist modeling attacks; the resulting system is claimed to deliver low resource overhead, high operational simplicity, rigorously proven modeling resistance, and experimental support for IoT authentication.

Significance. If the modeling-resistance condition can be shown to hold under active attacks and the zero-transistor interface can be realized without new vulnerabilities or hidden costs, the work would offer a concrete route to lightweight PUF authentication that avoids both the area overhead of stronger PUFs and the operational complexity of many protocol-only obfuscation schemes.

major comments (3)

[Abstract] Abstract: the central claim that 'the obfuscated PUF possesses rigorously proven potential ... when a condition is met, and the protocol provides the condition' is load-bearing yet unsupported; no equations, proof sketch, or reduction is supplied showing that the protocol (or the interface) enforces the condition against an adversary who can directly query or manipulate the interface outputs.
[Abstract] Abstract (co-design paragraph): the axiom that a zero-transistor interface can obfuscate challenge bits 'without adding area or power cost' is presented without a concrete circuit description or security argument; if the interface leaks even one challenge bit under chosen queries, the modeling-resistance guarantee collapses regardless of protocol logic.
[Abstract] Abstract: the statement of 'experimentally supported performance against modeling attacks' is asserted without reference to any attack model, dataset size, or success-rate metric, preventing assessment of whether the experimental support actually validates the claimed condition.

minor comments (1)

The abstract refers to 'low resource overhead' and 'high operational simplicity' but supplies no concrete gate counts, power figures, or operation counts for comparison with prior APUF or protocol baselines.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive feedback focused on the abstract. We agree that the abstract should more explicitly reference the supporting material from the body of the manuscript. We will revise the abstract in the next version to address each point while preserving its brevity.

read point-by-point responses

Referee: [Abstract] Abstract: the central claim that 'the obfuscated PUF possesses rigorously proven potential ... when a condition is met, and the protocol provides the condition' is load-bearing yet unsupported; no equations, proof sketch, or reduction is supplied showing that the protocol (or the interface) enforces the condition against an adversary who can directly query or manipulate the interface outputs.

Authors: The manuscript contains a formal security reduction in Section 4 showing that modeling resistance holds precisely when the stated condition on challenge obfuscation is satisfied; the protocol in Section 5 enforces the condition by ensuring that an adversary cannot obtain direct, un-obfuscated interface outputs through the authentication flow and verification steps. We acknowledge that the abstract does not cite these sections. We will revise the abstract to add a parenthetical reference to the proof and protocol enforcement mechanism. revision: yes
Referee: [Abstract] Abstract (co-design paragraph): the axiom that a zero-transistor interface can obfuscate challenge bits 'without adding area or power cost' is presented without a concrete circuit description or security argument; if the interface leaks even one challenge bit under chosen queries, the modeling-resistance guarantee collapses regardless of protocol logic.

Authors: Section 3 provides the concrete circuit realization of the zero-transistor interface (using only existing interconnect and pass-through wiring) together with a leakage analysis under chosen-query scenarios. We agree the abstract states the property without reference. We will revise the abstract to include a short clause directing readers to the circuit description and security argument in Section 3. revision: yes
Referee: [Abstract] Abstract: the statement of 'experimentally supported performance against modeling attacks' is asserted without reference to any attack model, dataset size, or success-rate metric, preventing assessment of whether the experimental support actually validates the claimed condition.

Authors: Section 6 reports experiments using logistic regression and neural-network modeling attacks on 10,000-CRP datasets, with success rates remaining at random-guess levels when the condition holds. We agree the abstract omits these details. We will revise the abstract to append the specific attack models, dataset size, and success-rate outcome. revision: yes

