Weak Physical Unclonable Function Research Articles

A quantum-safe authentication scheme for IoT devices using homomorphic encryption and weak physical unclonable functions with no helper data

Physical Unclonable Functions (PUFs) are widely used to authenticate electronic devices because they take advantage of random variations in the manufacturing process that are unique to each device and cannot be cloned. Therefore, each device can be uniquely identified and counterfeit devices can be detected. Weak PUFs, which support a relatively small number of challenge-response pairs (CRPs), are simple and easy to construct. Device authentication with weak PUFs typically uses helper data to obfuscate and recover a cryptographic key that is then required by a cryptographic authentication scheme. However, these schemes are vulnerable to helper-data attacks and many of them do not protect conveniently the PUF responses, which are sensitive data, as well as are not resistant to attacks performed by quantum computers. This paper proposes an authentication scheme that avoids the aforementioned weaknesses by not using helper data, protecting the PUF response with a quantum-safe homomorphic encryption, and by using a two-server setup. Specifically, the CRYSTALS-Kyber public key cryptographic algorithm is used for its quantum resistance and suitability for resource-constrained Internet-of-Things (IoT) devices. The practicality of the proposal was tested on an ESP32 microcontroller using its internal SRAM as a SRAM PUF. For PUF responses of 512 bits, the encryption execution time ranges from 16.41 ms to 41.08 ms, depending on the desired level of security. In terms of memory, the device only needs to store between 800 and 1,568 bytes. This makes the solution post-quantum secure, lightweight and affordable for IoT devices with limited computing, memory, and power resources.

A robust architecture of ring oscillator PUF: Enhancing cryptographic security with configurability

Physically Unclonable Functions (PUFs) are becoming more widely recognized as tamper-resistant, high-entropy hardware security primitives. Leveraging the intrinsic manufacturing properties of integrated circuits, PUFs provide a lightweight, cost-effective technique for device identification and cryptographic key generation. Despite the existence of various PUF designs and architectures, the ring oscillator (RO) PUF stands out as one of the most notable. This significance is due to its simplicity of implementation and outstanding performance metrics. However, traditional RO-PUFs are often classified as weak PUFs because they support a limited size of input-output combinations. This paper introduces a configurable inversion unit designed to construct a lightweight, robust architecture configurable (RAC) RO-PUF. The proposed unit comprises an XOR gate, an XNOR gate, and a multiplexer. The RACRO-PUF significantly increases the size of generated output bits while efficiently utilizing minimal hardware resources. The performance of the RACRO-PUF stands out in evaluations, recording a uniqueness of 49.78 %, uniformity of 49.42 %, reliability of 97.72 %, and impressive randomness of 98.34 %.

Non Fungible Gratings as Physical Unclonable Functions

Physical Unclonable Functions (PUFs) are physical devices exploiting intrinsic randomness through the fabrication process that can be used for authentication and secure key generation. In this article, we describe a novel weak PUF architecture based on the inscription of random gratings in an optical fiber, which can be easily interrogated by a commercial instrument due to the enhanced backscatter. With PUF lengths of only 40 mm, we show that the false positive and false negative probabilities can reach below 10 <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">-27</sup> . We also describe a temperature and strain compensation algorithm to mitigate environmental fluctuations. Furthermore, we describe an alternative technique which increases the number of bits used for digitizing the PUF's signature, thus significantly decreasing the false identification probabilities by almost two orders of magnitude.

