Nano-intrinsic security primitives for internet of everything by Kim, J
Nano-Intrinsic Security Primitives for Internet of Everything
A thesis submitted in fulfilment of the requirements for the degree of Doctor of Philosophy
Jeeson Kim
M.Eng. RMIT University, Australia
B.Eng. The Catholic University of Korea, South Korea
School of Engineering
College of Science, Engineering and Health
RMIT University
April 2019
Declaration
I certify that except where due acknowledgement has been made, the work is that of the
author alone; the work has not been submitted previously, in whole or in part, to qualify
for any other academic award; the content of the thesis is the result of work which
has been carried out since the official commencement date of the approved research
program; any editorial work, paid or unpaid, carried out by a third party is acknowledged;
and, ethics procedures and guidelines have been followed.
Jeeson Kim
April 12, 2019
ii
Acknowledgments
First and foremost, I would like to thank God for giving me the opportunity and ability to
undertake this research journey.
Towards the end of my Ph.D research, I am grateful to my role model and the pillar of
inspiration, my supervisor Dr. Omid Kavehei who has been there providing his heartfelt
encouragement and patience at all time. Without his invaluable guidance, this thesis would
not have been possible, and I shall eternally be grateful to him for his academic support as
well as warmest friendship. I am extending my thanks to his family for their acceptance
and patience during the discussion I had with him on research work.
I would like to appreciate my supervisors Dr. Samuel Ippolito and Associate Professor
Sharath Sriram, for their guidance and advise. I am deeply grateful to Associate Professor
Damith Ranasinghe for discussions that enable me to enjoy research. I would also like to
thank Associate Professor Paul Beckett, Associate Professor Elena Pirogova and Professor
Doo Hyung Woo for providing me the opportunity to taking the first step toward my re-
search. I would like to express my gratitude to Professor Doo Seok Jeong for his warmest
academic guidance and showing me what a good scientist (and person) should be. With
great appreciation, I would like to express my sincere gratitude to my mentor, Dr. Hussein
Nili. His kindness, dynamism, vision and sincerity have deeply inspired me. I would also
like to thank him for his friendship and great sense of humor.
I owe special thanks to my best friends, Sung Ah Yun and Minyi Kim who have been
extremely understanding and supportive at all time. Thanks for knowing exactly when to
tell me what I want to hear, when I want to hear it the most. Their passion and optimism
have always motivated me to achieve higher goals and enabled me to move forward. It is
a pleasure to thank my friends, Bomi Kim, Eunie Kim, Yuka Sato, Dora Ji and Leo Hong,
for the wonderful times we shared, specially the Saturday nights at Tokyo. My sincere
thank goes to my dearest friend Dr. Shiyang Tang who has constantly supported me and
been incredibly patient throughout my Ph.D candidature. His advice and big heart helped
me face all the obstacles and pursuing my work.
My acknowledgement would be incomplete without thanking my family for the bless-
ings of my parents, Ms. Miran Kwon and Mr. Kwangseog Kim, the care of my sister and
brother-in-law, Ms. Helen Hyesun Kim and Mr. Ken La, and of course my biggest source
of happiness, my nephew Benjamin La and my niece Audrey La.
iii
Table of Contents
Declaration ii
Acknowledgments iii
Table of Contents iv
List of Figures vii
List of Tables xvi
Abstract 1
Chapter 1 Introduction 3
1.1 Trend . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Research Questions and Objectives . . . . . . . . . . . . . . . . . . . . . . . 7
Chapter 2 Background 9
2.1 Introduction to Physical Unclonable Function . . . . . . . . . . . . . . . . . 9
2.1.1 Why PUF? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.1.2 What is PUF? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
2.1.3 How to Use PUF? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.1.4 PUF Preliminary . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
2.2 Physical Unclonable Function Constructions . . . . . . . . . . . . . . . . . . 28
2.2.1 Coating PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
2.2.2 Optical PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
2.2.3 Acoustical PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.2.4 Silicon-Based PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
2.2.5 Memory-Based PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . 37
2.2.6 Other Types of PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . 41
2.2.7 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
2.3 Emerging NVM-Based PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . 44
2.3.1 Emerging Non-Volatile Memory . . . . . . . . . . . . . . . . . . . . 44
2.3.2 Introduction to Emerging NVM-Based PUFs . . . . . . . . . . . . . 53
2.3.3 Carbon Nanotube-Based PUFs . . . . . . . . . . . . . . . . . . . . . 54
iv
2.3.4 MRAM-Based PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . 57
2.3.5 ReRAM-Based PUFs . . . . . . . . . . . . . . . . . . . . . . . . . . 59
2.3.6 Comparison and Discussion . . . . . . . . . . . . . . . . . . . . . . 73
2.4 Concluding Highlights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Chapter 3 A PUF with Redox-based Nanoionic Resistive Memory 79
3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
3.2 Nonlinear ReRAM PUF Construction . . . . . . . . . . . . . . . . . . . . . 82
3.2.1 Electrical Properties of ReRAM . . . . . . . . . . . . . . . . . . . . 83
3.2.2 Circuit and Architecture . . . . . . . . . . . . . . . . . . . . . . . . 88
3.2.3 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
3.3 Performance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
3.3.1 Hamming Weight Measures . . . . . . . . . . . . . . . . . . . . . . 94
3.3.2 Hamming Distance Measures . . . . . . . . . . . . . . . . . . . . . . 96
3.3.3 Avalanche Characteristics . . . . . . . . . . . . . . . . . . . . . . . . 99
3.3.4 Estimated Power Consumption . . . . . . . . . . . . . . . . . . . . . 101
3.4 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
3.4.1 Comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
3.4.2 Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
3.5 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Chapter 4 Analogue State and Nonlinear ReRAM-Based PUF 108
4.1 Analogue State and Nonlinear Conductance Variations in Integrated Memristors-
Based PUF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
4.1.1 Hardware-Intrinsic Security Primitive . . . . . . . . . . . . . . . . . 110
4.1.2 PUF Demo and Characterization of its Security Metrics . . . . . . . . 115
4.1.3 Performance, Robustness, and Potentials for Improvement . . . . . . 120
4.1.4 Concluding Highlights . . . . . . . . . . . . . . . . . . . . . . . . . 126
4.2 Predictive Analysis of 3D ReRAM-based PUF . . . . . . . . . . . . . . . . . 127
4.2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
4.2.2 Analog ReRAM-based PUF Operation . . . . . . . . . . . . . . . . . 131
4.2.3 Evaluation of Randomness . . . . . . . . . . . . . . . . . . . . . . . 132
4.2.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Chapter 5 Nano-Intrinsic TRNG 136
5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
5.2 Experimental Sample and Characteristics . . . . . . . . . . . . . . . . . . . . 140
5.2.1 Random Telegraph Noise . . . . . . . . . . . . . . . . . . . . . . . . 140
5.2.2 Environmental Process Factors . . . . . . . . . . . . . . . . . . . . . 144
5.3 Devices Fabrication and Measurement Setup . . . . . . . . . . . . . . . . . . 148
5.4 ReRAM’s RTN-based TRNG Structure . . . . . . . . . . . . . . . . . . . . 148
v
5.4.1 Design Highlight . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
5.4.2 Design Detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
5.4.3 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
5.4.4 Random Number Generation and Post-Processing . . . . . . . . . . . 159
5.5 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
5.6 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Chapter 6 Conclusion and Future Directions 165
6.1 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165
6.1.1 Contribution 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166
6.1.2 Contribution 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
6.1.3 Contribution 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
6.1.4 Contribution 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
6.2 Recommendations for Future Work . . . . . . . . . . . . . . . . . . . . . . . 173
References 174
vi
List of Figures
Figure 1.1 General view of authentication of IoT device using device fingerprint. 5
Figure 2.1 Vulnerability of the methods for storing secret key. . . . . . . . . . 10
Figure 2.2 Basic PUF-based challenge-response authentication protocol. . . . . 18
Figure 2.3 Controlled PUF authentication protocol adopted by [1]. . . . . . . . 19
Figure 2.4 Lockdown authentication protocol suggested by Yu et al. [2]. . . . . 20
Figure 2.5 Lightweight mutual authentication protocol suggested by van Her-
rewege et al. [3]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Figure 2.6 PUF-based encryption protocols based (a) public key pair and (b)
barrel shifter as proposed in Ref. [4]). . . . . . . . . . . . . . . . . 22
Figure 2.7 The PUF evaluation metrics defined by Majzoobi et al. [5], Hori et
al. [6] and Maiti et al. [7]. Kim et al. [8] formulates the previously
defined metrics and shows analysis results of each metrics on the
newly introduced PUF. . . . . . . . . . . . . . . . . . . . . . . . . 24
Figure 2.8 Ring oscillator PUF (RO-PUF) circuit as proposed by Gassend et
al. [9]. (a) A delay circuit is located in the oscillating loop, and the
frequency value of the oscillation is detected/counted by an edge de-
tector/counter. Additional AND gates are used to enable/disable the
oscillation. (b) Delay circuit is made of n−1 stages of switch com-
ponents and a final multiplexer (MUX). (c) Each switch component
consists of two 2−to−1 MUXes and pairs of buffers. . . . . . . . . 31
Figure 2.9 RO-PUF circuit as proposed by Sun and Devadas [10]. Two oscil-
lating signals generated from ring oscillator blocks are selected by
a pair of n−to−1 multiplexers and their frequencies are separately
counted in a fixed time interval. The resulting frequency values are
compared and the result decides a response bit. . . . . . . . . . . . 32
Figure 2.10 Basic structure of Arbiter PUF (Arb-PUF) circuit. (a) The architec-
ture of Arb-PUF consists of n number of switch components and
an arbiter circuit. (b) Each switch components can be made of two
2−to−1 MUXes which are controlled by the challenge bit and pairs
of buffers. (c) Two NAND gates can be used for forming an arbiter
circuit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
vii
Figure 2.11 Feed-forward Arbiter PUF (FF-Arb-PUF) circuit as proposed by
Lee et al. [11, 12]. There are additional feed-forward arbiters to
control operations of some switch component. . . . . . . . . . . . . 36
Figure 2.12 Source of randomness for building memory-based PUFs from (a)
flash memory (b) DRAM and (c) SRAM cells. . . . . . . . . . . . . 38
Figure 2.13 Memory taxonomy of emerging memory devices adapted from [13]. 44
Figure 2.14 Architecture of emerging non-volatile memory cells in a crossbar
array. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Figure 2.15 Characteristics of switching mechanisms in redox-based resistive
memory (adapted from [14]). . . . . . . . . . . . . . . . . . . . . . 48
Figure 2.16 Basic switching modes of (a) unipolar, (b) bipolar and (c) comple-
mentary (adapted from [15]). . . . . . . . . . . . . . . . . . . . . . 49
Figure 2.17 The crossbar-array architecture (a) without any selection elements.
(b) Represents cells with a varistor or diode type of selector, (c) 1-
transistor 1-resistor (1T1R) cell and (d) a complementary state cell
(adapted from [16]). . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Figure 2.18 Programming variation extracted from an experiment. (a) D2D vari-
ation adapted from [17] and (b) C2C variation adapted from [18]. . . 52
Figure 2.19 Endurance and retention results extracted from experiments adapted
from [19]. (a) Endurance result of single LRS and multiple HRS
over 105 full switching cycles (a) Retention results of HRS and LRS
over 105 s at room temperature and elevated temperature (adapted
from [20]). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 2.20 CNPUF circuit as proposed by Konigsmark et al. [21]. . . . . . . . 55
Figure 2.21 Carbon nanotube array circuit as proposed by Hu et al. [22]. . . . . 56
Figure 2.22 ReRAM-based RO-PUF structure (adapted from [23]). . . . . . . . 61
Figure 2.23 ReRAM-based Arb-PUF structure (adapted from [24]). . . . . . . . 62
Figure 2.24 Write-time-based PUF structure (adapted from [25]). . . . . . . . . 64
Figure 2.25 (a) 1T1R ReRAM-based PUF adapted from [26]. (b) Expected
LRS/HRS random distribution. . . . . . . . . . . . . . . . . . . . . 66
Figure 2.26 Reliability enhancement method of (a) VDC-based PUF adapted
from [27] and (b) current read-out-based PUF adapted from [28]. . . 67
Figure 2.27 Dual mode comparison-based PUFs of (a) single-ended mode and
(b) differential mode (adapted from [29]). . . . . . . . . . . . . . . 69
Figure 2.28 Structures of different types pf ReRAM PUFs. (a) Cross-point-
based ReRAM PUF adapted from [30] and (b) sneak path-based
ReRAM-PUF adapted from [31]. (c) Non-linear ReRAM-PUF adapted
from [8]. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
viii
Figure 3.1 In-situ scanning probe microscopy (SPM) maps of conductivity in
2D (a) and 3D (b). Shown is a top view of oxygen deficient amor-
phous SrTiO3−x (a-STO) layer after removal of the top metal elec-
trode layers for this experiment. The pattern illustrates profile of
nano-filaments, which are the conducting channels between two
metal electrodes in ReRAMs. . . . . . . . . . . . . . . . . . . . . . 84
Figure 3.2 ReRAM electrical characteristic and structure. (a) Optical micro-
scope image of a 6×8 ReRAM crossbar array (CBA) and schematic
of our ReRAM material stack. Top and bottom metal electrode (TE
and BE) tracks are graphically enhanced. (b) Experimental current-
voltage (I–V ) signature of our a-STO ReRAM bipolar switching
behaviour. As a representative curve of thousands of measured
I–V characteristics on multiple devices, this is measured by a DC
double-voltage-sweep. Inset: highlights nonlinearity of I–V curve
when the device is in HRS and applied voltages are significantly
below the threshold. . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Figure 3.3 (a) D2D variation in HRS and LRS. State resistance variation of
HRS and LRS are extracted from 58 devices at different READ
voltages between 0.1 V and 0.5 V. As Figure 3.2 (a)’s inset suggests,
nonlinearity of I–V characteristics causes semi-exponential increase
in HRS current with every 100 mV increase in voltage. Therefore,
as READ voltage increases, RRESET/RSET ratio decreases. (b) Re-
sistance systematic variation induced by temperature change from
275 ◦K (near 0 ◦C) to 450 ◦K. . . . . . . . . . . . . . . . . . . . . . 86
Figure 3.4 nrPUF block diagram, interconnections and readout circuitry. (a)
illustrates a ReRAM CBA with its relevant analog MUXes. (b) rep-
resents a modified strong ARM latch (mSAL) that is connected to
IP, IQ and ID from (a) through current mirrors (CM) with gain of
K=1. (c) nrPUF block diagram with two CBAs and mSALs. For
illustration purpose only, only CBA A and its readout circuitry are
shown in (a) and (b). Depending on the requirements, nrPUF’s HiC
can be entirely hidden, where the output of CBA A derives a linear-
feedback shift register (LFSR) to generate HiC. Alternatively, HiC
can be partially derived from a the main input challenge (InC). . . . 88
Figure 3.5 Key PUF evaluation metrics. This includes uniqueness, diffuseness,
bit-aliasing, uniformity, and reliability. . . . . . . . . . . . . . . . . 94
Figure 3.6 nrPUF performance evaluations. (a) Worst-case uniformity (UF)
comparison of a nrPUF and a single crossbar method. (b) Bit-
aliasing (BA) of nrPUF’s. . . . . . . . . . . . . . . . . . . . . . . . 95
ix
Figure 3.7 nrPUF performance evaluations. (a) Uniqueness and (b) diffuseness
of nrPUF are demonstrated under supply voltage, temperature and
sensing margin fluctuations. . . . . . . . . . . . . . . . . . . . . . . 97
Figure 3.8 Bit error rate (BER) of nrPUF. Average BER over multiple nrPUF
analysis as a function of CS and mSAL sensing margin of ∆I =
±10 nA to ±100 nA. . . . . . . . . . . . . . . . . . . . . . . . . . 98
Figure 3.9 Comparison of avalanche characteristics of a nrPUF and a single
crossbar method. . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Figure 3.10 Role of dummy ReRAMs in lowering signal-to-noise ratio (SNR)
of the power signal. . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Figure 4.1 3D ReRAM crossbar array. (a) Cartoon of the fabricated circuit. (b)
I–V curves for all 2× 10× 10 devices; two representative curves
are highlighted for comparison. (c) Tuning of the top and bottom
devices to 16 different conductive states that are equally spaced
from 2 µS to 32 µS. (d) Nonlinearity factor calculated as a ratio
of |1−G0/G(VB)| for all 200 devices, which were tuned to G0 =
4.5± ∼ 1µS at 200 mV. For convenience, the curves are coloured
according to the observed nonlinearity at the highest voltage bias. . . 111
Figure 4.2 (a) Top-view SEM image of the 3D ReRAM crossbar and (b) its
device stack material layers and thicknesses. (c) Cumulative his-
togram for the top (blue) and bottom (red) devices’ ON and OFF
state resistances measured at 0.3 V. . . . . . . . . . . . . . . . . . . 112
Figure 4.3 Memristor-based basic building block for cryptographic hardware.
One-bit output is generated by applying a voltage bias to m rows (of
M total) and then comparing the total currents running into the two
selected groups comprised of n columns (of N total). In the simplest
implementation, the unselected rows and columns in the array are
kept floating. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
x
Figure 4.4 Experimental results for tuning and security performance. (a) Con-
ductance map (G0). (b) Corresponding histogram. (c) Nonlinearity
factor for two values of VB for all 200 devices after tuning. In panel
b, the dashed line is a guide showing a Gaussian distribution. (d)
Uniformity and (e) diffuseness and bit error rate calculated. The
bit-error rates are calculated by monitoring 16,000 representative
challenge-response pairs over a 30-day window in 10-day intervals.
To account for aging and environmental factors, the voltage bias
at each measurement was randomly selected from the range [0.8,
1.2]×VB, which is representative of up to 20% noise on the power
supply. The inset shows the bit error rate relative to room temper-
ature for 4,800 challenge-response pairs at 90 ◦C at three different
biases. The bars show the 5-95 percentile. The temperature was
slowly ramped up to the target value and was kept constant for 30
minutes before the measurement was performed throughout 3 hours.
(f) Contour map of the uniqueness between the responses generated
using the same challenges at different voltage biases. . . . . . . . . 116
Figure 4.5 Experimental results for the PUF uniqueness. (a) Conductance dis-
tributions after tuning for 5 different PUF instances and (b) the cor-
responding uniqueness. The measured average and standard de-
viation are 49.95± 2.65%, 49.94± 1.75%, and 49.96± 0.9% for
VB = 200 mV, 400 mV, and 600 mV voltage biases, respectively.
The inset shows a zoom-in view of the data. (c) The conductance
distributions after rattling for 10 different PUF instances and (d)
their corresponding uniqueness. The measured average and stan-
dard deviation are 24.8±6.3%, 38.2±3.3%, and 50.07±2.1% for
VB = 200 mV, 400 mV, and 600 mV voltage biases, respectively. . . 117
Figure 4.6 (a) The average conductances (measured at 300 mV) for the devices
in a specific row and column after the tuning procedure. (b) Fig-
ure 4.4c data (nonlinearity factor) shown as a linear plot. (c) Box
plots of devices’ nonlinearity for all 200 memristors in the crossbar.
Here, boxes show the 25-75 percentile area, while the bars signify
the 10-90 percentile range. (d) Distributions of intra-bias responses’
uniqueness (UQ) between responses to the same challenges without
re-tuning of the weights, measured at 200 mV and the specified volt-
age bias. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Figure 4.7 Comparison between the original and improved BER results for the
worst-case 16 kb data (Figure 4.4 (e)) using simple temporal and
spatial majority voting techniques. . . . . . . . . . . . . . . . . . . 120
xi
Figure 4.8 The distribution of response uniformity when a specific bit of the
challenge is fixed to a value of either “1” (selected) or “0” (unse-
lected) for two sets of measured data (at 0.2 V voltage bias), cor-
responding to (a) near-optimal and (b) suboptimal PUF instances.
For example, the first black/red column shows the fraction of the
total number of “1” responses with respect to the total number of
responses for all measured challenges in which the first bit is set to
“0”/“1”. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Figure 4.9 More practical memristor PUF architectures. (a) Top-level architec-
ture. In the most general case, the inputs, feed-forward challenge,
and outputs can be subject to “scrambling”, i.e., certain nonlinear
transfer functions, to improve the robustness and security of the
PUF. (b) Measured security metrics for the PUF architecture with
NL1 = 10, NL2 = 1 and NB = 8 multi-bias selection scheme. (c-
d) PUF (NL1 = 10, NL2 = 1) with quaternary response. Panel (c)
shows an example of one hundred 64-element-long quaternary re-
sponse keys; (d) shows the experimentally measured results. . . . . 125
Figure 4.10 Robustness to machine learning attacks for (a) near-optimal and (b)
suboptimal PUF simulated utilizing a 30×250×250×1 multi-layer
perceptron classifier. The markers denote the average classification
accuracy over ten runs; the thickness of the lines for the test data
specifies two standard deviations. All simulation results were ob-
tained with the Matlab module “traingdx” using a hyperbolic tanh
activation function in all layers with momentum and adaptive learn-
ing rate and the following parameters: 0.01 learning rate, 1.05 / 0.85
ratio to increase/decrease learning rate, 0.9 momentum constant, 1e-
10 minimum performance gradient, 1e-20 performance goal, 2500
training epochs, 10% validation ratio, and 10 maximum validation
failures. For each training run, the network weights in all layers
were randomly initialised to values between -1 and 1. . . . . . . . . 127
Figure 4.11 (a) Top-view scanning electron microscopy (SEM) image, equiva-
lent circuit and cross-sectional schematic of the 3D stacked cross-
bar. (b) Current-voltage (I–V ) curves for all 2×10×10 devices with
two representative curves being highlighted. (c) PUF primitive op-
eration scheme. (d) Example of the tuned crossbar. . . . . . . . . . 129
Figure 4.12 Traditional PUF performance evaluations metrics. (a) represents
intra-HD measuring stability of a PUF instance. (b) represents inter-
HD showing PUF randomness measured across multiple PUF in-
stances. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
xii
Figure 4.13 NIST statistical test results. (a) shows a single sequence p-values
of total 15 tests including different numbers of sub-tests, which are
all greater than significance level (α=0.01). Histograms showing
the uniformity of p-values obtained from (b) block-frequency, (c)
longest run, (d) non-overlapping templates and (e) serial sub-tests. . 133
Figure 5.1 Noise and current-voltage (I–V ) characteristics of ReRAM sam-
ples. (a) Normalized power spectral density (PSD) measured from
ReRAM sample programmed at high-resistance state (HRS). PSD
follows ∼ 1/ f 2 slope. (b) I–V bipolar-switching signature of a fab-
ricated ReRAM sample. This measurement shows 50 SET/RESET
cycles, with Ic representing compliance current set. Highlighted
voltage ranges show voltages at which readout operations have been
carried out and voltages at which SET and RESET switching occur
due to cycle-to-cycle and device-to device-variation. . . . . . . . . . 141
Figure 5.2 Random telegraph noise (RTN) characteristics in time domain. Cur-
rent transition of high-to-low and low-to-high are believed to be re-
sults of carrier emission and capture. . . . . . . . . . . . . . . . . . 142
Figure 5.3 ReRAM RTN characteristics. (a) RTN represented in the time do-
main at VREAD of 25 mV and 100 mV. Insets highlight amplitudes.
(b) 3D map of conductive nano-filaments extracted from an in-situ
scanning probe microscopy (SPM). Tip of the highest nano-filament
represents ∼5 nm height from the surface. (3) A time trace and
time lag plot (TLP) of RTN. LH and HL represent low-to-high and
high-to-low transitions, respectively. HH and LL are cases that no
transition occurs. . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
Figure 5.4 ReRAM RTN dependencies. (a) RTN time trace with a range of
VREADs. Increased RTN transition rate is observed by increased
voltage value. (b) Normalized PSD with a range of VREAD. Nor-
malized PSDs at different VREADs follow the similar trend. (c) Av-
erage time of capture, τH, and emission, τL with a range of VREAD.
τH decreases with increased VREAD while τL shows almost no volt-
age dependency. (d) Relationship between ∆I/I and temperature.
(e) Thermal activation RTN fluctuation represented by average time
constants decrement of τH and τL at higher temperature. . . . . . . . 145
Figure 5.5 RTN time trace of TiO2−x device with VREAD at 200 mV (top) and
300 mV (bottom). . . . . . . . . . . . . . . . . . . . . . . . . . . 146
xiii
Figure 5.6 Proposed ReRAM-based TRNG circuit. (a) A differential readout
circuit utilizes two voltage-regulation feedback configured in order
to regulate VFB X and VFB Y. An identical number of precisely pro-
grammed HRS ReRAMs are placed in two branches, which act as
sources of randomness. The series resistance of each array in ad-
dressing is not shown here but considered in simulations. To com-
pensate for offset, a post-fabrication calibration digital-to-analog
converters (DACs) are placed. Insets show the feedback amplifier
circuit, FC-CSDA and comparator. A comparator consists of a fully
differential preamplifier whose outputs terminals are connected to
a FC-CSDA’s input terminals for a stronger output signal, SO. (b)
Post-fabrication calibration DAC-like structure uses a 3-bit digital
input through a decoder that activates none or one of the switches to
calibrate the circuit only once. (c) Sampling and whitening-based
post-processing digital circuit. After sampling SO, in order to re-
duce any residual bit correlation whitening raw random bits may be
required. The whitener accepts a raw output and generates whitened
output. While whitening techniques are varied, the simplest exam-
ple which the closest two bits are XORed without overlaps is shown. 147
Figure 5.7 Block diagram of (a) a single fixed reference comparison approach,
(b) a pair fixed reference approach and (c) differential harvesting
approach (this work). The undesirable noise can be added in power
supply voltages, which could affect the quality of output bit-stream. 150
Figure 5.8 (a) One side of the proposed ReRAM-based TRNG circuit based
on low dropout regulator (LDO)-like structure. (b) The k-bit DAC
architecture. (c) Monte-Carlo simulation results of the implemented
3-bit DAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Figure 5.9 Simulation result of the reduced offset by using the post-fabrication
DAC. The mean values are reduced by using the calibration at a
range of ∆RRRs from -200 kΩ to 400 kΩ except when ∆RRR at 0 Ω.
RRR-X is fixed at 300 kΩ during simulation. . . . . . . . . . . . . . 156
Figure 5.10 Simplified transient response of ReRAM-based TRNG circuit. (a)
shows the current change (∆IRR) in a ReRAM device due to RTN
activity from high-to-low (HL) followed by low-to-high (LH) after
a steady state. (b) illustrates the output voltage spikes that are intro-
duced by the IRR changes at jump states. (c) The VO spike generates
a voltage difference between input terminals of comparator and the
random signal in the output of comparator, SO is generated. . . . . . 157
xiv
Figure 5.11 Autocorrelation comparison between the fixed reference and differ-
ential RTN harvesting methods. The differential method is tested
with and without a post-processing unit, and the outcome is clearly
in favour of differential RTN harvesting technique with post-processing
unit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
Figure 6.1 Key PUF performance metrics. (a) formulated PUF evaluation met-
rics defined. (b) show the defined metrics, uniqueness, diffuseness,
bit-aliasing, uniformity, and reliability. . . . . . . . . . . . . . . . . 167
Figure 6.2 (a) Proposed nonlinear architectural ReRAM PUF (nrPUF). (b) Re-
sult of worst-case uniformity comparison of the proposed nrPUF
and the conventional single crossbar method. (c) Comparison of
avalanche characteristics of the nrPUF and the single crossbar method.169
Figure 6.3 Block diagram of differential harvesting approach. The undesirable
noise can be added in power supply voltages, which could affect the
quality of output bit-stream. . . . . . . . . . . . . . . . . . . . . . . 172
xv
List of Tables
Table 2.1 Uniqueness and reliability comparison of memory-based PUF con-
structions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Table 2.2 Comparison of emerging non-volatile memories (NVMs). . . . . . . 46
Table 2.3 Uniqueness, diffuseness, uniformity and bit-aliasing comparison of
ReRAM-based PUF constructions. . . . . . . . . . . . . . . . . . . . 75
Table 2.4 Reliability of ReRAM-based PUF constructions in the literature. . . . 76
Table 2.5 ReRAM-based PUFs performance comparison. . . . . . . . . . . . . 77
Table 3.1 Comparison of ReRAM CBA-based PUFs. . . . . . . . . . . . . . . 102
Table 4.1 Comparison of reported PUF primitives based on different technologies.122
Table 4.2 Machine learning tests configuration and predictability. . . . . . . . . 132
Table 4.3 NIST statistical test results of a PUF with three different bias voltages. 134
Table 5.1 Simulated improved rejection ratio of this work compared to single
fixed reference method. . . . . . . . . . . . . . . . . . . . . . . . . . 152
Table 5.2 Characteristics of the implemented amplifier. . . . . . . . . . . . . . 154
Table 5.3 Machine learning test on ReRAM-based TRNG. . . . . . . . . . . . 160
Table 5.4 NIST statistical test result. . . . . . . . . . . . . . . . . . . . . . . . 161
Table 5.5 Implementation of resistive switching memory-based RNGs. . . . . . 163
Table 6.1 Machine learning tests configuration and predictability. . . . . . . . . 170
Table 6.2 NIST statistical test results of a PUF with three different bias voltages. 170
xvi
List of Abbreviations and Acronyms
1T1R 1-transistor 1-resistor.
AES advanced encryption standard.
Arb-PUF arbiter PUF.
AWB automatic write-back.
BC bit commitment.
BCH Bose-Chaudhuri-Hocquenghem.
BEOL back-end-of-line.
BER bit error rate.
C2C cycle-to-cycle.
CBA crossbar array.
CF conductive filament.
CMOS complementary metal-oxide-semiconductor.
CNT carbon nanotube transistor.
COA certificate of authenticity.
CPUF controlled PUF.
CRP challenge-response pair.
D2D device-to-device.
DPA differential power analysis.
DRAM dynamic random access memory.
DRV data retention voltage.
ECC error correction code.
ECM electrochemical metalization.
xvii
EPROM erasable programmable read-only memory.
FeRAM ferroelectric random access memory.
FPGA field-programmable gate array.
HD Hamming distance.
HRS high-resistance state.
HW Hamming weight.
IBS index-based syndrome.
IC integrated circuit.
IoE Internet of Everything.
IoT Internet of Things.
KE key exchange.
LER line edge roughness.
LFSR linear-feedback shift register.
LRS low-resistance state.
MRAM magnetic random access memory.
MTJ magnetic tunnel junction.
MUX multiplexer.
NIST National Institute of Standards and Technology.
NMOS n-channel metal-oxide-semiconductor.
NVM non-volatile memory.
OD oxygen deficient.
OT oblivious transfer.
PCRAM phase-change resistive access memory.
PMOS p-channel metal-oxide-semiconductor.
PPUF public PUF.
PRNG pseudo random number generator.
xviii
PUF physical unclonable function.
ReRAM redox-based resistive random access memory.
RF radio frequency.
RFID radio frequency identification.
RNG random number generator.
RO-PUF ring oscillator PUF.
ROM read-only memory.
RTN random telegraph noise.
SHA secure hash algorithm.
SHIC-PUF super high information content PUF.
SNR signal-to-noise ratio.
SRAM static random access memory.
SRAM-PUF static random access memory PUF.
STT-MRAM spin-transfer-torque magnetic random access memory.
TCM thermochemical mechanism.
TRNG true random number generator.
VCM valence change mechanism.
VDC voltage-to-digital converter.
List of Publications
Below is the list of publications that have resulted directly from the work undertaken by the
author for this PhD thesis.
xix
Journal Publications
1. Jeeson Kim, Hussein Nili, Nhan D. Truong, Taimur Ahmed, Jiawei Yang, Doo Seok
Jeong, Sharath Sriram, Damith C. Ranasinghe, Samuel Ippolito, Hosung Chun and
Omid Kavehei, “Nano-intrinsic true random number generation: A device to data
study,” IEEE Transactions on Circuits and Systems I: Regular Papers, DOI: 10.1109/T-
CSI.2019.28 95045
2. Jeeson Kim, Taimur Ahmed, Hussein Nili, Jiawei Yang, Doo Seok Jeong, Paul Beck-
ett, Sharath Sriram, Damith C. Ranasinghe and Omid Kavehei, “A physical unclonable
function with redox-based nanoionic resistive memory,” IEEE Transactions on Infor-
mation Forensics and Security, vol. 13, no. 2, pp. 437–448, 2018
3. Hussein Nili, Gina C. Adam, Brian D. Hoskins, Mirko Prezioso, Jeeson Kim, M. Reza
Mahmoodi, Farnood Merrikh Bayat, Omid Kavehei and Dmitri B. Strukov, “Hardware-
intrinsic security primitives enabled by analogue state and nonlinear conductance vari-
ations in integrated memristors,” Nature Electronics, vol. 1, pp. 197–202, 2018
4. Taimur Ahmed, Sumeet Walia, Jeeson Kim, Hussein Nili, Rajesh Ramanathan, Edwin
L. H. Mayes, Desmond W. M. Lau, Omid Kavehei, Vipul Bansal, Madhu Bhaskaran
and Sharath Sriram, “Transparent amorphous strontium titanate resistive memories
with transient photo-response,” Nanoscale, vol. 9, no. 38, pp. 14690–14702, 2017
5. Hussein Nili, Taimur Ahmed, Sumeet Walia, Rajesh Ramanathan, Ahmad Esmaielz-
adeh Kandjani, Sergey Rubanov, Jeeson Kim, Omid Kavehei, Vipul Bansal, Madhu
Bhaskaran and Sharath Sriram, “Microstructure and dynamics of vacancy–induced
nanofilamentary switching network in donor doped SrTiO3−x memristors,” Nanotech-
nology, vol. 27, no. 50, pp. 505210:1–8, 2016
Refereed Conference Publications
1. Jeeson Kim, Hussein Nili, Gina C. Adam, Nhan D. Truong, Dmitri B. Strukov and
Omid Kavehei, “Predictive analysis of 3D ReRAM-based PUF for securing the Internet
of Things,” in Proceeding TenSymp, 2018, pp. 57–60
2. Gina C. Adam, Hussein Nili, Jeeson Kim, Brian D. Hoskins, Omid Kavehei and Dmitri
B. Strukov, “Utilizing IV non-linearity and analog state variations in ReRAM based
security primitives,” in 47th European Solid-State Device Research Conference (ESS-
DERC), 2017, pp. 74–77
xx
3. Jeeson Kim, Matthew M. Kim and Paul Beckett, “Static leakage control in null con-
vention logic standard cells in 28 nm UTBB-FDSOI CMOS,” in International SoC
Design Conference (ISOCC), 2015, pp. 99–100
4. Matthew M. Kim, Jeeson Kim and Paul Beckett, “Area performance tradeoffs in NCL
multipliers using two-dimensional pipelining,” International SoC Design Conference
(ISOCC), 2015, pp. 125–126
xxi
Abstract
With the advent of Internet-enabled electronic devices and mobile computer systems,
maintaining data security is one of the most important challenges in modern civilization.
The innovation of physically unclonable functions (PUFs) shows great potential for en-
abling low-cost low-power authentication, anti-counterfeiting and beyond on the semicon-
ductor chips. This is because secrets in a PUF are hidden in the randomness of the physical
properties of desirably identical devices, making it extremely difficult, if not impossible,
to extract them. Hence, the basic idea of PUF is to take advantage of inevitable non-
idealities in the physical domain to create a system that can provide an innovative way to
secure device identities, sensitive information, and their communications. While the phys-
ical variation exists everywhere, various materials, systems, and technologies have been
considered as the source of unpredictable physical device variation in large scales for gen-
erating security primitives. The purpose of this project is to develop emerging solid-state
memory-based security primitives and examine their robustness as well as feasibility.
Firstly, the author gives an extensive overview of PUFs. The rationality, classification,
and application of PUF are discussed. To objectively compare the quality of PUFs, the au-
thor formulates important PUF properties and evaluation metrics. By reviewing previously
proposed constructions ranging from conventional standard complementary metal-oxide-
semiconductor (CMOS) components to emerging non-volatile memories, the quality of
different PUFs classes are discussed and summarized. Through a comparative analysis,
emerging non-volatile redox-based resistor memories (ReRAMs) have shown the poten-
tial as promising candidates for the next generation of low-cost, low-power, compact in
size, and secure PUF.
1
Next, the author presents novel approaches to build a PUF by utilizing concatenated
two layers of ReRAM crossbar arrays. Upon concatenate two layers, the nonlinear struc-
ture is introduced, and this results in the improved uniformity and the avalanche charac-
teristic of the proposed PUF. A group of cell readout method is employed, and it supports
a massive pool of challenge-response pairs of the nonlinear ReRAM-based PUF. The non-
linear PUF construction is experimentally assessed using the evaluation metrics, and the
quality of randomness is verified using predictive analysis.
Last but not least, random telegraph noise (RTN) is studied as a source of entropy for
a true random number generation (TRNG). RTN is usually considered a disadvantageous
feature in the conventional CMOS designs. However, in combination with appropriate
readout scheme, RTN in ReRAM can be used as a novel technique to generate quality
random numbers. The proposed differential readout-based design can maintain the quality
of output by reducing the effect of the undesired noise from the whole system, while
the controlling difficulty of the conventional readout method can be significantly reduced.
This is advantageous as the differential readout circuit can embrace the resistance variation
features of ReRAMs without extensive pre-calibration.
The study in this thesis has the potential to enable the development of cost-efficient
and lightweight security primitives that can be integrated into modern computer mobile
systems and devices for providing a high level of security.
2
Chapter - 1
Introduction
1.1 Trend
Security is a concept expressing resilience against potential harm or damage from external
hostile forces. Beneficiaries of security may include objects, systems, persons, groups and
institutions vulnerable to unwanted changes by its environment. The term is also used to
refer to a means to protect its beneficiaries. The means by which a referent provides for
security include, for example, protective systems (e.g., fence, lock, and carrier), detection
systems (e.g., radar and security cameras); and policy intended to develop conditions (e.g.,
access control using photo identification).
The need for secure communication is a topic of the long history with early example
dating back to about 2000 B.C. in Ancient Egypt, and Egyptian hieroglyphics is a secret
writing system hiding the meaning of a message [32]. Likewise, in the past, and to an
extent still today, the secure military communication has been undoubtedly crucial. In
our current vastly digitalised world, the need for digital information security has risen
exponentially due to the increased in sensitive information processing and communica-
tion across various platforms, e.g., computer and smart mobile devices. Moreover, the
3
explosive growth of Internet of Things (IoT), or less frequently referred to Internet of Ev-
erything (IoE), introduces sensitive information which is communicated over the Internet
every moment of our lives. Unfortunately, keeping security is a difficult task, and we often
witness security vulnerability or entire broke-down at worst case. In June 2010, Stuxnet
demonstrated that a digitalised attack and this could interfere with normal operation of
an entire industrial plant is one profound example of a large number of similar occasions
[33–36]. In many ways, our society has become inseparable from digital information, and
this places a high demand for reliable security and trust techniques.
Cryptology, as a subfield of security, deals with the science of constructing secret writ-
ing system for information security (cryptography) and the science of breaking constructed
cryptosystems (cryptanalysis) [32]. Because cryptanalysis is the only way to assure that a
cryptosystem is secure, cryptography and cryptanalysis are closely linked and often exer-
cised by the same person. This is in agreement with Kerckhoffs’ principle [37], which the
most classical cryptographic approaches rest on the concept that cryptosystems can only
be considered secure if the system details, but the secure key, is public knowledge and
can successfully withstand cryptanalysis attempts. At the same instant, the Kerckhoffs’
principle emphasizes the importance of not exposing the secure key to outside despite the
elaborate cryptanalysis. Therefore, the degree of security is typically expressed by the
required level of effort to break the cryptosystems without knowing the key.
When security came into the modern world, symmetric cryptography and asymmetric
cryptography have been widely used. Especially, asymmetric cryptography has domi-
nantly performed in the markets, while its cost became a more significant concern. Cost
is measured regarding memory usage, power consumption, die size, and execution time,
etc. On the other hand, authenticity and credibility are the most essential considerations
in the financial and banking markets. Therefore, early cryptographic focused on build-
ing security strictly using steel or heavy hardware security modules (HSMs). The later
emergence of non-volatile memory (NVM) added flexibility for some applications and
4
the current best practice for providing security in a mobile system is to place a secret
key in a non-volatile electrically erasable programmable read-only memory (EPROM) or
battery-backed volatile static random access memory (SRAM). The key is used for hard-
ware cryptographic operations, where the key lengths correspond to the level of security.
However, another rule applies-the longer the key, the more resources and computation are
required. In other words, the increase in cost is inevitable for achieving a high level of
security.
Is this 
authentic 
device? 
Trusted location 
IoT device ??? Untrusted supply 
chain/Environment 
Point of authentication 
Fingerprint 
DB 
Figure 1.1: General view of authentication of IoT device using device fingerprint.
For applications where devices are less focused on security, a software-based crypto-
graphic implementation is often sufficient. For example, a bootloader verifying the authen-
ticity of the embedded firmware is commonly used to prevent most threats to consumer
and industrial devices using digital signature and hash functions. Software-based solu-
tions are simple and do not pose significant cost concerns. However, when performing
software encryption algorithm on platforms where other applications are running concur-
rently, there is a potential for information leaked from timing measurements or cached data
to enable the detection of secret keys and cause solution failures. Also, in some traditional
5
situations, such as consumer products using small core or core-less chips, hardware-based
cryptographic is the only solution. For such consumer products, costs are under pressure
and security is not the selling advantage. These security practices demonstrate a constant
struggle between the low implementation costs and the high security levels.
Nonetheless, consumer products must be provided at the lowest possible cost with se-
curity features, and authentication is often used in this context (Figure 1.1). Symmetric
challenge and response-based validation are often used to prevent potential counterfeiting
for the authentication. If it aims for truly random numbers, the cryptographic imple-
mentation in hardware is mandatory for the random number generation, while software
post-processing ideally helps produce more numbers.
In classical authentication, the secret binary key needs to be permanently stored on
the NVM of the devices and remains unexposed. However this is difficult to uphold in
practice, as performing physical attacks such as nvasive, semi-invasive, or side-channel
attacks on NVM is relatively easy; when succeed it can potentially expose the secret key.
In this context, this hardware vulnerability is one of the initial motivations for developing
a better secret key protection [38].
6
1.2 Research Questions and Objectives
Research Questions
A thorough literature review will be given in Chapter 2. Based on the limitations of cur-
rently developed techniques, the research questions in this project are listed as below:
Q1. Are variation features in emerging NVMs, specifically redox-based resistive ran-
dom access memory (ReRAM) controllable, and yet, still possess a strong source of
randomness for building low-overhead security primitives?
Q2. What are the security benefits, consequences and performance metrics of using non-
conventional architectural platforms?
Q3. Do the ReRAM-based security primitives meet the requirements for completing
end-to-end security at the device level for the IoT revolution?
Research Objectives
This research aims to address the emerging non-volatile memory-based security primitives
for improving IoT device security. The detailed objectives are listed below:
• Clarifying and defining the high standard criteria for a robust yet feasible prototype
of innovative security primitives.
• Offering a novel design of security application and implement a prototype which
fulfills the defined specifications.
• Evaluating and verifying the feasibility of the proposed designs using various meth-
ods.
The outcomes of the research are presented in four chapters, as summarized below:
7
Chapter 2 presents an overview of conventional security protocols. This chapter also
elaborates the rationality of non-conventional security primitives, physical unclonable
function (PUF), as well as the designs and performance of PUFs.
Chapter 3 presents a novel PUF design using ReRAM to enhance security level for
securing sensitive information and communication across various platforms. The experi-
mental and theoretical analysis is performed to show that ReRAMs is a promising candi-
date for variation source to build a fingerprint of an object that can be embedded in mobile
and ubiquitous devices. This part of research attempts to address the research question
Q1.
Chapter 4 presents experimentally verified analogue state-based ReRAM-PUF design.
It will be showed that the stacked 3D ReRAMs in crossbar structures offer the nonlinear
configuration, which may enhance the security level of the design by increasing possible
challenge space. Such a design will be more robust against potential modelling attacks.
The extensive performance evaluation is conducted using predictive analysis including
machine learning prediction. This part of research attempts to address the research ques-
tions Q1 and Q2.
Chapter 5 presents a circuit technique for extracting true random numbers from carrier
capture and emission in oxide traps of emerging ReRAMs. This part of research attempts
to address the research question Q3.
8
Chapter - 2
Background
2.1 Introduction to Physical Unclonable Function
Security is an emerging topic due to the important hardware design objective in recent
years [39]. Hardware needs to be protected, as potential insecurities can cause attacks on
the programs and contents running on it. Also, manufacturing of integrated circuit (IC)
by potentially untrusted foundries and the use of insecure components have caused an in-
creasing need for protecting hardware [5]. Current hardware security techniques rely on
conventional cryptographic protocols to provide security. In classical cryptography, the
secret binary key is considered to be permanently stored on the memory device of the
hardware and remain unknown. However, this is difficult to uphold in practice, as per-
forming physical attacks such as invasive, semi-invasive, or side-channel attacks on NVM
is relatively easy, and when successful it can potentially expose the secret key [40]. This
vulnerability is one of the initial motivations for developing a better secret key protection
[38], as depicted in Figure 2.1.
9
challenge response 
100101...     010010...   
101000...     001010... 
000110...     110000... …
 