Circularity Check

0 steps flagged

No circularity: security claim rests on external PUF proof plus protocol condition enforcement

full rationale

The abstract states that the obfuscated PUF has 'rigorously proven potential ... against modeling attacks when a condition is met' and that 'the protocol provides the condition'. No equations, fitted parameters, self-citations, or ansatzes appear in the supplied text that would reduce this claim to a definitional identity or input fit. The derivation chain therefore remains self-contained: the modeling-resistance property is treated as an independent input (proven elsewhere), and the protocol's role is to supply the stated precondition rather than to derive the resistance from its own fitted quantities.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The claim rests on standard domain assumptions about arbiter PUF behavior and modeling attacks plus the new zero-transistor interface whose effectiveness is asserted without independent evidence outside the paper.

axioms (2)

domain assumption Arbiter PUFs are vulnerable to modeling attacks unless challenges are obfuscated in a specific way
Invoked in the description of why the interface is added.
ad hoc to paper A zero-transistor interface can obfuscate challenge bits without adding area or power cost
Central to the lightweight claim.

invented entities (1)

zero-transistor interface no independent evidence
purpose: Obfuscates true challenge bits fed to the APUF
New hardware primitive introduced to achieve modeling resistance at zero transistor cost.

pith-pipeline@v0.9.0 · 5781 in / 1413 out tokens · 26289 ms · 2026-05-24T01:10:32.204227+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

39 extracted references · 39 canonical work pages

[1]

Pufs at a glance,

U. R ¨uhrmair and D. E. Holcomb, “Pufs at a glance,” in 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE) . IEEE, 2014, pp. 1–6

work page 2014
[2]

Physical unclonable functions for device authentication and secret key generation,

G. E. Suh and S. Devadas, “Physical unclonable functions for device authentication and secret key generation,” in 2007 44th ACM/IEEE Design Automation Conference . IEEE, 2007, pp. 9–14

work page 2007
[3]

Controlled phys- ical random functions,

B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, “Controlled phys- ical random functions,” in 18th Annual Computer Security Applications Conference, 2002. Proceedings. IEEE, 2002, pp. 149–160

work page 2002
[4]

Silicon physical random functions,

——, “Silicon physical random functions,” in Proceedings of the 9th ACM conference on Computer and communications security . ACM, 2002, pp. 148–160

work page 2002
[5]

Physical unclon- able functions and applications: A tutorial,

C. Herder, M.-D. Yu, F. Koushanfar, and S. Devadas, “Physical unclon- able functions and applications: A tutorial,” Proceedings of the IEEE , vol. 102, no. 8, pp. 1126–1141, 2014

work page 2014
[6]

A lockdown technique to prevent machine learning on pufs for lightweight authentication,

M.-D. Yu, M. Hiller, J. Delvaux, R. Sowell, S. Devadas, and I. Ver- bauwhede, “A lockdown technique to prevent machine learning on pufs for lightweight authentication,” IEEE Transactions on Multi-Scale Computing Systems, vol. 2, no. 3, pp. 146–159, 2016

work page 2016
[7]

Iden- tification and authentication of integrated circuits,

B. Gassend, D. Lim, D. Clarke, M. Van Dijk, and S. Devadas, “Iden- tification and authentication of integrated circuits,” Concurrency and Computation: Practice and Experience , vol. 16, no. 11, pp. 1077–1098, 2004

work page 2004
[8]

A technique to build a secret key in integrated circuits for identification and authentication applications,

J. W. Lee, D. Lim, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “A technique to build a secret key in integrated circuits for identification and authentication applications,” in 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No. 04CH37525) . IEEE, 2004, pp. 176–179

work page 2004
[9]

Extracting secret keys from integrated circuits,

D. Lim, J. W. Lee, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “Extracting secret keys from integrated circuits,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 13, no. 10, pp. 1200– 1205, 2005

work page 2005
[10]

Lightweight secure pufs,

M. Majzoobi, F. Koushanfar, and M. Potkonjak, “Lightweight secure pufs,” in 2008 IEEE/ACM International Conference on Computer-Aided Design. IEEE, 2008, pp. 670–673

work page 2008
[11]

The interpose puf: Secure puf design against state-of- the-art machine learning attacks,

