aung24data

Abstract

Today’s device authentications in IoT devices use public and private key cryptography. Nevertheless, they are still vulnerable to threats because keys or device IDs digitally stored in IoT devices can be stolen or cloned. In contrast, SRAM PUFs utilize physical variations in memory cells of embedded SRAM in microcontrollers or standalone SRAM chips. These inherent physical characteristics are unpredictable and practically impossible to duplicate. They are negligible to affect regular SRAM operation but large enough to be used for authentication purposes in SRAM PUFs operation. However, SRAM PUFs have poor stability and a relatively high bit error rate (BER). Temporal Majority Voting (TMV) and other error correction codes (ECCs) have improved SRAM PUFs performance, but they require a lot of processing time and hardware resources. The data remanence nature of SRAM cells can be utilized to select SRAM PUFs bits with much lower BER and more stable bits, but a suitable algorithm is required to find the best possible power-off time for each type of chip. This paper proposes using the data remanence method and binary search algorithm to obtain the strong SRAM PUFs characteristics of the selected SRAMs at the optimal power-off time. These SRAMs include embedded SRAMs of AtMega328P, STM32F108C, ESP8266 microcontrollers, and an off-the-shelf SRAM chip 23LC1024-I/P, which are being used in various IoT applications. The strong SRAM PUF has more stable characteristics that reduce BER to 0% and increase stability to 99.999%. This proposed method can be utilized on any IoT platform which deals with essential data and requires less resource-hungry security and authentication protocols.

→ (See last note in this page to see the performance of the approach)

Introduction

(Useful and expanded state-of-the-art (however, not very well written))

• (Zhang et al., [20] proposed to use Fin field effect transistor (FinFET) SRAM PUF instead of conventional CMOS SRAM)

• Concisely, SRAM PUFs have relatively high randomness and uniqueness, moderate stability, and repeatability, reasonably low but non-zero bit-error rate. Moreover, all the researchers agreed that they are suitable for security systems after improving such characteristics. This can be done by applying error correction codes, physically modifying the SRAM cells, or using other stable bit selection methods.

• Ram et al., [37] had researched this phenomenon in detail in 2002. They have done several SRAM experiments and their data remanence properties under various temperatures and power-off times. The amount of data retained is greatly affected by the duration of power cut-off and the temperature (????)

• Liu et al., [38] liu17data proposed using the data remanence nature of SRAMs to find the most stable SRAM PUF bits.

Terminology and Performance Metrics

• The response (R) is the function (f) of the challenge (C)

• Performance metrics

  • Error Rate (fractional intra-distance)

  • Uniqueness (fractional inter-distance)

  • Biasness (Fractional Hamming Weight)

  • Randomness (Binary Entropy Function)

  • Stability (ratio between the number of stable bits and the total number of bits)

• Stability, together with the error rate, can determine a PUF stream's reliability and repeatability.

A New Data Remanence Method for SRAM PUF by Utilizing Binary Search

Open

(Experiment Set-up)

• To use the data remanence method for stable bit selection in SRAM PUFs, the duration of the power-on time and the power-off time must be controlled precisely and independently.

• To achieve this, an additional microcontroller is added between the microcontroller under test and the computer for precise timing and power controls. An electronic switch is used instead of an electromechanical relay to get the most precise timing.

• For each T value, 20 iterations have been performed

• Different chips have different values of the power-off time when some of the bits start flipping [38] (liu et al.).

• Since the relationship between the power-off time for SRAMs and the number of flipped bits is almost linear within a specific range, changing the power-off time will be able to control the number of flip bits. ?????????????????? (back to liu17data Figure 5, the relation does not look linear at all , except the mid-time range)

Using the binary search method, this research investigates the power-off time required to obtain 128 bits of strongest 0s and strongest 1s.

Open

The algorithm is then implemented on an Arduino microcontroller to control all the other microcontrollers and SRAM chips under test. To save computation time, a lookup table (LUT) is used for bit counts in individual bytes instead of calculating them for every loop.

Results and Discussion

Experimental Setup and Results Summary

A total of 17 devices consisting of 12 SRAMs that are embedded in microcontroller chips and 5 off-the-shelf SRAM ICs have been tested for the SRAM PUF characteristics in this research.

To test the characteristics under different temperatures, the microcontrollers are placed in air-tight insulating container made of expended polystyrene foam and cooled or heated the whole container from outside.

1. In the first experiment, PUF characteristics are obtained using majority voting. The characteristics include Bit Error Rate (BER), Biasness, Randomness, Uniqueness, and Stability of all the microcontrollers and SRAM chips tested in this research.

2. The second experiment characterized PUF at room temperature (25°C) at different power-off times.

3. The third experiment used a binary search algorithm to find the optimal power-off time to obtain the strong PUF characteristics at room temperature (25°C) and within the temperature range of -15°C to 80°C, which is the recommended operating temperature of the chips being used. .

SRAM PUF Characterization based on Data Remanence

Different microcontrollers behave differently under the same power-off time, but for most microcontrollers, the cells start flipping around 200ms to 300ms.

By utilizing the data remanence, the strongest cells for PUF can be selected. Since they are the strongest cells, they are less likely to make errors and typically much more stable than the weak cells. However, using only the strongest cells will make the biasness and uniqueness of the overall system decline. For the AtMega328P microcontroller, the values are well balanced at the power-off time T of around 300ms.

Optimal Power-off Duration Time for Strong Bits based on Data Remanence

• The power-off duration time where all the well-balanced characteristics differ from chip to chip is called optimal power-off time.

• The optimal power-off time is when half of the ideal number of bits flipped for each of the microcontrollers and SRAM chips.

• The optimal power-off time is different for each of the microcontroller chips. So, we propose to find the optimal power-off time for each of the microcontroller and SRAM chips using binary search.

• The binary search for optimal power-off time is also done under various environmental temperatures ranging from -8^oC to 75^oC.

• Although temperatures above 20^oC have no apparent effect on the optimal power-off time, lower temperatures can drastically increase the optimal power-off time. This is because the SRAMs have a higher tendency to undergo data remanence under lower temperatures and can maintain the data longer without any power [46].

• However, the error rate and the stability are not affected by lower temperatures for the strong-1 and strong-0 cells, which are selected using the optimal power-off times.

• As for the stability, all the chips improved significantly, reaching the stability of 100 % except one ESP8266 microcontroller and one 23LC1024 serial SRAM chip, having one unstable bit. They still manage to obtain stability of more than 99.999% during the 100 iterations.

These results showed that the binary search algorithm for finding the optimal power off time could be considered one of the best methods for a stable bit selection process.