Versions Compared

Version Old Version 3 New Version Current
Changes made by

Sara Faour

Sara Faour

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

Title of the paper: Physical Unclonable Functions and Applications: A Tutorial

Available at: https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6823677

...

  • Instead of storing secrets in digital memory, PUFs derive a secret from the physical characteristics of the integrated circuit (IC).

  • This paper will discuss a PUF that uses the innate manufacturing variability of gate delay as a physical characteristic from which one can derive a secret.

  • This approach is advantageous over standard secure digital storage for several reasons:

    • PUF hardware uses simple digital circuits that are easy to fabricate and consume less power and area than EEPROM/RAM solutions with antitamper circuitry.

    • Simple PUF applications do not require expensive cryptographic hardware such as the secure hash algorithm (SHA) or a public/private key encryption algorithm.

    • Any physical attack attempting to extract digital information from the chip, therefore, must do so while the chip is powered on.

    • Invasive attacks are more difficult to execute without modifying the physical characteristics from
      which the secret is derived. Therefore, continually powered active antitamper mechanisms are not required to secure the PUF.

    • Nonvolatile memory is more expensive to manufacture.

Info

A PUF is based on the idea that even though the mask and manufacturing process is the same among different ICs, each IC is actually slightly different due to normal manufacturing variability.

...

  • Strong PUFs have large enough challenge–response space such that an adversary cannot enumerate all CRPs within a certain fixed time (ideally, exponential in the number of challenge bits)

  • a strong PUF can be authenticated directly without using any cryptographic hardware

  • a weak PUF can provide authentication capabilities if the weak PUF is paired with crypto hardware supporting HMAC or similar authentication processes

  • the security models for weak and strong PUFs differ:

    • the output of a weak PUF must be kept private, while a strong PUF’s responses do not have the same restriction.

    • to prevent total enumeration of the strong PUF, one must also consider the readout time of the PUF in conjunction with the number of CRPs.

      • Since a weak PUF provides a secret key, the surrounding digital cryptographic hardware is responsible for limiting access to the weak PUF output.

      • However, the strong PUF does not require the use of additional crypto hardware to provide authentication services, and therefore must itself prevent unauthorized access into its own internal structure.

...

  • Both weak and strong PUFs rely on analog physical properties of the fabricated circuit to derive secret information. Naturally, these analog properties have noise and variability associated with them.

  • The first mechanism to mitigate such effects is to use differential design techniques to cancel out first-order environmental dependencies.

  • Consider the PUF using gate delay.

    • This delay depends on temperature, supply voltage, and other environmental parameters.

    • typical PUFs using this effect will not measure a single gate’s delay, but rather the difference between two identically designed, but distinct gates on a die. In this way, any environmental factor should affect each gate equally.

  • modern PUF designs employ multiple error-correction techniques, improving reliability. However, many of these error-correcting techniques have been shown to leak bits of the secret key.

  • In addition to standard error-correction techniques, PUFs also use soft-decision coding. This coding technique takes advantage of the reliability information of a given response bit to improve error-correction performance.

    • This reliability information can be obtained from repeated PUF response readings in the case of SRAM PUFs,

    • or the magnitude of frequency difference values in the case of ring-oscillator PUFs.

...

  • In addition to arbiter PUFs, the manufacturing variability intrinsic to circuit gate delay can also be used to instantiate a ‘‘ring-oscillator PUF’’. This PUF architecture contains N identically designed ring oscillators.
    Due to the variation in delay of the inverters in the ring oscillator, each will have a slightly different frequency.

  • Due to the variation in delay of the inverters in the ring oscillator, each will have a slightly different frequency. The frequencies of two oscillators are measured and compared to reveal one of the PUF output bits. If there are N oscillators, there are N(N-1)/2 possible pairings. However, the number of output bits is limited due to correlations (if ring oscillator A is faster than B, and B is faster than C, then clearly A is faster than C). For N oscillators, there is a specific ordering of fastest to slowest. If the oscillators are truly identical and manufacturing variation dominates, then each of these N! orderings is equally likely. Therefore, there are a maximum of log(N!) bits that can be extracted from the PUF.

  • Once fabricated, the ring oscillators’ frequency is set, so the output bits of the PUF will always remain constant. → ring-oscillator PUF is a weak PUF

  • Because the ring-oscillator PUF measures differences in gate delay like the arbiter PUF, the ring-oscillator PUF is susceptible to the same set of environmental variations and noise sources. Therefore, error correction will be equally important in this application.

  • One approach that can be taken immediately to mitigate potential errors is to recognize that oscillators that are ‘‘close’’ in frequency have much greater likelihood of causing an output error than oscillators that are ‘‘far apart’’ in frequency.

...

  • Like the SRAM PUF, the ring-oscillator PUF also must correct for noise and environmental factors.

  • The ring-oscillator PUF is inherently a differential measurement (measuring the difference in two identical
    sets of oscillators’ paths). However, it is still susceptible to noise. → the difference is identical because the oscillators are identical, this is not the case for the different oscillators on SCuM

  • In contrast with block codes, IBS, even when used with a second stage traditional (hard-decision) error correction, remains information theoretically secure under a PUF i.i.d. assumption, even for a heavily biased PUF.

  • Like the SRAM PUF, the ring-oscillator PUF relies on downstream cryptographic hardware/software to protect the security of the key that is generated.

  • Many attacks on Ring-Oscillator PUFs can be performed.

...

  1. Model-based PUFs

    1. The server stores a “secret model”, that emulates the PUF challenge-response behavior, instead of storing a large number of CRPs

    2. Such a ‘‘secret model’’ PUF still requires both the ‘‘secure bootstrapping’’ phase as well as the secure storage, as the PUF and authenticating server must ‘‘agree’’ on a secret PUF model.

  2. Timed Authentication and Public Models (referred as PPUF)

    1. The PPUF model is public, and there is no secret information anywhere in the protocol (neither on the device nor the server).

    2. The authentication capability derives solely from the computational difference between the hardware and the model, and the unclonability of the hardware (PPUF model storage must be resistant against tampering or rewriting).

Note

Remark: Nobody could propose a PPUF architecture slower by only a constant factor than the PPUF hardware, but what about generating all the possible CRPs based on the public model and instead of computing the response for each challenge sent we look for the saved challenge and send it (using a fast memory)

New Terms

  • CRP: challenge-response pair

...