Memory-Based PUFs are Vulnerable as Well: A Non-Invasive Attack Against SRAM PUFs

Memory-based physical unclonable functions (mPUFs) are widely accepted as highly secure because of the unclonable and immutable nature of manufacturer process variations. Although numerous successful attacks have been proposed against PUFs, mPUFs are resistant to non-invasive attacks as the mPUF does not support the open-access protocol. Hence, existing attacks against mPUFs mostly rely on invasive/semi-invasive techniques or at least require physical access to the target device, which is not always feasible. In this paper, we experimentally demonstrate that signatures generated from two memory chips may have highly correlated properties if they possess the same set of specifications and a similar manufacturing facility, which is used to mount a non-invasive attack against memory-based PUFs. Our proposed technique shows that if an attacker has access to a device similar to the victim’s one, the attacker might be able to guess up to ~45% of the challenge-response pairs of a 64-bit SRAM PUF.

Recommended citation: Bahar Talukder, B. M. S., Ferdaus, F., & Rahman, M. T. (2021). "Memory-Based PUFs are Vulnerable as Well: A Non-Invasive Attack Against SRAM PUFs." IEEE Transactions on Information Forensics and Security. 16, 4035-4049.