Bitline PUF: Building Native Challenge-Response PUF Capability into Any SRAM

Physical Unclonable Functions (PUFs) are specialized circuits with applications including key generation and challenge-response authentication. PUF properties such as low cost and resistance to invasive attacks make PUFs well-suited to embedded devices. Yet, given how infrequently the specialized capabilities of a PUF may be needed, the silicon area dedicated to it is largely idle. This inefficient resource usage is at odds with the cost minimization objective of embedded devices. Motivated by this inefficiency, we propose the Bitline PUF -- a novel PUF that uses modified wordline drivers together with SRAM circuitry to enable challenge-response authentication. The number of challenges that can be applied to the Bitline PUF grows exponentially with the number of SRAM rows, and these challenges can be applied at any time without power cycling. This paper presents in detail the workings of the Bitline PUF, and shows that it achieves high throughput, low latency, and uniqueness across instances. Circuit simulations indicate that the Bitline PUF responses have a nominal bit-error-rate (BER) of 0.023 at 1.2 V supply and 27C, and that BER does not exceed 0.076 when supply voltage is varied from 1.1 V to 1.3 V, or when temperature is varied from 0C to 80C. Because the Bitline PUF leverages existing SRAM circuitry, its area overhead is only a single flip-flop and two logic gates per row of SRAM. The combination of high performance and low cost makes the Bitline PUF a promising candidate for commercial adoption and future research

A High Reliability PUF Using Hot Carrier Injection Based Response Reinforcement

Achieving high reliability across environmental variations and over aging in physical unclonable functions (PUFs) remains a challenge for PUF designers. The conventional method to improve PUF reliability is to use powerful error correction codes (ECC) to correct the errors in the raw response from the PUF core. Unfortunately, these ECC blocks generally have high VLSI overheads, which scale up quickly with the error correction capability. Alternately, researchers have proposed techniques to increase the reliability of the PUF core, and thus significantly reduce the required strength (and complexity) of the ECC. One method of increasing the reliability of the PUF core is to use normally detrimental IC aging effects to reinforce the desired (or golden ) response of the PUF by altering the PUF circuit characteristics permanently and hence making the PUF more reliable. In this work, we present a PUF response reinforcement technique based on hot carrier injection (HCI) which can reinforce the PUF golden response in short stress times (i.e., tens of seconds), without impacting the surrounding circuits, and that has high permanence (i.e., does not degrade significantly over aging). We present a self-contained HCI-reinforcement-enabled PUF circuit based on sense amplifiers (SA) which autonomously self-reinforces with minimal external intervention. We have fabricated a custom ASIC testchip in 65nm bulk CMOS with the proposed PUF design. Measured results show high reliability across environmental variations and accelerated aging, as well as good uniqueness and randomness. For example, 1600 SA elements, after being HCI stressed for 125s, show 100% reliability (zero errors) across ~20% voltage variations a temperature range of -20C to 85C

On Improving Robustness of Hardware Security Primitives and Resistance to Reverse Engineering Attacks

The continued growth of information technology (IT) industry and proliferation of interconnected devices has aggravated the problem of ensuring security and necessitated the need for novel, robust solutions. Physically unclonable functions (PUFs) have emerged as promising secure hardware primitives that can utilize the disorder introduced during manufacturing process to generate unique keys. They can be utilized as \textit{lightweight} roots-of-trust for use in authentication and key generation systems. Unlike insecure non-volatile memory (NVM) based key storage systems, PUFs provide an advantage -- no party, including the manufacturer, should be able to replicate the physical disorder and thus, effectively clone the PUF. However, certain practical problems impeded the widespread deployment of PUFs. This dissertation addresses such problems of (i) reliability and (ii) unclonability. Also, obfuscation techniques have proven necessary to protect intellectual property in the presence of an untrusted supply chain and are needed to aid against counterfeiting. This dissertation explores techniques utilizing layout and logic-aware obfuscation. Collectively, we present secure and cost-effective solutions to address crucial hardware security problems

