Abstract

It is a challenging task to deploy lightweight security protocols in resource-constrained IoT applications. A hardware-oriented lightweight authentication protocol based on device signature generated during voltage over-scaling (VOS) was recently proposed to address this issue. VOS-based authentication employs the computation unit such as adders to generate the process variation dependent error, which is combined with secret keys to create a two-factor authentication protocol. In this article, machine learning (ML)-based modeling attacks to break such authentication is presented. We also propose a <u>c</u>hallenge <u>s</u>elf-<u>o</u>bfuscation <u>s</u>tructure (CSoS) which employs previous challenges combined with keys or random numbers to obfuscate the current challenge for the VOS-based authentication to resist ML attacks. Experimental results show that ANN, RNN, and CMA-ES can clone the challenge-response behavior of VOS-based authentication with up to 99.65 percent prediction accuracy, while the prediction accuracy is less than 51.2 percent after deploying our proposed ML resilient technique. In addition, our proposed CSoS also shows good obfuscation ability for strong PUFs. Experimental results show that the modeling accuracy is below 54 percent when 10⁶ challenge-response pairs (CRPs) are collected to model the CSoS-based Arbiter PUF with ML attacks based on LR, SVM, ANN, RNN, and CMA-ES.