Leveraging DRAM-based Physically Unclonable Functions for Enhancing Authentication in Resource-Constrained Applications

The Internet-of-Things (IoT) is an inevitable technological paradigm shift across hundreds of application domains, including healthcare, manufacturing, and infrastructure. Communication of potentially sensitive or security-critical information is commonplace as with any technological domain. Therefore, the security of such communication is key to providing trust to enable wider adoption. IoT as a concept has many implications that need not always be assumed for other communication environments, such as physical access and power/hardware restrictions, which present challenges to established methods for securing communication. This reality means that assumptions regarding the storage and transmission of sensitive data must be stronger. In response to the new demands for such secure communication, Physical Unclonable Functions (PUFs) were proposed to provide highly secure just-in-time cryptographic tokens/keys to enable strong security at a low resource overhead. Various types of PUF have been proposed since their conception, each with varying features, strengths and weaknesses. Most notably, PUFs proposed have been consistently subjected to machine learning modelling attacks (ML-MA). Dynamic Random Access Memory (DRAM) PUFs were more recently proposed with promising features over similar PUF types. Limited works have been explored investigating the applicability of utilising DRAM-PUFs to design secure authentication protocols. Therefore, it is essential to develop techniques for and test the effectiveness of DRAM-PUFs for enabling authentication in resource-constrained systems.

This thesis proposes three novel methods for enabling authentication by exploiting DRAM-PUFs. Particularly, we develop a computer vision-based approach for accurately classifying and retrieving noisy Latency DRAM-PUF responses for grouped devices, noting the highest-performing classifiers for this task. Through this research, we develop and share a unique temperature and voltage-dependent Latency DRAM-PUF dataset for use of the wider research community. To improve the authentication scalability, we additionally present a novel, generic obfuscation method for Strong PUFs, further demonstrating how utilisation of DRAM-PUF characteristics can ensure high security against machine learning threats. Finally, a hardware-level approach is tightly integrated into a privacy-preserving authentication protocol to enhance protection against threats with advanced prior PUF access and knowledge to prevent powerful ML-MA.