Physical unclonable function (PUF), sometimes also called physically unclonable function, is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict.
All PUFs are subject to environmental variations such as temperature, supply voltage and electromagnetic interference, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.
One way to categorise the numerous PUF concepts is by how the source of variation within each PUF is measured. [1] For instance some PUFs examine how the source of uniqueness interacts with, or influences, an electronic signal to derive the signature measurement while others examine the effects on the reflection of incident light, or another optical process. This also typically correlates with the intended application for each PUF concept. As an example, PUFs that probe uniqueness through electronic characterization are most suitable for authenticating electronic circuits or components due to the ease of integration. On the other hand, PUFs that authenticate physical objects tend to probe the PUF using a second process, such as optical or radio frequency methods, that are then converted into electronic signal forming a hybrid measurement system. This allows for easier communication at a distance between the separate physical authenticating tag or object and the evaluating device.
One major way that PUFs are categorized is based on examining from where the randomness or variation of the device is derived. [2] This source of uniqueness is either applied in an explicit manner, through the deliberate addition of extra manufacturing steps, or occurring in an implicit manner, as part of the typical manufacture processes. For example, in the case of electronic PUFs manufactured in CMOS, adding additional CMOS components is possible without introducing extra fabrication steps, and would count as an implicit source of randomness, as would deriving randomness from components that were already part of the design to start with. Adding, for example, a randomized dielectric coating for the sole purpose of PUF fingerprinting would add additional manufacturing steps and would make the PUF concept or implementation fall into the explicit category. Implicit randomness sources show benefit in that they do not have additional costs associated with introducing more manufacturing steps, and that randomness derived from the inherent variation of the device’s typical manufacture process cannot be as directly manipulated. Explicit randomness sources can show benefit in that the source of randomness can be deliberately chosen, for instance to maximize variation (and therefore entropy yield) or increase cloning difficulty (for example harnessing randomness from smaller feature sizes).
In a similar manner to the classification of a PUF by its randomness source, PUF concepts can be divided by whether or not they can evaluate in an intrinsic manner. [3] A PUF is described as intrinsic if its randomness is of implicit origin and can evaluate itself internally. This means that the mechanism for characterizing the PUF is intrinsic to, or embedded within, the evaluating device itself. This property can currently only be held by PUFs of entirely electronic design, as the evaluation processing can only be done through the involvement of electronic circuitry, and therefore can only be inseparable to an electronic randomness probing mechanism. Intrinsic evaluation is beneficial as it can allow this evaluation processing and post-processing (such as error correction or hashing) to occur without having the unprocessed PUF readout exposed externally. This incorporation of the randomness characterization and evaluation processing into one unit reduces the risk of man-in-the-middle and side-channel attacks aimed at the communication between the two areas.
PUF name | Measurement process | Randomness source | Intrinsic evaluation? | Year |
---|---|---|---|---|
Via PUF [4] [5] | Fully Electronic | Implicit | Intrinsic | 2015 |
Delay PUF [6] | 2002 | |||
SRAM PUF [7] | 2007 | |||
Metal resistance PUF [8] | 2009 | |||
Bistable Ring PUF [9] | 2011 | |||
DRAM PUF [10] | 2015 | |||
Digital PUF [11] | 2016 | |||
Oxide Rupture PUF [12] | 2018 | |||
Coating PUF [13] | Explicit | Extrinsic | 2006 | |
Quantum Electronic PUF [14] | 2015 | |||
Optical PUF [15] [16] | Optical | 2002 | ||
Quantum Optical PUF [17] | 2017 | |||
RF PUF [18] | RF | 2002 | ||
Magnetic PUF [19] | Magnetic | Implicit | 1994 |
The Via PUF technology is based on "via" or "contact" formation during the standard CMOS fabrication process. The technology is the outcome of the reverse thinking process. Rather than meeting the design rules, it makes the sizes of Via or Contact be smaller than the requirements in a controlled manner, resulting in unpredictable or stochastic formation of Via or Contact, i.e. 50% probability of making the electrical connection. The technology details are published in 2020 [4] [5] for the first time while the technology is already in mass production in 2015 by ICTK. Few characteristics of Via PUF are followings:
The Via PUF based Hardware RoT (Root of Trust) chips are currently applied in various markets such as telecommunications, appliances, and IoT devices in the forms of Wifi/BLE modules, smart door locks, IP cameras, IR sensor hub, etc. The technology supports the security functionalities such as anti-counterfeiting, secure boot, secure firmware copy protection, secure firmware update and secure data integrity.
