Physical unclonable function
||This article may require cleanup to meet Wikipedia's quality standards. (October 2009)|
Physical unclonable function (PUF, sometimes also called Physically unclonable function) is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict. Further, an individual PUF device must be easy to make but practically impossible to duplicate, even given the exact manufacturing process that produced it. In this respect it is the hardware analog of a one-way function. Most PUFs are noisy and therefore do not achieve the requirements for a function.
- 1 History
- 2 Concept
- 3 Types of PUFs
- 3.1 PUFs using explicitly-introduced randomness
- 3.2 PUFs using intrinsic randomness
- 4 Error correction
- 5 Attacks on PUFs
- 6 See also
- 7 References
- 8 External links
Early references that exploit the physical properties of disordered systems for authentication purposes date back to Bauder in 1983 and Simmons in 1984. Naccache and Frémanteau provided an authentication scheme in 1992 for memory cards. The terms POWF (physical one-way function) and PUF (physical unclonable function) were coined in 2001 and 2002, the latter publication describing the first integrated PUF where unlike PUFs based on optics, the measurement circuitry and the PUF are integrated onto the same electrical circuit (and fabricated on silicon).
Rather than embodying a single cryptographic key, PUFs implement challenge–response authentication. When a physical stimulus is applied to the structure, it reacts in an unpredictable (but repeatable) way due to the complex interaction of the stimulus with the physical microstructure of the device. This exact microstructure depends on physical factors introduced during manufacture which are unpredictable (like a fair coin). The applied stimulus is called the challenge, and the reaction of the PUF is called the response. A specific challenge and its corresponding response together form a challenge–response pair or CRP. The device's identity is established by the properties of the microstructure itself. As this structure is not directly revealed by the challenge-response mechanism such a device is resistant to spoofing attacks.
PUFs can be implemented with a very small hardware investment. Unlike a ROM containing a table of responses to all possible challenges, which would require hardware exponential in the number of challenge bits, a PUF can be constructed in hardware proportional to the number of challenge and response bits.
Unclonability means that each PUF device has a unique and unpredictable way of mapping challenges to responses, even if it was manufactured with the same process as a similar device, and it is infeasible to construct a PUF with the same challenge–response behavior as another given PUF because exact control over the manufacturing process is infeasible. Mathematical unclonability means that it should be very hard to compute an unknown response given the other CRPs or some of the properties of the random components from a PUF. This is because a response is created by a complex interaction of the challenge with many or all of the random components. In other words, given the design of the PUF system, without knowing all of the physical properties of the random components, the CRPs are highly unpredictable. The combination of physical and mathematical unclonability renders a PUF truly unclonable.
Different sources of physical randomness can be used in PUFs. A distinction is made between PUFs in which physical randomness is explicitly introduced and PUFs that use randomness that is intrinsically present in a physical system.
Types of PUFs
All PUFs are subject to environmental variations such as temperature, supply voltage and Electromagnetic interference, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.
PUFs using explicitly-introduced randomness
This type of PUF can have a much greater ability to distinguish devices from one another and have minimal environmental variations compared to PUFs that utilize intrinsic randomness. This is due to the use of different underlying principles and the ability for parameters to be directly controlled and optimized.
An optical PUF which was termed POWF consists of a transparent material that is doped with light scattering particles. When a laser beam shines on the material, a random and unique speckle pattern will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise. We say the optical PUF is practically unclonable.
A coating PUF can be built in the top layer of an IC. Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric particles. Because of the random placement, size and dielectric strength of the particles, the capacitance between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove (a part of) the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. It was shown how an unclonable RFID tag is built with coating PUFs.
PUFs using intrinsic randomness
Unlike PUFs that utilize explicitly-introduced randomness, PUFs using intrinsic randomness are highly attractive because they can be included in a design without modifications to the manufacturing process.
A delay PUF exploits the random variations in delays of wires and gates on silicon. Given an input challenge, a race condition is set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.
A PUF based on a delay loop, i.e., a ring oscillator with logic, in the publication that introduced the PUF acronym and the first integrated PUF of any type. A multiplexor-based PUF has been described, as has a secure processor design using a PUF and a multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications.
These PUFs are present in all ICs having SRAM memory on board. Several research papers explore SRAM-based PUF technology on topics such as behavior, implementation, or application for anti-counterfeiting purposes. Several of these further permit the implementation of secure secret key storage without storing the key in digital form.
There are also a number of issued patents pertaining to SRAM-based chip identification for various circuit themes. Some SRAM-based security systems in the 2000s refer to "chip identification" rather than the more standard term of "PUF." The research community and industry have now largely embraced the term PUF to describe this space of technology.
The Butterfly PUF is based on cross-coupling of two latches or flip-flops. The mechanism being used in this PUF is similar to the one behind the SRAM PUF but has the advantage that it can be implemented on any SRAM FPGA.
Bistable ring PUF
The Bistable Ring PUF or BR-PUF was introduced by Q. Chen et al. in. The BR-PUF is based on the idea that a ring of even number of inverters has two possible stable states. By duplicating the inverters and adding multiplexers between stages, it is possible to generate exponentially large number of challenge-response pairs from the BR-PUF.
A magnetic PUF exists on a magnetic stripe card. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer. The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.
When the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. In fact, using a standard size card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million. Further, because the PUF is magnetic, we know that each card will carry a distinctive, repeatable and readable magnetic signal.
Personalizing the Magnetic PUF
The personal data encoded on the magnetic stripe contributes another layer of randomness. When the card is encoded with personal identifying information, the odds of two encoded magstripe cards having an identical magnetic signature are approximately 1 in 10 Billion. The encoded data can be used as a marker to locate significant elements of the PUF. This signature can be digitized and is generally called a magnetic fingerprint. An example of its use is in the Magneprint brand system.
Stimulating the Magnetic PUF
The magnetic head acts as a stimulus on the PUF and amplifies the random magnetic signal. Because of the complex interaction of the magnetic head, influenced by speed, pressure, direction and acceleration, with the random components of the PUF, each swipe of the head over the magnetic PUF will yield a stochastic, but very distinctive signal. Think of it as a song with thousands of notes. The odds of the same notes recurring in an exact pattern from a single card swiped many times are 1 in 100 million, but overall the melody remains very recognizable.
Uses for a Magnetic PUF
The stochastic behavior of the PUF in concert with the stimulus of the head makes the magnetic stripe card an excellent tool for Dynamic Token Authentication, Forensic Identification, Key generation, One-Time Passwords, and Digital Signatures.
Metal Resistance PUF
The metal resistance-based PUF derives its entropy from random physical variations in the metal contacts, vias and wires that define the power grid and interconnect of an IC. There are several important advantages to leveraging random resistance variations in the metal resources of an IC including:
- Temperature and voltage stability: Temperature and voltage (TV) variations represent one of the most significant challenges for PUFs in applications that require re-generation of exactly the same bitstring later in time, e.g., encryption. Metal resistance (unlike transistors) varies linearly with temperature and is independent of voltage. Therefore, metal resistance provides a very high level of robustness to changing environmental conditions.
- Ubiquity: Metal is (currently) the only conducting material on the chip that is layered, effectively enabling high density, and very compact, PUF entropy sources. Advanced processes create 11 or more metal layers on top of the (x,y) plane of the underlying transistors.
- Reliability: The wear-out mechanism for metal is electro-migration, which like TV variations, adversely affects the ability of the PUF to reproduce the same bitstring over time. However, the electro-migration process is well understood and can be completely avoided with proper sizing of the metal wires, vias and contacts. Transistor reliability issues, e.g., NBTI and HCI, on the other hand, are more difficult to mitigate.
- Resiliency: Recent reports have shown that transistor-based PUFs, in particular the SRAM PUF, are subject to cloning. Metal resistance PUFs are not subject to these types of cloning attacks due to the high complexity associated with 'trimming' wires in the clone as a means of matching resistances. Moreover, by adding one or more shielding layers in the thicker upper metal layers that overlay the underlying PUF (which is built using the lower metal layers), front-side probing attacks designed to extract the metal resistances for the clone is extremely difficult or impossible.
In different application its important that the output is stable. If the PUF is used for a key in cryptographic purposes its necessary that error correction will be done. In principle there are two basic concepts: Pre-Processing and Post-Processing Error Correction. 
Attacks on PUFs
Proposed PUFs are not necessarily unclonable and many have been successfully attacked in a laboratory environment.
Despite being named "physical unclonable", a research team from Berlin Institute of Technology was able to clone an SRAM PUF within 20 hours using tools readily available in university failure analysis labs. In this work only srams cells of a microcontroller where read out.
From 2010 onwards till 2013, PUF gained attention in the smartcard market as a promising way to provide “silicon fingerprints”, creating cryptographic keys that are unique to individual smartcards. However, university research has shown that delay-based PUF implementations are vulnerable to side channel attacks and recommends that countermeasures be employed in the design to prevent this type of attack. Also, improper implementation of PUF could introduce "backdoors" to an otherwise secure system. In June 2012, Dominik Merli, a scientist at Fraunhofer Research Institution for Applied and Integrated Security (AISEC) further claimed that PUF introduces more entry points for hacking into a cryptographic system and that further investigation into the vulnerabilities of PUFs is required before PUFs can be used in practical security-related applications. The presented attacks are all on PUFs implemented in insecure systems (FPGA, SRAM). It is also important to ensure, that the environment is suitable for the needed security level.
- D.W. Bauder, "An anti-counterfeiting concept for currency systems", Research report PTK-11990. Sandia National Labs. Albuquerque, NM, 1983.
- G. Simmons, “A system for verifying user identity and authorization at the point-of sale or access,” Cryptologia, vol. 8, no. 1, pp. 1–21, 1984.
- G. Simmons, “Identification of data, devices, documents and individuals,” in IEEE International Carnahan Conference on Security Technology, 1991, pp. 197–218.
- David Naccache and Patrice Frémanteau, Unforgeable identification device, identification device reader and method of identification, August 1992.
- R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld. Physical one-way functions. Science, 297(5589):2026–2030, Sep 2002. http://dx.doi.org/10.1126/science.1074376.
- B. Gassend, D. Clarke, M. van Dijk and S. Devadas. Silicon Physical Random Functions. Proceedings of the Computer and Communications Security Conference, November 2002
- R. Pappu, "Physical One-Way Functions", PhD Thesis, MIT, 2001. Physical One-Way Functions.
- R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld. Physical One-Way functions. Science, 297(5589):2026–2030, Sep 2002. http://dx.doi.org/10.1126/science.1074376.
- B. Skoric, S. Maubach, T. Kevenaar, and P. Tuyls. Information-theoretic analysis of capacitive physical unclonable functions. J. Appl. Phys., 100(2):024902, Jul 2006. http://dx.doi.org/10.1063/1.2209532
- B. Skoric, G.-J. Schrijen, W. Ophey, R. Wolters, N. Verhaegh, and J. van Geloven. Experimental hardware for coating PUFs and optical PUFs. In P. Tuyls, B. Skoric, and T. Kevenaar, editors, Security with Noisy Data - On Private Biometrics, Secure Key Storage and Anti-Counterfeiting, pages 255-268. Springer London, 2008. http://dx.doi.org/10.1007/978-1-84628-984-2_15
- Pim Tuyls, Geert-Jan Schrijen, Boris Skoric, Jan van Geloven, Nynke Verhaegh and Rob Wolters: "Read-proof hardware from protective coatings", CHES 2006, p 369- 383.
- Pim Tuyls, Lejla Batina. RFID-Tags for Anti-counterfeiting. CT-RSA, 2006, pp:115-131
- D. Lim, J-W. Lee, B. Gassend, M. van Dijk, E. Suh, and S. Devadas. Extracting Secret Keys from Integrated Circuits, IEEE Transactions on VLSI Systems, volume 13, Number 10, pages 1200–1205, October 2005
- G. E. Suh, C. W. O'Donnell, and S. Devadas. Aegis: A Single-Chip secure processor. IEEE Design and Test of Computers, 24(6):570-580, Nov 2007. http://dx.doi.org/10.1109/MDT.2007.179
- S. Devadas, V. Khandelwal, S. Paral, R. Sowell, E. Suh, T. Ziola, Design and Implementation of `Unclonable' RFID ICs for Anti-Counterfeiting and Security Applications, RFID World 2008, March 2008
- Holcomb, Daniel; Wayne Burleson and Kevin Fu (July 2007). "Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags". Proceedings of the Conference on RFID Security (Malaga, Spain).
- Jorge Guajardo, Sandeep S. Kumar, Geert-Jan Schrijen, Pim Tuyls, “FPGA Intrinsic PUFs and Their Use for IP Protection”, Workshop on Cryptographic Hardware and Embedded Systems (CHES), Sep 10-13, 2007, Vienne, Austria
- Jorge Guajardo, Sandeep S. Kumar, Geert-Jan Schrijen, Pim Tuyls, “Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection”, International Conference on Field Programmable Logic and Applications (FPL), Aug 27-29, 2007, Amsterdam, The Netherlands.
- Holcomb, Daniel; Wayne Burleson and Kevin Fu (September 2009). "Power-up SRAM State as an Identifying Fingerprint and Source of True Random Numbers". IEEE Transactions on Computers 58 (9).
- Christoph Böhm, Maximilian Hofer, “Using SRAMs as Physical Unclonable Functions”, Austrochip - Workshop on Microelectronics, Oct 7, 2009, Graz, Austria
- Georgios Selimis, Mario Konijnenburg, Maryam Ashouei, Jos Huisken, Harmke de Groot, Vincent van der Leest, Geert-Jan Schrijen, Marten van Hulst, Pim Tuyls, "Evaluation of 90nm 6T-SRAM as Physical Unclonable Function for secure key generation in wireless sensor nodes", IEEE International Symposium on Circuits and Systems (ISCAS), 2011
- L. Bolotnyy and G. Robins. Physically Unclonable Function-Based security and privacy in RFID systems. In 5th IEEE Int. Conf. on Pervasive Computing and Communications (PERCOM), pages 211-220, Washington, DC, USA, 2007. IEEE Computer Society. http://dx.doi.org/10.1109/PERCOM.2007.26
- Guthery, Scott (January 2009). "Analog physical signature devices and methods and systems for using such devices to secure the use of computer resources". U.S. Patent 7475255.
- Layman, Paul; et al. (May 2004). "Electronic fingerprinting of semiconductor integrated circuits". U.S. Patent 6738294.
- S. Kumar, J. Guajardo, R. Maes, G.J. Schrijen qnd P. Tuyls, The Butterfly PUF: Protecting IP on every FPGA, In IEEE International Workshop on Hardware Oriented Security and Trust, Anaheim 2008.
- Qingqing Chen, Gyorgy Csaba, Paolo Lugli, Ulf Schlichtmann and Ulrich Ruhrmair, The Bistable Ring PUF: A new architecture for strong Physical Unclonable Functions, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST2011), San Diego, CA, USA. http://dx.doi.org/10.1109/HST.2011.5955011
- Magneprint - Electrical Engineers, Physicists Design System to Combat Credit Card Fraud. Aip.org (2005-02-01). Retrieved on 2013-10-30.
- Tony Fitzpatrick, Nov. 11, 2004, "Magneprint technology licensed to TRAX Systems, Inc." http://news-info.wustl.edu/tips/page/normal/4159.html
- Patrick L. Thimangu,January 7, 2005, "Washington U. cashing in with MagnePrint licensing," St. Louis Business Journal http://www.bizjournals.com/stlouis/stories/2005/01/10/story7.html?jst=s_cn_hl
- R. Helinski, D. Acharyya, J. Plusquellic, A Physical Unclonable Function Defined Using Power Distribution System Equivalent Resistance Variations, Design Automation Conference, 2009, pp. 676-681. http://www.ece.unm.edu/~jimp/pubs/dac2009_PUF.pdf
- R. Helinski, D. Acharyya, J. Plusquellic, Quality Metric Evaluation of a Physical Unclonable Function Derived from an IC's Power Distribution System, Design Automation Conference, pp. 240-243, 2010. http://www.ece.unm.edu/~jimp/pubs/dac2010_FINAL.pdf
- J. Ju, R. Chakraborty, R. Rad, J. Plusquellic, Bit String Analysis of Physical Unclonable Functions based on Resistance Variations in Metals and Transistors, Symposium on Hardware-Oriented Security and Trust (HOST), 2012, pp. 13-20. http://www.ece.unm.edu/~jimp/pubs/PG_TG_PUF_ALL_FINAL.pdf
- J. Ju, R. Chakraborty, C. Lamech and J. Plusquellic, Stability Analysis of a Physical Unclonable Function based on Metal Resistance Variations, accepted Symposium on Hardware-Oriented Security and Trust (HOST), 2013. http://www.ece.unm.edu/~jimp/pubs/HOST2013_PGPUF_Temperature_wVDC_FINAL_VERSION.pdf
- Christoph, Boehm (2012). Physical Unclonable Functions in Theory and Practice. Springer.
- C. Bohm, M. Hofer, and W. Pribyl, “A microcontroller sram-puf,” in Network and System Security (NSS), 2011 5th International Conference on, sept. 2011, pp. 269–273.
- Helfmeier, Clemens; Nedospasov, Dmitry; Boit, Christian; Seifert, Jean-Pierre (2013). "Cloning Physically Unclonable Functions". IEEE Hardware Oriented Security and Trust (IEEE HOST 2013). June 2–3, 2013 Austin, TX, USA.
- Clarke, Peter (22 February 2013). "London Calling: Security technology takes time". EE Times. UBM Tech Electronics. Retrieved 1 July 2013.
- "NXP and Intrinsic-ID to raise smart chip security". EE Times (UBM Tech Electronics). 21 January 2010. Retrieved 1 July 2013.
- Merli, Dominik; Schuster, Dieter; Stumpf, Frederic; Sigl, Georg (2011), "Side Channel Analysis of PUFs and Fuzzy Extractors", Trust and Trustworthy Computing. 4th International Conference, TRUST 2011, Pittsburgh, PA, USA, June 22-24, 2011. Proceedings, Lecture Notes in Computer Science 6740, Springer Berlin Heidelberg, pp. 33–47, doi:10.1007/978-3-642-21599-5_3, ISBN 978-3-642-21598-8
- Schuster, Dieter (2010). Side-Channel Analysis of Physical Unclonable Functions (PUFs) (Diploma). Technische Universität München.
- Rührmair, Ulrich; van Dijk, Marten (2013). "PUFs in Security Protocols: Attack Models and Security Evaluations". 2013 IEEE Symposium on Security and Privacy . May 19–22, 2013 San Francisco, CA, USA.
- Katzenbeisser, Stefan; Kocabas, Ünal; Rožic, Vladimir; Sadeghi, Ahmad-Reza; Verbauwhede, Ingrid; Wachsmann, Christian (2012), "PUFs: Myth, Fact or Busted? A Security Evaluation of Physically Unclonable Functions (PUFs) Cast in Silicon", Cryptographic Hardware and Embedded Systems – CHES 2012. 14th International Workshop, Leuven, Belgium, September 9-12, 2012. Proceedings, Lecture Notes in Computer Science 7428, Springer Berlin Heidelberg, pp. 283–301, doi:10.1007/978-3-642-33027-8_17, ISBN 978-3-642-33026-1
- Merli, Dominik (2012). "Hardware Attacks on PUFs". Proceedings AHS2012, NASA/ESA Conference on Adaptive Hardware and Systems. June 25 – 28, 2012 Erlangen, Germany.