現今物聯網(Internet of Things, IoT)技術充斥於生活週遭的情況下，社會中各個面向皆受益於物聯網的技術，小至人們隨身攜帶使用的智慧型手機、智慧型手錶甚至是智能家居，大至大型企業運用之智慧工業設備或大型資料庫，大量的機密或個人私密數據存儲在這些裝置，更加凸顯資訊安全的重要性。為了確保物聯網各中繼節點與終端裝置的數據受到高安全性裝置加密保護，物理不可複製功能(Physically Unclonable Function, PUF)低成本、低功耗的特性成為最理想的硬體安全電路應用，其中又以仲裁器物理不可複製功能(Arbiter PUF, APUF)為最理想的PUF，透過製程偏差在每個晶片中產生隨機參數，這些參數具有唯一性、不可複製且不可逆的特性，讓埋有不同APUF的晶片具備獨特「指紋」。基於APUF的授權協定也已成為物聯網中常見的加密手段。
APUF雖然以低成本、低功耗成為物聯網中熱門的加密應用，但卻有被機器學習建模攻擊的潛在問題。攻擊者能透過不安全的通訊通道竊聽PUF的挑戰-響應對(Challenge-Response Pair)，蒐集資料訓練機器模型，以偽造合法的PUF。本論文針對為了提升APUF抵抗機器學習建模攻擊的能力，開發初步及進階反制PUF系統，希望APUF能夠具備抵抗機器學習建模攻擊的能力，並同時保留有原本低功耗、低成本的特性以及APUF本身的基礎衡量指標，例如均勻性、獨特性、可靠度等，讓使用者針對基於APUF授權協定的加密物聯網，能夠對於資訊安全的部分更有信心。
針對初步反制技術，本論文深入分析實作APUF於現場可程式化邏輯閘陣列(Field Programmable Gate Array, FPGA)不同佈局配置對於機器學習建模攻擊抵抗能力的影響，並第一個提出針對具抵抗機器學習建模攻擊能力APUF之特定佈局策略，以零額外硬體成本有效限制機器學習建模攻擊成功率。針對進階反制技術，在探討文獻的過程中，我們發現過往最佳保護成效文獻有硬體成本使用效率過低的問題，以及所採用攻擊APUF的機器學習演算法並非普遍文獻使用之演算法，本論文以過往最佳成效文獻延伸，並優化其硬體成本使用效率過低的問題，以極低成本實現反制機器學習建模攻擊PUF系統，同時針對普遍文獻考慮的四種常見機器學習攻擊演算法攻擊本論文所開發之反制PUF系統，以驗證抵抗機器學習建模攻擊的能力。

Internet of Things (IoT) technology is now deeply integrated into our daily lives, benefiting various aspects of society. From personal devices such as smartphones, smartwatches, and smart home systems to large-scale industrial equipment and enterprise databases, vast amounts of confidential or personal data are stored on these devices, underscoring the importance of information security. To protect data on IoT nodes and endpoint devices with highly secure encryption, Physically Unclonable Functions (PUFs) are ideal for hardware security due to their low hardware cost and low power consumption. Among the different types of PUFs, the Arbiter PUF (APUF) is considered the most suitable. Process variations generate unique, non-replicable parameters on each chip, giving each chip a unique “fingerprint.” This makes APUF-based authentication protocols a common encryption method in IoT applications.
Despite APUF's popularity in IoT encryption for its low hardware cost and power consumption, it is vulnerable to machine learning modeling attacks. Attackers can intercept the PUF's challenge-response pairs (CRPs) through insecure communication channels, gather data, and train machine learning models to impersonate legitimate PUFs. This thesis aims to enhance APUF's resistance to machine learning modeling attacks by developing both basic and advanced countermeasures. The objective is to maintain APUF's original low power and hardware cost characteristics while preserving its essential metrics, such as uniformity, uniqueness, and reliability, thereby increasing user confidence in the security of APUF-based IoT applications.
For the basic countermeasures, this thesis analyzes how different placement configurations of APUF implemented on Field Programmable Gate Arrays (FPGA) impact resistance to machine learning modeling attacks. We are the first to propose a specific placement strategy that enhances APUF's resistance to these attacks, effectively limiting the success rate of machine learning modeling attacks with zero additional hardware cost. For the advanced countermeasures, it was observed that previous studies with the best protection results had issues with inefficient hardware cost usage and did not employ the machine learning algorithms commonly used in other related works to attack APUF. This thesis builds on the previous best results and optimizes hardware cost efficiency, creating a countermeasure PUF system against machine learning modeling attacks at an extremely low hardware cost. The system's resistance to four common machine learning attack algorithms, as considered in other related works, is also validated.

論文審定書 i
摘要 ii
Abstract iv
圖目錄 ix
表目錄 xiii
第一章 概論 1
1.1 研究背景 1
1.2 研究動機 2
1.3 研究貢獻 3
1.4 論文章節摘要 4
第二章 研究背景與相關文獻 5
2.1 Arbiter PUF 5
2.2 機器學習建模攻擊 6
2.2.1 攻擊概念 6
2.2.2 機器學習攻擊演算法 7
2.3 相關文獻 10
2.3.1 APUF抵抗機器學習建模攻擊能力 10
2.3.2 既有通用保護策略 11
第三章 反制機器學習建模攻擊之物理不可複製功能設計 14
3.1 Arbiter PUF 實現於FPGA之可配置架構 14
3.2 初步反制技術設計 15
3.3 進階反制技術設計 19
3.4 實驗設置 21
第四章 佈局配置延遲參數混淆度分析 23
4.1 延遲參數混淆概念說明 23
4.2 分析路徑說明 24
4.3 延遲參數混淆重疊趨勢分析 24
4.3.1 Column-like Slice Placement Configuration 24
4.3.2 Default Placement Configuration 28
4.4 延遲參數混淆度量化分析 31
4.4.1 量化指標說明 31
4.4.2 量化指標數據比較 33
第五章 機器學習建模攻擊抵抗能力成效分析 36
5.1 機器學習建模攻擊抵抗能力 36
5.2 初步反制技術抵抗能力成效分析 36
5.2.1 Column-like Slice Placement Configuration 36
5.2.2 Default Placement Configuration 38
5.2.3 SVM Analysis 40
5.2.4 DNN Analysis 43
5.3 進階反制技術抵抗能力成效分析 47
5.3.1 Standard SBox 47
5.3.2 PRINCE SBox 48
5.3.3 Feather SBox 50
5.3.4 HUMMING BIRD-2 SBox 53
第六章 PUF基礎衡量指標成效分析 55
6.1 PUF指標說明 55
6.1.1 Uniformity 55
6.1.2 Uniqueness 55
6.1.3 Reliability 56
6.2 初步反制技術基礎衡量指標成效分析 56
6.2.1 Uniformity 56
6.2.2 Uniqueness 58
6.2.3 Reliability 62
6.3 進階反制技術基礎衡量指標成效分析 64
6.3.1 Uniformity 64
6.3.2 Uniqueness 65
6.3.3 Reliability 68
第七章 硬體成效分析 70
第八章 結論與未來展望 73
參考文獻 74

[1] A. M. A. Modarres and G. Sarbishaei, "Systematic Cryptanalysis of PUF-Based Authentication Protocols for IoT, A Case Study," IEEE Networking Letters, vol. 5, no. 4, pp. 304-308, Dec. 2023.
[2] T. A. Idriss, H. A. Idriss and M. A. Bayoumi, "A Lightweight PUF-Based Authentication Protocol Using Secret Pattern Recognition for Constrained IoT Devices," IEEE Access, vol. 9, pp. 80546-80558, 2021.
[3] J. Liu, Y. Zhao, Y. Zhu, C. -H. Chan and R. P. Martins, "A Weak PUF-Assisted Strong PUF With Inherent Immunity to Modeling Attacks and Ultra-Low BER," IEEE Trans. Circuits Syst. I, Reg. Papers vol. 69, no. 12, pp. 4898-4907, Dec. 2022.
[4] B. Gassend et al., "Silicon physical random functions", CCS 02: Proceedings of the 9th ACM conference on Computer and communications security, pp. 148-160, 2002.
[5] Daihyun Lim, J. W. Lee, B. Gassend, G. E. Suh, M. van Dijk and S. Devadas, "Extracting secret keys from integrated circuits," IEEE Trans. Very Large Scale Integr. (VLSI) Syst. vol. 13, no. 10, pp. 1200-1205, Oct. 2005.
[6] S. Hemavathy and V. S. K. Bhaaskaran, "Arbiter PUF—A Review of Design, Composition, and Security Aspects," IEEE Access, vol. 11, pp. 33979-34004, 2023.
[7] G. T. Becker, "On the Pitfalls of Using Arbiter-PUFs as Building Blocks," IEEE Trans. Computer-Aided Design(CAD) vol. 34, no. 8, pp. 1295-1307, Aug. 2015
[8] Ulrich Rührmair, Frank Sehnke, Jan Sölter, Gideon Dror, Srinivas Devadas, and Jürgen Schmidhuber, “Modeling attacks on physical unclonable functions”, CCS 02: Proceedings of the 9th ACM conference on Computer and communications security, pp. 237-249, 2010.
[9] Xuejiao Ma, Pengjun Wang, Gang Li, Ziyu Zhou, “Machine learning attacks resistant strong PUF design utilizing response obfuscates challenge with lower hardware overhead”, Microelectronics Journal, vol. 142, no. C, pp. 105977, Dec. 2023.
[10] Santikellur, Pranesh, Aritra Bhattacharyay and Rajat Subhra Chakraborty. “Deep Learning based Model Building Attacks on Arbiter PUF Compositions.” IACR Cryptol. ePrint Arch. vol. 2019, pp. 566, 2019.
[11] J. Liu, Y. Zhao, Y. Zhu, C. -H. Chan and R. P. Martins, "A Weak PUF-Assisted Strong PUF With Inherent Immunity to Modeling Attacks and Ultra-Low BER," IEEE Trans. Circuits Syst. I, Reg. Papers vol. 69, no. 12, pp. 4898-4907, Dec. 2022.
[12] J. Zhang, C. Shen, Z. Guo, Q. Wu and W. Chang, "CT PUF: Configurable Tristate PUF Against Machine Learning Attacks for IoT Security," IEEE Internet of Things Journal, vol. 9, no. 16, pp. 14452-14462, 15 Aug. 2022.
[13] L. Wu, Y. Hu, K. Zhang, W. Li, X. Xu and W. Chang, "FLAM-PUF: A Response–Feedback-Based Lightweight Anti-Machine-Learning-Attack PUF," IEEE Trans. Computer-Aided Design(CAD) vol. 41, no. 11, pp. 4433-4444, Nov. 2022.
[14] Y. Wang et al., "A Lightweight Authentication Protocol Against Modeling Attacks Based on a Novel LFSR-APUF," IEEE Internet of Things Journal, vol. 11, no. 1, pp. 283-295, 1 Jan. 2024.
[15] N. N. Anandakumar, M. S. Hashmi and M. A. Chaudhary, "Implementation of Efficient XOR Arbiter PUF on FPGA With Enhanced Uniqueness and Security," IEEE Access, vol. 10, pp. 129832-129842, 2022.
[16] Pedregosa et al., Scikit-learn: Machine Learning in Python[Online]. Available: https://scikit-learn.org/stable/
[17] C. Xu, L. Zhang, M. -K. Law, X. Zhao, P. -I. Mak and R. P. Martins, "Modeling-Attack-Resistant Strong PUF Exploiting Stagewise Obfuscated Interconnections With Improved Reliability," IEEE Internet of Things Journal, vol. 10, no. 18, pp. 16300-16315, Sept. 2023.
[18] C. Gu, W. Liu, Y. Cui, N. Hanley, M. O’Neill and F. Lombardi, "A Flip-Flop Based Arbiter Physical Unclonable Function (APUF) Design with High Entropy and Uniqueness for FPGA Implementation," IEEE Transactions on Emerging Topics in Computing, vol. 9, no. 4, pp. 1853-1866, Oct.-Dec. 2021.
[19] Y. Hori, H. Kang, T. Katashita, A. Satoh, S. Kawamura and K. Kobara, "Evaluation of physical unclonable functions for 28-nm process field-programmable gate arrays", J. Inf. Process., vol. 22, no. 2, pp. 344-356, 2014.
[20] V. Panchami, Mahima Mary Mathews, A Substitution Box for Lightweight Ciphers to Secure Internet of Things, Journal of King Saud University - Computer and Information Sciences, vol. 35, no. 4, pp. 75-89, 2023.
[21] Borghoff, J. et al. “PRINCE – A Low-Latency Block Cipher for Pervasive Computing Applications,” In Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security (ASIACRYPT'12). Springer-Verlag, Berlin, Heidelberg, pp. 208-225, 2012.
[22] Engels, D., Saarinen, MJ.O., Schweitzer, P., Smith, E.M. “The Hummingbird-2 Lightweight Authenticated Encryption Algorithm,” Workshop on RFID and IoT Security, 2011.
[23] Maiti, A., Gunreddy, V., Schaumont, P. “A Systematic Method to Evaluate and Compare the Performance of Physical Unclonable Functions,” Embedded Systems Design with FPGAs. Springer, New York, NY. pp. 245-267, 2013.