Memory-based physical unclonable functions (mPUFs) are widely accepted as highly secure because of the unclonable and immutable nature of manufacturer process variations. Although numerous successful attacks have been proposed against PUFs, mPUFs are resistant to non-invasive attacks as the mPUF does not support the open-access protocol. Hence, existing attacks against mPUFs mostly rely on invasive/semi-invasive techniques or at least require physical access to the target device, which is not always feasible. In this paper, we experimentally demonstrate that signatures generated from two memory chips may have highly correlated properties if they possess the same set of specifications and a similar manufacturing facility, which is used to mount a non-invasive attack against memory-based PUFs. Our proposed technique shows that if an attacker has access to a device similar to the victim’s one, the attacker might be able to guess up to ~45% of the challenge-response pairs of a 64-bit SRAM PUF.

中文翻译：

---

基于内存的 PUF 也很脆弱：对 SRAM PUF 的非侵入式攻击

由于制造商过程变化的不可克隆和不可变性质，基于内存的物理不可克隆功能 (mPUF) 被广泛接受为高度安全的。尽管已经提出了许多针对 PUF 的成功攻击，但由于 mPUF 不支持开放访问协议，因此 mPUF 可以抵抗非侵入性攻击。因此，现有的针对 mPUF 的攻击主要依赖于侵入性/半侵入性技术，或者至少需要对目标设备进行物理访问，这并不总是可行的。在本文中，我们通过实验证明，如果两个内存芯片具有相同的规范集和类似的制造设施，则从两个内存芯片生成的签名可能具有高度相关的属性，用于对基于内存的 PUF 发起非侵入性攻击。