Physical Unclonable Functions (PUFs) exploit the manufacturing process variations inherent in silicon-based chips to generate unique secret keys. Although PUFs are supposed to be unclonable or unbreakable, researchers have found that they are vulnerable to machine learning (ML) attacks. In this article, we analyze the vulnerability of different FPGA-based Ring Oscillator PUFs (ROPUFs) to machine learning attacks. The challenge-response pairs (CRPs) data obtained from different ROPUFs is trained using different machine learning algorithms. From the study, it is found that the Artificial Neural Network (ANN) models can be used to train the ROPUFs with a training accuracy of 99.9% and a prediction accuracy of 62% when 5,000 CRPs are used for a challenge-response ROPUF. In this article, we assume a realistic situation where a small set of the CRP dataset (approximately 15% maximum) is unscrupulously obtained by the hacker. A prediction accuracy of 62% makes the PUF vulnerable to machine learning attacks. Therefore, a secondary goal of this article is the design of a ROPUF capable of thwarting machine learning modeling attacks. The modified XOR-inverter ROPUF drastically reduces the prediction accuracy from 62% to 13.1%, thus making it increasingly difficult for hackers to attack the ROPUF.

中文翻译：

---

基于FPGA的环形振荡器PUF的机器学习漏洞分析及对策

物理不可克隆功能 (PUF) 利用硅基芯片固有的制造工艺变化来生成唯一的密钥。尽管 PUF 应该是不可克隆或不可破解的，但研究人员发现它们容易受到机器学习 (ML) 攻击。在本文中，我们分析了不同的基于 FPGA 的环形振荡器 PUF (ROPUF) 对机器学习攻击的脆弱性。使用不同的机器学习算法对从不同 ROPUF 获得的挑战-响应对 (CRP) 数据进行训练。从研究中发现，人工神经网络（ANN）模型可用于训练 ROPUF，当使用 5,000 个 CRP 进行一次训练时，训练准确率为 99.9%，预测准确率为 62%。 挑战-响应ROPUF。在本文中，我们假设了一个现实情况，其中一小部分 CRP 数据集（大约 15% 最大值）被黑客肆无忌惮地获取。62% 的预测准确率使 PUF 容易受到机器学习攻击。因此，本文的第二个目标是设计一种能够阻止机器学习建模攻击的 ROPUF。修改后的异或反相器 ROPUF 将预测准确率从 62% 大幅降低到 13.1%，从而使黑客攻击 ROPUF 变得越来越困难。