FROPUF: How to Extract More Entropy from Two Ring Oscillators in FPGA-Based PUFs

Ring oscillator (RO) based physically unclonable function (PUF) on FPGAs is crucial and popular for its nice properties and easy implementation. The compensated measurement based on the ratio of two ring oscillators’ frequencies proves to be particularly effective to extract entropy of process variations. However from two ring oscillators only one bit entropy is extracted and RO PUFs will occupy numerous resource with the size of private information increasing. Motivated by this inefficient resource usage, we propose an elegant and efficient method to extract at least 31 bits entropy from two ring oscillators on FPGAs by utilizing the fine control of programmable delay lines (PDL). We call this construction Further ROPUF (FROPUF). In this paper, we present in detail how to take advantage of the underlying random process variation which derives from the lookup tables (LUT) of two ring oscillators, and show that the in-depth variation can be extracted by a similar second order difference calculation. In addition, we reveal the consistency of the evaluation results from Xilinx FPGAs (e.g. Virtex-5, Virtex-6, Kintex-7) and those by simulation of FROPUF. The responses of our new construction have a nominal bit-error-rate (BER) of 1.85% at 27 ◦ C and FROPUF greatly promotes the number of entropy with equivalent reliability of the general ROPUF

Active and Passive Side-Channel Attacks on Delay Based PUF Designs

Physical Unclonable Functions (PUFs) have emerged as a lightweight alternative to traditional cryptography. The fact that no secret key needs to be stored in non-volatile memory makes PUFs especially well suited for embedded systems in which securely generating and storing secret keys is difficult and expensive. Compared to traditional cryptography, PUFs are often believed to be more resistant to implementation attacks. In this paper we will take a closer look at this assumption. Using a controlled Arbiter PUF as an example, we show that just like traditional cryptography strong PUFs are susceptible to implementation attacks. By combining machine learning with with side-channel analysis we are able to attack designed based on Arbiter PUFs that on are resistant to normal machine learning attacks. We use two different side-channels for our attacks: a passive power side-channel and an active fault attack based on altering the supply voltage of the controlled PUF. Even in the presence of considerable noise both attacks can accurately model the Controlled Arbiter PUF. Hence, the assumption that PUFs are generally more resistant against side-channel attacks is not necessarily true and side-channel resistance needs to be considered when PUF designs are evaluated