Memory-based physical unclonable functions (mPUFs) are widely accepted as highly secure because of the unclonable and immutable nature of manufacturer process variations. Although numerous successful attacks have been proposed against PUFs, mPUFs are resistant to non-invasive attacks as the mPUF does not support the open-access protocol. Hence, existing attacks against mPUFs mostly rely on invasive/semi-invasive techniques or at least require physical access to the target device, which is not always feasible. In this paper, we experimentally demonstrate that signatures generated from two memory chips may have highly correlated properties if they possess the same set of specifications and a similar manufacturing facility, which is used to mount a non-invasive attack against memory-based PUFs. Our proposed technique shows that if an attacker has access to a device similar to the victim's one, the attacker might be able to guess up to ~45% of the challenge-response pairs of a 64-bit SRAM PUF.

中文翻译：

---

基于内存的 PUF 也容易受到攻击：针对 SRAM PUF 的非侵入式攻击


由于制造商工艺变化的不可克隆和不可变性质，基于内存的物理不可克隆函数 (mPUF) 被广泛认为是高度安全的。尽管针对 PUF 提出了许多成功的攻击，但由于 mPUF 不支持开放访问协议，因此 mPUF 可以抵抗非侵入性攻击。因此，现有针对 mPUF 的攻击大多依赖于侵入式/半侵入式技术，或者至少需要对目标设备进行物理访问，但这并不总是可行。在本文中，我们通过实验证明，如果两个内存芯片具有相同的规格集和相似的制造设施，则它们生成的签名可能具有高度相关的属性，用于对基于内存的 PUF 发起非侵入式攻击。我们提出的技术表明，如果攻击者能够访问与受害者的设备类似的设备，则攻击者可能能够猜测 64 位 SRAM PUF 的质询-响应对的大约 45%。