Noise-Resilient Neural Network-Based Adversarial Attack Modeling for XOR Physical Unclonable Functions


  • Ahmad Aseeri Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam bin Abdulaziz University, Al-Kharj 11942, Saudi Arabia



Authentication, Internet of Things, Physical Unclonable Functions, Hardware Security, Neural Networks


Authentication plays an essential role in preventing unauthorized access to data and resources on the Internet of Things. Classical security mechanisms fall short of achieving security requirements against many physical attacks due to the resource-constraint nature of IoT devices. Physical Unclonable Functions (PUFs) have been successfully used for lightweight security applications such as devices authentication and secret key generation. PUFs utilize the inevitable variation of integrated circuits during the fabrication process to produce unique responses for individual PUF, hence not reproducible even by the manufacturer itself. However, PUFs are mathematically cloneable by machine learning-based methods. XOR arbiter PUFs are one group of PUFs that can withstand existing attack methods unless exceedingly long training time and large dataset size are applied. In this paper, large-sized XOR PUFs with 64-bit and 128-bit challenges were efficiently and effectively attacked using a carefully engineered neural network-based method. Our fine-tuned neural network-based adversarial models achieve 99% prediction accuracy on noise-free datasets and as low as 96% prediction accuracy on noisy datasets, using up to 55% smaller dataset size compared to existing works known to us. Revealing such vulnerabilities is essential for PUF developers to re-evaluate existing PUF designs, hence avoiding potential risks for IoT devices.


Download data is not yet available.

Author Biography

Ahmad Aseeri, Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam bin Abdulaziz University, Al-Kharj 11942, Saudi Arabia

Ahmad O. Aseeri is currently an Assistant Professor at the Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam bin Abdulaziz University, Saudi Arabia. He received his B.Ed. in Computing from King Saud University, Saudi Arabia; M.Sc. in Computer Science from University of Wisconsin-Milwaukee, United States; and Ph.D. in Computer Science from Texas Tech University, United States. Dr. Aseeri’s research interest is in the field of Artificial Intelligence (AI), having the main focus in the area of (1) Deep Learning: with application to neural networkbased risk analysis, natural language processing (NLP), and computer vision, (2) Data Mining: with application to clustering techniques including bisecting K-means clustering (BKM), limited-iteration bisecting K-means (LIBKM), and memory-aware clustering algorithms. He also has a research interest in applied deep learning for medical applications.


Yousra Alkabani, Farinaz Koushanfar, Negar Kiyavash, and Miodrag

Potkonjak. Trusted integrated circuits: A nondestructive hidden characteristics

extraction approach. In International Workshop on Information

Hiding, pages 102–117. Springer, 2008.

Mohammed Saeed Alkatheiri and Yu Zhuang. Towards fast and accurate

machine learning attacks of feed-forward arbiter pufs. In Dependable

and Secure Computing, 2017 IEEE Conference on, pages 181–187.

IEEE, 2017.

Frederik Armknecht, Roel Maes, Ahmad-Reza Sadeghi, Francois-

Xavier Standaert, and Christian Wachsmann. A formalization of the

security features of physical functions. In 2011 IEEE Symposium on

Security and Privacy, pages 397–412. IEEE, 2011.

Ahmad O. Aseeri, Yu Zhuang, and Mohammed Saeed Alkatheiri. A

machine learning-based security vulnerability study on xor pufs for

resource-constraint internet of things. In 2018 IEEE International

Congress on Internet of Things (ICIOT), pages 49–56. IEEE, 2018.

Georg T. Becker. The gap between promise and reality: On the insecurity

of xor arbiter pufs. In International Workshop on Cryptographic

Hardware and Embedded Systems, pages 535–555. Springer, 2015.

Urbi Chatterjee, Rajat Subhra Chakraborty, Hitesh Kapoor, and Debdeep

Mukhopadhyay. Theory and application of delay constraints

in arbiter puf. ACM Transactions on Embedded Computing Systems

(TECS), 15(1):10, 2016.

Franc¸ois Chollet et al. Keras, 2015.

John Duchi, Elad Hazan, and Yoram Singer. Adaptive subgradient

methods for online learning and stochastic optimization. Journal of

Machine Learning Research, 12(Jul):2121–2159, 2011.

Jean-Pierre Seifert Fatemeh Ganji, and Shahin Tajik. A fourier analysis

based attack against physically unclonable functions. Springer, 2018.

Fatemeh Ganji, Shahin Tajik, and Jean-Pierre Seifert. Why attackers

win: on the learnability of xor arbiter pufs. In International Conference

on Trust and Trustworthy Computing, pages 22–39. Springer, 2015.

