A Built-in-Self-Test Scheme for Online Evaluation of Physical Unclonable Functions and True Random Number Generators

Abstract

In the emerging era of Internet of Things (IoT) where various physical entities are spontaneously communicating with each other and sharing sensitive information, it is prohibitive to have a global entity for maintaining the security of the complex web against environmental variations and active attacks. Therefore, it is crucial that each entity has the capability of safeguarding its security features on its own. Methods based on harnessing the random identification and authentication from the physical device and environment, such as physical unclonable functions (PUFs) and True Random Number Generators (TRNGs), if securely run, are promising primitives for protecting lightweight IoT devices. This paper presents the first Built-In-Self-Test scheme for on-the-fly evaluation of PUFs that can also be utilized for assessing the desired statistical properties of TRNGs. Unlike earlier known PUF evaluation suites that were software-based and offline, our methodology enables online assessment of the pertinent statistical and security properties all in hardware. Specifically, the BIST structure is designed to evaluate two main properties of PUFs: unpredictability and stability. Our work is the first online test suite that thoroughly evaluates the internal health of the entropy source of TRNGs along with the statistical properties of the generated bit stream. Comprehensive real-time evaluation by the BIST method is able to ensure robustness and security of both TRNG and PUF in the face of operational, structural, and environmental fluctuations due to variations, aging, or adversarial acts. Proof-of-concept implementation of our BIST methodology in FPGA demonstrates its reasonable overhead, effectiveness, and practicality.