ABSTRACT With rapid advances in edge computing and the Internet of Things, the security of low-layer hardware devices attract more and more attention. As an ideal hardware solution, field programmable gate array (FPGA) becomes a mainstream technology to design a complex system. The designed modules are named as intellectual property (IP) cores. In this paper, we consider both misappropriation of hardware devices and software IPs in edge computing and propose a PUF-based IP copyright anonymous authentication scheme. The scheme utilizes the double physical unclonable function (PUF) authentication model. Both the parties generate the challenge jointly in authentication to avoid replay attack and modeling attack on PUF circuit. The complexity of authentication is greatly reduced. Besides, the server of FPGA vendor is unnecessary to store all the challenge response pairs (CRPs) of each PUF-based chip due to the use of the double PUF authentication model. It saves the system resource and achieves better security. To protect software IP, IP core vendor inserts copyright information and anonymous buyer identity information into the design before trading. The anonymity of the buyer ensures the benefits of the buyer. With the participation of trustable device vendor, infringement behavior can be traced according to extracted fingerprints. The experiments show that the resource overhead of the proposed scheme is reduced by 61.96% and 31.61% by comparing with 2-1 DAPUF and built-in self-adjustable PUF. Besides, PUF stability is 99.54%. It demonstrates the good performance of the proposed scheme.
I. INTRODUCTION
With rapid advances in Internet-of-Things (IoT) and edge computing, hardware security is widely concerned by researchers and institutes all over the world [1] . As core components of hardware devices in edge computing, security of Field Programmable Gate Array (FPGA) design modules
The associate editor coordinating the review of this manuscript and approving it for publication was Junaid Shuja.
should not be neglected [2] . Due to integrated circuit (IC) manufacturing process, there are some inevitable differences in threshold voltage and oxide thickness of each produced chip [3] . Therefore, the physical structures of different chips have random differences even in the same manufacturing environment. The difference is similar to the human fingerprint, iris and palm print. It will not affect normal functionality of chips, but can be used as unique intrinsic characteristic to identify chips. On basis of human identity authentication, VOLUME 7, 2019 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ researchers presented to use the unique manufacturing difference in physical structure to recognize identity of chips. The difference is named physical unclonable function (PUF), which is a microcircuit to extract the manufacturing characteristic from a complex physical system [4] . It will produce a unpredictable unique response for an arbitrary input challenge due to the inevitable random differences in chip manufacture [5] , [6] . Many PUF circuits with different types are proposed by research institutes and semiconductor companies in recent years, which are widely used in the fields of intellectual property (IP) protection [7] , secret key generation and device authentication, etc [8] .
FPGA is a semi-custom circuit in Application Specific Integrated Circuit (ASIC). It is widely used in IoT and edge computing environment due to its good programmable and reconfigurable capabilities [9] . In the view of security, IP protection techniques implemented on FPGA have better flexibility and require no extra resource overhead by comparing to that on the traditional custom circuit. Therefore, PUF technology can be used for FPGA protection [10] . The unique intrinsic characteristic can be extracted by PUF as secret key, namely challenge response pair (CRP), which can be used as identity of a chip. In device licensing or authentication [11] , [12] , identity of a chip can be recognized by comparing the PUF response to the registered one.
Researches on PUF-based IP protection can ensure security of FPGA designs at the hardware level, thereby the ability of hardware circuit to resist attacks is enhanced. In this work, the participators and security issues of the entire IP trading procedure are considered. A PUF based anonymous IP authentication scheme is proposed by using PUF and digital fingerprint techniques. A double PUF structure is proposed to authenticate both hardware FPGA and software IP. Therefore, FPGA vendor is unnecessary to store all CRPs in advance, thereby achieving good superiority in resource overhead, security and applicability. IP vendor can insert copyright information and anonymous identity of IP buyer into IP core before IP trading. It can realize passive IP protection and infringement tracing. The anonymity could protect benefits of IP buyer and track misappropriation behavior with participation of trustable device vendor.
This work is organized as follows. Section II analyzes previous PUF-based IP authentication schemes. Section III introduces the proposed double PUF model. In section IV, the PUF-based anonymous IP authentication is proposed. The security is analyzed in section V. Section VI evaluates experimental result. Finally, this paper is summarized.