…
 
possible to extract secret key in 
the storage by physical attacks 
Device B Device A 
100110... PUF 
Memory 
• Read 
• Replace 
• Re-flash 
hard to fully characterize or predict 
set of challenge-response pairs 
??? 
Figure 2.1: Vulnerability of the methods for storing secret key.
2.1.1 Why PUF?
PUF hardware that utilizes simple digital circuits has numerous advantages such as simple
fabrication process, less power consumption, occupying less area than EEPROM/RAM,
and has the potential to form anti-tamper circuitry. Also, simple PUF applications do
not require expensive cryptographic hardware such as secure hash algorithm (SHA) or
a public/private key encryption algorithm. Since the “secret” is derived from physical
characteristics of the IC, the chip must be powered on for the secret to reside in digital
memory. Any physical attack attempting to extract digital information from the chip,
therefore, must do so while the chip is powered on.
On the other hand, invasive attacks are more difficult to execute without modifying
the physical characteristics from which the secret is derived. Therefore, continually pow-
ered active anti-tamper mechanisms are not required to secure the PUF. Also, non-volatile
memory is more expensive to manufacture. For example, EPROMs require additional
mask layers, and battery-backed RAMs require an external always-on power source.
10
2.1.2 What is PUF?
In 2001, Pappu [41] introduced a 3-dimensional micro-structures PUF construction using
coherent radiation and defined it as a physical one-way function (POWF), which was the
general concept of a PUF. Immediately after, Gassend et al. [9] proposed a silicon-based
PUF construction and defined it as a Physical Random Function. They chose the acronym,
which stands for Physical Unclonable Function for pronounce convenience and avoiding
confusion with the concept of a pseudo-random function (PRF). In the mathematical sense,
a PUF is not strictly a pure function because a single input can be related to more than a
single output due to environmental noise on the response generation. PUF, therefore, can
be described as a probabilistic function, since it deals with uncertainties or variabilities in
parameters [42]. This leads the output of a PUF to be considered as a random variable
with a probability distribution, instead of a deterministic value.
The concept of a PUF can be expressed as “a fingerprint of an object”. A human
fingerprint is referred to measurable physical characteristics as part of human biometrics,
and a biometrics authentication is often used in computer science for the identification and
access control. Proper human biometrics such as fingerprint are suitable for authentication
due to the characteristics of inheritance, unclonability and individuality, which are also
applicable to the PUF concept in a similar manner [43]. These characteristics are explained
in details as below:
• Inheritance: Every human being is born with physiological biometrics. Similarly,
individual PUF instances are presented with its intrinsic variations that are deter-
mined during the creation process, in particular, the fabrication process for silicon-
based PUFs.
• Individuality: A human inherited biometric is a feature that its trait can distinguish
them from one another. Even for identical twins who share the same genetic profile,
it is unlikely to present the identical fingerprints. Similarly, a specific PUF instance
11
presents instance-specific identifying feature while a type of PUF shares the same
construction and execution process.
• Unclonability: Human biometrics are inherited physical/biological features that are
beyond human control. Unlike more traditional means of systems, such as a driver’s
license or passport, cloning a physical feature of human is very difficult, and this
has reinforced the individuality of human biometrics. Similarly, for a PUF, intrin-
sic variations are out of human involvement/control that makes the creation of an
identical copy of the original very difficult if not impossible.
As the discussion, the PUF concept can be expressed as “a PUF is an intrinsically embed-
ded physically unclonable instance-specific feature of an object.”
2.1.2.1 Introduction of Weak and Strong PUFs
Weak and strong PUFs are sub-classes of PUFs, which can be classified based on a pos-
sible challenge-response pair (CRP) or more often CRPs. The inputs to a PUF are called
challenges and the outputs are called responses. An applied challenge and its obtained
response are called a CRP. For a set of instantiations of a particular PUF construction,
the responses to the same challenge are expected to be different. Therefore, its CRP be-
haviours can be used to distinguish one PUF instance from others.
The concept of weak PUF is typically a new form of storing secret binary keys in
hardware memories such as read-only memory (ROM), flash memory, or NVM etc. using
bit-to-cell mapping method. Therefore, the total number of CRPs is limited to the total
number of cells, often only one CRP per PUF instance. As the number of secret keys from
weak PUF is small, access to response(s) of weak PUF should be restricted even for the
adversary who physically possesses the PUF hardware. The most popular implementation
of weak PUF is static random access memory PUF (SRAM-PUF) that exploits the thresh-
old variation of the cross-coupled SRAM cells. Examples of SRAM-PUF and few more
12
memory-based weak PUFs’ construction will be discussed in Section 2.2.5.
In opposition to weak PUF, strong PUF derives a more complex challenge-response
behaviour and needs to generate response instead of readout cells. Typically, even if the
adversary holds a physical possession of the PUF, strong PUF still can prevent a full read-
out of all CRPs due to their large number of challenges. It is often assumed that access
to responses is publicly available, and an adversary who carries hardware of a particular
PUF can apply arbitrary challenges to the strong PUF for generating the corresponding
responses. However, due to the large enough number of CRPs, the adversary is still very
unlikely to enumerate all CRPs within a certain fixed time (ideally, exponential in the num-
ber of challenge bits). The strong PUFs described above are typically associated with the
application of low-cost authentication. In this case, a strong PUF can replace the secure
memory and crypto hardware on an embedded device to be used for securely identifying
the device to a server. Because the PUF does not require secure NVM, anti-tamper cir-
cuitry, or additional supporting crypto acceleration hardware, therefore, a PUF-based so-
lution requires less area, power, and mask layers in comparison to traditional approaches.
2.1.2.2 Intrinsic PUFs
While a first attempt to describe PUF or PUF-like construction was based on optical sys-
tem in 2001 (See the construction and operation in Section 2.2.2), intrinsic PUF is a class
of PUFs that are widely investigated since the originally suggested construction of delay-
based silicon-PUFs (See the constructions and operations in Section 2.2.4.1 and Section
2.2.4.2). The intrinsic PUFs require two additional characteristics [44]: firstly, the com-
plete PUF construction should be fully integrated into the embedding device, and this also
includes the measurement equipment; secondly, this integration should be completed us-
ing the standard manufacturing flow without the need of process designed for PUF-specific
function and components. It is clear that intrinsic PUF can provide cost-efficient solutions
because of these two characteristics. For example, the fact that SRAM has been widely
13
used in nearly all electronic applications is favourable for this PUF as it can use embedded
SRAM instead of intentionally built circuits.
2.1.2.3 PUF Extensions
Super high information content PUF (SHIC-PUF): Ru¨hrmair et al. [45] proposed a con-
cept of SHIC-PUF to maximize the extractable structural information content of a physical
system within the drastically reduced readout speed. The design of high-density infor-
mation allows the immunity against any algorithmic attacks including machine-learning
techniques, and their security even can withstand attackers with unlimited computational
power. The use of crossbar array (CBA) in SHIC-PUF was proposed due to its high-
density information structure as well as its relatively easy integration on a chip. Due to the
high-density information, hence large CRP space, all SHIC-PUFs are considered strong
PUFs [46].
Controlled PUF (CPUF): Gassend et al. [47] defined CPUF that could only be ac-
cessed via a physically bounded algorithm. This algorithm strengthens the PUF by making
any attempt breaks the link between the PUF and the algorithm, leading to the destruction
of the PUF. The main advantage of CPUF is the inseparable algorithm that generates chal-
lenges of the PUF can make chosen-challenge based model-building attacks more difficult
[43]. Hence, turning PUF into a CPUF could increase security, but this increased security
strongly depends on the link of the PUF with the access algorithm [44].
Public PUF (PPUF): PPUF was suggested to resolve the central conceptual and prac-
tical limitation of classical public cryptography, which is derived from the manufacturing
limitation of entirely identical systems at the gate and transistor levels due to the intrinsic
manufacturing variability of silicon technology [48]. Also, the fact that many types of
PUFs can be reverse engineered motivates the creation of PPUF. PPUF is a class of PUF
that is intentionally made easy to be reverse engineered [49]. Therefore, extraction the
parameters on physical systems of the PUF (public key) is possible as the PUF model is
14
publicly available. However, the full characterisation, cloning or simulation of its input-
output mapping (secret key) remains infeasible as only the owner of the PPUF hardware
can rapidly compute the outputs for a given input. SIMPL (simulation possible, but la-
borious) system was proposed by Ru¨hrmair [50], which is a similar concept to the one
proposed by Beckmann and Potkonjak [48].
Reconfigurable PUF: Kursawe et al. [51] firstly defined reconfigurable PUF as its
mechanism and configuration can be transformed into an entirely new PUF, such that
even with the knowledge of CRPs from the previous configuration, the challenge-response
behaviour of the new configuration cannot be predicted. Moreover, it should be noted that
it is challenging to revert the configuration of reconfigurable PUF, and the configuration
mechanism should not be in the form of changing a part of the challenge or altering the
placement of PUF.
2.1.3 How to Use PUF?
There are two broad applications for PUFs - secret key generation and authentication. In
order to achieve the security objectives, both applications follow a sequence of steps re-
ferred to a cryptographic protocol [52]. This protocol often requires special techniques
such as random number generator (RNG) and hash function. Hash function is a funda-
mental component of modern cryptography that can map data of arbitrary size to a fixed
size. Random number generation plays an important role in cryptographic protocols in,
e.g., generating session and signature keys. It produces a sequence of zero and one bits,
and the security of cryptographic systems highly depends on the unpredictability of the
bit sequences. RNGs can be categorized into pseudo random number generator (PRNG)
and true random number generator (TRNG). PRNG generates a random number sequence
based on a mathematical algorithm and functions, while TRNG generates random se-
quences that are unpredictable.
15
2.1.3.1 Secret Key Generation
Secure key generation and retrieving the key are common practices for the majority of
cryptographic implementation [53]. The conventional method of using PUFs as a secret
key generator only requires a fixed number of secret bits to be generated. These key bits
can be obtained from PUF response and used for cryptographic primitives such as en-
/decryption and digital signatures. Unfortunately, the direct output of the PUF circuit is
often considered inappropriate as cryptographically secure keys because noise can create
unstable response output [54]. Therefore, noisy bits must be error-corrected with the aid
of helper bits [10, 55–57]. The idea of error correcting is when the PUF is challenged for
the first time; the so-called helper data is generated. If the PUF is re-challenged later with
the same challenge, the helper data can be used for the error correction, hence response
reconstruction. The overview and details of the topic are very well discussed in [58].
The method to reliably reconstruct the noisy bits, which is called secure sketching, was
proposed by Dodis et al. [59]. The secure sketch follows a specific process of generation
and reproduction, Gen and Rep. During generation phase, the secure sketching takes the
PUF response r as an input and returns helper data, h = Gen(r). During reproduction
phase, PUF response r′′ is reconstructed by taking the noisy response and the helper data,
r′′ = Rep(r′,h). Hamming distance (HD) is used to evaluate the accuracy of construction,
such as ensuring successful reproduction if HD(r,r′) ≤ τ for both the code-offset and
syndrome constructions, where τ is a certain threshold value that defines tolerable error
level.
The fuzzy extractor is a concept that can resolve the reliability issue as well as the
lowering entropy that cannot be covered by using secure sketching only. Fuzzy extractors,
therefore, are often used with PUF implementations. During generation phase, the fuzzy
extractor takes the PUF response r as an input and generates the key k, as well as helper
data h, (k,h)← Gen(r). During the key reconstruction phase, the fuzzy extractor takes the
helper data h and a noisy response r′ as the inputs to reconstruct the key, k← Rep(h,r′).
16
Successful reconstruction is guaranteed with a threshold level τ such that if HD(r,r′)≤ τ .
Several types of error correction constructions can be used to this end. Gassend [60]
firstly suggested the use of error correcting of PUF response using 2D Hamming code.
Shortly after, Dodis et al. [59] introduced a software implementation of the fuzzy extractor
based on Bose-Chaudhuri-Hocquenghem (BCH) codes. Suh et al. [10, 54, 61] proposed
more realistic approach of delay-based PUFs with BCH code, which is a popular error
correcting code for binary data. Guajardo et al. [62] proposed a concept of memory-based
PUF with a fuzzy extractor using linear block codes. Bo¨sch et al. [55] presented two-stage
error correcting approach on field-programmable gate array (FPGA) and Maes et al. [63]
proposed a use of a soft-decision decoder for memory based PUFs. In 2010, Yu and De-
vadas [57] focused on the use of index-based syndrome (IBS) coding at error correcting
stage. Maes et al. [53] presented a PUF-based cryptographic key generator using a hash
function to accumulate entropy for PRNG. These decoding algorithm-based error correct-
ing schemes on the PUF often require complicated systems and long execution time. In
order to uphold the lightweight nature of PUF, reverse fuzzy extractor was introduced by
van Herrewege et al. [3]. As an alternative, key reconciliation protocol was suggested by
Colombier et al. [64].
2.1.3.2 Authentication Protocol
In this section, the most prominent protocols for PUF-based authentication including one-
way or mutual entity authentications are discussed. Practical instantiations for the authen-
tication could be radio frequency identification (RFID) [65, 66], smart cards [47], IC, IoT
devices [67], etc.
The most simple authentication method is using unprotected strong PUFs [41]. Al-
though strong PUFs are often used for cryptographic key generation, they are also pre-
ferred to be used for lightweight authentication due to its large number of CRPs, which
ensure multiple rounds of authentication procedures. After a verifier establishes PUF CRP
17
Verifier V ProverP
DB ID
Auth−−−−−−−−−−−−−−−−−−→
ID←−−−−−−−−−−−−−−−−−−
Abort if IDi 6∈ DB c−−−−−−−−−−−−−−−−−−→
r′← PUF(c)
r′←−−−−−−−−−−−−−−−−−−
Abort if HD(r,r′)> τ
Figure 2.2: Basic PUF-based challenge-response authentication protocol.
database through measurements and the physical PUF is transferred to a prover (PUF-
enabled device), the basic PUF authentication protocol is considered [65, 68]. This pro-
tocol is demonstrated in Figure 2.2, and it works as following authentication scenario: a
Prover P has the possession of PUF device with an unique identifier ID, and a Verifier
V has a pre-recorded database DB of all PUF identifiers and CRPs. Auth is an authenti-
cation request that is often raised by V . Due to the non-determinism of PUF, the direct
output of a PUF (r′) is slightly different from the pre-recorded response in the DB (r), and
this can be described as r′ = r⊕ e, where e represents error bit that has same bit-length
to response and its HW(e) is small [1]. Therefore, PUF-based authentication requires a
certain threshold value for defining tolerable error level (τ) (e.g. successful authentication
if HD(r,r′) ≤ τ). On the other hand, the fuzzy extractors can be used for correcting the
errors before using the noisy response r′. However, it has been demonstrated that the sim-
ple protocol is susceptible to model building attacks [69] when the adversary can perform
CRPs and use it for training set input for a machine learning modelling attack.
Controlled PUF protocol: Authentication protocol of CPUF [9, 47] provides rein-
forcement against model-building attacks via a cryptographic hash function. For con-
trolled PUF protocol, secure sketches and hash functions are used, as shown in Figure
2.3. Firstly, selected challenge c and generated public helper data p = Gen(r) are sent
18
Verifier V ProverP
DB ID
Auth−−−−−−−−−−−−−−−−−−→
ID←−−−−−−−−−−−−−−−−−−
Abort if IDi 6∈ DB
p← Gen(r)
c, p−−−−−−−−−−−−−−−−−−→
a← Hash(c)
r′← Hash(Rep(PUF(a), p),a)
r′←−−−−−−−−−−−−−−−−−−
Abort if r 6= r′
Figure 2.3: Controlled PUF authentication protocol adopted by [1].
to Prover P . Next, response is reproduced using hash functions and the secure sketch
as r′ = Hash(Rep(PUF(Hash(c)), p),Hash(c)). The construction may eliminate potential
chosen-challenge attacks of an adversary. Helper data needs to be stored by the Verifier
V ’s DB.
Lockdown protocol: To withstand against such model-building attacks and other pos-
sible attacks, an enhanced authentication protocol (lockdown protocol) was proposed by
Yu et al. [2]. For the lockdown protocol, the authenticity of Verifier V is also verified
using split response tuple (r1 and r2), as shown in Figure 2.4. Firstly, a packet of selected
challenge c and subsection of the corresponding response r1 is sent to Prover P . Then
V ’s authenticity is verified by calculating HD between received r1 and measured r′1. P
returns another subsection of response tuple r′2 if the HD(r
′
1,r1) is low enough. The adver-
sary cannot get r′2 because he/she fails to issue a packet of c||r1, hence, authentication will
be locked by the prover side.
Lightweight mutual authentication protocol: Design of a PUF-based lightweight mu-
tual authentication protocol was proposed by van Herrewege et al. [3], as shown in Figure
2.5. Verifier V sends the selected challenge as well as randomly chosen nonce N to
ProverP . Then,P evaluates r′← PUF(c), generating p← Gen(r′) using reverse fuzzy
19
Verifier V ProverP
DB ID
Auth−−−−−−−−−−−−−−−−−−→
ID←−−−−−−−−−−−−−−−−−−
Abort if IDi 6∈ DB c ‖ r1−−−−−−−−−−−−−−−−−−→
r′1 ‖ r′2← PUF(c)
Abort if HD(r′1,r1)> τr′2←−−−−−−−−−−−−−−−−−−
Abort if HD(r′2,r2)> τ
Figure 2.4: Lockdown authentication protocol suggested by Yu et al. [2].
extractor and computes hash function a′←Hash(IDA,N,r′′, p). V receives the helper data
p and computes a to reproduce response r′′← Rep(r, p) using response r from DB. The
reproduced r′′ is hashed a′ ← Hash(IDA,N,r′′, p) and it is used for checking a′ = a. If
this is not the case, authentication is aborted, otherwise another hash function generates
b← Hash(a,r) and it is sent toP . Eventually,P computes b′← Hash(a,r′) and accepts
if b′ = b. Since lightweight mutual authentication protocol utilizes reverse fuzzy extrac-
tors, it is applicable for authentication to significantly reduce the area cost overhead of
PUF implementation.
2.1.3.3 Encryption Protocol
So far, the PUF applications in cryptography are limited to secure key generation and
authentication. Recent research shows that PUF can be implemented for secure commu-
nication. Public-key primitives are based on a key pair including public and private keys,
as shown in Figure 2.6 (a). In public-key encryption, public key A can be used to encrypt
a message m into encrypted message c by anyone (here, we called the party, Alice) since
the key is publicly available. However, only the party (Bob) can decrypt c as only Bob
has private key B and decryption requires both A and B, e.g. A⊕B. PPUF can be used in
advanced applications such as public-key cryptography [70].
20
Verifier V ProverP
DB IDA
Auth−−−−−−−−−−−−−−−−−−→
IDA←−−−−−−−−−−−−−−−−−−
Abort if IDA 6∈ DB
Choose random N
c,N−−−−−−−−−−−−−−−−−−→
r′← PUF(c)
p← Gen(r′)
a← Hash(IDA,N,r′, p)p,a←−−−−−−−−−−−−−−−−−−
r′′← Rep(r, p)
a′← Hash(IDA,N,r′′, p)
Abort if a′ 6= a
b← Hash(a,r)
b−−−−−−−−−−−−−−−−−−→
b′← Hash(a,r′)
Abort if b′ 6= b
Figure 2.5: Lightweight mutual authentication protocol suggested by van Herrewege et
al. [3].
In [4], PUF-based communication protocol was introduced. The PUF protocol does
not require a public key pair, but instead, it utilises inverse computation using barrel shifter,
as depicted in Figure 2.6. This communication protocol follow the following steps;
1. Alice encrypts a message m with her PUF as fA(m) and sends it to Bob.
2. Bob encrypts fA(m) with his PUF as fB( fA(m)) and sends it to Alice.
3. Alice decrypts fB( fA(m)) with f−1A , obtains fB(m) and sends it to Bob.
4. Bob decrypts fB(m) with f−1B and obtains the message m.
Besides these applications, PUFs can be used for more complex cryptographic appli-
cations such as oblivious transfer (OT) [46], bit commitment (BC) and key exchange (KE)
[71].
21
Public 
channel 
Public key pair 
A ⊕ B 
⊕ 
c 
𝑓𝐴
−1𝑓𝐵(𝑓𝐴(m)) 
𝑓𝐴(m) 
 𝑓𝐵(𝑓𝐴(m)) 
𝑓𝐵(m) 𝑓𝐵
−1𝑓𝐵(m)=m 
Alice’s PUF 
  c m 
Bob’s PUF 
m 
Alice’s PUF 
Alice’s PUF Inverse mode 
Bob’s PUF Inverse mode 
m 
Bob’s PUF 
 𝑓𝐵(𝑓𝐴(m)) 𝑓𝐴(m) 
(a) 
(b) 
Figure 2.6: PUF-based encryption protocols based (a) public key pair and (b) barrel shifter
as proposed in Ref. [4]).
2.1.4 PUF Preliminary
2.1.4.1 PUF Properties
Over the past few years, many publications introduce new PUF concepts and attempt to
define the general PUF concept. Maes [43] well formulates the key properties of PUFs
using informal qualifiers such as easy or hard, low or high.
Constructibility property for a PUF class describes how easy it is for constructing a
PUF instance of a particular type PUF. The qualifier of ‘easiness’ in this context includes
the cost of production.
Evaluability property for a PUF class was discussed as ‘easy to evaluate’ from the
22
early publications [47, 72]. The ‘easiness’ in this context depends on the variant of PUF
constructions. Theoretically, this points to polynomial time and effort [47]. However,
practically, evaluability can also include area, power, energy, and cost budgets imposed by
the application [43].
Unpredictability property for a PUF class was addressed as ‘hard to characterize or
predict’ [47, 72]. An entire PUF should be difficult to be fully characterized by an adver-
sary who has only a polynomial amount of resources (time, measurement of CRPs, etc.),
and only can extract a negligible amount of information about the response to a randomly
chosen challenge [9].
Mathematical unclonability property for a PUF class is the extension of unpredictabil-
ity with unlimited access. This means that an adversary who has physical access to a
PUF instance can measure the complete CRPs and the observed responses can be used for
building model of the PUF. Therefore, a PUF exhibit mathematical unclonability is unpre-
dictable even with unlimited physical access to the PUF instance. Therefore, mathematical
unclonability of a PUF class represents the unpredictability.
Physical unclonability property for a PUF class means that producing (or manufac-
turing) two identical PUFs is technically impossible even for the manufacturer of original
[47].
Reproducibility property for a PUF class is defined concerning the response distribu-
tion to identical challenge over time. It means that PUF should generate the same response
to the same challenge with a ‘high’ probability.
Uniqueness property for a PUF class is defined concerning the response distribution
to identical challenge across PUF instances. It means that a PUF should generate the
dissimilar responses to the same challenge with high probability.
Identifiability of a PUF class is defined concerning the relation between reproducibility
and uniqueness. It means that for the same challenge, a PUF should generate more alike
responses over time than responses across PUF instances with a ‘high’ probability.
23
One-wayness property for a PUF class is that given a PUF instance and a random
response of the PUF instance, there is no efficient inversion algorithm on the PUF instance
finding a challenge that produces a response similar to the given response.
Tamper evidence property for a PUF class means that it is ‘hard’ to physically alter a
PUF instance without a noticeable effect on its pre-recorded CRPs.
Majzoobi et al.
Maiti et al.
Hori et al.
Kim et al.
  
  
Figure 2.7: The PUF evaluation metrics defined by Majzoobi et al. [5], Hori et al. [6]
and Maiti et al. [7]. Kim et al. [8] formulates the previously defined metrics and shows
analysis results of each metrics on the newly introduced PUF.
24
2.1.4.2 PUF Evaluation Metric
As security primitive, PUF is required to produce random yet device-specific responses
which should be consistent under varying operating conditions. To enable fair evaluation,
the specific PUF performance indicators and tools should be defined. Majzoobi et al. [5]
defined four tests (predictability, collision, sensitivity and reverse engineering) that can
show the resiliency against four broad classes of attacks (predictability, collision, fault-
injection, and reverse engineering attacks), respectively. Later, Hori et al. [6] suggested
the concept of five indicators including randomness, steadiness, correctness, diffuseness
and uniqueness. Maiti et al. [7] defined these PUF evaluation metrics using terms in-
cluding bit-aliasing, uniformity, uniqueness and reliability; and also presented evaluation
results on ring oscillator PUF (RO-PUF). Kim et al. [8] formulated the defined metrics
and showed the results in details on the newly proposed PUF. These evaluation metrics are
illustrated in Figure 2.7.
These qualities of PUF can be evaluated by a few metrics which use various methods
including Hamming distance (HD) and Hamming weight (HW) between responses. HD
is one metric for measuring the edit distance between two sequences of equal length. For
given binary strings SA and SB, HD(SA,SB) is equal to the number of ones in SA⊕SB. HW
of a sequence is the edit distance from the all-zero sequence of equal length. For a binary
string, the HW is equal to the total number of ones in the string.
The following notations are used to calculate the metrics:
P Number of PUF instances
C Number of challenges
T Number of tries
r Response string
ri, j jth bit of the ith response string r
L Bit length of a response
25
Uniqueness represents the capability of one PUF to distinguish itself from other PUFs.
It is expressed as a percentage by calculating HD between two responses from two PUFs
when the same challenge is applied to them. Ideally, uniqueness is expected to be 50%,
which means that (given the same challenge) responses from two PUFs will have an aver-
age of half bit difference. If the number of PUFs is larger than two, the mean value of HDs
from all possible combinations of two
(P
2
)
represents uniqueness. Therefore, uniqueness
is the average inter-PUF HD and can be expressed as below:
Uniqueness =
1(P
2
) P−1∑
i=1
P
∑
j=i+1
HD(ri,r j)
L
×100%. (2.1)
Diffuseness represents the capability of one PUF to generate different responses. Sim-
ilar to uniqueness, diffuseness is also expressed as percentage, but it calculates HD be-
tween a PUF’s responses which are separately obtained by applying distinct challenges.
Therefore, diffuseness shows the degree of difference among different challenges that are
applied to a single PUF and can be expressed as below:
Diffuseness =
1(C
2
) C−1∑
i=1
C
∑
j=i+1
HD(ri,r j)
L
×100%. (2.2)
Ideally, diffuseness is expected to be 50%.
Reliability represents the capability of a PUF to produce the identical response when
the same challenge is applied at two different occasions under the varying operating condi-
tions such as temperature or power supply voltage. Ideal reliability is 100%, which is only
possible when zero-bit error rate (BER) is obtained and this can be expressed as below:
RE = 100%−BER. (2.3)
An ideal PUF should provide zero response difference to the same challenge under varying
26
operating conditions and therefore, BER can be defined as below:
BER =
1(T
2
) T−1∑
i=1
T
∑
j=i+1
HD(ri,r j)
L
×100%. (2.4)
Uniformity represents the capability of PUF to produce balanced bits in a response. It
is expressed as percentage by calculating HW in a response and the ideal uniformity is
50%. Uniformity can be calculated as below:
Uniformity =
1
L
L
∑
j=1
ri, j×100%. (2.5)
where ri, j is jth bit of a L bit response from an ith PUF instance. Uniformity of bit-
string can be evaluated by sub-test of statistical test suite offered by National Institute of
Standards and Technology (NIST).
Bit-aliasing represents the capability of a PUF for producing balanced bits across re-
sponses. It can be measured by calculating the number of ones in a certain bit from dif-
ferent PUF responses to an identical challenge. Ideal bit-aliasing is 50%, and it can be
expressed as below:
Bit-aliasing =
1
P
P
∑
i=1
ri, j×100%, (2.6)
2.1.4.3 PUF Attacks
PUF can be subjected to various attacks. An adversary can attempt to duplicate (clone) or
build a model of the original by using various methods such as direct measurement and
chosen challenge generation.
Cloning attacks: Entire responses to corresponding challenges can be read out in an
invasive manner. In this case, weak PUF can be read out, even though response exists
in the system only for a short time. Even if care is taken to prevent key readout over a
standard on-chip channel, other threat using laser stimulation can also reveal the key if
27
weak PUFs are used. In an invasive attack, an adversary can reprogram the tendency of a
cell using focused ion beam circuit edit, thus effectively cloning the CRP behaviour of the
PUF. Cloning and invasive attacks appear less applicable to strong PUFs.
Modeling attacks: Most relevant attack method for strong PUFs are modelling attacks
which an adversary collects a large number of CRPs from a given PUF and tries to extrap-
olate the behaviour of the PUF on unknown CRPs by numeric methods and parametric
model using collected CRPs. Machine learning algorithms are a powerful tool to this end.
Indeed, if one could learn the basic delay parameters and model the interaction with the
challenge bits, one would be able to accurately predict the response bits for the random
challenge, even without access to the PUF [73].
2.2 Physical Unclonable Function Constructions
In this section, examples of different types of PUFs will be discussed. Their sources of
randomness, configurations and performance results will also be summarised.
2.2.1 Coating PUFs
The concept of using an active coating to protect IC was proposed by Posch [74], and
further building a PUF integrating coating into IC was proposed by Tuyls and Sˇkoric´ [75].
The top of the IC is covered with a protective coating layer, which is doped with random
dielectric particles (e.g., TiO2, SrTiO3, or BaTiO3) with random size and shape. The IC
is equipped with an array of metal sensors beneath the coating layer. Each sensor locally
probes the dielectric properties of the coating layer and measures the capacitance. Selec-
tion of specific sensors is the challenge of the coating PUFs, and measured capacitances
by selected sensors become the response. The coating PUFs can be physically protected
by the coating layer against physical attacks. Tamper evidence was also verified since the
28
coating layer resides on the top of the IC. However, the coating PUFs have limited chal-
lenge space because the amount of sensors is limited, and mathematical cloning possibility
exists.
2.2.2 Optical PUFs
2.2.2.1 Optical PUF
The concept of building PUF using the interaction of visible light with randomised micro-
structure was firstly proposed by Pappu et al. [41, 76]. Optical micro-structure tokens are
constructed, and each token produces an irregular speckle pattern from refractive particles
of the microstructure when irradiated with a laser. The random pattern is then processed
into a binary vector using an image processing technique. The orientations of the laser are
used for optical-PUF challenges, and the result feature vectors are the PUF responses. The
optical PUFs have a large challenge space and predicting responses of unknown challenges
are computationally difficult [77]. However, this optical-PUFs show relatively low relia-
bility compared to other conventional PUF constructions, which leads to the requirement
of sensitive and expensive readout machinery [45].
2.2.2.2 Phosphor PUF
Phosphor PUF which exploits the random pattern formed by scattering phosphor particles
was proposed by Jiang and Chong [78]. These particles have random size and shape that
can be well blended with the products/devices, e.g. the plastic cover since the pattern is
invisible to the human’s naked eye under normal lighting. By using optical equipment, the
random phosphorescent patterns can be detected, and this can be used as the identification
fingerprint for the product/device.
29
2.2.3 Acoustical PUFs
PPUF concept using acoustic delay was firstly proposed by Vrijaldenhoven [79]. In an
acoustic PUF, an electrical signal is transformed into a mechanical vibration through a
transducer, and the vibration propagates as a sound wave through the object and scatters
on the objects with randomly distributed inhomogeneities. The reflections of those waves
are measured and converted back into an electric signal by another transducer.
2.2.4 Silicon-Based PUFs
The aforementioned early PUF constructions show the limitation to be applied in the prac-
tical point of view. On the other hand, building PUF on silicon has a significant advantage
that silicon-based PUFs can directly connect to standard digital circuity embedded on the
same chip. Therefore, silicon-based PUFs are the mainstream of modern PUF construc-
tion. Examples of different silicon-based PUFs, as well as their sources of randomness,
configurations and performance, will be summarised in the following sub-sections.
2.2.4.1 Ring Oscillator PUFs
A ring oscillator PUF (RO-PUF) is one of the most well-known silicon-based PUF con-
structions, which is generally classified as an intrinsic PUF. Some different randomness
sources can be used for this type of PUFs, and they all based on the frequency variation
of the oscillating circuit. An RO-PUF is often implemented in FPGAs since it has been
pointed out that a ring oscillator (RO) based PUF is more FPGA friendly [80] and can be
integrated into an RO based random number generator (RNG) [81].
Delay-based RO-PUF was proposed by Gassend et al. [9]. The architecture includes a
delay circuit which is placed in an oscillator circuit loop together with an additional AND
gates, as depicted in Figure 2.8 (a). The delay circuit consists of n− 1 stages of switch
components and a final multiplexer (MUX), where n is the bit length of the challenge, as
30
Challenge 
delay circuit edge detector 
enable clock 
Response 
1
0
1
0 
1 
0
Stg 1 Stg 2 Stg 3 Stg n-1…
…
…
(b)
(a)
(c)
Figure 2.8: Ring oscillator PUF (RO-PUF) circuit as proposed by Gassend et al. [9]. (a)
A delay circuit is located in the oscillating loop, and the frequency value of the oscilla-
tion is detected/counted by an edge detector/counter. Additional AND gates are used to
enable/disable the oscillation. (b) Delay circuit is made of n−1 stages of switch compo-
nents and a final multiplexer (MUX). (c) Each switch component consists of two 2−to−1
MUXes and pairs of buffers.
shown in Figure 2.8 (b). Each switch component is made of two 2−to−1 MUXes and
pairs of buffers, which is depicted in Figure 2.8 (c). At each switch stage, the input (rising
or falling) edge can be crossly or straightly sent to its output terminal depending on the
challenge bit value of the stage. After the n− 1 stages, one of the two edges is selected
by the final MUX to be applied to the negative-feedback into the input of the delay circuit
in order to form an oscillator. The frequency of the oscillating signal is counted by an
edge detector and a counter in a fixed time interval; the resulting frequency value is the
response. Note that the pairs of buffers in each stage are used to build a non-monotonic
delay circuit, and additional AND gates can enable/disable the oscillation. However, it is
31
clear that the influence of environmental conditions such as supply voltage or temperature
fluctuations on this type of construction is significant. The authors, therefore, suggested
a post-processing compensation scheme taking ratios of delays for different loops, or for
different challenges on the same loop. Another drawback of the RO-PUF is that the num-
ber of challenges is exponential (2n), but the challenges are not independent. This can
lead the vulnerability to model-building attacks. Therefore, this RO-PUF architecture is
physically unclonable, however, they are still mathematically clonable [43].
…
 
…
 
Challenge 
…
 
…
 
counter 
counter 
comp Response 
n-
to
-1
 
n-
to
-1
 
… 
… 
… 
… 
…
 
Figure 2.9: RO-PUF circuit as proposed by Sun and Devadas [10]. Two oscillating signals
generated from ring oscillator blocks are selected by a pair of n−to−1 multiplexers and
their frequencies are separately counted in a fixed time interval. The resulting frequency
values are compared and the result decides a response bit.
Comparison-based RO-PUF was proposed by Suh and Devadas [10], which is an al-
ternative RO-PUF architecture to withstand the model-building attacks. The suggested
RO-PUF structure uses identically implemented n numbers of ring oscillator blocks con-
sisting of a fixed number of inverter chains, as shown in Figure 2.9. Two of their oscillating
signals are selected by n bits challenge using a pair of n−to−1 MUXes. The frequencies
of the selected oscillating signals are separately counted by the counters. Then, the result-
ing counter values are compared and the comparison result (either logic value ‘1’ or ‘0’) is
32
the PUF response bit. Therefore, a response bit r is the result of the frequency difference
between the selected oscillating signals, A and B, and this can be described as below:
r =