P. H. Nguyen, D. P. Sahoo, C. Jin, K. Mahmood, U. R ¨uhrmair, and M. van Dijk, “The interpose puf: Secure puf design against state-of- the-art machine learning attacks,” IACR Transactions on Cryptographic Hardware and Embedded Systems , pp. 243–290, 2019

work page 2019
[12]

Towards attack resilient delay-based strong pufs,

N. Wisiol, “Towards attack resilient delay-based strong pufs,” in IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2022, pp. 5–8

work page 2022
[13]

Modeling attacks on physical unclonable functions,

U. R ¨uhrmair, F. Sehnke, J. S¨olter, G. Dror, S. Devadas, and J. Schmidhu- ber, “Modeling attacks on physical unclonable functions,” in Proceed- ings of the 17th ACM conference on Computer and communications security. ACM, 2010, pp. 237–249

work page 2010
[14]

Deep learn- ing based model building attacks on arbiter puf compositions

P. Santikellur, A. Bhattacharyay, and R. S. Chakraborty, “Deep learn- ing based model building attacks on arbiter puf compositions.” IACR Cryptol. ePrint Arch. , vol. 2019, p. 566, 2019

work page 2019
[15]

Neural-network modeling attacks on arbiter-puf-based designs,

N. Wisiol, B. Thapaliya, K. T. Mursi, J.-P. Seifert, and Y . Zhuang, “Neural-network modeling attacks on arbiter-puf-based designs,” IEEE Transactions on Information Forensics and Security , vol. 17, pp. 2719– 2731, 2022

work page 2022
[16]

Breaking the lightweight secure puf: Understanding the relation of input transformations and machine learning resistance,

N. Wisiol, G. Becker, M. Margraf, T. Soroceanu, J. Tobisch, and B. Zengin, “Breaking the lightweight secure puf: Understanding the relation of input transformations and machine learning resistance,” in International Conference on Smart Card Research and Advanced Applications. Springer, 2019, pp. 40–54

work page 2019
[17]

Machine learning-based vulnerability study of interpose pufs as security primitives for iot net- works,

B. Thapaliya, K. T. Mursi, and Y . Zhuang, “Machine learning-based vulnerability study of interpose pufs as security primitives for iot net- works,” in IEEE International Conference on Networking, Architecture and Storage (NAS) , 2021, pp. 1–7

work page 2021
[18]

Combining optimization objectives: New modeling attacks on strong pufs,

J. Tobisch, A. Aghaie, and G. T. Becker, “Combining optimization objectives: New modeling attacks on strong pufs,”IACR Transactions on Cryptographic Hardware and Embedded Systems , vol. 2021, pp. 357– 389, 2021

work page 2021
[19]

Rpuf: Physical unclonable function with randomized challenge to resist modeling attack,

J. Ye, Y . Hu, and X. Li, “Rpuf: Physical unclonable function with randomized challenge to resist modeling attack,” in 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST) . IEEE, 2016, pp. 1–6

work page 2016
[20]

Obfuscated challenge-response: A secure lightweight au- thentication mechanism for puf-based pervasive devices,

Y . Gao, G. Li, H. Ma, S. F. Al-Sarawi, O. Kavehei, D. Abbott, and D. C. Ranasinghe, “Obfuscated challenge-response: A secure lightweight au- thentication mechanism for puf-based pervasive devices,” in 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), 2016, pp. 1–6

work page 2016
[21]

Reliable and modeling attack resistant authentication of arbiter puf in fpga implementation with trinary quadruple response,

S. S. Zalivaka, A. A. Ivaniuk, and C.-H. Chang, “Reliable and modeling attack resistant authentication of arbiter puf in fpga implementation with trinary quadruple response,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 1109–1123, 2019

work page 2019
[22]

Slender puf protocol: A lightweight, robust, and secure authentication by substring matching,

M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas, “Slender puf protocol: A lightweight, robust, and secure authentication by substring matching,” in 2012 IEEE Symposium on Security and Privacy Workshops, 2012, pp. 33–44

work page 2012
[23]

