PUF_lecture2.pdf

How to make PUFs Reliable &
Why it is important ?
Dr. Kent Chuang
2022 September

Outline .
1. Recap
2. Why reliability is important?
3. Methods to improve reliability
4. Intrinsically reliable PUF using quantum tunneling
5. Conclusion and Outlook

Outline .

Recap .
In the previous lecture, we have introduced
▪ The importance of hardware security
▪ Why we need root of trust and PUF
▪ What is a PUF?
▪ What are the important PUF properties?

A PUF consists of the following properties:
▪ Physical unclonability
▪ Evaluability
▪ Uniqueness
▪ Reliability
Inborn unique
secret of a chip
PUF is a circuit with required properties .

▪ PUF needs to be unique (having the “uniqueness” property)
Secret key
Integrated Circuit
PUF
Cryptographic Function
Secure Communication
Key
generation
K1 K2 K3
Let each chip generate its own key .

Key Generation Using Weak PUF .
KDF
Device
Secret
Auxiliary Input
(Optional)
Secret
Key
PUF Array
0 1
0 1
0
1
0
0
0
Readout
Interface
▪ Unique device secret can be derived from the PUF array
▪ Secret key can be further derived by sending the device secret into the
key derivation function (KDF)

Outline .
1. Recap

0110010… 0110110… 0010110…
t
Bit-errors
T1 T2 Tn
→ Target: no bit error at any time and operating conditions
K1 Kn≠K1
Potential issue: the resulting keys may be different
K2 ≠K1
The same PUF queried at different time
Reliability: consistency of PUF responses .

Crypto functions cannot tolerate errors .
▪ For security reason, we want:
– A similar key should result in very different message/cipher pair
▪ In this case, if a key is corrupted
– Almost impossible to recover the corrupted messages
M C=Enc(M, K)
Encryption
K
M’=Dec(C, K’)
Decryption
K’
HD(K, K’)=1
FHD(M, M’) ≈ 0.5

Risks of Losing Information .
Core
Encryption
Flash
Decryption
Data
Encrypted
Data
Chip/Device
▪ Sensitive data stored in Flash needs to be encrypted for security
▪ Decrypted data will be corrupted if the key has errors
Example: Flash Encryption
PUF

Failing Authentications .
KDF
Auxiliary Input
PUF
Public Key
Private Key
PUF-based Key-Pair
Server
Sign
Enroll
Signature
Challenge
▪ Server authenticate the device by verifying its signature
▪ Signature will not match the public key if the private key has errors
→ Authentication Failed
Chip/Device

Reliability may be very different .
“0” “1” “1” “0”
SRAM PUF Quantum Tunneling PUF
▪ Power up results may be
different each time
→ Poor reliability
50% 50%
“0” “1”
▪ Tunneling path remains the
same each readout
→ Ideal reliability

SRAM PUF .
▪ 2D array of 1-bit memory cells
▪ Using the mismatch between the cross-coupled inverters
ord ine
bit
ine
bit
ine
6T-SRAM cell
I1 I2
“1” “0”
“0” “1”
Bi-stable states
I1
I2
I2
I1
Two possible outcomes
after power-up

SRAM PUF cells may be unreliable .
▪ Mismatches are random
→ It is possible to have very small mismatches
▪ An SRAM can enter noise-sensitive metastable state
→ SRAM PUF data may change in different power-ups
ord ine
bit
ine
bit
ine
identical
identical
50%
“0” “1”
50%
“1” “0”
Bit errors!

Deriving secret keys from PUF data .
▪ Post-processing: including error-correction function
– Robust mathematical algorithms, e.g. BCH
– Need memory and complex logics → resource consuming
▪ Stabilization: lightweight methods to reduce native error
– Temporal majority voting, dark-bit masking, burn-in, …
Readout
Interface
Post-
processing
n-bit k-bit
Stabilization
m-bit

Outline .
1. Recap

Error Correction Codes .
Generator
Data (Data || Parity) Decoder Data
Error
▪ Parity bits are generated based on the data and the ECC algorithm
▪ Data corrupted by a limited number of errors can be decoded back
▪ More parity bits → better error tolerance
– BCH(255, 247, 1) → Can correct maximum 1-bit error with 8 parity bits
– BCH(255, 199, 7) → Can correct maximum 7-bit error with 56 parity bits

Deriving a PUF-based key .
SRAM PUF bits PUF
PUF bits with error
R.N. Parity
PUF  (R.N. + Parity)
PUF  (R.N.+ Parity)
PUF’
XOR
NVM
255-bit
BCH-encoded
Helper data
Enrollment
Derivation
255-bit
XOR Parity’
R.N.’
With error
PUF
Key
derivation
Parity
R.N.
PUF  (R.N.+ Parity)
XOR
Error corrected
Helper data

Reconstructing a PUF-masked key .
SRAM PUF bits PUF
PUF bits with error
Key Parity
255-bit
PUF  (Key + Parity)
PUF  (Key + Parity)
PUF’
XOR
XOR Parity’
Key’
Key
NVM
255-bit
BCH-encoded key
255-bit
Helper data
BCH decoding
Key and parity with errors
Enrollment
Reconstruction

Post-processing is not an ideal solution .
▪ Need random number and NVM for both methods
▪ No advantage in terms of cost
– Comparing to storing keys in NVM
▪ It does provide better physical security
– Helper data can be a public information
– But it cannot be modified → access control required for NVM (cost)
PUF
Helper data
NVM
Post-
processing
RNG

Lightweight methods for error reduction .
▪ Typically applied before post-processing
– To reduce the required error-correction strength
– Some methods may replace error-correction
▪ Temporal majority voting, dark-bit masking, …
Readout
Interface
Post-
processing
n-bit k-bit
Stabilization
m-bit

Reduce errors by majority voting .
▪ More errors are averaged out if more readouts are performed
▪ Very inefficient if the native error rate is high
N
Error
rate

Screen out PUF bits that cause errors .
▪ Distinguishing unstable bits is challenging and time-consuming
▪ The mask information has to be stored
– NVM is needed
How to generate and
store the mask?

Combining these methods .
Post-
processing
(ECC)
TMV
Masking
Mask
(NVM)
Initial
Test
Read
Enroll Helper Data
(NVM)
Enroll
Read Read
n-bit m-bit m-bit k-bit
▪ Enrollment: find unstable cells and write helper data
▪ In-Field: stabilize PUF data and derive the secret key

PUFs need to be intrinsically reliable .
Readout
Interface
Post-
processing
n-bit k-bit
Stabilization
m-bit
▪ Error correction is too costly
– Extra cost on computation resources, storage and latency
▪ Stabilization techniques are insufficient
Costly
Insufficient

Having highly reliable PUF is beneficial .
▪ No error-correction, no stabilization, no NVM
▪ Instant ready PUF-based key
Highly reliable
PUF-based
secret key
Why most PUFs are not intrinsically reliable?
Readout
Interface
Entropy
Extraction
(optional)
n-bit k-bit

Variations in a PUF can be too small .
▪ Variations must be “active y” enhanced/created
→ exploiting time-dependent variability
ord ine
bit
ine
bit
ine
VT=0.31V VT=0.3V
60%
40%
“1” “0”
“0” “1”
Prone to transient
fluctuation and aging
Can we increase this VT to 0.4V?

Increase mismatches through burn-in .
VT
Percentage
Burn-in
VT
Percentage
For example:
▪ VT of the two transistors originally follow the same distribution
▪ The distribution can be separated by applying burn-in mechanism

SRAM PUF enhanced by BTI effects .
▪ Program the SRAMs oppose to the power-up state
– Mismatch increased due to BTI stress
▪ Time consuming and partially recoverable
ord ine
bit
ine
bit
ine
weak
nBTI
Becomes weaker
→ Less difference
0
VDD
power-up
ord ine
bit
ine
bit
ine
0 VDD
program
weak
nBTI
Even weaker
→ More difference
Don’t keep the
power-up pattern
*BTI: biased temperature instability
R. Maes, “Countering-the-effects-of-silicon-aging-on-SRAM-PUFs,” Symp. HOST 2014

• BER=0% is reached for 125s stress → effective but takes too long
• Resulting HD~0.47 → uniqueness is affected by peripheral circuits
SA PUF enhanced by hot-carrier injection .
mismatch
M. Bhargava, et. a , “A high re iabi ity PUF using hot carrier injection based response reinforcement,” CHES 2013

Outline .
1. Recap

+
-
V
stress
Vstress
0 0
Stress
Irreversible→ reliable
Metal Gate
Substrate
Traps
Oxide
Metal Gate
Substrate
+
-
V
stress
Percolation path
Substrate
Metal Gate
Wearout
Soft Oxide Breakdown
(Tunneling)
V
stress
+
-
Highly reliable PUF using oxide tunneling .
▪ MOSFET devices have an insulating gate oxide layer
▪ Traps are generated by voltage stress, eventually form a tunneling path
▪ Tunneling path will not vanish after being generated

Quantum Tunneling PUFs .
“0” “1”
50% 50%
[Chuang, JSSC 2019]
[Wu, ISSCC 2018]
50% 50%
“0” “1”
▪ Only one tunneling path will be generated in two of the NMOS transistors
▪ Reading out the tunneling current of PUF cells → deriving PUF bits

The self-limiting mechanism .
▪ Current and voltage are limited by the PMOS selector
▪ Ensuring only one BD (tunneling) spot in a PUF cell
Δ = Vstress - VDS
Vstress
VG VDS
IBD
Reduced stress voltage
→ No breakdown
Limited BD current
→ Only soft-BD
Define saturation current
(current limit)
Vstress
VG
Apply constant voltage stress
Time to
breakdown (tBD)
Chuang, et. al, A Physically Unclonable Function Using Soft Oxide Breakdown Featuring 0% Native BER and 51.8fJ/bit in 40nm CMOS, JSSC 2019

Outline .
1. Recap

PUFsecurity
page 38
page 38
Conclusion .
To ensure the correctness of PUF-based security app ications …
▪ Reliability of PUFs is with high importance
▪ Conventional reliability improvement methods are insufficient
▪ Highly reliable Quantum Tunneling PUF is introduced
… brings up reliable and efficient security solutions

PUFsecurity
page 39
page 39
Outlook .
Coming up:
▪ Popular circuit implementation of PUFs
▪ Detailed design and analysis of quantum tunneling PUFs
▪ Benchmark of popular PUF implementations
▪ Examples of PUF-based security applications

Thank you!
More educational materials? Feel free to follow us!

PUF_lecture2.pdf

Recomendados

Recomendados

Más contenido relacionado

Similar a PUF_lecture2.pdf

Similar a PUF_lecture2.pdf (20)

Más de shannlevia123

Más de shannlevia123 (9)

Último

Último (20)

PUF_lecture2.pdf