1 if fA > fB,
0 otherwise
(2.7)
In this implementation, the number of challenges is
(n
2
)
, but it can be depicted that not all
these challenges produce independent values. For example, assume that the frequency of
oscillator A ( fA) is faster than the frequency of oscillator B ( fB) and fB is faster than the
frequency of oscillator C ( fC). In this case, it is clear that fA is faster than fC and response
bits of all three cases will be the same (either logic value ‘1’ or ‘0’).
To achieve uncorrelated response bits, a straightforward approach can be comparing
fixed pairs and using every oscillator once only. Using this approach, the number of chal-
lenges can be calculated as n2 , which can produce independent response bits. Moreover, to
enhance the reliability of the response bits, the 1−out−of−k masking scheme is also pro-
posed, which reduces the independent response bits down to bnkc. The highest frequency
difference in the group of k oscillator blocks is picked and used for response evaluation.
Note that this RO-PUF is a weak PUF since there is a limited number of challenge bits
that can configure the PUF’s operation. Experimental results of 15 sets of RO-PUFs on
FPGA show uniqueness of 46.15% and reliability of 99.52% under the temperature vari-
ation condition from -20 ◦C to 120 ◦C and the voltage variation condition of ±10%. The
RO-PUF construction from Suh and Devadas [10] was revalidated in large-scale tests by
Maiti et al. [7]. Without using 1−out−of−k masking scheme, experimental results of 125
sets of RO-PUFs on FPGA show uniqueness of 47.31% and reliability of 99.14% under
nominal conditions. It is clear that the reliability of RO-PUF is significantly affected by
temperature variation and voltage variation without using a masking scheme. However,
under a -20% of voltage variation (worst case), the reliability worsens to ∼85%.
Reliability enhanced RO-PUF was proposed by Maiti and Schaumont [82, 83]. This
33
configurable ring oscillator design is the improved construction from Suh and Devadas’s
RO-PUF implementation. In order to reduce undesirable bias caused by the systematic
variation concerning the locations of the oscillators (spatial correlation), firstly, the group
of oscillators are placed as close as possible; and secondly, the physically adjacent pair of
oscillators are selected for the response bit generation. This method significantly reduces
the number of independent response bits to n− 1 when the maximum correlation is as-
sumed. Experimental results of the technique show the improved uniqueness of 47.31%.
With the proposed method, the improved reliability results are nearly 100% with the volt-
age variation of ±20%; the results also error free with the restricted temperature variation
ranging from 25 ◦C to 65 ◦C.
Group-based RO-PUF was proposed by Yin and Qu [84]. Instead of dealing with
spatial correlation, this RO-PUF leverages a subsequence-based grouping algorithm which
effectively maintains the reliability over a wide range of operating temperature (from 0 ◦C
to 100 ◦C), while keeping the independent response bits at bn2c. Experimental results show
that by using their algorithm, ×9.82 improved reliable bits are produced compared to RO-
PUF using 1−out−of−k masking scheme (k = 8). Shortly after, Yin et al. [85] suggested
the use of low complexity algorithm to replace subsequence-based grouping algorithm to
enhance the practicality.
Identity-mapping function based enhancement technique on RO-PUF was suggested
by Maiti et al. [86]. A uniformity of 50.02%, a bit-aliasing of 50.02% and a uniqueness
of 49.99% were obtained by using identity mapping function. Improved reliability is also
discovered under varying supply voltage (±20%) and temperature (from 0 ◦C to 70 ◦C)
conditions.
2.2.4.2 Arbiter PUFs
An arbiter PUF (Arb-PUF) is another well-known PUF construction that is based on the
delay feature in different randomness sources.
34
Challenge 
Response 
1 
0 
1 
0 
Stg 1 Stg 2 Stg 3 Stg n…
…
…
(a) 
(b) 
arbiter circuit 
(c)
Figure 2.10: Basic structure of Arbiter PUF (Arb-PUF) circuit. (a) The architecture of
Arb-PUF consists of n number of switch components and an arbiter circuit. (b) Each
switch components can be made of two 2−to−1 MUXes which are controlled by the
challenge bit and pairs of buffers. (c) Two NAND gates can be used for forming an arbiter
circuit.
Arb-PUF integrating arbiter circuit into PUF was firstly proposed by Gassend et al.
[72]. An Arb-PUF uses two delay paths as a form of concatenating n number switch
components is depicted in Figure 2.10 (a). Each stage is made of a switch component
that consists of two 2−to−1 MUXes and pairs of buffers, as shown in Figure 2.10 (b). At
each stage, the input (rising or falling) edge can be crossly or straightly sent to its output
terminal based on the challenge bit value of the stage. Instead of using a MUX at nth
stage which is used for RO-PUF, an arbiter circuit is placed in the Arb-PUF in order to
determine the winner of the race (response bit), which will be either logical ‘0’ or ‘1’,
as depicted in Figure 2.10 (c). In this implementation, a response bit is decided by one
out of 2n possible pairs of delay paths. However, not all these pairs produce independent
35
values because they are based on a delay parameters linear in n stages. This makes the
Arb-PUFs vulnerable to model-building attacks. From experimental results of 100,000
challenges across 23 FPGAs, a uniqueness of 1.05% was found, which is very far from an
ideal value of 50%. It also shows the reliability of∼99.70% at 40 ◦C. Shortly after, Lee et
al. [11] reported experimental results using 10,000 challenges on Arb-PUF under varying
voltage and temperature conditions. The worst case reliability of 96.26% is found under
the voltage variation of -2%. It worsens to 95.18% under temperature variations ranging
from 40 ◦C to 67 ◦C.
Challenge
Response …
… arbiter 
circuit 
FF
arbiter
…
…
…
…
FF  
arbiter 
…
…
…
…
Figure 2.11: Feed-forward Arbiter PUF (FF-Arb-PUF) circuit as proposed by Lee et al.
[11, 12]. There are additional feed-forward arbiters to control operations of some switch
component.
Nonlinearity-based Arb-PUF was proposed by Lee et al. [11]1 that integrates feed-
forward (FF) arbiters into Arb-PUF. The main structure is similar to a conventional Arb-
PUF structure. Also, it uses feed-forward arbiters which produce unknown challenge bits
and feed them into some of the switch components for introducing nonlinearity into con-
ventional Arb-PUF as shown in Figure 2.11. The nonlinear behaviour can complicate
the reverse engineering process. 190 sets of FF-Arb-PUFs were revalidated by Lim et
al. [12, 87]. Experimental results show the significantly improved uniqueness of 38%.
However, the reliability of FF-Arb-PUF is influenced by the feed-forwarding implementa-
tion, and it worsens to a worst case of 90.16% under a temperature variation ranging from
1It was originally suggested by Gassend et al. [72] in a rough manner.
36
40 ◦C to 67 ◦C. This can be attributed to the increased noise probability due to the internal
arbiters [88].
Suh and Devadas [10] proposed an Arb-PUF circuit that XORing multiple outputs can
obfuscate the output. However, it has been shown that more advanced machine learning
techniques can effectively break the security of the Arb-PUF with XORed output [69].
2.2.5 Memory-Based PUFs
One major class of silicon-based PUF is the memory-based PUF. Memory devices such
as D flip-flops and SRAM consist of standard CMOS components, and thus employing
memory-based PUF does not require additional fabrication process. For the specific case
of SRAMs, they are widely used in existing systems from sensors to microcontrollers. Fur-
thermore, without design constraints, the measuring circuits for SRAM PUFs are simple
in comparison to the aforementioned delay-based PUFs.
2.2.5.1 Flash Memory-Based PUFs
Flash memory is composed of arrays of floating-gate transistors where the transistor con-
sists of stacked two gates (control and floating gates), as shown in Figure 2.12 (a). The
threshold voltage without any charge on the floating gate is different for each transistor due
to manufacturing process variations. As a result, the amount of charge for representing a
logic value ‘0’ in the floating gate varies from device to device. If the threshold voltage of
state ‘0’ is not shifted sufficiently from the threshold voltage of state ‘1’ by using partial
programming, a cell can be in an unstable state.
Wang et al. [89, 90] proposed flash memory-based PUF exploiting the threshold volt-
age variations of flash memory cells using the previously mentioned partial programming
method. This work focuses on random telegraph noise (RTN) in flash memory cells.
Experimental validation of uniqueness and robustness were performed using correlation
coefficient on the 24 PUFs.
37
BL BL 
WL 
𝑉DD 
Q  
Q 
P[0] P[1] 
Logic ‘0’ Logic ‘1’ 
Control gate 
Floating gate 
n+ n+ n-channel 
Isolator 
Source Drain 
(a) 
(c) 
WL 
(b) 
BL 
Figure 2.12: Source of randomness for building memory-based PUFs from (a) flash mem-
ory (b) DRAM and (c) SRAM cells.
2.2.5.2 DRAM-Based PUFs
A dynamic random access memory (DRAM) cell consists of a capacitor and an access
transistor is shown in Figure 2.12 (b). The bit-line (BL) carries a binary value of ‘0’
or ‘1’ depending on the amount of charge in the capacitor. However, the capacitors of
DRAM have different levels of leakage charge due to the non-ideality of the access tran-
sistors caused by, e.g., sub-threshold leakage, gate-induced drain leakage, etc. Therefore,
memory cells need to be periodically refreshed.
2.2.5.3 SRAM-Based PUFs
SRAM-PUF which uses a concept of building PUF based on SRAM was firstly proposed
by Guajardo et al. [62]. The proposed SRAM-PUF exploits its source of randomness from
38
CMOS SRAM cells, which is often in an arrayed structure. A structure of each SRAM
cell typically consists of six transistors2, forming two cross-coupled inverters and two ac-
cess transistors that connect data lines (Q and Q) to bit-lines (BL and BL) based signal on
the word-line (WL), as shown in Figure 2.12 (c). The SRAM-PUF uses the startup state
of SRAM memory cells before initialising the memory. Given that each SRAM cell will
startup independently, with a data value (Q or Q) determined by the uncontrollable process
variations during manufacturing, a consisting of logic values ‘0’ and ‘1’ will appear across
SRAM memory after supply voltage (VDD) is applied. Therefore, for SRAM-PUF, a chal-
lenge is given as a selection of memory locations and the startup behaviour of selected cell
results in the response. Holcomb et al. [91, 92] also proposed a very similar SRAM-PUF
concept. Moreover, Selimis et al. [93] evaluated 68 sets of SRAM cells in 90 nm technol-
ogy. Similarly, Schrijen and van der Leest [94] tested a wide range of SRAM-PUFs with
different technologies (65 nm, 90 nm, 130 nm, 150 nm and 180 nm). In their experiments,
reliability results show above 95% at the nominal condition. However, this reduces to be-
low 95% at extreme temperature conditions (-40 ◦C – 80 ◦C) and supply voltage variation
±10%.
Modified SRAM-PUF was introduced by Okumura et al. [95] in order to overcome
shortcomings of conventional SRAM-PUF that it is difficult to initialise data of cells once
the device is powered on. This is because SRAM cells startup state is decided by charg-
ing one bit-line (either BL and BL) to supply voltage whereas discharging another bit-
line to ground. The newly suggested circuit leverages additional n-channel metal-oxide-
semiconductor (NMOS) on the bit-lines and a p-channel metal-oxide-semiconductor (PMOS)
switch on the VDD line; and additional driver signals were required to control the additional
features. In comparison to the conventional SRAM-PUF, ∼43% less energy consumption
per bit was expected.
DRV-based SRAM-PUF that uses data retention voltage (DRV) in SRAM as a PUF
2The type of SRAM cells varies and other kinds of SRAM cells use 4, 8 or 10 transistors.
39
was proposed by Holcomb et al. [96]. The DRV signifies the minimum supply voltage, at
which its cells can retain state. PUF approach using the DRV in SRAM cells was claimed
to be more informative than previously suggested SRAM-PUF. Various simulation mod-
els and experimental measurements show that typical SRAM DRV is under 300 mV. By
applying low supply voltages to SRAM cells, data retention failures can occur and spuri-
ously flip the cell state to the opposite (either from logic value ‘0’ to logic value ‘1’ or vice
versa). The proposed PUF was able to achieve 28% more reliable readout of SRAM cells
compared to same group’s initial SRAM-PUFs [91, 92]. The extended idea of DRV-based
SRAM-PUF was presented by Xu et al. [97]. In this work, DRV-based hashing scheme
was suggested to overcome temperature-related sensitivity of DRV.
2.2.5.4 Latch PUF
Alternative memory PUFs using more advanced digital storage elements were also intro-
duced. For example, a concept of Latch-PUF was proposed by Su et al. [98]. Similar
to SRAM cell, it consists of cross-coupled NOR gates, and these gates are driven to cell
instability through a reset. Then they are released to generate the output based on the
threshold voltage mismatch.
2.2.5.5 Butterfly PUF
In 2008, Kumar et al. [99] proposed the concept of Butterfly PUF as a method to emulate
SRAM-behavior, while it can fix the need to reset memory cells on startup. It consists
of two cross-coupled data latches with a CLEAR/PRESET input that drives the device
to instability. Experimental validation results using 64 bits arrays were also performed.
However, the values of PUF evaluation metrics were not reported. The main drawback
of Butterfly PUF is that careful routing and placement is required for each butterfly cells
[100].
40
2.2.5.6 Flip-Flop PUF
A construction of PUF based on D flip-flop was introduced by Maes et al. [100], and
its cells are composed of two cross-coupled flip-flops. The flip-flop PUF utilises start-up
values on the FPGA in the same way as an SRAM-PUF. Bias toward ‘0’ in the output bit
string was observed in this construction. Alternatively, van der Leest et al. [101] proposed
a processing method that can reduce the bias that is naturally presented in the start-up
values of D flip-flop PUF.
2.2.5.7 Buskeeper PUF
A concept of building PUF using a Buskeeper (also known as bus holder) was introduced
by Simons et al. [102]. The Buskeeper is a weak latch that is intended to be used with
on-chip buses. Functionally, it is equivalent to a D-latch with enable signal connected to
the supply voltage. Similar to SRAM and D flip-flop, Buskeepers are standard CMOS
components that can be easily distributed as part of IC. Besides, Buskeepers are usually
much smaller than D flip-flops. Therefore, Buskeeper PUF can be an alternative to flip-
flop PUF using fewer resources.
2.2.6 Other Types of PUFs
2.2.6.1 Radio Frequency-Based PUFs
A concept of building certificate of authenticity (COA) using radio frequency (RF) of
physical object (RF-COA) was introduced by DeJean and Kirovski [103]. In 2009, Gua-
jardo et al. [104] proposed resonance frequency based weak PUF which is similar to RF-
COA. The PUF exploits LC circuits consisting of an inductor (represented by the letter
L) and a capacitor (represented by the letter C). When a RF electromagnetic field is gen-
erated, the LC circuit absorbs an amount of power depending on the random frequencies
41
which are decided by the characteristics of capacitor and inductor in each circuit. Exper-
imental results show unique response curves across 500 chips and less than 1% decrease
of resonance frequencies under the temperature variation ranging from 25 ◦C to 75 ◦C.
2.2.6.2 PN-Junction-PUF
A concept of building a SHIC-PUF using diode-backed CBAs was introduced by Jaeger
et al. [105]. The authors highlighted that smaller diode thicknesses lead to an increase in
inhomogeneity of the films, hence increased the diode randomness. Therefore, for a fixed
READ voltage, the amount of current of each diode are randomly distributed. By using
the threshold current, readout value can be separated to logical ‘0’ or ‘1’ as a response.
2.2.6.3 Sensor PUFs
CMOS image sensor PUF was proposed by Cao et al. [106] for on-chip authentication
and identification purposes. Due to the device and interconnect mismatches [107], fixed
pattern noise in a CMOS image sensor can be referred to like the variations in the values
of output pixel voltage for a fixed illumination amount. A differential readout of the dark
signal non-uniformity noise across the image sensors was proposed for desensitising the
impact of environmental effects.
2.2.7 Discussion
Table 2.1 summarises the results of the two main PUF evaluation properties on the previ-
ously discussed memory-based PUF implementations. It can be seen that the uniqueness
of most of PUF implementation shows a close-to-ideal value (50%), while the close-to-
ideal reliability is difficult to be observed under varying environmental factors such as
temperature and supply voltage. Memory-based PUFs usually generates a limited number
of CRP(s), which leads to the verdict that this type of PUFs is suitable for secure key gen-
eration applications. Moreover, most of the major memory devices are standard CMOS
42
components that are freely distributed on IC. In this context, memory-based PUFs can be
promising secure key generation primitives requiring no (or low) additional resource for
the security module. Reliability is an important property for the purpose if not, some error
correcting process is required.
Table 2.1: Uniqueness and reliability comparison of memory-based PUF construc-
tions.
Ref. Randomnesssource Type
Environmental factors Uniqueness Reliability
TR VR (%) (%)
[108] DRAM SIM 20 – 50 ◦C -10 – 20% 50.01 93 – 93.60
[109] DRAM SIM 0 – 85 ◦C 0.4 – 1 V 50 94.20 – 98.50
[62] SRAM SIM -20 – 80 ◦C -20 – 10% 49.97 96.43
[91] SRAM EXP n/a n/a 33.44† 94.68†
[93] SRAM EXP -40 – 80 ◦C ±10% 50 89 – 98‡
[95] SRAM EXP 25 – 100 ◦C ±10% 50.69 97.31†
[96] SRAM S&E 27 – 40 ◦C n/a - 98‡
[97] SRAM S&E 28 – 70 ◦C n/a 45 – 50‡ 98 – 99‡
[110] SRAM EXP 25 – 100 ◦C ±10% 49.72 96.24†
[111] SRAM EXP -40 – 80 ◦C ±10% 49.27 94.03
[98] Latch EXP n/a 0.9 – 1.2 V 50.55 96.96
[99] Butterfly EXP -20 – 80 ◦C n/a ∼50 94
[111] D flip-flop EXP -40 – 80 ◦C ±10% 49.92 95.66
[101] D flip-flop EXP -40 – 80 ◦C ±10% 50 87†
[102] Buskeeper EXP -40 – 85 ◦C ±10% 49.02 80 – 99.6
SIM: Simulation, EXP: Experiment, S&E: Simulation based on measured data.
VR: Voltage range, TR: Temperature range.
† This is the worst case.
‡ This value is estimated from given graph.
43
2.3 Emerging NVM-Based PUFs
2.3.1 Emerging Non-Volatile Memory
2.3.1.1 Memory Trend
Data storage is required in any functional information processing systems. As consumer
electronics is shifting toward pervasive and mobile applications, not only high-performance
but also additional hardware requirements such as lower power, lower cost and compact
become important.
SRAM DRAM Baseline 
Flash 
Prototypical 
FeRAM 
PCRAM 
MRAM 
STT-RAM 
Ferroelectric Memory 
Emerging 
Mott Memory 
Carbon Memory 
Molecular Memory 
Macromolecular Memory 
ReRAM 
Memory 
Volatile Non-Volatile 
Figure 2.13: Memory taxonomy of emerging memory devices adapted from [13].
Semiconductor memory can be split into two major categories regarding data persis-
tence: volatile and non-volatile memories. Although volatile memories have numerous
advantageous features such as dense structure (DRAM) and fast writing/reading speed
(SRAM), they lose their stored data when power is switched off. On the other hand, for
non-volatile memories (NVMs) such as ROM or flash memory, their stored data can be
preserved when power is switched off. For many decades, flash memory applications have
44
grown explosively. However, they are gradually approaching the physical limit of scala-
bility. Fundamentally, the scalability of flash memory is based on quantised charge. When
shrinking geometries, the number of electrons that can be stored in the floating gate is also
reducing. With CMOS scaling approaching the fundamental limits, some novel concepts
of memory devices have been proposed in recent years. Since the introduction of the first
EPROM in the 1970s, many variants of NVMs have been developed. Most non-volatile
EPROM includes NAND flash and NOR flash memories, which are based on the floating
gate transistor. While the development of 3D flash memory will likely keep flash memo-
ries in an essential role in the market, the limit of scalability of flash memory has led the
consideration of other non-charge based memory technologies. Emerging NVMs with im-
proved speed, scalability and retention may become a more crucial technological enabler
for producing efficient and intelligent hardware systems.
2.3.1.2 Introduction to Emerging Non-Volatile Memory
Due to the uncertain future of flash memories and their associated challenges, other NVM
are being explored (called emerging NVM). Emerging NVMs involve novel mechanisms
and materials that are different from those of mature memory technologies, as shown in
TE: Metal 
Insulator 
BE: Metal 
Figure 2.14: Architecture of emerging non-volatile memory cells in a crossbar array.
45
Figure 2.13. They are made of various materials like ferroelectric oxides, ferromagnetic
metals, chalcogenides, metal oxides, carbon materials, etc. Their switching mechanisms
extend beyond classical electronic processes, to quantum mechanical phenomena, ionic
reactions, phase transition, molecular reconfiguration, etc.
This emerging NVM candidates share some similar features, such as the two-terminal
structure with an insulator layer(s) sandwiched between the top and bottom electrodes
(TE and BE). Electrical inputs across memory cells can trigger the state transitions. These
ReRAM cells are often similarly fabricated in a CBA structure, as depicted in Figure 2.14.
However, detailed switching physics are dissimilar among different types:
• Ferroelectric random access memory (FeRAM) has a similar construction to a
DRAM but uses a ferroelectric layer instead of a dielectric layer in the capacitor.
When applying an electric field, the dipoles align with the field direction. After the
charge is removed, the dipoles retain their polarisation state.
• Phase-change resistive access memory (PCRAM) relies on switching between
the low resistance state (LRS, crystalline phase) and the high resistance state (HRS,
amorphous phase) of chalcogenide materials. A significant difficulty is expected due
to temperature cross-talk between adjacent memory cells as the technology scales
down.
Table 2.2: Comparison of emerging non-volatile memories (NVMs).
FeRAM PCRAM MRAM ReRAM
Endurance 3 4 3 4
Retention > 10 years > 10 years > 10 years > 10 years
Scalability 7 4 4 4
Write speed 3 7 3 4
Read speed 3 3 3 3
Power consumption 3 3 7 3
3 This means a good characteristic.
4 This means a medium characteristic.
7 This means a poor characteristic.
46
• Magnetic random access memory (MRAM) relies on two ferromagnetic plates
holding a magnetic field, separated by an insulator. While one plate holds a per-
manent magnetic field, the direction of another plate can be switched (parallel or
anti-parallel to the permanent plate).
• Redox-based random access memory (ReRAM) relies on the formation (LRS)
and the rupture (HRS) of conductive filament(s) in the oxide layer.
Table 2.2 summarizes characteristics of emerging NVMs. FeRAMs offer excellent en-
durance, good write/read speed and very low power consumption. However, a destructive
read process and a scalability limit make it less attractive. Relatively high currents for a
long time are required for PCRAMs during programming. Also, due to the thermal pro-
cess involved, crosstalk between neighbouring cells becomes an issue in large arrays for
PCRAMs [112]. The large programming current and scalability issues (crosstalk issues
when cell size scales) prevent MRAM from being cost-effective to challenge the well-
established flash memory market.
Resistive switching memories such as PCRAM and ReRAM are inherently more free
from scaling problems than charge-based FeRAM. In particular, ReRAM has more stable
resistance states and larger on/off resistance ratio (therefore, larger noise margin for better
reliability) compared to other types [113]. As such, resistive memory has recently emerged
as a contender in the NVM race.
2.3.1.3 ReRAM Technology
The first resistive switching effect was reported in the early 1960s [114]. In the early
2000s, renewed interest brought to the ReRAM concept and the resistive switching effect
has been observed in a broad range of materials including perovskites, solid electrolytes
and binary metal oxides. Mechanism-based classification broadly divides ReRAMs into
47
Electrochemical 
Metallization 
(ECM/CBRAM/
PMC) 
Redox-Based Resistive Memory 
Valency Change 
Mechanism 
(VCM) 
Thermochemical 
Mechanism 
(TCM) 
Unipolar Bipolar 
Cation Motion Anion Motion 
Figure 2.15: Characteristics of switching mechanisms in redox-based resistive memory
(adapted from [14]).
three categories: electrochemical metalization (ECM)-devices, valence change mecha-
nism (VCM)-devices and thermochemical mechanism (TCM)-devices as shown in Figure
2.15.
2.3.1.4 Resistive Switching and Mechanism
The redox-based nano-ionic memory operates based on the resistance change of insulators
caused by ion (cation or anion) migration combined with redox process involving the
electrode and insulator materials. A ECM-based device switching is typically due to cation
motion, whereas metal oxide ReRAMs such as VCM and TCM switching is due to anion
reconfiguration. In a particular example of oxide-based resistive switching devices, the
switching between low-resistance state (LRS) and high-resistance state (HRS) is known
to involve the formation and rupture of conductive filament(s) during the state transitions.
Depending on the specific type of ReRAM, the switching modes can be broadly cate-
gorised into three types: unipolar, bipolar and complementary, as depicted in Figure 2.16.
Typically TCM devices show unipolar switching in metal oxides such as NiO and TiO2.
Usually, toggling of states from the HRS to the LRS (termed a SET operation) or states
from the LRS to the HRS (termed a RESET operation) is not observed immediately after
48
fabrication. Therefore, a forming process is required to initialise the ReRAM operation.
Unipolar switching means that the switching direction depends on the amplitude of the
applied voltage but not on the polarity of the applied voltage, as shown in Figure 2.16 (a).
RESET
HRS
(a) Unipolar
Vo
lta
ge SET
RESET
HRS
(b) Bipolar
Current
Vo
lta
ge
Current
SET
SET
(c) Complementary
RESET
Vo
lta
ge
Current
RESET
SET
Figure 2.16: Basic switching modes of (a) unipolar, (b) bipolar and (c) complementary
(adapted from [15]).
49
Thus SET/RESET transitions can occur at the same polarity. If the unipolar switching
can symmetrically occur at both positive and negative voltages, it is also referred to as a
non-polar switching mode. It is believed that TCM is a result from purely chemical redox
transitions, where a metal-rich conductive filament (CF) is formed by local reduction of
the metal oxide, while the CF is then dissolved by local oxidation, possibly in combination
with a surface tension controlled Rayleigh instability of the CF. Bipolar switching is often
observed in ECM-type and VCM-type devices. Under positive voltage bias, the active
electrode can oxidise and release cations in the insulator layer. Cations (Ag+, Cuz+) then
migrate to the negatively biased electrode, where they get reduced back to the neutral state
and grow as a CF. This corresponds to the SET operation. RESET can only occur at the
reversed polarity of SET operation as shown in Figure 2.16 (b). Complementary switch-
ing cells were firstly proposed in 2010 [115]. It is consists of two back-to-back connected
bipolar type ReRAMs. Also, state of the complementary cell cannot be distinguished at
small voltages as depicted in Figure 2.16 (c).
2.3.1.5 ReRAM Cell Configuration
Column decoder
… … … …
…
…
…
…R
o
w
 d
ec
o
d
er w/o selection element
1T1R
with varistor or diode
Complementary
(a)
(c)
(b)
(d)
Figure 2.17: The crossbar-array architecture (a) without any selection elements. (b) Rep-
resents cells with a varistor or diode type of selector, (c) 1-transistor 1-resistor (1T1R) cell
and (d) a complementary state cell (adapted from [16]).
A high-density ReRAM is obtained by a simple crossbar structure called CBA. The
50
structure can have multiple ReRAM cells arranged in a matrix, as depicted in Figure 2.17.
If the array has m× n ReRAM cells, m rows and n columns are required to address each
cell. In the simplest case, every cross-point of CBA has one ReRAM cell, as shown in
Figure 2.17 (a). The minimum unit cell size of 4F2 can be achieved in this configuration,
where F is the feature size. However, this configuration leads to a sneak path problem
when the HRS cell, which is surrounded by LRS cells, is in the readout state. For an
accurate cell reading or low-power writing, an extra selection device (selector) is required
to be connected to every cell in the series. Using a varistor or diode as a selector element,
as shown in Figure 2.17 (b), works well for the unipolar ReRAM, but not for the bipolar
devices. As shown in Figure 2.17 (c), one transistor-one resistor called 1T1R [116] can
be used. However, it is often undesirable for high-density applications as additional space
is required. Also, it is more complicated, and the high-temperature fabrication process
of the transistor may be unsuitable for back-end-of-line (BEOL) processes. Although
complementary mode can maintain a size of 4F2, as shown in Figure 2.17 (d), it inherently
serves a penalty to induce a destructive READ operation [115].
2.3.1.6 ReRAM Variability
ReRAM devices have shown a significant programming variation in their resistance, which
includes device-to-device (D2D) variation, cycle-to-cycle (C2C) variation and stochastic
switching. Parameters like LRS and HRS are random variables with log-normal distribu-
tion, as shown in Figure 2.18 (a). ReRAM devices also have inherent randomness at device
level due to the C2C programming variations of the device, as well as the fabrication pro-
cess level such as thickness and cross-sectional area variations [117]. These resistances
are random variables with log-normal distribution, as depicted in Figure 2.18 (b).
51
Cu
m
ul
at
iv
e 
pr
ob
ab
ili
ty
 (%
)
99.99
0.01
99.9
99
95
85
70
50
30
15
1
5
0.1 Cu
m
ul
at
iv
e 
pr
ob
ab
ili
ty
 (%
) 99.5
LRS
95
70
40
10
1
Resistance (Ω)
(a) (b)
READ current (A)
103 104 105 106 10-510 10-610-7-8
HRS
Figure 2.18: Programming variation extracted from an experiment. (a) D2D variation
adapted from [17] and (b) C2C variation adapted from [18].
2.3.1.7 ReRAM Reliability
Reliability of ReRAM has two important aspects: cycling endurance and data retention
[118]. The cycling endurance means how many programming cycles that the ReRAM
device can endure before it fails to hold the ReRAM switching variability. The endurance
of ReRAM highly depends on the programming conditions such as current compliance,
and programming voltage.
Data retention refers to how long the ReRAM device can maintain the current state
and therefore, it is highly related to the stability of these memory technologies. Typically
data retention is expected to be longer than ten years for NVM devices maintained at a
high temperature up to 85 ◦C because the operating temperature on the chip is expected to
be high. Many studies report that ReRAMs can serve compatible endurance and retention
with elevated temperature, as shown in Figure 2.19.
Unintended current fluctuation in ReRAM is one of the main concerns due to its impact
on the reliability of the device. Noise in ReRAM is believed to be caused by its filaments
switching and conduction mechanism. Noise generally appears as a 1/ f fluctuation of the
current, which is a result of a superposition of several components of random telegraph
52
RE
A
D
 c
ur
re
nt
 (A
)
Cycle number
RE
A
D
 c
ur
re
nt
 (A
)
RE
A
D
 c
ur
re
nt
 (A
)
10
60
31
24
16
45
HRS
300 K
358 K
398 K
30
-5
10 102 103 104 105
Time (s)
101 102 103 104 105
10-6
10-7
Figure 2.19: Endurance and retention results extracted from experiments adapted from
[19]. (a) Endurance result of single LRS and multiple HRS over 105 full switching cy-
cles (a) Retention results of HRS and LRS over 105 s at room temperature and elevated
temperature (adapted from [20]).
noise (RTN) [119]. RTN or popcorn noise is a low-frequency random fluctuation of con-
ductance that appears in two or more levels. The switching time between different levels
is a stochastic phenomenon.
2.3.2 Introduction to Emerging NVM-Based PUFs
CMOS-based PUFs such as RO-PUF, Arb-PUF and SRAM-PUF leverages uncontrollable
process variations which can be induced during conventional CMOS fabrication process,
as discussed in Section 2.2. As the CMOS process is experiencing advanced technological
developments which includes continuing trend toward smaller feature size, CMOS designs
are expected to confront physical limitation. Consequently, conventional PUF designs
based on CMOS will also face physical limitation problem.
Compare to CMOS, some emerging NVMs are relatively free from the scalability
problem since the cell area of such memories can be down to 4F2, where F is the feature
size. It is also important to note that process variations become more pronounced as
53
IC technology is scaled into the nanometer regime [120]. In addition to manufacturing
uncertainties, the emerging memory devices have shown programming variation in their
resistance, which introduces stochastic switching and C2C variation. Therefore, sufficient
desirable non-idealities in ultra-high density structure of emerging NVM makes them more
favourable for constructing a PUF.
Unique to emerging memories that have not yet been realised in CMOS-based PUFs
is non-linearity within a cell. This feature can be observed from random pattern of nano-
conductive filaments across identically designed devices. Emerging memory-based PUF
examples will be briefly discussed before moving into the ReRAM-based PUFs.
2.3.3 Carbon Nanotube-Based PUFs
2.3.3.1 CNPUF
A carbon nanotube transistor (CNT)-based PUF (CNPUF) was firstly proposed by Konigs-
mark et al. [21]. Similar to Arb-PUF, CNPUF leverages two current paths that each con-
sists of n blocks of CNT-FETs. Two CNT-FETs in the same block share the gate voltage,
as depicted in Figure 2.20. At each stage it can have two distinct states depending on the
value of the stage’s challenge bit (high and low gate voltage values) due to the variation
of metallic-to-semiconducting CNT ratio. For the high gate voltage, the current character-
istics are dominated by the semiconducting CNTs, whereas metallic CNTs dominate the
current characteristics for the low gate voltage. Therefore, after n stages, one of the two
paths will conduct more current than the other. The response bit r is the result of current
value difference between the paths A and B, and this can be described as follows:
r =

1 if IA > IB,
0 otherwise
(2.8)
54
Challenge 
Response 
Stg 1 Stg n 
comp 
… 
… 
… 
Ia  
Ib  
VDD  
… Stg 2 
Figure 2.20: CNPUF circuit as proposed by Konigsmark et al. [21].
However, it was immediately depicted that the structure is inherently similar to Arb-
PUFs, which implies that CNPUF potentially has similar vulnerability against the model
building attacks. For the security enhancement, extended CNPUF (ex-CNPUF) was also
proposed. Similar to XORed-Arb-PUFs, ex-CNPUF buffers each response bit. Then,
each response bit is XORed with the original challenge bit and fed back to control the gate
voltage of each CNTFET pairs.
All the mentioned PUFs obtain reliability above 95% under different operating con-
ditions with temperature and supply voltage fluctuations. Although the CNPUF design
has many advantages such as reduced footprint by reducing the transistor count and lower
power consumption, they could still be vulnerable to model building attacks.
2.3.3.2 CNT-Based PUF
Hu et al. [22] proposed another CNT-based PUF. They carefully examined the connection
yields of CNTs in respect to different trench widths (from 70 to 300 nm) and then fabri-
cated 2,560 CNRs with an 80 nm trench width in order to achieve connection yield close
to ideal 50%. For this CNT-based PUF, Hu et al. proposed three methods for random bit
generation; binary bits, ternary bits, and double binary bits generation methods leverage
either one or both of metallic and semiconducting operations modes. For the binary bits
55
generation method using (64 bits× 40) 2,560 bits, experimental results show uniqueness
of 50% and reliability of 97%. The quality of randomness in the generated 2,560-bit string
was examined. The bit string successfully passed 11 applicable tests out of total 18 tests
given by NIST randomness test suite. For ternary bits generation method, it shows unique-
ness of 62.19% and reliability of 97%. Finally, for double binary bits generation method,
a uniqueness of 44.47% was observed, however, no exact value of reliability was reported.
The pessimistic reliability can be explained as a result of non-ideal contact between
metal pads and probe arrays. Based on their tests using manual probe station, the au-
thors claimed that bit-error-rate could approach zero once the contact problem is resolved.
Although this design has great features such as high programming throughput and high
quality of randomness, they require a pre-calibration process for achieving statistical ran-
domness across cells.
Recently, Liu et al. [121] proposed design of CNT-based PUF which aims to achieve
better resistance to machine learning modelling attacks. In order to achieve that, they
used Lorenz chaotic system for magnifying the differences among responses from similar
challenges.
Input/output 
…
 
…
 
…
 
…
 
… 
… 
… 
… 
In
pu
t/o
ut
pu
t Connected by CNT 
Disconnected w/o CNT 
Logical 
‘1’ 
Logical 
‘0’ 
Figure 2.21: Carbon nanotube array circuit as proposed by Hu et al. [22].
56
2.3.4 MRAM-Based PUFs
2.3.4.1 MTJ-PUF
A concept of spin-transfer-torque magnetic random access memory (STT-MRAM)-based
PUF (MTJ-PUF) was proposed by Marukame et al. [122]. For MTJ-PUF, an array of mag-
netic tunnel junction (MTJ) cells and each cells’ inherent spin-transfer switching charac-
teristics were used. For response generation, all the MTJ cells are firstly programmed to
the state parallel P (representing binary value ‘0’) by applying the RESET voltage. Then,
in order to induce switching with 50% probability to the state anti-parallel AP (represent-
ing binary value ‘1’), a specific voltage is applied to the majority of cells. All cells’ states
are read out after every switching attempt. The procedure is repeated around 100 times,
and the random pattern of AP state cells in MTJ array represents the MTJ-PUT signature.
2.3.4.2 STT-PUF
As a key generation primitive, the design of STT-MRAM PUF (STT-PUF) was proposed
by Zhang et al. [123]. The STT-PUF consists of several blocks, and each block is com-
posed of two STT-MRAM cells. At the READ operation, input challenge selects one
block, then cells in the block are initialized to the same state (either P or AP). A response
bit is determined by a resistance difference between the STT-MRAM cells. In order to en-
hance the reliability of STT-PUF, automatic write-back (AWB) scheme [124] was used. In
this scheme, the logic value of the first extraction is written back to the block. Therefore,
this procedure automatically set the MTJ cells to be defined as complementary states (one
cell in the state P and the other in the state AP or vice versa). Simulation results show
that the reliability of STT-PUF can be significantly improved by adapting AWB scheme.
It shows four to five orders of magnitude reduction of BER under the same operating con-
dition. Shortly after, Zhang et al. [125] included a refresh response-bit mapping method
in their previously suggested STT-PUF design to increase the difficulty of prediction.
57
2.3.4.3 Dual Mode Comparison PUFs
Another work from Zhang et al. [29] proposed a concept of emerging memory-based
PUFs which leverages resistance comparison of two memory cells. The author claims that
intrinsic resistance variation of three types of emerging memory devices (STT-MRAM,
PCRAM and ReRAM) can be used as a randomness source of this PUF design. Response
generation can be performed using two different sensing modes: for single-ended sensing
mode, the response is decided by the current value after comparing the selected cell to the
reference cell, while for differential sensing mode, it is decided by the current value after
comparing two selected cells. Simulation results show the uniqueness of 49% to 50% in
both modes.
2.3.4.4 BF-MPUF
Another study from Zhang et al. [126] proposed buffer-free memory-based PUF (BF-
MPUF) exploiting the non-volatility of emerging memories. If it is in AP state, a current
reference corresponding to the AP state is generated from reference cells. Otherwise, a
reference current corresponding to the P state is generated. Accordingly, both AP and
P states are exploited to generate responses according to the current state of the eNVM
without disturbing its state. A buffer and a write back circuit are not involved during the
generation of responses in BF-MPUF. Such a BF-MPUF design is resistant to possible
leakage or side-channel attacks. The authors also investigated the method to optimise the
design parameters to maximally balance both the memory yield and PUF qualities, e.g.
uniqueness. Overall, the BF-MPUF design methodology is demonstrated by employing
STT-MRAM. Nevertheless, other eNVMs such as PCM and RRAM are also applicable
to this BF-MPUF design methodology. The core concept employed by BF-MPUF is that
a logic bit is stored as resistance in these eNVMs instead of charge preserved in CMOS
devices.
58
2.3.4.5 STT-MRAM-Based PUF
Vatajelu et al. [127, 128] proposed a STT-MRAM-based PUF design that exploits AP state
resistance variation across MTJ cells, and it is principally similar to the comparison PUFs
proposed by Zhang et al. [29]. For this PUF STT-MRAM, cells are divided into active and
reference cells. The active cells are used for response generation, whereas the reference
cells are used to obtain reference current value, which is the mean of reference cell sensing
values. Response bit r is the result of the difference between the reference and the value
of an active cell. Therefore, this can be written as below [129]:
r =

1 if Iactive cell > Ireference,
0 otherwise
(2.9)
Simulation results show an uniqueness of 48.94% to 49.70% and a reliability of 94.22%
to 94.84% when 10 different groups of active and reference cells were conditioned.
2.3.4.6 MRAM-PUF
A design of MRAM-PUF was proposed by Das et al. [130–132] and it uses intrinsic geo-
metric variations of MRAM cells. For MRAM-PUF, only the MRAM cells with tilt angles
from -3 ◦ to 3 ◦ were used for reliability enhancement. LLG simulation with conditions
based on their fabricated MRAM array showed a uniqueness of 47% and reliability of
97.75%.
2.3.5 ReRAM-Based PUFs
Among various emerging non-volatile memories, ReRAM has been widely investigated
for building PUFs due to various advantageous features. The ReRAM manufacturing
technology can achieve a high-density structure that is also compatible with CMOS fabri-
cation standards [133]. Also, ReRAMs operate at very low power in comparison to some
59
other emerging non-volatile memories like MRAM and conventional memory such as flash
memory. Additionally, ReRAMs normally have low access time and are fast to program.
Unlike PUF implementations based on manufacturing variation, ReRAM-PUFs harness
intrinsic randomness in the physical mechanism, which is less process dependent. Re-
configurability of ReRAM also makes the ReRAM-PUFs more favorable. Following sub-
sections will discuss the elaborated construction of ReRAM-based PUFs and the strength
of them.
2.3.5.1 Nano-PPUF
The concept of building PPUF using non-linearity of emerging memory devices was firstly
mentioned by Wendt and Potkonjak [49]. Shortly after, the nanoelectronic CBA-based
PPUF architecture (Nano-PPUF) was proposed by Rajedran et al. [134]. Nano-PPUF
utilizes unique geometric structures called polyominoes, which are formed by connecting
a certain number of adjacent blocks in horizontal or vertical directions. For Nano-PPUF,
resistive switching devices such as ReRAM cells in CBA are used to form a polyomino.
Number of polyominoes formed with m cells in a n× n CBA is exponential and can be
estimated as cλ
m
m ×n, where c = 0.3169 and λ = 4.0626.
Device model based simulation shows an uniqueness of 49% to 50% and a diffuseness
of 49% when five different oxide thickness ranging between 1% and 5% were conditioned
[134]. In their later report, bit-aliasing and uniformity were obtained close to ideal value
of 50% [135].
Wendt and Potkonjak [136] demonstrated the attack scenarios of Nano-PPUF. They
claims that utilizing unpredictable challenge-response mappings in Nano-PUF results in
impracticality of full simulation or prediction mapping of Nano-PPUF. Even if a prediction
mapping can be found, an adversary needs a unique prediction model for every challenge
set, which can make the attack task infeasible when a large number of the Nano-PPUF cells
60
is used. In addition, non-trivial correlations between responses and between challenge-
response were observed. However building a model is expensive and impractical because
Nano-PPUF requires very accurate measurements of its physical model parameters. This
is one essential problem of key management, and this shortcoming is similar to the one-
time pad scheme which is well-known in classical cryptography. Therefore, in spite of
being theoretically attractive, “remote key exchange” protocol using Nano-PPUF is in-
convenient. This is due to the fact that communicating parties need to iterate through the
challenges in order to get the secret key, which is time-consuming and cumbersome, if the
challenge space is large.
2.3.5.2 Delay-Based ReRAM-PUF
ReRAM-Based RO-PUF: The concept of building a PUF that integrates resistive switching
memory into the conventional RO-PUF structure was proposed by Kaveheiet al. [137].
The resistance variation in HRS and LRS are used in addition to CMOS process variations
to determine the delay of the ring oscillators, as depicted in Figure 2.22.
Gao et al. [23] evaluated the performance of mrPUF comprehensively, which includes
Decoder block 
…
 
…
 
…
 
…
 
… 
… 
… 
… 
Row
 control 
Column control 
A
nalog M
U
X
 blocks 
Challenge 
CM-RO 
CM-RO 
   Comp 
Response 
CM-RO: Current mirror-based  
ring-oscillator 
Counter 
Counter 
Figure 2.22: ReRAM-based RO-PUF structure (adapted from [23]).
61
the fact of significantly increased number of CRPs in comparison to a conventional RO-
PUF. The number of CRPs is estimated as
n×(ni)(n−1i )
2 , where n is the number of ring os-
cillators and i is the number of inverters in each oscillator. Although this ReRAM-based
RO-PUF has advantages such as large number of CRP and relatively low area overhead, a
direct use of raw responses as cryptographic keys is impractical due to the unsatisfactory
reliability. Therefore, ahead of being used as cryptographic keys, response error correcting
process is required, which increases the area and cost.
ReRAM-based Arb-PUF: A concept of PUF integrating ReRAMs into the conventional
Arb-PUF structure was proposed by Mathew et al. [24]. The architecture of this ReRAM-
based Arb-PUF is composed of an identical number of delay components in two distinct
paths, as shown in Figure 2.23. At the end of the paths, one D flip-flop is shared, at which
input terminals are connected to each path separately. For example, the input pulse delay
of path A is connected to the DATA terminal of the D flip-flop, whereas the delay of path
B is connected to the CLOCK terminal of the D flip-flop. Each delay component consists
of one ReRAM cell and one NMOS transistor, whose drain terminal is connected to the
ReRAM cell. The gate terminal is controlled by a challenge bit, and the source terminal
is grounded. Note that challenge bits are asymmetrically used in two delay paths. For
example, the ith challenge bit controls the ith transistor of path A and the (n + 1− i)th
Response 
       Q 
D 
CLK 
V  
Tim
ing and control 
… 
C  C  C  
… 
C  C  C  
V  
Challenge 
V  
V  
 
V
V
 
Figure 2.23: ReRAM-based Arb-PUF structure (adapted from [24]).
62
transistor of path B, where n is the total number of delay components in one path.
To operate the PUF, firstly, the ReRAM cells are reset to its HRS. Then, the voltage
values corresponding to each challenge bit are applied to the gate of a particular NMOS
transistor, which modifies the resistances of subset cells depending on the challenge bits.
Finally, the input voltage pulse propagates until the ends of the paths, while all NMOS
transistors are off. Then, the D-flip-flop encodes the delay between the signals in DATA
and CLOCK terminals as a response bit. The response bit r can be expressed as follows:
r =

1 if DelayA > DelayB,
0 otherwise
(2.10)
Modification of ReRAM-based Arb-PUF: The ReRAM-based Arb-PUF is revalidated
by Chatterjee et al. [138]. The robustness to model-building attacks was reported with
an accuracy of 50.37% – 60.67%. On the other hand, the vulnerability of the previously
proposed ReRAM-based Arb-PUF against chosen challenge based cryptanalysis attacks
was also shown in this work. In order to improve the resilience, the authors proposed
modified ReRAM-based Arb-PUF. The modified part of the new design is that NMOS
transistors are applied across the ReRAM cells; this makes the modulating the resistance
of ReRAMs depends on the applied challenge bits. Compared to the ReRAM-based Arb-
PUF proposed by Mathew et al. [24], the modified PUF achieved an improved resistance
to cryptanalysis attacks.
ReRAM-based Arb-PUF by Govindaraj and Ghosh: A design of building Arb-PUF
using 1-transistor 1-resistor (1T1R) ReRAM in a pair CBA was proposed by Govindaraj
and Ghosh [139]. The design integrating ReRAM CBA into Arb-PUF aims to overcome
limited CRPs. The number of CRP is estimated to be 2GC+LC+N , where GC is the number
of global columns, LC is the number of local columns, and N is the number of MUX stages.
Additionally, a similar design of ReRAM-based Arb-PUF was optimised and revalidated
by Beckmann et al. [140].
63
2.3.5.3 Write-Time-Based ReRAM-PUF
Write-Time M-PUF: A concept of building PUF based on a write-time parameter of mem-
ory was proposed by Rose et al. [25, 133]. In this study, they use a variation of write-time
across ReRAMs to create write-time M-PUF (WTM-PUF), where write-time is the mini-
mum time required to switch the ReRAMs from HRS to LRS. At first, the ReRAMs cells
are programmed to be in its HRS by applying RESET voltage for a relatively long period.
After that, SET pulse for nominal write time is applied to ReRAMs cells. The state of the
cells is read out using the connected XOR gate, whose another terminal is connected to the
challenge bit, as shown in Figure 2.24. The binary value of the XOR gate is the response
bit of this PUF.
Modification of WTM-PUF: The 1-bit WTM-PUF was experimentally demonstrated
by Mazady et al. [141] and they claimed that the PUFs achieved an uncertainty of 50%
from all six fabricated ReRAMs. However, no reliability related simulation results were
shown. The main drawback of WTM-PUF is that the minimum write-time need to be care-
fully calibrated in order to achieve strong statistical behaviour. To overcome this short-
coming, Rose and Meade [142] proposed a modified WTM-PUF using the CBA structure.
They integrated complementary writing scheme (for two rows) into a conventional arbiter
M
U
X
 
V  
V  C  
XOR 
R  
/  
/  
C  
XOR 
R  
/  
… 
… 
… 
… 
C  
XOR 
R  
/  
M
U
X
 
M
U
X
 
Figure 2.24: Write-time-based PUF structure (adapted from [25]).
64
scheme (for selecting a winner between two columns). To generate a response, the modi-
fied WTM-PUF removes the need of the write-time calibration procedure by resorting to
the relative write-times of pairs of the memristor circuits. Also, the modified WTM-PUF
can generate multi-bit responses within one execution, and possible CRPs are as large as
2n however, it increases the model-building attack vulnerability similar to Arb-PUF.
In order to improve the reliability of the modified WTM-PUF, Uddin et al. [143] added
XORing technique on pairs of responses. The XORed WTM-PUF simulation results re-
port improved reliability in comparison to the PUF proposed by Rose and Meade.
In their following studies, Uddin et al. [144] and Rose et al. [145] added another cir-
cuit block inside the crossbar architecture, which would add further non-linearity. Shuffled
WTM-PUF enables the columns to be routed to different arbiter input. In the demonstra-
tion, the implemented 4×4 column shuffling block can route any of the four paths of one
end to any of the four paths of the other end. Using shuffling challenge bits, columns can
also be routed to different arbiter inputs, and outputs from the two arbiters are combined
with an XOR gate to generate a response bit. Due to the complexity of this structure,
XORed WTM-PUF with column shuffling is expected to be more robust against machine
learningbased modelling attacks.
The PUF’s resistance to machine learning-based attacks was validated by Uddin et al.
[146]. Prediction accuracy of each variation of WTM-PUF against well-known machine
learning algorithms was performed. The result suggests that both XORing and column
shuffling can provide increased robustness against modelling attacks over the intrinsic
WTM-PUF.
2.3.5.4 LRS–HRS Pattern-Based PUF
Write-Time & Voltage-based ReRAM PUF: Koeber et al. [147] proposed write-time and
write-voltage-based ReRAM-PUF that has similar concept with WTM-PUF (see Section
2.3.5.3), but added write-voltage as another parameter during calibration phase. To operate
65
the PUF, firstly, all ReRAMs are programmed to LRS by applying a SET voltage. After
that, low write-voltage is applied to all ReRAM cells for a short write-time to reset ideally
half of the cells. The low write-voltage and short write-time are pre-calibrated to ensure
that the overall cell output state is not biased to either HRS or LRS. Although these works
have significant advantages, similar to SRAM-based PUF, the total number of CRPs are
limited to the size of CBA. Also, the pre-calibration procedure for defining write-time and
write-voltage is essential.
1T1R-based ReRAM-PUF: Chen [26] proposed ReRAM switching probability-based
PUF that is built in 1T1R CBA structure, as depicted in Figure 2.25 (a). The operation
procedures are similar to that of write-time/voltage-based PUF suggested by Koeber et
al. [147]. For example, all ReRAMs of a CBA is firstly programmed into LRS. Then a
pre-calibrated specific voltage which resets the cells with 50% probability is applied to all
the cells, and the random LRS/HRS pattern is expected, as illustrated in Figure 2.25 (b).
The challenge scheme is the address of ReRAM cells, and the response is digit sensing
values of the selected cells.
The study highlights the reconfigurability of ReRAM-based PUFs. The whole ReRAM
CBA can be re-cycled by performing SET/RESET, which is almost impossible in other
…
 
…
 
…
 
…
 
… 
… 
… 
… 
 
Challenge 
Response 
1T1R
(a) (b)
 
LRS HRS
Figure 2.25: (a) 1T1R ReRAM-based PUF adapted from [26]. (b) Expected LRS/HRS
random distribution.
66
types of memory-based PUFs without re-fabricating the entire memory array. More sig-
nificantly, the reconfiguration is nearly impossible to reverse due to the random behaviour
of the disruptions and the formations of filaments.
Splitting HRS/LRS distributions: Utilizing random LRS/HRS pattern across a ReRAM
CBA has been considered in many studies. Following examples will present method to
increase the distance between two groups of LRS and HRS distributions.
Che et al. [27] proposed a ReRAM-PUF using voltage-to-digital converter (VDC),
which aims to avoid bit-flips without any type of helper data by using VDC to achieve
bimodal resistance distribution. At first, all ReRAM cells are programmed to LRS by
applying a SET voltage. Then, the state of LRS cells are digitised to values ranging from
0 to 127 using a VDC, and these values are stored by cell-to-cell mapping to an SRAM
array. The state machine finds the median value, as shown in Figure 2.26 (a). Finally,
the ReRAMs in the first group are programmed to HRS, and the pattern of LRS and HRS
represents the PUF signature. Although the PUF pattern is unique, writing the extracted
PUF response to emerging memory is similar to the way of storing secret keys in SRAM,
which can make the secret keys vulnerable to physical attacks.
N
um
be
r o
f o
cc
ur
re
nc
e
Remain
at LRS
Remain
at HRS
(a) (b)
RESET to HRS
Median
Read @ 0.15V
Array: 128×8 1T1R
Ref_Split
Distribution after 1st RESET
Resistance(kΩ) READ current (A)
200
N
um
be
r o
f o
cc
ur
re
nc
e
200
150
100
50
0
50 10-9 10-7 10-5 10-3100 500 1000
100
50
0
150
SET to LRS
Figure 2.26: Reliability enhancement method of (a) VDC-based PUF adapted from [27]
and (b) current read-out-based PUF adapted from [28].
67
Liu et al. [28] proposed ReRAM-PUF using a split-reference current method in or-
der to improve reliability. In the preparation phase, all the ReRAM cells in an array are
programmed to HRS, and then the values of the state of cells are read out to find split
reference current. Cells have the sensing current above reference current are set into LRS,
as depicted in Figure 2.26 (b). After this phase, the address is given as the challenge
and digital readout through the sense amplifier is the response of the PUF. For response
generation, eight parallel cells are simultaneously read out, which potentially improve the
reliability of the PUF.However, area and power consumption overheads are expected.
Liu et al. [148] also described the layout obfuscation scheme of this PUF in order to
achieve higher tamper resistance. Although ReRAM conduction in the oxide is not likely
to emit photons under laser of X-ray scanning, digital responses of ReRAM cells can still
be read out through sensing amplifier if the adversary extracts the secret information using
micro-probe. In order to obfuscate the adversary, they proposed to hide the sense amplifier
within the 1T1R array and randomise the locations of the sense amplifier. To improve the
retention properties of ReRAM cells, a multi-cell-per-bit method was also proposed.
Shrivastava et al. [149] revalidated the reliability of PUFs that uses multi-cell read-out
scheme. A failure rate of 1.78% occurred when intrinsic split reference-based-ReRAM
PUF with one-cell-per-bit method was used. The failure rate decreases to 0.13% by using
two-cell-per-bit. It further decreases to zero when an eight-cell-per-bit method is used;
this ensures no requirement of error correction code (ECC).
The reliability enhanced design for ReRAM-PUF was proposed by Pang et al. [150].
Similar to the previously proposed ReRAM-PUFs, they leverage resistance difference be-
tween two selected HRS ReRAM cells. Then, the address of two adjacent columns is
used as the challenge; the responses are generated by comparing the resistances of the two
groups of cells. The main modification of this PUF is that after comparing a pair of cells,
the cell with lower resistance is programmed to LRS. Enhanced reliability was shown at
∼100% even at a higher temperature of 125 ◦C.
68
Ternary state-based PUF: The concept of building a 1T1R ReRAM-PUF using ternary
state was proposed by Cambou and Orlowski [151]. Instead of dividing cells into the bi-
nary state (LRS and HRS), they divided the cell states into three groups using two thresh-
olds VSET values. By using ternary state, entropy can increase from 2n to 3n. More im-
portantly, they claim that potential side-channel attacks such as differential power analysis
(DPA) or electromagnetic probes may be unfeasible as the electric current values do not
straightforwardly represent responses.
Utilising random LRS and HRS pattern as PUF’s signature has advantages of high
reliability, as well as close to ideal uniqueness. However, a careful pre-calibration process
is required. Also, this type of PUFs has a limited number of CRPs similar to the case of
memory-based PUFs.
2.3.5.5 Comparison-Based PUFs
Dual-mode comparison-based emerging-NVM-PUFs: Dual-mode comparison PUFs pro-
posed by Zhang et al. [29, 126] can utilize ReRAM as a randomness source. The authors
…
 
…
 
…
 
… 
… 
… 
Response 
Data array 
…
 
Ref array 
+      
…
 
…
 
…
 
… 
… 
… 
Response 
Data array 
+      
(a)
 
(b)
 
Comparison of same 
state cells, a and b 
a b a b 
1T1R 
Figure 2.27: Dual mode comparison-based PUFs of (a) single-ended mode and (b) differ-
ential mode (adapted from [29]).
69
claim that intrinsic resistance variation of three types of emerging memory devices (STT-
MRAM, PCRAM and ReRAM) can be used as the randomness source of this PUF design.
Response generation can be performed using two different sensing modes: for single-
ended sensing mode, response is decided by comparing the current values between the
selected and reference cells, as shown in Figure 2.27 (a), while for differential sensing
mode, it is decided by comparing the current values between a pair of selected cells, as
shown in Figure 2.27 (b).
A similar concept of ReRAM-based PUF was proposed by Chen [152, 153]. This work
chooses to program all ReRAMs to HRS due to its wider range of resistance distribution in
comparison to LRS. Applied challenge chooses two ReRAMs and then conducts a bit-wise
comparison between the selected ReRAM resistance values to generate a response.
Cross-point-based ReRAM-PUF: Shortly after, Chen et al. [30] proposed a optimized
ReRAM-based PUF that utilizes cross-point ReRAM cells. Instead of selecting two cells,
a four-cell selection scheme was proposed to create a large number of CRPs for achieving
a high security level, as depicted in Figure 2.28 (a). The total number of CRPs (NCRP)
depends on the size of CBA, which can be estimated as:
NCRP =
(
n
2
)
×n log2 n, (2.11)
where n is the sizes of CBA (n×n). For the cross-point-based PUF with a 1,024×1,024
array, it approaches 6×109. The security level is thus significantly enhanced in compar-
ison to the case with two cell selection scheme (NCRP = n× n log2 n ∼ 107) proposed by
Zhang et al. [29].
Sneak paths-based ReRAM-PUF: The concept of building ReRAM-based PUF using
sneak-path was proposed by Gao et al. [31] to enlarge NCRP. For each response generation,
half of the total rows are addressed depending on the challenge bits, as shown in Figure
2.28 (b). Current values of each column are read out by applying a READ voltage to the
selected row, whereas unselected cells remain as floating.
70
In contrast to previously proposed PUFs with the same size of CBA, NCRP can be
estimated as
( n
n/2
)
, which is around 4.48× 10306. Due to the large NCRP, the proposed
PUF is immune to the man-in-the-middle attack (in the communication channel between
the device and the server), since the CRPs are never reused. Another possible attack model
of the PUF is that all the individual cell resistance is somehow physically measured by
the adversary. In order to overcome the attacks, they use a public authentication protocol,
which makes the invasive probing of sense amplifier output, not a threat. When probing the
CBA array by an attacker is assumed to be possible, and the attacker knows the resistance
of all the cells (although practically this is not an easy task for the adversary) for simulating
to calculate the current values of the column. However, simulating a large resistor network
with random resistance is very time-consuming. The main shortcoming of this PUF is
that the power consumption is massive since n/2 number of cells are read out for every
response bit generation.
Optimization of sneak path-based ReRAM-PUF: Poor diffuseness can be enhanced by
introducing the pre-calibration method as proposed by Liu et al. [154]. Because column
current readout is dominated by sneak paths, the adversary can easily guess the possible
response for any challenge based on the known CRPs. In order to overcome this problem,
they adopted the split reference method similar to the one proposed by Liu et al. [28].
Instead of searching for half-cells switching, a particular portion of switching was used as
the calibration parameter during the preparation phase.
Pang et al. [155] proposed Pre-calibration using weaker SET condition for achieving
uniform resistance distribution.
2.3.5.6 Multi-Layer & Multi-Cell-Based ReRAM-PUF
The ReRAM-PUF based on non-linearity was proposed by Kim et al. [8]. The design
adapts a nonlinear structure of concatenated CBA layers for creating a hidden challenge
to address the second layer, as shown in Figure 2.28 (c). In addition, the increased CRPs
71
Response+      
Response
Response
+      
Address Address 
two rows
a b
Challenge
 
Challenge
Challenge
Row
 decoder 
…
 
…
 
…
 
… 
… 
… 
Column MUX 
a b
…
 
…
 
…
 
… 
… 
… 
Column MUX 
half of the rows 
Row
 decoder 
(a)
(c)
 (b)
+      
 
…
 
…
 
…
 
… 
… 
… 
a-M
U
X
 blocks  
Bit gen.
& LFSR
 
a-  MUX blocks  
READ voltage supply  
Hidden 
challenge
+      
a 
…
 
…
 
…
 
… 
… 
… 
a-M
U
X
 blocks b 
 
READ voltage supply  
1st layer 2nd layer 
a-MUX blocks
Figure 2.28: Structures of different types pf ReRAM PUFs. (a) Cross-point-based
ReRAM PUF adapted from [30] and (b) sneak path-based ReRAM-PUF adapted from
[31]. (c) Non-linear ReRAM-PUF adapted from [8].
was estimated using multiple cell selection scheme, which can be calculated as
(n
5
)×(n2)×
log2
(n
2
)
. Using a combination of experiment and simulation, the proposed PUF exhibits a
uniqueness of 49.85%, a diffuseness of 49.86%, a uniformity of 47.28%, and a bit-aliasing
of 47.48%. Also, reliability of 98.67% was achieved when applying a ±10% of supply
voltage and temperature variation from its nominal values.
The multi-layer and multi-cell selection-based ReRAM-PUF was proposed and exper-
imentally demonstrated by Nili et al. [156–158]. Adopting multiple cell selection can
enlarge CRP to
(p
n
)× (qn), where p is the number of row and q is the number of column
used for the response generation.
72
2.3.6 Comparison and Discussion
After reviewing CMOS and emerging technology-based PUFs, performance concerning
the estimated area and power budgets, reliability, as well as uniqueness are compared, as
summarized in Table 2.3. It can be seen that close-to-ideal 50% uniqueness occurs in most
cases. However, diffuseness measurement is not often reported despite its importance.
One quality should be obtained but not often highlighted in the literature is the correlation
between responses when similar challenge sets are applied. Uniformity results show the
close-to-ideal value of 50% except Ref. [159]. However, the similarity between challenge
sets is not clear in most of the literature. When applying very similar challenge sets, the
Multi-layer ReRAM PUF reported in [8] still shows a close-to-ideal uniformity of 50%.
In Table 2.4, reliability values of ReRAM-based PUF constructions are summarised,
and it is clear that environmental factors significantly affect the reliability. In general,
excellent reliability is required in order to remove the need for helper data or ECC. Among
the reviewed ReRAM-based PUFs, Ref. [156] outperforms others’ works considering that
the PUF performance was experimentally verified under a wide range of environmental
factors.
Some early ReRAM-PUF studies are solely based on simple device behavioural mod-
els without carefully considering other inherent characteristics of ReRAM. For example,
C2C, which can potentially cause reliability degradation, is not thoroughly investigated.
Even for studies with compact models, the results were obtained through simulations, and
this may be speculative without experimental implementation and validation. However, a
majority of the ReRAM-PUFs are not fully experimentally validated. For example, resis-
tance variation is based on experiments, whereas a peripheral circuitry is only proposed
but not experimentally implemented. Notably, for the resistance comparison method, the
sensing circuits suffer from small sensing margin and long access time due to the high and
minor differences for cell resistance. Therefore, sense amplifiers (SA) becomes a critical
part for these PUFs.
73
Based on the surveyed PUF architectures, the author summarizes the opportunities for
PUF designs, as shown in Table 2.5. Statistical test suit developed by the U.S. NIST is
used to evaluate the randomness of generated responses [160]. Only a few ReRAM-PUFs
provided the successful results and some only partially performed the test. This can be due
to that NIST test suite recommends the use of very long bit-stream (e.g. 10 Mbit). The
number of CRP (NCRP) for each ReRAM-PUF is also estimated. LRS–HRS pattern-based
ReRAM-PUFs show limited NCRP and also they often require the precise pre-calibration
process to obtain statistical unbias. By utilizing comparison and multiple-cell selection
methods, NCRP can be significantly increased [8, 31, 154–156, 159].
74
Table 2.3: Uniqueness, diffuseness, uniformity and bit-aliasing comparison of ReRAM-based PUF constructions.
Reference Randomness source Type NPUF
Environmental
factors
PUF evaluation metric (%)
Uniqueness Diffuseness Uniformity Bit-aliasing
[134] Resistance variation SIM 100 n/a 49–50 49 - -
[135] Resistance variation SIM 100 n/a 49–50† - 46–53† 46–53†
[137] Rows’ Rtots variation SIM 10 TR: 70 ◦C 50 - - -
[23] Rows’ Rtots variation SIM 100 n/a 50.07 49.96 50.76 -
[24] Stage delays SIM n/a n/a 49.94–50.40 - 50.60–53.80 49.20–52.37
[138] Stage delays SIM n/a n/a 49.40–52 - 50.30–54.80 48.50–53.37
[139] Stage delays SIM n/a Vth :±10% 51.30 - 50–53‡ -
[140] Stage delays S&E 250 TR: 0–125 ◦C 50† - - -
[25, 133] Write-time variation SIM 100 n/a 49.85 - 49.99 49.99
[142] Write-time variation SIM n/a VR: 0.7–0.9 V 48.22–49.98 - 50.15–52.60 -
[143] Write-time variation S&E n/a n/a 50 - 50.20 -
[144] Write-time variation S&E n/a TR: 10–100 ◦C 50.17 - 56.50 51.50
[26] Write-time & voltage variation S&E 100 Rline: 0–2 Ω 47–50 - 50–51 -
[147] Write-time & voltage variation SIM 2 n/a 46–53† - - -
[28, 148, 149] HRS variation EXP 40 n/a 49–49.80 - - -
[150] HRS variation EXP 3 TR: 25–125 ◦C 49.80 - - -
[29] LRS or HRS variation SIM 1000 n/a 49–50 - - -
[152, 153] HRS variation SIM 100 TR: 300–450 K 50 - 50 -
[30] Resistance variation S&E 100 TR: 0–85 ◦C 49.90† - - -
[31] Resistance variation EXP 28 n/a 46.20 ∼50§ ∼50§ -
[154] Resistance variation SIM 100 IRef: 29 µA 50.44 49.50 50.40 -
[155] Resistance variation EXP n/a n/a ∼50 - - -
[159] Resistance variation SIM n/a IRef: 14.5 µA 49.77¶–50.44[ 50.44 43.14¶–48.10[ 43.14¶–48.10[
[8] HRS variation S&E 1000 TR, VR: ±10% 49.85 49.86 47.28 49.48
[156] HRS variation EXP n/a n/a 50.07 49.90–50.02 49.50–50 -
SIM: Simulation, S&E: Simulation based on measured device data, EXP: Experiment.
VR: Voltage range, TR: Temperature range, Vth: Threshold voltage of transistor, Rline: Line resistance, IRef: Reference current.
† This value is estimated from given graph, ‡ This is evaluated by NIST test suite, § This is widely distributed.
¶ The simulation is based on 22 nm technology, [ The simulation is based on 65 nm technology.
75
Table 2.4: Reliability of ReRAM-based PUF constructions in the literature.
Reference Randomness source Type NPUF
Environmental factors Reliability (%)α β
[135] Resistance variation SIM 100 VR: ±20% 90–98†
[23] Row Rtotal variation SIM 20 TR: -20 ◦C–85 ◦C VR: ±10% 92.50−100
[24] Stage delays SIM n/a TR: 0 ◦C–80 ◦C VR: ±15% 92.70–99.40
[138] Stage delays SIM n/a TR: 0 ◦C–80 ◦C VR: ±10% 97.20–99.70
[139] Stage delays SIM n/a TR: 10 ◦C–90 ◦C VR: ±10% 99.87
[140] Stage delays S&E 25 TR: 0 ◦C–125 ◦C 97.30
[143] Write-time variation S&E n/a TR: 17 ◦C – 67 ◦C 94
[144] Write-time variation S&E 10 TR: 10 ◦C–100 ◦C 80–90
[151] Write-voltage variation S&E n/a VR: 1.8 V–2.1 V 92–99.98
[29] LRS or HRS variation SIM n/a TR: -45 ◦C–85 ◦C VR: ±10% 99
[30] Resistance variation S&E 200 TR: 0 ◦C–85 ◦C 98†
[31] Resistance variation EXP 1 TR: 100 ◦C–140 ◦C 92
[154] Resistance variation SIM 1 IRef: 70 µA–79 µA 98†
[155] Resistance variation S&E 2 TR: 150 ◦C for 60 hrs 99
[8] HRS variation S&E 100 TR: ±10% VR: ±10% 98.67
[156, 157] HRS variation EXP n/a TR: 25 ◦C–90 ◦C VR: ±20% 98.42
SIM: Simulation, S&E: Simulation based on measured device data, EXP: Experiment.
VR: Voltage range, TR: Temperature range, IRef: Reference current value.
† This value is estimated from given graph.
76
Table 2.5: ReRAM-based PUFs performance comparison.
Name Reference NIST test NCRP CBA structure Energy Area
Nano-PPUF [49, 134–136] n/a cλ
m
m ×n? n×n n/a n/a
ReRAM-RO-PUF [23, 137] n/a
n×(ni)(n−1i )
2
† n×n n/a n/a
ReRAM-Arb-PUF [24] n/a 2n 2n×1T1R n/a n/a
Modi-Arb-PUF [138] n/a 2n 2n×1T1R n/a n/a
ReRAM-Arb-PUF [139] partially 2GC+LC+N ‡ 2n×1T1R n/a n/a
WTM-PUF [25, 133] n/a 2n n n/a n/a
Modi-WTM-PUF [142] n/a 2n 2n×2n 0.56 – 1.63 mW n/a
Shuf-WTM-PUF [144, 145] n/a 2n 2n×2n 0.02 – 0.10 mW n/a
Shuf-WTM-PUF [146] n/a 2n 2n×2n 0.25 – 16 mW n/a
1T1R-PUF [26] n/a n2 n×n×1T1R n/a n/a
Obf-Split-Ref-PUF [148] n/a n2 n×n×1T1R 9.59 – 17.69 pJ 0.01 –0.20 mm2
Modi-Split-Ref-PUF [149] n/a n2 n×n n/a 241 – 272 µm2
Multi-state-PUF [151, 161] n/a 3n n×n n/a n/a
Dual-mode-PUF [29, 126] n/a n×n log2 n n×n×1T1R n/a n/a
Comparison-PUF [152, 153] n/a n×n log2 n n×n×1T1R n/a n/a
X-Point-PUF [30] n/a
(2
n
)×n log2 n n×n×1T1R n/a 0.01 – 0.17 mm2
Sneak-Path-PUF [31, 154] n/a
(2/n
n
)
n×n 5.3 – 6.2 mW n/a
Sneak-Path-PUF [159] n/a
(2/n
n
)
n×n 13.17 – 94.79 pJ 4504 –7891 µm2
Nonlinear-PUF [8] n/a
(5
n
)× (2n)× log2 (2n) 2×n×n n/a n/a
Nonlinear-PUF [156, 157] partially
(p
n
)× (qn)£ 2×n×n 20 fJ n/a
? c=0.3169, λ=4.0626, m is number of polyominoes;
†
n is number of ring oscillators, i is number of inverters in each oscillator.
‡ GC is number of global column, LC is number of local column, N is number of MUX stages;
£ p is number of row selection and q is number of column selection.
77
2.4 Concluding Highlights
Based on the comparison mentioned above and the analysis for previously suggested PUF
circuits, it can be concluded that ReRAM is a promising candidature for the PUF. This
claim is mainly based on the PUF evaluation metrics, such as uniqueness, reliability, dif-
fuseness, uniformity, bit-aliasing, as well as estimated power and area budgets. As such,
ReRAM can be considered to be applied for PUFs based on the following reasons:
(i) Intrinsic randomness: ReRAM exhibits intrinsic randomness in its physical mecha-
nism. Examples of randomness include resistance variation and stochastic switching. This
suggests that, instead of solely manufacturing process variation, ReRAM utilises inherent
randomness that caused by the stochastic nature.
(ii) Reconfigurability: The C2C programming variation is a feature that can be used to
generate a new set of CRPs signature for the PUF without re-manufacturing. This makes
ReRAM-based PUF reconfigurable.
(iii) Tamper resistance: The atomic changes of the defects in the oxide layer are not
likely visible under microscopy scanning. Also, as ReRAM is not expected to emit pho-
tons, this makes ReRAM-based PUF immune from the photon emission analysis.
(iv) Simple and highly compact structure: The CBA allows the cell area to be down-
sized to 4F2 (6F2 to 12F2 for 1T1R structure). No standby power is required for ReRAM
due to its non-volatility, and when comparing to other types of emerging solid-state mem-
ories, ReRAM requires less energy consumption.
(v) Compatibility with CMOS fabrication: The ReRAM can be integrated with stan-
dard CMOS circuits using BEOL fabrication process, which makes ReRAM favourable in
constructing PUFs.
78
Chapter - 3
A PUF with Redox-based Nanoionic
Resistive Memory
Emerging non-volatile reduction-oxidation (redox)-based resistive switching memories
(ReRAMs) exhibit a unique set of characteristics that make them promising candidates
for the next generation of low-cost, low-power, tiny and secure physical unclonable func-
tions (PUFs). Their underlying stochastic ionic conduction behaviour, intrinsic nonlinear
current-voltage (I–V ) characteristics and their well known nano-fabrication process vari-
ability might typically be considered disadvantageous ReRAMs features. However, using
a combination of a novel architecture and special peripheral circuitry this work exploits
these non-idealities in a physical one-way function, nonlinear resistive PUF, potentially
applicable to a variety of cyber-physical security applications. The author experimen-
tally verifies the performance of valency change mechanism (VCM)-based ReRAM in
nano-fabricated crossbar arrays across multiple dies and runs. In addition to supporting a
massive pool of challenge-response pairs (CRPs), using a combination of experiment and
simulation the proposed PUF exhibits reliability of 98.67%, a uniqueness of 49.85%, a
diffuseness of 49.86%, a uniformity of 47.28%, and a bit-aliasing of 47.48%.
79
3.1 Introduction
The 19th century cryptographer, Auguste Kerckhoffs stated, “... a system should remain
secure even if everything about the system, except the secret key, is public knowledge.”
[37], a principle still adhered to by a majority of modern cryptosystems. PUFs fundamen-
tally fulfil this principle by removing the ability of adversaries to extract secrets stored
in non-volatile memories (NVMs) while leaving the remaining system features as pub-
lic knowledge [10, 68, 162, 163]. Secrets in a PUF are hidden in the randomness of its
physical implementation (e.g. the silicon fabrication process) making it extremely dif-
ficult, if not impossible to discover them using the types of physical attacks commonly
used for extracting keys from NVMs. Hence, the basic idea of a PUF is to take advan-
tage of otherwise undesirable manufacturing non-idealities to create a physical system that
is extremely hard to copy even if it is fabricated using identical processes, facilities and
materials [10, 68, 125].
Various materials, systems and technologies have been considered as a source of un-
controllable randomness for PUFs. CMOS PUF models have already exploited non-
idealities such as variations in dimensions, random dopant fluctuations and line edge
roughness (LER) that are unique to each circuit to encode secret information [10, 12, 62,
72, 91, 99, 164]. While this technology has spawned many potential security solutions, for
example RO-PUFs, Arb-PUFs and SRAM-PUFs, the search is still on for the PUFs that
are highly secure, cheap, small and energy-efficient [7, 10, 165–169].
Recently, emerging solid-state memories have drawn significant attention due to their
potential for lower power and cost. Of these, ReRAMs is one of the most promising for
conventional and unconventional information processing as well as for memory applica-
tions [170–172]. ReRAMs also offer some desirable device characteristics for construct-
ing PUFs:
80
• They can achieve ultra-high information density in simple nano-crossbar architec-
tures [173]. For instance, they can be fabricated in much denser arrays than SRAM
configurations employed in SRAM-PUFs [156].
• They provide several unique sources of non-idealities for constructing PUF primi-
tives. One unique feature that can be considered as exclusive to the broader family of
valence change memories (VCM), electrochemical metalization memories (ECM)
and, potentially, phase change memories (PCM) is their random nano-conductive
ionic filament patterns across devices and variable switching cycles of a given de-
vice.
• Randomly varying oxygen vacancy profile from device-to-device in VCM ReRAMs
provides another dimension for non-idealities that can be exploited for NVM-based
PUFs.
• ReRAMs offer a potentially lower additional volume fabrication cost compared to
other types of emerging NVMs and allows the use of a range of materials.
• ReRAM fabrication processes can be seamlessly integrated conventional CMOS
processing [174–179].
In this work, we propose a novel PUF architecture based on non-volatile ReRAM
crossbar arrays (CBAs). The main contributions of this work are as follows:
• We introduce a new PUF primitive, a nonlinear ReRAM-based PUF (nrPUF) ar-
chitecture (Section 3.2.2), capable of being realized at nano-scale dimensions and
yielding a large number of response bits with respect to the overall size of the
nrPUF. As part of this architecture, we propose the concept of employing dummy
ReRAMs to potentially strengthen nrPUF against power monitoring side-channel
attacks (Section 3.4.2).
81
• We fabricate and experimentally evaluate ReRAM CBAs (Section 3.2.1) to validate
our proposed nrPUF.
• We present extensive evaluations of the ReRAM-based PUF architecture includ-
ing the evaluation of key PUF performance metrics based on detailed experimental
analysis that are fed into Cadence simulations (Section 3.3 and 3.4).
The remainder of the work is organized as follows: Section 3.2 discusses character-
istics of ReRAMs and proposes the nrPUF. Experimental results of ReRAMs and the
nrPUF architecture and operation are also included in this section. Section 3.3 analyses
nrPUF performance using widely used measure for evaluating PUF primitives, including
avalanche characteristics. Section 3.4 presents a comparison with other nano PUF primi-
tives, a discussion on possible vulnerabilities and summarizes the work, while Section 3.5
concludes the article.
3.2 Nonlinear ReRAM PUF Construction
In this section, VCM-based ReRAMs are investigated as a primary source of randomness
in a PUF design. Figure 3.1 (a) and (b), show direct evidence of oxygen vacancy profiles in
our devices (something that is true for all ReRAMs) [19]. This pattern varies significantly
between devices. An important aspect of this spatiotemporal random oxygen vacancy
profile in ReRAMs is that once programming is finished, the profile stays fixed under the
condition of zero or small magnitudes of energy delivered to the VCM-based ReRAMs.
The temporal aspects of this nano-filament pattern are even more profound when the
device is switching or is in its low resistance state (LRS). When a filament becomes the
main path of conducting current between electrodes, the conductance of ReRAMs in LRSs
is almost independent of device contact sizes and their variations. On the other hand, in the
high resistance state (HRS) the nano-filament pattern is fixed, unique to each device and
the filament heights are much less than those of ReRAMs in their LRS (see Figure 3.1 (b)).
82
Further, variations due to dimensional and LER are much more evident when the device in
its HRS. As a result, this work considers the devices only in their HRS for two reasons: (1)
using HRS devices can reduce total power consumption and (2) the overall combination
of oxygen vacancy profile, dimensional and LER variations means that spatial variation is
stronger when it is in its HRS. It is also important to note that discussions around oxide-
trap-induced effects such as burst or random telegraph noise are outside the scope of this
work due to the relatively low-frequency nature of the phenomenon.
3.2.1 Electrical Properties of ReRAM
Using standard photolithography, we designed and fabricated a stack of the following ma-
terials to implement our VCM ReRAM devices. A 20 nm Pt and its 5 nm Ti adhesion layer
were deposited on a SiO2/Si substrate as the bottom electrode (BE) using electron-beam
evaporation. An amorphous SrTiO3, a-STO, (33 nm) film was subsequently sputtered
through a shadow mask and in the next step, a 5 nm Pt buffer metal layer was e-beam
evaporated on the a-STO layer. Then, two successive layers of a-STO films were sput-
tered: firstly a normal 3 nm a-STO layer followed by a 30 nm oxygen deficient (OD)
a-STO layer.
The ReRAM switching layer in our devices is an amorphous OD SrTiO3−x (a-STO),
where x represents the level of oxygen deficiency created by a combination of processes
within the material stack during fabrication and engineered by a detailed micro/nano-
fabrication development recipe.
Finally, a Pt/Ti (20 nm/10 nm) is formed by electron-beam evaporation as a top elec-
trode (TE). All deposition steps were processed at room temperature and a crossbar optical
image and its material stack are shown in Figure 3.2 (a). The CBA consists of 8 columns
of TEs and six rows of BEs. Full details on fabrication process can be found in Refs.
[19, 180].
The measured signature bipolar switching behaviour of our VCM-ReRAM devices at
83
1 μm
(a)
nano-conductive filaments(b)
oxyge
n defic
ient ST
O
5 nm
4
3
2
1
0
Figure 3.1: In-situ scanning probe microscopy (SPM) maps of conductivity in 2D (a)
and 3D (b). Shown is a top view of oxygen deficient amorphous SrTiO3−x (a-STO) layer
after removal of the top metal electrode layers for this experiment. The pattern illustrates
profile of nano-filaments, which are the conducting channels between two metal electrodes
in ReRAMs.
room temperature is depicted in Figure 3.2 (b). Device switching characteristics emerge
when an irreversible electro-forming step is completed. This electro-forming step forces
the device to switch from its pristine state to its LRS. Beyond that point, the device is
capable of switching between its LRS and HRS when sufficient energy is delivered to
the device in the form of applied current. Our device SET (HRS→LRS) and RESET
84
-1.0 1.0-0.5 0.50
10-3
10-5
10-7
10-9
Cu
rre
nt
 (A
)
Voltage (V)
Voltage (V)
1
23
4
Pt
Ti
STO (OD)
STO
STO
Pt
Ti
5
0
0
 μ
m
 
T
BE
E
(b)
(a)
0 0.2 0.4 0.6
10-5
10-7
10-9C
ur
re
nt
 (A
)
Pt
Figure 3.2: ReRAM electrical characteristic and structure. (a) Optical microscope image
of a 6×8 ReRAM crossbar array (CBA) and schematic of our ReRAM material stack. Top
and bottom metal electrode (TE and BE) tracks are graphically enhanced. (b) Experimen-
tal current-voltage (I–V ) signature of our a-STO ReRAM bipolar switching behaviour.
As a representative curve of thousands of measured I–V characteristics on multiple de-
vices, this is measured by a DC double-voltage-sweep. Inset: highlights nonlinearity of
I–V curve when the device is in HRS and applied voltages are significantly below the
threshold.
(LRS→HRS) switching thresholds are around 0.8 V and -0.75 V, respectively, as it is
shown in Figure 3.2 (b). For electro-forming, a maximum sweep voltage range of 2.5 V
to 3.2 V and current compliance range 100 µA to 500 µA was used.
The switching behaviour is known to be caused by the formation and rupture of one
85
0.1 0.2 0.3 0.4 0.5
100 k
10 k
1 M
100 k
10 k
1 M
Voltage (V)
0.1 0.2 0.3 0.4 0.5
Voltage (V)
Re
sis
ta
nc
e(
Ω
) LRS HRS
Re
sis
ta
nc
e(
Ω
)
275 °K
450 °K
(a)
(b)
Figure 3.3: (a) D2D variation in HRS and LRS. State resistance variation of HRS and LRS
are extracted from 58 devices at different READ voltages between 0.1 V and 0.5 V. As
Figure 3.2 (a)’s inset suggests, nonlinearity of I–V characteristics causes semi-exponential
increase in HRS current with every 100 mV increase in voltage. Therefore, as READ volt-
age increases, RRESET/RSET ratio decreases. (b) Resistance systematic variation induced
by temperature change from 275 ◦K (near 0 ◦C) to 450 ◦K.
or more filamentary paths through the oxide layer between the TE and BE [19, 180]. The
switching sequence (1-4) is shown in Figure 3.2 (b) where the device was initially in its
HRS. When a voltage below switching threshold (Figure 3.2 (b)’s inset), known as the
READ voltage, is applied to the TE, it produces a current that can be read from the BE.
The I–V nonlinearity is highly correlated to the applied bias and the state of the de-
vices. It is also known that the nonlinearity strongly depends on the exponential ionic drift
86
occurring as the result of applying external current or voltage stimulation [19, 180, 181].
An experimental demonstration of the conductive paths formed in our fabricated devices
is shown in Figure 3.1 (a) and (b). The I–V nonlinearity of these devices can be used as a
source of randomness in a ReRAM CBA [156] and is already known to enable the reali-
sation of purely passive CBAs [182]. It is also known that higher nonlinearities minimise
sneak-path current (i.e., the array’s data dependent parasitic currents) and hence reduce
the pressure on CBA design parameters such as their sizes [118, 182]. It is also important
to note that the impact of higher parasitic currents, where the current is passing through
more than one element other than the main signal path, can be reduced significantly by
a careful circuit design strategy. In this work we achieve this using differential current
readout and a high sensitivity modified strongARM latch (mSAL) in Figure 3.4 (b) in the
read path. Figure 3.3 (a) shows one main source of the device-to-device variation in our
VCM-ReRAM in both their HRS and LRS at different READ voltages.
Electrical measurements and characterisation of our fabricated cells were undertaken
using a Keithley 4225-PMU Semiconductor Characterization System. The measurements
indicate that the resistance values in the HRS are widely distributed over a decade in
the range of 100 kΩ to 1 MΩ. Our study across some arrays and multiple rounds of
fabrication using the same recipes has shown no evidence of a conductance gradient in
any direction, and hence we have observed no spatial bias associated with these arrays.
The measured variation in resistance with temperature in these cells, shown in Figure
3.3 (b), is also substantial, exhibiting a greater than ×10 change over the range 275 ◦K
to 450 ◦K. Although a substantial temperature dependent resistance change was measured
over multiple devices, the behaviour suggests a trend that can be taken into account in our
peripheral readout circuitry for the nrPUF.
As a final observation here, it is worth noting that electro-forming and its impact on
the spatiotemporal characteristics of the oxygen vacancy profile is an interesting topic in
itself that, while outside the scope of this work, would warrant further investigation.
87
3.2.2 Circuit and Architecture
The proposed nrPUF structure is shown in Figure 3.4. The overall system architecture
consists of multiple VCM-ReRAM crossbars, two sense amplifiers and bit generators.
The system accepts parallel streams of inputs (called a challenge), and produces a cor-
responding 64-bit output stream (called a response). As Figure 3.4 (a) illustrates, ana-
logue multiplexers accepting subsets of input challenge (InC) to select columns and rows,
thereby activating multiple ReRAM cells.
The multiplexer (MUX) circuits employ a group of transmission (pass-) gates to pass
row current or READ voltage. These MUXes are also capable of grounding or floating
mSAL
mSAL
VXA
VYA
VXB
VYB
Response
Bit
gen
Bit
gen
InC
1:K
CM Gain
1:K
CM Gain
M1 M2
M14
M3 M4
M12M11
M9 M7 M5 M6 M8 M10
V X
P Q
YX
M13 M15
DD
(b)
V Y
SenEn
SenEn
SenEn
V
(InC)
ID
a-MUX
READ supply Input
challenge
IP
IQ
a-
M
U
X
(a)
(c)
HiC
ID IP IQ
DDV
CB
A
 A
LFSR
CBA 
A
CBA 
B
SenEn-A
SenEn-B
Figure 3.4: nrPUF block diagram, interconnections and readout circuitry. (a) illustrates
a ReRAM CBA with its relevant analog MUXes. (b) represents a modified strong ARM
latch (mSAL) that is connected to IP, IQ and ID from (a) through current mirrors (CM)
with gain of K=1. (c) nrPUF block diagram with two CBAs and mSALs. For illustration
purpose only, only CBA A and its readout circuitry are shown in (a) and (b). Depending
on the requirements, nrPUF’s HiC can be entirely hidden, where the output of CBA A
derives a linear-feedback shift register (LFSR) to generate HiC. Alternatively, HiC can be
partially derived from a the main input challenge (InC).
88
unselected rows and columns. An input challenge identifies which columns and rows and
how many of them in which combination are selected. In the proposed PUF, therefore,
InC activates a particular number of columns (CS) out of N total columns and exactly two
rows out of M rows for each of the IP, Q currents. IP, Q are the results of ReRAM selections
by InC, whereas ID is caused by dummy cells selected by an independent random number
generator. In this work, M=N=128, therefore, a massive pool of CRPs will be available,
as is shown in Section 3.2.3 and Table 3.1.
Note that ReRAM devices are all programmed in their HRS for the proposed nrPUF
as described in Section 3.2.1. Due to the randomly different oxygen vacancy profile of
these devices, one of the currents will be higher than the others, which means currents
through nodes P, Q and D (IP, IQ and ID) will not be identical in Figure 3.4 (a). As Figure
3.4 (b) illustrates, IP and IQ are connected to a modified strong ARM latch (mSAL) through
current mirror (CM) with a gain of 1, while ID represents dummy cells current which does
not contribute to response bit generation process, but to the total power consumption. The
original idea and full description of the sensing circuitry can be found in Refs. [183, 184].
The mSAL circuit consists of two identical parts, highlighted in blue and green, which are
competing to generate the output, Vx and Vy. Assuming negligible mismatch between peer
transistors (e.g. M1 and M2), the state of the latch will be determined by the mismatch
between IP and IQ.
A difference in IP and IQ causes an imbalance in the current that is drawn by M1 and
M2 after the pre-charge period (SenEn=0) during which nodes P, Q, X and Y are charged
to VDD. The imbalance will push the latch (transistors M3−6) towards Vx=VDD, Vy=0 or
Vx=0, Vy=VDD. Transistors M13, M14 and M15 have been included to better control the
flow of current when sensing is enabled using the signal, SenEn.
One of the most important systematic biases that need to be mitigated is the offset
generated as a result of the mismatch between the CM pairs, M1,11 and M2,12, and M3-6
within the latch. It is known that in the conventional StrongARM circuit, the dominant
89
contributors to the offset are M1 and M2 [183]. In this case, we need to extend that set to
include M11 and M12. Because our architecture uses only two mSAL circuits, as shown in
Figure 3.4 (c), there is plenty of room for mitigating the M1,2 offset contribution. It is well-
known that such offset in a FET is the direct result of a mismatch in threshold voltages
which is the consequence of process variation. According to the well known Pelgrom’s
Law:
σ∆VT ∝
1√
WL
, (3.1)
where W , L are the width and length of the transistor channel and σ∆VT represents the
standard deviation of the threshold voltage mismatch, sampled from thousands of pairs
[185, 186]. To avoid creating a systematic bias in our CMOS circuits, M1,11,2,12 should be
as large as possible.
As shown in Figure 3.4 (c), the result of the imbalance of part A (highlighted in grey),
which is the hidden challenge (HiC) in this work, influences the selections of rows and
columns in part B (highlighted in yellow). As its name suggests, the HiC is the internally
generated challenge, which we call it a hidden challenge. It is fed to CBA B to generate
a response. In this work, the whole 64-bit challenge contributes to operating the CBA B.
Depending on the particular structure and system requirements, the challenge for CBA B
can be entirely hidden or be partially derived from the main InC.
While all parts are directly involved in the generation of the response bits, the dummy
part highlighted in red aims to confuse the power consumption signal to reduce the chances
of an attack using side-channel power monitoring. We discuss its effects on supply power
signal-to-noise ratio (SNR) later in Section 3.4.2.
90
3.2.3 Operation
The READ voltage of the nrPUF operation is chosen from the set of READ voltages high-
lighted in Figure 3.3. As our readout is currently based, we aim to choose the lowest pos-
sible READ voltage to guarantee no destruction to the stored state. Due to inherent varia-
tions of ReRAM devices in a CBA, the conductance of its cells are widely distributed, and
this variation is ultimately translated to readout current. The output of selected ReRAMs
is given by:
Ii =
CS
∑
k=1
gi, jkVREAD, (3.2)
where gi, jk denotes the conductance of the cell located at node (i, jk), i represents a de-
vice row location selected by the current MUX, jk is a similarly selected column loca-
tion and CS is the total number of selected columns. In this work, we fixed CS = 5,
which increases the current output distribution compared to choosing values of (say) one
or two. We can start the analysis by assuming that I1, I2, . . . , ICS form a total of CS indepen-
dent random variables3 (i.e., cell readout currents) with mean µ1,µ2, . . . ,µCS and variance
σ21 ,σ
2
2 , . . . ,σ
2
CS. Then the mean and variance of the linear combination Irow = ∑
CS
k=1 Ik are
defined as:
µIrow =
CS
∑
k=1
µk (3.3)
and
σ2Irow =
CS
∑
k=1
σ2k , (3.4)
respectively. This shows that the Irow distribution as well as its standard deviation in-
creases with higher CS. Since nrPUF deals with a comparison of electrical characteristics
(i.e., the linear sum of the readout current from CS cells), the wider variation distribution
provides the advantage of reducing the possibility that selected comparator objects are
placed in an indistinguishable range. Using higher values of CS has further advantages
3This assumption is substantiated by experiments.
91
in that it increases the challenge space while preventing the PUF’s variation fingerprint
from being revealed to adversaries attempting to characterise the PUF. Although a single
device method (CS = 1) has obvious advantages of consuming lower power, adopting a
group of ReRAMs raises immunity against temporal variation, which will be discussed
in Section 3.3.2. Therefore, setting CS = 5 represents a reasonable compromise between
MUX design complexity and total power consumption.
Column and row selection on CBA A is entirely driven by a q-bit challenge using
analog MUXes, via an array of transistor pass-gates (see Figure 3.4 (a)). Column and
row selection in CBA B is also driven by almost the same peripheral circuitry. The only
difference is the use of a linear-feedback shift register (LFSR) that accepts an internal
bit, generated by CBA A output, to generate q-bit HiC that is applied to CBA B in order
to generate 1-bit of final response for nrPUF. This nonlinear structure of two concate-
nated CBAs reduces a direct relationship between challenges and responses. The merits
of nrPUF’s nonlinear structure is evaluated by comparison with single crossbar method in
Section 3.3 and discussed in Section 3.4.2. The single crossbar method is highlighted in
grey in Figure 3.4 (c), and referred to as the single crossbar in this work.
The number of selections can be adjusted considering the size of ReRAM CBA and
can be set as log2
(M
2
)
, where M is the number of rows in the CBA. The total number of
CRPs (NCRP) also depends on the size of ReRAM CBAs and can be estimated as:
NCRP =
(
N
CS
)
×
(
M
2
)
× l, (3.5)
where M, N are the sizes of CBA (M×N). It is worth recalling that CS is the number of
selected columns and l is the HiC bit length.
92
3.3 Performance Evaluation
We evaluated our proposed nrPUF against key PUF metrics. Circuit-level simulations
in Cadence were followed by Matlab analysis considering experimental data collected
from a wide range of ReRAM devices on the same or different dies. Circuit simulation
confirms response bit generation with a power supply voltage at 1 V and temperature
variation from -25 ◦C to 125 ◦C. The measured variations in current were fed into these
simulations and devices were operated under minimum READ voltage to be similar to our
experiments. Noise and uncertainty were assumed to exist on the supply power line as well
as faulty devices (e.g. stuck-at-ON) in both CBAs. The following lists our considerations
for analysis:
• There is 10% 3σ READ supply voltage variation at any READ voltages,
• A temperature fluctuation of ±10 ◦K at any working temperature,
• An undetectable current difference of ∆I =±20 nA, where ∆I = IP− IQ,
• 90% of HRS programmed devices were successful, therefore, 10% of ReRAMs are
assumed to be stuck-at-ON (in their LRS range, see Figure 3.3 (a)), and
• Measured ReRAM HRS variations have log-normal distribution, see Figure 3.3 (a).
These data were imported into the analytical analysis flow to evaluate the nrPUF.
We use the following notations and definitions for the nrPUF evaluation:
P Number of PUF instances.
C Number of challenges.
T Number of tries.
ri, j jth bit of ith response.
93
L Bit length of a response.
Key PUF evaluation metrics include uniqueness, diffuseness, bit-aliasing, uniformity,
and reliability (Figure 3.5). More detailed definitions of these evaluation metrics can be
found in refs. [166, 187]. The first four are measures of stochasticity and quality of ran-
domness in PUF(s), while reliability measures the robustness of a PUF against spatiotem-
poral variation.
3.3.1 Hamming Weight Measures
Hamming weight (HW) test calculates inter- and intra-PUF responses in order to detect bit
bias toward ‘0’ or ‘1’ and includes measures of uniformity and bit-aliasing. The average
uniformity and bit-aliasing results are shown in Figure 3.6 (a) and (b) and both are closely
distributed near 50%.
R1, j R j,1 R j,2 R j, c
 
r1, j,k
r1, j,1
r1, j,l
ri, j,k
ri, j,1
ri, j,l
rp, j,k
rp, j,1
rp, j,l
C1 C2 cCC
...
...
... R i, j R p, j...
...
...
... ... ...
... ... ...
r , j,k
ri
i
i
, j,1
r , j, l
...
...
...
...
...
j
ttt0 th
ttt0 th
t0 h
Fractional
Hamming 
distance
Fractional
Hamming 
distance Hamming weight
R1, j R i, j R p, j
P
Uniqueness
Fractional
Hamming 
distance
ReliabilityDiffuseness Bit-aliasing
Hamming 
weight
Uniformity
PUF
1
PUF
i
PUF
p
C
...
... ...
... ...
... ...
... ...
... ... ...
... ...
... ...
j Cj Cj Cj Cj
PUF
1
PUF
i
PUF
i
UF
i
PUF
p
PUF
i
Figure 3.5: Key PUF evaluation metrics. This includes uniqueness, diffuseness, bit-
aliasing, uniformity, and reliability.
94
nrPUF
Co
un
t
Uniformity (%)
Single crossbar
900
75
50
25
600
300
0
0 25 50 75 100
Response bit number
0 16 32 48 64
Bi
t-a
lia
sin
g 
(%
)
(a)
(b)
Figure 3.6: nrPUF performance evaluations. (a) Worst-case uniformity (UF) comparison
of a nrPUF and a single crossbar method. (b) Bit-aliasing (BA) of nrPUF’s.
3.3.1.1 Uniformity
Uniformity (UF) is an intra-response HW assessment to evaluate a balance of ‘0’ and ‘1’
in a response vector. Ideally, UF should show a perfect balance and is defined as:
UF =
1
L
L
∑
j=1
ri, j×100%, (3.6)
where ri, j is the jth bit of an L bit response to the ith challenge. In Figure 3.6 (a), red
distribution curve represents the best-case UF of nrPUF. We refer to the red curve as the
best-case UF because it is closely distributed around 50%. The red curve is calculated
95
from the responses of the nrPUFs to a random challenge set. To evaluate nrPUF’s design
strength, we compare the worst-case UF of nrPUF to the single crossbar organisation.
In this work, the worst-case UF is calculated using responses to the challenge set with
HDchallenge ≤ 5. Note that total response length in the nrPUF is 64. The results show
the worst-case nrPUF is normally distributed with µ of 47.28% and standard deviation of
11.09%. In contrast, the worst-case UF of a single crossbar is poorly centred and is rather
uniformly distributed.
3.3.1.2 Bit-Aliasing
Bit-Aliasing (BA) is a measurement of the degree of similarity across responses from
different PUFs (inter-HW). Ideally, a PUF should avoid identical responses and so BA
should be 50%. BA can be calculated as:
BA =
1
P
P
∑
i=1
ri, j×100%, (3.7)
where ri, j is jth bit of an n bit response from an ith PUF instance. Each bit of nrPUF
responses is assessed by calculating BA over 1,000 PUF instances. It can be seen that
average BA of the nrPUF is 47.48% with a deviation of 5.03%.
3.3.2 Hamming Distance Measures
Hamming distance (HD) test calculates the HD of inter- and intra-PUF responses in order
to assess how unique PUFs are. HD tests include uniqueness and diffuseness. The average
uniqueness and diffuseness results are shown in Figure 3.7 (a) and (b) and both are closely
distributed near 50%.
96
0.2
0.1
0
= 49.85
= 0.11
= 49.86
= 0.11
Pr
ob
ab
ili
ty
Uniqueness (%) Diffuseness (%)
49
.6
50
.0
50
.4
49
.6
50
.0
50
.4
(a) (b)
Figure 3.7: nrPUF performance evaluations. (a) Uniqueness and (b) diffuseness of nrPUF
are demonstrated under supply voltage, temperature and sensing margin fluctuations.
3.3.2.1 Uniqueness
Uniqueness (UQ) is an inter-PUF HD test and an indicator of the PUF’s information bits
that can be extracted by evaluating a degree of differences between responses of different
PUFs to identical challenges. Truly random PUF should achieve UQ close to the ideal
value of 50%. Average UQ is defined as:
UQ =
1(P
2
) P−1∑
i=1
P
∑
j=i+1
HD(Ri,R j)
L
×100%, (3.8)
where HD(Ri,R j) is the HD between L bit responses to a challenge from a pair of ith and
jth PUF instances.
3.3.2.2 Diffuseness
Diffuseness (DF) is an intra-PUF HD measurement that analyzes a degree of response
differences from different sets of challenges applied to the same PUF [166]. DF is defined
97
Column selection (CS)
A
ve
ra
ge
 B
ER
 (%
) 8
1 2 3 4 5 20 40
60 80
100
6
4
2
0
3
6
9
0
Sensin
g mar
gin (n
A)
Figure 3.8: Bit error rate (BER) of nrPUF. Average BER over multiple nrPUF analysis
as a function of CS and mSAL sensing margin of ∆I =±10 nA to ±100 nA.
as:
DF =
1(C
2
) C−1∑
i=1
C
∑
j=i+1
HD(Ri,R j)
L
×100%, (3.9)
where HD(Ri,R j) is the HD between L bit responses to a pair of ith and jth challenge from
a PUF instance.
3.3.2.3 Reliability (RE)
Reliability (RE) shows the PUF’s ability to reproduce the same response to the same
challenge under spatio-temporal variations. In other words, it is defined as the probability
that a response bit, rt (generated at time t), can be reproduced at a time ∆t later. An
ideal PUF should provide 0% difference in its responses to identical challenges and this is
represented by bit error rate (BER) definition below:
BER =
1(T
2
) T−1∑
i=1
T
∑
j=i+1
HD(Ri,R j)
L
×100%, (3.10)
98
where HD(Ri,R j) is the HD between responses to ith and jth application of a challenge.
Ideal RE is 100% and is defined as:
RE = 100%−BER. (3.11)
When the reliability of a PUF response is not guaranteed, the system requires an addi-
tional error correction module integrated with the PUF device, which increases costs and
overall power consumption [188, 189].
Based on the current distribution results, we evaluated RE of nrPUF under supply volt-
age, temperature and sensing margin fluctuations. For each measurement set, 500 random
challenges were applied and each challenge repeated for 50 trials of a PUF instance. The
results in Figure 3.8 clearly show the advantage of selecting multiple columns (CS = 5)
over selecting just one or two column(s) (CS = 1 or 2). For example, assuming the current
sensing margin is 20 nA in Figure 3.8, the mean value of BER is 3.45% for CS = 1. The
BER significantly reduces as CS is increased, exhibiting values of 2.39%, 1.87%, 1.61%
and 1.33% for CS = 2, 3, 4 and 5, respectively at this sensing margin. It can also be seen
that the average BER reduces steeply as the sensing margin reduces or, put another way,
as the mSAL’s sensitivity increases. This implies that even lower BER could be achieved
by further increasing the sensitivity of the mSAL.
3.3.3 Avalanche Characteristics
The avalanche characteristic, in cryptography, is the desirable property where a slight
change in input (for example, flipping a single bit) results in a significant and unpredictable
changes in output (for example, half the output bits flip). When this property is achieved in
PUF, each CRP is unrelated, so that knowing one CRP has no impact on predicting other
unknown CRPs regardless of their similarity [86].
Although it is very difficult, if not impossible, to analytically prove unclonability, it
99
0 1 2 3 4 5
2
1
0
Column transition
nrPUF
single crossbar
50
40
30
20
10
0
Output
transition
rate (%)
2
1
0
Ro
w
 tr
an
sit
io
n
Figure 3.9: Comparison of avalanche characteristics of a nrPUF and a single crossbar
method.
has been shown that some PUFs are predictable [5, 69, 88, 190, 191]. For high immu-
nity to these attacks, avalanche behaviour is required, however difficult it might be to
achieve [10, 12]. This is particularly the case for the linear Arb-PUF structure. In a low-
throughput delay-based PUF architecture like Arb-PUF, independence among CRPs is
hard to achieve. Attempts have already been made to design nonlinear PUF architectures
and examples includes the XOR-PUF [10] and Feed-Forward Arb-PUFs (FF-Arb-PUFs)
[12, 72]. An XOR-PUF consists of multiple Arb-PUFs and an exclusive-OR (XOR) func-
tion which combines the responses of the individual Arb-PUFs, thereby improving the
avalanche behaviour [192]. Another example, FF-Arb-PUFs, utilises one or few switch(es)
that are independent of the input. The resulting feed-forward creates some hidden infor-
mation, and the PUF achieves a higher degree of complexity [72, 88].
To measure the avalanche characteristics of our nrPUF, we compared its output bit
transition rate with that for one of the single crossbar systems. The inputs were cycled
between a reference pattern and a second stimulus pattern that depends on CS. For our
nrPUF, CS is fixed at five, so that the stimulus pattern is set such that all five selected
columns are different from the reference input. Similarity, with CS = 1 only one column
100
selection, is different from the reference input selection. In Figure 3.9, the colour-map
shows output transition rate for each choice of row and column transitions. The greener the
map, the closer the outcome is to the ideal case of a balanced response, i.e., to a 50% output
transition rate. A PUF with a single crossbar structure shows a biased output bit transition
rate, and this is the case for all low row and column selections transitions. Compared to
the single crossbar case, the proposed nrPUF provides a significantly improved bit-stream
balance and therefore better avalanche characteristics.
3.3.4 Estimated Power Consumption
The worst-case power consumption per ReRAM per response bit was measured for our
fabricated devices with the READ voltage set to 100 mV. Excluding the contribution of
the peripheral circuitry, power consumption figures in the range of 100 nW were observed.
While simple estimates of total mSAL power consumption based on this figure will be far
from realistic, it does support the idea of the nrPUF as a low-power system element. It
is worth noting here that ReRAM arrays consume almost zero power while on standby.
Data retention at this range of READ voltages has also been guaranteed for years at 85 ◦C.
In contrast to the start-up issues experienced with volatile SRAM-PUFs [193] solutions,
we believe that the nrPUF should provide a more reliable power-up phase thanks to their
non-volatility and long data retention.
According to experimental observations using the fastest pulse measurements available
on the Keithley 4225-PMU (200 MSPS), the performance of the peripheral circuitry would
dominate the nrPUF throughput, which can be designed to have a range of operational
speeds including slow readouts as suggested in Ref. [45] ensure the security of the SHIC
PUF primitive.
101
Table 3.1: Comparison of ReRAM CBA-based PUFs.
PUF type Nano-PPUF M-PUF Memr-PUF mrSPUF CPR-PUF spPUF nrPUF
Reference [134] [25] [147] [23, 194] [30] [31] This work
Crossbar 4×4 8 bits 1 MB cells 128×128 1024×1024 256×256 2×128×128
Minimum cell size 6F2 – 4F2 4F2 4F2 4F2 2×4F2
Memory state LRS/HRS LRS/HRS – LRS HRS LRS/HRS HRS
Uniqueness (%) 49 49.85
∼48/50/55
50.07 ∼49.95 46.20 49.85
(BC/Typ/WC)
Reliability (%) – – – 92.5 (WC) ∼98 83.30 (WC) 98.67
Diffuseness (%) 49 – – 49.96 – – 49.86
Uniformity (%) – 49.99 – 50.76 – ? 47.28
Bit-aliasing (%) – 49.99 – 49.99 – ? 47.48
CRP calculation – – – N×(
M
i )×(M−ii )
2
‡ (N
2
)× (M2) ( NM/2) (N5)× (M2)× log2 (M2)
Total CRPs† – – – ∼ 3.7×1018 ∼ 106 ∼ 2.3×1037 ∼ 2.7×1013
F: ReRAM feature size, Typ: Typical-case, BC: Best-case, WC: Worst-case.
– This indicates it is not mentioned.
? This was mentioned but no specific distribution quantity was given.
† This is calculated for M×N CBA(s) of M=N=128.
‡ This uses i=5.
102
3.4 Discussion
In this section, the structure, performance and NCRP of the proposed nrPUF are compared
against different alternative ReRAM based PUFs. The design advantages of nrPUF such
as hidden challenge and dummy cells are also explained in detail. Potential drawbacks of
the proposed PUF are also briefly discussed.
3.4.1 Comparison
nrPUF is compared against evaluation data from different ReRAM based PUFs: Nano-
PUF [134], M-PUF [25], Memr-PUF [147], mrSPUF [23, 194], CPR-PUF [30] and spPUF
[31]. Note that PUF metrics results are the measures under typical environmental condi-
tions unless otherwise mentioned. In Table 3.1, the proposed nrPUF could potentially
achieve the ideal reliability of 100% while uniqueness, diffuseness, uniformity, and bit-
aliasing are close to the ideal of 50%. It can be observed that both uniformity and bit-
aliasing are slightly lower than 50% in the nrPUF, which can be attributed to the mSAL
error margin when it is generating the biased bit. Under normal conditions, the diffuseness
of the nrPUF and CRP-PUF are also similar and close to the ideal. Similarly, the unique-
ness of all the PUF circuits examined here are near to the ideal 50%. On the other hand,
the reliability of nrPUF can be seen to be slightly better than other PUFs.
As the table suggests, the proposed nrPUF could achieve performance metrics even
closer to the ideal, given all cited works have used a similar mix of experimental and
simulation analysis. Also, the works against which we are comparing have adopted a
random subset of memory cells and compare the total current passing through them in an
analogue fashion [30, 126]. Using this method, a PUF with M×N crossbar size obtains
at least N times as many challenges as an RO-PUF with M RO stages [126]. However,
introducing nonlinear structure using concatenated layers could require more sophisticated
designs of peripheral circuitry. More importantly, the reliability of the PUF needs to be
103
carefully studied as the increased reading phases may rise the sensing errors.
3.4.2 Attacks
Given our focus on realizing a secure nano-scale PUF primitive implementation, we first
explore the possibility of mounting an invasive attack to create a successful clone of a
nrPUF. An invasive attack using direct probing of the nrPUFs may allow a skilful and
highly resourced adversary to estimate the resistance of each ReRAM cell and thereby
create a software or hardware clone. However, these invasive attempts are more likely
to damage the nrPUF structure permanently given the level of skill and tools required to
probe nanodevices. In turn, damage to the nrPUF would change its challenge-response
behaviour [195]. Further, semi-invasive photon emission analysis on nrPUF would not
work because ReRAMs do not emit photons [196].
Given the potentially large number of CRPs possible with the nrPUF, the proposed
PUF primitive may be used in lightweight authentication mechanisms or more advanced
cryptographic protocols, for example in multi-party key exchange requiring the exposure
of the PUF interface. Where a PUF interface is directly exposed to an adversary, linear
additive delay PUFs such as Arb-PUFs are capable of yielding massive numbers of CRPs
and have been shown to be vulnerable to model building attacks [69, 197] by passive ad-
versaries capable of eavesdropping on the CRPs or being able to submit a chosen number
of challenges and extract corresponding responses. This type of attack, using the rela-
tionship between challenge and response pairs to construct a software model of a PUF,
remains the most likely attack against PUF types with an exposed PUF readout interface.
In the design of the nrPUF, we have deliberately used a nonlinear structure to reduce
the direct relationship between the CRPs (see Figure 3.4 (b)) where the output from CBA
A is hidden and integrated to generate the response from CBA B. Furthermore, it is known
that a large NCRP are required to build an accurate mathematical model of a PUF where
the success of the model is determined by its ability to achieve similar reliability to the
104
PUF under attack. Therefore, simply limiting the rate at which CRPs can be interrogated
from a PUF, as proposed in [45] for a simple CBA with diode like devices at cross-points,
can make model-building attacks less effective.
The proposed nrPUF demonstrates high reliability and the capability to lower through-
put by employing the techniques discussed in [45], as well as, by adjusting sense amplifier
capacitance at the output of each crossbar to increase the overall capacitance. Hence, CRP
throttling can be used to make the nrPUF less vulnerable to machine learning attacks.
Power analysis attacks
One of the more effective security threats targeting the implementation of cryptographic
algorithms is side-channel attacks. The power analysis has been effectively used against
different cryptosystem implementation such as smart-card microprocessors [198, 199].
Differential power analysis (DPA) goal is to extract correlations between data and supply
power fluctuations. Other power analysis techniques include correlation power analysis
based on the HD model and partitioning power analysis [198, 200–203].
Power analysis attacks, in general, could be evaluated by SNR between the single-bit
unit power consumption and the standard deviation of power leakage [203]. We analyzed
the power consumption of our nrPUF resulting from the generation of 2,000 output bits.
An input challenge dependent selection of five columns with 20 ReRAMs identifies the
output bit, while also, one or more ReRAM are randomly selected at the same time in
order to achieve confusion.
The use of dummy cells alongside the differential readout scheme (see Figure 3.4 (b)),
provides the potential for significant reduction in the chance of a successful power moni-
toring side-channel attack. The insertion of dummy operations in software and hardware
to mask activities during timing or power analysis attacks has been a well-known tech-
nique in hardware security and software cryptography. For instance, [204] reports multi-
ple examples of using dummy structures, such as dummy buffers or dummy loops, as part
105
1 4 7 10
18
14
10
6
Data points
Linear fit
SN
R 
(d
B)
Number of dummy cells
Figure 3.10: Role of dummy ReRAMs in lowering signal-to-noise ratio (SNR) of the
power signal.
of advanced encryption standard (AES) software and hardware implementation to thwart
attackers.
Note that each CBA of nrPUF utilizes M×N (M = N = 128) ReRAMs. Figure 3.10
illustrates our SNR analysis result as a function of the number of dummy devices involved
in confusing the power signal. As expected, the more the number of dummy devices, the
lower the SNR becomes, and therefore it is possible to adjust performance for different
applications according to their sensitivity.
3.5 Conclusion
In summary, we present a novel nrPUF based on measured data collected from a range
of ReRAM devices on one or multiple dies, fabricated under identical conditions. The
nrPUF utilises a relatively simple ReRAM crossbar structure, minimising design phase to
nano-fabrication masks design compare to the complex CMOS layout design process. To
improve unpredictability, the nrPUF utilises two crossbars with a hidden challenge passing
from the first part to the second. We demonstrated that such a feature could improve
avalanche behaviour and uniformity while maintaining other performance metrics close to
106
ideal.
A uniformity of 47.28%, bit-aliasing of 47.48%, diffuseness of 49.86% and uniqueness
of 49.85% have been measured in our devices. The PUF’s multiple column selection
flexibilities also offered the reliability of 98.67% under extremes of the process, voltage,
temperature and sensing margin fluctuations.
Additionally, we have employed a set of dummy ReRAMs to reduce nrPUF’s supply
power SNR, although our readout circuitry exhibited no meaningful relationship between
power consumption and output bit generation of either ‘0’ or ‘1’. ReRAM devices in
the nrPUF are programmed in their HRS to (1) take advantage of highly spatially driven
variations in HRS and (2) reduce power consumption. The crossbar array aspects such as
resistance-pattern dependent sneak current paths (parasitic current via neighbouring cells)
are also intrinsically contributing to nrPUF performance, but their specific role in nrPUF
operation is currently under investigation.
107
Chapter - 4
Analogue State and Nonlinear
ReRAM-Based PUF
4.1 Analogue State and Nonlinear Conductance Varia-
tions in Integrated Memristors-Based PUF
The continuing advance of information technology has stimulated an unprecedented ex-
pansion of interconnected networks and devices. The significant volume of personal and
sensitive information continuously carried over shared, and remotely accessible networks
pose significant security challenges [10, 205, 206], which conventional cryptographic ap-
proaches struggle to adequately address. Conventional cryptographic approaches typically
rely on “secret keys” stored in nonvolatile memories for data encryption and access au-
thentication, and these are vulnerable to physical and side-channelling attacks, including
direct probing and power analysis [207]. As a result, security approaches based on phys-
ical hardware roots of trust have recently attracted significant attention. Analogous, to a
degree, to biometric identifiers, such as retinal and fingerprint imprints, hardware roots
108
of trust are physically embedded with their cryptographic processes through unique, in-
dividual structural properties that are virtually unpredictable and practically inimitable
[22, 76, 206, 208, 209]. The cryptographic data should be immediately and reliably avail-
able upon interrogation and effectively impossible to learn or extrapolate even when chal-
lenged by aggressive model-building and machine learning attacks [76].
PUFs are a class of hardware security primitives that draw their cryptographic “keys”
from fabrication process variations [43, 70, 210–212]. Among the wide variety of pro-
posed PUF implementations utilizing (within-die) spatial variations in electronic devices
[10, 12, 38, 53, 66, 68, 190, 213–215], those based on crossbar architectures with in-
tegrated ReRAM are particularly promising. This is due to their simple and relatively
low-cost fabrication process, small footprint, complimentary metal-oxide-semiconductor
(CMOS) circuit integration compatibility [29, 148, 178, 216], and process-induced varia-
tions in I–V characteristics pertinent to the mixed electronic-ionic transport and memory
mechanism [23, 31, 134, 153, 178, 216, 217].
The most accessible manifestation of process-induced compositional and structural
variations in ReRAM arrays is the spatial (that is, device-to-device) variations of the ef-
fective switching thresholds. One example is the voltage at which device conductance is
abruptly changed upon application of a ramping bias. A related example is spatial vari-
ations in the ON and OFF state conductances in the array upon application of a large
voltage or current bias [23, 134, 153]. The physical source of these variations is arguably
the stochastic nature of ionic switching arising from compositional inhomogeneity of the
switching medium, as well as variations in individual device profiles such as electrode
imperfections and random variations in surface roughness [178, 216, 218].
These “entropy” sources were typically the foundation for previously proposed mem-
ristive device-based PUFs. Many of these proposed PUFs require a relatively large number
of devices in the crossbar array [23, 45, 153, 208] and extensive peripheral programming
and control circuitry [23] to achieve viable operational metrics. Furthermore, a digital
109
mode of operation with devices switched to the extreme ON and OFF states is typically
utilised, hence ignoring one of the main advantages of memristive devices: their nonlin-
ear adjustable I–V s. Indeed, because the device nonlinearity is strongly dependent on the
memory state and is correlated with process variations, it can serve as a prominent source
of the entropy in memristive arrays [8]. On the other hand, in the digital approach, the
crossbar array is effectively reduced to a linear resistive network, which greatly simplifies
input-output mapping. The PUF operation in some of the prior proposals also relies on
the write operation [27, 142], which may not be practical, especially for key generation
applications, considering the write endurance limitations of the memristive devices.
In this work, we first propose a robust hardware-intrinsic security primitive that takes
advantage of variations in the nonlinear I–V characteristics of ReRAMs; the principal nov-
elty of this approach is the analogue tuning of the ReRAMs’ conductances to maximize
the functional performance of the PUF. We then experimentally demonstrate a fully func-
tional implementation of the security primitives based on integrated memristive circuits.
This, we believe, is an essential step in the development of a practical PUF network based
on the unique features of memristive arrays, and notably extends beyond previous demon-
strations, which typically relied on post-processing data measured on individual devices
and/or using a very small portion of the challenge-response space [23, 31, 45, 134, 148].
4.1.1 Hardware-Intrinsic Security Primitive
The basic building block for our security hardware is implemented with a two-level stack
of monolithically integrated 10× 10 memristive arrays (Figure 4.1 (a), (b)). The fully
passive Al2O3/TiO2−x memristor crossbars, which have an active device area of ∼ 350×
350 nm2, were fabricated using in situ low-temperature reactive sputtering depositions,
ion milling, and a precise planarization step. The middle electrodes are shared between
the bottom and top layers (Figure 4.2). The fabrication flow ensures a high device yield
(> 95%) and low < 175 ◦C temperature budget, compatible with CMOS back-end-of-line
110
Figure 4.1: 3D ReRAM crossbar array. (a) Cartoon of the fabricated circuit. (b) I–V
curves for all 2× 10× 10 devices; two representative curves are highlighted for com-
parison. (c) Tuning of the top and bottom devices to 16 different conductive states that
are equally spaced from 2 µS to 32 µS. (d) Nonlinearity factor calculated as a ratio of
|1−G0/G(VB)| for all 200 devices, which were tuned to G0 = 4.5± ∼ 1µS at 200 mV.
For convenience, the curves are coloured according to the observed nonlinearity at the
highest voltage bias.
integration. The fabrication steps are similar to those described in our earlier report [219].
The ON/OFF ratio of currents for the devices in the top and bottom layers is at least two
orders of magnitude, on average, when measured at 0.3 V (Figure 4.2 (c)). The variations
111
 a
b c
bottom device 
active layer
5 nm
15 nm
1.5 nm
1.5 nm
25 nmPt
TiN 5 nm
25 nmPt
15 nm
TiN 5 nm
Pt
Al2O3
TiO2-x
Al2O3
TiO2-x
TiO2
1.5 nmAl2O3
25 nm
middle 
electrode
top electrode
bottom 
electrode
top device 
active layer
SiO2
Top
Bottom
0 10 20 30
Count
104
105
106
107
R
es
is
ta
nc
e 
(Ω
)
ON
OFF
40
2 µm
100 nm
Figure 4.2: (a) Top-view SEM image of the 3D ReRAM crossbar and (b) its device stack
material layers and thicknesses. (c) Cumulative histogram for the top (blue) and bottom
(red) devices’ ON and OFF state resistances measured at 0.3 V.
in effective voltage switching thresholds are sufficiently low to permit precise tuning of
the devices within the array (Figure 4.1 (c)), while still substantial enough to be utilised in
the considered application (see below). The device I–V is nonlinear, especially at higher
resistance states (Figure 4.1 (d)).
112
Figure 4.3: Memristor-based basic building block for cryptographic hardware. One-bit
output is generated by applying a voltage bias to m rows (of M total) and then comparing
the total currents running into the two selected groups comprised of n columns (of N
total). In the simplest implementation, the unselected rows and columns in the array are
kept floating.
Figure 4.3 shows how such an effective M×N = 20×10 crossbar circuit with cross-
point device conductances Gi j is utilized to implement basic cryptographic functionality.
Similar to previous proposals [8, 27] a single-bit binary output b is calculated by biasing
m selected rows with voltage VB and then comparing the currents running into two groups
of n/2 selected virtually grounded columns. For simplicity, let us assume that one group
always comprises the leftmost columns and the other the rightmost so that
b =

1, I+ > I−
0, I+ ≤ I−
I± =VB ∑
j∈S±C
∑
i∈SR
Gi j(VB), (4.1)
where SR is a set of indexes of the selected rows, S+C and S
−
C are sets of indexes of the
selected columns in the left and right groups, respectively, and I+ and I are their respective
currents. The remaining (unselected) rows and columns in the array are kept floating. With
113
such a scheme, the maximum number of distinct selections is
GMAX =
(
M
m
)
×
(
N
n
)
. (4.2)
Note that this number can be further substantially increased by considering more complex
peripheral circuitry, e.g., by factor
( n
n/2
)
by taking into account order permutations in the
columns, and, as we show later, by a factor NB, the number of different bias voltages
utilized in one selection.
The exemplary PUF network based on the discussed circuit is implemented by tun-
ing the conductances of the crosspoint devices to specific pre-calculated values using the
write-verify algorithm [220]. The goal of the tuning procedure is to enhance the contri-
bution of the devices’ I–V variations to the response of the network while at the same
time improving its reliability and randomness. This is achieved by selecting a specific
distribution of device conductances and having a proper balance between two types of
currents measured at the output - currents via selected devices and sneak path currents
passing through the floating portion of the array. In particular, the target conductances for
a particular PUF instance are found by randomly generating C exclusive selections (i.e.,
C different SR, S+C , and S
−
C sets) and their corresponding desired values for the outputs I
+
and I and then minimizing the function
C
∑
k=1
[(
VB ∑
j∈(S+C )k
∑
i∈(SR)k
Gi j− I+k
)2
+
(
VB ∑
j∈(S−C )k
∑
i∈(SR)k
Gi j− I−k
)2]
(4.3)
with a natural constraint that all conductances are nonnegative values. Importantly, I+
and I are Gaussian distributed, and the absolute difference |I+ − I | for each selection
is forced to be larger than a certain value. The described procedure for configuring the
crossbar circuit results in a narrow distribution of device conductances in which the PUF
uniformity (UF) and diffuseness (DF) are improved by eliminating biases in the output
currents. At the same time, the reliability (BER) of the PUF, in particular its tolerance to
114
the memristors’ current fluctuations due to intrinsic noise and potential drift of conductive
states [153], is strengthened by enforcing the current readout margins. Furthermore, the
PUF uniqueness (UQ) is facilitated by the random nature of the algorithm used to select
the conductance distribution.
Different target weight distributions can be precomputed beforehand for a specific
memristor technology. Precise tuning of the weights is not required; therefore, implemen-
tation of specific unique PUF instances using the proposed algorithm can be relatively fast
and incur minimal circuit overhead. Moreover, the same hardware can be programmed to
implement different PUF instances, which is another unique feature of our approach. A
somewhat faster implementation of different unique PUF instances is achieved by using
the “rattling” strategy, which we also consider in this paper. In this case, the initial (e.g.,
tuned) distribution of the weights is changed (rattled) by applying short voltage pulses of
random amplitude and polarity.
4.1.2 PUF Demo and Characterization of its Security Metrics
Figure 4.4 (a)-(c) shows the results of tuning the memristors’ conductance to the values
determined by the algorithm. As expected, the target and the tuned conductance distri-
butions were Gaussian-shaped (Figures 4.4 (b) and 4.5 (a)), even when using the rattling
scheme (Figure 4.5 (c)), with fairly uniform averages along the rows and columns of the
crossbar array (Figure 4.6 (a)).
The security metrics for the PUF are experimentally characterised using a selection
scheme with m = 5 rows and n = 2 columns and three different voltages VB: 200 mV,
400 mV, and 600 mV. (According to Equation 4.2, for this case CMAX = 697,000 for
each voltage bias.) Specifically, we evaluate PUF metrics by generating response data for
384,000 exclusive random selections, i.e., slightly more than half of the total available, at
each voltage bias and grouping the single-bit outputs in 64-bit response packets so that
there is a total of 6,000 64-bit outputs for each voltage bias generated. (In the considered
115
Figure 4.4: Experimental results for tuning and security performance. (a) Conductance
map (G0). (b) Corresponding histogram. (c) Nonlinearity factor for two values of VB for
all 200 devices after tuning. In panel b, the dashed line is a guide showing a Gaussian
distribution. (d) Uniformity and (e) diffuseness and bit error rate calculated. The bit-error
rates are calculated by monitoring 16,000 representative challenge-response pairs over a
30-day window in 10-day intervals. To account for aging and environmental factors, the
voltage bias at each measurement was randomly selected from the range [0.8, 1.2]×VB,
which is representative of up to 20% noise on the power supply. The inset shows the bit
error rate relative to room temperature for 4,800 challenge-response pairs at 90 ◦C at three
different biases. The bars show the 5-95 percentile. The temperature was slowly ramped
up to the target value and was kept constant for 30 minutes before the measurement was
performed throughout 3 hours. (f) Contour map of the uniqueness between the responses
generated using the same challenges at different voltage biases.
implementation, the diffuseness is naturally improved by grouping more bits together.)
Figure 4.4 (d), (e) shows UF, DF, and BER for the collected data. In particular, the data
show that increasing the voltage bias from 200 mV to 600 mV improves UF from already
116
aC
ou
nt
 (×
10
3 )
0.2
0.4
0.6
b
c
Fractional Hamming Distance (%)
C
ou
nt
 (×
10
3 )
0.2
0.6
1.0
d
tnuo
C
10
20
30
40
50
2 3 4 5 6
Conductance @ 0.3 V (μS)
Initial 
Fractional Hamming Distance (%)
2 3 4 5 6
Conductance @ 0.3 V (μS)
tnuo
C
10
20
30
40
50
0.2 V
0.4 V
0.6 V
40 50 60
0.2 V
0.4 V
0.6 V
0.0
20 30 40 50 60100
20 30 40 50 60100
0.00
0
Figure 4.5: Experimental results for the PUF uniqueness. (a) Conductance distributions
after tuning for 5 different PUF instances and (b) the corresponding uniqueness. The
measured average and standard deviation are 49.95±2.65%, 49.94±1.75%, and 49.96±
0.9% for VB = 200 mV, 400 mV, and 600 mV voltage biases, respectively. The inset
shows a zoom-in view of the data. (c) The conductance distributions after rattling for 10
different PUF instances and (d) their corresponding uniqueness. The measured average
and standard deviation are 24.8±6.3%, 38.2±3.3%, and 50.07±2.1% for VB = 200 mV,
400 mV, and 600 mV voltage biases, respectively.
decent 49.5± 6.25% to nearly ideal 50.1± 6.26%; another PUF randomness metric, DF,
is also close to ideal, being ∼ 50±6.25% for all cases. The better PUF metrics at higher
voltages are attributed to the stronger nonlinearity in the device I–V s. In order to accel-
erate testing, the reliability of the network (i.e., its BER) was measured using the worst
case 16,000 challenges (out of 384,000) that resulted in the smallest current differential
117
H. Nili et al., “Programmable Hardware Security Primitives Enabled by Memristors” 
 
Page 5 of 15 
 
lower than that reported for DF(Bi, Bj). Similarly, the average and standard deviation for < UF(Bi)> 
defined by Eq. S3b are 0.5 and  ඥ0.5/(𝐾𝑃(𝑃 − 1)), respectively.  
4. Supplementary results for PUF characterization 
Figure S3a-c shows additional results for the tuning experiment shown in Fig. 3 of the main 
text. For example, Figure S3c clearly shows that both the median and the standard deviation of the 
nonlinearity of individual devices increase with increasing bias. Figure S3d shows the distribution 
of Hamming distances (i.e., the uniqueness) between responses to the same challenges without 
retuning the weights; the responses were measured at 200 mV and at the specified voltage bias. 
This figure highlights the value of nonlinearity as an additional source of entropy in the PUF 
design. (Note that the results shown in Figure S3d are essentially more detailed statistics calculated 
according to Eq. S3b, though for only a few pairs of voltages, compared to the results shown in 
Figure 3f of the main text, which represent only the averages of the HD distributions calculated 
using Eq. S3c.) To evaluate the stability of the conductance distribution, the device conductances 
were re-measured in a bit-error-rate experiment after a 30-day period of thermal stress at 90 ᴼC.  
 
 Supplementary Figure 3. (a) The average conductances (measured at 300 mV) for the devices in a specific 
row and column after the tuning procedure. (b) Figure 3c data (nonlinearity factor) shown as a linear plot. 
(c) Box plots of devices’ nonlinearity for all 200 memristors in the crossbar. Here, boxes show the 25-75 
percentile area, while the bars signify the 10-90 percentile range.  (d) Distributions of intra-bias responses’ 
uniqueness (UQ) between responses to the same challenges without re-tuning of the weights, measured at 
200 mV and the specified voltage bias. 
 
Figure 4.6: (a) The average conductances (measured at 300 mV) for the devices in a
specific row and column after the tuning procedure. (b) Figure 4.4c data (nonlinearity
factor) shown as a linear plot. (c) Box plots of devices’ nonlinearity for all 200 memristors
in the crossbar. Here, boxes show the 25-75 percentile area, while the bars signify the 10-
90 percentile range. (d) Distributions of intra-bias responses’ uniqueness (UQ) b tween
responses to the same challenges without re-tuning of the weights, measured at 200 mV
and the specified voltage bias.
readout margins. The results show that BER improves substantially at higher biases, from
3.9±1.8% at VB = 200 mV to 1.22±1.0% for VB = 600 mV; this is partially attributed to
the improved readout margins. The improvement in BER is even more significant, from
16.36±3.1% at 200 mV to 5.93±2.59% at 600 mV, for PUF operation under an elevated
ambient temperature of 90 ◦C (inset in Figure 4.4 (e)). The latter BER value is compa-
rable to that of simulated BER for conventional PUF implementation [146] despite being
measured for the worst-case challenges.
118
The PUF uniqueness was evaluated by implementing different instances on the same
crossbar circuit. First, we measured the uniqueness between pairs of PUF instances that
were implemented by varying applied voltages VB without re-tuning the device conduc-
tances (Figure 4.4 (f)). Not surprisingly, the maximum UQ of 44.8±6.9% is achieved be-
tween the PUFs with the smallest applied voltage (200 mV) and the largest one (600 mV).
This is quite natural because variations in nonlinear I–V s, which are more prominent at
higher biases, result in non-monotonic redistribution of sneak path currents (Figures 4.4
(c) and 4.6 (b)). Such a feature is useful against power side channel attacks and sug-
gests the possibility of using voltage bias as one of the independent inputs of the selection
scheme.
In a more general study, we characterised the uniqueness between PUF instances with
differently programmed crossbar devices by applying 32,000 independent random input
challenges. Figure 4.5 (a), (b) shows the results for five different PUF instances, each with
a unique tuned conductance distribution according to the described algorithm. The UQ
was close to the ideal 50% mean for all studied cases (Figure 4.5 (b)), with the smallest
variance, 1.9%, at the largest bias voltage of 600 mV. In another experiment, we charac-
terised ten different PUF instances obtained by the “rattling” strategy, which was applied
over the initially tuned distribution (Figure 4.5 (c)). In particular, in each case, the con-
ductance for each device in the crossbar was rattled by a single 10-µs reset pulse whose
amplitude was randomly assigned a value between 0.9 V and 1.6 V, voltages that roughly
correspond to 40% and 70%, respectively, of the average reset switching threshold for the
studied crossbars. (Such conservative pulse amplitudes were chosen to avoid excessive
stress, which may lead to permanent failure of the devices.) Once again, the UQ signifi-
cantly improved when higher voltages were applied - from 24.8±6.3% for 200 mV to near
ideal 50.07±2.1% for 600 mV (Figure 4.5 (d)). The robustness of the rattling strategy is
further highlighted in the implementation of larger two-layer PUF architectures in which
the basic building blocks of the network were realised using multiple rattled configurations
119
Figure 4.7: Comparison between the original and improved BER results for the worst-case
16 kb data (Figure 4.4 (e)) using simple temporal and spatial majority voting techniques.
of the same array distribution on the same crossbar circuit.
4.1.3 Performance, Robustness, and Potentials for Improvement
The demonstrated functionality of the model device is a proof of concept for the excit-
ing potential of memristors in cryptography. In particular, the experimentally measured
data for UF, DF, and UQ are very close to the ideal values, which correspond to random
binary vectors. Although the BER is not negligible, we believe that there are many re-
serves for its improvement, e.g., increasing the size of the crossbar, averaging over several
measurements (Figure 4.7), using more sophisticated mapping to avoid defective (e.g.,
noisy) memristors, and using error-correcting codes. Furthermore, our preliminary results
regarding the robustness of the demonstrated hardware against modeling attacks are also
very encouraging. The output data appear to be very weakly correlated (Figure 4.8), and
this is further supported by the successful passing of the NIST randomness test suite. The
results of our initial attempt at predicting challenge-to-response function using machine
learning techniques, which are becoming mainstream tools for attacking security primi-
tives [146, 208, 221], also show robust resilience to modeling attacks. Finally, although we
have not measured speed and power consumption directly, in part due to the limitations of
120
H. Nili et al., “Programmable Hardware Security Primitives Enabled by Memristors” 
Page 10 of 15
Supplementary Figure 6. The distribution of response uniformity when a specific bit of the challenge is
fixed to a value of either “1” (selected) or “0” (unselected) for two sets of measured data (at 0.2 V voltage
bias), corresponding to (a) near-optimal and (b) suboptimal PUF instances. For example, the first black/red
column shows the fraction of the total number of “1” responses with respect to the total number of responses
for all measured challenges in which the first bit is set to “0”/ “1”. 
B. Output randomness 
We further evaluated the randomness of the near-optimal PUF using an NIST statistical
test suite6 and a long short-term memory (LSTM) neural network model.7 In particular, for the 
first test, the output bits were partitioned into 7000-bit sequences and used to run 15 different NIST 
benchmarks, each of which was repeated 50 times. (“Universal”, “Random excursions”, and
“Random excursions variant” tests were excluded due to insufficient data.) The results, which are 
shown in Table S1, confirm that the generated responses successfully pass NIST randomness tests, 
i.e., that the probability value (P-value) exceeds 0.01 and that the uniformity is greater than 
0.0001.6 
Figure 4.8: The distribution of response uniformity when a specific bit of the challenge
is fixed to a value of either “1” (selected) or “0” (unselected) for two sets of measured
data (at 0.2 V voltage bias), corresponding to (a) near-optimal and (b) suboptimal PUF
instances. For example, the first black/red column shows the fraction of the total number
of “1” responses with respect to the total number of responses for all measured challenges
in which the fir t bit is set to “0”/“1”.
the experimental setup, crude estimates show that these metrics can be significantly better
for the proposed hardware than those of state-of-the-art implementations based on CMOS
circuits at similar feature sizes (Table 4.1).
121
Table 4.1: Comparison of reported PUF primitives based on different technologies.
Reference [43] [43] [43] [222] [123] [131] [223]
Core
technology
65 nm COMS
SRAM CMOS arbiter
65 nm CMOS
ring oscillator
22 nm tri-gate
CMOS STT-MRAM MTJ 90nm NMOS
Randomness
source Geometry Geometry Geometry Geometry Geometry Geometry Geometry
Type of work EXP EXP EXP EXP SIM EXP SIM
Demo
complexity
4×64 kb
SRAM array
256×64 bit
arbiter PUF
4096 ring oscillator
+16×32-bit counter 250 kbit – 10×20 array –
Cell size/area 306F
2 /0.213
mm2
0.279 mm2
39000F2
/0.241 mm2
– 6.79 µm
2 for
64 bits
6.74 µm2 for
64 bits
–
Programmability No No No No No No No
Uniqueness (%) 49.72±0.3 47.13±0.44 49.60±1.11 – 50±0.1 47 –
Reliability (%) 94.53±0.14 96.96±0.08 98.47±0.39 91.2 (worst case) ∼100 97.75 in 800 runs 95
Uniformity (%) – – – – – – –
Diffuseness (%) – – – – – – –
NIST test
(or entropy)
Not reported
(0.942)
Not reported
(0.896)
Not reported
(0.946)
Not reported
(Full entropy)
Not reported
(0.985)
Not reported
(0.9997) Not reported
Readout speed – – – – >10 ns 5 ns 250 ps
Energy 1.1 pJ/bit – 474.8 fJ/bit 192 fJ/bit – 4 mW at 1 V 37.5 fJ/bit
Environmental
factors
TR: -40–85 ◦C,
VR: 0.6–1 V
TR: -40–85 ◦C,
VR: ±10%
TR: -40–85 ◦C,
VR: 0.4–0.5 V –
TR: 70–125 ◦C,
VR: ±10% TR: 25–75
◦C TR: 55–125
◦C,
VR: ±20%
SIM: Simulation only, S&E: Simulation based on measured device data, EXP: Experiment, VR: Voltage range, TR: Temperature range.
? Estimates assuming 55 nm process and 100×100 array with 10 output bits generated in parallel.
122
Reference [21] [208] [30] [22] [8] [142, 143, 146] [141] This work
Core
technology CNT ReRAM ReRAM CNT ReRAM ReRAM
ReRAM
(ZnONW) ReRAM
Randomness
source Geometry
RON/ROFF
variations
ROFF
variations
Geometry and
placement
ROFF
variations
Write-time
variations
Write-time
variations
I−V
nonlinearity
variations
Type of work S&E SIM S&E EXP S&E SIM EXP/SIM EXP
Demo
complexity – – –
5×5 CNT
array –
64×8 array
(largest case)
6 single
devices/8×8
array for SIM
2×10×10 3D
integrated
arrays
Cell size /area 14nm channellength – F=200 nm
Trench width
∼30–70 nm F=50 µm –
2.15 µm
×570 nm (L,D) F=350 nm
Programmability No No No No No No No Yes
Uniqueness (%) 49.67 47 49.95 50±0.39 49.85 50 – 50
Reliability (%) 96.5 90 ∼98 ∼97 98.67 95.1(best case) –
∼97–98.9
(worst case)
Uniformity (%) 49.67 47 – – 47.28 50 50 59.5–50
Diffuseness (%) – – – 50 (for binarykeys 49.86 – – ∼50
NIST test
(or entropy) Not reported Not reported Not reported Passed Not reported
Not reported
(0.996
best case)
Not reported Passed
Readout speed 43 ps – – – – – – 5 ns?
Energy 0.67 fJ/bit(90nm node) – – – – 0.26–2.22 mW – 20 fJ/bit
?
Environmental
factors
TR: 20–85 ◦C,
VR: ±22.5%,
7.5% channel
length variation
– TR: 25–75 ◦C TR: 25–85 ◦C
TR: 0–175 ◦C,
VR: ±10%, +20
nA undetectable
range, 90% yield
– – TR: 25–90
◦C,
VR: ±20%
SIM: Simulation only, S&E: Simulation based on measured device data, EXP: Experiment, VR: Voltage range, TR: Temperature range.
? Estimates assuming 55 nm process and 100×100 array with 10 output bits generated in parallel.
123
One drawback of the demonstrated circuit is the small total number of challenge-
response pairs (CMAX). This problem can be readily corrected by increasing the effective
crossbar circuit dimensions. For example, scaling up the crossbar to M = N = 100 should
be relatively straightforward for the considered PUF circuits [224, 225] given that the re-
quirements for the memristors, especially the requirement for device-to-device variation,
are more relaxed than those for digital or analogue computing applications. (Note that
the three-dimensional structure of the crossbar is not essential but is beneficial for PUF
robustness because of the smaller voltage drops on the crossbar lines.) For such a larger
crossbar circuit, CMAX > 1040, e.g., when using m = 20 and n = 20. Furthermore, to in-
crease throughput, multiple bits can be generated simultaneously using the single block
by performing several comparisons in parallel.
A more complex approach that might further improve the robustness of PUF primitives
against model-building attacks is the implementation of multi-layer PUF networks [226].
For example, Figure 4.9 (a) shows a two-layer implementation [8] in which the first layer,
comprising several basic blocks, generates a hidden challenge (a bit vector), which is then
applied to the second layer of the network. With NL1 primitives in the first layer and
with each block biased with unique voltage (out of NB total), the total number of unique
selections increases exponentially with NL1 and according to Equation 4.2 is larger than
1050 even for the considered M = 20, N = 10, and practical m = 10, n = 4, NB = 8,
and NL1 = 6. As discussed earlier, the outputs from different selections can be grouped to
make the hidden challenge sufficiently long to feed multiple blocks in the next layer and to
produce practically large PUF output. The length of the output vector in a basic primitive
can be further increased by considering multiple column selections for the same set of
selected rows and/or by generating multiple bits based on the applied voltage biases. Our
initial experimental results for the 2-layer architecture, which has so far been implemented
using the inferior rattling reconfiguration strategy, show no obvious obstacles towards
building practically useful multi-layer PUF networks (Figure 4.9).
124
 Hamming weight (%)
N
or
m
al
iz
ed
 c
ou
nt
 (%
)
10
20
output 
response
In
pu
t s
cr
am
bl
er
input 
challenge
Xbar
PUF
Xbar
PUF
Xbar
PUF
Fe
ed
 fo
rw
ar
d 
ch
al
le
ng
e
Xbar
PUF
row & 
column
selection
output per 
xbar
Xbar
PUF
Xbar
PUF
1st layer 
(NL1 blocks)
2nd layer 
(NL2 blocks)
output per 
xbar
O
ut
pu
t s
cr
am
bl
er
row & 
column
selection
a b
d
00 01 10 11
64
-
rotcev tne
mele
100 responses
N
or
m
al
iz
ed
 c
ou
nt
 (%
)
20
5
10
20 8040 60
UF = 49.9 ±  4.9 %
Hamming distance (%)
20 40 60 80
BER = 1.58 ±  2.2 %
DF = 50.1 ±  4.6 %10
10
20
20 40 60 80
20 40 60 80
Hamming distance (%)
UF = 50.0 ± 6.2 %  
DF = 49.95 ± 6.4 %
BER = 1.29 ±  1.6 %
Hamming weight (%)
0
0
0
0
0
0
0
0
00 01 10 11
64
-e
le
m
en
t v
ec
to
r
100 responses
c
Figure 4.9: More practical memristor PUF architectures. (a) Top-level architecture. In
the most general case, the inputs, feed-forward challenge, and outputs can be subject to
“scrambling”, i.e., certain nonlinear transfer functions, to improve the robustness and se-
curity of the PUF. (b) Measured security metrics for the PUF architecture with NL1 = 10,
NL2 = 1 and NB = 8 multi-bias selection scheme. (c-d) PUF (NL1 = 10, NL2 = 1) with qua-
ternary response. Panel (c) shows an example of one hundred 64-element-long quaternary
response keys; (d) shows the experimentally measured results.
Let us stress again that, unlike previous proposals, our approach takes advantage of
memristors’ I–V nonlinearity, its variations from device to device, and the ability to per-
form analogue tuning of memristors’ I–V s. The use of I–V nonlinearity naturally increases
the complexity of the hardware primitive, making modelling and replication of such a sys-
tem more challenging compared to purely linear systems. This conclusion is partially
125
supported by the results in Figure 4.10, which show higher robustness against modeling
attacks at larger voltage biases at which the nonlinearity is the strongest. Analogue tun-
ing is essential for reducing the correlations between different input-output responses and
optimising the readout margins to improve the bit error rate. In principle, a purely digi-
tal operation could also be utilised, i.e., only setting memristors to the extreme ON and
OFF states, although in this case, the response is likely to be dominated by a relatively
small number of highly conductive devices, which in turn would create unwanted correla-
tions. Finally, even if an adversary can fully characterise the I–V s of all devices, the PUF
functionality should be impossible to practically reproduce in hardware because of I–V
nonlinearity and its unique device-to-device variations. This fact is especially valuable for
authentication applications. With moderate scaling of the crossbar circuit to enable a large
total number of challenge-response pairs and given its very promising speed and power
efficiency, the proposed hardware should also be suitable for key generation.
4.1.4 Concluding Highlights
We have reported the design of a basic building block for hardware-intrinsic security prim-
itives based on two-level stacks of monolithically integrated 10× 10 ReRAM arrays and
successfully verified its functionality by measuring key security metrics. The security
primitives exhibit near ideal diffuseness, uniformity, and uniqueness, as well as a low
bit error rate and robustness to machine learning attacks that is encouraging for a proto-
type. Uniquely, our PUFs make use of the nonlinearities and analogue tuning properties
of the integrated memristors. In addition to robust functional performance, the approach
offers some advantages over previous systems, including configurability, low cost due to
the high integration density of its passive memristive crossbar circuits, and suitability for
monolithic back-end-of-the-line integration with traditional CMOS circuits. The approach
also provides a high-speed and low-energy operation. As a result, such hardware should
be appropriate for both authentication and key generation applications.
126
H. Nili et al., “Programmable Hardware Security Primitives Enabled by Memristors” 
 
Page 11 of 15 
 
 
Supplementary Figure 7. Robustness to machine learning attacks for (a) near-optimal and (b) suboptimal 
PUF simulated utilizing a 30×250×250×1 multilayer perceptron classifier. The markers denote the average 
classification accuracy over 10 runs; the thickness of the lines for the test data specifies two standard 
deviations. All simulation results were obtained with the Matlab module “traingdx” using a hyperbolic tanh 
activation function in all layers with momentum and adaptive learning rate and the following parameters: 
0.01 learning rate, 1.05 / 0.85 ratio to increase/decrease learning rate, 0.9 momentum constant, 1e-10 
minimum performance gradient, 1e-20 performance goal, 2500 training epochs, 10% validation ratio, and 
10 maximum validation failures. For each training run, the network weights in all layers were randomly 
initialized to values between -1 and 1. 
Supplementary Table 1. Results of the NIST randomness test 
 200 mV 400 mV 600 mV 
Pass rate 
(%) 
Uniformity 
of P-value 
Pass rate 
(%) 
Uniformity 
of P-value 
Pass rate 
(%) 
Uniformity 
of P-value 
Frequency 96 0.935716 98 0.040108 98 0.040108 
Block frequency 100 0.350485 96 0.011791 96 0.011791 
Runs 100 0.971699 100 0.816537 100 0.816537 
Longest run 100 0.779188 100 0.350485 100 0.350485 
FFT 98 0.350485 100 0.851383 98 0.851383 
Non-overlapping 
template 97.30 
All ≥ 
0.0001 95.95 
All ≥ 
0.0001 100 
All ≥ 
0.0001 
Overlapping 
template 98 0.616305 100 0.013569 96 0.013569 
Linear 
complexity 96 0.816537 96 0.534146 100 0.534146 
Serial 100 0.289667 98 0.851383 96 0.851383 
Serial 100 0.137282 100 0.616305 96 0.616305 
Approximate 
entropy 100 0.289667 98 0.699313 100 0.699313 
Cumulative sums 
- forward 96 0.494392 96 0.383827 100 0.383827 
Cumulative sums 
- backward 96 0.739918 98 0.534146 100 0.534146 
Figure 4.10: Robustness to machine learning attacks for (a) near-optimal and (b) subop-
timal PUF si ulated utilizing a 30×250×250×1 ulti-layer perceptron classifier. The
markers denote the average classification accuracy over ten runs; the thickness of the lines
for the test dat specifies tw standard deviations. All simulation results re obtained
with the Matlab module “traingdx” using a hyperbolic tanh activation function in all lay-
ers with momentum and adaptive learning rate and the following parameters: 0.01 learning
rate, 1.05 / 0.85 ratio to increase/decr ase learning rate, 0.9 momentum constant, 1e-10
minimum performance gradient, 1e-20 performance goal, 2500 training epochs, 10% val-
idati ratio, and 10 maximum validation failures. For each training run, the network
weights in all layers were randomly initialised to values between -1 and 1.
4.2 Predictive Analysis of 3D ReRAM-based PUF
In recent years, an explosion of the Internet of Things (IoT) devices and its use leads
threats to the privacy and security concerns of individual users and merchandises. As one
of the promising solutions, physically unclonable function (PUF) has been extensively
studied. This work investigates the quality of randomness in the first generation of 3D ana-
logue ReRAM PUF primitives using measured and gathered data from fabricated ReRAM
crossbars. This study is significant as the randomness quality of a PUF directly relates
to its resilience against various model-building attacks, including machine learning attack.
127
Experimental results verify near perfect (50%) predictability. It confirms the PUF’s poten-
tials for large-scale, yet small and power efficient, implementation of hardware intrinsic
security primitives.
4.2.1 Introduction
IoT products from wearable and implants to smart supply chain have brought paramount
benefits into near all aspects of our lives over the past few decades. Since the intercon-
nected objects may be remotely accessed from the Internet, the accelerated pace of IoT
adoption poses increased privacy and security concerns of individual users and merchan-
dises [8, 156, 157, 227]. As the typical IoT devices possess a lack of sophisticated com-
puting capabilities, securing sensitive information between lightweight devices or between
an IoT device and a trust centre is an important but yet a difficult challenge [228, 229].
Widely used traditional cryptographic solutions, for example, advanced encryption stan-
dard (AES) and elliptic curve cryptography (ECC), can be used for both the integrity and
the authentication of exchanging data and messages.
IoT hardware anti-counterfeiting, IC trust and physical tamper-proof are also criti-
cal tasks [230]. In 2014, defence advanced research projects agency (DARPA) launched
the supply chain hardware integrity for electronics defence (SHIELD) program soliciting
hardware root-of-trust for IC authentication which aims to be low-cost, energy-efficient,
tiny size, resilience to threats, and fully-fledged solutions [165]. Hardware security prim-
itives such as physically unclonable function (PUF) and true random number generation
(TRNG) have emerged as promising low-overhead security applications based on the in-
herent physical constraint of IoT devices [231].
In particular, PUF is a relatively new breed of cryptographic primitives that gain an
advantage of otherwise disadvantageous variation in physical system manufacturing with
the aim to produce secrets that are unclonable [9]. While their role in security hierar-
chy is still under study, they eliminate the need to explicitly store secrets in memory (e.g.
128
EEPROM) and therefore are expected to significantly improve security [10, 68]. A PUF
is, in its mathematical form, a hardware implementation of a one-way function that maps
an input (challenge) to an ideally unique and unpredictable output (response). A PUF
should ideally be unclonable against a wide range of adversarial attacks including mod-
elling, random guessing, man-in-the-middle, a wide variety of side-channels and machine
learning attacks. Recently, there has been an increased focus on implementing hardware-
intrinsic security primitives based on inherent randomness in emerging electronic memory
technologies.
VG VG
Floating
PUF Response
T/M/BE: Top/middle/bottom 
electrode
a
c d
b
Response
Selected
: Row BiasVb
PUF Response
VG : Virtually
grounded 
< 0 → 0 I∆ i, j
> 0 → 1 I∆ i, j
Vb
Vb
Vb
Vb
Vb
Resistance (kΩ)
250 350
Comparator
Top device 
Bottom device
100 nm
Figure 4.11: (a) Top-view scanning electron microscopy (SEM) image, equivalent cir-
cuit and cross-sectional schematic of the 3D stacked crossbar. (b) Current-voltage (I–V )
curves for all 2×10×10 devices with two representative curves being highlighted. (c) PUF
primitive operation scheme. (d) Example of the tuned crossbar.
129
PU
F C
50
%
PUF B
PUF A
μ
PUF D
μ
μ
μ
50%
50%50%
50
%
50%
PUF A
μ
b
a
Figure 4.12: Traditional PUF performance evaluations metrics. (a) represents intra-HD
measuring stability of a PUF instance. (b) represents inter-HD showing PUF randomness
measured across multiple PUF instances.
Memory hardware such as resistive random access memory (ReRAM) crossbars are
among the most promising alternatives for large-scale memory class, due to their relative
low-cost fabrication, simple operation (yet rich switching dynamics), and a major intrin-
sic, layout-independent, variations in their switching characteristics. We suggested exper-
imentally verified ReRAM PUF based on monolithically integrated 3D analogue crossbar
arrays and showed its robust performance in a large-scale study [156]. Our results in-
dicate the immense potential of state tuning and harnessing conductance nonlinearity in
analogue crossbars for reconfigurable and secure security primitives. Herein, we present a
test on true randomness generation of these PUFs entirely based on experimentally gath-
ered response string of a length of 352 kbits. The test has a routine part based on National
Institute of Standards and Technology (NIST) statistical test suite, and more deliberate
evaluation of the PUF resilience against various model-building attacks using advanced
deep learning models.
130
4.2.2 Analog ReRAM-based PUF Operation
A fully passive and monolithically (3D) integrated two TiO2−x-based arrays of 10×10 de-
vices were employed for the ReRAM-based PUF design (Figure 4.11 (a)). The top and
bottom crossbars are accessible using the top electrode (TE) and bottom electrode (BE),
respectively, by sharing a middle electrode (ME). Full details on fabrication process can
be found in Reference [157]. Individual devices show a large dynamic range of resistance
and an excellent I–V nonlinearity. While the analogue crossbars show excellent unifor-
mity in their switching and performance characteristics (Figure 4.11 (b), the small spatial
variations in resistance across the array can be used as an effective source of random-
ness. To this end, our proposed PUF architecture (Figure 4.11 (c)) employs a selection
scheme that generates a 1-bit response based on a differential comparison between cur-
rents passed through two sets of selected rows/columns; each includes sneak-path currents
component through neighbouring unselected devices [8]. In this work, the PUF uses a
selection scheme with five rows and two columns.
The aim is to implement a useful one-way function that incorporates array-scaled ran-
dom spatial variations (Figure 4.11 (d)), thereby complicating many side-channel probing
attacks, therefore, allows for more dependable operation. The significant difference be-
tween our ReRAM PUF and a conventional CMOS-based PUF is the additional layout-
independent variation in ReRAMs. We extract this feature by varying applied bias, Vb
of the lowest at 0.2 V to the highest at 0.6 V, which employs device nonlinearity as an
additional source of entropy [156]. To effectively combine the contribution of sources
of variation to the overall transfer function and avoid unintentional systematic biases, all
devices in the array are programmed in a tight highly nonlinear range.
131
Table 4.2: Machine learning tests configuration and predictability.
Configuration
Training
sequence
length
Output dimension of Predictability
LSTM–Dropout–LSTM–
Dense–Dense–Softmax
301 LSTM: 128, Dense: 128, 2 50.41%
101 LSTM: 128, Dense: 128, 2 50.52%
64 LSTM: 256, Dense: 256, 2 50.28%
Dense: This is a fully connected layer.
Dropout: This is a technique that chooses 50% of the previous layer’s output nodes.
Softmax: This is a layer of the network to obtain a vector of normalized probabilities across the
output.
4.2.3 Evaluation of Randomness
In Ref. [156], randomness and stability of the analogue ReRAM-based PUF against key
PUF metrics are exhaustively evaluated. The stability measures the robustness of a PUF
against spatiotemporal variation which will ideally be represented as 0% (Figure 4.12 (a)),
while ideal 50% randomness is the highest level of stochasticity across PUF instances (Fig-
ure 4.12 (b)). Here, we investigate the degree of predictability and statistical randomness
of the PUF response, utilising a relatively large subset of the 1-bit responses at different
biases (350 kbits× 5 for five different biases included in the network challenge). The PUF
response sequence is subjected to two randomness evaluations including machine learning
and statistical randomness tests.
4.2.3.1 Machine Learning Tests
We run predictive machine learning tests using long-short-term memory (LSTM) architec-
ture, a special case of a recurrent neural network (RNN), capable of handling long-range
dependencies in general purpose sequence modelling tasks [232, 233]. In this work, we
used three different LSTM network configurations tested on random number sequences
generated from the proposed PUF as shown in Table 4.2. “Dense” is a fully connected
132
1 3 5 7 9 11 13 15
0.01
0.1
1
Test number
Significance level
0
0
0.
1
0.
2
0.
3
0.
4
0.
5
0.
6
0.
7
0.
8
0.
9
1.
0
0.05
0.10
0.15
0.05
0.10
0.15
p-value
0.
1
0.
2
0.
3
0.
4
0.
5
0.
6
0.
7
0.
8
0.
9
1.
0
Pr
ob
ab
ili
ty
a
b c
d e
p-
va
lu
e
Figure 4.13: NIST statistical test results. (a) shows a single sequence p-values of total
15 tests including different numbers of sub-tests, which are all greater than significance
level (α=0.01). Histograms showing the uniformity of p-values obtained from (b) block-
frequency, (c) longest run, (d) non-overlapping templates and (e) serial sub-tests.
layer which all nodes are connected to all output nodes of the previous layers. Therefore,
“Dense-Dense” configuration uses two dense layers. “Dropout” randomly chooses 50%
of the previous layer’s output nodes. “Softmax” here is the final layer of the network
to obtain a vector of normalized probabilities across the output. The results show an al-
most ideal level of unpredictability using three conditions for training sequence length and
output dimension.
133
Table 4.3: NIST statistical test results of a PUF with three different bias voltages.
Bias voltage (Vb)
200 mV 400 mV 600 mV
Mean rate of passing sequences 97.95% 98.04% 98.35%
Mean of uniformity (p-valueT) 0.16 0.19 0.19
4.2.3.2 Statistical tests
The NIST statistical randomness test suite is employed to further evaluate the random
quality of the PUF response string. NIST statistical test suit is an important measure
for randomness analysis that is often adapted for formal randomness testing for various
applications. The test suite includes 15 different tests including two similar tests running
on different directions of the bit sequence. In each test, the sequence is interpreted as
random if p-value is greater than significance level [160]. If the significance level α is
too high or too low, then the test may result in Type I or Type II errors. Therefore, it is
important to choose the appropriate significance level for the tests. The computed p-values
and successful test results are shown in Figure 4.13 (a). With the significance level α at
0.01 (dotted red line), a PUF response sequence passes all 15 test (total 118 sub-tests).
We also statistically quantify the degree of randomness using 200×10 kbits response
sequences. The empirical results then can be interpreted with two methods; (1) the propor-
tion of sequences that pass the statistical test (proportion analysis) and (2) the distribution
of p-values for uniformity (uniformity analysis). The proportion analysis results show the
passing rate at 0.975 (the lowest) from test number 15, linear complexity test, and 1.00 (the
highest) from test number 2, block frequency test. The distribution of p-values assessment
is to ensure a uniformity, p-valueT. For p-valueT, if it is smaller than 0.0001, which is the
significance level recommended for a uniformity test by NIST, p-values are considered
as non-uniform. Figures 4.13(b)-(e) demonstrate the histograms for the distributions of
p-values, illustrating the successful uniformity results obtained for the device.
134
Table 4.3 shows the proportion analysis and uniformity analysis on the collected data
with three different bias voltages. In particular, the results show that increasing the bias
voltage from 200 mV to 600 mV by 200 mV increment improves the mean of passing rate
from already high 97.95% to nearly ideal 98.35%. In another analysis, mean of uniformity
(p-valueT) is well above 0.0001 for all cases. The slightly lower mean uniformity is found
at the lowest bias voltage of 0.2 V. The result indicates that the stronger I–V nonlinearity
in the device attributes to the better PUF randomness at higher bias voltages. The feature
could be beneficial since the bias voltage could be used as one of the independent challenge
parameters and it also very useful against power monitoring attacks [156].
4.2.4 Conclusion
In summary, we have investigated and verified randomness of our proposed analogue 3D-
ReRAM PUF using two standard and advanced tests, machine learning test and statistical
test. Hence, we demonstrated its resilience against a range of model-building and machine
learning attacks. We demonstrated near ideal unpredictability in our deep learning test us-
ing three different networks architectures and successful statistical evaluation using NIST
statistical test suite with near uniform distribution of all p-values.
135
Chapter - 5
Nano-Intrinsic TRNG
We present a circuit technique to extract random numbers from carrier capture and emis-
sion in oxide traps in emerging redox-based resistive memory (ReRAM). This phenomenon
that appears as small changes in current magnitude passing through the device is known
as random telegraph noise (RTN) and is increasingly becoming a source of reliability is-
sues in nanometer scale devices. We demonstrate that our circuit is suitable for security
applications, where the system is exposed to different adversarial attacks including side-
channel monitoring and machine learning analysis. We experimentally characterise RTN
in ReRAMs and extract its dependency to temperature, voltage and area. We introduce
an RTN harvesting circuit to mitigate sensitivities to temperature fluctuations, injected
supply noise and power signal monitoring. We reduced bias and imbalance in data due to
high-speed sampling via von Neumann whitening. The circuit is compared to conventional
non-differential readout approach. It shows 7.26 times improvement in autocorrelation and
significant resilience against injected supply noise. Successful evaluation of true random
number generator (TRNG) on statistical true and pseudo-randomness has been shown. Fi-
nally, the TRNG’s quality and robustness is demonstrated by statistical tests and machine
learning attacks. The outcome shows close to ideal prediction predictability.
136
5.1 Introduction
Generating an unpredictable stream of random numbers is crucial for many security prim-
itives such as generating strong keys in conventional cryptography, digital signatures and
ciphers. Other applications include Internet-of-Things (IoT) security, wireless networks
and radio-frequency identification (RFID) sensitive examples [234, 235]. These applica-
tions are usually heavily restricted in their energy, area and cost budget. Solutions that
are mainly enterprise-oriented such as quantum random number generators that are not
suitable for applications that the whole set of energy, area and cost are minimal. On that
ground, this paper aims to provide an alternative solution based on solid-state nanotech-
nology that is (1) fully compatible with conventional microelectronic foundry processes,
(2) relatively simple to fabricate and inexpensive to integrate compare to other options
such as spintronics devices, silicon-based quantum.
Generating large quantities of high quality, cryptographically secure random numbers
requires access to a true source of entropy, hence a true random number generator (TRNG)
to be achieved, otherwise a pseudo-RNG (PRNG) is obtainable [236, 237]. Truly random
processes (at least in theory) appear at fundamental levels in nano and quantum domains,
where aggregation of all unavoidable fundamental physical phenomena manifest in one
or more forms of stochastic processes. There are numerous spatiotemporal phenomena in
hardware, especially at deep-micron or nanometer scales, that have been used as sources
of randomness, and chaotic systems [8, 156, 236–239]. Oscillator-based and metastable
TRNGs have the most straightforward and largest circuits, respectively, with oscillator-
based TRNGs suffering from reported poor randomness [240]. Entropy sources like ther-
mal noise in field-effect transistors (FETs) are also a strong function of temperature, and
their noise power is relatively weak, so it requires amplification [237].
In this paper, we are focused on a widely known process of discrete carrier-trapping
137
and -detrapping that vary in time and cause fluctuations in device conductance. This pro-
cess is known as random telegraph noise (RTN), aka. popcorn noise [241]. Like many
other stochastic processes, RTN signals have their drawbacks; They are low-frequency
phenomenon (throughput-limited). Therefore they need high-speed post-processing. Con-
ductance fluctuations due to RTNs are normally small in magnitude. Therefore circuit
ideas are required to harvest the events effectively. Finally, despite being a well-studied
and frequent phenomenon, RTN generation is not always guaranteed, hence again a post-
processing approach is required. They are sensitive to temperature and voltage fluctua-
tions. Therefore circuit level ideas are required to mitigate this sensitivity heavily. This
paper is focused on the latter problem and aims to propose a proper RTN harvesting cir-
cuitry as well as a meaningful link from RTN studies at the device-level to attack analysis
with experimental data.
RTN has been studied in various types of devices including FETs [242–245], car-
bon nanotube transistors (CNTs) [246] and a broad class of resistive switching memories
[247–252]. This paper focuses on RTN events in emerging redox-based resistive memory
(ReRAM) devices. Strong RTNs are often observed from ReRAMs due to their structure.
This is important as one of the most important as signal amplification presents a weak-link
in entropy harvesting processes [253]. Even though the RTN magnitude in MOSFET can
be stronger, the focus of this paper is to develop a new differential readout circuit that can
accommodate ReRAM’s device-to-device variation as well as RTN magnitude variation.
Also, a simple structured and ultra-low voltage operation crossbar array of ReRAMs are
more favourable for building TRNG applications.
For TRNGs, one challenge of dealing with RTN is effective noise extraction for max-
imising randomness in output bits and at the same time, minimising disturbance and sys-
tematic bias mainly due to environmental factors which can be listed as, but not limited
to, noise, radiation and temperature. Noise amplification, temperature (in case of thermal
noise), and dependency on process variation are a few factors that could potentially make
138
TRNGs predictable through creating undesirable bias in the output bit-stream, therefore,
making the system vulnerable to a range of attacks [254]. While it is possible to mit-
igate the dependency of TRNGs to environmental factors by choosing stronger entropy
sources, we require noise and temperature aware circuits to harvest entropy with limited
bias imposed on the output.
This work presents innovative TRNG design based on differential readout circuitry
harvesting RTN in amorphous SrTiO3 (a-STO)-based valency change reduction-oxidation
(redox) resistive switching memories. Through a comprehensive device-to-data approach
that considers non-idealities in device, circuit and array levels. This paper emphasizes
that advantages of a classical differential readout operation using metastability and tran-
sient effects of ReRAMs in TRNGs Ref. [255] resulting in increasing noise immunity,
higher linearity, relative immunity against temperature and radiation (due to microscale
sizes) outweigh increases in area compared to the traditional approach using fixed refer-
ence reported in literature [253, 256–259]. We also evaluate randomness quality of output
bit-stream by implemented machine learning attacks and statistical tests from the National
Institute of Standards and Technology (NIST), which provides a reasonably solid verifica-
tion ground.
In the next section, Section 5.2, we provide an overview of noise and stochastic RTN
in our ReRAMs. Section 5.3 briefly describes the device material stack and fabrication
process. Section 5.4 discusses RTN characteristics in our devices and the significance
of hardware-based RNGs including the proposed RTN harvesting circuitry. Section 5.5
reports the proposed TRNG evaluations and immunity against environmental factors and
machine learning attacks.
139
5.2 Experimental Sample and Characteristics
In this section, we describe the role of noise in electronic devices and RTN characteristics
in a-STO-based VCM-ReRAM.
5.2.1 Random Telegraph Noise
Noise is traditionally considered as an undesired non-deterministic phenomenon that if
not suppressed, it corrupts signal and reduces signal-to-noise ratio (SNR). Noise power
spectral density (PSD) can be written as:
∆Pnoise
∆ f
= 1/ f α . (5.1)
This is called flicker noise or 1/ f noise because its noise spectrum obeys the law as re-
ciprocal of frequency, 1/ f α , where the exponent α is very close to unity. In the case of
ReRAM, noise data showing α is approaching 2 for high-resistance state (HRS) as shown
in Figure 5.1 (a) at room temperature, where ReRAM conductance is measured by ap-
plying 125 mV potential across a device, significantly weaker than potentials required to
induce enough current into the ReRAM device to impose SET switching in Figure 5.1 (b).
Random telegraph or popcorn noise is a low-frequency random fluctuation of conduc-
tance that appears in two or more levels. It is believed to be the result of random carrier
capture (electron trapped in a local defect)/emission (empty defect) in/from one or more
bistable defects [260]. Like many other physical phenomena, it could be described as a
statistical probability of overcoming a transition barrier from capture to emission or vice
versa (Figure 5.2). Temporal behaviour of RTN in ReRAMs is repeatedly shown to be
highly random. Therefore, it could be used as an entropy source for generating random
bits, which is the aim of this work. RTN is often observed in a low-frequency regimes of
scaled devices and is frequently described as circuit “designer’s nightmare” [261]. RTN
140
100 101 102 103 104 105
10-15
10-13
10-11
10-9
10-7
N
or
m
al
iz
ed
 P
SD
 (H
z 
 )-1
Frequency (Hz)
21/f
-1.5 -1.0 -0.5 0.0 0.5 1.0 1.5
10-9
10-7
10-5
10-3
Ic
C
ur
re
nt
 (A
)
Voltage (V)
R
EA
D
 
R
eg
io
n
SE
T 
R
eg
io
n
R
ES
ET
 R
eg
io
n
(a)
(b)
Figure 5.1: Noise and current-voltage (I–V ) characteristics of ReRAM samples. (a) Nor-
malized power spectral density (PSD) measured from ReRAM sample programmed at
high-resistance state (HRS). PSD follows ∼ 1/ f 2 slope. (b) I–V bipolar-switching sig-
nature of a fabricated ReRAM sample. This measurement shows 50 SET/RESET cycles,
with Ic representing compliance current set. Highlighted voltage ranges show voltages at
which readout operations have been carried out and voltages at which SET and RESET
switching occur due to cycle-to-cycle and device-to device-variation.
behaviour could be described with some time constants, shown in this paper with τ .
Measured RTN of a HRS ReRAM with two different READ voltages (VREADs) at
room temperature are shown in Figure 5.3 (a). It is shown that switching time between
141
0 1 2 3 4
2.4
2.6
2.8
C
ur
re
nt
(A
)
Time (s)
×10-7
Em
is
si
on Capture
Figure 5.2: Random telegraph noise (RTN) characteristics in time domain. Current tran-
sition of high-to-low and low-to-high are believed to be results of carrier emission and
capture.
different levels (a single trap system here), is a stochastic phenomenon. In frequency
domain (Figure 5.1 (a)), Lorentzian spectrum, 1/ f 2, starts at corner frequency. The corner
frequency is strong function of τL and τH, which are average periods of time a carrier
spent in the low and high levels, respectively (in case of a single trap system here) and can
therefore be written as:
fc =
1
2piτRTS
=
1
2pi
( 1
τL
+
1
τH
)
. (5.2)
PSD then can be calculated by the Wiener-Khintchine formula by taking Fourier transform
of the noise-noise autocorrelation [262],
SRTS( f ) =
4∆I2τRTS2
(τH + τL)(1+(2pi f τRTS)2)
, (5.3)
where a characteristic magnitude ∆I represents a corresponding change in current by RTN.
Figure 5.3 (b) illustrates 3D map of an in-situ scanning probe microscopy of our device
highlighting nano-filaments. One or multiple defects/traps alongside these nano-filaments
are commonly believed to be the origin of RTN in ReRAM devices. In addition to the prob-
abilistic nature of this capture and emission in/from these defects, creation and rupture of
142
nano-filaments
0 250 500 750
300
200
100 388 390 392
240
260
280
388 390 392
50
70
90
VREAD at 100 mV
VREAD at 25 mV
C
ur
re
nt
 (n
A
)
Time (s)
C
ur
re
nt
 (n
A
)
C
ur
re
nt
 (n
A
)
Time (s) Time (s)
(a)
(c)
(b)
0.3 0.4 0.5
240
260
280
LL
LH HH
HL
LH
HL
HH
(i+
1)
   
 C
ur
re
nt
 (n
A
)
C
ur
re
nt
 (n
A
)
th
i     Current (nA)th38s + Time (s)
LL
240 260 280
Figure 5.3: ReRAM RTN characteristics. (a) RTN represented in the time domain at
VREAD of 25 mV and 100 mV. Insets highlight amplitudes. (b) 3D map of conductive
nano-filaments extracted from an in-situ scanning probe microscopy (SPM). Tip of the
highest nano-filament represents ∼5 nm height from the surface. (3) A time trace and
time lag plot (TLP) of RTN. LH and HL represent low-to-high and high-to-low transitions,
respectively. HH and LL are cases that no transition occurs.
143
these nano-filaments are also a probabilistic phenomenon causing considerable cycle-to-
cycle (programming) conductance fluctuation [263]. Therefore, an extremely rich degree
of stochasticity is available to be harvested for ReRAM-based TRNGs [119, 264, 265].
RTN behavior is observed from other memristive devices. Figure 5.5 shows the RTN
measurement results of two-layer monolithically integrated fully passive TiO2−x device
fabricated by UCSB’s nanofabrication facility conducted with VREAD at 200 mV (top) and
300 mV (bottom) at room temperature.
We use the time lag plot (TLP) to visualize current levels and transition between them
in Figure 5.3 (c). The TLP can be drawn by plotting RTN signal sequence on an x plane
versus a delayed data sequence on an y plane. In case of a single trap, it shows carrier
transition from emission to capture (LH) and from capture to emission (HL) in upper-
left and bottom-right corners, respectively. We also highlight the other corners as HH
and LL for that situation that a carrier stays in captured or the trap stays vacant. The
figure shows HH stands out as having the most number of appearance in the acquired data.
While switching for capture and emission occurs at random times, the balance of colour
could tell about the predictability of RTN-based TRNG which does not have sophisticated
post-processing. This important piece of analysis is missing in some literature reporting
ReRAM’s RTN-based TRNGs including refs. [253, 256].
5.2.2 Environmental Process Factors
RTN is often observed in very small specimen such as microscale pn-juctions and FETs
[266], metal contacts, e.g. metal-insulator-metal tunnel junctions [267] and nanotubes
[268]. For scaled FETs relative RTN amplitude in drain current (∆Id/I) decreases with
increased channel area (W ×L) [269, 270]. Similarly, in ReRAMs, RTN is strongly de-
pendent on area [248, 271]. ReRAMs show increased RTN amplitude at higher resistances
and smaller devices [250, 272–274].
Regarding applied potential-dependence of RTN, our measurement suggests two main
144
100 101 102 103
10-13
10-11
10-9
10-7
10-5
VREAD at
125 mV
100 mV
75 mV
50 mV
25 mV
N
or
m
al
iz
ed
PS
D
(H
z-1
)
Frequency (Hz)
VREAD at
25 mV
50 mV
125 mV
75 mV
100 mV
50
nA
30 ms
25 50 75 100 125
0
3
6
9
12
15
Ti
m
e
(m
s)
Read Voltage (mV)
H Linear Fit
L Linear Fit
3.0 3.1 3.2 3.3 3.4
-2.7
-2.6
-2.5
-2.4
-2.3
Measured
Linear Fit
ln
(∆
I/I
)
1000/T (K-1)
3.0 3.1 3.2 3.3 3.4
2-5
2-4
2-3
2-2
2-1
20 H Linear Fit
L Linear Fit
Ti
m
e
(s
)
1000/T (K-1)
(a)
(b) (c)
(d) (e)
Figure 5.4: ReRAM RTN dependencies. (a) RTN time trace with a range of VREADs.
Increased RTN transition rate is observed by increased voltage value. (b) Normalized PSD
with a range of VREAD. Normalized PSDs at different VREADs follow the similar trend. (c)
Average time of capture, τH, and emission, τL with a range of VREAD. τH decreases with
increased VREAD while τL shows almost no voltage dependency. (d) Relationship between
∆I/I and temperature. (e) Thermal activation RTN fluctuation represented by average time
constants decrement of τH and τL at higher temperature.
145
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
2.5
2
1.5
Cu
rre
nt
 (µ
A
)
0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5
Time (s)
7.5
7
6.5
Figure 5.5: RTN time trace of TiO2−x device with VREAD at 200 mV (top) and 300 mV
(bottom).
changes with swept VREAD. In Figure 5.4 (a), we observe transition rate corresponding to
τH and τL are dependent on the applied voltages, which in effect means a different conduc-
tance point on HRS curve shown in Figure 5.1 (b). However, PSD plots in Figure 5.4 (b)
follows a similar trend at all VREADs when normalised trend is considered. In Figure
5.4 (c), the rise in VREAD and a consequent increase in absolute value of current passing
through the device result in steady decrease in τH while τL shows a weaker correlation.
Temperature dependency of RTN is another important factor. We find that, while RTN
amplitude (∆I) is maintained approximately constant, absolute current (I) grows over a
temperature range as shown in Figure 5.4 (d). As suggested in the literature (Ref. [250]),
this indicates that RTN is most likely initiated from the same defect(s) during the measure-
ment. We also extracted τH and τL at different temperatures. Figure 5.4 (e) shows a rapid
descent in both τH and τL as temperature rises, which implies the RTN fluctuation becomes
more frequent, yet timing remains stochastic. Here we not only rely on our data but also
reporting numerous experimental evidence reported in Refs. [248, 258–260, 275, 276] that
is difficult to activate and control ReRAM’s RTN amplitude, average frequency and stabil-
ity. While these reports could potentially undermine previous ReRAM-based RTN works,
they unanimously endorse that amplitude, and average frequency of the RTN source can-
not be predicted in both high-resistance and low-resistance states (HRS and LRS). It is
shown that RTN in HRS device is activated/deactivated without predictability [276]. We
146
argue that if proper harvesting technique is used to take advantage of the uncontrollable na-
ture of RTN, RTN could be one of the true entropy sources in solid-state devices. Our data
3-bit
VR
FC-CSDA
VDD VDD
v B
ia
s
v vIN–
–
–
vIN+
vIN+
+
–
+
VDD
VDDVDD
S
X MM Y
VR
Comp
Comp
Preamp FC-CSDA
FC-CSDA
FC-CSDA
O
VFB-X
OUT+
VFB-Y
VRR-X VRR-Y
vIN
SO
+
(a)
(c)
(b)
M1a M5a
M7a
M8a
M4
M3
M5b
M7b
M8b
M6bM6aM2a
M 1b
M2b
DAC DAC
VFB
VRR
RA
RD
RD
RD
RD
... ...
3-bit3-bit
D
ecoder
–
SO
Sampling
and
Shift Registors
Whitener M
U
X
Raw output
Selector
Output
00        no output
01        0 to the Output
10        1 to the Output
11        no output
Simplest
whitening
example
Figure 5.6: Proposed ReRAM-based TRNG circuit. (a) A differential readout circuit
utilizes two voltage-regulation feedback configured in order to regulate VFB X and VFB Y.
An identical number of precisely programmed HRS ReRAMs are placed in two branches,
which act as sources of randomness. The series resistance of each array in addressing is
not shown here but considered in simulations. To compensate for offset, a post-fabrication
calibration digital-to-analog converters (DACs) are placed. Insets show the feedback am-
plifier circuit, FC-CSDA and comparator. A comparator consists of a fully differential
preamplifier whose outputs terminals are connected to a FC-CSDA’s input terminals for
a stronger output signal, SO. (b) Post-fabrication calibration DAC-like structure uses a
3-bit digital input through a decoder that activates none or one of the switches to calibrate
the circuit only once. (c) Sampling and whitening-based post-processing digital circuit.
After sampling SO, in order to reduce any residual bit correlation whitening raw random
bits may be required. The whitener accepts a raw output and generates whitened output.
While whitening techniques are varied, the simplest example which the closest two bits
are XORed without overlaps is shown.
147
confirm that the average frequency of RTN in our devices is uncontrollable and achiev-
ing a balanced TLP is extremely difficult. However, it can be concluded that we have a
relatively stable control over RTN amplitude by maintaining a solid control of VREAD at
the nonlinear HRS curve. The method for imposing this control using a feedback loop is
described in Section 5.4.
5.3 Devices Fabrication and Measurement Setup
Using standard photolithography, we fabricated a stack of the following material layers.
A 20 nm Pt and a 5 nm Ti adhesion layers were deposited on a SiO2/Si substrate us-
ing electron-beam evaporation to define the bottom electrode (BE). A 22 nm amorphous
SrTiO3 (a-STO) thin film was sputtered on top of the BE. Finally, a 20 nm/10 nm of Pt/Ti
films were deposited by electron-beam evaporation as a top electrode (TE). The whole
deposition was completed at room temperature. Our fabricated ReRAMs are attributed
to the localized accumulation of oxygen vacancies along the defect structure across the
device [19, 180]. Oxygen vacancy is known to facilitate the formation and rupture of
nano-filaments, which is responsible for the bipolar switching between HRS and LRS
[19]. Electrical characterization of ReRAM and measurement data were gathered with
Keithley 4200 Semiconductor Characterization System (SCS). Full details on the electri-
cal, electroforming and switching characteristics of the a-STO memristors can be found
in Refs. [19, 20, 180].
5.4 ReRAM’s RTN-based TRNG Structure
The proposed ReRAM RTN-based random number generation circuit is presented in Fig-
ure 5.6 (a). The circuit utilizes two identical fully complementary folded cascode-based
differential amplifier (FC-CSDA) in a differential manner followed by common-source
transistors. In both sides, a digital-to-analog converter (DAC) and a set of ReRAM(s) are
148
placed in a series with the amplifier and the transistor. The DAC is a collection of resistors
and tap nodes between each resistor as shown in Figure 5.6 (b). A comparator takes DACs’
output at its input terminals. The comparator is implemented in the form of concatenated
two differential amplifiers. This includes a preamplifier and a FC-CSDA. The comparison
result is fed into a post-processing circuit for sampling and whitening purposes as shown
in Figure 5.6 (c).
5.4.1 Design Highlight
Utilizing harvesting circuit in differential manner is the key characteristic of this work.
The design strength is discussed in this section by comparing with fixed reference meth-
ods.
Fixed Reference Approach
Figure 5.7 (a) illustrates the conventional approach that uses a randomness source to be
compared to a fixed reference value, VREF. For instance, if the noise signal is greater than
VREF, the comparator gives ‘1’, otherwise a ‘0’ in the output. It is a popular RNG technique
that has been investigated for security applications shown in refs. [253, 256, 277]. One of
the main challenges in this approaches is controlling difficulty. In this method, ideal VREF
is the mean value of the randomness source. However, it is difficult to place VREF ideally,
then output bits-stream can be biased toward either ‘0’ or ‘1’ [278, 279]. More importantly,
even with the perfectly set VREF, RTN’s average capture and emission time imbalance
can be another contributor of the biased bit-stream output. Another challenge of this
approaches is its higher sensitivity to environmental noise potentially from undesirable
noise source of the system. Consider if VREF is affected by the undesired noise, this creates
an inconstant reference voltage which is likely to generate the biased bit output. Therefore,
while some post-processing is required, it does not solve the problem completely. For
instance, correlation between bits can be improved through de-biasing [279].
149
DAC DAC
C
om
p
VREAD
VDD(a)
(b)
(c)
Randomness
source 1
Randomness
source 2
C
om
p
VDD
VDD
VREF
Randomness
source
VREF 1
Randomness
source 1
VREF 2
Randomness
source 2
Figure 5.7: Block diagram of (a) a single fixed reference comparison approach, (b) a
pair fixed reference approach and (c) differential harvesting approach (this work). The
undesirable noise can be added in power supply voltages, which could affect the quality
of output bit-stream.
An alternative RNG design is shown in Figure 5.7 (b). It includes a pair amplifier in-
dividually connected to different reference voltages, VREF 1 and VREF 2, and a comparator
to generate bit-stream. Because a pair fixed reference approach uses two references volt-
ages, the controlling difficulty and environmental disturbance that exist in a single fixed
reference approach correspondingly apply to this.
150
Differential Approach (This Work)
Figure 5.7 (c) shows ReRAM-based TRNG’s circuit, which uses two randomness sources
and the same reference voltage, VREAD. The differential nature of the suggested circuit
results in effective supply voltage noise rejection compared to the previously discussed
fixed reference methods. This can be understood because the disturbance is added to
both sides similarly and can then be filtered out by the common mode rejection of the
data acquisition system. Temperature is shown to increase RTN activities (see Figure
5.4 (a)) also influence both ReRAM branches in approximately similar manner. Therefore,
its impact is significantly suppressed at the circuit level. The effect of ageing on the
differential structure is expected to be insignificant because of the similarity of the effects
on the two branches of the RTN readout circuit. This can be considered similar to the
change in common-mode behaviour.
In a cryptographic system, the lack of random number quality such as an imbalance of
‘0’ and ‘1’ in a bit-stream generally increases attack vulnerability, which leads to compro-
mised security of the system. Possible attacks are varied against hardware-based RNGs,
particularly, when proper shielding is missed out. These attacks can be simply monitoring
power consumption or capturing radio-frequency emission from the system or trying to
control the output bits by injecting external energy (for example, electromagnetic radia-
tion) into the system. Radiation attacks or delivering RF energy to the chip would also
affect both branches similarly due to the small footprint of this TRNG (like many another
on-chip differential TRNGs). Regarding dimensions and sensitivities to the externally im-
posed electromagnetic attacks, the layout of the whole structure in silicon is implemented
in the textbook classic common centroid layout style, which almost removes the possibil-
ity of different electromagnetic energy delivery to one side of the circuit compared to the
other.
151
Table 5.1: Simulated improved rejection ratio of this work compared to single
fixed reference method.
Ratio of Improvement
PSRRs 26 dB
READ†/REF‡ voltage RRs 71 dB
† The ratio of the change in READ voltage to output voltage.
‡ The ratio of the change in reference voltage to output voltage.
Comparison
We compare the simulation results of a single fixed reference method with our differential
approach based on measurement data. The external disturbance can be observed in the
power supply and VREF for the single fixed reference method and the power supply and
VREAD for the differential method. In the former case, the undesirable noise affects the out-
put bits significantly more than the differential method as expected. The analysis shows
that our differential circuit’s power supply rejection ratio (PSRR) at ≤100 kHz is in mag-
nitude greater than PSRR of fixed reference approach rival presented in Refs. [253, 256].
Note that specific RTN level and biasing values were based on presented measurement
results of Ref. [253]. More importantly, VREAD’s noise rejection, which is considered
common-mode for the whole circuit, is also stronger in our implementation than VREF’s
noise rejection in the single reference implementation. In Table 5.1, the improvement is
shown in the form of a ratio of differential harvesting method to the single fixed reference
method.
Therefore, it is shown that the proposed differential harvesting circuit takes advan-
tages of reduced environmental noise effect. It could also be benefited from other known
differential signalling benefits such as higher output swings, simpler biasing and higher
linearity. Our analysis also shows it offset on the feedback loop amplifiers is likely to
affect both similarly due to the fact that they are sitting in very close proximity of each
152
other.
5.4.2 Design Detail
Amplifier
FC-CSDA is entirely self-biased CMOS differential amplifiers with a wide input range
[280, 281]. Figure 5.6 (a) inset (highlighted in blue) illustrates the FC-CSDA and its self-
biasing scheme. This bias, vBias, is generated by negative feedback within the amplifier.
The self-biasing scheme of the FC-CSDA lowers the sensitivity to variation such as tem-
perature, power supply variations, and common-mode input voltages [280]. FC-CSDA’s
differential mode gain is given approximately by:
Ad ' gm1 +gm2go7 +go8 (5.4)
where gm1 and gm2, and go7 and go8 are the transconductances of transistor 1a-b and 2a-
b, and the output conductance of 7a-b and 8a-b [280, 282]. This differential mode gain
is confirmed in the frequency response results which are differential gain of 34.1 dB,
bandwidth of 350 kHz and phase margin of 92 ◦. Corner analysis of the amplifier shows
FC-CSDA’s input voltage offset of 3.48 mV at typical-typical corner, the highest offset
of 5.52 mV at SS (slow NMOS, slow PMOS) corner, and the lowest offset of 1.99 mV
at SF (slow NMOS, fast PMOS) corner. The voltage offset is important factor that could
degrade the performance of RTN harvesting circuit. More importantly to the circuit in
differential manner, mismatches in the amplifier pairs affect performance of the entire
harvesting circuit.
The amplifier with a PMOS transistor is employed in a structure of conventional
CMOS low dropout regulator (LDO) without a feedback resistor as shown in Figure
5.8 (a). Simulation results show that the phase margins of the structure are at near 90 ◦
with an output capacitor of both 10 pF and 100 pF.
153
Table 5.2: Characteristics of the implemented amplifier.
Parameters FC-CSDA
Differential gain 34.1 dB
Phase margin 92 ◦
Bandwidth 350 kHz
Input voltage offset 3.48 mV† (Nominal)
† The value is a result of typical-typical corner validated in Cadence.
Post-Fabrication Calibration DAC
The circuit utilizes the LDO structure to maintain feedback node (VFB) closed to VR (read
voltage) regardless of the RRR (ReRAM resistance) variation. To suppress unavoidable
VFB variation caused by the device variation/mismatch, we suggest post-offset cancellation
DAC. DAC consists 2k− 1 number of series RDs, one RA and 2k number of tap nodes
between resistors as shown in Figure 5.6 (b) and Figure 5.8 (b). We selected the following
values:
• Number of DAC input bit (k): 3
• DAC resistor (RD): 800 Ω
• VRR adjust resistor (RA): 300 kΩ
Noise Voltage at RTN Activity Region
We compare measured noise voltage of ReRAM and the rest of the circuit at the output
node (VO) at RTN active bandwidth of 250 kHz. The frequency of the interest was defined
by the observed RTN behaviour. We first consider time period of low-to-high (τLH) and
high-to-low (τHL). This is because any change in τLH/τHL is the activity that needs to be
captured. In Figure 5.10 (a), considered time constants are illustrated. While τL/τH are in
random timing, both τLH and τHL are measured almost constant at around 1 µs. Based on
154
(t -1)×RD
(2 - t)×RD
VR VDD
VFB
VRR
VO
VRR
RD tot
R RR
R
k
(a)
(b)
(c)
A
VRR
V VRR O
VO
w/o
 0.40 ± 0.04
 0.41 ± 0.04
 0.21 ± 0.03
 0.42 ± 0.05
RA :
wRA :
1 3 5 7 9
0.2
0.21
0.22
0.4
0.41
0.42
0.43
V
ol
ta
ge
 (V
)
t
VFB
Figure 5.8: (a) One side of the proposed ReRAM-based TRNG circuit based on low
dropout regulator (LDO)-like structure. (b) The k-bit DAC architecture. (c) Monte-Carlo
simulation results of the implemented 3-bit DAC.
our data, we assumed the shortest RTN width at 2 µs, thereby, the RTN period at 4 µs.
Therefore, the RTN active frequency is calculated at 250 kHz. For the comparison between
ReRAM RTN and circuit noise delivered to the output node, we calculate integral the noise
power of RTN, which is 166 mV2. The result is then compared with the simulated rest of
circuit noise power at the same bandwidth, which is 0.1 mV2. It is clear that the circuit
can capture the ReRAM RTN signals in the presence of undesirable but intrinsic circuit
noise.
Comparator
To convert voltage difference between DAC’s outputs of two branches into the stronger
signal, a comparator is implemented as shown in Figure 5.6 (a) inset (highlighted in green).
It is a form of concatenated amplifiers of preamplifier and FC-CSDA. The preamplifier
is a fully differential FC-CSDA that is built combining two FC-CSDA and is suggested
155
-200 -100 0
(100,300) (200,300) (300,300) (400,300) (500,300) (600,300) (700,300)
100 200 300 4000.1
1
10
100
UnCAL-os
CAL-os w/o RA
CAL-os w RA
os
(m
V
)
∆R (RRR-XRR (kΩ), R (kΩ))RR-Y(kΩ),
Figure 5.9: Simulation result of the reduced offset by using the post-fabrication DAC.
The mean values are reduced by using the calibration at a range of ∆RRRs from -200 kΩ
to 400 kΩ except when ∆RRR at 0 Ω. RRR-X is fixed at 300 kΩ during simulation.
to provide increased output voltage swing and external improved common-mode noise
immunity [282].
5.4.3 Operation
The calibration DAC is used for two purposes, VRR reduction and, more importantly, post-
fabrication calibrations.
VRR adjustment
Adding RA helps to keep VRR in a relatively low level, thereby, ReRAM devices can be
maintained at its HRS during random number generation. As with the resistor, the higher
DC VR can be used, which makes the amplifiers operate within its input voltage range. In
Figure 5.8 (c), circuit-level Monte-Carlo simulations in Cadence validates the significant
reduction of VRR. Mean (µ) ± standard deviation (σ ) of VRR with RA is 0.21± 0.03 V
while 0.40± 0.04 V is observed without RA. On the other hand, utilizing RA brings a
less significant difference in levels of VO. When 0≤ n≤ 7, pooled µ±σ of VO with and
156
DDV
Preamp
O∆V
O∆V
RR
RR
(a)
(b)
HL
∆I
I
OV
(c)
OS
τ
Steady
state
Steady
state
Steady
state
HH
LL
Jump
state
Jump
state
LHτ
OUT+
Preamp
OUT-
Preamp
OUT-
Preamp
OUT+
Figure 5.10: Simplified transient response of ReRAM-based TRNG circuit. (a) shows
the current change (∆IRR) in a ReRAM device due to RTN activity from high-to-low (HL)
followed by low-to-high (LH) after a steady state. (b) illustrates the output voltage spikes
that are introduced by the IRR changes at jump states. (c) The VO spike generates a voltage
difference between input terminals of comparator and the random signal in the output of
comparator, SO is generated.
without RA are observed at 0.42±0.05 V and 0.41±0.04 V, respectively.
Post-Fabrication Calibration
Utilizing a series of RDs in the DAC offers a post-fabrication calibration function. We use
the following notions and definitions for the analysis:
• Jump state is the state when either LH or HL happens in any of ReRAMs in Figure
5.3 (c).
• Steady state is the state when no LH or HL is observed in both ReRAM(s) branches.
157
• Uncalibrated offset is the difference between VFB-X and VFB-Y at steady state in Fig-
ure 5.6 (a).
• Calibrated offset is the average difference between DACs’ output by the same DAC
input codes at steady state.
• ∆RRR is a steady state ReRAM resistance difference of the branches, RRR-X−RRR-Y.
• ∆VO is a DAC’s output level difference between at steady state and jump state in
Figure 5.10.
Ideally, the uncalibrated offset is zero regardless of the resistance difference between
ReRAMs in the pair branches. However, due to the stochastic nature of the growth/rupture
of conductive filaments, HRS ReRAM resistance varies across devices. Therefore, the
non-zero offset can hinder the quality of generated random numbers. Moreover, unavoid-
able process variation can also contribute to the VFB mismatches. To reduce the offset,
the proposed circuit utilises post-fabrication calibration DAC between VFB and VRR of
both branches. One time post-fabrication calibration is required if uncalibrated offset out-
weighs the ∆VO. Without this calibration, the large offset could cause error operations of
comparator, accordingly the comparator’s output could result in consistent “high” or “low”
in its bit-stream. Fig. 5.9 presents reduced means of offset caused by using the calibration
over a range of ∆RRRs from -200 kΩ to 400 kΩ except when ∆RRR equals to 0 Ω. For
this simulation, RRR-X is fixed at 300 kΩ (nominal HRS resistance of measured ReRAM),
while RRR-Y is swept from 100 kΩ resistance to 600 kΩ. At the presence of ∆RRR, utilising
DAC with RA significantly decreases the offsets. The change is especially noteworthy at
the extreme ∆RRRs such as -200 kΩ and 400 kΩ although these cases are not like realistic.
This is because the use of such low resistance ReRAM is likely to be avoided during the
one-time programming process. Similarly, the extremely high resistance ReRAM could
be observed with a low probability.
158
5.4.4 Random Number Generation and Post-Processing
During the one-time calibration, the steady state offset can be attenuated, and thereby the
comparator can be used to amplify the ∆VO only at the jump states in Figure 5.6 (a).
Assume that the post-fabrication calibrated differential harvesting circuit with both of
the connected ReRAMs at steady state either LL or HH. When a ReRAM enters in its
jump state (here, we assume HL in Figure 5.10 (a)), the total current through the ReRAM
changes by ∆IRR during a time period of HL, τHL. The drop causes a spike behavior
in VO shown in Figure 5.10 (b). The decrease of VO continues until the RTN induced
current change reaches at its steady state again. With 10 pF compensation capacitor,
∆I/IRR = 30/660 nA results in ∆VO = 16.5 mV at τHL = 1 µs.
Generated VO-X and VO-Y transform to comparator’s output signal, SO, which then is
fed to a post-processing unit as shown in Figure 5.6 (c). In our ReRAM-based TRNG cir-
cuit, the post-process circuit including a sampler, shift registers and a whitener is proposed
in order to extract random bits (raw output) and generate whitened bit-stream (output).
The connected multiplexer gives the option for extracting raw bits or whitened random
bits. The whitener is to reduce the residual bit correlation that can exist in raw output
bit-stream [283]. In order to achieve this, standard whitening techniques can be used. One
implementation is to chuck raw output bit-stream into equal length (two, for example in
Figure 5.6 (c)) and XOR them together in order to generate a single bit output. Whitening
using XORs or Blum [284] would add CMOS overhead. However, it also provides high
random bit quality. The details of post-processing circuitry are not addressed in this work.
5.5 Evaluation
We evaluated entropy of before and after the post-processing unit. For the entropy com-
parison, we generated bit-streams from the differential, and the single fixed reference ap-
proaches using Cadence simulation based on measured data. The entropy of bit-stream
159
0 15 30 45
0.0
0.1
0.2
0.3
1.0
A
ut
oc
or
re
la
tio
n
Lag
Fixed reference approach
This work (w/o post-proce.)
This work (w post-proce.)
Figure 5.11: Autocorrelation comparison between the fixed reference and differential
RTN harvesting methods. The differential method is tested with and without a post-
processing unit, and the outcome is clearly in favour of differential RTN harvesting tech-
nique with post-processing unit.
signal SO is 0.97, which is significantly higher than those of the fixed reference method
at 0.93. Post-processing improves the entropy to 0.99, closer to the ideal entropy of 1.00.
We also analyze autocorrelation of the TRNG outputs. We plot autocorrelations of the
single fixed reference implementation and the proposed TRNG, with and without post-
processing. In Figure 5.11, results show significantly higher autocorrelation of the single
fixed reference circuit compared to the proposed differential approach, which indicates
reduced history effect in the output of the differential approach. The effectiveness of the
introduced post-processing unit could be seen in the autocorrelation analysis, where a clear
improvement can be observed.
We run our machine learning test using long-short-term memory (LSTM) architecture.
Table 5.3: Machine learning test on ReRAM-based TRNG.
Configuration [output dimension] Result
LSTM [256] – dense [2] 50.18%
LSTM [256] – dense [512] – dense [2] 50.07%
LSTM [128] – d/o – LSTM [128] – d/o – dense [256] – dense [2] 49.83%
dense: This is a fully connected layer.
d/o: This is a dropout technique that chooses 50% of the previous layer’s output nodes.
160
Table 5.4: NIST statistical test result.
Statistical Test Pass rate Uniformityof p-values
Frequency 0.989 Pass
Block Frequency 1.000 Pass
Cumulative sum (Forward) 0.989 Pass
Cumulative sum (Backward) 0.989 Pass
Runs 0.977 Pass
Longest Run of 1’s 0.989 Pass
Rank 0.966 Pass
FFT 1.000 Pass
Nonoverlapping Templates 0.989 145/148 Pass
Overlapping Templates 0.989 Pass
Universal 0.966 Pass
Approximate Entropy 0.989 Pass
Random Excursions 0.994 8/8 Pass
Random Excisions Variant 0.991 18/18 Pass
Serial 0.977 Pass
Serial 1.000 Pass
Linear Complexity 1.000 Pass
LSTM is a special class of recurrent neural network (RNN) introduced by Hochreiter &
Schmidhuber [232], where environmental inputs such as room temperature, 50 Hz and
other sources of noise could also be considered as inputs. LSTM architecture has proven
to be a powerful tool for handling long-range dependencies in general-purpose sequence
modelling tasks [233]. In this work, we used three LSTM network configurations tested
on measured random number sequences as shown in Table 5.3. “Dense” is a fully con-
nected layer, which all nodes of that layer are connected to all output nodes of the previous
layer. Therefore, “dense-dense” configuration uses two dense layers. In our case, “d/o” is
dropout layer that randomly chooses 50% of the previous layer’s output nodes. Measure-
ment results show average predictability at 50.18%, 50.07%, and 49.83% with the trained
networks that confirms an acceptable level of unpredictability.
161
Tested on the random number sequences that we obtained from simulation based on
the measurement, we also use statistical test suite developed by the U.S. National Institute
of Standard and Technology (NIST) in order to evaluate randomness of our TRNG. The
test suite includes a total of 15 different tests with two similar tests running on different
directions of bit-stream; hence, 17 tests [160]. Our ReRAM-based TRNG successfully
passed all tests with a significance level of 0.01. Test type and outcomes including pass
rate and uniformity of p-values occurred in each test are shown in Table 5.4.
TRNG generation speed using pure ReRAM RTN is still limited, typically in the range
of kilohertz [253, 257, 258]. Other relatively high-frequency implementations take ad-
vantages of parallel operation system generating multiple random numbers [285]. For
high-frequency applications, the result of this post-processing unit can be fed into high-
throughput random number generation such as LFSR-based RNG. Combining the output
of the TRNG with the LFSR is well-known practice of cryptology, which will increase
the variance [286]. The post-processing module (not described here) is run at a 40 MHz
clock frequency, and the peripheral circuitry is implemented in IBM 130 nm standard
CMOS at a sampling rate near the RTN frequency, resulting in the estimated efficiency of
0.0125 nJ/bit.
We also conducted a comparison with existing ReRAM-based RNG implementations
regarding key structure and performance as depicted in Table 5.5. Given that all cited
works use digital blocks and most of the works are post-processed, the proposed TRNG is
competitive.
162
Table 5.5: Implementation of resistive switching memory-based RNGs.
[253] [287] [259] [285] [258] This work
Randomness
source
RTN in LRS
CRRAM
Stochastic
switching
Stochastic
switching
Noise in LRS
Resistance
variation
RTN in
ReRAM
Digital block D-flip-flop
& comparator
D-flip-flop &
XOR
Inverter
Sense
amplifier
Comparator
Comparators
& DAC
Post-processing – XOR-based – Post-processing function Von Neumann Von Neumann
Output rate 1 kbps 1.05 Gbps 0.2 Mbps 32 Mbps 0.16 kbps 40 Mbps
Power/Energy – 31 µW - 0.04 nJ/bit - 0.013 nJ/bit
NIST test pass† – – pass pass† pass
† Not all test results are presented.
163
5.6 Conclusion
In this paper, we presented a simple-in-concept and effective way of harvesting popcorn
or random telegraph noise (RTN) randomness in solid-state redox-based valency change
memory SrTiO3 devices. We discussed that TRNGs for security application should present
a set of qualities that do not only include NIST statistical tests, rather a demonstration of
resilience against side-channel monitoring, which is not captured in usual NIST test on
TRNG outputs. The TRNG has been tested using three differently configured machine
learning attacks and achieved near ideal outcome of 50.18%, 50.07% and 49.83% predic-
tion predictability. We have proposed a differential RTN extraction circuit that is tuned
to be sensitive to changes in signals and harvest them before be suppressed by a volt-
age regulating (negative) feedback. Such improvement enhanced RTN readout quality for
security-oriented TRNGs. In addition to 7.2 times reduction in autocorrelation the circuit
reduces correlation between random numbers and disturbances in temperature and on ap-
plied supply voltage due to its textbook style relativistic readout mechanism. We have also
demonstrated robustness against side-channel monitoring, common-mode noise and noise
injection. Overall TRNG system is estimated to generate high-quality random numbers
with under 500 µW of power dissipation.
164
Chapter - 6
Conclusion and Future Directions
6.1 Concluding Remarks
This PhD research has aimed to (i) investigate variation features in redox-based ReRAM
for a strong source of randomness, (ii) develop novel designs of ReRAM-based security
primitives that can be embedded within various IoT products/platforms, and (iii) analyse
the performance of the developed ReRAM PUFs using various methods. The outcomes
of the research and the contributions of the author have been presented in Chapters 2 to 5,
which are summarised in the following pages.
165
6.1.1 Contribution 1
As the first contribution, the author clarified the standard evaluation methods for develop-
ing a robust yet innovative security primitive by (i) formulating previously defined eval-
uation metrics, (ii) reviewing basic PUF properties, and (iii) investigating the predictive
analyses. The results were presented in Chapter 2, which can be summarised as below:
• By reviewing previously discussed literature, the author was able to formulate basic
PUF evaluation metrics that can be applied to different types of PUF class. This
included not only the well-known metrics such as uniqueness, reliability, uniformity,
bit-aliasing and diffuseness but also avalanche characteristic which was previously
defined as conditional probabilities (Figure 6.1).
166
 Majzoobi et al.(a)
(b)
Maiti et al.
Hori et al.
Kim et al.
  
  
R 1
,
R i
,
R R i
,1
R i
,2
R i
,
PUF
i
PUF
i
  
Hamming Weight H
am
m
in
g 
W
ei
gh
t
…
…
…
…
…
…
R i
,j
R i
,j
…
r1,j,k
r1,j,1
…
r1,j,n
PUF
1
PUF
i
PUF
……
PUF
1
PUF
i
PUF……
…
ri,j,k
ri,j,1
…
ri,j,n
…
rp,j,k
rp,j,1
…
rp,j,n
…
ri,j,k
ri,j,1
…
ri,j,n
Cj Cj Cj CjC1 C2 CCj Cj… …
ttrt0 th
ttrt0 th
…
…
… h0 R i
,jtr
Fractional
Hamming 
Distance
Fractional
Hamming 
Distance
 
Fractional
Hamming 
Distance
……
…… ……
PUF
i
UniformityBit-aliasingDiffusenessUniqueness Reliability
Figure 6.1: Key PUF performance metrics. (a) formulated PUF evaluation metrics de-
fined. (b) show the defined metrics, uniqueness, diffuseness, bit-aliasing, uniformity, and
reliability.
167
6.1.2 Contribution 2
As the second contribution, the author pioneered a novel approach to build PUF by utilis-
ing non-conventional concatenated two layers ReRAM CBAs. The results were presented
in Chapter 3, which can be summarised as below:
• Upon concatenated two layers, the uniformity of PUF response was significantly
improved. This was due to that the selection of ReRAM cells of the second layer
depends on a “hidden challenge” passing from the first layer. This made the cell
selection information unexposed and consequently improved the unpredictability of
challenge-response behaviour (Figure 6.2 (a)-(b)).
• By employing the novel nonlinear architecture with the hidden challenge, the author
demonstrated the avalanche characteristic of the proposed nrPUF, and compared
its performance with conventional single layer-based ReRAM PUFs. The author
discovered that using output bit transition rate, an excellent avalanche characteristic
(ideally, 50%) was found from the proposed nrPUF, while the conventional single
layer PUF achieved a relatively lower output bit transition rate (Figure 6.2 (c)).
168
Response
Challenge
+      
 
…
 
…
 
…
 
… 
… 
… 
a-M
U
X
 blocks  
Bit gen.
& LFSR
 
a-  MUX blocks  
READ voltage supply  
Hidden 
challenge
 
+      
a 
…
 
…
 
…
 
… 
… 
… 
a-M
U
X
 blocks b 
 
READ voltage supply  
1st layer 2nd layer 
a-MUX blocks
nrPUF
Co
un
t
Uniformity (%)
Single crossbar
900
600
300
0
0 25 50 75 100
(b)
(a)
(c)
0 1 2 3 4 5
2
1
0
Column transition
nrPUF
single crossbar
50
40
30
20
10
0
Output
transition
rate (%)
2
1
0
Ro
w
 tr
an
sit
io
n
Figure 6.2: (a) Proposed nonlinear architectural ReRAM PUF (nrPUF). (b) Result of
worst-case uniformity comparison of the proposed nrPUF and the conventional single
crossbar method. (c) Comparison of avalanche characteristics of the nrPUF and the single
crossbar method.
169
6.1.3 Contribution 3
As the third contribution, the author introduced novel security primitive by investigating
variations in the nonlinear I–V characteristics of ReRAMs. The robustness of the novel
design was experimentally verified, and the security level was confirmed by predictive
analysis. The results were presented in Chapter 4, which can be summarized as below:
• Nonlinear I–V characteristic of ReRAMs was applied to response generation by
utilizing different bias voltages from 200 to 600 mV, and the performance of the
ReRAM-based PUF was experimentally verified.
• The predictive analysis was demonstrated to evaluate and verify the feasibility of
the proposed designs. This includes machine learning-based prediction (Table 6.1)
test and NIST statistical test (Table 6.2).
Table 6.1: Machine learning tests configuration and predictability.
Configuration
Training
sequence
length
Output dimension of Predictability
LSTM–Dropout–LSTM–
Dense–Dense–Softmax
301 LSTM: 128, Dense: 128, 2 50.41%
101 LSTM: 128, Dense: 128, 2 50.52%
64 LSTM: 256, Dense: 256, 2 50.28%
Table 6.2: NIST statistical test results of a PUF with three different bias voltages.
Bias voltage (Vb)
200 mV 400 mV 600 mV
Mean rate of passing sequences 97.95% 98.04% 98.35%
Mean of uniformity (p-valueT) 0.16 0.19 0.19
170
6.1.4 Contribution 4
As the fourth contribution, the author investigated random telegraph noise (RTN) charac-
teristic of ReRAMs as a source of randomness for the true random number generation. In
order to overcome the limitations of conventional readout approach, a differential readout
method was employed. This can greatly reduce the effect of the undesired noise. The qual-
ity of generated random numbers was assessed by various methods, and the performance
of the implemented RNG was studied by comparing with other state-of-art ReRAM-based
RNGs. The results were presented in Chapter 5, which can be summarised as below:
• RTN characteristic of the fabricated ReRAMs was analysed regarding READ volt-
age and temperature dependencies. The results clearly showed that the conventional
readout method could potentially lower the quality of randomness in the generated
random numbers.
• The proposed differential readout method (Figure 6.3) could maintain the quality of
random numbers, while the controlling difficulty of the conventional readout method
could be significantly reduced by utilising the differential readout. This is advanta-
geous as the differential readout circuit can embrace the resistance variation features
of ReRAMs without extensive pre-calibration. Moreover, undesirable noise can be
reduced.
171
DAC DAC
VREAD
Randomness
source 1
Randomness
source 2
Co
m
p
VDD
Figure 6.3: Block diagram of differential harvesting approach. The undesirable noise can
be added in power supply voltages, which could affect the quality of output bit-stream.
172
6.2 Recommendations for Future Work
There exist several opportunities to take the advantages of the findings from this PhD
project to further improve the performance of ReRAM-based security primitives. A sum-
mary of research activities, which are recommended for future work are outlined below:
• The concept of reprogramming ReRAM in the crossbar(s) can be used for recon-
structing a completely new PUF. This is a cost-efficient way to build new PUFs
without the need of another round of ReRAM fabrication. However, correlation of
resistance before and after programming can compromise the use of reprogramming
ReRAM-PUF (ReRAM-based reconfigurable PUF). Therefore, analysing the cycle-
to-cycle variation using different levels of electrical potential during programming
can be investigated for developing highly secure yet reconfigurable ReRAM-based
PUFs.
• Most of the currently used PUFs only focus on authentication purpose, and there-
fore, a different protocol can also be applied for PUFs. For example, PUF-based
encryption and decryption protocol can be further explored for securing commu-
nication. Much still needs to be discussed to establish practicality of PUF-based
encryption/decryption including the impact of PUF noise (reliability) and overhead
of hardware implementations in this context.
• The concept of building PUF using more advanced emerging non-volatile memory
from a material engineering perspective can also be investigated. For instance, cur-
rently investigated materials requires electro-forming process before programming
phase. To fully unleash the potential of the proposed ReRAM, it is necessary to
investigate more advanced materials and techniques further to resolve the above-
mentioned issues.
173
References
[1] J. Delvaux, D. Gu, D. Schellekens, and I. Verbauwhede, “Secure lightweight entity
authentication with strong PUFs: Mission impossible?” in International Workshop
on Cryptographic Hardware and Embedded Systems–CHES, 2014, pp. 451–475.
[2] M.-D. M. Yu, M. Hiller, J. Delvaux, R. Sowell, S. Devadas, and I. Verbauwhede,
“A lockdown technique to prevent machine learning on PUFs for lightweight au-
thentication,” IEEE Transactions on Multi-Scale Computing Systems, vol. 2, no. 3,
pp. 146–159, 2016.
[3] A. Van Herrewege, S. Katzenbeisser, R. Maes, R. Peeters, A.-R. Sadeghi, I. Ver-
bauwhede, and C. Wachsmann, “Reverse fuzzy extractors: Enabling lightweight
mutual authentication for PUF-enabled RFIDs,” in International Conference on Fi-
nancial Cryptography and Data Security, 2012, pp. 374–389.
[4] Y. Guo, T. Dee, and A. Tyagi, “Barrel shifter physical unclonable function based
encryption,” Cryptography, vol. 2, no. 3, p. 22, 2018.
[5] M. Majzoobi, F. Koushanfar, and M. Potkonjak, “Testing techniques for hardware
security,” in IEEE International Test Conference (ITC), 2008, pp. 1–10.
[6] Y. Hori, T. Yoshida, T. Katashita, and A. Satoh, “Quantitative and statistical per-
formance evaluation of arbiter physical unclonable functions on FPGAs,” in IEEE
International Conference on Reconfigurable Computing and FPGAs (ReConFig),
2010, pp. 298–303.
[7] A. Maiti, J. Casarona, L. McHale, and P. Schaumont, “A large scale characterization
174
of RO-PUF,” in IEEE International Symposium on Hardware-Oriented Security
and Trust–HOST, 2010, pp. 94–99.
[8] J. Kim, T. Ahmed, H. Nili, J. Yang, D. S. Jeong, P. Beckett, S. Sriram, D. C.
Ranasinghe, and O. Kavehei, “A physical unclonable function with redox-based
nanoionic resistive memory,” IEEE Transactions on Information Forensics and Se-
curity, vol. 13, no. 2, pp. 437–448, 2018.
[9] B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, “Silicon physical random
functions,” in Proceedings of the 9th ACM Conference on Computer and Communi-
cations Security, 2002, pp. 148–160.
[10] G. E. Suh and S. Devadas, “Physical unclonable functions for device authentication
and secret key generation,” in Proceedings of the 44th Annual Design Automation
Conference, 2007, pp. 9–14.
[11] J. W. Lee, D. Lim, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “A tech-
nique to build a secret key in integrated circuits for identification and authentication
applications,” in IEEE Symposium on VLSI Circuits, Digest of Technical Papers,
2004, pp. 176–179.
[12] D. Lim, J. W. Lee, B. Gassend, G. E. Suh, M. Van Dijk, and S. Devadas, “Extract-
ing secret keys from integrated circuits,” IEEE Transactions on Very Large Scale
Integration (VLSI) Systems, vol. 13, no. 10, pp. 1200–1205, 2005.
[13] Semiconductor Industry Association and others, “International technology roadmap
for semiconductors 2013 edition emerging research devices,” http://www.itrs2.net/,
2013.
[14] Semiconductor Industry Association and others, “International technology roadmap
for semiconductors 2010 ERD/ERM technology work groups report on emerging
research memory technologies,” http://www.itrs2.net/, 2010.
175
[15] R. Waser, Nanoelectronics and information technology. John Wiley & Sons, 2012.
[16] R. Waser, D. Ielmini, H. Akinaga, H. Shima, H.-S. P. Wong, J. J. Yang, and S. Yu,
“Introduction to nanoionic elements for information technology,” Resistive Switch-
ing: From Fundamentals of Nanoionic Redox Processes to Memristive Device Ap-
plications, pp. 1–30, 2016.
[17] Z. Wei, Y. Kanzawa, K. Arita, Y. Katoh, K. Kawai, S. Muraoka, S. Mitani, S. Fujii,
K. Katayama, M. Iijima et al., “Highly reliable TaOx ReRAM and direct evidence
of redox reaction mechanism,” in IEEE International Electron Devices Meeting
(IEDM), 2008, pp. 1–4.
[18] B. Hudec, C.-W. Hsu, I.-T. Wang, W.-L. Lai, C.-C. Chang, T. Wang, K. Fro¨hlich,
C.-H. Ho, C.-H. Lin, and T.-H. Hou, “3D resistive RAM cell design for high-density
storage class memory-a review,” Science China Information Sciences, vol. 59, no. 6,
pp. 061 403:1–21, 2016.
[19] H. Nili, S. Walia, A. E. Kandjani, R. Ramanathan, P. Gutruf, T. Ahmed, S. Bal-
endhran, V. Bansal, D. B. Strukov, O. Kavehei et al., “Donor-induced performance
tuning of amorphous SrTiO3 memristive nanodevices: Multistate resistive switch-
ing and mechanical tunability,” Advanced Functional Materials, vol. 25, no. 21, pp.
3172–3182, 2015.
[20] H. Nili, T. Ahmed, S. Walia, R. Ramanathan, A. E. Kandjani, S. Rubanov, J. Kim,
O. Kavehei, V. Bansal, M. Bhaskaran et al., “Microstructure and dynamics of
vacancy-induced nanofilamentary switching network in donor doped SrTiO3−x
memristors,” Nanotechnology, vol. 27, no. 50, pp. 505 210:1–8, 2016.
[21] S. C. Konigsmark, L. K. Hwang, D. Chen, and M. D. Wong, “CNPUF: A carbon
176
nanotube-based physically unclonable function for secure low-energy hardware de-
sign,” in 19th Asia and South Pacific Design Automation Conference (ASP-DAC),
2014, pp. 73–78.
[22] Z. Hu, J. M. M. L. Comeras, H. Park, J. Tang, A. Afzali, G. S. Tulevski, J. B.
Hannon, M. Liehr, and S.-J. Han, “Physically unclonable cryptographic primitives
using self-assembled carbon nanotubes,” Nature Nanotechnology, vol. 11, no. 6,
pp. 559–565, 2016.
[23] Y. Gao, D. C. Ranasinghe, S. F. Al-Sarawi, O. Kavehei, and D. Abbott, “Mem-
ristive crypto primitive for building highly secure physical unclonable functions,”
Scientific Reports, vol. 5, 2015.
[24] J. Mathew, R. S. Chakraborty, D. P. Sahoo, Y. Yang, and D. K. Pradhan, “A novel
memristor based physically unclonable function,” Integration, the VLSI Journal,
vol. 51, pp. 37–45, 2015.
[25] G. S. Rose, N. McDonald, L.-K. Yan, and B. Wysocki, “A write-time based mem-
ristive PUF for hardware security applications,” in IEEE/ACM International Con-
ference on Computer-Aided Design (ICCAD), 2013, pp. 830–833.
[26] A. Chen, “Reconfigurable physical unclonable function based on probabilistic
switching of RRAM,” Electronics Letters, vol. 51, no. 8, pp. 615–617, 2015.
[27] W. Che, J. Plusquellic, and S. Bhunia, “A non-volatile memory based physically
unclonable function without helper data,” in IEEE/ACM International Conference
on Computer-Aided Design (ICCAD), 2014, pp. 148–153.
[28] R. Liu, H. Wu, Y. Pang, H. Qian, and S. Yu, “Experimental characterization of
physical unclonable function based on 1 kb resistive random access memory ar-
rays,” IEEE Electron Device Letters, vol. 36, no. 12, pp. 1380–1383, 2015.
177
[29] L. Zhang, X. Fong, C.-H. Chang, Z. H. Kong, and K. Roy, “Feasibility study of
emerging non-volatile memory based physical unclonable functions,” in IEEE 6th
International Memory Workshop (IMW), 2014, pp. 1–4.
[30] P.-Y. Chen, R. Fang, R. Liu, C. Chakrabarti, Y. Cao, and S. Yu, “Exploiting resistive
cross-point array for compact design of physical unclonable function,” in IEEE
International Symposium on Hardware-Oriented Security and Trust–HOST, 2015,
pp. 26–31.
[31] L. Gao, P.-Y. Chen, R. Liu, and S. Yu, “Physical unclonable function exploiting
sneak paths in resistive cross-point array,” IEEE Transactions on Electron Devices,
vol. 63, no. 8, pp. 3109–3115, 2016.
[32] C. Paar and J. Pelzl, Understanding cryptography: A textbook for students and
practitioners. Springer Science & Business Media, 2009.
[33] T. M. Chen and S. Abu-Nimeh, “Lessons from Stuxnet,” Computer, vol. 44, no. 4,
pp. 91–93, 2011.
[34] R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security & Pri-
vacy, vol. 9, no. 3, pp. 49–51, 2011.
[35] J. Beyerer, J. Jasperneite, and O. Sauer, “Industrie 4.0,” at-
Automatisierungstechnik, vol. 63, no. 10, pp. 751–752, 2015.
[36] H. Junker, “IT-Sicherheit fu¨r Industrie 4.0 und IoT,” Datenschutz und
Datensicherheit–DuD, vol. 39, no. 10, pp. 647–651, 2015.
[37] K. Auguste, “La cryptographie militaire,” Journal des Sciences Militaires, vol. IX,
pp. 5–38, 1883.
178
[38] M. van Dijk and U. Ru¨hrmair, “Physical unclonable functions in cryptographic pro-
tocols: security proofs and impossibility results.” IACR Cryptology ePrint Archive,
vol. 2012, pp. 228:1–36, 2012.
[39] S. Ravi, A. Raghunathan, P. Kocher, and S. Hattangady, “Security in embedded
systems: Design challenges,” ACM Transactions on Embedded Computing Systems
(TECS), vol. 3, no. 3, pp. 461–491, 2004.
[40] R. J. Anderson, Security engineering: A guide to building dependable distributed
systems. John Wiley & Sons, 2010.
[41] R. S. Pappu, “Physical one-way functions,” PhD dissertation, Massachusetts Insti-
tute of Technology, 2001.
[42] S. Uryasev, “Introduction to the theory of probabilistic functions and percentiles
(value-at-risk),” in Probabilistic Constrained Optimization, 2000, pp. 1–25.
[43] R. Maes, “Physically unclonable functions: Constructions, properties and applica-
tions,” PhD dissertation, University of KU Leuven, 2012.
[44] R. Maes and I. Verbauwhede, “A discussion on the properties of physically unclon-
able functions,” in TRUST 2010 Workshop, Berlin, 2010.
[45] U. Ru¨hrmair, C. Jaeger, M. Bator, M. Stutzmann, P. Lugli, and G. Csaba, “Applica-
tions of high-capacity crossbar memories in cryptography,” IEEE Transactions on
Nanotechnology, vol. 10, no. 3, pp. 489–498, 2011.
[46] U. Ru¨hrmair, “Oblivious transfer based on physical unclonable functions,” in Inter-
national Conference on Trust and Trustworthy Computing, 2010, pp. 430–440.
[47] B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas, “Controlled physical ran-
dom functions,” in Proceedings of the 18th Annual Computer Security Applications
Conference (ACSAC’02), 2002, pp. 149–160.
179
[48] N. Beckmann and M. Potkonjak, “Hardware-based public-key cryptography with
public physically unclonable functions,” in Information Hiding, 2009, pp. 206–220.
[49] J. B. Wendt and M. Potkonjak, “Nanotechnology-based trusted remote sensing,” in
IEEE Sensors, 2011, pp. 1213–1216.
[50] U. Ru¨hrmair, “SIMPL systems: On a public key variant of physical unclonable
functions.” IACR Cryptology ePrint Archive, vol. 2009, pp. 255:1–16, 2009.
[51] K. Kursawe, A.-R. Sadeghi, D. Schellekens, B. Skoric, and P. Tuyls, “Reconfig-
urable physical unclonable functions-enabling technology for tamper-resistant stor-
age,” in IEEE International Workshop on Hardware-Oriented Security and Trust,
2009, pp. 22–29.
[52] J. Katz, A. J. Menezes, P. C. Van Oorschot, and S. A. Vanstone, Handbook of ap-
plied cryptography. CRC press, 1996.
[53] R. Maes, A. Van Herrewege, and I. Verbauwhede, “PUFKY: A fully functional
PUF-based cryptographic key generator,” in International Workshop on Crypto-
graphic Hardware and Embedded Systems–CHES, 2012, pp. 302–319.
[54] G. E. Suh, C. W. O’Donnell, and S. Devadas, “Aegis: A single-chip secure proces-
sor,” IEEE Design & Test of Computers, vol. 24, no. 6, pp. 570–580, 2007.
[55] C. Bo¨sch, J. Guajardo, A.-R. Sadeghi, J. Shokrollahi, and P. Tuyls, “Efficient helper
data key extractor on FPGAs,” in International Workshop on Cryptographic Hard-
ware and Embedded Systems–CHES, 2008, pp. 181–197.
[56] R. Maes, P. Tuyls, and I. Verbauwhede, “Low-overhead implementation of a soft
decision helper data algorithm for SRAM PUFs,” in Cryptographic Hardware and
Embedded Systems–CHES, 2009, pp. 332–347.
180
[57] M.-D. Yu and S. Devadas, “Secure and robust error correction for physical unclon-
able functions,” IEEE Design & Test of Computers, vol. 27, no. 1, pp. 48–65, 2010.
[58] J. Delvaux, D. Gu, D. Schellekens, and I. Verbauwhede, “Helper data algorithms
for PUF-based key generation: Overview and analysis,” IEEE Transactions on
Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 6, pp. 889–
902, 2015.
[59] Y. Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys
from biometrics and other noisy data,” in International Conference on the Theory
and Applications of Cryptographic Techniques, 2004, pp. 523–540.
[60] B. L. Gassend, “Physical random functions,” PhD dissertation, Massachusetts In-
stitute of Technology, 2003.
[61] G. E. Suh, C. W. O’Donnell, I. Sachdev, and S. Devadas, “Design and implementa-
tion of the AEGIS single-chip secure processor using physical random functions,”
in ACM SIGARCH Computer Architecture News, vol. 33, no. 2, 2005, pp. 25–36.
[62] J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, “FPGA intrinsic PUFs and
their use for IP protection,” in International Workshop on Cryptographic Hardware
and Embedded Systems–CHES, 2007, pp. 63–80.
[63] R. Maes, P. Tuyls, and I. Verbauwhede, “A soft decision helper data algorithm for
SRAM PUFs,” in IEEE International Symposium on Information Theory (ISIT),
2009, pp. 2101–2105.
[64] B. Colombier, L. Bossuet, V. Fischer, and D. He´ly, “Key reconciliation protocols
for error correction of silicon PUF responses,” IEEE Transactions on Information
Forensics and Security, vol. 12, no. 8, pp. 1988–2002, 2017.
181
[65] D. C. Ranasinghe, D. Engels, and P. Cole, “Security and privacy: Modest proposals
for low-cost RFID systems,” in Auto-ID Labs Research Workshop, 2004, pp. 15:1–
7.
[66] D. C. Ranasinghe and P. H. Cole, “Confronting security and privacy threats in mod-
ern RFID systems,” in Fortieth Asilomar Conference on Signals, Systems and Com-
puters (ACSSC), 2006, pp. 2058–2064.
[67] M. N. Aman, K. C. Chua, and B. Sikdar, “A light-weight mutual authentication
protocol for IoT systems,” in IEEE Global Communications Conference (GLOBE-
COM), 2017, pp. 1–6.
[68] S. Devadas, E. Suh, S. Paral, R. Sowell, T. Ziola, and V. Khandelwal, “Design
and implementation of PUF-based ‘unclonable’ RFID ICs for anti-counterfeiting
and security applications,” in IEEE International Conference on RFID, 2008, pp.
58–64.
[69] U. Ru¨hrmair, F. Sehnke, J. So¨lter, G. Dror, S. Devadas, and J. Schmidhuber, “Mod-
eling attacks on physical unclonable functions,” in Proceedings of the 17th ACM
Conference on Computer and Communications Security, 2010, pp. 237–249.
[70] C. Herder, M.-D. Yu, F. Koushanfar, and S. Devadas, “Physical unclonable func-
tions and applications: A tutorial,” Proceedings of the IEEE, vol. 102, no. 8, pp.
1126–1141, 2014.
[71] M. Rostami, M. Majzoobi, F. Koushanfar, D. Wallach, and S. Devadas, “Robust and
reverse-engineering resilient PUF authentication and key-exchange by substring
matching,” IEEE Transactions on Emerging Topics in Computing, vol. 2, no. 1,
pp. 37–49, 2014.
[72] B. Gassend, D. Lim, D. Clarke, M. Van Dijk, and S. Devadas, “Identification and
182
authentication of integrated circuits,” Concurrency and Computation: Practice and
Experience, vol. 16, no. 11, pp. 1077–1098, 2004.
[73] R. Maes and I. Verbauwhede, “Physically unclonable functions: A study on the state
of the art and future research directions,” in Towards Hardware-Intrinsic Security,
2010, pp. 3–37.
[74] R. Posch, “Protecting devices by active coating,” Journal of Universal Computer
Science, vol. 4, no. 7, pp. 652–668, 1998.
[75] P. Tuyls and B. Sˇkoric´, “Secret key generation from classical physics: Physical
uncloneable functions,” in AmIware Hardware Technology Drivers of Ambient In-
telligence, 2006, pp. 421–447.
[76] R. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical one-way functions,”
Science, vol. 297, no. 5589, pp. 2026–2030, 2002.
[77] P. Tuyls, B. Sˇkoric´, S. Stallinga, A. H. Akkermans, and W. Ophey, “Information-
theoretic security analysis of physical uncloneable functions,” in International Con-
ference on Financial Cryptography and Data Security, 2005, pp. 141–155.
[78] D. Jiang and C. N. Chong, “Anti-counterfeiting using phosphor PUF,” in 2nd In-
ternational Conference on Anti-counterfeiting, Security and Identification (ASID),
2008, pp. 59–62.
[79] S. Vrijaldenhoven, “Acoustical physical uncloneable functions,” Master’s disserta-
tion, Eindhoven University of Technology, 2005.
[80] S. Morozov, A. Maiti, and P. Schaumont, “An analysis of delay based PUF im-
plementations on FPGA,” in International Symposium on Applied Reconfigurable
Computing, 2010, pp. 382–387.
183
[81] A. Maiti, R. Nagesh, A. Reddy, and P. Schaumont, “Physical unclonable function
and true random number generator: A compact and scalable implementation,” in
Proceedings of the 19th ACM Great Lakes Symposium on VLSI, 2009, pp. 425–428.
[82] A. Maiti and P. Schaumont, “Improving the quality of a physical unclonable func-
tion using configurable ring oscillators,” in International Conference on Field Pro-
grammable Logic and Applications, 2009, pp. 703–707.
[83] A. Maiti and P. Schaumont, “Improved ring oscillator PUF: An FPGA-friendly se-
cure primitive,” Journal of Cryptology, vol. 24, no. 2, pp. 375–397, 2011.
[84] C.-E. D. Yin and G. Qu, “LISA: Maximizing RO PUF’s secret extraction,” in IEEE
International Symposium on Hardware-Oriented Security and Trust–HOST, 2010,
pp. 100–105.
[85] C.-E. Yin, G. Qu, and Q. Zhou, “Design and implementation of a group-based RO
PUF,” in Proceedings of the Conference on Design, Automation and Test in Europe,
2013, pp. 416–421.
[86] A. Maiti, I. Kim, and P. Schaumont, “A robust physical unclonable function with
enhanced challenge-response set,” IEEE Transactions on Information Forensics and
Security, vol. 7, no. 1, pp. 333–345, 2012.
[87] D. Lim, “Extracting secret keys from integrated circuits,” PhD dissertation, Mas-
sachusetts Institute of Technology (MIT), 2004.
[88] M. Majzoobi, F. Koushanfar, and M. Potkonjak, “Techniques for design and imple-
mentation of secure reconfigurable PUFs,” ACM Transactions on Reconfigurable
Technology and Systems (TRETS), vol. 2, no. 1, pp. 5:1–33, 2009.
[89] Y. Wang, W.-k. Yu, S. Wu, G. Malysa, G. E. Suh, and E. C. Kan, “Flash memory
for ubiquitous hardware security functions: True random number generation and
184
device fingerprints,” in IEEE Symposium on Security and Privacy (SP), 2012, pp.
33–47.
[90] Y. Wang, W.-k. Yu, S. Q. Xu, E. Kan, and G. E. Suh, “Hiding information in flash
memory,” in IEEE Symposium on Security and Privacy (SP), 2013, pp. 271–285.
[91] D. E. Holcomb, W. P. Burleson, K. Fu et al., “Initial SRAM state as a fingerprint and
source of true random numbers for RFID tags,” in Proceedings of the Conference
on RFID Security, vol. 7, 2007, pp. 2:1–12.
[92] D. E. Holcomb, W. P. Burleson, and K. Fu, “Power-up SRAM state as an identifying
fingerprint and source of true random numbers,” IEEE Transactions on Computers,
vol. 58, no. 9, pp. 1198–1210, 2009.
[93] G. Selimis, M. Konijnenburg, M. Ashouei, J. Huisken, H. de Groot,
V. van der Leest, G.-J. Schrijen, M. van Hulst, and P. Tuyls, “Evaluation of 90nm
6T-SRAM as physical unclonable function for secure key generation in wireless
sensor nodes,” in IEEE International Symposium on Circuits and Systems (ISCAS),
2011, pp. 567–570.
[94] G.-J. Schrijen and V. van der Leest, “Comparative analysis of SRAM memories
used as PUF primitives,” in Proceedings of the Conference on Design, Automation
and Test in Europe, 2012, pp. 1319–1324.
[95] S. Okumura, S. Yoshimoto, H. Kawaguchi, and M. Yoshimoto, “A 128-bit chip
identification generating scheme exploiting SRAM bitcells with failure rate of
4.45×10−19,” in Proceedings of the ESSCIRC, 2011, pp. 527–530.
[96] D. E. Holcomb, A. Rahmati, M. Salajegheh, W. P. Burleson, and K. Fu, “DRV-
fingerprinting: Using data retention voltage of SRAM cells for chip identification,”
in International Workshop on Radio Frequency Identification: Security and Privacy
Issues, 2012, pp. 165–179.
185
[97] X. Xu, A. Rahmati, D. E. Holcomb, K. Fu, and W. Burleson, “Reliable physical un-
clonable functions using data retention voltage of SRAM cells,” IEEE Transactions
on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 6, pp.
903–914, 2015.
[98] Y. Su, J. Holleman, and B. Otis, “A 1.6 pJ/bit 96% stable chip-ID generating circuit
using process variations,” in IEEE International Solid-State Circuits Conference
(ISSCC), 2007, pp. 406–611.
[99] S. S. Kumar, J. Guajardo, R. Maes, G.-J. Schrijen, and P. Tuyls, “The butterfly PUF
protecting IP on every FPGA,” in IEEE International Symposium on Hardware-
Oriented Security and Trust–HOST, 2008, pp. 67–70.
[100] R. Maes, P. Tuyls, and I. Verbauwhede, “Intrinsic PUFs from flip-flops on recon-
figurable devices,” in 3rd Benelux Workshop on Information and System Security
(WISSec), vol. 17, 2008, pp. 1–17.
[101] V. Van der Leest, G.-J. Schrijen, H. Handschuh, and P. Tuyls, “Hardware intrinsic
security from D flip-flops,” in Proceedings of the 5th ACM Workshop on Scalable
Trusted Computing, 2010, pp. 53–62.
[102] P. Simons, E. van der Sluis, and V. van der Leest, “Buskeeper PUFs, a promising
alternative to D flip-flop PUFs,” in IEEE International Symposium on Hardware-
Oriented Security and Trust–HOST, 2012, pp. 7–12.
[103] G. DeJean and D. Kirovski, “RF-DNA: Radio-frequency certificates of authen-
ticity,” in International Workshop on Cryptographic Hardware and Embedded
Systems–CHES, 2007, pp. 346–363.
[104] J. Guajardo, B. Sˇkoric´, P. Tuyls, S. S. Kumar, T. Bel, A. H. Blom, and G.-J. Schri-
jen, “Anti-counterfeiting, key distribution, and key storage in an ambient world via
186
physical unclonable functions,” Information Systems Frontiers, vol. 11, no. 1, pp.
19–41, 2009.
[105] C. Jaeger, M. Algasinger, U. Ru¨hrmair, G. Csaba, and M. Stutzmann, “Random pn-
junctions for physical cryptography,” Applied Physics Letters, vol. 96, no. 17, pp.
172 103:1–3, 2010.
[106] Y. Cao, L. Zhang, S. S. Zalivaka, C.-H. Chang, and S. Chen, “CMOS image sensor
based physical unclonable function for coherent sensor-level authentication,” IEEE
Transactions on Circuits and Systems I: Regular Papers, vol. 62, no. 11, pp. 2629–
2640, 2015.
[107] H. Tian, B. Fowler, and A. E. Gamal, “Analysis of temporal noise in CMOS photo-
diode active pixel sensor,” IEEE Journal of Solid-State Circuits, vol. 36, no. 1, pp.
92–101, 2001.
[108] M. S. Hashemian, B. Singh, F. Wolff, D. Weyer, S. Clay, and C. Papachristou, “A
robust authentication methodology using physically unclonable functions in DRAM
arrays,” in Design, Automation & Test in Europe Conference & Exhibition (DATE),
2015, pp. 647–652.
[109] R. Giterman, Y. Weizman, and A. Teman, “Gain-cell embedded DRAM-based
physical unclonable function,” IEEE Transactions on Circuits and Systems I: Reg-
ular Papers, no. 99, pp. 1–11, 2018.
[110] S. Okumura, S. Yoshimoto, H. Kawaguchi, and M. Yoshimoto, “A 128-bit chip
identification generating scheme exploiting load transistors’ variation in SRAM bit-
cells,” IEICE Transactions on Fundamentals of Electronics, Communications and
Computer Sciences, vol. 95, no. 12, pp. 2226–2233, 2012.
[111] M. Claes, V. van der Leest, and A. Braeken, “Comparison of SRAM and FF PUF in
65nm technology,” in Nordic Conference on Secure IT Systems, 2011, pp. 47–64.
187
[112] S. Gaba, “Resistive-RAM for data storage applications,” PhD dissertation, Univer-
sity of Michigan, 2014.
[113] D. S. Jeong, R. Thomas, R. Katiyar, J. Scott, H. Kohlstedt, A. Petraru, and C. S.
Hwang, “Emerging memories: Resistive switching mechanisms and current status,”
Reports on Progress in Physics, vol. 75, no. 7, pp. 076 502:1–31, 2012.
[114] J. Gibbons and W. Beadle, “Switching properties of thin NiO films,” Solid-State
Electronics, vol. 7, no. 11, pp. 785–790, 1964.
[115] E. Linn, R. Rosezin, C. Ku¨geler, and R. Waser, “Complementary resistive switches
for passive nanocrossbar memories,” Nature Materials, vol. 9, no. 5, pp. 403–406,
2010.
[116] S.-S. Sheu, P.-C. Chiang, W.-P. Lin, H.-Y. Lee, P.-S. Chen, Y.-S. Chen, T.-Y. Wu,
F. T. Chen, K.-L. Su, M.-J. Kao et al., “A 5ns fast write multi-level non-volatile 1 K
bits RRAM memory with advance write scheme,” in Symposium on VLSI Circuits,
2009, pp. 82–83.
[117] A. Chen and M. R. Lin, “Variability of resistive switching memories and its impact
on crossbar array performance,” in IEEE International Reliability Physics Sympo-
sium (IRPS), 2011, pp. MY.7.1–4.
[118] S. Yu, “Resistive random access memory (RRAM),” Synthesis Lectures on Emerg-
ing Engineering Technologies, vol. 2, no. 5, pp. 1–79, 2016.
[119] S. Ambrogio, S. Balatti, A. Cubeta, A. Calderoni, N. Ramaswamy, and D. Ielmini,
“Statistical fluctuations in HfOx resistive-switching memory: Part I–Set/Reset vari-
ability,” IEEE Transactions on Electron Devices, vol. 61, no. 8, pp. 2912–2919,
2014.
188
[120] G. S. Rose, J. Rajendran, N. McDonald, R. Karri, M. Potkonjak, and B. Wysocki,
“Hardware security strategies exploiting nanoelectronic circuits,” in 18th Asia and
South Pacific Design Automation Conference (ASP-DAC), 2013, pp. 368–372.
[121] L. Liu, H. Huang, and S. Hu, “Lorenz chaotic system-based carbon nanotube phys-
ical unclonable functions,” IEEE Transactions on Computer-Aided Design of Inte-
grated Circuits and Systems, vol. 37, no. 7, pp. 1408–1421, 2018.
[122] T. Marukame, T. Tanamoto, and Y. Mitani, “Extracting physically unclonable func-
tion from spin transfer switching characteristics in magnetic tunnel junctions,”
IEEE Transactions on Magnetics, vol. 50, no. 11, pp. 1–4, 2014.
[123] L. Zhang, X. Fong, C.-H. Chang, Z. H. Kong, and K. Roy, “Highly reliable
memory-based physical unclonable function using spin-transfer torque MRAM,” in
IEEE International Symposium on Circuits and Systems (ISCAS), 2014, pp. 2169–
2172.
[124] Y. Morita, H. Fujiwara, H. Noguchi, Y. Iguchi, K. Nii, H. Kawaguchi, and M. Yoshi-
moto, “An area-conscious low-voltage-oriented 8T-SRAM design under DVS envi-
ronment,” in IEEE Symposium on VLSI Circuits,, 2007, pp. 256–257.
[125] L. Zhang, X. Fong, C.-H. Chang, Z. H. Kong, and K. Roy, “Highly reliable spin-
transfer torque magnetic RAM-based physical unclonable function with multi-
response-bits per cell,” IEEE Transactions on Information Forensics and Security,
vol. 10, no. 8, pp. 1630–1642, 2015.
[126] L. Zhang, X. Fong, C.-H. Chang, Z. H. Kong, and K. Roy, “Optimizating emerging
nonvolatile memories for dual-mode applications: Data storage and key generator,”
IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems,
vol. 34, no. 7, pp. 1176–1187, 2015.
189
[127] E. I. Vatajelu, G. Di Natale, M. Indaco, and P. Prinetto, “STT MRAM-based PUFs,”
in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015,
pp. 872–875.
[128] E. I. Vatajelu, G. D. Natale, M. Barbareschi, L. Torres, M. Indaco, and
P. Prinetto, “STT-MRAM-based PUF architecture exploiting magnetic tunnel junc-
tion fabrication-induced variability,” ACM Journal on Emerging Technologies in
Computing Systems (JETC), vol. 13, no. 1, pp. 1–21, 2016.
[129] E. I. Vatajelu, G. Di Natale, and P. Prinetto, “Security primitives (PUF and TRNG)
with STT-MRAM,” in IEEE 34th VLSI Test Symposium (VTS), 2016, pp. 1–4.
[130] J. Das, K. Scott, D. Burgett, S. Rajaram, and S. Bhanja, “A novel geometry based
MRAM PUF,” in IEEE 14th International Conference on Nanotechnology (IEEE-
NANO), 2014, pp. 859–863.
[131] J. Das, K. Scott, S. Rajaram, D. Burgett, and S. Bhanja, “MRAM PUF: A novel ge-
ometry based magnetic PUF with integrated CMOS,” IEEE Transactions on Nan-
otechnology, vol. 14, no. 3, pp. 436–443, 2015.
[132] J. Das, K. Scott, and S. Bhanja, “MRAM PUF: Using geometric and resistive vari-
ations in MRAM cells,” ACM Journal on Emerging Technologies in Computing
Systems (JETC), vol. 13, no. 1, pp. 1–15, 2016.
[133] G. S. Rose, N. McDonald, L.-K. Yan, B. Wysocki, and K. Xu, “Foundations of
memristor based PUF architectures,” in IEEE/ACM International Symposium on
Nanoscale Architectures (NANOARCH), 2013, pp. 52–57.
[134] J. Rajendran, G. S. Rose, R. Karri, and M. Potkonjak, “Nano-PPUF: A memristor-
based security primitive,” in IEEE Computer Society Annual Symposium on VLSI
(ISVLSI), 2012, pp. 84–87.
190
[135] J. Rajendran, R. Karri, J. B. Wendt, M. Potkonjak, N. R. McDonald, G. S. Rose, and
B. T. Wysocki, “Nanoelectronic solutions for hardware security,” IACR Cryptology
ePrint Archive, vol. 2012, pp. 575:1–12, 2012.
[136] J. B. Wendt and M. Potkonjak, “The bidirectional polyomino partitioned PPUF as
a hardware security primitive,” in IEEE Global Conference on Signal and Informa-
tion Processing (GlobalSIP), 2013, pp. 257–260.
[137] O. Kavehei, C. Hosung, D. Ranasinghe, and S. Skafidas, “mrPUF: A memristive
device based physical unclonable function,” arXiv preprints 1302.2191, 2013.
[138] U. Chatterjee, R. S. Chakraborty, J. Mathew, and D. K. Pradhan, “Memristor based
arbiter PUF: Cryptanalysis threat and its mitigation,” in 29th International Con-
ference on VLSI Design and 15th International Conference on Embedded Systems
(VLSID), 2016, pp. 535–540.
[139] R. Govindaraj and S. Ghosh, “A strong arbiter PUF using resistive RAM within
1T-1R memory architecture,” in IEEE 34th International Conference on Computer
Design (ICCD), 2016, pp. 141–148.
[140] K. Beckmann, H. Manem, and N. C. Cady, “Performance enhancement of a time-
delay PUF design by utilizing integrated nanoscale ReRAM devices,” IEEE Trans-
actions on Emerging Topics in Computing, vol. 5, no. 3, pp. 304–316, 2017.
[141] A. Mazady, M. T. Rahman, D. Forte, and M. Anwar, “Memristor PUF–a security
primitive: Theory and experiment,” IEEE Journal on Emerging and Selected Topics
in Circuits and Systems, vol. 5, no. 2, pp. 222–229, 2015.
[142] G. S. Rose and C. A. Meade, “Performance analysis of a memristive crossbar PUF
design,” in Proceedings of the Annual Design Automation Conference (DAC), 2015,
pp. 75:1–6.
191
[143] M. Uddin, M. B. Majumder, G. S. Rose, K. Beckmann, H. Manem, Z. Alamgir,
and N. C. Cady, “Techniques for improved reliability in memristive crossbar PUF
circuits,” in IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2016,
pp. 212–217.
[144] M. Uddin, M. Majumder, K. Beckmann, H. Manem, Z. Alamgir, N. C. Cady, and
G. S. Rose, “Design considerations for memristive crossbar physical unclonable
functions,” ACM Journal on Emerging Technologies in Computing Systems (JETC),
vol. 14, no. 1, pp. 2:1–23, 2017.
[145] G. S. Rose, M. B. Majumder, and M. Uddin, “Exploiting memristive crossbar mem-
ories as dual-use security primitives in IoT devices,” in IEEE Computer Society
Annual Symposium on VLSI (ISVLSI), 2017, pp. 615–620.
[146] M. Uddin, M. Majumder, and G. S. Rose, “Robustness analysis of a memristive
crossbar PUF against modeling attacks,” IEEE Transactions on Nanotechnology,
vol. 16, pp. 396–405, 2017.
[147] P. Koeberl, U¨. Kocabas¸, and A.-R. Sadeghi, “Memristor PUFs: A new generation of
memory-based physically unclonable functions,” in Proceedings of the Conference
on Design, Automation and Test in Europe, 2013, pp. 428–431.
[148] R. Liu, H. Wu, Y. Pang, H. Qian, and S. Yu, “A highly reliable and tamper-resistant
RRAM PUF: Design and experimental validation,” in IEEE International Sympo-
sium on Hardware-Oriented Security and Trust–HOST, 2016, pp. 13–18.
[149] A. Shrivastava, P.-Y. Chen, Y. Cao, S. Yu, and C. Chakrabarti, “Design of a reliable
RRAM-based PUF for compact hardware security primitives,” in IEEE Interna-
tional Symposium on Circuits and Systems (ISCAS), 2016, pp. 2326–2329.
[150] Y. Pang, H. Wu, B. Gao, N. Deng, D. Wu, R. Liu, S. Yu, A. Chen, and H. Qian,
192
“Optimization of RRAM-based physical unclonable function with a novel differen-
tial read-out method,” IEEE Electron Device Letters, vol. 38, no. 2, pp. 168–171,
2017.
[151] B. Cambou and M. Orlowski, “PUF designed with resistive RAM and ternary
states,” in Proceedings of the 11th Annual Cyber and Information Security Research
Conference, 2016, pp. 1–8.
[152] A. Chen, “Utilizing the variability of resistive random access memory to imple-
ment reconfigurable physical unclonable functions,” IEEE Electron Device Letters,
vol. 36, no. 2, pp. 138–140, 2015.
[153] A. Chen, “Comprehensive assessment of RRAM-based PUF for hardware security
applications,” in IEEE International Electron Devices Meeting (IEDM), 2015, pp.
10.7.1–4.
[154] R. Liu, P.-Y. Chen, and S. Yu, “Design and optimization of a strong PUF exploiting
sneak paths in resistive cross-point array,” in IEEE International Symposium on
Circuits and Systems (ISCAS), 2017, pp. 1–4.
[155] Y. Pang, H. Wu, B. Gao, R. Liu, S. Wang, S. Yu, A. Chen, and H. Qian, “Design
and optimization of strong physical unclonable function (PUF) based on RRAM
array,” in International Symposium on VLSI Technology, Systems and Application
(VLSI-TSA), 2017, pp. 1–2.
[156] H. Nili, G. C. Adam, B. Hoskins, M. Prezioso, J. Kim, M. R. Mahmoodi, F. M.
Bayat, O. Kavehei, and D. B. Strukov, “Hardware-intrinsic security primitives en-
abled by analogue state and nonlinear conductance variations in integrated memris-
tors,” Nature Electronics, vol. 1, pp. 197–202, 2018.
[157] G. Adam, H. Nili, J. Kim, B. Hoskins, O. Kavehei, and D. Strukov, “Utilizing IV
non-linearity and analog state variations in ReRAM-based security primitives,” in
193
47th European Solid-State Device Research Conference (ESSDERC), 2017, pp. 74–
77.
[158] J. Kim, H. Nili, G. Adam, N. Truong, D. Strukov, and O. Kavehei, “Predictive anal-
ysis of 3D ReRAM-based PUF for securing the Internet of Things,” in Proceeding
TenSymp, 2018, pp. 57–60.
[159] R. Liu, P.-Y. Chen, X. Peng, and S. Yu, “X-point PUF: Exploiting sneak paths for
a strong physical unclonable function design,” IEEE Transactions on Circuits and
Systems I: Regular Papers, no. 99, pp. 1–10, 2018.
[160] L. E. Bassham, A. L. Rukhin, J. Soto, J. R. Nechvatal, M. E. Smid, E. B. Barker,
S. D. Leigh, M. Levenson, M. Vangel, D. L. Banks, N. A. Heckert, J. F. Dray, and
S. Vo, “SP 800-22 Rev. 1a. A statistical test suite for random and pseudorandom
number generators for cryptographic applications,” National Institute of Standards
& Technology (NIST), Tech. Rep., 2010.
[161] B. Cambou and F. Afghah, “Physically unclonable functions with multi-states and
machine learning,” in 14th International Workshop on Cryptographic Architectures
Embedded in Logic Devices (CryptArchi), 2016.
[162] L. Zhang, Z. H. Kong, C.-H. Chang, A. Cabrini, and G. Torelli, “Exploiting process
variations and programming sensitivity of phase change memory for reconfigurable
physical unclonable functions,” IEEE Transactions on Information Forensics and
Security, vol. 9, no. 6, pp. 921–932, 2014.
[163] J. Zhang, Y. Lin, Y. Lyu, and G. Qu, “A PUF-FSM binding scheme for FPGA IP
protection and pay-per-device licensing,” IEEE Transactions on Information Foren-
sics and Security, vol. 10, no. 6, pp. 1137–1150, 2015.
[164] Y. Su, J. Holleman, and B. P. Otis, “A digital 1.6 pJ/bit chip identification circuit
194
using process variations,” IEEE Journal of Solid-State Circuits, vol. 43, no. 1, pp.
69–77, 2008.
[165] Defense Advanced Research Projects Agency (DARPA), Microsystems Technol-
ogy Office/MTO Broad Agency Announcement. (2014) Supply chain hardware in-
tegrity for electronics defense (SHIELD).
[166] Y. Hori, T. Yoshida, T. Katashita, and A. Satoh, “Quantitative and statistical per-
formance evaluation of arbiter physical unclonable functions on FPGAs,” in IEEE
International Conference on Reconfigurable Computing and FPGAs (ReConFig),
2010, pp. 298–303.
[167] L. Lin, S. Srivathsa, D. K. Krishnappa, P. Shabadi, and W. Burleson, “Design and
validation of arbiter-based PUFs for sub-45-nm low-power security applications,”
IEEE Transactions on Information Forensics and Security, vol. 7, no. 4, pp. 1394–
1403, 2012.
[168] Y. Cao, L. Zhang, C.-H. Chang, and S. Chen, “A low-power hybrid RO PUF
with improved thermal stability for lightweight applications,” IEEE Transactions
on Computer-Aided Design of Integrated Circuits and Systems, vol. 34, no. 7, pp.
1143–1147, 2015.
[169] C. Bo¨hm, M. Hofer, and W. Pribyl, “A microcontroller SRAM-PUF,” in 5th Inter-
national Conference on Network and System Security (NSS), 2011, pp. 269–273.
[170] S. Choi, P. Sheridan, and W. D. Lu, “Data clustering using memristor networks,”
Scientific Reports, vol. 5, 2015.
[171] R. Legenstein, “Computer science: Nanoscale connections for brain-like circuits,”
Nature, vol. 521, no. 7550, pp. 37–38, 2015.
195
[172] M. Prezioso, F. Merrikh-Bayat, B. Hoskins, G. Adam, K. K. Likharev, and D. B.
Strukov, “Training and operation of an integrated neuromorphic network based on
metal-oxide memristors,” Nature, vol. 521, no. 7550, pp. 61–64, 2015.
[173] D. C. Daly, L. C. Fujino, and K. C. Smith, “Through the looking glass – the 2017
edition: Trends in solid-state circuits from ISSCC,” IEEE Solid-State Circuits Mag-
azine, vol. 9, no. 1, pp. 12–22, Winter 2017.
[174] R. Waser and M. Aono, “Nanoionics-based resistive switching memories,” Nature
Materials, vol. 6, no. 11, pp. 833–840, 2007.
[175] H.-S. P. Wong and S. Salahuddin, “Memory leads the way to better computing,”
Nature Nanotechnology, vol. 10, no. 3, pp. 191–194, 2015.
[176] P. W. Coteus, J. U. Knickerbocker, C. H. Lam, and Y. A. Vlasov, “Technologies for
exascale systems,” IBM Journal of Research and Development, vol. 55, no. 5, pp.
14:1–12, 2011.
[177] I. Valov, E. Linn, S. Tappertzhofen, S. Schmelzer, J. Van den Hurk, F. Lentz, and
R. Waser, “Nanobatteries in redox-based resistive switches require extension of
memristor theory,” Nature Communications, vol. 4, pp. 1771:1–9, 2013.
[178] R. Waser, R. Dittmann, G. Staikov, and K. Szot, “Redox-based resistive switching
memories–nanoionic mechanisms, prospects, and challenges,” Advanced Materi-
als, vol. 21, no. 25-26, pp. 2632–2663, 2009.
[179] D. B. Strukov, “Endurance-write speed tradeoffs in nonvolatile memories,” Applied
Physics A, vol. 122, no. 4, pp. 1–4, 2016.
[180] H. Nili, S. Walia, S. Balendhran, D. B. Strukov, M. Bhaskaran, and S. Sriram,
“Nanoscale resistive switching in amorphous perovskite oxide (a-SrTiO3) memris-
tors,” Advanced Functional Materials, vol. 24, no. 43, pp. 6741–6750, 2014.
196
[181] D. B. Strukov and R. S. Williams, “Exponential ionic drift: Fast switching and
low volatility of thin-film memristors,” Applied Physics A: Materials Science &
Processing, vol. 94, no. 3, pp. 515–519, 2009.
[182] J. Joshua Yang, M.-X. Zhang, M. D. Pickett, F. Miao, J. Paul Strachan, W.-D. Li,
W. Yi, D. A. Ohlberg, B. Joon Choi, W. Wu et al., “Engineering nonlinearity into
memristors for passive crossbar applications,” Applied Physics Letters, vol. 100,
no. 11, pp. 113 501:1–4, 2012.
[183] B. Razavi, “The StrongARM latch: A circuit for all seasons,” IEEE Solid-State
Circuits Magazine, vol. 7, no. 2, pp. 12–17, 2015.
[184] T. Kobayashi, K. Nogami, T. Shirotori, Y. Fujimoto, and O. Watanabe, “A current-
mode latch sense amplifier and a static power saving input buffer for low-power
architecture,” in Symposium on VLSI Circuits, 1992, pp. 28–29.
[185] P. R. Kinget, “Device mismatch and tradeoffs in the design of analog circuits,” IEEE
Journal of Solid-State Circuits, vol. 40, no. 6, pp. 1212–1224, 2005.
[186] M. J. Pelgrom, A. C. Duinmaijer, A. P. Welbers et al., “Matching properties of
MOS transistors,” IEEE Journal of Solid-State Circuits, vol. 24, no. 5, pp. 1433–
1439, 1989.
[187] A. Maiti, V. Gunreddy, and P. Schaumont, A systematic method to evaluate and
compare the performance of physical unclonable functions. Springer, 2013, pp.
245–267.
[188] M.-D. Yu and S. Devadas, “Secure and robust error correction for physical unclon-
able functions,” IEEE Design Test of Computers, vol. 27, no. 1, pp. 48–65, 2010.
[189] Y. Oren, A.-R. Sadeghi, and C. Wachsmann, “On the effectiveness of the remanence
decay side-channel to clone memory-based PUFs,” in International Workshop on
Cryptographic Hardware and Embedded Systems–CHES, 2013, pp. 107–125.
197
[190] U. Ru¨hrmair, J. Solter, F. Sehnke, X. Xu, A. Mahmoud, V. Stoyanova, G. Dror,
J. Schmidhuber, W. Burleson, and S. Devadas, “PUF modeling attacks on simulated
and silicon data,” IEEE Transactions on Information Forensics and Security, vol. 8,
no. 11, pp. 1876–1891, 2013.
[191] S. Tajik, E. Dietz, S. Frohmann, J.-P. Seifert, D. Nedospasov, C. Helfmeier, C. Boit,
and H. Dittrich, “Physical characterization of arbiter PUFs,” in International Work-
shop on Cryptographic Hardware and Embedded Systems–CHES, 2014, pp. 493–
509.
[192] M. Majzoobi, M. Rostami, F. Koushanfar, D. Wallach, and S. Devadas, “Slender
PUF protocol: A lightweight, robust, and secure authentication by substring match-
ing,” in IEEE Symposium on Security and Privacy Workshops–SPW, 2012, pp. 33–
44.
[193] M. Cortez, A. Dargar, S. Hamdioui, and G.-J. Schrijen, “Modeling SRAM start-up
behavior for physical unclonable functions,” in IEEE International Symposium on
Defect and Fault Tolerance in VLSI and Nanotechnology Systems (DFT), 2012, pp.
1–6.
[194] Y. Gao, D. C. Ranasinghe, S. F. Al-Sarawi, O. Kavehei, and D. Abbott, “mrPUF: A
novel memristive device based physical unclonable function,” in Applied Cryptog-
raphy and Network Security, 2015, pp. 595–615.
[195] P. Koeberl, J. Li, A. Rajan, and C. Vishik, “Silicon PUFs in practice,” in ISSE 2010
Securing Electronic Business Processes, 2011, pp. 300–311.
[196] C. Helfmeier, C. Boit, D. Nedospasov, and J.-P. Seifert, “Cloning physically unclon-
able functions,” in IEEE International Symposium on Hardware-Oriented Security
and Trust–HOST, 2013, pp. 1–6.
198
[197] G. T. Becker, “On the pitfalls of using arbiter-PUFs as building blocks,” IEEE
Transactions on Computer-Aided Design of Integrated Circuits and Systems,
vol. 34, no. 8, pp. 1295–1307, 2015.
[198] P. Kocher, J. Jaffe, B. Jun, and P. Rohatgi, “Introduction to differential power anal-
ysis,” Journal of Cryptographic Engineering, vol. 1, no. 1, pp. 5–27, 2011.
[199] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, “Examining smart-card secu-
rity under the threat of power analysis attacks,” IEEE Transactions on Computers,
vol. 51, no. 5, pp. 541–552, 2002.
[200] E. Brier, C. Clavier, and F. Olivier, “Correlation power analysis with a leakage
model,” in International Workshop on Cryptographic Hardware and Embedded
Systems–CHES, 2004, pp. 16–29.
[201] Y. Fei, Q. Luo, and A. A. Ding, “A statistical model for DPA with novel algorithmic
confusion analysis,” in International Workshop on Cryptographic Hardware and
Embedded Systems–CHES, 2012, pp. 233–250.
[202] Q. Luo and Y. Fei, “Algorithmic collision analysis for evaluating cryptographic
systems and side-channel attacks,” in IEEE International Symposium on Hardware-
Oriented Security and Trust–HOST, 2011, pp. 75–80.
[203] Y. Fei, A. A. Ding, J. Lao, and L. Zhang, “A statistics-based fundamental model
for side-channel attack analysis,” IACR Cryptology ePrint Archive, vol. 2014, pp.
152:1–28, 2014.
[204] T. Lash et al., “A study of power analysis and the advanced encryption standard,”
MS Scholarly Paper, George Mason University, pp. 18:1–37, 2002.
[205] E. Damiani, S. D. C. di Vimercati, and P. Samarati, “New paradigms for access
control in open environments,” in Proceedings of the 5th IEEE International Sym-
posium on Signal Processing and Information Technology, 2005, pp. 540–545.
199
[206] C. Konstantinou, M. Maniatakos, F. Saqib, S. Hu, J. Plusquellic, and Y. Jin, “Cyber-
physical systems: A security perspective,” in 20th IEEE European Test Symposium
(ETS), 2015, pp. 1–8.
[207] O. Ko¨mmerling and M. G. Kuhn, “Design principles for tamper-resistant smartcard
processors,” Smartcard, vol. 99, pp. 9–20, 1999.
[208] J. Rajendran, R. Karri, J. B. Wendt, M. Potkonjak, N. McDonald, G. S. Rose, and
B. Wysocki, “Nano meets security: Exploring nanoelectronic devices for security
applications,” Proceedings of the IEEE, vol. 103, no. 5, pp. 829–849, 2015.
[209] J. Delvaux and I. Verbauwhede, “Side channel modeling attacks on 65nm ar-
biter PUFs exploiting CMOS device noise,” in IEEE International Symposium on
Hardware-Oriented Security and Trust–HOST, 2013, pp. 137–142.
[210] U. Ru¨hrmair and D. E. Holcomb, “PUFs at a glance,” in Design, Automation and
Test in Europe Conference and Exhibition (DATE), 2014, pp. 1–6.
[211] M.-D. Yu, R. Sowell, A. Singh, D. M’Raihi, and S. Devadas, “Performance met-
rics and empirical results of a PUF cryptographic key generation ASIC,” in IEEE
International Symposium on Hardware-Oriented Security and Trust–HOST, 2012,
pp. 108–115.
[212] C. H. Herder III, “Towards security without secrets,” PhD dissertation, Mas-
sachusetts Institute of Technology, 2016.
[213] H. Kang, Y. Hori, T. Katashita, M. Hagiwara, and K. Iwamura, “Cryptographie
key generation from puf data using efficient fuzzy extractors,” in 16th International
Conference on Advanced Communication Technology (ICACT), 2014, pp. 23–26.
[214] L. Zhang, Z. H. Kong, and C.-H. Chang, “PCKGen: A phase change memory based
cryptographic key generator,” in IEEE International Symposium on Circuits and
Systems (ISCAS), 2013, pp. 1444–1447.
200
[215] P. H. Cole and D. C. Ranasinghe, “Networked RFID systems and lightweight cryp-
tography,” London, UK: Springer, vol. 10, pp. 1–348, 2008.
[216] J. J. Yang, D. B. Strukov, and D. R. Stewart, “Memristive devices for computing,”
Nature Nanotechnology, vol. 8, no. 1, pp. 13–24, 2013.
[217] S. H. Chang, S. B. Lee, D. Y. Jeon, S. J. Park, G. T. Kim, S. M. Yang, S. C. Chae,
H. K. Yoo, B. S. Kang, M.-J. Lee et al., “Oxide double-layer nanocrossbar for
ultrahigh-density bipolar resistive memory,” Advanced Materials, vol. 23, no. 35,
pp. 4063–4067, 2011.
[218] M. Moors, K. K. Adepalli, Q. Lu, A. Wedig, C. Baumer, K. Skaja, B. Arndt, H. L.
Tuller, R. Dittmann, R. Waser et al., “Resistive switching mechanisms on TaOx and
SrRuO3 thin-film surfaces probed by scanning tunneling microscopy,” Acs Nano,
vol. 10, no. 1, pp. 1481–1492, 2016.
[219] G. C. Adam, B. D. Hoskins, M. Prezioso, F. Merrikh-Bayat, B. Chakrabarti, and
D. B. Strukov, “3-D memristor crossbars for analog and neuromorphic computing
applications,” IEEE Transactions on Electron Devices, vol. 64, no. 1, pp. 312–318,
2017.
[220] F. Alibart, L. Gao, B. D. Hoskins, and D. B. Strukov, “High precision tuning of state
for memristive devices by adaptable variation-tolerant algorithm,” Nanotechnology,
vol. 23, no. 7, pp. 075 201:1–7, 2012.
[221] X. Xu and W. Burleson, “Hybrid side-channel/machine-learning attacks on PUFs:
A new threat?” in Proceedings of the Conference on Design, Automation & Test in
Europe, 2014, pp. 1–6.
[222] S. Mathew, S. Satpathy, V. Suresh, and R. K. Krishnamurthy, “Energy efficient
and ultra low voltage security circuits for nanoscale CMOS technologies,” in IEEE
Custom Integrated Circuits Conference (CICC), 2017, pp. 1–4.
201
[223] M. Majzoobi, G. Ghiaasi, F. Koushanfar, and S. R. Nassif, “Ultra-low power
current-based PUF,” in IEEE International Symposium on Circuits and Systems
(ISCAS), 2011, pp. 2071–2074.
[224] F. M. Bayat, M. Prezioso, B. Chakrabarti, I. Kataeva, and D. Strukov, “Advancing
memristive analog neuromorphic networks: Increasing complexity, and coping with
imperfect hardware components,” arXiv preprints 1611.04465, 2016.
[225] K.-H. Kim, S. Gaba, D. Wheeler, J. M. Cruz-Albrecht, T. Hussain, N. Srinivasa,
and W. Lu, “A functional hybrid memristor crossbar-array/CMOS system for data
storage and neuromorphic applications,” Nano Letters, vol. 12, no. 1, pp. 389–395,
2011.
[226] D. E. Holcomb and K. Fu, “Bitline PUF: Building native challenge-response PUF
capability into any SRAM,” in International Workshop on Cryptographic Hardware
and Embedded Systems–CHES, 2014, pp. 510–526.
[227] J. A. Stankovic, “Research directions for the Internet of Things,” IEEE Internet of
Things Journal, vol. 1, no. 1, pp. 3–9, 2014.
[228] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A survey,” Computer
Networks, vol. 54, no. 15, pp. 2787–2805, 2010.
[229] C. M. Medaglia and A. Serbanati, “An overview of privacy and security issues in
the Internet of Things,” in The Internet of Things, 2010, pp. 389–395.
[230] K. Yang, D. Forte, and M. M. Tehranipoor, “Protecting endpoint devices in IoT
supply chain,” in Proceedings of the IEEE/ACM International Conference on
Computer-Aided Design, 2015, pp. 351–356.
[231] A. P. Johnson, R. S. Chakraborty, and D. Mukhopadhyay, “A PUF-enabled secure
architecture for FPGA-based IoT applications,” IEEE Transactions on Multi-Scale
Computing Systems, vol. 1, no. 2, pp. 110–122, 2015.
202
[232] S. Hochreiter and J. Schmidhuber, “Long short-term memory,” Neural Computa-
tion, vol. 9, no. 8, pp. 1735–1780, 1997.
[233] N. Srivastava, E. Mansimov, and R. Salakhutdinov, “Unsupervised learning of
video representations using LSTMs,” in 32nd International Conference on Machine
Learning (ICML), 2015, pp. 843–852.
[234] S. K. Mathew, S. Srinivasan, M. A. Anders, H. Kaul, S. K. Hsu, F. Sheikh,
A. Agarwal, S. Satpathy, and R. K. Krishnamurthy, “2.4 Gbps, 7 mW all-digital
PVT-variation tolerant true random number generator for 45 nm CMOS high-
performance microprocessors,” IEEE Journal of Solid-State Circuits, vol. 47,
no. 11, pp. 2807–2821, 2012.
[235] K. Yang, D. Fick, M. B. Henry, Y. Lee, D. Blaauw, and D. Sylvester, “A
23Mb/s 23pJ/b fully synthesized true-random-number generator in 28nm and 65nm
CMOS,” in IEEE International Solid-State Circuits Conference Digest of Technical
Papers (ISSCC), 2014, pp. 280–281.
[236] K. Yang, D. Blaauw, and D. Sylvester, “An all-digital edge racing true random num-
ber generator robust against PVT variations,” IEEE Journal of Solid-State Circuits,
vol. 51, no. 4, pp. 1022–1031, 2016.
[237] S.-G. Bae, Y. Kim, Y. Park, and C. Kim, “3-Gb/s high-speed true random number
generator using common-mode operating comparator and sampling uncertainty of
D flip-flop,” IEEE Journal of Solid-State Circuits, vol. 52, no. 2, pp. 605–610, 2017.
[238] I. Cicek, A. E. Pusane, and G. Dundar, “A new dual entropy core true random num-
ber generator,” Analog Integrated Circuits and Signal Processing, vol. 81, no. 1, pp.
61–70, 2014.
[239] M. Kim, U. Ha, Y. Lee, K. Lee, and H.-J. Yoo, “A 82nW chaotic-map true random
203
number generator based on sub-ranging SAR ADC,” in 42nd European Solid-State
Circuits Conference, ESSCIRC, 2016, pp. 157–160.
[240] K. Yang, D. Blaauw, and D. Sylvester, “A robust -40 to 120 ◦C all-digital true
random number generator in 40nm CMOS,” in Symposium on VLSI Circuits (VLSI
Circuits), 2015, pp. C248–249.
[241] T. Figliolia, P. Julian, G. Tognetti, and A. G. Andreou, “A true random number
generator using RTN noise and a sigma delta converter,” in IEEE International
Symposium on Circuits and Systems (ISCAS), 2016, pp. 17–20.
[242] F. M. Puglisi, P. Pavan, L. Vandelli, A. Padovani, M. Bertocchi, and L. Larcher, “A
microscopic physical description of RTN current fluctuations in HfOx RRAM,” in
IEEE International Reliability Physics Symposium, 2015, pp. 5B.5.1–6.
[243] T. Grasser, “Stochastic charge trapping in oxides: From random telegraph noise
to bias temperature instabilities,” Microelectronics Reliability, vol. 52, no. 1, pp.
39–70, 2012.
[244] Y. Mori, H. Yoshimoto, K. Takeda, and R.-i. Yamada, “Mechanism of random tele-
graph noise in junction leakage current of metal-oxide-semiconductor field-effect
transistor,” Journal of Applied Physics, vol. 111, no. 10, pp. 104 513:1–9, 2012.
[245] S. Dongaonkar, M. Giles, A. Kornfeld, B. Grossnickle, and J. Yoon, “Random tele-
graph noise (RTN) in 14nm logic technology: High volume data extraction and
analysis,” in IEEE Symposium on VLSI Technology, 2016, pp. 1–2.
[246] F. Liu and K. L. Wang, “Correlated random telegraph signal and low-frequency
noise in carbon nanotube transistors,” Nano Letters, vol. 8, no. 1, pp. 147–151,
2008.
204
[247] S. Choi, Y. Yang, and W. Lu, “Random telegraph noise and resistance switching
analysis of oxide based resistive memory,” Nanoscale, vol. 6, no. 1, pp. 400–404,
2014.
[248] D. Ielmini, F. Nardi, and C. Cagli, “Resistance-dependent amplitude of random
telegraph-signal noise in resistive switching memories,” Applied Physics Letters,
vol. 96, no. 5, pp. 053 503:1–3, 2010.
[249] S. Balatti, S. Ambrogio, A. Cubeta, A. Calderoni, N. Ramaswamy, and D. Ielmini,
“Voltage-dependent random telegraph noise (RTN) in HfOx resistive RAM,” in
IEEE International Reliability Physics Symposium, 2014, pp. MY.4.1–6.
[250] R. Soni, P. Meuffels, A. Petraru, M. Weides, C. Ku¨geler, R. Waser, and H. Kohlst-
edt, “Probing Cu doped Ge0.3Se0.7 based resistance switching memory devices with
random telegraph noise,” Journal of Applied Physics, vol. 107, no. 2, pp. 024 517:1–
10, 2010.
[251] N. Raghavan, R. Degraeve, A. Fantini, L. Goux, S. Strangio, B. Govoreanu,
D. Wouters, G. Groeseneken, and M. Jurczak, “Microscopic origin of random
telegraph noise fluctuations in aggressively scaled RRAM and its impact on read
disturb variability,” in IEEE International Reliability Physics Symposium (IRPS),
2013, pp. 5E.3.1–7.
[252] A. Calderoni, S. Sills, and N. Ramaswamy, “Performance comparison of O-based
and Cu-based ReRAM for high-density applications,” in IEEE 6th International
Memory Workshop (IMW), 2014, pp. 1–4.
[253] C.-Y. Huang, W. C. Shen, Y.-H. Tseng, Y.-C. King, and C.-J. Lin, “A contact-
resistive random-access-memory-based true random number generator,” IEEE
Electron Device Letters, vol. 33, no. 8, pp. 1108–1110, 2012.
205
[254] B. Lampert, R. S. Wahby, S. Leonard, and P. Levis, “Robust, low-cost, auditable
random number generation for embedded system security,” in Proceedings of the
14th ACM Conference on Embedded Network Sensor Systems CD-ROM, 2016, pp.
16–27.
[255] J. Holleman, S. Bridges, B. P. Otis, and C. Diorio, “A 3 µW CMOS true random
number generator with adaptive floating-gate offset cancellation,” IEEE Journal of
Solid-State Circuits, vol. 43, no. 5, pp. 1324–1336, 2008.
[256] X. Chen, B. Li, Y. Wang, Y. Liu, and H. Yang, “A unified methodology for designing
hardware random number generators based on any probability distribution,” IEEE
Transactions on Circuits and Systems II: Express Briefs, vol. 63, no. 8, pp. 783–787,
2016.
[257] R. Karam, R. Liu, P.-Y. Chen, S. Yu, and S. Bhunia, “Security primitive design with
nanoscale devices: A case study with resistive RAM,” in Proceedings of the Great
Lakes Symposium on VLSI, 2016, pp. 299–304.
[258] S. Balatti, S. Ambrogio, R. Carboni, V. Milo, Z. Wang, A. Calderoni, N. Ra-
maswamy, and D. Ielmini, “Physical unbiased generation of random numbers
with coupled resistive switching devices,” IEEE Transactions on Electron Devices,
vol. 63, no. 5, pp. 2029–2035, 2016.
[259] S. Balatti, S. Ambrogio, Z. Wang, and D. Ielmini, “True random number genera-
tion by variability of resistive switching in oxide-based devices,” IEEE Journal on
Emerging and Selected Topics in Circuits and Systems, vol. 5, no. 2, pp. 214–221,
2015.
[260] S. Ambrogio, S. Balatti, A. Cubeta, A. Calderoni, N. Ramaswamy, and D. Ielmini,
206
“Statistical fluctuations in HfOx resistive-switching memory: Part II–Random tele-
graph noise,” IEEE Transactions on Electron Devices, vol. 61, no. 8, pp. 2920–
2927, 2014.
[261] E. Simoen, B. Kaczer, M. Toledano-Luque, and C. Claeys, “Random telegraph
noise: From a device physicist’s dream to a designer’s nightmare,” ECS Trans-
actions, vol. 39, no. 1, pp. 3–15, 2011.
[262] S. Machlup, “Noise in semiconductors: Spectrum of a two-parameter random sig-
nal,” Journal of Applied Physics, vol. 25, no. 3, pp. 341–343, 1954.
[263] T. Na, B. Song, J. P. Kim, S. H. Kang, and S. O. Jung, “Offset-canceling current-
sampling sense amplifier for resistive nonvolatile memory in 65 nm CMOS,” IEEE
Journal of Solid-State Circuits, vol. 52, no. 2, pp. 496–504, 2017.
[264] S. Gaba, P. Knag, Z. Zhang, and W. Lu, “Memristive devices for stochastic com-
puting,” in IEEE International Symposium on Circuits and Systems (ISCAS), 2014,
pp. 2592–2595.
[265] X. Guan, S. Yu, and H.-S. P. Wong, “On the switching parameter variation of metal-
oxide RRAM Part I: Physical modeling and simulation methodology,” IEEE Trans-
actions on Electron Devices, vol. 59, no. 4, pp. 1172–1182, 2012.
[266] S. Realov and K. L. Shepard, “Random telegraph noise in 45-nm CMOS: Analy-
sis using an on-chip test and measurement system,” IEEE International Electron
Devices Meeting (IEDM), pp. 28.2.1–4, 2010.
[267] C. Wang, H. Wu, B. Gao, L. Dai, N. Deng, D. Sekar, Z. Lu, M. Kellam, G. Bronner,
and H. Qian, “Relaxation effect in RRAM arrays: Demonstration and characteris-
tics,” IEEE Electron Device Letters, vol. 37, no. 2, pp. 182–185, 2016.
207
[268] S. Jhang, S. Lee, D. Lee, E. E. Campbell, S. Roth, and Y. Park, “Random telegraph
noise in individual single-walled carbon nanotubes,” in MRS Proceedings, vol. 858,
2004, pp. HH8–5.
[269] M. B. da Silva, H. P. Tuinhout, A. Zegers-van Duijnhoven, G. I. Wirth, and A. J.
Scholten, “A physics-based statistical RTN model for the low frequency noise in
MOSFETs,” IEEE Transactions on Electron Devices, vol. 63, no. 9, pp. 3683–3692,
2016.
[270] Y. Yasuda, T.-J. K. Liu, and C. Hu, “Flicker-noise impact on scaling of mixed-signal
CMOS with HfSiON,” IEEE Transactions on Electron Devices, vol. 55, no. 1, pp.
417–422, 2008.
[271] Z. Fang, H. Yu, W. Fan, G. Ghibaudo, J. Buckley, B. DeSalvo, X. Li, X. Wang,
G. Lo, and D. Kwong, “Current conduction model for oxide-based resistive random
access memory verified by low-frequency noise analysis,” IEEE Transactions on
Electron Devices, vol. 60, no. 3, pp. 1272–1275, 2013.
[272] J. Ma, Z. Chai, W. D. Zhang, J. F. Zhang, Z. Ji, B. Benbakhti, B. Govoreanu,
E. Simoen, L. Goux, A. Belmonte, R. Degraeve, G. S. Kar, and M. Jurczak, “Inves-
tigation of preexisting and generated defects in nonfilamentary a-Si/TiO2 RRAM
and their impacts on RTN amplitude distribution,” IEEE Transactions on Electron
Devices, no. 99, pp. 1–8, 2018.
[273] Z. Fang, X. Li, X. Wang, and P. G. Lo, “Area dependent low frequency noise in
metal oxide based resistive random access memory,” International Journal of In-
formation and Electronics Engineering, vol. 2, no. 6, pp. 882–884, 2012.
[274] Y. Song, H. Jeong, J. Jang, T.-Y. Kim, D. Yoo, Y. Kim, H. Jeong, and T. Lee, “1/ f
noise scaling analysis in unipolar-type organic nanocomposite resistive memory,”
ACS Nano, vol. 9, no. 7, pp. 7697–7703, 2015.
208
[275] S. Ambrogio, S. Balatti, V. McCaffrey, D. C. Wang, and D. Ielmini, “Noise-induced
resistance broadening in resistive switching memory Part I: Intrinsic cell behavior,”
IEEE Transactions on Electron Devices, vol. 62, no. 11, pp. 3805–3811, 2015.
[276] S. Ambrogio, S. Balatti, V. McCaffrey, D. Wang, and D. Ielmini, “Impact of low-
frequency noise on read distributions of resistive switching memory (RRAM),” in
IEEE International Electron Devices Meeting (IEDM), 2014, pp. 14.4.1–4.
[277] R. Brederlow, R. Prakash, C. Paulus, and R. Thewes, “A low-power true random
number generator using random telegraph noise of single oxide-traps,” in IEEE
International Solid State Circuits Conference - Digest of Technical Papers, 2006,
pp. 1666–1675.
[278] H. Zhun and C. Hongyi, “A truly random number generator based on thermal noise,”
in Proceedings of the 4th International Conference on ASIC, 2001, pp. 862–864.
[279] M. Stipcˇevic´, “Quantum random number generators and their use in cryptography,”
in Proceedings of the 34th International Convention MIPRO, 2011, pp. 1474–1479.
[280] M. Bazes, “CMOS complementary self-biased differential amplifier with rail-to-rail
common-mode input-voltage range,” Sep. 18 1990, US Patent 4,958,133.
[281] M. Bazes, “Two novel fully complementary self-biased CMOS differential ampli-
fiers,” IEEE Journal of Solid-State Circuits, vol. 26, no. 2, pp. 165–168, 1991.
[282] V. Milovanovic´ and H. Zimmermann, “On fully differential and complementary
single-stage self-biased CMOS differential amplifiers,” in IEEE EUROCON, 2013,
pp. 1955–1963.
[283] S. Mathew, D. Johnston, P. Newman, S. Satpathy, V. Suresh, M. Anders, H. Kaul,
G. Chen, A. Agarwal, S. Hsu et al., “µRNG: A 300–950mv 323Gbps/W all-digital
full-entropy true random number generator in 14nm FinFET CMOS,” in 41st Euro-
pean Solid-State Circuits Conference (ESSCIRC), 2015, pp. 116–119.
209
[284] M. Blum, “Independent unbiased coin flips from a correlated biased source: A finite
state Markov chain,” Combinatorica, vol. 6, no. 2, pp. 97–108, 1986.
[285] Z. Wei, Y. Katoh, S. Ogasahara, Y. Yoshimoto, K. Kawai, Y. Ikeda, K. Eriguchi,
K. Ohmori, and S. Yoneda, “True random number generator using current differ-
ence based on a fractional stochastic model in 40-nm embedded ReRAM,” in IEEE
International Electron Devices Meeting (IEDM), 2016, pp. 4–8.
[286] T. W. Cusick and P. Stanica, Cryptographic Boolean functions and applications.
Academic Press, 2017.
[287] Y. Wang, W. Wen, H. Li, and M. Hu, “A novel true random number generator design
leveraging emerging memristor technology,” in Proceedings of the 25th Edition on
Great Lakes Symposium on VLSI, 2015, pp. 271–276.
210
