On the Security of PUF Protocols under Bad PUFs and PUFs-inside-PUFs Attacks

We continue investigations on the use of so-called Strong PUFs as a cryptographic primitive in realistic attack models, in particular in the “Bad/Malicious PUF Model”. We obtain the following results: – Bad PUFs and Simplification: As a minor contribution, we simplify a recent OT-protocol for malicious PUFs by Dachman-Soled et al. [4] from CRYPTO 2014. We can achieve the same security properties under the same assumptions, but use only one PUF instead of two. – PUFs-inside-PUFs, Part I: We propose the new, realistic adversarial models of PUF modifications and PUFs-inside-PUF attacks, and show that the earlier protocol of Dachman-Soled et al. [4] is vulnerable against PUFs-inside-PUFs attacks (which lie outside the original framework of [4]). – PUFs-inside-PUFs, Part II: We construct a new PUF-based OT-protocol, which is secure against PUFs-inside-PUFs attacks if the used bad PUFs are stateless. Our protocol introduces the technique of interleaved challenges. – PUFs-inside-PUFs, Part III: In this context, we illustrate why the use of interactive hashing in our new protocol appears necessary, and why a first protocol attempt without interactive hashing fails.