Secure PUF-based Authentication and Key Exchange Protocol using Machine Learning

Error Correction Codes and Fuzzy Extractors (FE) using publicly available helper data are used to increase the reliability of the secret value generated from noisy sources such as Physically Unclonable Functions (PUFs). Publicly available helper data is, in turn, vulnerable against Helper Data manipulation attacks due to its correlation with the secret value. Instead of using helper data for FE-based error correction, we propose a locally recoverable repetition coding mechanism. Our proposed mechanism is based on sharing only the user's generated challenge values, which is inherently secure against machine learning and PUF cloning attacks. We evaluate the reliability of our method using simulated challenge response pairs (CRP)s captured from various XOR Arbiter PUF structures at different levels of noise embedded in the PUF CRP characteristic. We show for instance that in a scenario of using PUF with 10% error-rate, our method can successfully recover the encryption key with close to zero failure-rate with a repetition code length of 10 or higher.