SlideShare une entreprise Scribd logo

PUF_lecture4.pdf

S
shannlevia123

sss

Ingénierie
1  sur  42
Télécharger pour lire hors ligne
PUF Implementations and Benchmarking . Dr. Kent Chuang 2022 September
Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
page 5 Recap . In the previous lectures, we have introduced ▪ Basics about PUF ▪ Important PUF properties and design considerations ▪ Quantum tunneling PUF ▪ Security applications of PUFs
page 6 Key Generation Using PUF . KDF Device Secret Auxiliary Input (Optional) Secret Key PUF Array 0 1 0 1 0 1 0 0 0 Readout Interface ▪ Unique device secret can be derived from the PUF array ▪ Secret key can be further derived by sending the device secret into the key derivation function (KDF)
page 7 Plenary Speech 2 PUF Array PUF Bit-Cell PUF Enrollment BL BL VAF-0 VAF-1 AF-0(VPP) AF-1(VPP) AF-0(VPP) AF-1(VPP) 50% 50% “1” Cell “0” Cell 0 1 0 1 0 1 0 1 1 1 0 1 0 0 1 0 A Quantum Tunneling PUF .
page 8 PUF responses are consistent . ▪ No bit error found across all tested conditions → Wide supply voltage range covering the ULP spec → Wide temperature range from -40 °C to 175 °C 0.8 1.0 1.2 1.4 2.0 2.4 2.8 3.2 0 1 2 3 Bit Error Rate (ppm) Supply Voltage (V) VDD VDD2 -40 0 40 80 120 160 200 0 1 2 3 Bit Error Rate (ppm) Temperature (C) Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
page 10 Arbiter PUF – based on timing differences . · · · Arbiter 0/1 “1” “0” “0” “1” 0 1 1 0 N-bit challenge → 2 N possible CRPs (Strong PUF) Challenge Response J. Lee, et. al, “A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications,” Symp. VLSI-C 2004
page 11 Entity authentication using strong PUFs . ▪ A huge amount of CRPs is needed (cannot reuse a CRP) ▪ Strong PUFs (e.g. Arbiter PUFs) provide such functionality PUF1 PUF2 PUF3 Ci,1 Ci,2 Ci,3 Ri,1 Ri,2 Ri,3 1. Send random challenges to PUFs Ci,2 R’i,2 R’i,2=Ri,2? 1. Send stored challenges to PUF 2. Verify if the responses are correct → Determine if PUF’2 is PUF2 2. Receive responses and store CRPs Enroll PUF’2 Authenticate Server
page 12 Arbiter PUF is not an ideal strong PUF . ▪ Linear additive structure: sum of delays ▪ Similar challenges → similar responses “1” “0” · · · “0” “1” Arbiter 0/1 Δt1,1 Δt2,0 ΔtN-1,0 ΔtN,0 + + + + = C1: Δt1,1 Δt2,0 ΔtN-1,1 ΔtN,0 + + + + Δt1 - ΔtN-1,0 + ΔtN-1,1 = Addition of N elements >> Difference of one element Not likely to change sign “1” “0” “1” “1” C2: Change only one bit Δt1
page 13 Responses can be easily predicted . ▪ CRPs are highly correlated: low entropy ▪ → Prone to machine learning (ML) attacks → Experiments on 65 nm CMOS Arbiter PUF: only 1000+ CRPs are sufficient to model the PUF with high accuracy G. Hospodar, “Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability,” WIFS 2012
page 14 Unpredictability enhanced by XORing . · · · Arbiter · · · Arbiter · · · Arbiter “1” “0” “0” “1” 0/1 Assume response bit has 5% probability to flip when changing a challenge bit XOR by 3 ➔ ~14% Entropy is summed-up by XORing → more unpredictable XOR PUF
page 15 Reliability is the bottleneck for XOR PUFs . ▪ Assume 100 arbiter PUFs are XORed → BER ~50% ▪ Unpredictable, but not a PUF BER: 6% BER: 8% BER: 4% BER: ~16% Errors are also summed-up by XORing Are there good strong PUFs?
page 16 Ring-Oscillator (RO) PUF . ▪ Each RO consists of odd stages of inverting gates ▪ Oscillation frequency depends on logic delays – Affected by device variations within logic gates ▪ Two identically designed ROs oscillate at different frequencies EN EN
page 17 RO-PUF based on frequency comparison . ▪ Select two ROs to be compared based on challenge – N(N-1)/2 challenges → smaller than an arbiter PUFs with the same N ▪ Response is generated by comparing the counter values MUX Counter >? Counter MUX RON RO2 RO1 0/1 Challenge Response
page 18 SRAM PUF – a classic weak PUF . ▪ 2D array of 1-bit memory cells ▪ Using the mismatch between the cross-coupled inverters ordline bitline bitline DD DD 6T-SRAM cell I1 I2 “1” “0” “0” “1” Bi-stable states I1 I2 I2 I1 Two possible outcomes after power-up
page 19 Power-up behavior generate PUF bits . No-mismatch I1-skewed 1/0 0/1 I1 I2 1 0 I1 I2 0 1 I1 I2 I2-skewed
page 20 ordline bitline bitline DD DD identical identical Small mismatch causes instability . ▪ Mismatches are random – Also possible to have very small mismatches ▪ An SRAM can enter noise-sensitive metastable state – SRAM PUF data may change in different power-ups 50% “0” “1” 50% “1” “0” Bit errors!
page 21 Monostable PUFs . ▪ Less sensitive to noise when powering-up – No metastable state ▪ Readout events are affected by noise → still have bit errors Alvarez, A., et. “A 15fJ/b static physically unclonable functions for secure chip identification with <2% native bit instability and 140× inter/intra PUF hamming distance separation in 65nm”, ISSCC 2015 These PUF cells may cause errors
page 22 NAND chain based PUF . ▪ Small VT variations is amplified by inverting logic gates – Response = 1 if VT1>VT2 (assuming odd stages) – Response = 0 if VT1<VT2 ▪ Monostable behavior → less errors than SRAM PUF B. Karpinskyy, et. al, “Physically Unclonable Function for Secure Key Generation ith a Key Error Rate of 2E-38 in 45nm Smart-Card Chips”, ISSCC2016 VT1 VT2 Response EN
page 23 2-bit/cell PUF using two oxide-BD mechanisms . ▪ Oxide-breakdown PUFs using high-k metal gate – Breakdown to low-resistance (anti-fuse) – Breakdown to high-resistance (dielectric-fuse) ▪ Experimental results from device-level characterization – Feasibility for mass production is unknown E. Hsieh, et. al, “Embedded PUF on 14nm HKMG FinFET platform: A novel 2-bit-per-cell OTP-based memory feasible for IoT secuirty solution in 5G era,” Symp. VLSI-T 2019 WL BL 1/0 1/0 Metal High-k SiO2 D S Metal High-k SiO2 D S Metal High-k SiO2 D S Metal High-k SiO2 D S 0 / 1 1 / 0 0 / 0 1 / 1 AF DF
page 24 A Reconfigurable Resistive-RAM PUF . ▪ Resulting in significant current difference →BER ~0% ▪ PUF cells can be reconfigured (reset both to HRS and “split” again) – Do we really want a reconfigurable PUF? – Reconfigurability of RRAM is not ideal [2] WL R1 R2 I1 I2 I1>I2 I1<I2 Split resistance Vsense WL R1 R2 I1 I2 Set R1 to LRS Reset R2 to HRS Vsense WL R1 R2 I1 I2 Reset R1 to HRS Set R2 to LRS Vsense [1] Y. Pang, et. al, “A reconfigurable RRAM physically unclonable function utilizing post-process randomness source with <6×10-6 native bit error rate,” ISSCC 2019 [2] K. Chuang, et. al, “A Cautionary Note When Looking for a Truly Reconfigurable Resistive RAM PUF,” Trans. CHES 2018 [1]
Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs - Reliability, Yield, and Randomness - Security against attacks 4. Conclusion
page 26 Smaller VT variation SRAM PUF is very sensitive to technology . ordline bitline bitline DD DD ordline bitline bitline DD DD VT σ PDF σ=20mV σ=10mV σ VT PDF More likely to have smaller mismatches → More unstable SRAM cells Technology Optimization Technology tuning/optimization (by the foundry) might lead to performance degradation of an existing SRAM PUF design
page 27 Randomness is also sensitive to technology . * G. Schrijen, and V. Van Der Leest. "Comparative analysis of SRAM memories used as PUF primitives." 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2012. ordline bitline bitline DD DD M1 M2 M3 M4 M5 M6 M1 M2 M3 M5 M6 M4 An example SRAM layout Not fully symmetric Possible that Pr(VT2 >VT1)>0.5 due to deterministic layout/process patterns * Some SRAM designs are heavily biased The randomness of a SRAM-PUF may change across technology platforms, process corners, lots, wafers, and even die locations
page 28 Yield issue – reliability and randomness . ▪ Stability/randomness is not qualified → Yield loss ▪ The quality varies a lot due to process variation PUF Helper Data (NVM) Post- processing Raw PUF-bits PUF secret Error-rate < 1e-9 Entropy=256 bit Fixed for a hardware-PUF (t and k are fixed) # error < t-bit entropy > k-bit A chip fails the yield test if raw data is not qualified
page 29 SRAM PUFs are prone to aging effects . Biased-temperature instability (BTI) effects will make mismatch smaller → PUF cell becomes less stable ordline bitline bitline DD DD wea k nBT I 0 VDD power-up During power-up Higher current flows through when charging- up this node, inducing hot-carrier injection (HCI) stress effect → PUF cell becomes less stable After power-up ordline bitline bitline DD DD 0V →VDD 0V →0V HCI → Stability and randomness can both be affected by aging Can also cause permanent bit-flips if aging effect is strong → HW changes
page 30 Conventional PUF (e.g. SRAM PUF) Quantum Tunneling PUF Technology SRAM startup behavior Quantum Tunneling Inter- HD (Uniqueness) 45%~50% * 50% HW (Randomness) 0.4~0.65 * 0.5 Bit Error Rate (Robustness) 1.5%~20% * 0% Device Aging May cause stability and randomness degradation Insensitive to aging Comparison . * G. Schrijen, and V. Van Der Leest. "Comparative analysis of SRAM memories used as PUF primitives." 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2012.
Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs - Reliability, Yield, and Randomness - Security against attacks 4. Conclusion
page 32 ordline bitline bitline DD DD Probing SRAM PUF data using laser glitches . ▪ Laser stimulation at N1 will increase the voltage of the left node → Induce current flow through P2 and N2 ordline bitline bitline DD DD D. Nedospasov et. al, “Invasive PUF Analysis,” 2013 Workshop on Failure Diagnosis and Tolerance in Cryptography 0 1 1 0 N1 N2 P1 P2 “Seebeck voltage” Laser Stimulation → Induce Heat Current ▪ Laser stimulation at N1 will NOT increase the voltage of the left node → NO current flow through P2 and N2 Laser Stimulation Logic states can be distinguished by checking the “current sensitivity” to laser at certain locations Measure changes of supply current
page 33 SRAM data identification . N1 N2 P1 P2 N1 N2 P1 P2 ordline bitline bitline DD DD 0 1 N1 N2 P1 P2 Sensitive locations ordline bitline bitline DD DD 1 0 N1 N2 P1 P2 Sensitive locations The image is obtained by measuring the supply current fluctuation under laser stimulation at different locations [5] D. Nedospasov et. al, “Invasive PUF Analysis,” 2013 Workshop on Failure Diagnosis and Tolerance in Cryptography
page 34 Attack using data-remanence effect at low-T . Data remains within SRAM cells even after power-down [9] N. A. Anagnostopoulos, et al. "Low-temperature data remanence attacks against intrinsic SRAM PUFs." 2018 21st Euromicro Conference on Digital System Design (DSD). IEEE, 2018.
page 35 Attack example . Bootloader SRAM PUF Bootloader SRAM PUF Read Erase Other NA SRAM PUF Other R/W Pre-erasure Post-erasure Boot flow Only bootloader has access to the SRAM power-up state Non-privileged code has access to SRAM data after erasure Freeze the SRAM after power-up Data is not overwritten successfully → Attacker can read SRAM-PUF data using non-privileged codes N. A. Anagnostopoulos, et al. "Low-temperature data remanence attacks against intrinsic SRAM PUFs." 2018 21st Euromicro Conference on Digital System Design (DSD). IEEE, 2018.
page 36 Helper data attacks also lead to faults . ▪ SRAM PUF cannot operate without storing helper data in NVM ▪ NVM contents can be erased by heat/radiation PUF Helper Data (NVM) Post- processing Reconstructed PUF secret will be corrupted if the helper data storage is subject to attacks PUF secret [11] S. Skorobogatov, "Local heating attacks on Flash memory devices." 2009 IEEE International Workshop on Hardware-Oriented Security and Trust. IEEE, 2009. → Modify HD without having write access [12]
page 37 Entropy-loss introduced by ECC . Example: correcting 100-bit SRAM with different error correction ratio ECC corrects up to 30-bit errors entropy loss >80% Entropy is estimated by guessing probability The probability of having a correct guessing an 𝑚-bit data with 𝑡-bit error tolerance is: Pr 𝑐𝑜𝑟𝑟𝑒𝑐𝑡 𝑔𝑢𝑒𝑠𝑠𝑖𝑛𝑔 = Pr(#𝑒𝑟𝑟𝑜𝑟 ≤ 𝑡) = ෍ 𝑖=0 𝑡 𝑚 𝑖 1 − 𝑝 𝑖𝑝𝑚−𝑖 Where 𝑝 is the success probability of guessing a bit, which is equal to 0.5 assuming that the 𝑚-bit data is full-entropy. The resulting entropy is estimated using the equation: H = − log2 Pr 𝑐𝑜𝑟𝑟𝑒𝑐𝑡 𝑔𝑢𝑒𝑠𝑠𝑖𝑛𝑔 → More entropy loss when correcting more errors
page 38 Comparison . Conventional PUFs Quantum Tunneling PUF Optical Attacks - Data leakage due to optical sensitivity - Fault injected by laser Insensitive to optical glitches Temperature Attacks - Faults induced by varying temperature - Data remanence attack at low temperature Insensitive to temperature Voltage glitches - Faults induced by varying supply voltage or power-up behavior Insensitive to supply voltage in a wide operating range (e.g. 0.8V-1.4V) Helper data attack - Fault attacks on helper data - Helper data manipulation attacks No helper data → No risk
Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
PUFsecurity page 40 page 40 Conclusion . Different PUF implementations have been introduced … ▪ Most PUFs do not provide ideal performance ▪ May be vulnerable to different physical attacks ▪ Helper data is not good for entropy and physical security … quantum tunneling PUF is a better solution
Thank you! More educational materials? Feel free to follow us!
PUFsecurity page 42 page 42 Outlook . Coming up: ▪ True Random Number Generators ▪ Cryptographic Algorithms – Hash functions – Symmetric key cryptography – Asymmetric (public) key cryptography

Recommandé

PUF_lecture3.pdf
PUF_lecture3.pdfPUF_lecture3.pdf
PUF_lecture3.pdfshannlevia123
 
PUF_lecture2.pdf
PUF_lecture2.pdfPUF_lecture2.pdf
PUF_lecture2.pdfshannlevia123
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructionstrayyoo
 
Migration ux to windows - ICT i3070
Migration ux to windows - ICT i3070Migration ux to windows - ICT i3070
Migration ux to windows - ICT i3070Interlatin
 
Analog, IO Test Chip Validation
Analog, IO Test Chip ValidationAnalog, IO Test Chip Validation
Analog, IO Test Chip ValidationSMIT A. PATEL
 
qsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.doc
qsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.docqsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.doc
qsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.docGLsun Mall
 
QSFP-4X10G-LR-T02#121004.pdf
QSFP-4X10G-LR-T02#121004.pdfQSFP-4X10G-LR-T02#121004.pdf
QSFP-4X10G-LR-T02#121004.pdfGLsun Mall
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayManuel Garcia Meza
 

Recommandé

PUF_lecture3.pdf
PUF_lecture3.pdfPUF_lecture3.pdf
PUF_lecture3.pdfshannlevia123
 
PUF_lecture2.pdf
PUF_lecture2.pdfPUF_lecture2.pdf
PUF_lecture2.pdfshannlevia123
 
Lab 9 instructions
Lab 9 instructionsLab 9 instructions
Lab 9 instructionstrayyoo
 
Migration ux to windows - ICT i3070
Migration ux to windows - ICT i3070Migration ux to windows - ICT i3070
Migration ux to windows - ICT i3070Interlatin
 
Analog, IO Test Chip Validation
Analog, IO Test Chip ValidationAnalog, IO Test Chip Validation
Analog, IO Test Chip ValidationSMIT A. PATEL
 
qsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.doc
qsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.docqsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.doc
qsfp-4x10g-lr-1310nm-10km-cwdm-fiber-transceiver-121004.docGLsun Mall
 
QSFP-4X10G-LR-T02#121004.pdf
QSFP-4X10G-LR-T02#121004.pdfQSFP-4X10G-LR-T02#121004.pdf
QSFP-4X10G-LR-T02#121004.pdfGLsun Mall
 
Lab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayLab 3.5.1 basic frame relay
Lab 3.5.1 basic frame relayManuel Garcia Meza
 
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI InterfacePanox Display
 
Ofdm.pptx
Ofdm.pptxOfdm.pptx
Ofdm.pptxAkbarali206563
 
8051 kit manual
8051 kit manual8051 kit manual
8051 kit manualanishgoel
 
8051 kit manual
8051 kit manual8051 kit manual
8051 kit manualanishgoel
 
Instruction set
Instruction setInstruction set
Instruction setLívia Sousa
 
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptxGPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptxssuser9ffba4
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIWLec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIWHsien-Hsin Sean Lee, Ph.D.
 
Arduino Projects.pptx
Arduino Projects.pptxArduino Projects.pptx
Arduino Projects.pptxJhon Bryan Cantil
 
04 Unit IV DTE.pptx
04 Unit IV DTE.pptx04 Unit IV DTE.pptx
04 Unit IV DTE.pptxHarsheye
 
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdfosw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdfGLsun Mall
 
Routing over ericsson mini link
Routing over ericsson mini linkRouting over ericsson mini link
Routing over ericsson mini linkAhmed Nabeeh
 
Usb Controlled Function Generator
Usb Controlled Function GeneratorUsb Controlled Function Generator
Usb Controlled Function GeneratorKent Schonert
 
qsfp-40g-sr4-optical-transceiver-module-121001.pdf
qsfp-40g-sr4-optical-transceiver-module-121001.pdfqsfp-40g-sr4-optical-transceiver-module-121001.pdf
qsfp-40g-sr4-optical-transceiver-module-121001.pdfGLsun Mall
 
QSFP-40G-SR4-T02#121001.doc
QSFP-40G-SR4-T02#121001.docQSFP-40G-SR4-T02#121001.doc
QSFP-40G-SR4-T02#121001.docGLsun Mall
 
wd1-01-jaseel-madhusudan-pres-user
wd1-01-jaseel-madhusudan-pres-userwd1-01-jaseel-madhusudan-pres-user
wd1-01-jaseel-madhusudan-pres-userjaseel_abdulla
 
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015 Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015 Tony Antony
 
1wire protocol
1wire protocol1wire protocol
1wire protocoljuan kard
 
Nrf24l01 tutorial 0
Nrf24l01 tutorial 0Nrf24l01 tutorial 0
Nrf24l01 tutorial 0Khanh Le
 
Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02A.S.M Shmimul Islam.
 
ch00-1-introduction.pdf
ch00-1-introduction.pdfch00-1-introduction.pdf
ch00-1-introduction.pdfshannlevia123
 
Chapter 5(Appendix).pdf
Chapter 5(Appendix).pdfChapter 5(Appendix).pdf
Chapter 5(Appendix).pdfshannlevia123
 

Contenu connexe

Similaire à PUF_lecture4.pdf

8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI InterfacePanox Display
 
8051 kit manual
8051 kit manual8051 kit manual
8051 kit manualanishgoel
 
8051 kit manual
8051 kit manual8051 kit manual
8051 kit manualanishgoel
 
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptxGPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptxssuser9ffba4
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleFaisal Khan
 
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIWLec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIWHsien-Hsin Sean Lee, Ph.D.
 
04 Unit IV DTE.pptx
04 Unit IV DTE.pptx04 Unit IV DTE.pptx
04 Unit IV DTE.pptxHarsheye
 
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdfosw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdfGLsun Mall
 
Routing over ericsson mini link
Routing over ericsson mini linkRouting over ericsson mini link
Routing over ericsson mini linkAhmed Nabeeh
 
Usb Controlled Function Generator
Usb Controlled Function GeneratorUsb Controlled Function Generator
Usb Controlled Function GeneratorKent Schonert
 
qsfp-40g-sr4-optical-transceiver-module-121001.pdf
qsfp-40g-sr4-optical-transceiver-module-121001.pdfqsfp-40g-sr4-optical-transceiver-module-121001.pdf
qsfp-40g-sr4-optical-transceiver-module-121001.pdfGLsun Mall
 
QSFP-40G-SR4-T02#121001.doc
QSFP-40G-SR4-T02#121001.docQSFP-40G-SR4-T02#121001.doc
QSFP-40G-SR4-T02#121001.docGLsun Mall
 
wd1-01-jaseel-madhusudan-pres-user
wd1-01-jaseel-madhusudan-pres-userwd1-01-jaseel-madhusudan-pres-user
wd1-01-jaseel-madhusudan-pres-userjaseel_abdulla
 
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015 Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015 Tony Antony
 
1wire protocol
1wire protocol1wire protocol
1wire protocoljuan kard
 
Nrf24l01 tutorial 0
Nrf24l01 tutorial 0Nrf24l01 tutorial 0
Nrf24l01 tutorial 0Khanh Le
 
Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02A.S.M Shmimul Islam.
 

Similaire à PUF_lecture4.pdf (20)

8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
8 inch TFT-LCD Datesheet, AUO, 800*1280, MIPI Interface
 
Ofdm.pptx
Ofdm.pptxOfdm.pptx
Ofdm.pptx
 
8051 kit manual
8051 kit manual8051 kit manual
8051 kit manual
 
8051 kit manual
8051 kit manual8051 kit manual
8051 kit manual
 
Instruction set
Instruction setInstruction set
Instruction set
 
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptxGPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
GPS-Out LIMITATIONS AND NGS IMPROVEMENTS.pptx
 
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sampleVoiceBootcamp Ccnp collaboration lab guide v1.0 sample
VoiceBootcamp Ccnp collaboration lab guide v1.0 sample
 
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIWLec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
Lec15 Computer Architecture by Hsien-Hsin Sean Lee Georgia Tech -- EPIC VLIW
 
Arduino Projects.pptx
Arduino Projects.pptxArduino Projects.pptx
Arduino Projects.pptx
 
04 Unit IV DTE.pptx
04 Unit IV DTE.pptx04 Unit IV DTE.pptx
04 Unit IV DTE.pptx
 
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdfosw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
osw-1x8-multi-channel-rotary-optical-switch-data-sheet-550401.pdf
 
Routing over ericsson mini link
Routing over ericsson mini linkRouting over ericsson mini link
Routing over ericsson mini link
 
Usb Controlled Function Generator
Usb Controlled Function GeneratorUsb Controlled Function Generator
Usb Controlled Function Generator
 
qsfp-40g-sr4-optical-transceiver-module-121001.pdf
qsfp-40g-sr4-optical-transceiver-module-121001.pdfqsfp-40g-sr4-optical-transceiver-module-121001.pdf
qsfp-40g-sr4-optical-transceiver-module-121001.pdf
 
QSFP-40G-SR4-T02#121001.doc
QSFP-40G-SR4-T02#121001.docQSFP-40G-SR4-T02#121001.doc
QSFP-40G-SR4-T02#121001.doc
 
wd1-01-jaseel-madhusudan-pres-user
wd1-01-jaseel-madhusudan-pres-userwd1-01-jaseel-madhusudan-pres-user
wd1-01-jaseel-madhusudan-pres-user
 
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015 Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
Eliminating SAN Congestion Just Got Much Easier- webinar - Nov 2015
 
1wire protocol
1wire protocol1wire protocol
1wire protocol
 
Nrf24l01 tutorial 0
Nrf24l01 tutorial 0Nrf24l01 tutorial 0
Nrf24l01 tutorial 0
 
Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02Packettracersimulationlabl3routing 130306235157-phpapp02
Packettracersimulationlabl3routing 130306235157-phpapp02
 

Plus de shannlevia123

ch00-1-introduction.pdf
ch00-1-introduction.pdfch00-1-introduction.pdf
ch00-1-introduction.pdfshannlevia123
 
Chapter 5(Appendix).pdf
Chapter 5(Appendix).pdfChapter 5(Appendix).pdf
Chapter 5(Appendix).pdfshannlevia123
 
Anti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdfAnti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdfshannlevia123
 
lec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdflec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdfshannlevia123
 
Ch2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdfCh2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdfshannlevia123
 

Plus de shannlevia123 (10)

ch00-1-introduction.pdf
ch00-1-introduction.pdfch00-1-introduction.pdf
ch00-1-introduction.pdf
 
Chapter 5(Appendix).pdf
Chapter 5(Appendix).pdfChapter 5(Appendix).pdf
Chapter 5(Appendix).pdf
 
Prob - Syllabus.pdf
Prob - Syllabus.pdfProb - Syllabus.pdf
Prob - Syllabus.pdf
 
Anti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdfAnti-Tampering_Part1.pdf
Anti-Tampering_Part1.pdf
 
lec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdflec08_computation_of_DFT.pdf
lec08_computation_of_DFT.pdf
 
lec07_DFT.pdf
lec07_DFT.pdflec07_DFT.pdf
lec07_DFT.pdf
 
PUF_lecture1.pdf
PUF_lecture1.pdfPUF_lecture1.pdf
PUF_lecture1.pdf
 
control00.pdf
control00.pdfcontrol00.pdf
control00.pdf
 
Ch2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdfCh2_Discrete time signal and systems.pdf
Ch2_Discrete time signal and systems.pdf
 
Ch3_Z-transform.pdf
Ch3_Z-transform.pdfCh3_Z-transform.pdf
Ch3_Z-transform.pdf
 

Dernier

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Christo Ananth
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Dr.Costas Sachpazis
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlysanyuktamishra911
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduitsrknatarajan
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesPrabhanshu Chaturvedi
 

Dernier (20)

Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
Call for Papers - Educational Administration: Theory and Practice, E-ISSN: 21...
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
Structural Analysis and Design of Foundations: A Comprehensive Handbook for S...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
KubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghlyKubeKraft presentation @CloudNativeHooghly
KubeKraft presentation @CloudNativeHooghly
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsRussian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
Russian Call Girls in Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
UNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular ConduitsUNIT-II FMM-Flow Through Circular Conduits
UNIT-II FMM-Flow Through Circular Conduits
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Glass Ceramics: Processing and Properties
Glass Ceramics: Processing and PropertiesGlass Ceramics: Processing and Properties
Glass Ceramics: Processing and Properties
 

PUF_lecture4.pdf

  • 1.
  • 2. PUF Implementations and Benchmarking . Dr. Kent Chuang 2022 September
  • 3. Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
  • 4. Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
  • 5. page 5 Recap . In the previous lectures, we have introduced ▪ Basics about PUF ▪ Important PUF properties and design considerations ▪ Quantum tunneling PUF ▪ Security applications of PUFs
  • 6. page 6 Key Generation Using PUF . KDF Device Secret Auxiliary Input (Optional) Secret Key PUF Array 0 1 0 1 0 1 0 0 0 Readout Interface ▪ Unique device secret can be derived from the PUF array ▪ Secret key can be further derived by sending the device secret into the key derivation function (KDF)
  • 7. page 7 Plenary Speech 2 PUF Array PUF Bit-Cell PUF Enrollment BL BL VAF-0 VAF-1 AF-0(VPP) AF-1(VPP) AF-0(VPP) AF-1(VPP) 50% 50% “1” Cell “0” Cell 0 1 0 1 0 1 0 1 1 1 0 1 0 0 1 0 A Quantum Tunneling PUF .
  • 8. page 8 PUF responses are consistent . ▪ No bit error found across all tested conditions → Wide supply voltage range covering the ULP spec → Wide temperature range from -40 °C to 175 °C 0.8 1.0 1.2 1.4 2.0 2.4 2.8 3.2 0 1 2 3 Bit Error Rate (ppm) Supply Voltage (V) VDD VDD2 -40 0 40 80 120 160 200 0 1 2 3 Bit Error Rate (ppm) Temperature (C) Wu, et. al, A PUF Scheme using Competing Oxide Rupture with Bit Error Rate Approaching Zero, ISSCC, 2018
  • 9. Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
  • 10. page 10 Arbiter PUF – based on timing differences . · · · Arbiter 0/1 “1” “0” “0” “1” 0 1 1 0 N-bit challenge → 2 N possible CRPs (Strong PUF) Challenge Response J. Lee, et. al, “A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications,” Symp. VLSI-C 2004
  • 11. page 11 Entity authentication using strong PUFs . ▪ A huge amount of CRPs is needed (cannot reuse a CRP) ▪ Strong PUFs (e.g. Arbiter PUFs) provide such functionality PUF1 PUF2 PUF3 Ci,1 Ci,2 Ci,3 Ri,1 Ri,2 Ri,3 1. Send random challenges to PUFs Ci,2 R’i,2 R’i,2=Ri,2? 1. Send stored challenges to PUF 2. Verify if the responses are correct → Determine if PUF’2 is PUF2 2. Receive responses and store CRPs Enroll PUF’2 Authenticate Server
  • 12. page 12 Arbiter PUF is not an ideal strong PUF . ▪ Linear additive structure: sum of delays ▪ Similar challenges → similar responses “1” “0” · · · “0” “1” Arbiter 0/1 Δt1,1 Δt2,0 ΔtN-1,0 ΔtN,0 + + + + = C1: Δt1,1 Δt2,0 ΔtN-1,1 ΔtN,0 + + + + Δt1 - ΔtN-1,0 + ΔtN-1,1 = Addition of N elements >> Difference of one element Not likely to change sign “1” “0” “1” “1” C2: Change only one bit Δt1
  • 13. page 13 Responses can be easily predicted . ▪ CRPs are highly correlated: low entropy ▪ → Prone to machine learning (ML) attacks → Experiments on 65 nm CMOS Arbiter PUF: only 1000+ CRPs are sufficient to model the PUF with high accuracy G. Hospodar, “Machine learning attacks on 65nm Arbiter PUFs: Accurate modeling poses strict bounds on usability,” WIFS 2012
  • 14. page 14 Unpredictability enhanced by XORing . · · · Arbiter · · · Arbiter · · · Arbiter “1” “0” “0” “1” 0/1 Assume response bit has 5% probability to flip when changing a challenge bit XOR by 3 ➔ ~14% Entropy is summed-up by XORing → more unpredictable XOR PUF
  • 15. page 15 Reliability is the bottleneck for XOR PUFs . ▪ Assume 100 arbiter PUFs are XORed → BER ~50% ▪ Unpredictable, but not a PUF BER: 6% BER: 8% BER: 4% BER: ~16% Errors are also summed-up by XORing Are there good strong PUFs?
  • 16. page 16 Ring-Oscillator (RO) PUF . ▪ Each RO consists of odd stages of inverting gates ▪ Oscillation frequency depends on logic delays – Affected by device variations within logic gates ▪ Two identically designed ROs oscillate at different frequencies EN EN
  • 17. page 17 RO-PUF based on frequency comparison . ▪ Select two ROs to be compared based on challenge – N(N-1)/2 challenges → smaller than an arbiter PUFs with the same N ▪ Response is generated by comparing the counter values MUX Counter >? Counter MUX RON RO2 RO1 0/1 Challenge Response
  • 18. page 18 SRAM PUF – a classic weak PUF . ▪ 2D array of 1-bit memory cells ▪ Using the mismatch between the cross-coupled inverters ordline bitline bitline DD DD 6T-SRAM cell I1 I2 “1” “0” “0” “1” Bi-stable states I1 I2 I2 I1 Two possible outcomes after power-up
  • 19. page 19 Power-up behavior generate PUF bits . No-mismatch I1-skewed 1/0 0/1 I1 I2 1 0 I1 I2 0 1 I1 I2 I2-skewed
  • 20. page 20 ordline bitline bitline DD DD identical identical Small mismatch causes instability . ▪ Mismatches are random – Also possible to have very small mismatches ▪ An SRAM can enter noise-sensitive metastable state – SRAM PUF data may change in different power-ups 50% “0” “1” 50% “1” “0” Bit errors!
  • 21. page 21 Monostable PUFs . ▪ Less sensitive to noise when powering-up – No metastable state ▪ Readout events are affected by noise → still have bit errors Alvarez, A., et. “A 15fJ/b static physically unclonable functions for secure chip identification with <2% native bit instability and 140× inter/intra PUF hamming distance separation in 65nm”, ISSCC 2015 These PUF cells may cause errors
  • 22. page 22 NAND chain based PUF . ▪ Small VT variations is amplified by inverting logic gates – Response = 1 if VT1>VT2 (assuming odd stages) – Response = 0 if VT1<VT2 ▪ Monostable behavior → less errors than SRAM PUF B. Karpinskyy, et. al, “Physically Unclonable Function for Secure Key Generation ith a Key Error Rate of 2E-38 in 45nm Smart-Card Chips”, ISSCC2016 VT1 VT2 Response EN
  • 23. page 23 2-bit/cell PUF using two oxide-BD mechanisms . ▪ Oxide-breakdown PUFs using high-k metal gate – Breakdown to low-resistance (anti-fuse) – Breakdown to high-resistance (dielectric-fuse) ▪ Experimental results from device-level characterization – Feasibility for mass production is unknown E. Hsieh, et. al, “Embedded PUF on 14nm HKMG FinFET platform: A novel 2-bit-per-cell OTP-based memory feasible for IoT secuirty solution in 5G era,” Symp. VLSI-T 2019 WL BL 1/0 1/0 Metal High-k SiO2 D S Metal High-k SiO2 D S Metal High-k SiO2 D S Metal High-k SiO2 D S 0 / 1 1 / 0 0 / 0 1 / 1 AF DF
  • 24. page 24 A Reconfigurable Resistive-RAM PUF . ▪ Resulting in significant current difference →BER ~0% ▪ PUF cells can be reconfigured (reset both to HRS and “split” again) – Do we really want a reconfigurable PUF? – Reconfigurability of RRAM is not ideal [2] WL R1 R2 I1 I2 I1>I2 I1<I2 Split resistance Vsense WL R1 R2 I1 I2 Set R1 to LRS Reset R2 to HRS Vsense WL R1 R2 I1 I2 Reset R1 to HRS Set R2 to LRS Vsense [1] Y. Pang, et. al, “A reconfigurable RRAM physically unclonable function utilizing post-process randomness source with <6×10-6 native bit error rate,” ISSCC 2019 [2] K. Chuang, et. al, “A Cautionary Note When Looking for a Truly Reconfigurable Resistive RAM PUF,” Trans. CHES 2018 [1]
  • 25. Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs - Reliability, Yield, and Randomness - Security against attacks 4. Conclusion
  • 26. page 26 Smaller VT variation SRAM PUF is very sensitive to technology . ordline bitline bitline DD DD ordline bitline bitline DD DD VT σ PDF σ=20mV σ=10mV σ VT PDF More likely to have smaller mismatches → More unstable SRAM cells Technology Optimization Technology tuning/optimization (by the foundry) might lead to performance degradation of an existing SRAM PUF design
  • 27. page 27 Randomness is also sensitive to technology . * G. Schrijen, and V. Van Der Leest. "Comparative analysis of SRAM memories used as PUF primitives." 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2012. ordline bitline bitline DD DD M1 M2 M3 M4 M5 M6 M1 M2 M3 M5 M6 M4 An example SRAM layout Not fully symmetric Possible that Pr(VT2 >VT1)>0.5 due to deterministic layout/process patterns * Some SRAM designs are heavily biased The randomness of a SRAM-PUF may change across technology platforms, process corners, lots, wafers, and even die locations
  • 28. page 28 Yield issue – reliability and randomness . ▪ Stability/randomness is not qualified → Yield loss ▪ The quality varies a lot due to process variation PUF Helper Data (NVM) Post- processing Raw PUF-bits PUF secret Error-rate < 1e-9 Entropy=256 bit Fixed for a hardware-PUF (t and k are fixed) # error < t-bit entropy > k-bit A chip fails the yield test if raw data is not qualified
  • 29. page 29 SRAM PUFs are prone to aging effects . Biased-temperature instability (BTI) effects will make mismatch smaller → PUF cell becomes less stable ordline bitline bitline DD DD wea k nBT I 0 VDD power-up During power-up Higher current flows through when charging- up this node, inducing hot-carrier injection (HCI) stress effect → PUF cell becomes less stable After power-up ordline bitline bitline DD DD 0V →VDD 0V →0V HCI → Stability and randomness can both be affected by aging Can also cause permanent bit-flips if aging effect is strong → HW changes
  • 30. page 30 Conventional PUF (e.g. SRAM PUF) Quantum Tunneling PUF Technology SRAM startup behavior Quantum Tunneling Inter- HD (Uniqueness) 45%~50% * 50% HW (Randomness) 0.4~0.65 * 0.5 Bit Error Rate (Robustness) 1.5%~20% * 0% Device Aging May cause stability and randomness degradation Insensitive to aging Comparison . * G. Schrijen, and V. Van Der Leest. "Comparative analysis of SRAM memories used as PUF primitives." 2012 Design, Automation & Test in Europe Conference & Exhibition (DATE). IEEE, 2012.
  • 31. Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs - Reliability, Yield, and Randomness - Security against attacks 4. Conclusion
  • 32. page 32 ordline bitline bitline DD DD Probing SRAM PUF data using laser glitches . ▪ Laser stimulation at N1 will increase the voltage of the left node → Induce current flow through P2 and N2 ordline bitline bitline DD DD D. Nedospasov et. al, “Invasive PUF Analysis,” 2013 Workshop on Failure Diagnosis and Tolerance in Cryptography 0 1 1 0 N1 N2 P1 P2 “Seebeck voltage” Laser Stimulation → Induce Heat Current ▪ Laser stimulation at N1 will NOT increase the voltage of the left node → NO current flow through P2 and N2 Laser Stimulation Logic states can be distinguished by checking the “current sensitivity” to laser at certain locations Measure changes of supply current
  • 33. page 33 SRAM data identification . N1 N2 P1 P2 N1 N2 P1 P2 ordline bitline bitline DD DD 0 1 N1 N2 P1 P2 Sensitive locations ordline bitline bitline DD DD 1 0 N1 N2 P1 P2 Sensitive locations The image is obtained by measuring the supply current fluctuation under laser stimulation at different locations [5] D. Nedospasov et. al, “Invasive PUF Analysis,” 2013 Workshop on Failure Diagnosis and Tolerance in Cryptography
  • 34. page 34 Attack using data-remanence effect at low-T . Data remains within SRAM cells even after power-down [9] N. A. Anagnostopoulos, et al. "Low-temperature data remanence attacks against intrinsic SRAM PUFs." 2018 21st Euromicro Conference on Digital System Design (DSD). IEEE, 2018.
  • 35. page 35 Attack example . Bootloader SRAM PUF Bootloader SRAM PUF Read Erase Other NA SRAM PUF Other R/W Pre-erasure Post-erasure Boot flow Only bootloader has access to the SRAM power-up state Non-privileged code has access to SRAM data after erasure Freeze the SRAM after power-up Data is not overwritten successfully → Attacker can read SRAM-PUF data using non-privileged codes N. A. Anagnostopoulos, et al. "Low-temperature data remanence attacks against intrinsic SRAM PUFs." 2018 21st Euromicro Conference on Digital System Design (DSD). IEEE, 2018.
  • 36. page 36 Helper data attacks also lead to faults . ▪ SRAM PUF cannot operate without storing helper data in NVM ▪ NVM contents can be erased by heat/radiation PUF Helper Data (NVM) Post- processing Reconstructed PUF secret will be corrupted if the helper data storage is subject to attacks PUF secret [11] S. Skorobogatov, "Local heating attacks on Flash memory devices." 2009 IEEE International Workshop on Hardware-Oriented Security and Trust. IEEE, 2009. → Modify HD without having write access [12]
  • 37. page 37 Entropy-loss introduced by ECC . Example: correcting 100-bit SRAM with different error correction ratio ECC corrects up to 30-bit errors entropy loss >80% Entropy is estimated by guessing probability The probability of having a correct guessing an 𝑚-bit data with 𝑡-bit error tolerance is: Pr 𝑐𝑜𝑟𝑟𝑒𝑐𝑡 𝑔𝑢𝑒𝑠𝑠𝑖𝑛𝑔 = Pr(#𝑒𝑟𝑟𝑜𝑟 ≤ 𝑡) = ෍ 𝑖=0 𝑡 𝑚 𝑖 1 − 𝑝 𝑖𝑝𝑚−𝑖 Where 𝑝 is the success probability of guessing a bit, which is equal to 0.5 assuming that the 𝑚-bit data is full-entropy. The resulting entropy is estimated using the equation: H = − log2 Pr 𝑐𝑜𝑟𝑟𝑒𝑐𝑡 𝑔𝑢𝑒𝑠𝑠𝑖𝑛𝑔 → More entropy loss when correcting more errors
  • 38. page 38 Comparison . Conventional PUFs Quantum Tunneling PUF Optical Attacks - Data leakage due to optical sensitivity - Fault injected by laser Insensitive to optical glitches Temperature Attacks - Faults induced by varying temperature - Data remanence attack at low temperature Insensitive to temperature Voltage glitches - Faults induced by varying supply voltage or power-up behavior Insensitive to supply voltage in a wide operating range (e.g. 0.8V-1.4V) Helper data attack - Fault attacks on helper data - Helper data manipulation attacks No helper data → No risk
  • 39. Outline . 1. Recap 2. Different PUF circuit implementations 3. Performance and security analysis of PUFs 4. Conclusion
  • 40. PUFsecurity page 40 page 40 Conclusion . Different PUF implementations have been introduced … ▪ Most PUFs do not provide ideal performance ▪ May be vulnerable to different physical attacks ▪ Helper data is not good for entropy and physical security … quantum tunneling PUF is a better solution
  • 41. Thank you! More educational materials? Feel free to follow us!
  • 42. PUFsecurity page 42 page 42 Outlook . Coming up: ▪ True Random Number Generators ▪ Cryptographic Algorithms – Hash functions – Symmetric key cryptography – Asymmetric (public) key cryptography