3. Outline .
1. Recap
2. Design and implementation of quantum tunneling PUF
3. Experiment results of quantum tunneling PUF
4. PUF-based security applications
5. Conclusion and Outlook
4. Outline .
2. Design and implementation of quantum tunneling PUF
3. Experiment results of quantum tunneling PUF
4. PUF-based security applications
5. Conclusion and Outlook
5. page 5
Recap .
In the previous lectures, we have introduced
▪ The importance of hardware security & root of trust
▪ What is a PUF?
▪ What are the important PUF properties?
▪ The importance of reliability
▪ How to improve reliability?
▪ Intrinsically reliable PUFs based on quantum tunneling
6. page 6
Key Generation Using PUF .
KDF
Device
Secret
Auxiliary Input
(Optional)
Secret
Key
PUF Array
0 1
0 1
0
1
0
0
0
Readout
Interface
▪ Unique device secret can be derived from the PUF array
▪ Secret key can be further derived by sending the device secret into the
key derivation function (KDF)
7. page 7
PUFs need to be intrinsically reliable .
Readout
Interface
Post-
processing
n-bit k-bit
Stabilization
m-bit
▪ Error correction is too costly
– Extra cost on computation resources, storage and latency
▪ Stabilization techniques are insufficient
Costly
Insufficient
8. page 8
Increase mismatches through burn-in .
VT
Percentage
Burn-in
VT
Percentage
For example:
▪ VT of the two transistors originally follow the same distribution
▪ The distribution can be separated by applying burn-in mechanism
9. page 9
Quantum Tunneling PUFs .
“0” “1”
50% 50%
[Chuang, JSSC 2019]
[Wu, ISSCC 2018]
50% 50%
“0” “1”
▪ Only one tunneling path will be generated in two of the NMOS transistors
▪ Reading out the tunneling current of PUF cells → deriving PUF bits
10. Outline .
1. Recap
3. Experiment results of quantum tunneling PUF
4. PUF-based security applications
5. Conclusion and Outlook
12. page 12
The self-limiting mechanism .
▪ Current and voltage are limited by the PMOS selector
▪ Ensuring only one BD (tunneling) spot in a PUF cell
Δ = Vstress - VDS
Vstress
VG VDS
IBD
Reduced stress voltage
→ No breakdown
Limited BD current
→ Only soft-BD
Define saturation current
(current limit)
Vstress
VG
Apply constant voltage stress
Time to
breakdown (tBD)
Chuang, et. al, A Physically Unclonable Function Using Soft Oxide Breakdown Featuring 0% Native BER and 51.8fJ/bit in 40nm CMOS, JSSC 2019
13. page 13
Tunneling spots are untraceable .
▪ Current is conducted through trap-assisted tunneling
‒ Few traps can result in significant current difference
‒ Traps are extremely difficult to locate
▪ Current/power limitation should be applied for physical security
Formation of oxide defects→ untraceable
Metal Gate
Substrate Substrate
Metal Gate
With power
limit
Without
power limit
Substrate
Metal Gate
→ Structural damages may be
created by heat (easier to trace)
14. page 14
UN-PROGRAMMED
Blown
Fuse
PROGRAMMED UN-PROGRAMMED PROGRAMMED
SEM Image of eFuse SEM Image of a Quantum Tunneling PUF
PUF Crypto
Key
eFuse
Program
Crypto
Key
Conventional Key Storage (eFuse) Key Generation using PUF
Resilient to reverse engineering .
15. page 15
PUF array with single-ended readout scheme .
Having two tunneling path is still fine
→Probability < 50ppm
Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
16. page 16
Sense-amplifier design with balanced current .
Sense
Amplifier
Equal current when
sensing “0”/“1”
“0”/“1”
PUF Array
▪ Minimize power difference required for sensing “0” & “1”
▪ Turn off the cell operation after sensing
▪ Prevent power analysis and photoemission attacks
Read 1 Read 0
Unbalanced
Design
Balanced
Design
17. Outline .
1. Recap
2. Design and implementation of quantum tunneling PUF
4. PUF-based security applications
5. Conclusion and Outlook
18. page 18
Nearly ideal uniqueness and reproducibility .
▪ Inter-ID Hamming Distance (HD) follows the ideal distribution
▪ Intra-ID HD is the ideal value: 0 → There is no error
0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0
0.0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1.0
Count
(Normalized)
Hamming Distance (Normalized)
Inter-ID
Ideal
Data
Inter/Intra=∞
μ = 0.499999
σ = 0.031252
Intra-ID
-40~175℃
μ = 0
σ = 0
Information
Bit String Length 256 bits
Total ID Count 16128
Total Bit Count 4128768
Total HD Count 130048128
Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
19. page 19
PUF responses are consistent .
▪ No bit error found across all tested conditions
→ Wide supply voltage range covering the ULP spec
→ Wide temperature range from -40 °C to 175 °C
0.8 1.0 1.2 1.4 2.0 2.4 2.8 3.2
0
1
2
3
Bit
Error
Rate
(ppm)
Supply Voltage (V)
VDD
VDD2
-40 0 40 80 120 160 200
0
1
2
3
Bit
Error
Rate
(ppm)
Temperature (C)
Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
20. page 20
No bit-error caused by aging .
▪ Consistent response during and after the HTOL test
→ Reliability qualification passed
1 10 100
0
1
2
3
Bit
Error
Rate
(ppm)
Challenge-Response-Pair (#)
0 100 1000
0
1
2
3
Bit
Error
Rate
(ppm)
Aging Time (hrs)
HTOL Burn-In:
VDD = 1.7V
VDD2 = 3.5V
Temp. = 125℃
Post Burn-in
VDD = 1.7V
VDD2 = 3.5V
Temp. = 125℃
Samples: TT*77
Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
21. page 21
Testing randomness within a chip .
▪ Resulting hamming weight is within statistical boundaries
▪ Smaller sample size results in wider deviations
“1” bit counts
bit-string lengths
HW =
512-bit 128-bit
σ 0.02137 0.04293
50% − 2𝜎 45.7% 41.4%
50% + 2𝜎 54.3% 58.6%
Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
23. page 23
Good randomness across platform .
▪ NeoPUF shows generic compatibility of device corners, cross-fabs,
and technology nodes
Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
24. page 24
Randomness checked by statistical tests .
▪ Proposed PUF has passed all the tests in NIST800-22 test suite
– Data is accumulated from all samples (TT/FF/SS/SF/FS/OX+/OX-)
# Test Name
Stream
Length
No.
of Runs
Min.
Pass (%)
Average
P-value
Pass?
1 Frequency 40000 75 97.33 0.4999 Pass
2 BlockFrequency 40000 75 100 0.5067 Pass
3 CumulativeSum Forward 40000 75 98.67 0.5084 Pass
4 CumulativeSums Reverse 40000 75 98.67 0.4946 Pass
5 Runs 40000 75 100 0.5384 Pass
6 LongestRun 40000 75 100 0.4783 Pass
7 Rank 40000 75 97.33 0.4568 Pass
8 FFT 40000 75 97.33 0.5142 Pass
9 NonOverlapping Template
40000
(m=9)
75 94.67 0.5060 Pass
10 Overlapping Template
40000
(m=9)
75 100 0.4498 Pass
11 Universal 1000000 3 100 0.6428 Pass
12 ApproximateEntropy
40000
(m=10)
75 100 0.4245 Pass
13 RandomExcursions 1000000 3 100 0.5701 Pass
14 RandomExcursions Variant 1000000 3 100 0.4801 Pass
15 Serial
40000
(m=16)
75 100 0.5387 Pass
16 LinearComplexity 1000000 3 100 0.7000 Pass
25. page 25
Min-Entropy Analysis .
▪ NeoPUF bits are independent and identically distributed (IID)
random variables
– Passed the IID test in NIST SP800-90B
– Entropy can be estimated as an IID random variable
▪ NeoPUF data are collected across platform
– S55LL/T22ULP/T55ULP/T7FF/T55EF/U55EF
SP800-90b IID test SP800-22
Pass Pass
Min-entropy (IID) ~0.9869
Bitmap from all data
26. Outline .
1. Recap
2. Design and implementation of quantum tunneling PUF
3. Experiment results of quantum tunneling PUF
5. Conclusion and Outlook
27. page 27
Device A
▪ How to ensure this key is unique?
→ Keys need to be securely provisioned
▪ How to ensure this key cannot be stolen?
→ Keys should be kept in a Root-of-Trust
A unique key must be
securely stored in the
hardware
Resilient
to attacks
Device B
Different
The Needs of Root of Trust in Silicon .
28. page 28
Root of Trust
Core Processor
Crypto
Coprocessor
DRAM
Controller
SRAM ROM
Main Bus
SoC
A Root of Trust (RoT) stores and manages the most sensitive digital assets
What is a Root of Trust ?
29. page 29
▪ Support comprehensive crypto
algorithms with high-speed extension
PUF-based Crypto Coprocessor (PUFcc)
CPU Core
APB AXI / AHB
PUFcc TRNG / UID / HUK
Anti-Tamper
Anti-fuse OTP + PUF
Crypto
DMA
SQC
▪ Unique key generated by PUF
▪ Secure key storage protected by PUF
PUF-based Root of Trust (PUFrt)
APB1
APB2
CPU Core
Secure
Sub-system
(Cryptos)
PUFrt HUK
TRNG
OTP
PUF-based Security IPs .
30. page 30
▪ Inborn ID provides better security and cost-efficiency
▪ An ID is strictly kept inside the chip and leaves no trace elsewhere
Key Injection Secure Element PUF-based RoT
Costly
Stolen/Leaked
Enroll Inborn
IDs (keys)
Key-Gen.
commands
Costly
SE
SE
Benefits of a PUF-based Root of Trust .
31. page 31
Key Gen.
PUF
Auxiliary Info.
(optional)
Public Key
Private Key
PUF-based
Key-Pair
Registered as (part of)
the public device ID
Kept secret
for signing
PUF-based Key-pair for Device Identification .
32. page 32
PUF-based Key Wrapping .
• Storing keys in memory is vulnerable to physical attacks
• Keys can be wrapped before storing at insecure memory blocks
Key Gen. Key Wrapper
NVM/
RAM
Insecure Zone
Secure Zone
KEK
33. page 33
NOR
Real-time execution
enabled by high-speed
AES-XTS extension
Extended Secure Enclave
▪ Supports direct execution of
encrypted code and data
stored in external NOR Flash
▪ Keys are securely generated or
protected using PUF and
secure OTP in PUFrt
PUFxip XiP-XTS
TRNG
Anti-Tamper
Anti-fuse OTP + PUF
Hash
AES
ECC
DMA (AHB/AXI)
APB Interface
SQC KWP KDF
Execute In Place for External NOR Flash .
34. page 34
AI SoC
NAND
AI Assets
Global Encryption to Local Encryption
▪ Assets like AI model or firmware
are encrypted and signed before
programming
▪ Assets will be re-encrypted using
local key to prevent NAND Flash
tampering
▪ Authenticated Encryption
supported by GCM
Factory/OTA
PUFenc GCM
TRNG
Anti-Tamper
Anti-fuse OTP + PUF
Hash
AES
ECC
DMA (AHB/AXI)
APB Interface
SQC KWP KDF
Extended Secure Enclave
Protecting Assets in NAND Flash .
36. page 36
Device
PUF-based
Root of Trust
Owner
Onboarding
Service
Management
Service
Sign
Sign
Ownership voucher
(from supply chain)
Rendezvous
Server
TO2 Protocol
z
PUF-based Device Attestation Key
Public-key
Registered
Included in OV
Example: FIDO Device Onboard
Support Zero Touch Device Onboard .
37. page 37
FW
Counterfeit
device works
FW
Stolen
FW FW
Can
decrypt
Cannot
decrypt
Counterfeit
device does
not work
PUF
Reverse and
Reproduce
Genuine Chip Counterfeit Chip
Impossible to
Reverse
No
PUF
▪ Anti-reverse property of PUF
prevents counterfeit chips
▪ Firmware encryption using PUF-key
prevents counterfeit devices
Stolen
Defense Against Counterfeiting .
38. page 38
▪ The activation code (AC) is uniquely paired to the DeID key
→ Cloning the AC to another chip renders it unusable
FP Activation
@CP/FT
Chip Activation
@Module
Activation
Skipped
IP
CPU
RAM
PUF RoT
IP
CPU
RAM
IP
CPU
RAM
AC
Unique Pair
IP
CPU
RAM
Chip with FP
and
A.C → Activate
Chip without FP
or
A.C → Inactivate
Limiting Overproduction .
39. Outline .
1. Recap
2. Design and implementation of quantum tunneling PUF
3. Experiment results of quantum tunneling PUF
4. PUF-based security applications
40. PUFsecurity
page 40
page 40
Conclusion .
Quantum tunneling PUF has been introduced:
▪ It provides good randomness, reliability and physical security
▪ Root of trust and security IPs can be built upon it
▪ It enables a wide range of security applications
… helps building a more secure connected world
41. PUFsecurity
page 41
page 41
Outlook .
Coming up:
▪ PUF implementations in literature
▪ Performance comparison of different PUFs
▪ Analysis on yield, reliability, and physical attack vulnerability