Memory-based Combination PUFs for Device Authentication in Embedded
  Systems by Sutar, Soubhagya et al.
Memory-based Combination PUFs for Device
Authentication in Embedded Systems
Soubhagya Sutar, Arnab Raha, and Vijay Raghunathan
School of Electrical and Computer Engineering, Purdue University
{ssutar,araha,vr}@purdue.edu
Abstract—Embedded systems play a crucial role in fueling
the growth of the Internet-of-Things (IoT) in application do-
mains such as health care, home automation, transportation, etc.
However, their increasingly network-connected nature, coupled
with their ability to access potentially sensitive/confidential infor-
mation, has given rise to many security and privacy concerns.
An additional challenge is the growing number of counterfeit
components in these devices, resulting in serious reliability and
financial implications. Physically Unclonable Functions (PUFs)
are a promising security primitive to help address these concerns.
Memory-based PUFs are particularly attractive as they require
minimal or no additional hardware for their operation. However,
current memory-based PUFs utilize only a single memory tech-
nology for constructing the PUF, which has several disadvantages
including making them vulnerable to security attacks. In this pa-
per, we propose the design of a new memory-based combination
PUF that intelligently combines two memory technologies, SRAM
and DRAM, to overcome these shortcomings. The proposed
combination PUF exhibits high entropy, supports a large number
of challenge-response pairs, and is intrinsically reconfigurable.
We have implemented the proposed combination PUF using a
Terasic TR4-230 FPGA board and several off-the-shelf SRAMs
and DRAMs. Experimental results demonstrate substantial im-
provements over current memory-based PUFs including the
ability to resist various attacks. Extensive authentication tests
across a wide temperature range (20◦C- 60◦C) and accelerated
aging (12 months) demonstrate the robustness of the proposed
design, which achieves a 100% true-positive rate and 0% false-
positive rate for authentication across these parameter ranges.
I. INTRODUCTION
The Internet-of-Things (IoT) is one of the fastest growing
technologies across all of computing, revolutionizing a number
of application domains such as industrial manufacturing, home
automation, wearable computing, etc. However, this rapid
proliferation has brought with it a plethora of new security and
privacy concerns [1], [2]. Further, with hardware components
(ICs and IP cores) being sourced from manufacturers across
the globe, instances of counterfeiting/piracy have increased
steadily, leading to serious reliability implications and sub-
stantial revenue loss (over $100 billion annually [3]).
Hardware-intrinsic security mechanisms such as Physically
Unclonable Functions (PUFs) offer a secure, low-cost, and ro-
bust solution for addressing these challenges [4]. PUFs exploit
the random variations inherent in the manufacturing process
to extract unclonable and instance-specific keys (fingerprints)
from hardware components. The instance-specific nature of
the keys enables us to uniquely identify and authenticate each
device [4], [5] based on a challenge-response mechanism,
thereby addressing the problems of access control as well
as counterfeiting. While a variety of PUFs have been pro-
posed, memory-based PUFs [5]–[9], in particular, are attractive
options due to the ubiquitous presence of memory in every
On-chip
SRAM
DRAM
FLASH
Intel Galileo Gen 2 board
Fig. 1: IoT devices featuring multiple memory technologies
embedded device (Fig. 1). Further, they require minimal (or
no) additional hardware, unlike other PUF implementations.
Current memory-based PUFs, however, suffer from several
shortcomings such as low entropy [7], [9], limited number
of Challenge-Response Pairs (CRPs) [6], [9], susceptibility
to environmental and temporal variations (requiring complex
error correction) [5], [7], and high operational latency [7], [9].
Most importantly, current memory-based PUFs are constructed
using a single memory component (or technology) in the
device, i.e., based on a single entropy source. If the memory
component is removable from the system (e.g., a DRAM
SODIMM) and is transferred to a different system, the identity
transfers over as well, which is undesirable. To mitigate this,
it is desirable that the PUF be dependent on multiple system
components (some of which may be more tightly integrated,
and thus harder to remove, than others).
Recent works [10], [11] have addressed a subset of these
shortcomings. However, they also require the addition of
custom hardware to the system and, hence, cannot be imple-
mented using Commercial-Off-The-Shelf (COTS) systems. In
this paper, we overcome these limitations by proposing the
design of a memory-based combination PUF (henceforth re-
ferred to as C-PUF). C-PUF intelligently utilizes two widely-
used memory technologies, Static Random Access Memory
(SRAM) and Dynamic Random Access Memory (DRAM),
to construct a PUF, thereby synergistically combining the
advantages of both types of memory PUFs, while addressing
the various shortcomings associated with single memory based
PUFs mentioned above. The heterogeneous nature of the en-
tropy sources (memories) used and C-PUF’s ability to undergo
intrinsic reconfiguration (ability to reconfigure the PUF at run-
time without any additional hardware) protects it from various
security attacks. C-PUF also features two lightweight error-
correction algorithms to ensure robust operation (authentica-
tion) even under wide environmental and temporal variations.
