Pitfalls in Machine Learning-based Adversary Modeling for Hardware Systems
Fatemeh Ganji1,a, Sarah Amir1,b, Shahin Tajik1,c, Domenic Forte1,d and Jean-Pierre Seifert2
1Department of Electrical Engineering University of Florida Gainesville, USA
afganji@ufl.edu
bsarah.amir@ufl.edu
cstajik@ufl.edu
ddforte@ece.ufl.edu
2Security in Telecommunications Technische Universitt Berlin Berlin, Germany
jean-pierre.seifert@external.telekom.de
ABSTRACT
The concept of the adversary model has been widely applied in the context of cryptography. When designing a cryptographic scheme or protocol, the adversary model plays a crucial role in the formalization of the capabilities and limitations of potential attackers. These models further enable the designer to verify the security of the scheme or protocol under investigation. Although being well established for conventional cryptanalysis attacks, adversary models associated with attackers enjoying the advantages of machine learning techniques have not yet been developed thoroughly. In particular, when it comes to composed hardware, often being security-critical, the lack of such models has become increasingly noticeable in the face of advanced, machine learning-enabled attacks. This paper aims at exploring the adversary models from the machine learning perspective. In this regard, we provide examples of machine learning-based attacks against hardware primitives, e.g., obfuscation schemes and hardware root-of-trust, claimed to be infeasible. We demonstrate that this assumption becomes however invalid as inaccurate adversary models have been considered in the literature.
Keywords: Physically Unclonable Functions, Logic Locking, Composed Hardware, Root-of-Trust, Machine Learning.