II. RELATED WORK
PUF is a novel technique to extract a ''secret'' from the complex physical system [13] . It utilizes inevitable random difference in hardware manufacturing and generates a secret with unique characteristic. Many PUF implementations with various types are proposed in recent years. Based on the implementation principle, PUF can be classified into delay-based PUF (arbiter PUF, Ring Oscillator PUF) and storage-based PUF (SRAM PUF, butterfly PUF). For the number of CRPs, there are strong PUF and weak PUF. The former (such as arbiter PUF) has numerous CRPs and is widely used in device authentication. The later has less CRPs and is mainly used in key generation. PUF input is challenge (C) and the output is response (R). In general, it appears as a challenge-response pair. The relationship between C and R can be represented by PUF(C) = R. R is different for different C, which can be evaluated by inter-hamming distance. The difference of R by inputting the same challenge to a PUF can be measured by the intra-hamming distance. In the ideal situation, the response of a PUF for the same challenge will not be changed even the PUF is affected by external environmental factors, such as temperature and noise. The inter-hamming distance and intra-hamming distance can be intuitively shown by histogram.
The concept of PUF is firstly proposed by Pappu et al. [14] . After that, researchers all over the world attempt to focus on PUF based copyright protection techniques. Li et al. [15] utilized PUF, data selector and reconfigurable logic to hide original logic functions, thereby preventing illegal attackers obtaining complete circuit netlist by reverse engineering. This technique is suitable for combinational and sequential logic circuits. Simulation results show the technique can realize high security with less than 10% area overhead. Kumar et al. [16] proposed a SRAM based ''butterfly'' PUF (BPUF) and a novel IP protection protocol. The proposed PUF utilized an unstable cross coupling circuit. Namely, the inverter is changed to a latch or trigger. The latch can store the circuit signal and can be cleared or reset. Realtime measurement is realized without being powered on. BPUF is suitable for all types of FPGAs. Besides, this team proposed a public key cryptography algorithm for FPGA IP protection [17] . It is unnecessary to store the key into FPGA device, thereby greatly improving the security of this algorithm. The improvement on security is realized with the cost of extra hardware overhead, but will not obviously degrade the performance.
To ensure the legality of IP core and make it use in a licensed device, Gora et al. [18] extracted 128 bit secret key by a PUF in FPGA and used it to encrypt software IP core. Therefore, an IP core is binding to a specific FPGA device. This scheme assumes system integration vendor is completely trustable. All CRPs of PUF in FPGA are stored by the system integration vendor. Simpson et al. [19] used PUF to authenticate the third party IP and hardware platform. In this protocol, the trustable third party (TTP) knows IP content, thereby it may cause IP leakage caused by the untrustable third party. To address this issue, the authors in [20] proposed a novel PUF structure, and improved the authentication protocol. In this protocol, TTP cannot obtain the content of IP core. The proposed PUF is utilized to generate the secret key for encryption and the message authentication code. The message code can be used to authenticate the originality of IP cores since encryption cannot realize authentication. Zhang et al. [21] , [22] proposed several FPGA IP protection methods to resist illegal replay attacks. Besides, they also proposed a delay-based PUF to protect FPGA IP core [23] . The above methods achieve good security but cause large hardware overhead. The author in [24] proposed a RO-PUF with low overhead and high performance to protect FPGA copyright. In authentication, all CRPs should be directly transmitted. If they are captured by illegal attackers, it will pose a great threat on the security of PUF, especially for strong PUF.
In this work, we consider the random difference in chip manufacturing and propose a PUF based anonymous IP authentication scheme to authenticate both the hardware chip and software IP. Firstly, a physical and simulated double PUF authentication model is proposed. In hardware authentication, it is unnecessary to transmit all CRPs, achieving better ability against modeling attacks. The authentication parties can jointly generate the challenges of PUF and the response is matched for authentication. It can resist the replay attacks. In authentication, IP watermark and anonymous information of IP buyer can be inserted into the design for IP protection and infringement tracing. The previous IP watermarking techniques can be directly used in the proposed method without additional modification. Only legal IP buyer can use IP core. If IP infringement occurs, the seller can track the illegal distribution and provide creditable evidences. It can prevent the dishonest seller acting as legal IP buyer to obtain compensation. Meanwhile, the identity of honest buyer is not leaked in authentication.
III. PUF-BASED AUTHENTICATION MODEL
In this section, an improved arbiter PUF is realized on FPGA and a double PUF copyright authentication model is designed based on the improved PUF structure. This section will introduce various modules of the PUF structure and illustrate the designed PUF authentication model.
A. PUF CIRCUIT MODEL
This section proposes a referenced improved arbiter PUF and its implementation on FPGA by considering the feature of IP protection protocol and the principle of arbiter PUF. As shown in Fig.1 , the PUF includes three modules, challenge generation, PUF feature extraction and signal voting respectively.
1) CHALLENGE GENERATION MODULE
The challenge generation module includes linear feedback shift register (LFSR) and mixing function. The random challenge signals generated by lightweight LFSR will be inputted to mixing function, thereby generating several groups of testable challenge signals. In ideal situation, a n level LFSR should have the characteristic of the maximum length sequence and the generated sequence satisfies the random characteristic of Golomb assumption. A n level LFSR consists of n flip-flops and several xor gates, as shown in Fig.2 .
Where D denotes the flip-flop. f 0 , f 1 , f 2 , . . . , f n is feedback coefficient with the value of 0 and 1. f i = 0 represents no feedback path in the circuit and f i = 1 represents feedback path existing in the circuit. Initial challenges act as the input of LFSR. A new challenge will be generated by cyclic shift and sent to mixing function for producing multiple groups of challenges. The mixing function depends on the number of paths and levels of arbiter PUF. The extension function outputs the multiple groups of challenges to the PUF circuit. For instance, 2-XOR PUF generates a 128-bit response. It requires two groups of 128-bit challenges generated by mixing function and acted as PUF input.
2) PUF-BASED CHARACTERISTIC EXTRACTION MODULE
The proposed PUF structure belongs to arbiter PUF. It is a strong PUF and can provide numerous CRPs for specific application. Therefore, arbiter PUF has good ability against replay attacks due to the large number of CRPs. As arbiter PUF is not realized by detecting the absolute delay of a specific path, but by checking the relative delay difference of two symmetric paths. The PUF structure consists of multiplexer and arbiter, as shown in Fig.3 . The multiplexer has two input ports and two output ports. Each multiplexer and inner delay are various due to the manufacturing process. When a signal passes through the path, the delay time is different. If a challenge C = 0, the signal will pass through two paths directly. If C = 1, the signal will pass across the paths. By comparing the delay difference, if the top signal reaches the arbiter firstly, the arbiter will output 1. Otherwise, it will output 0. However, the implementation of the traditional arbiter PUF on FPGA is difficult due to the coupling paths between multiplexers. It leads to asymmetric wiring, thereby the PUF response has low uniqueness. To address this issue, the authors in [25] proposed a double arbiter PUF. It effectively improves the uniqueness, but causing the growth of FPGA resources exponentially. On this basis, the authors in [26] pointed that, the coupling paths between multiplexers should be eliminated to realize symmetric wiring on FPGA. It can ensure good uniqueness of PUF response and reduce hardware resource of PUF. However, technique of [26] mainly reduces resource consumption of traditional arbiter PUF, which still has defects in terms of uniqueness and stability.
The proposed PUF structure is based on technique in [26] to reduce resource overhead of traditional implementation. The xor operation on outputs of two arbiter PUFs can effectively improve the uniqueness of PUF. Besides, signal voting module is added in PUF to generate a stable response. This module follows the principle of minority subordinate to majority. The challenges are inputted into PUF circuit. The signal voting module will select the signal which appears more times as PUF response.
The PUF is implemented on Xilinx Virtex5, as shown in Fig.4 . Here, both MUX components in each delay node are constituted by Slice MUX in Fig.5 . As each slice includes four 6-inputs lookup table (LUT), several multiplexers, and other logic resources in Virtex5 FPGA. LUT is the basic unit to realize logic function. It can implement a 4:1 multiplexer, thereby a slice can implement four 4:1 multiplexers. Similarly, four LUTs (namely a slice) can implement a 16:1 multiplexer. Besides, there are three specific multiplexers in Virtex5, F7AMUX, F7BMUX and F8MUX respectively. They can realize a 16:1 multiplexer with 11 control signals by combining the LUTs. The paths are parallel and the control signals only change the transmission paths of signal within Slice MUX. The symmetry is easily realized in FPGA due to the parallel structure and the same structures of slices.
3) SIGNAL VOTING MODULE
The signal voting circuit can select an output value which appears more times as the response by repeatedly inputting a challenge for several times. It follows the principle of minority subordinate to majority. It can avoid bit flipping caused by occasional factor and keep the stability of response with less hardware resources. In traditional implementation, error correction algorithm is widely used to realize stability. However, large hardware overhead is required, which is not suitable for lightweight PUF.
The structure of signal voting circuit is shown in Fig.6 . The sampling counter ct is used to sample the decision result sr for several repeated challenges. r maj represents the output that appears more times in sr. t maj denotes times of r maj . Firstly, the parameters of signal voting circuit are initialized. ct and t maj are set as 0. When the challenge is given, ct starts sampling and the first response sr is used as initial value of r maj . t maj adds 1. If the second response is equal to r maj , t maj adds 1. Otherwise, t maj reduces 1. When t maj = 0, sr is compared to r maj . If they are not consistent, r maj is changed by sr. Above operations are repeated until the sampling finishes. The valid output of signal voting circuit is the value of r maj .
B. DOUBLE PUF AUTHENTICATION MODEL
The security of arbiter PUF is widely concerned in recent years. Arbiter PUF is a type of strong PUF [27] . PUF is unclonable. Namely, a simulated model with similar behavior to original physical PUF cannot be built based on PUF CRPs. However, existing arbiter PUFs can be modeled by software with enough CRPs. PUF response mainly depends on challenge C and inner delay vector ω of PUF. ω can be calculated with enough PUF CRPs. The PUF model can be simulated by using machine learning algorithm. If an illegal attacker captures enough CRPs, the modeling attacks will be probably realized.
In previous PUF-based authentication techniques, CRPs generated by PUF are stored in database at the initial stage. The CRP will be removed from the database after a round of authentication. It can resist replay attacks. The defect of these techniques is FPGA vendor stores numerous CRPs. For strong PUF, the number of CRPs grows exponentially with the IC area. The recorded CRPs in registration may greatly exceed the requirements in authentication. The transmission of PUF CRPs requires secure channel to avoid machine learning attacks.
In this work, a double PUF authentication model is proposed, as shown in Fig.7 . In this model, FPGA manufacturer uses the simulated model and the physical PUF is deployed in chip. Legal manufacturer will set an access point for original PUF, from which the PUF CRPs can be collected. The collected CRPs can be legally analyzed and used to establish a simulated model. The access point will be destroyed permanently after the model is successfully built. The authors in [28] pointed that, a PUF model with accuracy rate of 90% and error rate of 10% can be built with only 1000 CRPs in a short time. It is mainly simple PUF and the CRPs are completely leaked. Simulated PUF has similar behavior with the original physical PUF and can be used in identity authentication.
The response of n level arbiter PUF depends on delay difference of signal on each path, namely, the delay sum of all paths. The delay difference is related to the challenge signal. Therefore, µ 1,i and µ 0,i respectively denote the delay difference related with challenge ''1'' and ''0'' on the i − th path of n level arbiter PUF. FPGA manufacturer measures all CRPs of each chip via the access point and establishes the simulated model. For m level arbiter PUF, delay vector ν = (ν 0 , ν 2 , . . . , ν m ) can be calculated to build the simulated PUF model, as in (1) . At the output end, total delay D is the product of transposed delay vector and the characteristic vector ϕ of chal-
The characteristic vector ϕ of challenge C can be represented by equation (2) .
In this model, PUF challenge is constituted by the random numbers from both authentication parties. Malicious attackers cannot completely control PUF challenge in an round of authentication. All PUF CRPs are not transmitted directly. Therefore, attackers are difficult to capture enough CRPs for modeling attacks. In PUF implementation, outputs of arbiters are performed by xor operation to enhance the resistance against attacks. Besides, the benefits of participators in IP trading are considered in this work. The digital watermark is used to protect IP copyright and the piracy of IP buyer. Some existing watermarking techniques can be directly used in the proposed scheme without extra modification.
IV. ANONYMOUS IP AUTHENTICATION SCHEME A. PARTICIPATORS IN IP TRADING
This work considers authentication both in software and hardware, mainly involving device authentication and IP authentication. The former is to authenticate the legality of chip and the latter is to protect copyright of IP owner. In entire IP trading, various participators should satisfy security protocol to guarantee their benefits.
The participators in IP trading are shown in Fig. 8 , involving FPGA vendor, IP vendor, system integration vendor, trustable third party, etc [29] . FPGA vendor (FV) relates to the semiconductor companies of FPGA, such as Xilinx, Altera. IP core vendor (CV) is companies or individuals who design and implement an IP core. System developer (SD) utilizes the hardware from FPGA vendor and IP core from IP vendor to design a complex system. The trustable third party is assumed as an authority institute that can be trusted by other participators. It can deal with data storage, processing and transmission.
FV manufactures a new type of FPGA every 12 to 18 months. The entire flow requires numerous efforts in design, manufacturing and verification. The number of transistors at a single silicon is limited. Therefore, FV only implements embedded function in FPGA for majority of users or minority of big customers. FV has two considerations. On one hand, FPGA design should be protected from reverse engineering, illegal copy, leakage or tampering. On the other hand, some security measures are provided to protect the design of IP user and secure trading of IP core.
SD integrates the bought IP designs into a complex system. These IP designs may come from different IP vendors. The system will be realized by following IP integration rules. The protection of system should consider the cost of implementation and make it valid in the whole surviving cycle.
CV can be FV or other companies to design and sell IP cores. After an IP core is successfully verified, CV can sell IP core with different types based on the design level. The main concentration of CV is to ensure IP cores being used by legal IP buyers after trading. Malicious infringement and resale of IP cores should be avoided. Besides, IP copyright can be authenticated and infringement can be tracked when IP infringement occurs.
TTP can deal with data storage, processing and transmission in authentication protocol. It is easy to add a third party in protocol. However, it will cause many problems in practice. TTP stores lots of critical information and is vulnerable to illegal attacks, such as denial of service (DoS). FV has direct relationship with SD and CV. In this protocol, FV is regarded as TTP to simplify communication complexity of PUF-based IP trading protocol.
B. PROTOCOL IMPLEMENTATION
The proposed anonymous IP authentication protocol includes registration, IP trading, copyright authentication and tracing.
1) REGISTRATION
The registration protocol includes chip registration, IP registration and SD registration, as shown in Fig.9 . The content is described as follows.
• FPGA Registration The PUF module will be inserted into each manufactured chip F i . For a chip ID(F i PUF ), PUF CRPs will be tested and used for analyzing the delay attribute. The delay vector of PUF is then stored into database DB for authenticating the identity of ID(F i PUF 
ID(CV
FV is assumed to be trustable. But in registration stage, CV sends the hash message and description of IP to FV for ensuring security of IP content. After allocating • SD Registration SD needs to buy software IP design and FPGA device from CV and FV to realize the complex system. For registration, SD sends the identity S SD i to FV. FV generates random number N s and a symmetric key Key FS after receiving registration information from SD. The following equations are calculated. Fig.10 and the content is illustrated as follows.
ID(SD
Step 1: CV stores ID(IP i ) and IP i into database, issues ID(IP i ) for trading IP i .
Step2: SD sends {ID(SD i ), ID(IP i ), ID(F i PUF )} to FV and applies fingerprint for IP trading.
Step3: FV verifies legality of ID and generates random number N i for calculating a temporary identity of SD by equation 10 and a disposable trading password by 
ID t i = ID(SD i ) ⊕ N i
(10)
Step4: SD receives the temporary identity ID t i and password P i for IP trading. After that, SD generates a random number a, calculates R(a) and sends 
{ID(F i PUF ), ID t i , a, R(a), ID(IP i
)
IP w i ) is obtained. {b, ID(F i PUF ), E(R F i PUF
: IP w i )} is sent to SD.
Step12: SD i receives E(R F i PUF
: IP w i ) and calculates a combined challenge with a and b. The response is then generated as a key to decrypt IP w i , making it run normally.
In each trading procedure, SD will apply a unique fingerprint to ensure the anonymity of trading. Even the same SD buys IP cores for several times, CV knows nothing about the real identity of trading customer. IP w i realizes passive copyright authentication and tracing after active encryption protection is cracked. The temporary identity ID t i of SD and the signature of CV can be used as fingerprint of IP buyer and copyright information respectively. In the anonymous IP authentication scheme, the identities of SD i and CV i should be firstly authenticated to prevent the decrypted IP cores being obtained by illegal users. In the double PUF authentication model, FV will generate a random number a as challenge to verify the legality of CV i . It is unnecessary for FV and CV i to store all CRPs in advance, thereby it has good superiority in resource overhead, security and applicability.
• There are two authentication processes before IP decryption. 
3) COPYRIGHT AUTHENTICATION AND INFRINGEMENT TRACING
In this section, we consider hardware authentication and software IP authentication. Assume there are two cases.
• Legal SD buys hardware FPGA device from seller.
He can send ID(F i PUF ) to FV to authenticate the legality of the device. FV searches the database to determine whether the hardware ID exists. If so, a randomly selected CRP is returned to SD for authentication. VOLUME 7, 2019 After receiving the authentication information, SD calculates PUF response with the challenge. If the response is equal to that from FV, hardware identity is legal. Otherwise, SD can inform FV the forged behavior. Both SD and FV can track the initiator of forging and pursue their infringement.
• If CV finds IP core is misappropriated illegally, he can apply to authenticate IP copyright. CV sends the identity ID(IP i ) of suspected IP and ID(F i PUF ) to FV. With participation of FV, ID t i and S SD i will be extracted from the suspected IP. If the extraction is successful, IP copyright can be proven. FV uses the extracted temporary identity ID t i of SD, and search ID(SD i ) and real identity to track the infringement.
V. SECURITY ANALYSIS
The security analysis mainly involves counterfeit attack, modeling attack, replay attack and anonymity. For counterfeit attack, illegal attacker pretends to be legal participator and steals key information. Modeling attack learns the response of PUF in protocol and builds a PUF model with similar behavior to the original. Replay attack uses historical challenges to generate corresponding response key. Anonymity is that the participator uses temporary identity for privacy protection. Concrete analysis is illustrated as follows.
A. COUNTERFEIT ATTACK
In the proposed protocol, an attacker cannot pretend to be a trustable FV. FV is a trustable participator with responsibility for registration, authentication, etc. PUF hardware circuit is implemented in manufactured chip. CRPs of PUF are analyzed to build PUF model. An attacker needs to obtain all information of device and trading, thereby he can pretend as an illegal FV. However, it is very difficult for an attacker to obtain these information since they are critical to FV. Besides, SD and CV encrypt both identities by public key for FV before transmission. Only trustable FV can decrypt and get the real identity information. Take SD 
B. MODELLING ATTACK
Modeling attack is the biggest threat for arbiter PUF. PUF response R mainly depends on challenge C and inner delay vector ω. With enough PUF CRPs, the inner delay vector ω can be calculated and used for modeling a simulated PUF. An attacker may use machine learning to perform modeling attack. A suitability function f (.) is required to determine which PUF model is closest to the original one with a given ω. However, machine learning is only suitable for those single and simple PUFs. As xor operation can mix PUF response and improve PUF security effectively. In the proposed protocol, PUF challenges are constituted by random numbers from both authentication parties. Malicious attackers cannot control a complete PUF challenge in one round of authentication. The protocol will not transmit all CRPs directly. FPGA manufacturer implements a PUF in each manufactured chip and tests all PUF CRPs via an access point. After building a simulated PUF with the CRPs, the access point is destroyed permanently. The simulated PUF has similar behavior with the original one. FV can use the model to authenticate the device with the original PUF. Besides, an attacker requires N min CRPs at least to realize modeling attack on a N level PUF [27] . Here, N min = N /e. e is an error threshold. If the PUF model has an accuracy rate of 90%, the error threshold is 10%. In this work, 2-XOR PUF is used which has better security than the traditional one. In the double PUF authentication model, an attacker is difficult to obtain enough complete CRPs for modeling attack.
C. REPLAY ATTACK
The ability against replay is analyzed in two aspects. On one hand, transmitted CRPs cannot be captured by illegal attacker in hardware authentication. PUF challenges are generated jointly by FV and SD to avoid an attacker capturing complete challenge. In the worst case, the attacker can obtain a half challenge. The proposed PUF structure has good performance on avalanche effect. Namely, One changed bit of PUF challenge will cause over half of PUF response bit flipping. Attackers cannot realize replay attack even he captured half of PUF challenge. On the other hand, legal SD may forge IP copyright by replay attack and pretend as IP owner. In registration, CV applies to FV for identity authentication and IP registration. When CV requires to authenticate IP ownership, he can extract identity information and the temporary identity of the buyer from IP design. FV can participate the authentication. FV can track the real identity of IP buyer with the temporary identity. The existence of trading record can be proven. However, malicious SD may also extract a forged copyright information. But it cannot convince FV and CV. In the worst case, malicious SD removes the copyright information of CV and the fingerprint of IP buyer, thereby IP design loses passive protection. In this case, hash message of IP design is compared to the stored one of FV. If both are consistent, the counterfeit behavior of SD is proven. However, If SD inserts the fingerprint in IP design and inserts his own signature. The hash message will be different with that in the database of FV. If the trading record exists, IP bitstream can be also analyzed. If the result exceeds the threshold, SD is also probable to forge the IP copyright. 
D. ANONYMITY
In registration, trustable FV calculates identity of SD with the real identity information S SD i and a random key N s . In the trading procedure, FV will generate a new temporary trading identity ID t i for SD with ID(SD i ) and N i . The temporary trading identity ensures privacy and security of IP buyer. The anonymous identity of SD will be sent to CV and inserted into IP design as the tracking evidence of infringement. Anonymity makes illegal CV difficult to pretend as legal SD to resell IP and falsely accuse SD for compensation. If SD resells IP illegally, CV can extract the identity information to prove IP ownership. The extracted anonymous identity of SD can be sent to FV for tracking the infringement.
VI. EXPERIMENT ANALYSIS
In this section, the experiments are conducted on Xilinx Virtex5 FPGA for performance evaluation. The design tool ISE, logic synthesis software Synplify, simulation tool Modelsim are used in experiment. The PUF circuit is implemented in Virtex 5 FPGA device. After that, a 128-bit binary sequence is generated by random function and preset in the LFSR for challenge generation. With the shift pulse, the generated challenge will be inputted to PUF circuit, producing a PUF response. This section mainly evaluates the resource overhead and PUF performance.
A. RESOURCE OVERHEAD
This work implements a 128-bit PUF response via 2-XOR PUF circuit. Except the hardware resource overhead of PUF itself, the assistant modules such as challenge generation, extension function, signal voting will also consume hardware resources. The comparative PUFs are respectively 2-1 DAPUF [25] and built-in self-adjustable PUF [30] . The comparison result is listed in Table. 2 As show in Table. 2, the proposed PUF has good performance in resource overhead. The built-in self-adjustable PUF determine the delay of two delay paths in implementation. It achieves good uniqueness and stability of PUF by the cost of hardware resources. 2-1 DAPUF includes two arbiters. XOR operation is used to improve the uniqueness. The proposed PUF uses four delay paths, but resource overhead is reduced by 31.61% by comparing to the self-adjustable PUF, and 61.96% by comparing to 2-1DAPUF.
B. PERFORMANCE EVALUATION
This section evaluates the randomness, stability and uniqueness for PUF. The calculation equations of these metrics are referenced from [9] and the evaluation results are analyzed.
1) RANDOMNESS
PUF generates an unpredictable response. Namely, PUF response with good randomness is difficult to predict by inputting a challenge, thereby achieving better security. Generally, the number of 0-bit and 1-bit are the same in the response signal. In other words, the ratio of 0 and 1 are close to 50% respectively in the response of the PUF, which demonstrates good randomness. The randomness can be represented by equation (12) . Here, RD is quantified value of randomness. l denotes the index of a certain bit in response. r i,l is the bit value at the l-th position.
By sampling the generated 128-bit PUF response, the distribution of 0-bit and 1-bit are recorded. The result shows that RD is 48.64%. The difference to ideal value is only 2.36%. The performance in randomness is encouraging.
2) STABILITY
Stability means the response of a PUF is reliable. It can be quantified by intra variance, which represents the number of changed bits in the response signal by inputting the same challenges to a PUF in different environments. In theory, the response will not be changed. However, it will be affected by external factors. If the differences among multiple responses for the same challenges fall into the range of the preset threshold, it will be acceptable. The intra variance is measured by HD intra . The value of HD intra close to 0 illustrates good stability of the PUF. Let m and n be the number of responses and the number of bits in response respectively. R i,k represents the response in k-th round. On this basis, the stability of PUF can be calculated by equation (13) .