A delay PUF exploits the random variations in delays of wires and gates on silicon. Given an input challenge, a race condition is set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.
A PUF based on a delay loop, i.e., a ring oscillator with logic, in the publication that introduced the PUF acronym and the first integrated PUF of any type. [6] A multiplexor-based PUF has been described, [20] as has a secure processor design using a PUF [21] and a multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications. [22]
These PUFs use the randomness in the power-up behavior of standard static random-access memory on a chip as a PUF. The use of SRAM as a PUF was introduced in 2007 simultaneously by researchers at the Philips High Tech Campus and at the University of Massachusetts. [7] [23] [24] Since the SRAM PUF can be connected directly to standard digital circuitry embedded on the same chip, they can be immediately deployed as a hardware block in cryptographic implementations, making them of particular interest for security solutions. SRAM-based PUF technology has been investigated extensively. Several research papers explore SRAM-based PUF technology on topics such as behavior, implementation, or application for anti-counterfeiting purposes. [25] [26] Notable is the implementation of secure secret key storage without storing the key in digital form. [24] [26] [27] SRAM PUF-based cryptographic implementations have been commercialized by Intrinsic ID, [28] a spin-out of Philips, and as of 2019, are available on every technology node from 350 nm down to 7 nm.
Due to deep submicron manufacturing process variations, every transistor in an Integrated Circuit (IC) has slightly different physical properties. These lead to small differences in electronic properties, such as transistor threshold voltages and gain factor. The start-up behavior of an SRAM cell depends on the difference of the threshold voltages of its transistors and other transistor parameters. An SRAM cell has two stable states, which normally represent the zero and one logical states. If the transistors of an SRAM cell were identical, the cell will be perfectly balanced and it will randomly start into one of the two stable states. However, even the smallest differences between transistor parameters will create a cell imbalance and will push the SRAM cell into one of the two stable states with a higher probability than the other state. [29] Given that most SRAM cells have its own preferred state every time they are powered, from an SRAM array of cells a unique and random pattern of zeros and ones can be obtained. This pattern is like a chip’s fingerprint, since it is unique to a particular SRAM and hence to a particular chip.
SRAM PUF response is a noisy fingerprint since a small number of the cells, close to equilibrium is unstable. In order to use SRAM PUF reliably as a unique identifier or to extract cryptographic keys, post-processing is required. [30] This can be done by applying error correction techniques, such as ‘helper data algorithms’ [31] or fuzzy extractors. [32] These algorithms perform two main functions: error correction and privacy amplification. This approach allows a device to create a strong device-unique secret key from the SRAM PUF and power down with no secret key present. By using helper data, the exact same key can be regenerated from the SRAM PUF when needed.
An operational IC slowly but gradually changes over time, i.e. it ages. The dominant aging effect in modern ICs that at the same time has a large impact on the noisy behavior of the SRAM PUF is NBTI. Since the NBTI is well understood, there are several ways to counteract the aging tendency. Anti-aging strategies have been developed that cause SRAM PUF to become more reliable over time, without degrading the other PUF quality measures such as security and efficiency. [33]
SRAM PUFs were initially used in applications with high security requirements, such as in defense, to protect sensitive government and military systems, and in the banking industry, to secure payment systems and financial transactions. In 2010, NXP started using SRAM PUF technology to secure SmartMX-powered assets against cloning, tampering, theft-of-service and reverse engineering. [34] Since 2011, Microsemi is offering SRAM PUF implementations to add security to secure government and sensitive commercial applications on the company's flash-based devices and development boards. [35] More recent applications include: a secure sensor-based authentication system for the IoT, [36] incorporation in RISC-V-based IoT application processors to secure intelligent, battery-operated sensing devices at the edge, [37] and the replacement of traditional OTP-plus-key-injection approaches to IoT security in high-volume, low-power microcontrollers and crossover processors. [38]
Some SRAM-based security systems in the 2000s refer to "chip identification" rather than the more standard term of "PUF." The research community and industry have now largely embraced the term PUF to describe this space of technology.[ citation needed ]
The Butterfly PUF is based on cross-coupling of two latches or flip-flops. [39] The mechanism being used in this PUF is similar to the one behind the SRAM PUF but has the advantage that it can be implemented on any SRAM FPGA.
The metal resistance-based PUF derives its entropy from random physical variations in the metal contacts, vias and wires that define the power grid and interconnect of an IC. [8] [40] [41] [42] There are several important advantages to leveraging random resistance variations in the metal resources of an IC including:
The Bistable Ring PUF or BR-PUF was introduced by Q. Chen et al. in. [9] [43] The BR-PUF is based on the idea that a ring of even number of inverters has two possible stable states. By duplicating the inverters and adding multiplexers between stages, it is possible to generate exponentially large number of challenge-response pairs from the BR-PUF.
Since many computer systems have some form of DRAM on board, DRAMs can be used as an effective system-level PUF. DRAM is also much cheaper than static RAM (SRAM). Thus, DRAM PUFs could be a source of random but reliable data for generating board identifications (chip ID). The advantage of the DRAM PUF is based on the fact that the stand-alone DRAM already present in a system on a chip can be used for generating device-specific signatures without requiring any additional circuitry or hardware. Tehranipoor et al. [10] presented the first DRAM PUF that uses the randomness in the power-up behavior of DRAM cells. Other types of DRAM PUFs include ones based on the data retention of DRAM cells, [44] and on the effects of changing the write and read latency times used in DRAMs. [45] [46]
Digital PUF [11] overcomes the vulnerability issues in conventional analog silicon PUFs. Unlike the analog PUFs where the fingerprints come from transistors' intrinsic process variation natures, the fingerprints of digital circuit PUFs are extracted from the VLSI interconnect geometrical randomness induced by lithography variations. Such interconnection uncertainty however is incompatible to CMOS VLSI circuits due to issues like short circuit, floating gate voltages etc. for transistors. One solution is to use strongly skewed latches to ensure the stable operating state of each CMOS transistor hence ensuring the circuit itself is immune against environmental and operational variations.
Oxide rupture PUF [12] is a type of PUF benefiting from randomness obtained from inhomogeneous natural gate oxide properties occurring in IC manufacturing process. Along with the truly random, un-predictable and highly stable properties, which is the most ideal source for physical unclonable function. IC design houses can strongly enhance security level by implementing oxide rupture PUF in its IC design, without concerns about the reliability and life time issue and can get rid of the additional costs from complicated ECC (Error Correction Code) circuits. Oxide rupture PUF can extract uniformly-distributed binary bits through amplification and self-feedback mechanism, the random bits are activated upon enrollment, and due to a large entropy bit pool, users are provided the desired flexibility to choose their own key-generation and management approaches. Security level can be upgraded by oxide rupture PUF's intrinsic truly randomness and invisible features.
A coating PUF [13] [47] [48] can be built in the top layer of an integrated circuit (IC). Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric particles. Because of the random placement, size and dielectric strength of the particles, the capacitance between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove (a part of) the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. It was shown how an unclonable RFID tag is built with coating PUFs. [49]
As the size of a system is reduced below the de Broglie wavelength, the effects of quantum confinement become extremely important. The intrinsic randomness within a quantum confinement PUF originates from the compositional and structural non-uniformities on the atomic level. The physical characteristics are dependent on the effects of quantum mechanics at this scale, whilst the quantum mechanics are dictated by the random atomic structure. Cloning this type of structure is practically impossible due to the large number of atoms involved, the uncontrollable nature of processes on the atomic level and the inability to manipulate atoms reliably.
It has been shown that quantum confinement effects can be used to construct a PUF, in devices known as resonant-tunneling diodes. These devices can be produced in standard semiconductor fabrication processes, facilitating mass-production of many devices in parallel. This type of PUF requires atom-level engineering to clone and is the smallest, highest bit density PUF known to date. Furthermore, this type of PUF could be effectively reset by purposely overbiasing the device to cause a local rearrangement of atoms. [14]
A magnetic PUF exists on a magnetic stripe card. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer. The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.
When the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. Using a standard-sized card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million.[ citation needed ] Further, because the PUF is magnetic, each card will carry a distinctive, repeatable and readable magnetic signal.
An optical PUF which was termed POWF (physical one-way function) [53] [16] consists of a transparent material that is doped with light scattering particles. When a laser beam shines on the material, a random and unique speckle pattern will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise, hence the postulation that it is "unclonable".
Leveraging the same quantum derived difficulty to clone as the Quantum Electronic PUF, a Quantum PUF operating in the optical regime can be devised. Imperfections created during crystal growth or fabrication lead to spatial variations in the bandgap of 2D materials that can be characterized through photoluminescence measurements. It has been shown that an angle-adjustable transmission filter, simple optics and a CCD camera can capture spatially-dependent photoluminescence to produce complex maps of unique information from 2D monolayers. [17]
The digitally modulated data in modern communication circuits are subjected to device-specific unique analog/RF impairments such as frequency error/offset and I-Q imbalance (in the transmitter), and are typically compensated for at the receiver which rejects these non-idealities. RF-PUF, [54] [55] and RF-DNA [56] [57] [58] utilize those existing non-idealities to distinguish among transmitter instances. RF-PUF does not use any additional hardware at the transmitter and can be used as a stand-alone physical-layer security feature, or for multi-factor authentication, in conjunction with network-layer, transport-layer and application-layer security features.
Computer memory stores information, such as data and programs, for immediate use in the computer. The term memory is often synonymous with the terms RAM,main memory, or primary storage. Archaic synonyms for main memory include core and store.
Very-large-scale integration (VLSI) is the process of creating an integrated circuit (IC) by combining millions or billions of MOS transistors onto a single chip. VLSI began in the 1970s when MOS integrated circuit chips were developed and then widely adopted, enabling complex semiconductor and telecommunications technologies. The microprocessor and memory chips are VLSI devices.
Complementary metal–oxide–semiconductor is a type of metal–oxide–semiconductor field-effect transistor (MOSFET) fabrication process that uses complementary and symmetrical pairs of p-type and n-type MOSFETs for logic functions. CMOS technology is used for constructing integrated circuit (IC) chips, including microprocessors, microcontrollers, memory chips, and other digital logic circuits. CMOS technology is also used for analog circuits such as image sensors, data converters, RF circuits, and highly integrated transceivers for many types of communication.
Static random-access memory is a type of random-access memory (RAM) that uses latching circuitry (flip-flop) to store each bit. SRAM is volatile memory; data is lost when power is removed.
Dynamic random-access memory is a type of random-access semiconductor memory that stores each bit of data in a memory cell, usually consisting of a tiny capacitor and a transistor, both typically based on metal–oxide–semiconductor (MOS) technology. While most DRAM memory cell designs use a capacitor and transistor, some only use two transistors. In the designs where a capacitor is used, the capacitor can either be charged or discharged; these two states are taken to represent the two values of a bit, conventionally called 0 and 1. The electric charge on the capacitors gradually leaks away; without intervention the data on the capacitor would soon be lost. To prevent this, DRAM requires an external memory refresh circuit which periodically rewrites the data in the capacitors, restoring them to their original charge. This refresh process is the defining characteristic of dynamic random-access memory, in contrast to static random-access memory (SRAM) which does not require data to be refreshed. Unlike flash memory, DRAM is volatile memory, since it loses its data quickly when power is removed. However, DRAM does exhibit limited data remanence.
An application-specific integrated circuit is an integrated circuit (IC) chip customized for a particular use, rather than intended for general-purpose use, such as a chip designed to run in a digital voice recorder or a high-efficiency video codec. Application-specific standard product chips are intermediate between ASICs and industry standard integrated circuits like the 7400 series or the 4000 series. ASIC chips are typically fabricated using metal–oxide–semiconductor (MOS) technology, as MOS integrated circuit chips.
Magnetoresistive random-access memory (MRAM) is a type of non-volatile random-access memory which stores data in magnetic domains. Developed in the mid-1980s, proponents have argued that magnetoresistive RAM will eventually surpass competing technologies to become a dominant or even universal memory. Currently, memory technologies in use such as flash RAM and DRAM have practical advantages that have so far kept MRAM in a niche role in the market.
Reading is an action performed by computers, to acquire data from a source and place it into their volatile memory for processing. Computers may read information from a variety of sources, such as magnetic storage, the Internet, or audio and video input ports. Reading is one of the core functions of a Turing machine.
Semiconductor memory is a digital electronic semiconductor device used for digital data storage, such as computer memory. It typically refers to devices in which data is stored within metal–oxide–semiconductor (MOS) memory cells on a silicon integrated circuit memory chip. There are numerous different types using different semiconductor technologies. The two main types of random-access memory (RAM) are static RAM (SRAM), which uses several transistors per memory cell, and dynamic RAM (DRAM), which uses a transistor and a MOS capacitor per cell. Non-volatile memory uses floating-gate memory cells, which consist of a single floating-gate transistor per cell.
Ferroelectric RAM is a random-access memory similar in construction to DRAM but using a ferroelectric layer instead of a dielectric layer to achieve non-volatility. FeRAM is one of a growing number of alternative non-volatile random-access memory technologies that offer the same functionality as flash memory. An FeRAM chip contains a thin film of ferroelectric material, often lead zirconate titanate, commonly referred to as PZT. The atoms in the PZT layer change polarity in an electric field, thereby producing a power-efficient binary switch. However, the most important aspect of the PZT is that it is not affected by power disruption or magnetic interference, making FeRAM a reliable nonvolatile memory.
Integrated circuit design, semiconductor design, chip design or IC design, is a sub-field of electronics engineering, encompassing the particular logic and circuit design techniques required to design integrated circuits, or ICs. ICs consist of miniaturized electronic components built into an electrical network on a monolithic semiconductor substrate by photolithography.
Memory refresh is a process of periodically reading information from an area of computer memory and immediately rewriting the read information to the same area without modification, for the purpose of preserving the information. Memory refresh is a background maintenance process required during the operation of semiconductor dynamic random-access memory (DRAM), the most widely used type of computer memory, and in fact is the defining characteristic of this class of memory.
A physical unclonable function, or PUF, is a physical object whose operation cannot be reproduced ("cloned") in physical way, that for a given input and conditions (challenge), provides a physically defined "digital fingerprint" output (response). that serves as a unique identifier, most often for a semiconductor device such as a microprocessor. PUFs are often based on unique physical variations occurring naturally during semiconductor manufacturing. A PUF is a physical entity embodied in a physical structure. PUFs are implemented in integrated circuits, including FPGAs, and can be used in applications with high-security requirements, more specifically cryptography, Internet of Things (IOT) devices and privacy protection.
A three-dimensional integrated circuit is a MOS integrated circuit (IC) manufactured by stacking as many as 16 or more ICs and interconnecting them vertically using, for instance, through-silicon vias (TSVs) or Cu-Cu connections, so that they behave as a single device to achieve performance improvements at reduced power and smaller footprint than conventional two dimensional processes. The 3D IC is one of several 3D integration schemes that exploit the z-direction to achieve electrical performance benefits in microelectronics and nanoelectronics.
Read-only memory (ROM) is a type of non-volatile memory used in computers and other electronic devices. Data stored in ROM cannot be electronically modified after the manufacture of the memory device. Read-only memory is useful for storing software that is rarely changed during the life of the system, also known as firmware. Software applications, such as video games, for programmable devices can be distributed as plug-in cartridges containing ROM.
Random-access memory is a form of electronic computer memory that can be read and changed in any order, typically used to store working data and machine code. A random-access memory device allows data items to be read or written in almost the same amount of time irrespective of the physical location of data inside the memory, in contrast with other direct-access data storage media, where the time required to read and write data items varies significantly depending on their physical locations on the recording medium, due to mechanical limitations such as media rotation speeds and arm movement.
A Hardware Trojan (HT) is a malicious modification of the circuitry of an integrated circuit. A hardware Trojan is completely characterized by its physical representation and its behavior. The payload of an HT is the entire activity that the Trojan executes when it is triggered. In general, Trojans try to bypass or disable the security fence of a system: for example, leaking confidential information by radio emission. HTs also could disable, damage or destroy the entire chip or components of it.
The memory cell is the fundamental building block of computer memory. The memory cell is an electronic circuit that stores one bit of binary information and it must be set to store a logic 1 and reset to store a logic 0. Its value is maintained/stored until it is changed by the set/reset process. The value in the memory cell can be accessed by reading it.
Hardware security is a discipline originated from the cryptographic engineering and involves hardware design, access control, secure multi-party computation, secure key storage, ensuring code authenticity, measures to ensure that the supply chain that built the product is secure among other things.
In integrated circuits (ICs), interconnects are structures that connect two or more circuit elements together electrically. The design and layout of interconnects on an IC is vital to its proper function, performance, power efficiency, reliability, and fabrication yield. The material interconnects are made from depends on many factors. Chemical and mechanical compatibility with the semiconductor substrate and the dielectric between the levels of interconnect is necessary, otherwise barrier layers are needed. Suitability for fabrication is also required; some chemistries and processes prevent the integration of materials and unit processes into a larger technology (recipe) for IC fabrication. In fabrication, interconnects are formed during the back-end-of-line after the fabrication of the transistors on the substrate.
{{cite book}}
: CS1 maint: location missing publisher (link)