Blaise Gassend, Dwaine Clarke, Marten Van Dijk, and Srinivas

Devadas. Silicon physical random functions. In Proceedings of the

th ACM Conference on Computer and Communications Security, pages

–160. ACM, 2002.

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. Delving

deep into rectifiers: Surpassing human-level performance on imagenet

classification. In Proceedings of the IEEE International Conference on

Computer Vision, pages 1026–1034, 2015.

Charles Herder, Meng-Day Yu, Farinaz Koushanfar, and Srinivas

Devadas. Physical unclonable functions and applications: A tutorial.

Proceedings of the IEEE, 102(8):1126–1141, 2014.

Jack Kiefer, Jacob Wolfowitz, et al. Stochastic estimation of the maximum

of a regression function. The Annals of Mathematical Statistics,

(3):462–466, 1952.

Diederik Kingma and Jimmy Ba. Adam: A method for stochastic

optimization. arXiv preprint arXiv:1412.6980, 2014.

Oluwasanmi O. Koyejo, Nagarajan Natarajan, Pradeep K. Ravikumar,

and Inderjit S. Dhillon. Consistent binary classification with generalized

performance metrics. In Advances in Neural Information Processing

Systems, pages 2744–2752, 2014.

Daihyun Lim, Jae W. Lee, Blaise Gassend, G. Edward Suh, Marten

Van Dijk, and Srinivas Devadas. Extracting secret keys from integrated

circuits. IEEE Transactions on Very Large Scale Integration (VLSI)

Systems, 13(10):1200–1205, 2005.

Keith Lofstrom,W. Robert Daasch, and Donald Taylor. Ic identification

circuit using device mismatch. In 2000 IEEE International Solid-State

Circuits Conference. Digest of Technical Papers (Cat. No. 00CH37056),

pages 372–373. IEEE, 2000.

Ravikanth Pappu, Ben Recht, Jason Taylor, and Neil Gershenfeld.

Physical one-way functions. Science, 297(5589):2026–2030, 2002.

Ulrich Ruhrmair and Daniel E Holcomb. Pufs at a glance. In Design,

Automation and Test in Europe Conference and Exhibition (DATE),

, pages 1–6. IEEE, 2014.

Ulrich R¨uhrmair, Frank Sehnke, Jan S¨olter, Gideon Dror, Srinivas

Devadas, and J¨urgen Schmidhuber. Modeling attacks on physical

unclonable functions. In Proceedings of the 17th ACM Conference on

Computer and Communications Security, pages 237–249. ACM, 2010.

Sergei Petrovich Skorobogatov. Semi-invasive Attacks: A New Approach

to Hardware Security Analysis. PhD thesis, University of Cambridge

Ph. D. dissertation, 2005.

Ashish Srivastava, Dennis Sylvester, and David Blaauw. Statistical

Analysis and Optimization for VLSI: Timing and Power. Springer

Science & Business Media, 2006.

Suh G. Edward and Srinivas Devadas. Physical unclonable functions for

device authentication and secret key generation. In Proceedings of the

th Annual Design Automation Conference, pages 9–14. ACM, 2007.

Johannes Tobisch and Georg T. Becker. On the scaling of machine

learning attacks on pufs with application to noise bifurcation. In International

Workshop on Radio Frequency Identification: Security and

Privacy Issues, pages 17–31. Springer, 2015.

Sying-Jyan Wang, Yu-Shen Chen, and Katherine Shu-Min Li. Adversarial

attack against modeling attack on pufs. In Proceedings of the 56th

Annual Design Automation Conference 2019, page 138. ACM, 2019.

Xiaoxiao Wang and Mohammad Tehranipoor. Novel physical unclonable

function with process and environmental variations. In 2010

Design, Automation & Test in Europe Conference & Exhibition (DATE

, pages 1065–1070. IEEE, 2010.

Yuval Yarom and Katrina Falkner. Flush+ reload: A high resolution,

low noise, l3 cache side-channel attack. In USENIX Security

Symposium, pages 719–732, 2014.

Meng-Day Yu, David M’Ra¨ıhi, Ingrid Verbauwhede, and Srinivas

Devadas. A noise bifurcation architecture for linear additive physical

functions. In 2014 IEEE International Symposium on Hardware-

Oriented Security and Trust (HOST), pages 124–129, May 2014.




How to Cite

Aseeri A. Noise-Resilient Neural Network-Based Adversarial Attack Modeling for XOR Physical Unclonable Functions. JCSANDM [Internet]. 2020 Mar. 27 [cited 2023 Jun. 8];9(2):331–354. Available from: