The paper analyzes and proposes some enhancements of Ring-Oscillators-based Physical Unclonable Functions (PUFs). PUFs are used to extract a unique signature of an integrated circuit in order to authenticate a device and/or to generate a key. We show that designers of RO PUFs implemented in FPGAs need a precise control of placement and routing and an appropriate selection of ROs pairs to get independent bits in the PUF response. We provide a method to identify which comparisons are suitable when selecting pairs of ROs. Dealing with power consumption, we propose a simple improvement that reduces the consumption of the PUF published by Suh et al. in 2007 by up to 96.6%. Last but not least, we point out that ring oscillators significantly influence one another and can even be locked. This questions the reliability of the PUF and should be taken into account during the design. 1. Introduction Security in integrated circuits (ICs) became a very important problem due to high information security requirements. In order to assure authenticity and confidentiality, cryptographic keys are used to encrypt the information. Several solutions were proposed for key generation, each with their upsides and downsides. Confidential keys can be generated using True Random Number Generators (TRNGs) and stored in volatile or nonvolatile memories. Saving the confidential key in a nonvolatile memory inside the device ensures that the key will never be lost and that it will not be disclosed in case of passive attacks. On the other hand, nonvolatile memories are easy targets for invasive attacks [1]. Volatile memories are typical for Field Programmable Gate Arrays (FPGAs). Storing the confidential key in a volatile memory permits to erase the memory contents in case of invasive attack detection. This implies the use of a communication channel to transmit the key after device configuration [1]. Communication channels are usually easy to corrupt and information can be easily intercepted. The confidentiality and authenticity of designs are therefore compromised. A solution is backing up the embedded volatile memory block with a battery. However, it was proved that battery-backed RAMs content can be read after a long period of storage [2–5] even if the memory is not powered any more. Thus, the need of generating secret keys inside the IC became obvious. An alternative to TRNG for key generation is the Physical Unclonable Function (PUF). PUFs are functions that extract a unique signature of an IC, based on randomness during the manufacturing process. This signature can be used as
References
[1]
S. Drimer, “Volatile FPGA design security–a survey,” in IEEE Computer Society Annual Volume, pp. 292–297, 2008.
[2]
R. Anderson and M. Kuhn, “Low cost attacks on tamper resistant devices,” in Security Protocols, pp. 125–136, Springer, 1998.
[3]
R. Anderson and M. Kuhn, “Tamper resistance: a cautionary note,” in 2nd USENIX Workshop on Electronic Commerce, vol. 2, 1996.
[4]
S.P. Skorobogatov, “Semi-invasive attacks-a new approach to hardware security analysis,” Tech. Rep., University of Cambridge, Computer Laboratory, 2005.
[5]
J. A. Halderman, S. D. Schoen, N. Heninger et al., “Lest we remember: cold boot attacks on encryption keys,” in USENIX Security Symposium, P.C. van Oorschot, Ed., pp. 45–60, 2008.
[6]
R. Pappu, Physical one-way functions, Ph.D. thesis, Massachusetts Institute of Technology, 2001.
[7]
R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical one-way functions,” Science, vol. 297, no. 5589, pp. 2026–2030, 2002.
[8]
G. E. Suh and S. Devadas, “Physical unclonable functions for device authentication and secret key generation,” in 44th ACM/IEEE Design Automation Conference (DAC '07), pp. 9–14, June 2007.
[9]
J. Guajardo, S. Kumar, G.J. Schrijen, and P. Tuyls, “FPGA intrinsic PUFs and their use for IP protection,” in Cryptographic Hardware and Embedded Systems (CHES '07), pp. 63–80, 2007.
[10]
S. Kumar, J. Guajardo, R. Maes, G. J. Schrijen, and P. Tuyls, “Extended abstract: the butterfly PUF protecting IP on every FPGA,” in IEEE International Workshop on Hardware-Oriented Security and Trust (HOST '08), pp. 67–70, 2008.
[11]
B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, “Silicon physical random functions,” in Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 148–160, November 2002.
[12]
D. Lim, J. W. Lee, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “Extracting secret keys from integrated circuits,” IEEE Transactions on Very Large Scale Integration, vol. 13, no. 10, pp. 1200–1205, 2005.
[13]
A. Maiti and P. Schaumont, “Improved ring oscillator PUF: an FPGA-friendly secure primitive,” Journal of Cryptology, pp. 1–23, 2010.
[14]
Y. Hori, T. Yoshida, T. Katashita, and A. Satoh, “Quantitative and statistical performance evaluation of arbiter physical unclonable functions on FPGAs,” in International Conference on Reconfigurable Computing and FPGAs, pp. 298–303, 2010.
[15]
C. Costea, F. Bernard, V. Fischer, and R. Fouquet, “Analysis and enhancement of ring oscillators based physical unclonable functions in FPGAs,” in International Conference on Reconfigurable Computing and FPGAs, pp. 262–267, 2010.
[16]
P. Barreto and V. Rijmen, “The Whirlpool hashing function,” in 1st Open NESSIE Workshop, vol. 13, p. 14, Leuven, Belgium, 2000.
[17]
P. Sedcole and P. Y. K. Cheung, “Within-die delay variability in 90nm FPGAs and beyond,” in IEEE International Conference on Field Programmable Technology (FPT '06), pp. 97–104, December 2006.
[18]
V. Fischer, F. Bernard, N. Bochard, and M. Varchola, “Enhancing security of ring oscillator-based RNG implemented in FPGA,” in Proceedings of the Field- Programable Logic and Applications (FPL '08), pp. 245–250, September 2008.