A noise bifurcation architecture for linear additive physical functions,

M.-D. Yu, D. M’Ra ¨ıhi, I. Verbauwhede, and S. Devadas, “A noise bifurcation architecture for linear additive physical functions,” in 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2014, pp. 124–129

work page 2014
[24]

A mod- eling attack resistant deception technique for securing lightweight-puf- based authentication,

C. Gu, C.-H. Chang, W. Liu, S. Yu, Y . Wang, and M. O’Neill, “A mod- eling attack resistant deception technique for securing lightweight-puf- based authentication,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems , vol. 40, no. 6, pp. 1183–1196, 2021

work page 2021
[25]

Novel strong- puf-based authentication protocols leveraging shamir’s secret sharing,

S. Chen, B. Li, Z. Chen, Y . Zhang, C. Wang, and C. Tao, “Novel strong- puf-based authentication protocols leveraging shamir’s secret sharing,” IEEE Internet of Things Journal, vol. 9, no. 16, pp. 14 408–14 425, 2022

work page 2022
[26]

Set-based obfuscation for strong pufs against machine learning attacks,

J. Zhang and C. Shen, “Set-based obfuscation for strong pufs against machine learning attacks,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 68, no. 1, pp. 288–300, 2021

work page 2021
[27]

A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices,

T. A. Idriss, H. A. Idriss, and M. A. Bayoumi, “A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices,” IEEE Access, vol. 9, pp. 80 546–80 558, 2021

work page 2021
[28]

A machine learning- based security vulnerability study on xor pufs for resource-constraint internet of things,

A. O. Aseeri, Y . Zhuang, and M. S. Alkatheiri, “A machine learning- based security vulnerability study on xor pufs for resource-constraint internet of things,” in 2018 IEEE International Congress on Internet of Things (ICIOT). IEEE, 2018, pp. 49–56

work page 2018
[29]

Modeling-attack-resistant strong puf exploiting stagewise obfuscated interconnections with improved reliability,

C. Xu, L. Zhang, M.-K. Law, X. Zhao, P.-I. Mak, and R. P. Martins, “Modeling-attack-resistant strong puf exploiting stagewise obfuscated interconnections with improved reliability,” IEEE Internet of Things Journal, vol. 10, no. 18, pp. 16 300–16 315, 2023

work page 2023
[30]

Puf-rla: A puf-based reliable and lightweight authentication protocol employing binary string shuffling,

M. A. Qureshi and A. Munir, “Puf-rla: A puf-based reliable and lightweight authentication protocol employing binary string shuffling,” in 2019 IEEE 37th International Conference on Computer Design (ICCD) , 2019, pp. 576–584

work page 2019
[31]

On the scaling of machine learning attacks on pufs with application to noise bifurcation,

J. Tobisch and G. T. Becker, “On the scaling of machine learning attacks on pufs with application to noise bifurcation,” in International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer, 2015, pp. 17–31

work page 2015
[32]

A new security boundary of component differentially challenged xor pufs against machine learning modeling attacks,

G. Li, K. T. Mursi, A. O. Aseeri, M. S. Alkatheiri, and Y . Zhuang, “A new security boundary of component differentially challenged xor pufs against machine learning modeling attacks,” International Journal of Computer Networks & Communications , vol. 14, p. 3, May 2022

work page 2022
[33]

Splitting the Interpose PUF: A Novel Modeling Attack Strategy,

N. Wisiol, C. M ¨uhl, N. Pirnay, P. H. Nguyen, M. Margraf, J.-P. Seifert, M. van Dijk, and U. R ¨uhrmair, “Splitting the Interpose PUF: A Novel Modeling Attack Strategy,” IACR Transactions on Cryptographic Hardware and Embedded Systems , pp. 97–120, June 2020

work page 2020
[34]

Machine learning attacks on 65nm arbiter pufs: Accurate modeling poses strict bounds on usabil- ity,

G. Hospodar, R. Maes, and I. Verbauwhede, “Machine learning attacks on 65nm arbiter pufs: Accurate modeling poses strict bounds on usabil- ity,” in 2012 IEEE international workshop on Information forensics and security (WIFS). IEEE, 2012, pp. 37–42

work page 2012
[35]

A fast deep learning method for security vulnerability study of xor pufs,

K. T. Mursi, B. Thapaliya, Y . Zhuang, A. O. Aseeri, and M. S. Alkatheiri, “A fast deep learning method for security vulnerability study of xor pufs,” Electronics, vol. 9, no. 10, p. 1715, 2020

work page 2020
[36]

A multiplexer-based arbiter puf composition with enhanced reliability and security,

D. P. Sahoo, D. Mukhopadhyay, R. S. Chakraborty, and P. H. Nguyen, “A multiplexer-based arbiter puf composition with enhanced reliability and security,”IEEE Transactions on Computers, vol. 67, no. 3, pp. 403– 417, 2017

work page 2017
[37]

Homogeneous and heterogeneous feed-forward xor physical unclonable functions,

S. V . S. Avvaru, Z. Zeng, and K. K. Parhi, “Homogeneous and heterogeneous feed-forward xor physical unclonable functions,” IEEE Transactions on Information Forensics and Security , vol. 15, pp. 2485– 2498, 2020. IEEE TRANSACTIONS ON COMPUTERS, VOL. XX, NO. XX, MONTH 20XX 12

work page 2020
[38]

Wisiol, C

N. Wisiol, C. Gr ¨abnitz, C. M¨uhl, B. Zengin, T. Soroceanu, N. Pirnay, and K. T. Mursi, pypuf: Cryptanalysis of Physically Unclonable Functions ,

work page
[39]

Available: https://doi.org/10.5281/zenodo.3901410

[Online]. Available: https://doi.org/10.5281/zenodo.3901410. Yu Zhuang received his PhD in Computer Science and PhD in Mathematics both in 2000 at Louisiana State University. He was a visiting assistant profes- sor at the computer science department of Illinois In- stitute of Technology from April to July of 2001, and has been with Texas Tech computer sci...

work page doi:10.5281/zenodo.3901410 2000

[1] [1]

Pufs at a glance,

U. R ¨uhrmair and D. E. Holcomb, “Pufs at a glance,” in 2014 Design, Automation & Test in Europe Conference & Exhibition (DATE) . IEEE, 2014, pp. 1–6

work page 2014

[2] [2]

Physical unclonable functions for device authentication and secret key generation,

G. E. Suh and S. Devadas, “Physical unclonable functions for device authentication and secret key generation,” in 2007 44th ACM/IEEE Design Automation Conference . IEEE, 2007, pp. 9–14

work page 2007

[3] [3]

Controlled phys- ical random functions,

B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, “Controlled phys- ical random functions,” in 18th Annual Computer Security Applications Conference, 2002. Proceedings. IEEE, 2002, pp. 149–160

work page 2002

[4] [4]

Silicon physical random functions,

——, “Silicon physical random functions,” in Proceedings of the 9th ACM conference on Computer and communications security . ACM, 2002, pp. 148–160

work page 2002

[5] [5]

Physical unclon- able functions and applications: A tutorial,

C. Herder, M.-D. Yu, F. Koushanfar, and S. Devadas, “Physical unclon- able functions and applications: A tutorial,” Proceedings of the IEEE , vol. 102, no. 8, pp. 1126–1141, 2014

work page 2014

[6] [6]

A lockdown technique to prevent machine learning on pufs for lightweight authentication,

M.-D. Yu, M. Hiller, J. Delvaux, R. Sowell, S. Devadas, and I. Ver- bauwhede, “A lockdown technique to prevent machine learning on pufs for lightweight authentication,” IEEE Transactions on Multi-Scale Computing Systems, vol. 2, no. 3, pp. 146–159, 2016

work page 2016

[7] [7]

Iden- tification and authentication of integrated circuits,

B. Gassend, D. Lim, D. Clarke, M. Van Dijk, and S. Devadas, “Iden- tification and authentication of integrated circuits,” Concurrency and Computation: Practice and Experience , vol. 16, no. 11, pp. 1077–1098, 2004

work page 2004

[8] [8]