Specifically, this paper makes the following contributions:
• We propose the concept and design of a memory-based
ar
X
iv
:1
71
2.
01
61
1v
1 
 [c
s.C
R]
  5
 D
ec
 20
17
combination PUF (C-PUF) that intelligently uses two
memory technologies, SRAM and DRAM, to construct
a PUF that (i) exhibits high entropy and supports a large
number of CRPs, (ii) is intrinsically reconfigurable, (iii)
is robust to environmental and temporal variations, and
(iv) does not require additional (custom) hardware, hence,
can be natively implemented on a COTS device.
• As a key enabler for C-PUF, we propose two lightweight
algorithms for performing error correction in SRAM
start-up values. These algorithms enable us to achieve
perfect error correction of SRAM bit-errors, thereby
ensuring robust operation (authentication) under environ-
mental and temporal variations.
• We implement, demonstrate, and evaluate a fully-
functional prototype of C-PUF in a real system using
several off-the-shelf SRAMs and DRAMs. Extensive au-
thentication tests performed across a wide temperature
range (20◦C - 60◦C) and accelerated aging (12 months)
achieved a 100% true-positive rate and 0% false-positive
rate for authentication, demonstrating the robustness of
the proposed design.
II. BACKGROUND AND MOTIVATION
Next, we provide a brief background on challenge-response-
based authentication and memory-based PUFs, followed by
motivating the need for the proposed combination PUF.
A. Challenge-response-based Authentication using a PUF
Device authentication is the process by which a trusted sys-
tem (authenticator) verifies the identity of an untrusted device
(client) before granting it access to any data or resources. It
is usually performed using a challenge-response mechanism
[4], [5]. To verify the identity of a client, the authenticator
first provides it with a challenge. The client then generates
a response to the challenge using its on-board PUF. Prior
to this, the authenticator creates a Challenge-Response Pair
(CRP) database that stores all the challenges and their expected
responses from genuine clients. By comparing the current
client’s response against the one stored in the CRP database,
the authenticator infers whether the client is genuine or not.
B. SRAM and DRAM PUFs
Each cell or bit in an SRAM is arranged in a six-transistor
configuration (most common) consisting of cross-coupled
CMOS inverters (M1–M4) and access transistors (M5–M6),
as shown in Fig. 2 (left). Powering-up the SRAM causes
each cell to reach one of two states (start-up values), [Q=1,
Q=0] or [Q=0, Q=1], depending upon the relative strengths
of the transistors as well as noise. Process variations during
manufacturing cause these strengths to vary across SRAMs,
leading to different start-up values for different SRAMs. This
forms the foundation of an SRAM PUF [6], [12] that uses
the power-cycling (power off → power on → read SRAM)
approach to generate unique start-up values as responses.
Fig. 2 (right) shows the fundamental building blocks of a
DRAM bit cell, namely an access transistor (M) and capacitor
(C). The bit-value is decided by the charge on the capacitor;
full charge implies ‘1’ and no charge implies ‘0’, or vice-
versa. This charge leaks over time, eventually resulting in
the loss of data stored in the cell, which is referred to as
a bit-flip (‘1’→‘0’ or ‘0’→‘1’). To prevent this, the DRAM
Vdd
WordlineBitline Bitline
Q Q
M1
M2
M3
M4M5 M6
SRAM
Varying 
strength
WordlineBitline
M
C
DRAM 
Varying 
leakage
Fig. 2: SRAM and DRAM bit cells
memory-controller refreshes the cells (replenishes the charge)
periodically (e.g., every 64 ms). Due to process variations,
the rate of leakage (or bit-flip) varies widely across DRAMs
(and within the same DRAM). This forms the basis of the
refresh-pausing approach in a DRAM PUF [5], [7], in which
refresh operations are (intentionally) paused for a certain time-
interval, generating unique bit-flip patterns in the DRAM data.
This data is then read out and forms the PUF’s response.
