Design and Development of an ML/DL Attack Resistance of RC-Based PUF for IoT Security

TL;DR

This paper presents a reconfigurable RC-based PUF that demonstrates strong resistance to ML/DL modeling attacks, ensuring secure IoT authentication with minimal resource overhead.

Contribution

Introduces a novel RC-based PUF architecture that resists ML/DL modeling attacks and maintains high security for resource-constrained IoT devices.

Findings

All ML models failed to accurately predict PUF responses, with test accuracy near random guessing.

The proposed PUF architecture is dynamically reconfigurable, enhancing robustness against adversarial attacks.

The design offers a low-cost, resource-efficient solution for secure IoT device authentication.

Abstract

Physically Unclonable Functions (PUFs) provide promising hardware security for IoT authentication, leveraging inherent randomness suitable for resource constrained environments. However, ML/DL modeling attacks threaten PUF security by learning challenge-response patterns. This work introduces a custom resistor-capacitor (RC) based dynamically reconfigurable PUF using 32-bit challenge-response pairs (CRPs) designed to resist such attacks. We systematically evaluated robustness by generating a CRP dataset and splitting it into training, validation, and test sets. Multiple ML techniques including Artificial Neural Networks (ANN), Gradient Boosted Neural Networks (GBNN), Decision Trees (DT), Random Forests (RF), and XGBoost, were trained to model PUF behavior. While all models achieved 100% training accuracy, test performance remained near random guessing: 51.05% (ANN), 53.27% (GBNN), 50.06% (DT), 52.08% (RF), and 50.97% (XGBoost). These results demonstrate the proposed PUF's strong resistance to ML-driven modeling attacks, as advanced algorithms fail to reproduce accurate responses. The dynamically reconfigurable architecture enhances robustness against adversarial threats with minimal resource overhead. This simple RC-PUF offers an effective, low-cost alternative to complex encryption for securing next-generation IoT authentication against machine learning-based threats, ensuring reliable device verification without compromising computational efficiency or scalability in deployed IoT networks.