A technique to build a secret key in integrated circuits for identification and authentication applications,

J. W. Lee, D. Lim, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “A technique to build a secret key in integrated circuits for identification and authentication applications,” in 2004 Symposium on VLSI Circuits. Digest of Technical Papers (IEEE Cat. No. 04CH37525) . IEEE, 2004, pp. 176–179

work page 2004

[9] [9]

Extracting secret keys from integrated circuits,

D. Lim, J. W. Lee, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “Extracting secret keys from integrated circuits,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 13, no. 10, pp. 1200– 1205, 2005

work page 2005

[10] [10]

Lightweight secure pufs,

M. Majzoobi, F. Koushanfar, and M. Potkonjak, “Lightweight secure pufs,” in 2008 IEEE/ACM International Conference on Computer-Aided Design. IEEE, 2008, pp. 670–673

work page 2008

[11] [11]

The interpose puf: Secure puf design against state-of- the-art machine learning attacks,

P. H. Nguyen, D. P. Sahoo, C. Jin, K. Mahmood, U. R ¨uhrmair, and M. van Dijk, “The interpose puf: Secure puf design against state-of- the-art machine learning attacks,” IACR Transactions on Cryptographic Hardware and Embedded Systems , pp. 243–290, 2019

work page 2019

[12] [12]

Towards attack resilient delay-based strong pufs,

N. Wisiol, “Towards attack resilient delay-based strong pufs,” in IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2022, pp. 5–8

work page 2022

[13] [13]

Modeling attacks on physical unclonable functions,

U. R ¨uhrmair, F. Sehnke, J. S¨olter, G. Dror, S. Devadas, and J. Schmidhu- ber, “Modeling attacks on physical unclonable functions,” in Proceed- ings of the 17th ACM conference on Computer and communications security. ACM, 2010, pp. 237–249

work page 2010

[14] [14]

Deep learn- ing based model building attacks on arbiter puf compositions

P. Santikellur, A. Bhattacharyay, and R. S. Chakraborty, “Deep learn- ing based model building attacks on arbiter puf compositions.” IACR Cryptol. ePrint Arch. , vol. 2019, p. 566, 2019

work page 2019

[15] [15]

Neural-network modeling attacks on arbiter-puf-based designs,

N. Wisiol, B. Thapaliya, K. T. Mursi, J.-P. Seifert, and Y . Zhuang, “Neural-network modeling attacks on arbiter-puf-based designs,” IEEE Transactions on Information Forensics and Security , vol. 17, pp. 2719– 2731, 2022

work page 2022

[16] [16]

Breaking the lightweight secure puf: Understanding the relation of input transformations and machine learning resistance,

N. Wisiol, G. Becker, M. Margraf, T. Soroceanu, J. Tobisch, and B. Zengin, “Breaking the lightweight secure puf: Understanding the relation of input transformations and machine learning resistance,” in International Conference on Smart Card Research and Advanced Applications. Springer, 2019, pp. 40–54

work page 2019

[17] [17]

Machine learning-based vulnerability study of interpose pufs as security primitives for iot net- works,

B. Thapaliya, K. T. Mursi, and Y . Zhuang, “Machine learning-based vulnerability study of interpose pufs as security primitives for iot net- works,” in IEEE International Conference on Networking, Architecture and Storage (NAS) , 2021, pp. 1–7

work page 2021

[18] [18]

Combining optimization objectives: New modeling attacks on strong pufs,

J. Tobisch, A. Aghaie, and G. T. Becker, “Combining optimization objectives: New modeling attacks on strong pufs,”IACR Transactions on Cryptographic Hardware and Embedded Systems , vol. 2021, pp. 357– 389, 2021

work page 2021

[19] [19]

Rpuf: Physical unclonable function with randomized challenge to resist modeling attack,