C. Motivation
Each of the PUFs described above has shortcomings. An
SRAM PUF exhibits high entropy but supports a small number
of CRPs due to the existence of very few variable parameters
(in its challenge-response mechanism) as well the small extent
to which these parameters could be varied because of an
SRAM’s usually small size (capacity) in a system. On the other
hand, a DRAM PUF employs a challenge-response mechanism
involving several widely-variable parameters, supporting a
large number of CRPs. However, for practical refresh-pause
intervals, the entropy (and uniqueness) exhibited by it is much
lower than an SRAM PUF. Also, DRAM is often loosely
integrated in a system (e.g., using a removable/replaceable
DRAM SODIMM). If the DRAM SODIMM is removed and
transferred to a different system, the identity transfers over as
well, which is undesirable. These shortcomings motivate the
design of the proposed C-PUF.
III. C-PUF ARCHITECTURE AND DESIGN
C-PUF is designed to perform challenge-response-based
authentication in a device. As shown in Fig. 3, it utilizes two
widely-used memory technologies, SRAM and DRAM, that
act as heterogeneous sources of entropy. Note that the SRAM
(PUF) utilizes the power-cycling approach to generate start-
up values as responses while the DRAM’s (PUF) responses
comprise of unique bit-flip patterns generated through the
refresh-pausing approach. In C-PUF, we tightly couple these
two approaches using two mathematical operations (stages),
XOR and HASH (explained later), to form C-PUF’s final
response. This combination allows the (challenge-response)
behavior of one entropy source to influence that of the other
in an unpredictable manner; the result is a PUF with high
entropy and an exponential number of CRPs, which is much
higher than what is supported by a standalone SRAM and
DRAM PUF together (Sec. VI). Note that SRAM is usually
tightly integrated with the processor and located on-the same
chip/die, whereas DRAM is usually more loosely integrated
(e.g., as an external SODIMM). By combining these two
components in C-PUF, we authenticate both an on-chip and
off-chip component, thereby taking a step towards multi-
component authentication in a device. Most importantly, all
this is achieved without incorporating any additional (custom)
hardware, and hence the design can be easily implemented on
SRAM  
SRAM Error 
Correction
HASH
XOR
CRP 
database
4
3 5 6
[Id, Bitstream_R]
78
2
3
4
6
1
[Addr_S, Size_S]
[Bitstream_C]
Id
Addr_S Size_S Bitstream_C Error correct. data
Addr_D Size_D Wrapper pattern
Refresh-pause 
interval
Id …
ChallengeAuthenticator C - PUF 
Response
Id Bitstream_R
DRAM
Power-cycling
Refresh-pausing
[Addr_D, Size_D, Wrapper pattern, Refresh-pause interval]
[Error correct. data]
Fig. 3: Overview of the proposed C-PUF architecture
a COTS device. Next, we present the architecture and design
of C-PUF in detail.
A. Challenge-Response Mechanism
C-PUF employs a challenge-response mechanism that uti-
lizes both SRAM power-cycling and DRAM refresh-pausing.
The formats of the challenge and response used by C-PUF are
depicted in Fig. 3; while some parameters in the challenge are
SRAM-specific, others are DRAM-specific except Id, which
represents a unique identifier assigned to a challenge and its
corresponding response. The numbers specified against the
arrows in Fig. 3 specify the sequence of operations during
the associated response-generation process. To begin with,
the authenticator sends a challenge to C-PUF in the proper
format [step 1©]. The SRAM then undergoes power-cycling,
as described in Sec. II-B, to generate a start-up value of Size S
bits from a block beginning at address Addr S [step 2©]. This
start-up value is then corrected for bit-errors in the SRAM
Error Correction stage with respect to a previously generated
golden (or expected) start-up value using Algo. 2 (Sec. III-C)
[step 3©]. The information required for this correction is
contained in the Error correction data field of the challenge
and is generated (prior to this) using Algo. 1 (Sec. III-C).
Note that it is the same SRAM Error Correction stage that
is responsible for generating Error correction data as well as
performing actual error correction; this shall become clearer
in the following paragraphs. Next, the XOR stage repeatedly
applies the (bit-wise) mathematical operation – xor to the
corrected start-up value (CV), generated in the previous stage,
and Bitstream C; Bitstream C is a random binary sequence
of Size D bytes and is xor-ed across its entire length with
CV [step 4©]. The xor-ed value then moves to the HASH
stage, where it is broken down into equally-sized chunks
(e.g., 32 bytes), each of which undergoes a mathematical hash
operation using SHA-256 [step 5©]. The output from each
chunk is concatenated together to form the complete hash-ed
value (HV). Hashing helps to mask the SRAM start-up value
and adds another layer of protection against attacks.
Next, HV is applied to the DRAM alongside other pa-
rameters viz. Addr D, Size D, Wrapper pattern, and Refresh-
pause interval, to undergo refresh-pausing; we follow a similar
methodology as described in [5] in this stage [step 6©]. Specif-
ically, the HV (of Size D bits) along with the peripheral data,
specified by Wrapper pattern (explained below), is first written
onto a block in the DRAM, whose location is specified by
Send authentication request 
to A
Authenticator (A)
1 Select a challenge from CRP database and send to A2
Generate response using 
challenge-response 
mechanism
3
Send response to A
5
HD <= Match 
Threshold ? NoYes
Authenticated
Not authenticated
C-PUF 
4
(b) Authentication phase
Send enrollment request to A Generate challenges by varying different parameters
C-PUF Authenticator (A)
1 2
3 Send challenges to C-PUFGenerate golden responses 
and SRAM Error-correction 
data through challenge-
response mechanism
4
Send golden responses and 
SRAM Error correction data 
to A
5
Generate CRP database6
(a) Enrollment phase
6
Compare received response 
with golden response in CRP 
database and generate 
difference HD
Fig. 4: Different phases in authentication using C-PUF
Addr D. This is followed by pausing the refresh operations for
a certain amount of time (Refresh-pause interval) and subse-
quent reading of the data (from the same block) containing the
bit-flip patterns. This readout data, Bitstream R, along with the
identifier, Id, comprises the (final) C-PUF response that is sent
back to the authenticator [step 7©]. Note that, in the present
design, the operations in the SRAM Error Correction, XOR,
and the HASH stages are carried out in software (executing
on the client processor) since the computational (and latency)
overhead of these operations was observed to be very low.
An interesting parameter introduced in [5] and also utilized
in the present design is Wrapper pattern. It specifies the
peripheral data-bits that are written just before the beginning
and after the end of the DRAM block, and influence the bit-
flip patterns or responses from the DRAM. Wrapper pattern
can be one of several predefined types, e.g., all ‘1’s, all ‘0’s,
checkered, etc.
B. Authentication using C-PUF
Two distinct phases are associated with an authentication
process involving C-PUF – enrollment phase and authentica-
SRAM Block Number
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Ha
mm
ing
 D
ist
an
ce
0
5
10
15
20
25 20°C vs 20°C 20°C vs 40°C 20°C vs 60°C
Fig. 5: Variations in SRAM start-up values with temperature
tion phase, as shown in Fig. 4. Both phases utilize the same
challenge-response mechanism (described earlier) for response
generation but differ in their objectives. The enrollment phase
primarily deals with the generation of the CRP database by
subjecting C-PUF to different challenges and recording the
generated responses. These responses serve as the golden (ex-
pected) responses. Also, during this phase, data for subsequent
error correction is derived from the golden start-up values of
the SRAM (Algo. 1, described in Sec. III-C).
Next, actual authentication of C-PUF happens during the
authentication phase, where it is subjected to a subset of the
challenges (selected from the CRP database) and is expected to
reproduce the golden responses. Note that the error-correction
data, generated during the enrollment phase, is used here to
correct the bit-errors in the SRAM start-up values (Algo. 2,
described in Sec. III-C). Finally, the proposed C-PUF design
employs a fuzzy authentication strategy [5], [6], [13] at the au-
thenticator end to determine the outcome of the authentication
process. At the core of this strategy is Match Threshold (MT);
C-PUF is successfully authenticated only if the Hamming
Distance (HD) between the golden response and the response
generated by it during the authentication phase is less than or
equal to the MT value. This value is set by the authenticator
based on the results obtained from the characterization of C-
PUF, which is described next.
C-PUF’s characterization involves understanding
its challenge-response behavior, which is affected by
environmental factors (operating conditions) such as
temperature, aging, etc., besides factors (parameters) specific
to SRAM (Addr S and Size S) and DRAM (refresh-
pause interval, wrapper pattern, etc). The characterization
process involves subjecting C-PUF to its challenge-response
mechanism (described earlier) iteratively while varying the
above-mentioned factors, and followed by an analysis of
the generated responses. The vital insights gained from
this analysis is used to make various design choices. For
example, the MT value for C-PUF (under the specified
operating conditions) is set as per the maximum value (in
terms of HD) by which the responses deviate from the
golden responses. Specifically, for setting the MT value, we
draw insights from [5] that describes a similar methodology
for DRAM PUFs. Also, as in [5], this analysis helps us in
identifying blocks in DRAM that exhibit maximum entropy
(bit-flips) at minimum refresh-pause intervals. Since the
latency of response generation in C-PUF is primarily decided
by refresh-pausing in DRAM (SRAM power-cycling is very
fast), using a low refresh-pause interval ensures an overall
low operational latency.
