On-Chip Side-Channel Analysis of the Loop PUF

In recent years, Side-Channel Analysis (SCA) that leverages power measurements from peripherals or on-chip power sensors has gained increasing attention. Instead of direct physical access to the victim device, these so-called remote SCA attacks can be mounted if an attacker shares resources on the same Power Distribution Network (PDN), e.g., in a multi-tenant Field Programmable Gate Array (FPGA) cloud scenario. Previous work on remote SCA focused on cryptographic algorithms such as AES and RSA. In this work, we analyze the possibility of on-chip SCA of Physical Unclonable Function (PUF) primitives and compare their efficiency to classical SCA attacks. We target the Loop PUF, that derives entropy from a configurable oscillator, where an attacker can retrieve the secret by observing oscillation frequencies. We employ a Time-to-Digital Converter (TDC) sensor, and compare two Artix-7 FPGAs with different resources to compare differences in the Signal-to-Noise Ratio (SNR). Further, we vary the relative placement of the targeted PUF and the TDC sensor. Even though the number of traces required is increased compared to classical SCA, the experiments illustrate the feasibility of extracting the secret key from a PUF-based storage from on-chip SCA.     «

In recent years, Side-Channel Analysis (SCA) that leverages power measurements from peripherals or on-chip power sensors has gained increasing attention. Instead of direct physical access to the victim device, these so-called remote SCA attacks can be mounted if an attacker shares resources on the same Power Distribution Network (PDN), e.g., in a multi-tenant Field Programmable Gate Array (FPGA) cloud scenario. Previous work on remote SCA focused on cryptographic algorithms such as AES an...     »