Securing embedded systems and their IPs with digital reconfigurable PUFs

Abstract

In the near future, firmware security will be imperative for the large number of smart embedded devices that are tightly integrated into one's daily lives. In this paper, we present a security scheme for these embedded systems that can provide protection from tempered binaries and the thefts of hardware and software Intellectual Properties (IPs). The key idea is to incorporate digital Physical Unclonable Functions (PUFs) in an authentication mechanism at the machine-code level. Each copy of the binary is digitally locked by vendor using the signatures of the individual PUFs. At run time, the binaries are unlocked by the embedded digital PUFs at a low cost to performance and resource utilization. Each digital PUF is unique by initialization using analog PUFs, and at the same time it can be reconfigured with new seeds. The digital reconfigurable PUFs (drPUFs) have much lower risks of side-channel attacks and much more combinations of challenge-response pairs, while retaining the speed and ease of digital PUF implementation. We demonstrate how the digital PUF is implemented and incorporated into a processor design as well as a software production flow to generate unique firmware binaries that are paired with respective drPUF devices. As a proof of concept we will show the results of the implementation on a Xilinx Spartan-6 Field Programmable Gate Array (FPGA) device.