On Physical Disorder Based Hardware Security Primitives

With CMOS scaling extending transistors to nanometer regime, process variations from manufacturing impacts modern IC design. Fortunately, such variations have enabled an emerging hardware security primitive - Physically Unclonable Function. Physically Unclonable Functions (PUFs) are hardware primitives which utilize disorder from manufacturing variations for their core functionality. In contrast to insecure non-volatile key based roots-of-trust, PUFs promise a favorable feature - no attacker, not even the PUF manufacturer can clone the disorder and any attempt at invasive attack will upset that disorder. Despite a decade of research, certain practical problems impede the widespread adoption of PUFs. This dissertation addresses the important problems of (i) post-manufacturing testing, (ii) secure design and (iii) cost efficiency of PUFs. This is with the aim of making PUFs practical and also learning hardware design limitations of disorder based systems

An Accurate Probabilistic Reliability Model for Silicon PUFs

The power of an accurate model for describing a physical process or designing a physical system is beyond doubt. The currently used reliability model for physically unclonable functions (PUFs) assumes an equally likely error for every evaluation of every PUF response bit. This limits an accurate description since experiments show that certain responses are more error-prone than others, but this fixed error rate model only captures average case behavior. We introduce a new PUF reliability model taking this observed heterogeneous nature of PUF cells into account. An extensive experimental validation demonstrates that the new predicted distributions describe the empirically observed data statistics almost perfectly, even considering sensitivity to operational temperature. This allows studying PUF reliability behavior in full detail, including average and worst case probabilities, and is an invaluable tool for designing more efficient and better adapted PUFs and PUF-based systems

Nano-intrinsic security primitives for internet of everything

With the advent of Internet-enabled electronic devices and mobile computer systems, maintaining data security is one of the most important challenges in modern civilization. The innovation of physically unclonable functions (PUFs) shows great potential for enabling low-cost low-power authentication, anti-counterfeiting and beyond on the semiconductor chips. This is because secrets in a PUF are hidden in the randomness of the physical properties of desirably identical devices, making it extremely difficult, if not impossible, to extract them. Hence, the basic idea of PUF is to take advantage of inevitable non-idealities in the physical domain to create a system that can provide an innovative way to secure device identities, sensitive information, and their communications. While the physical variation exists everywhere, various materials, systems, and technologies have been considered as the source of unpredictable physical device variation in large scales for generating security primitives. The purpose of this project is to develop emerging solid-state memory-based security primitives and examine their robustness as well as feasibility. Firstly, the author gives an extensive overview of PUFs. The rationality, classification, and application of PUF are discussed. To objectively compare the quality of PUFs, the author formulates important PUF properties and evaluation metrics. By reviewing previously proposed constructions ranging from conventional standard complementary metal-oxide-semiconductor (CMOS) components to emerging non-volatile memories, the quality of different PUFs classes are discussed and summarized. Through a comparative analysis, emerging non-volatile redox-based resistor memories (ReRAMs) have shown the potential as promising candidates for the next generation of low-cost, low-power, compact in size, and secure PUF. Next, the author presents novel approaches to build a PUF by utilizing concatenated two layers of ReRAM crossbar arrays. Upon concatenate two layers, the nonlinear structure is introduced, and this results in the improved uniformity and the avalanche characteristic of the proposed PUF. A group of cell readout method is employed, and it supports a massive pool of challenge-response pairs of the nonlinear ReRAM-based PUF. The non-linear PUF construction is experimentally assessed using the evaluation metrics, and the quality of randomness is verified using predictive analysis. Last but not least, random telegraph noise (RTN) is studied as a source of entropy for a true random number generation (TRNG). RTN is usually considered a disadvantageous feature in the conventional CMOS designs. However, in combination with appropriate readout scheme, RTN in ReRAM can be used as a novel technique to generate quality random numbers. The proposed differential readout-based design can maintain the quality of output by reducing the effect of the undesired noise from the whole system, while the controlling difficulty of the conventional readout method can be significantly reduced. This is advantageous as the differential readout circuit can embrace the resistance variation features of ReRAMs without extensive pre-calibration. The study in this thesis has the potential to enable the development of cost-efficient and lightweight security primitives that can be integrated into modern computer mobile systems and devices for providing a high level of security

