Information Theoretic Analysis of PUF-Based Tamper Protection

TL;DR

This paper provides a theoretical analysis of PUF-based tamper protection, establishing fundamental limits and security guarantees using information theory and coding techniques, independent of specific implementations.

Contribution

It introduces a theoretical framework for PUF security analysis, deriving bounds on key rates and PUF size, and applies wiretap coding for enhanced security.

Findings

Lower bounds on key rates depending on attacker capabilities

Minimum PUF cells needed for 128-bit security

Application of wiretap coding for secure key reconstruction

Abstract

Physical Unclonable Functions (PUFs) enable physical tamper protection for high-assurance devices without needing a continuous power supply that is active over the entire lifetime of the device. Several methods for PUF-based tamper protection have been proposed together with practical quantization and error correction schemes. In this work we take a step back from the implementation to analyze theoretical properties and limits. We apply zero leakage output quantization to existing quantization schemes and minimize the reconstruction error probability under zero leakage. We apply wiretap coding within a helper data algorithm to enable a reliable key reconstruction for the legitimate user while guaranteeing a selectable reconstruction complexity for an attacker, analogously to the security level for a cryptographic algorithm for the attacker models considered in this work. We present lower bounds on the achievable key rates depending on the attacker's capabilities in the asymptotic and finite blocklength regime to give fundamental security guarantees even if the attacker gets partial information about the PUF response and the helper data. Furthermore, we present converse bounds on the number of PUF cells. Our results show for example that for a practical scenario one needs at least 459 PUF cells using 3 bit quantization to achieve a security level of 128 bit.