In this experiment, a random challenge is generated to evaluate the stability of response. FPGA device is partitioned into 15 regions and each can implement an independent PUF circuit. A challenge is repeatedly inputted to a PUF in each region for five times. The hamming distances of responses are recorded. In each region, there are 10 results for every two PUF responses. For different regions, there are 15 groups of results by repeating the challenge.
In Fig.11 , x-axis is the percentage of hamming distance and y-axis is density of hamming distance in a region. The statistics of 150 hamming distances show that, about 71.3% of results falling within 0 ∼ 1%. Namely, majority of PUF responses has the instability less than 1%.
In Fig. 12 , x-axis is the region and y-axis is the stability percentage of PUF. By repeating a challenge for several times, the PUF in a region will generate a constant response in theory. By equation (13) , if the response is constant, HD intra is equal to 0 and the stability is 100%. The evaluation result for each point at x-axis can be regarded as an average value of multiple PUFs. Due to the use of signal voting module, PUF will select the output that appears more times as the final response. The average stability value is 99.54%.
Besides, we evaluate the impact of environmental factor such as temperature on PUF stability. A hairdryer is used to simulate the environmental temperatures from 25 • C to 70 • C. The stability of PUF in a region is evaluated in environment of different temperatures and the result is shown in Fig.13 . When temperature is changing from 25 • C to 70 • C, the instability of PUF falls within 1%, thus demonstrating a good stability.
3) UNIQUENESS
Uniqueness represents the response of a PUF is unclonable. It can be quantified by inter-variance. The PUF with the same structure is deployed into different chips. The intervariance can be measured by the number of different bits in the response signal by inputting the same challenge to the deployed PUFs. The difference of physical structure of IC is randomly distributed. Thus the structures of different chips should be unclonable. Uniqueness can be evaluated by (14) .
Here, HD inter is the average inter hamming distance. HD(R i , R j ) is the inter hamming distance of two PUFs. R i and R j are the response of i-th and j-th PUF. t denotes the number of PUFs in experiment. The quantified value of uniqueness is calculated by the average value of hamming distances between response pairs of t-th PUF.
In this experiment, the regions of FPGA is also 15 and each implements a PUF to simulate PUF implementation on different chips. With the same challenges, the number of 0-bit and 1-bit in PUF responses are recorded. The hamming distances between pairs of responses are also calculated, producing 105 results. The density distribution of these hamming distances is shown in Fig.14 . In this figure, x-axis is percentage of hamming distance and y-axis is the distribution density of hamming distance in a region. High histogram demonstrates large distribution density of hamming distances in a certain region.
The same PUF implemented in different chip will generate different responses by using the same challenges. In ideal case, the difference may be 50%. However, the evaluated Finally, Table. 3 lists the comparison of three PUFs. The first column is ideal values for various metrics. The selfadjustable APUF improves PUF uniqueness and randomness by the self-adjustable module. It has better randomness than the proposed PUF, but causing more hardware resources. By comparing to self-adjustable PUF and 2-1 DAPUF, the proposed PUF improves the stability by 7.17% and 12.86% respectively. The uniqueness of the proposed PUF is slightly improved than 2-1 DAPUF.
VII. CONCLUSION
Hardware authentication issues are critical in edge computing and IoT environment. To address this issues, a PUF based anonymous IP authentication technique is proposed for both hardware FPGA and software IP designs. When an infringement occurs, the double PUF protocol can be used for authentication. In hardware authentication, challenges information is jointly generated by both authentication parties. It can resist against replay attack and modeling attack. In the double PUF authentication protocol, FPGA vendor is unnecessary to store numerous PUF CPRs, which saves plenty of storage. The IP copyright information and anonymous identity of IP buyer will be inserted into IP design before trading. It realizes passive IP protection and infringement tracing. The anonymity can protect benefits of IP buyer and track IP infringement with the participation of trustable device vendor. His research interests include parallel and distributed processing, GPU/many-core computing, and big data and cloud. He is a member of the AAAS, a Life Member of the TACC, and a Fellow of the IET. He received distinguished and chair professorships from universities in China and other countries, and a recipient of awards and funding support from several agencies and high-tech companies. He has been actively involved in several major conferences and workshops in program/general/steering conference chairman positions and has organized numerous conferences on high-performance computing and computational science and engineering. 