ENABLING IOT AUTHENTICATION, PRIVACY AND SECURITY VIA BLOCKCHAIN

Although low-power and Internet-connected gadgets and sensors are increasingly integrated into our lives, the optimal design of these systems remains an issue. In particular, authentication, privacy, security, and performance are critical success factors. Furthermore, with emerging research areas such as autonomous cars, advanced manufacturing, smart cities, and building, usage of the Internet of Things (IoT) devices is expected to skyrocket. A single compromised node can be turned into a malicious one that brings down whole systems or causes disasters in safety-critical applications. This dissertation addresses the critical problems of (i) device management, (ii) data management, and (iii) service management in IoT systems. In particular, we propose an integrated platform solution for IoT device authentication, data privacy, and service security via blockchain-based smart contracts. We ensure IoT device authentication by blockchain-based IC traceability system, from its fabrication to its end-of-life, allowing both the supplier and a potential customer to verify an IC’s provenance. Results show that our proposed consortium blockchain framework implementation in Hyperledger Fabric for IC traceability achieves a throughput of 35 transactions per second (tps). To corroborate the blockchain information, we authenticate the IC securely and uniquely with an embedded Physically Unclonable Function (PUF). For reliable Weak PUF-based authentication, our proposed accelerated aging technique reduces the cumulative burn-in cost by ∼ 56%. We also propose a blockchain-based solution to integrate the privacy of data generated from the IoT devices by giving users control of their privacy. The smart contract controlled trust-base ensures that the users have private access to their IoT devices and data. We then propose a remote configuration of IC features via smart contracts, where an IC can be programmed repeatedly and securely. This programmability will enable users to upgrade IC features or rent upgraded IC features for a fixed period after users have purchased the IC. We tailor the hardware to meet the blockchain performance. Our on-die hardware module design enforces the hardware configuration’s secure execution and uses only 2,844 slices in the Xilinx Zedboard Zynq Evaluation board. The blockchain framework facilitates decentralized IoT, where interacting devices are empowered to execute digital contracts autonomously

ENERGY-EFFICIENT FEATURE EXTRACTION ENGINE AND SECURE CHIP IDENTIFICATION FOR UBIQUITOUS SURVEILLANCE

Ph.DDOCTOR OF PHILOSOPH

Intrinsic Functions for Securing CMOS Computation: Variability, Modeling and Noise Sensitivity

A basic premise behind modern secure computation is the demand for lightweight cryptographic primitives, like identifier or key generator. From a circuit perspective, the development of cryptographic modules has also been driven by the aggressive scalability of complementary metal-oxide-semiconductor (CMOS) technology. While advancing into nano-meter regime, one significant characteristic of today\u27s CMOS design is the random nature of process variability, which limits the nominal circuit design. With the continuous scaling of CMOS technology, instead of mitigating the physical variability, leveraging such properties becomes a promising way. One of the famous products adhering to this double-edged sword philosophy is the Physically Unclonable Functions (PUFs), which extract secret keys from uncontrollable manufacturing variability on integrated circuits (ICs). However, since PUFs take advantage of microscopic process variations, thus many specialized issues including variability, modeling attacks and noise sensitivity need to be considered and addressed. In this dissertation, we present our recent work on PUF based secure computation from three aspects: variability, modeling and noise sensitivity, which are deemed the foundations of our study. Moreover, we found that the three factors coordinate with each other in our study, for example, the modeling technique can be utilized to improve the unsatisfied reliability caused by noise sensitivity, quantifying the variability can effectively eliminate the impact from noise, and modeling can help with characterizing the physical variability precisely

A Non-invasive Technique to Detect Authentic/Counterfeit SRAM Chips

Many commercially available memory chips are fabricated worldwide in untrusted facilities. Therefore, a counterfeit memory chip can easily enter into the supply chain in different formats. Deploying these counterfeit memory chips into an electronic system can severely affect security and reliability domains because of their sub-standard quality, poor performance, and shorter lifespan. Therefore, a proper solution is required to identify counterfeit memory chips before deploying them in mission-, safety-, and security-critical systems. However, a single solution to prevent counterfeiting is challenging due to the diversity of counterfeit types, sources, and refinement techniques. Besides, the chips can pass initial testing and still fail while being used in the system. Furthermore, existing solutions focus on detecting a single counterfeit type (e.g., detecting recycled memory chips). This work proposes a framework that detects major counterfeit static random-access memory (SRAM) types by attesting/identifying the origin of the manufacturer. The proposed technique generates a single signature for a manufacturer and does not require any exhaustive registration/authentication process. We validate our proposed technique using 345 SRAM chips produced by major manufacturers. The silicon results show that the test scores ($F_{1}$ score) of our proposed technique of identifying memory manufacturer and part-number are 93% and 71%, respectively.Comment: This manuscript has been submitted for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl