Root of Trust: Securing IoT and AI Against Hardware Attacks

Author: Denis Avetisyan

As connected devices proliferate and artificial intelligence moves to the edge, ensuring hardware integrity is paramount, and this review explores how unique silicon fingerprints can provide a robust defense.

This paper surveys the use of Physically Unclonable Functions (PUFs) for secure authentication in IoT devices and hardware-anchored protection of AI models against supply chain threats and machine learning attacks.

The increasing prevalence of compromised hardware and sophisticated machine learning attacks presents a fundamental challenge to trust in rapidly expanding Internet of Things ecosystems. This survey, ‘Physically Unclonable Functions for Secure IoT Authentication and Hardware-Anchored AI Model Integrity’, systematically examines hardware-rooted trust mechanisms-including Physical Unclonable Functions (PUFs)-for bolstering device authentication and safeguarding the integrity of deployed artificial intelligence models. Our analysis reveals that while various approaches exist, PUF-based and hybrid trust anchors offer a compelling balance between security, scalability, and cost for large-scale, AI-enabled IoT deployments. Given the evolving threat landscape and the critical need for robust device security, what novel hardware-software co-design strategies will be necessary to achieve truly trustworthy AI at the edge?

The Expanding Attack Surface: A Prophecy of Failure

The sheer scale of the Internet of Things presents a dramatically expanded attack surface, fundamentally challenging established cybersecurity approaches. Traditional security models, designed to protect a limited number of well-defined endpoints, struggle to encompass the billions of interconnected devices now permeating daily life – from smart appliances and wearable technology to industrial sensors and critical infrastructure components. Each of these devices represents a potential entry point for malicious actors, and the diversity of manufacturers, operating systems, and security protocols creates a fragmented landscape difficult to comprehensively monitor and defend. This proliferation isn’t simply about quantity; the distributed nature of these devices, often deployed in physically insecure locations, and their extended lifecycles – exceeding typical IT equipment – introduce persistent vulnerabilities that demand a paradigm shift towards proactive, adaptable, and scalable security solutions.

The escalating sophistication of cyberattacks now directly threatens the reliable operation of connected devices, moving beyond simple data breaches to target the integrity of entire IoT systems. Modern adversaries are increasingly deploying machine learning algorithms to identify vulnerabilities and craft attacks that bypass traditional security measures. These intelligent attacks can subtly manipulate sensor data, alter device behavior, or even compromise the functionality of critical infrastructure controlled by IoT networks. Unlike conventional attacks focused on confidentiality, these integrity-focused breaches aim to cause physical harm, disrupt services, or create widespread chaos by manipulating the very data that these systems rely upon for accurate operation – a shift demanding a fundamental rethinking of IoT security protocols and a move towards proactive, AI-driven threat detection.

The escalating vulnerabilities within the Internet of Things ecosystem are significantly compounded by weaknesses inherent in global supply chains and the increasing prevalence of counterfeit components. Manufacturing complexities often involve numerous, geographically dispersed suppliers, creating opportunities for malicious actors to introduce compromised hardware or software at various stages of production. These compromised components, ranging from microchips to sensors, can create backdoors or introduce hidden functionalities that enable remote access and control. The rise of counterfeit parts, frequently lacking even basic security features, further amplifies this threat, as they bypass quality control measures and introduce unpredictable failure points. This creates a scenario where seemingly benign devices can become unwitting participants in large-scale attacks, jeopardizing data integrity, system availability, and even physical safety-a challenge that demands a shift towards greater supply chain transparency, robust authentication mechanisms, and proactive component verification.

Foundations in Sand: Building Roots of Trust

A Hardware Root of Trust (HRoT) is a foundational security element in Internet of Things (IoT) devices, serving as the basis for verifying device identity and establishing a chain of trust. Its primary function is to ensure that the device is genuine and has not been tampered with, protecting sensitive data such as cryptographic keys, user credentials, and firmware. Without a reliable HRoT, IoT devices are vulnerable to cloning, counterfeiting, and malicious attacks that can compromise data integrity and system security. Establishing a strong HRoT is therefore essential for securing the entire IoT ecosystem, enabling secure boot processes, secure storage, and authenticated communication between devices and servers.

Trusted Platform Modules (TPMs) and Physical Unclonable Functions (PUFs) represent distinct but compatible methods for establishing a hardware Root of Trust. TPMs are dedicated microcontroller chips providing cryptographic functionality and secure key storage, relying on a pre-programmed, verifiable identity. Conversely, PUFs are analog circuits that exploit random physical variations introduced during manufacturing to generate a unique digital fingerprint. While TPMs offer a standardized, software-controlled security anchor, PUFs provide a device-intrinsic identity resistant to physical attacks and cloning. Combining these approaches allows for a layered security model; a TPM can securely store keys derived from a PUF’s unique response, enhancing both authentication and key protection. This synergy addresses the limitations of each individual technology, creating a more robust and reliable foundation for secure device operation.

Physical Unclonable Functions (PUFs) establish a unique identity for each integrated circuit by exploiting the random, unpredictable variations that occur during the manufacturing process. These variations, arising from factors like transistor mismatch and oxide thickness fluctuations, create device-specific “fingerprints” that are inherently difficult to replicate. Unlike cryptographic keys stored in memory, which can be read and copied, a PUF’s response is generated on demand based on these physical characteristics, meaning the “key” doesn’t exist in a storable format. This reliance on physical properties makes PUFs resistant to cloning attacks, as precisely duplicating the manufacturing variations required to generate the same response is practically infeasible.

Several Physical Unclonable Function (PUF) implementations exist, each with distinct characteristics impacting their suitability for different applications. SRAM PUFs utilize random variations in the startup sequence of SRAM cells, offering a relatively simple design but potentially lower security against advanced attacks. Ring Oscillator PUFs rely on frequency differences between ring oscillators, providing a good balance between area, power consumption, and security. Memristive PUFs leverage the inherent variability of memristor devices, offering high security and potentially strong unclonability but typically requiring larger area and increased power compared to SRAM and Ring Oscillator PUFs. The selection of a specific PUF implementation necessitates careful consideration of these trade-offs based on the target device’s constraints and security requirements.

The Inevitable Arms Race: Defending Against Sophisticated Attacks

Modeling attacks and machine learning (ML) techniques present a substantial threat to the security of Physically Unclonable Functions (PUFs). These attacks leverage the inherent predictability of physical systems by constructing statistical models from observed PUF response data. By training these models – often employing algorithms such as neural networks or support vector machines – attackers aim to predict PUF outputs for given input stimuli, effectively bypassing authentication mechanisms without physical access to the device’s internal circuitry. The effectiveness of these attacks increases with the volume of training data acquired, highlighting the vulnerability of systems where PUF responses can be observed, even indirectly, over time. Furthermore, ML-based attacks are not limited by traditional cryptanalytic techniques and can adapt to variations in manufacturing or environmental conditions, making them a persistent and evolving threat.

Side-channel attacks represent a significant threat to Physically Unclonable Function (PUF) security by leveraging information unintentionally leaked during PUF operation. These attacks do not target the PUF’s algorithmic core, but instead analyze physical characteristics such as power consumption, electromagnetic radiation, or timing variations that correlate with the processed data. Variations in these characteristics, resulting from manufacturing imperfections or operational conditions, can reveal information about the challenge-response pairs used in authentication. Successful side-channel analysis allows attackers to statistically infer the PUF’s secret key, effectively bypassing its security mechanisms without physically deconstructing the device. Countermeasures include power equalization techniques, masking, and careful circuit design to minimize information leakage and introduce noise.

Supply chain security represents a critical vulnerability in hardware security implementations, as compromise can occur at any stage of the manufacturing and distribution process – from design and fabrication to assembly and transportation. These pre-deployment compromises introduce malicious modifications or backdoors into the hardware itself, effectively bypassing any subsequent on-device security measures, including robust authentication protocols or cryptographic functions. Unlike attacks targeting deployed devices, supply chain attacks defeat security before the device is even activated, making detection and remediation significantly more difficult. This necessitates rigorous vetting of all component sources, secure manufacturing processes, tamper-evident packaging, and thorough inspection procedures to mitigate the risk of compromised hardware entering the supply chain.

Arbiter Physical Unclonable Functions (PUFs) offer a security mechanism based on unpredictable manufacturing variations in digital circuits, specifically arbiters which resolve race conditions. While providing a unique challenge to attackers due to the inherent randomness, Arbiter PUFs are not immune to advanced techniques. Machine learning models, trained on captured challenge-response pairs, can predict PUF outputs with increasing accuracy, potentially bypassing authentication. Furthermore, side-channel analysis, monitoring power consumption or timing variations during PUF operation, can reveal sensitive information about the internal state and facilitate output prediction. These attacks demonstrate that even seemingly robust hardware security primitives require continuous analysis and mitigation strategies to maintain effectiveness against evolving threat landscapes.

Proactive Deception: A System’s Last Best Hope

Deception-based authentication represents a paradigm shift in security protocols, moving beyond simply detecting attacks to actively misleading potential adversaries. This innovative approach doesn’t aim to present an impenetrable fortress, but rather a carefully crafted illusion, presenting false targets and manipulated data to disrupt an attacker’s reconnaissance. By subtly altering the information available, these systems force adversaries to build inaccurate models of the network, rendering their exploits ineffective and significantly increasing the cost and complexity of a successful breach. The core principle lies in exploiting the attacker’s reliance on information gathering; by feeding them deliberately flawed data, the system effectively neutralizes their ability to accurately profile the target environment and launch a meaningful attack, bolstering overall system resilience.

Deception technologies actively disrupt attacker methodologies by introducing manipulated data into the systems they target. Rather than simply blocking intrusion attempts, these techniques feed adversaries false information, corrupting the data used to build attack models. This proactive misdirection renders reconnaissance efforts unreliable and significantly increases the complexity of successful exploitation. By forcing attackers to operate on inaccurate assumptions about network topology, system configurations, or data sensitivity, deception strategies effectively raise the cost and risk associated with targeting a system, ultimately diminishing the effectiveness of even sophisticated attacks and bolstering overall security posture.

Rather than solely relying on reactive defenses that address threats after they emerge, deception-based security functions as a complementary layer, significantly bolstering the Internet of Things ecosystem’s overall resilience. Traditional security protocols – firewalls, intrusion detection systems, and encryption – establish boundaries and protect assets, but are often circumvented by sophisticated attackers. This proactive approach introduces uncertainty and complexity for adversaries by presenting manipulated data and misleading information. Consequently, attackers expend resources on false targets and inaccurate models, increasing the cost and difficulty of successful breaches. This ultimately enhances the system’s ability to withstand attacks, not by preventing initial contact, but by disrupting the attacker’s reconnaissance and operational phases, thereby creating a more robust and adaptable security posture.

The integrity of any interconnected system, particularly within the Internet of Things, hinges significantly on the security of its supply chain. Compromised components, introduced at any stage of production or distribution, represent a critical vulnerability, potentially undermining all subsequent security measures. This survey underscores the necessity of a robust, multi-faceted approach to supply chain security, extending beyond simple component verification to encompass the entire lifecycle – from design and sourcing of materials to manufacturing, transportation, and deployment. Addressing these vulnerabilities requires collaborative efforts, standardized security protocols, and continuous monitoring to ensure the authenticity and trustworthiness of every element within the system, thereby bolstering overall resilience against malicious attacks and maintaining the reliability of connected devices.

The pursuit of hardware-rooted trust, as detailed in this exploration of Physical Unclonable Functions, reveals a fundamental truth about complex systems. It isn’t about achieving perfect, immutable security, but about building resilient ecosystems capable of adapting to unforeseen vulnerabilities. As Brian Kernighan observed, “Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.” This sentiment applies equally to hardware security; the intricate dance between PUFs, AI model integrity, and the constant threat of supply chain attacks demonstrates that stability is not a destination, but a fleeting moment before inevitable evolution. The article rightly points to challenges surrounding hardware Trojan detection; long stability, in this context, isn’t a sign of success, but a potential indication of a cleverly concealed disaster waiting to unfold.

What Lies Ahead?

The pursuit of hardware-rooted trust, as explored within these pages, resembles less the forging of unbreakable locks and more the careful cultivation of a resilient garden. Each Physical Unclonable Function, each attempt to bind identity to silicon, introduces a new surface for entropy to act upon. The assumption that security is a destination, a state to be achieved, is a prophecy of eventual compromise. Counterfeit hardware, like weeds, will always find a way. The challenge isn’t to eradicate them entirely, but to design systems that tolerate their presence, that forgive the inevitable imperfections.

Future work will likely shift from simply detecting malicious modifications to embracing a more fluid model of attestation. Rather than demanding absolute proof of origin, systems may need to assess degrees of trustworthiness, quantifying the deviation from a known-good baseline. This necessitates a move beyond binary validation – a device isn’t simply ‘secure’ or ‘compromised’ – but exists on a spectrum of reliability, a constantly shifting gradient.

Furthermore, the integration of AI model integrity with hardware security introduces a complex feedback loop. Protecting models from adversarial attacks is vital, yet the very mechanisms used for defense – the layers of abstraction, the complex algorithms – create new vulnerabilities. The ecosystem demands a holistic approach, recognizing that resilience lies not in isolation, but in the graceful degradation of function, the ability to adapt and endure, even when the garden is overrun.

Original article: https://arxiv.org/pdf/2604.21188.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/

The Expanding Attack Surface: A Prophecy of Failure

Foundations in Sand: Building Roots of Trust

The Inevitable Arms Race: Defending Against Sophisticated Attacks

Proactive Deception: A System’s Last Best Hope

What Lies Ahead?

See also: