Must authenticate

your sensors so
that tampering
can be detected!

Couldn’t you have

told me earlier?!
Authentication by Secret Questions

Give me your A/C number and SBI31415926535

answer the following questions 1. 05th August 2000
1. What is your date of birth? 2. Mr. Bud Bud
2. What is your pet’s name? 3. err … couldn’t
3. How many marks did you hear you clearly
get in 10th standard exams? 4. None, so give me
4. How many cars do you own? that loan already!
5. …
BANK USER 5. …
Authentication by Secret Questions
Using PUFs

Give me your device ID and TS271828182845

answer the following questions
1. 10111100 1. 1
2. 00110010 2. 0
3. 10001110 3. 1
4. 00010100 4. 0
5. … 5. …
SERVER DEVICE

How to ensure that these

answers are unique and
unpredictable?
Physically Unclonable Functions
0.50ms These tiny differences are
difficult to predict or clone
0.55ms

Then these could act

as the fingerprints
for the devices!
A simple Multiplexer PUF Multiplexers are basically
switching circuits
“select”

0 bit
1

rm
Correct. However, the devices
p ms delay s d do
are consistent, i.e., their delays ela
not change (too much) over time. y

e lay
s d
sm

q ms delay
It is difficult to deliberately
create another mux that
exhibits the same delays
Arbiter PUFs If the top signal reaches the finish line first,
the “answer” to this question is 0, else if the
bottom signal reaches first, the “answer” is 1

Question: 1011

1 0 1 1

?
Arbiter PUFs If the top signal reaches the finish line first,
the “answer” to this question is 0, else if the
bottom signal reaches first, the “answer” is 1

Question: 1011

1 0 1 1

1?
Arbiter PUFs If the top signal reaches the finish line first,
the “answer” to this question is 0, else if the
bottom signal reaches first, the “answer” is 1

Question: 0110

0 1 1 0

0?
Some FAQs
Does it matter whether the “red” signal reaches first or the “blue”?
No, the color does not matter – the color was added just for explanation
Why go into all this fuss of having multiple multiplexers?
It was expected that it would make it more difficult to predict the answers.
Also, it increases the number of possible questions.
Is it compulsory to have only 4 multiplexers?
Absolutely not. It depends on how long are your “questions”
That would make
It is common
the total number
to have 64
of challenges > Good … even if an attacker knows the
multiplexers
18 Quintillion!! responses to a few challenges, there is
no way to guess the other answers.
By the way, people usually call
Right? Right? Hello! Melbo!!
the questions “challenges”
Actually … and the answers “responses”
A Twist in the Tale
is the (unknown) time
An attacker can see responses on a few challenges and at which the upper
use ML to predict responses on all other challenges  signal leaves the -th
mux. is the time at
Does not matter if using 32-bit or 64-bit challenges which the lower signal
leaves the -th mux.
All mux-es are different so
𝑐0 𝑐1 𝑐2 𝑐 63

𝑟0
𝑝0
𝑡 𝑢0
𝑟1
𝑝1
𝑡 𝑢1
𝑟2
𝑝2
…
𝑡 𝑢2
𝑟63
𝑝63
𝑡 𝑢63

𝑠0

𝑞0
𝑡 𝑙0 𝑠1

𝑞1
𝑡 𝑙1 𝑠2

𝑞2
𝑡
…𝑙
2
𝑠 63

𝑞63
𝑡 𝑙63
A Twist in the Tale
Observe that the answer is if and otherwise
Also note that and depend on and
dictates which previous delay or will get carried forward in which branch,
and give us the delay introduced by the -th mux itself
𝑐0 𝑐1 𝑐2 𝑐 63

𝑟0
𝑝0
𝑡 𝑢0
𝑟1
𝑝1
𝑡 𝑢1
𝑟2
𝑝2
…
𝑡 𝑢2
𝑟63
𝑝63
𝑡 𝑢63

𝑠0

𝑞0
𝑡 𝑙0 𝑠1

𝑞1
𝑡 𝑙1 𝑠2

𝑞2
𝑡
…𝑙
2
𝑠 63

𝑞63
𝑡 𝑙63
A Twist in the Tale
0
1 01
0
1 1
0

𝑐0 𝑐1
01 𝑐2 𝑐 63

𝑟0
𝑝0
𝑡 𝑢0
𝑟1
𝑝1
𝑡 𝑢1
𝑟2
𝑝2
…
𝑡 𝑢2
𝑟63
𝑝63
𝑡 𝑢63

𝑠0

𝑞0
𝑡 𝑙0 𝑠1

𝑞1
𝑡 𝑙1 𝑠2

𝑞2
𝑡
…𝑙
2
𝑠 63

𝑞63
𝑡 𝑙63
A little bit of Math 
Let us use the shorthand to denote the lag
Recall: all that matters is whether the top signal reaches first or not
Thus, all that matters is whether or not

To make notation simpler, let creates bits that take

values instead of –
that’s it!
A little bit of Math 
Note that a similar relation holds for any stage

where and
We can safely take (absorb initial delays into )
We can keep going on recursively
(since )
– now plugin value of to get

We can begin to see a pattern here

Linear Models
We have

where Exactly, this is why people

stopped using arbiter
PUFs for authentication
after this was revealed

This means that if someone

If , upper signal wins and answer is 0 can find the parameters,
they would be able to predict
If , lower signal wins and answer is 1 response to any challenge!!

Thus, answer is simply

This is nothing but
a linear classifier!
Linear/hyperplane Classifiers
The model is a single vector of dimension (features are
also -dim), and a scalar term (called bias)
Predict on a test point by checking if
Decision boundary: hyperplane (where ) 𝐰
The vector is called the normal or perpendicular vector
of the hyperplane – why?
Consider any two vectors on the hyperplane i.e.
. This means . Note that the vector is parallel to the
hyperplane and perpendicular to all such vectors
The bias term if changed, shifts the plane – it can be
thought of as a threshold as well – how large does have
to be in order for decision to be 1