Differential template attacks on PUF enabled cryptographic devices

In this paper we provide the first practical attacks on software implementations of fuzzy extractors (FEs). The significance of these attacks stem from the fact that FEs are becoming an essential building block in the implementations of physical unclonable function (PUF) enabled devices. In fact, almost every single implementation of PUFs heavily relies on using a FE. Our attacks exploit the information leaked through the power side-channel in the initial stages of error correction and can be used to recover the FE input which would essentially mean cloning the PUF device. More specifically, our attacks target the initial step in the syndrome decoding phase of BCH and Reed-Solomon (RS) decoder implementations where the input (PUF response) is read. We report two attacks: a simple power analysis (SPA) attack where we make use of conditional checks in a naive implementation to recover the PUF response by simply observing time shifts in the power consumption profile. In our second attack, we assume all conditional executions are removed making the device secure against SPA attacks. Instead, we mount a new kind of template attack on a two instruction sequence to recover the FE input (or PUF output).