ANV-PUF: Machine-Learning-Resilient NVM-Based Arbiter PUF

Physical Unclonable Functions (PUFs) have been widely considered an attractive security primitive. They use the deviations in the fabrication process to have unique responses from each device. Due to their nature, they serve as a DNA-like identity of the device. But PUFs have also been targeted for attacks. It has been proven that machine learning (ML) can be used to effectively model a PUF design and predict its behavior, leading to leakage of the internal secrets. To combat such attacks, several designs have been proposed to make it harder to model PUFs. One design direction is to use Non-Volatile Memory (NVM) as the building block of the PUF. NVM typically are multi-level cells, i.e, they have several internal states, which makes it harder to model them. However, the current state of the art of NVM-based PUFs is limited to ‘weak PUFs’, i.e., the number of outputs grows only linearly with the number of inputs, which limits the number of possible secret values that can be stored using the PUF. To overcome this limitation, in this work we design the Arbiter Non-Volatile PUF (ANV-PUF) that is exponential in the number of inputs and that is resilient against ML-based modeling. The concept is based on the famous delay-based Arbiter PUF (which is not resilient against modeling attacks) while using NVM as a building block instead of switches. Hence, we replace the switch delays (which are easy to model via ML) with the multi-level property of NVM (which is hard to model via ML). Consequently, our design has the exponential output characteristics of the Arbiter PUF and the resilience against attacks from the NVM-based PUFs. Our results show that the resilience to ML modeling, uniqueness, and uniformity are all in the ideal range of 50%. Thus, in contrast to the state-of-the-art, ANV-PUF is able to be resilient to attacks, while having an exponential number of outputs.

A PUF-Based Key Storage Scheme Using Fuzzy Vault

Physical Unclonable Functions (PUFs) are considered attractive low-cost security anchors in the key generation scheme. The helper data algorithm is usually used to transform the fuzzy responses extracted from PUF into a reproducible key. The generated key can be used to encrypt secret data in traditional security schemes. In contrast, this work shows that the fuzzy responses of both weak and strong PUFs can be used to secretly store the important data (e.g., the distributed keys) directly by an error-tolerant algorithm, Fuzzy Vault, without the traditional encryption algorithm and helper data scheme. The locking and unlocking methods of our proposal are designed to leverage the feature of weak and strong PUFs relatively. For the strong PUFs, our proposal is a new train of thought about how to leverage the advantage of strong PUFs (exponential number of challenge-response pairs) when used in the field. The evaluation was performed on existing weak PUF and strong PUF designs. The unlocking rate and runtime are tested under different parameters and environments. The test results demonstrate that our proposal can reach a 100% unlocking rate by parameter adjustment with less than 1 second of locking time and a few seconds of unlocking time. Finally, the tradeoff between security, reliability, and overhead of the new proposal is discussed.

Cryptanalysis of Strong Physically Unclonable Functions

Physically unclonable functions (PUFs) are being proposed as a low-cost alternative to permanently store secret keys or provide device authentication without requiring nonvolatile memory, large e-fuses, or other dedicated processing steps. In the literature, PUFs are split into two main categories. The so-called strong PUFs are mainly used for authentication purposes; hence, also called authentication PUFs. They promise to be lightweight by avoiding extensive digital post-processing and cryptography. The so-called weak PUFs, also called key generation PUFs, can only provide authentication when combined with a cryptographic authentication protocol. Over the years, multiple research results have demonstrated that Strong PUFs can be modeled and attacked by machine learning (ML) techniques. Hence, the general assumption is that the security of a strong PUF is solely dependent on its security against ML attacks. The goal of this article is to debunk this myth, by analyzing and breaking three recently published Strong PUFs (Suresh et al., VLSI Circuits 2020; Liu et al., ISSCC 2021; and Jeloka et al., VLSI Circuits 2017). The attacks presented in this article have practical complexities and use generic symmetric key cryptanalysis techniques.

Supervised Machine Learning Tools and PUF Based Internet of Vehicles Authentication Framework

The recent advancement of the Internet of Things (IoT) in the fields of smart vehicles and integration empowers all cars to join to the internet and transfer sensitive traffic information. To enhance the security for the Internet of Vehicles (IoV) and maintain privacy, this paper proposes an ultralight authentication scheme. Physical unclonable function (PUF), supervised machine learning (SML), and XOR functions are used to authenticate both server and device in a two message flow. The proposed framework can authenticate devices with a low computation time (3 ms) compared to other proposed frameworks while protecting against existing potential threats. Furthermore, the proposed framework needs low overhead (21 bytes) that avoids adding to the IoV network’s workload. Moreover, SML makes weak PUF responses as random numbers to provide the functionality of a strong PUF for the framework. In addition, both formal (Burrows, Abadi, Needham (BAN) logic) and informal analysis are presented to show the resistance against known attacks.

A Lightweight and Machine-Learning-Resistant PUF Using Obfuscation-Feedback-Shift-Register

Physical Unclonable Function (PUF) is a lightweight hardware security primitive and suitable for device authentication in the Internet of Things. However, each strong PUF instance must store at least 106 reliable challenge-response pairs in the center nodes, which brings an excessive storage overhead since centers connect massive remote PUFs. In this brief, an obfuscation-feedback-shift-register (OFSR) PUF is designed, consisting of certain weak PUF cells working with an obfuscation mechanism. Meanwhile, it efficiently reduces the storage overhead and overcomes the collapse response caused by normal linear-feedback-shift-register, providing higher security. Experiments show OFSR PUF has ideal performance on reliability, uniqueness, uniformity, randomness, and good resistance to machine learning attacks.

Positive-Bias-Temperature-Instability Induced Random-Trap-Fluctuation Enhanced Physical Unclonable Functions on 14-nm nFinFETs

We report one sort of weak physical unclonable functions (PUFs) composed of 14-nm nFinFETs with entropy of the random-trap-fluctuation (RTF). After the positive-bias-temperature-instability (PBTI) stress at high temperatures (85 °C ~ 150 °C), the generation of abundant random traps at the interface of gate-dielectric layers and channel efficiently improves cryptographic parameters of nFinFET-PUFs. Results show that bit-error-rates of the MOSAIC plots reduce to 1.4%; average values/standard-deviation of the inter- and intra- Hamming-distance reach 50.28%/1.7% and 0.38%/0.42%, respectively. This work provides an implacable technique to boost characteristics of weak PUFs through combinations of device-reliability and cryptography.

STT-MRAM-Based Reliable Weak PUF

In recent years, micro-nano device characteristics like ferroelectrics and resistive switching are being used to build important security primitives such as Physical Unclonable Function (PUF). The micro-nano device-based hardware security primitives, although with higher security, energy efficiency, and integration density, suffer from serious reliability issues caused by process scaling. To mitigate this issue, this paper introduces a reconfigurable weak PUF based on spin-transfer torque magnetoresistive random-access memory (STT-MRAM), which adopts the crossing switches implemented with simple demultiplexes (DEMUXs) to improve the flexibility and reliability. Moreover, two algorithms, <monospace>neighboring bit lines</monospace> and <monospace>top-<inline-formula><tex-math notation="LaTeX">$n$</tex-math><alternatives><mml:math xmlns:mml="http://www.w3.org/1998/Math/MathML"><mml:mi>n</mml:mi></mml:math><inline-graphic xlink:href="hu-ieq1-3095657.gif" xmlns:xlink="http://www.w3.org/1999/xlink"/></alternatives></inline-formula></monospace> , are proposed to enlarge the gap between two parallel reading currents, thus further enhancing the reliability of PUF responses. Experimental results demonstrate that the proposed PUF scheme achieves good uniqueness (50.64 percent), uniformity (50.02 percent), and bit-aliasing ( <inline-formula><tex-math notation="LaTeX">$\approx$</tex-math></inline-formula> 49.80%). Particularly, the proposed method significantly improves the PUF reliability, achieving low bit error rate (BER <inline-formula><tex-math notation="LaTeX">$\leq$</tex-math></inline-formula> 2.13%) within the range of -20 <inline-formula><tex-math notation="LaTeX">$^\circ$</tex-math></inline-formula> C to 90 <inline-formula><tex-math notation="LaTeX">$^\circ$</tex-math></inline-formula> C.

Design and Analysis of Secure Quasi-Adiabatic Tristate Physical Unclonable Function

Hardware security modules have become quintessential as the digital systems continue evolving. Physical Unclonable Function (PUF) is a hardware security module that exploits the intrinsic variations in manufacturability of integrated circuits. Proposed Quasi-adiabatic Tristate PUF is a weak PUF which makes use of the inherent mismatches found in the threshold voltage values of PMOS transistors, which inadvertently is introduced due to manufacturing process variations of ICs. The proposed design demonstrates lower energy consumption than those configured using comparable quasi-adiabatic logic counterparts, under varying temperature and peak voltage conditions. The design is compared using SRAM PUF design based on adiabatic logic and it is shown that the proposed one is having better uniqueness and reliability at different environmental conditions. The proposed PUF can generate 128 CRPs which can be well suited for IoT and RFID applications that require less energy to operate.

Reconfigurable and Dynamically Transformable In-Cache-MPUF System With True Randomness Based on the SOT-MRAM

In this paper, we present a reconfigurable Physically Unclonable Functions (PUF) based on the Spin-Orbit-Torque Magnetic Random-Access Memory (SOT-MRAM), which exploits thermal noise as the true dynamic entropy source. Therefore, the MRAM cells could be configured to random final states with stochastic switching mechanism. The proposed PUF is constructed and reconfigured by combining the small-capacity true random number generator (TRNG) and high-reliability secure hash algorithm (SHA-512), realizing the dynamic transformation between SOT-MRAM based last level cache and PUF (In-Cache-MPUF). Thanks to the full reconfigurability and the high endurance of SOT-MRAM, the proposed In-Cache-MPUF can achieve <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$10^{\textbf {14}}$ </tex-math></inline-formula> maximum PUF bits per cell, which has greatly motivated the implementations compared with the traditional weak PUFs utilizing the static entropy source of process variations. The Monte-Carlo simulation results using 40 nm technology and a compact MTJ model show that the proposed PUF has desirable randomness as the digitized bit streams passing all the NIST tests, achieving 50.0428% uniqueness as well as 49.9236% uniformity. It also shows comparable reliability to the state-of-the-art works: a maximum bit error rate of 0.14% and 0.12% at 100 °C and 0.9 V, respectively. In addition, the system level performance is tested and validated by gem5.

Halide perovskite memristors as flexible and reconfigurable physical unclonable functions

Physical Unclonable Functions (PUFs) address the inherent limitations of conventional hardware security solutions in edge-computing devices. Despite impressive demonstrations with silicon circuits and crossbars of oxide memristors, realizing efficient roots of trust for resource-constrained hardware remains a significant challenge. Hybrid organic electronic materials with a rich reservoir of exotic switching physics offer an attractive, inexpensive alternative to design efficient cryptographic hardware, but have not been investigated till date. Here, we report a breakthrough security primitive exploiting the switching physics of one dimensional halide perovskite memristors as excellent sources of entropy for secure key generation and device authentication. Measurements of a prototypical 1 kb propyl pyridinium lead iodide (PrPyr[PbI3]) weak memristor PUF with a differential write-back strategy reveals near ideal uniformity, uniqueness and reliability without additional area and power overheads. Cycle-to-cycle write variability enables reconfigurability, while in-memory computing empowers a strong recurrent PUF construction to thwart machine learning attacks.

On the Adoption of Physically Unclonable Functions to Secure IIoT Devices

The growing convergence among information and operation technology worlds in modern Industrial Internet of Things (IIoT) systems is posing new security challenges, requiring the adoption of novel security mechanisms involving light architectures and protocols to cope with IIoT devices resource constraints. In this article, we investigate the adoption of physically unclonable functions (PUFs) in the IIoT context, and propose the design of a PUF-based architecture (Pseudo-PUF), obtained by suitably combining a weak PUF and an encryption module, that can be successfully adopted to implement advanced security primitives while meeting the existing requirements of IIoT devices in terms of cost and resource demand. To demonstrate the feasibility of our proposal, we analyzed the overall quality of different Pseudo-PUF instances with respect to well-known PUF quality metrics, and found that it is possible to obtain good results with a negligible impact on the devices, thus making our approach suited to IIoT deployments.

A Physical Unclonable Function Using a Configurable Tristate Hybrid Scheme With Non-Volatile Memory

The physical unclonable function (PUF) is a promising low-cost hardware security primitive. Recent advances in nanotechnology have provided new opportunities for nanoscale PUF circuits. The resistive random access memory (RRAM) is extensively used in nanoscale circuits due to its low cost, non-volatility and easy integration with CMOS. This paper proposes a novel tristate hybrid PUF (TH-PUF) design based on a one-transistor-one-RRAM (1T1R) cell; this cell can be configured into two weak PUFs and a strong PUF using few control signals. To assess the proposed PUF design, a compact RRAM model at UMC 65 nm technology is employed. Simulation results show that the proposed TH-PUF achieves good uniqueness, reliability as well as a higher gate usability compared with an entire CMOS PUFs. The number of challenge response pairs (CRPs) of the proposed TH-PUF is larger than other RRAM-based PUFs. Moreover, the TH-PUF is more resistant to a modeling machine learning attack than traditional PUF designs.

A large-scale comprehensive evaluation of single-slice ring oscillator and PicoPUF bit cells on 28-nm Xilinx FPGAs

Lightweight implementation of security primitives, e.g., physical unclonable functions (PUFs) and true random number generator, in field programmable gate array (FPGA) is crucial replacement of the conventional decryption key stored in battery-backed random access memory or E-Fuses for the protection of field reconfigurable assets. A slice is the smallest reconfigurable logic block in an Xilinx FPGA. The entropy exploitable from each slice of an FPGA is an important factor for the design of security primitives. Previous research has shown that the locations of slices can impact the quality of delay-based PUF designs implemented on FPGAs. To investigate the effect of the placement of each single-bit PUF cell free from the routing resource constraint between slices, single-bit ring oscillator (RO) and identity-based PUF design (Pi-coPUF) cells that can each be fully fitted into a single slice are evaluated. To accurately evaluate their statistical performance, data from a large number of devices are required. To this end, 217 Xilinx Artix-7 FPGAs has been employed to provide a large-scale comprehensive analysis for the two designs. This is the first time single-slice disorder-based security entities have been investigated and compared on 28-nm Xilinx FPGA. Uniqueness, uniformity, correlation, reliability, bit-aliasing and min-entropy of each type of cell are evaluated for four different types of cell placement. Our experimental results corroborate that the location of both cell types in the FPGA affects their performances. For both cell types, the lower the correlation between devices, the higher the min-entropy and uniqueness. Overall, the min-entropy, correlation and uniqueness of PicoPUF are slightly higher than those of RO. Otherwise, the uniformity, bit-aliasing and reliability of the PicoPUF are slightly lower than those of the RO. Comparing the resource usage and metrics of the PicoPUF, ring oscillator PUF and some existing memory-based PUF implementations, PicoPUF stands out as a lightweight FPGA-based weak PUF design. The raw data for the PicoPUF design are made publicly available to enable the research community to use them for benchmarking and/or validation.

Leakage free helper data storage in microcontroller based PUF implementation

Physical Unclonable Function (PUF) generates a unique identifier of a device, based on variations during a manufacturing process. Such identifier is difficult to predict or clone. It is used usually as a cipher key. Its weakness is, in general, a high sensitivity to changes in environmental conditions. In order to ensure stability, post-processing methods with error correction codes are usually applied. Unfortunately, these methods reveal, in many cases, sensitive data. We present a novel way to apply error correction code for the PUF. It is called Code Word Masking construction. This construction allows to generate PUF response in more secure way. Helper data are formed just by properly selecting PUF response bits. Therefore, helper data do not leak sensitive information. The selection is performed according to code words of the error correction code used. The method can be used for any type of weak PUF and many types of error correction codes. The error correction capability of the construction depends only on the capability of the error correction code. We describe this construction, and present an example of the PUF implementation based on the non-initialized values of the static random access memory using a 32-bit microcontroller. The implementation is more secure and has lower entropy loss compared to existing solutions. The reliability of the solution was proved through measurements under various environmental conditions. The implementation is improved by identifying and excluding the unreliable (’dark’) bits.

Design, Analysis and Application of Embedded Resistive RAM Based Strong Arbiter PUF

Resistive Random Access Memory (RRAM) based Physical Unclonable Function (PUF) designs exploit either the probabilistic switching or the resistance variability during forming, SET and RESET processes of RRAM. Memory PUFs using RRAM are typically weak PUFs due to fewer number of challenge response pairs. We propose a strong arbiter PUF based on 1T-1R bit cell which is designed from conventional RRAM memory array with minimally invasive changes. Conventional voltage sense amplifier is repurposed to act like an arbiter and generate the response. Similarly, address and data lines are repurposed to act as challenge and response bits respectively. The PUF is simulated using 65 nm predictive technology models for CMOS and Verilog-A model for a hafnium oxide based RRAM. The proposed PUF architecture is evaluated for uniqueness, uniformity and reliability for various number of stages. It demonstrates mean intra-die Hamming Distance (HD) of 0.135 percent and inter-die HD of 51.4 percent, and passes the NIST tests. We study the vulnerability of proposed PUF to machine learning attacks. We also present an application of proposed PUF for data attestation in the internet of things. Proposed PUF-based data attestation consumes 9.88pJ of total energy per data block of 64-bits and offers a speed of 120.7 kbps.

Unified Analog PUF and TRNG Based on Current-Steering DAC and VCO

This work presents a unified weak physical unclonable function (PUF) and a true random number generator (TRNG) based on the current-steering digital-to-analog converter (DAC) and ring voltage-controlled oscillator (VCO). Entropy source for the weak PUF is the mismatch between NMOS and PMOS transistors in a cascode current DAC as well as the mismatch between VCO quantizers, while entropy source for the TRNG is thermal noise in the DAC and VCO and clock jitter. Instead of using spatial entropy sources for the PUF, i.e., multiple unit PUF elements, the proposed architecture utilizes temporal entropy source by capturing the output of unit PUF element over multiple cycles, which reduces area significantly. A unified PUF/TRNG prototype is fabricated in 65-nm CMOS and consumes 0.36 pJ/bit at a throughput of 100 Mb/s. The PUF has a measured intra-HD of 0.0906 and inter-HD of 0.4859, while the raw TRNG bitstream has an entropy of 0.9991 and passes all the NIST statistical randomness tests.

A 108 F2/Bit Fully Reconfigurable RRAM PUF Based on Truly Random Dynamic Entropy of Jitter Noise

In this paper, we present a fully reconfigurable resistive random access memory (RRAM) physical unclonable function (PUF) based on the truly random dynamic entropy of the ubiquitous jitter noise, which is intrinsically different from most previously demonstrated PUF implementations with semiconductor fabrication’s process variation as the static entropy source. In addition, the proposed RRAM PUF is operated by configuring the mainstream RRAM cells to either high resistance state (for ‘1’) or low resistance state (for ‘0’), according to the customized ring oscillator (RO) true random number generator’s digital output that is determined by the random jitter noise. By completely removing the need of dedicated split resistance circuitry (SRC) in existing RRAM PUFs, the proposed implementation is fully compatible with the SET/RESET operations of the RRAM array for mainstream memory applications, leading to minimized design overhead and enhanced reliability without SRC-caused error bits. Fabricated using 130 nm standard complementary-metal-oxide-semiconductor (CMOS) process plus post-processing dedicated to the RRAM devices, the proposed RRAM PUF cell features an ultra-compact footprint of $1.82~\mu \text{m}^{2}$ (i.e., 108 $F^{2}$ ), which is capable of generating ~107 PUF bits per cell due to the time-variant property of jitter noise and the full reconfigurability of the RRAM PUF. This significantly innovates all the previous weak PUF implementations based on the static entropy source of process variation, where the maximum bit number per PUF cell is always limited and fixed after the chip fabrication. Meanwhile, ultra-low native unstable bits of 0.28% and bit error rate (BER) per 10°C of 0.03% can be achieved for the fabricated RRAM PUF. Moreover, by passing the widely-adopted bias test, National Institute of Standards and Technology (NIST) test and autocorrelation function (ACF) test under various VT conditions, the true randomness of the customized RO TRNG’ dynamic entropy is validated using 65 nm standard CMOS process. Compared with the state-of-the-art weak PUF implementations, the native unstable bits is improved by $5.36\times $ and the BER per 10°C is improved by $4\times $ , even under the widest operating temperature range from −50°C to 150°C.