Algorithm 1: Generation of Error Correction Data
Input: V exp = Golden (expected) start-up value from SRAM,
N = Number of bits in a segment
Output: D = Error correction data
1 D = φ
2 S = Get All NonOverlapSegments(V exp)
3 foreach s ∈ S do
4 repBits = 0
5 if Num Ones(s) ≥ Num Zeros(s) then
6 repBits = 1
7 repSegs = 0
8 for i = 1 to N do
9 repSegs = (repSegs << 1) | repBits;
10 Ds = repSegs ⊕ s
11 D = D ∪Ds
Algorithm 2: Error Correction and Generation of
Corrected Start-up Value
Input: V err = Erroneous start-up value from SRAM,
N = Number of bits in a segment,
D = Error correction data
Output: CV = Corrected start-up value
1 CV = φ
2 S = Get All NonOverlapSegments(V err)
3 foreach s ∈ S do
4 corSegs = Ds ⊕ s
5 repBits = 0
6 if Num Ones(corSegs) ≥ Num Zeros(corSegs) then
7 repBits = 1
8 CV = CV ∪ repBits
C. Error Correction in SRAM
SRAM start-up values are affected by environmental and
temporal variations, which could hinder C-PUF’s ability to
perform authentication successfully. To demonstrate the im-
pact of one such variation viz. temperature, we generated start-
up values from 16 different blocks (each 32 bytes in size)
belonging to a SRAM and at three different temperatures -
20◦C, 40◦C, and 60◦C. Fig. 5 shows the difference, in terms
of HD, between the start-up values generated at the three
temperatures for each of the blocks. Since the proposed design
utilizes a mathematical hash (SHA-256) function to mask the
SRAM start-up values, even a single bit-error could result in
a completely different bitstream being subsequently applied
to the DRAM (step 6© in Fig. 3). Therefore, the start-up
values need to undergo perfect error-correction, i.e., all bit-
errors must be corrected before moving onto the next-stage
(XOR). We present two algorithms, Algo. 1 and Algo. 2, that
enable this in C-PUF while utilizing minimal computational
and storage resources.
Algo. 1 is utilized during the enrollment phase to generate
the data that is subsequently used for correcting errors in
SRAM start-up values. Note that the error correction data is
always generated with respect to the golden (expected) start-
up value. Algo. 1 starts by dividing the golden start-up value
into smaller segments; a segment comprises of a fixed number
of bits (8-bits, used here). Each segment is then assigned a
representative bit-value depending upon the relative number
of one-bits and zero-bits in the segment. The representative
bit-value is then expanded to form a representative segment;
the latter is xor-ed with the segment to generate the correction
Temperature
control
DRAMTR4-230 board
SRAM
Quincy Lab 12-140E Incubator
Terasic TR4-230 
Development Board
Fig. 6: Photograph of our experimental setup
data for that particular segment. The correction data from each
segment is then combined to form the final error correction
data.
Algo. 2 is utilized during the authentication phase and
uses the data generated earlier (during enrollment phase) to
perform error correction in SRAM start-up values. It starts by
dividing the erroneous start-up value into smaller segments of
the same size (8-bits) as in Algo. 1. Each segment is then xor-
ed with its respective correction data to generate the corrected
segment. The relative number of one-bits and zero-bits in
a corrected segment decides its representative bit-value. All
the representative bit-values are then combined to form the
corrected start-up value (CV).
D. Intrinsic Reconfigurability
Reconfigurability refers to the ability of a PUF to undergo
reconfiguration, i.e., modify its challenge-response behav-
ior [14]. The new behavior is unpredictable and cannot be
modeled based on the knowledge of the behavior prior to
reconfiguration, giving the PUF substantial protection against
various attacks [2]. The proposed design achieves reconfigura-
bility in C-PUF intrinsically, i.e., without using any additional
resource, unlike [14]. It specifies two knobs for reconfiguration
– Addr S and Refresh-pause interval. Changing Addr S in
the challenge-response mechanism generates (new) start-up
values from a different block in the SRAM. On the other
hand, modifying the Refresh-pause interval generates new
bit-flip patterns from the (same) DRAM block. Hence, by
turning one or both reconfiguration knobs, C-PUF can undergo
reconfiguration intrinsically and start behaving as a new PUF.
Note that, unlike other parameters in the challenge (Fig. 3),
Addr S and Refresh-pause interval are reserved solely for
reconfiguration, and hence do not vary across different chal-
lenges during authentication runs, except when there is a need
for reconfiguration.
IV. EXPERIMENTAL SETUP
This section provides a brief description of the experimental
setup used to validate the C-PUF design. It consists of a
Terasic TR4-230 development board [15], containing an Altera
Stratix IV GX FPGA, 2MB SSRAM (Synchronous SRAM),
and 1GB DDR3 DRAM (SODIMM). The temperature and
aging experiments were performed by operating the TR4-230
development board inside the Quincy Lab 12-140E Incubator.
Fig. 6 shows the complete experimental setup.
1 2 3 4 5 6 7 8 9 10
101
102
103
105
106
RANGE (DRAM only)
AVG. (DRAM only)
RANGE (DRAM+SRAM)
AVG. (DRAM+SRAM)
H
am
m
in
g 
D
is
ta
nc
e
Response Number
RANGE (DRAM only)
AVG. (DRAM only)
RANGE (C-PUF)
AVG. (C-PUF)
P
P
Fig. 7: Enhanced uniqueness obtained using C-PUF compared
to DRAM PUFs
PUF1 PUF2 PUF3
Fig. 8: Responses from different C-PUF instances
The FPGA was programmed with a soft Nios II proces-
sor [16] along with an Altera Generic Tri-State Controller and
an Altera UniPHY DDR3 memory controller for controlling
the SRAM and DRAM modules, respectively. A custom slave
running on the processor was also created, which can instruct
the memory controller to pause the DRAM refresh operations.
To keep the design simple, the SRAM start-up values were
generated by power-cycling the whole development board and
subsequently reading the contents of the SRAM. A total of
five C-PUF instances were constructed for validation, each
consisting of a SSRAM and DDR3 DRAM SODIMM. While
the SSRAMs belonged to two different manufacturers, the
DRAMs were procured from five different manufacturers.
V. RESULTS
This section presents the results obtained from experiments
conducted to validate our work. Table I provides a summary of
the parameter values (in challenges) used in the experiments.
A. Uniqueness Analysis
The ability of a PUF in generating unique responses forms
the very foundation of challenge-response-based authentica-
tion. Hence, to demonstrate the uniqueness of the responses
generated by the proposed design, five C-PUF instances
(PUF1–PUF5) were each subjected to ten different (and ran-
dom) challenges at 20◦C. For every challenge, the responses
generated by the instances were compared against each other,
and the differences are plotted as HD in Fig. 7 (top). As
described in Sec.III, C-PUF generates the responses by xor-
ing (in XOR stage) and hash-ing (in HASH stage) the corrected
start-up value of the SRAM and subsequently applying it to
the DRAM. Hence, one may argue that the uniqueness of
the responses generated by C-PUF is contributed by the hash
TABLE I: Parameter values used in our experiments
Addr S Size S Addr D Size D Bitstream C Wrapper pat. Refresh-pause int.
Varied 32 B Varied 128 KB Varied All ‘1’s 40 sec
(SHA-256) operation only and not by the rest of the design.
However, this is not the case, as shown in Fig. 7, where
the responses were generated by skipping the hash operation
(HASH stage) altogether. In other words, the responses of the
C-PUF instances were generated by directly applying the xor-
ed start-up values of the SRAM to the DRAM. As shown,
the minimum HD across all ten responses is greater than
155, 000, and hence the responses are truly unique. Fig. 8
gives a pictorial representation of the responses generated by
three of the C-PUF instances when subjected to the same
challenge. Note that applying the hash operation (during a
different experiment), in fact, further enhanced the uniqueness
of the generated responses by bringing the minimum HD very
close to the ideal value (524, 288).
As mentioned earlier, an advantage with C-PUF is the
enhanced uniqueness provided by it as compared to a DRAM-
only PUF [5], [7], [8]. To demonstrate this, five DRAM-only
PUFs were constructed (as per the design in [5]) using the
DRAMs extracted from the C-PUF instances. Next, each was
subjected to the same ten challenges that were previously
applied to the C-PUF instances. As shown in Fig. 7 (bottom),
comparison of the responses generated by these DRAM-only
PUFs yielded a maximum HD of 494, which is three orders
of magnitude less than that of the C-PUF instances.
B. Robustness Analysis: Authentication under Temperature
Variations and Aging Effects
Robustness refers to a PUF’s ability to undergo successful
authentication under different operating conditions, primarily
determined by temperature and aging. We present a robustness
analysis of the proposed C-PUF design below.
1) Authentication under Temperature Variations: To
demonstrate the robustness of the design to temperature varia-
tions, the C-PUF instances were made to undergo enrollment
(Fig. 4(a)) at 20◦C, which involved applying fifty different
(and random) challenges to each of the C-PUF instances.
The generated responses served as the golden responses,
and were stored in the CRP database. Next, to emulate an
actual scenario, the authentication (Fig. 4(b)) was performed
at three different temperatures – 20◦C, 40◦C, and 60◦C, by
reapplying the same challenges to the instances. At each
temperature, the responses of the C-PUF instances generated
during authentication were compared with their respective
golden responses to calculate the intra-puf comparison HD,
as shown in Fig. 9. Note that the y-axis represents relative
frequency, i.e., the fraction of the total comparisons, either
intra-puf or inter-puf (explained below), that yields a certain
HD (x-axis). As evident, setting the match threshold value to
120, 000 successfully authenticated all the C-PUF instances
with respect to every challenge and operating temperature, thus
achieving a 100% true-positive rate.
We also performed inter-puf comparisons, i.e., the golden
responses of a C-PUF instance were compared with the
responses generated during authentication of every other in-
stance. Fig. 9 shows the relative frequency versus HD for
the inter-puf comparisons corresponding to the same fifty
R
el
at
iv
e 
Fr
eq
ue
nc
y
Hamming Distance
(c) 60ºC
0 2000 4000 6000 8000 10000
0
0.002
0.004
0.006
R
el
at
iv
e 
Fr
eq
ue
nc
y
Hamming Distance
0 1000 2000 3000 4000 5000 6000
0
0.002
0.004
0.006
R
el
at
iv
e 
Fr
eq
ue
nc
y
Hamming Distance
Match Threshold = 120,000
Inter-puf response comparisons
Intra-puf response comparisons
(a) 20ºC
(b) 40ºC
Fig. 9: Authentication under temperature variations
Hamming Distance
0 1 2 3 4 5 6 7 8 9 10
Re
lat
iv
e F
re
qu
en
cy
0
0.1
0.2
0.3
0.4
 Intra-puf response comparisonsIntra-puf response co parisons
Match Threshold = 7
Fig. 10: Authentication under aging effects
challenges and operating temperatures. At each temperature,
the wide HD margin between the intra-puf and inter-puf com-
parisons ensured the absence of any false-positives, thereby
achieving a 0% false-positive rate.
2) Authentication under Aging Effects: To demonstrate C-
PUF’s robustness to temporal variations or aging affects,
enrollment of one of the C-PUF instances was carried out
at 20◦C by applying ten different (and random) challenges
to it and subsequently recording the corresponding (golden)
responses. Next, the instance was subjected to an accelerated
aging process by applying a temperature of 85◦C for 48 hours
that effectively aged it by 12 months [17]. Authentication
was then performed by generating the responses (with the
same challenges and at the same temperature) from the aged
instance; the responses were then compared with the golden
ones (intra-puf comparisons). Fig. 10 shows the relative fre-
quency versus HD for these comparisons. As evident, setting
the match threshold value to 7 successfully authenticated the
instance for every challenge, thus achieving a 100% true-
positive rate without any false-positives. Note that the inter-puf
comparisons are not depicted in Fig. 10 as the corresponding
HD values are very high (> 500, 000).
VI. DISCUSSIONS
We now provide some additional design aspects of C-PUF.
A. Security Analysis
We envision two types of attacks on C-PUF – invasive [1]
and non-invasive [2]. The utilization of heterogeneous memory
technologies (entropy sources), which are spatially distributed
(on-chip and off-chip), substantially improves C-PUF’s resis-
tance to invasive attacks. On the other hand, the presence of
multiple variable parameters in C-PUF’s challenge-response
mechanism generates an exponential number of CRPs. This,
coupled with its ability to undergo reconfiguration, makes non-
invasive attacks very difficult to mount.
An alternative design (SD) could have both an SRAM
PUF and a DRAM PUF present in a device but operating
independently of each other. C-PUF scores over such a
design by supporting a comparatively much larger number of
CRPs, thereby providing stronger defense against non-invasive
attacks. Assuming a typical SRAM size (2 MB) and parameter
values as specified in Table I, the SRAM PUF (alone) supports
A CRPs, where A = 216. Similarly, assuming a typical DRAM
size (1 GB) and three Wrapper patterns and Refresh-pause
intervals each to choose from (as in [5]) as well as a fixed
Bitstream C (to keep this analysis simple), the DRAM PUF
(alone) supports B CRPs, where B = 9 × 213 or ∼ 216. As
a result, while SD supports a total of A+ B (217) CRPs, the
number of CRPs supported by C-PUF is of the order of A×B
(232), which is multiple orders of magnitude higher. In reality,
Bitstream C is also varied alongside Size S and Size D (for
generating random challenges), thus increasing this difference
in the number of CRPs even further.
B. Replacing Genuine DRAM with a Counterfeit: A Case-
Study
Several embedded systems contain DRAMs in the form of
Dual In-line Memory Modules (DIMMs) that (unlike SRAMs,
which are physically soldered) could be easily detached from
the system. Hence, an attacker with physical access to the
system may be able to mount an invasive attack by replacing
the genuine DIMMs with counterfeit ones. Ideally, the now
compromised system should not be authenticated, however,
the version of C-PUF described here may authenticate it
as a genuine system. This is because, to highlight the core
competencies of C-PUF within the paper’s limited space, the
support mechanism, which includes setting the appropriate
match threshold (MT) value, was kept relatively simple. In the
described version, the MT value that decides the authentication
outcome is set statically (with the same value) [18] for
multiple C-PUF instances, and is also independent of the
operating conditions (e.g., temperature). Hence, if the HD
from the response comparisons is within the MT, the system
may undergo successful authentication in spite of containing a
counterfeit DIMM. To protect against such a scenario (attack)
an enhanced version of C-PUF was also developed that sets
the MT value through the framework specified in [18], which
takes several factors such as behavior of the particular DRAM,
extent of variations in the operating conditions, etc., into
consideration to come up with a dynamic DRAM-specific MT.
Note that the enhanced C-PUF version prevented the system
with the counterfeit DIMM from getting authenticated.
VII. RELATED WORK
A variety of memory-based PUFs has been proposed over
the years. Ref. [6] extracted unique fingerprints and generated
true random numbers by using the start-up values of SRAM.
Device authentication using DRAM refresh pausing under
wide environmental and temporal variations was presented
in [5]. Another approach to PUF design targeted achieving
reconfigurability in PUFs [14]. Ref. [9] proposed mechanisms
to extract device fingerprints from FLASH.
The idea of using multiple memories to derive unique keys
from an electronic system was first mentioned in [10]. How-
ever, to the best of our knowledge, no physical implementation
or results thereof have been published yet. A similar but non-
memory-based work was presented in [11], which proposes
to combine on-chip entropy sources (e.g., clock sinks) to
generate CRPs. Unlike these works, C-PUF does not require
the addition of custom hardware to the existing circuitry, and
hence can be implemented easily using COTS devices.
VIII. CONCLUSION
We proposed the concept and design of a memory-based
combination PUF that intelligently combines two memory
technologies, SRAM and DRAM, to overcome several short-
comings of current memory-based PUFs. Extensive tests con-
ducted on a real implementation of the PUF demonstrate the
robustness of the proposed design, achieving a 100% true-
positive rate and 0% false-positive rate during authentication.
In future, we plan to include more device components in the C-
PUF design as well as analyze its performance under supply-
voltage variations.
REFERENCES
[1] C. Helfmeier et al. Cloning Physically Unclonable Functions. In HOST,
2013.
[2] U. Ru¨hrmair et al. Modeling attacks on physical unclonable functions.
In CCS, 2010.
[3] M. Pecht et al. Bogus: electronic manufacturing and consumers confront
a rising tide of counterfeit electronics. IEEE Spectrum, May 2006.
[4] G. E. Suh et al. Physical Unclonable Functions for Device Authentica-
tion and Secret Key Generation. In DAC, 2007.
[5] S. Sutar et al. D-PUF: An intrinsically reconfigurable DRAM PUF for
device authentication in embedded systems. In CASES, 2016.
[6] D. E. Holcomb et al. Power-Up SRAM State as an Identifying
Fingerprint and Source of True Random Numbers. IEEE Transactions
on Computers, Sept 2009.
[7] C. Keller et al. Dynamic memory-based physically unclonable function
for the generation of unique identifiers and true random numbers. In
ISCAS, 2014.
[8] W. Xiong et al. Run-time Accessible DRAM PUFs in Commodity
Devices. In CHES, 2016.
[9] P. Prabhu et al. Extracting device fingerprints from flash memory by
exploiting physical variations. In TRUST, 2011.
[10] P. T. Tuyls et al. Distributed PUF, 2014. US Patent 8,699,714.
[11] M. Wang et al. SuperPUF: Integrating heterogeneous Physically Un-
clonable Functions. In ICCAD, 2014.
[12] C. Bo¨hm et al. A microcontroller SRAM-PUF. In NSS, 2011.
[13] W. Che et al. PUF-Based Authentication. In ICCAD, 2015.
[14] I. Eichhorn et al. Logically Reconfigurable PUFs: Memory-based Secure
Key Storage. In STC, 2011.
[15] Terasic. TR4 FPGA Development Kit, March 2015.
[16] Altera. Nios II processor, March 2015.
[17] A. Maiti et al. The Impact of Aging on a Physical Unclonable Function.
IEEE Transactions on VLSI Systems, Sept 2014.
[18] DRAM PUF for Device Authentication and Random Number Genera-
tion. In ACM Transactions on Embedded Computing Systems, Accepted
for publication, Nov 2017.