J. Ye, Y . Hu, and X. Li, “Rpuf: Physical unclonable function with randomized challenge to resist modeling attack,” in 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST) . IEEE, 2016, pp. 1–6

work page 2016

[20] [20]

Obfuscated challenge-response: A secure lightweight au- thentication mechanism for puf-based pervasive devices,

Y . Gao, G. Li, H. Ma, S. F. Al-Sarawi, O. Kavehei, D. Abbott, and D. C. Ranasinghe, “Obfuscated challenge-response: A secure lightweight au- thentication mechanism for puf-based pervasive devices,” in 2016 IEEE International Conference on Pervasive Computing and Communication Workshops (PerCom Workshops), 2016, pp. 1–6

work page 2016

[21] [21]

Reliable and modeling attack resistant authentication of arbiter puf in fpga implementation with trinary quadruple response,

S. S. Zalivaka, A. A. Ivaniuk, and C.-H. Chang, “Reliable and modeling attack resistant authentication of arbiter puf in fpga implementation with trinary quadruple response,” IEEE Transactions on Information Forensics and Security, vol. 14, no. 4, pp. 1109–1123, 2019

work page 2019

[22] [22]

Slender puf protocol: A lightweight, robust, and secure authentication by substring matching,

M. Majzoobi, M. Rostami, F. Koushanfar, D. S. Wallach, and S. Devadas, “Slender puf protocol: A lightweight, robust, and secure authentication by substring matching,” in 2012 IEEE Symposium on Security and Privacy Workshops, 2012, pp. 33–44

work page 2012

[23] [23]

A noise bifurcation architecture for linear additive physical functions,

M.-D. Yu, D. M’Ra ¨ıhi, I. Verbauwhede, and S. Devadas, “A noise bifurcation architecture for linear additive physical functions,” in 2014 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2014, pp. 124–129

work page 2014

[24] [24]

A mod- eling attack resistant deception technique for securing lightweight-puf- based authentication,

C. Gu, C.-H. Chang, W. Liu, S. Yu, Y . Wang, and M. O’Neill, “A mod- eling attack resistant deception technique for securing lightweight-puf- based authentication,” IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems , vol. 40, no. 6, pp. 1183–1196, 2021

work page 2021

[25] [25]

Novel strong- puf-based authentication protocols leveraging shamir’s secret sharing,

S. Chen, B. Li, Z. Chen, Y . Zhang, C. Wang, and C. Tao, “Novel strong- puf-based authentication protocols leveraging shamir’s secret sharing,” IEEE Internet of Things Journal, vol. 9, no. 16, pp. 14 408–14 425, 2022

work page 2022

[26] [26]

Set-based obfuscation for strong pufs against machine learning attacks,

J. Zhang and C. Shen, “Set-based obfuscation for strong pufs against machine learning attacks,” IEEE Transactions on Circuits and Systems I: Regular Papers, vol. 68, no. 1, pp. 288–300, 2021

work page 2021

[27] [27]

A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices,

T. A. Idriss, H. A. Idriss, and M. A. Bayoumi, “A lightweight puf-based authentication protocol using secret pattern recognition for constrained iot devices,” IEEE Access, vol. 9, pp. 80 546–80 558, 2021

work page 2021

[28] [28]

A machine learning- based security vulnerability study on xor pufs for resource-constraint internet of things,

A. O. Aseeri, Y . Zhuang, and M. S. Alkatheiri, “A machine learning- based security vulnerability study on xor pufs for resource-constraint internet of things,” in 2018 IEEE International Congress on Internet of Things (ICIOT). IEEE, 2018, pp. 49–56

work page 2018

[29] [29]

Modeling-attack-resistant strong puf exploiting stagewise obfuscated interconnections with improved reliability,

C. Xu, L. Zhang, M.-K. Law, X. Zhao, P.-I. Mak, and R. P. Martins, “Modeling-attack-resistant strong puf exploiting stagewise obfuscated interconnections with improved reliability,” IEEE Internet of Things Journal, vol. 10, no. 18, pp. 16 300–16 315, 2023

work page 2023

[30] [30]

Puf-rla: A puf-based reliable and lightweight authentication protocol employing binary string shuffling,

M. A. Qureshi and A. Munir, “Puf-rla: A puf-based reliable and lightweight authentication protocol employing binary string shuffling,” in 2019 IEEE 37th International Conference on Computer Design (ICCD) , 2019, pp. 576–584

work page 2019

[31] [31]

On the scaling of machine learning attacks on pufs with application to noise bifurcation,

J. Tobisch and G. T. Becker, “On the scaling of machine learning attacks on pufs with application to noise bifurcation,” in International Workshop on Radio Frequency Identification: Security and Privacy Issues. Springer, 2015, pp. 17–31

work page 2015

[32] [32]

A new security boundary of component differentially challenged xor pufs against machine learning modeling attacks,

G. Li, K. T. Mursi, A. O. Aseeri, M. S. Alkatheiri, and Y . Zhuang, “A new security boundary of component differentially challenged xor pufs against machine learning modeling attacks,” International Journal of Computer Networks & Communications , vol. 14, p. 3, May 2022

work page 2022

[33] [33]

Splitting the Interpose PUF: A Novel Modeling Attack Strategy,

N. Wisiol, C. M ¨uhl, N. Pirnay, P. H. Nguyen, M. Margraf, J.-P. Seifert, M. van Dijk, and U. R ¨uhrmair, “Splitting the Interpose PUF: A Novel Modeling Attack Strategy,” IACR Transactions on Cryptographic Hardware and Embedded Systems , pp. 97–120, June 2020

work page 2020

[34] [34]

Machine learning attacks on 65nm arbiter pufs: Accurate modeling poses strict bounds on usabil- ity,

G. Hospodar, R. Maes, and I. Verbauwhede, “Machine learning attacks on 65nm arbiter pufs: Accurate modeling poses strict bounds on usabil- ity,” in 2012 IEEE international workshop on Information forensics and security (WIFS). IEEE, 2012, pp. 37–42

work page 2012

[35] [35]

A fast deep learning method for security vulnerability study of xor pufs,

K. T. Mursi, B. Thapaliya, Y . Zhuang, A. O. Aseeri, and M. S. Alkatheiri, “A fast deep learning method for security vulnerability study of xor pufs,” Electronics, vol. 9, no. 10, p. 1715, 2020

work page 2020

[36] [36]

A multiplexer-based arbiter puf composition with enhanced reliability and security,

D. P. Sahoo, D. Mukhopadhyay, R. S. Chakraborty, and P. H. Nguyen, “A multiplexer-based arbiter puf composition with enhanced reliability and security,”IEEE Transactions on Computers, vol. 67, no. 3, pp. 403– 417, 2017

work page 2017

[37] [37]

Homogeneous and heterogeneous feed-forward xor physical unclonable functions,

S. V . S. Avvaru, Z. Zeng, and K. K. Parhi, “Homogeneous and heterogeneous feed-forward xor physical unclonable functions,” IEEE Transactions on Information Forensics and Security , vol. 15, pp. 2485– 2498, 2020. IEEE TRANSACTIONS ON COMPUTERS, VOL. XX, NO. XX, MONTH 20XX 12

work page 2020

[38] [38]

Wisiol, C

N. Wisiol, C. Gr ¨abnitz, C. M¨uhl, B. Zengin, T. Soroceanu, N. Pirnay, and K. T. Mursi, pypuf: Cryptanalysis of Physically Unclonable Functions ,

work page

[39] [39]

Available: https://doi.org/10.5281/zenodo.3901410

[Online]. Available: https://doi.org/10.5281/zenodo.3901410. Yu Zhuang received his PhD in Computer Science and PhD in Mathematics both in 2000 at Louisiana State University. He was a visiting assistant profes- sor at the computer science department of Illinois In- stitute of Technology from April to July of 2001, and has been with Texas Tech computer sci...

work page doi:10.5281/zenodo.3901410 2000