vaidya20GPIO

Abstract

As the number of IoT devices start to explode, establishing the irrefutable device identity is at the root of
trust. Physically Unclonable Functions (PUFs) are emerging as a significant alternative to the conventional methods to establish the hardware root of trust. The existing research in PUFs has focused on the design of custom circuits for deriving signatures. These signatures are used as security primitive. We design a novel GPIO PUF from GPIOs of COTS microcontrollers. Further, we demonstrate our method with low-cost off-the-shelf Arduino boards and characterize the repeatability and uniqueness of the PUF. Our experimental evaluation proves the robustness of GPIO PUF. We achieved 100% accuracy for the identification of 12 devices on the 12000 measurements collected over the duration of one month. Our evaluation has shown that the GPIO PUF is a promising alternative for generating strong identification which could be used as a primitive for several applications. We further discuss ways to enhance the uniqueness for a larger set of smart devices.

Introduction

• More recently, Physically Unclonable Functions (PUFs) are emerging as an alternative for establishing the hardware root of trust.

• Physically unclonable functions map the inherent random variations due to semi-conductor manufacturing tolerances to derive the identities of individual devices.

• Device identification can be used to detect device cloning

• Custom circuits have been proposed for generating PUFs, like RO-PUFs and Arbiter PUFs, which are some of the widely studied PUFs.

• The embedded systems used in smart devices are typically manufactured by assembling commercially off-the-shelf (COTS) components. Hence, PUFs may be extracted from any or all of these components (i.e. a SRAM PUF extraction is performed from its startup values).

• General Purpose Input Outputs (GPIOs) and the Analog to Digital Converters (ADCs) are generally present even in the low-cost microcontrollers.

• The proposed approach is showed using an Arduino Mega 2560 with an 8-bit ATmega2560 microcontroller.

GPIO PUF Generation

Physically Unclonable Functions (PUFs)

• The physical and material properties of the semiconductor devices differ slightly from one another. This difference leads to variation in electrical characteristics of devices such as operating frequency, threshold voltage, current consumption, etc.

• PUFs should possess two essential properties:

  1. Repeatability: There is some variation in the signature of the device, each time it is queried.

  2. Uniqueness: Each device should generate a signature which is different from the other device.

GPIO PUFs

Open

Block Diagram explaining the scheme for generation of GPIO PUF

• OP1 and OP2 are GPIOs of the microcontroller driven by buffers B1 and B2. These are configured as outputs and driven to logic low.

• These outputs are routed through PCB traces and connected to a differential ADC through analog inputs A1 and A2 and the gain block G.

• The ADC output ADCOUT is measured. R1 and R2 model the PCB trace resistance and other parasitic resistances.

• The output buffers, parasitic resistances, gain and the ADC errors vary slightly from one device to the other, causing the variation in ADCOUT amongst different devices.

• Open

  

• We create 256 such GPIOsignature with different combinations of 32 GPIO pins.

Experimental Setup

• The custom add-on board connects all even-numbered GPIO pins together into a cluster C1 and all odd-numbered GPIO pins together into another cluster C2.

• While C1 is connected to analog pin A0, C2 is connected to analog pin A1 through the add-on board.