Attacks on Physically-Embedded Data Encryption for Embedded Devices

Data encryption is the primary method to protect embedded devices in the hostile environment. The security of the traditional data encryption algorithms relies on keeping the keys secret and they always require a lot of arithmetic and logical computations, which may be not suitable for area critical or power critical embedded devices. At TrustCom 2013, Hou et al. proposed to use a physical unclonable function (PUF) to build a novel physically-embedded data encryption (PEDE) for embedded devices. The PEDE is lightweight since all it does is xor-ing the plaintext with the output of a PUF. As the PUF is unique and unclonable, only the original physical device can decrypt the ciphertext. Without possessing the original PEDE device, adversaries could not determine anything about the plaintext even if both the secret key and the ciphertext are available to them. In this paper, we show that the existing PEDE architecture is sensitive to environmental variations, which leads to the fact that the decrypted plaintext does not equal to the original plaintext. Besides the lack of reliability, we also show that the existing PEDE architecture is vulnerable to known-plaintext attack and modeling attack. To address these issues, we propose a secure and robust PEDE architecture.