Memory-Based Combination PUFs for Device Authentication in Embedded Systems

Abstract

Embedded systems play a crucial role in fueling the growth of the Internet-of-Things (IoT) in application domains such as health care, home automation, transportation, etc. However, their increasingly network-connected nature, coupled with their ability to access potentially sensitive/confidential information, has given rise to a plethora of security and privacy concerns. An additional challenge is the growing number of counterfeit components in these devices, with serious reliability and financial repercussions. Physically Unclonable Functions (PUFs) are a promising security primitive to help address these concerns. Memory-based PUFs are particularly attractive as they can be realized with minimal or no additional hardware beyond what is already present in all embedded systems, i.e., memory. However, current memory-based PUFs utilize only a single memory technology for constructing the PUF, which has many disadvantages including making them vulnerable to certain security attacks. Several of these PUFs also suffer from other shortcomings such as low entropy, limited number of challenge-response pairs, etc. In this paper, we propose the design of a new memory-based combination PUF that tightly integrates (two) heterogeneous memory technologies to address these challenges/shortcomings. Our design enables us to authenticate an on-chip component and an off-chip component, thereby taking a step towards multi-component authentication in a device, without incorporating any additional hardware. We have implemented a prototype of the proposed combination PUF using a Terasic TR4-230 FPGA development board and several off-the-shelf SRAMs and DRAMs. Measured experimental results demonstrate substantial improvements over current memory-based PUFs including the ability to resist various security attacks. We also propose a lightweight authentication scheme that ensures robust operation of the PUF across environmental and temporal variations. Extensive authentication tests performed on several PUF prototypes achieved a true-positive rate of greater than 97.5 percent across these variations. The absence of any false-positives, even under an invasive attack, further highlighted the effectiveness of the overall design.