A Unified Multibit PUF and TRNG based on Ring Oscillators for Secure IoT Devices

Physically Unclonable Functions (PUFs) and True Random Number Generators (TRNGs) are cryptographic primitives very well suited for secure IoT devices. This paper proposes a circuit, named multibit-RO-PUF-TRNG, which offers the advantages of unifying PUF and TRNG in the same design. It is based on counting the oscillations of pairs of ring oscillators (ROs), one of them acting as reference. Once the counter of the reference oscillator reaches a fixed value, the count value of the other RO is employed to provide the TRNG and the multibit PUF response. A mathematical model is presented that supports not only the circuit foundations but also a novel and simple calibration procedure that allows optimizing the selection of the design parameters. Experimental results are illustrated with large datasets from two families of FPGAs with different process nodes (90 nm and 28 nm). These results confirm that the proposed calibration provides TRNG and PUF responses with high quality. The raw TRNG bits do not need post-processing and the PUF bits (even 6 bits per RO) show very small aliasing. In the application context of obfuscating and reconstructing secrets generated by the TRNG, the multibit PUF response, together with the proposal of using error-correcting codes and RO selection adapted to each bit, provide savings of at least 79.38% of the ROs compared to using a unibit PUF without RO selection. The proposal has been implemented as an APB peripheral of a VexRiscv RV32I core to illustrate its use in a secure FPGA-based IoT device

Designing, Implementing, and Testing Hardware for Cybersecurity

Cybersecurity is one of the key issues facing the world today. With an ever-increasing number of devices connected across the internet, the need to secure all these different devices against potential attackers is an endless effort. This thesis is focussed on the most promising new developments in the hardware aspect of this battle for security. The first section of the thesis looks at what is the current state of the art when it comes to hardware security primitives, with a focus on random number generators and Physically Unclonable Functions (PUF). The strengths and weakness of the current implementations of these systems are analysed so that the areas which are most in need of improvement can be highlighted. The second major section of this thesis is looking to improve how random numbers are generated, which is essential for many current security systems. True random number generators have been presented as a potential solution to this problem but improvements in output bit rate, power consumption, and design complexity must be made. In this work we present a novel and experimentally verified true random number generator that exclusively uses conventional CMOS technology as well as offering key improvements over previous designs in complexity, output bit rate, and power consumption. It uses the inherent randomness of telegraph noise in the channel current of a single CMOS transistor as an entropy source. For the first time, multi-level and abnormal telegraph noise can be utilised, which greatly reduces device selectivity and offers much greater bit rates. The design is verified using a breadboard and FPGA proof of concept circuit and passes all 15 of the NIST randomness tests without any need for post-processing of the generated bitstream. The design also shows resilience against machine learning attacks performed by an LSTM neural network. The third major section describes the development of a novel PUF concept, which offers a new approach to authentication, allowing low power devices to be included in existing networks without compromising overall security. The new PUF concept introduces time dependence to vastly increase the efficiency of entropy source usage, when compared with a traditional PUF. This new PUF also introduces a probability-based model which greatly reduces the required server memory for Challenge Response Pair (CRP) storage when large numbers of CRPs are used. The concept is verified experimentally on nano-scale CMOS technology as well as through simulation and a proof-of-concept circuit. These combined benefits bring the PUF concept much closer to being a viable solution for widespread cybersecurity applications