1. Introduction
Sub-micron manufacturing processes are subject to process variations that result in different physical transistor properties despite having the same design sizes [
1]. These unavoidable and uncontrollable imperfections can be used to create unique and unclonable electronic fingerprints, which are commonly known as Physically Unclonable Functions (PUFs) [
1]. PUFs are an asset in many security-related applications such as IC authentication, cryptographic key generation and Intellectual Property (IP) protection mechanisms [
2]. Field Programmable Gate Arrays (FPGAs) require special attention as their reconfigurable nature opens doors to a wide set of security threats, including IP theft attacks that can be attained once the chip is deployed [
3]. To combat IP attacks, Ring Oscillators-based PUFs (RO-PUFs) have been frequently deployed as they are one of the most affordable solutions [
4] in secure embedded systems. The main drawback of RO-PUFs is that they offer a low number of challenge–response pairs (CRPs) [
5]. A CRP can be described by a mathematical function that maps a challenge
to its associated PUF responses
(i.e.,
)). A large number of CRPs is desirable as they depend less on noise (as more stable RO-PUF pairs can be selected), prevent replay attacks due to a larger CRP set, increase security due to longer and stronger keys, and serve a bigger IC population as different chips have a larger probability ending up in a different CRP set [
6,
7].
Several proposals have been presented in the literature to expand and/or enhance the number of CRPs in RO-PUFs. They are based on either modifying the RO structure or adding post-processing operations. In [
8], the authors proposed a modification of the basic RO structure to enhance the PUF response. Their target is to increase the size of the response by increasing the response reliability. They realized this by replacing the basic RO with transient effect ring oscillators (TERO) and adding some circuitry to compute the average frequency of each TERO [
8]. The main drawback of this proposal is that it requires multiple measurements to obtain the mean value of transient fluctuations for each TERO loop that lead to serious power and area overheads [
9]. Using the same line of thought, other works propose a tuneable approach such as the Configurable-ROs (CROs) [
5,
10] or the use of signature post-processing [
6,
7,
11]. For instance, in [
6], the authors proposed to use the euclidean distances of RO frequencies as weighting factors. In addition to the circuit area and power consumption overheads, this proposal is vulnerable to side channel attacks as it involves arithmetic units such as square-root and multiplier units [
9]. All above prior state-of-the-art methods either suffer from a high area penalty or are vulnerable against side attacks.
In this work, we present a new quantization method to expand the CRP size of RO-PUFs. More specifically, we intend to quantify the frequency difference of two RO PUFs using different intervals in order to obtain multiple bits from each comparison. This new quantification method could lead to unreliable responses, as the RO frequencies are affected by operational conditions (such as noise, supply voltage, etc.) and environmental conditions (such as temperature). To overcome this problem, we propose using the remaining RO-PUFs (i.e., the ones not used for comparison) in different background noise configurations. By exploiting them, we are able to select more reliable RO-PUF pairs.
The main contributions of this work are summarized as follows:
A new quantization method allows us to increase the size of CRPs by exploiting multiple bits of a RO-PUF response.
A new RO pair-selection mechanism based on the reliability of the PUF responses involves different levels of background noise.
The evaluation of a physical implementation of the quantization method and different background configurations using 25 Xilinx Spartan 3E FPGA boards is presented.
A validation of the methodology using some of the most extended PUF quality metrics (uniformity, bit-aliasing, reliability and uniqueness) for different operating conditions (i.e., core voltage variations) is presented.
Overall, the proposed methodology exhibits strong PUF quality metrics with a lower area overhead than other state-of-the-art solutions.
The remainder of the article is structured as follows:
Section 2 shows a brief introduction to the CRP concept and related work. In
Section 3, the proposed methodology to enhance the CRP set is presented. Experimental results and analysis are presented in
Section 4 and
Section 5. Finally, some conclusions are drawn in
Section 6.
3. Proposed Method
In this section, we introduce the proposed method to generate multiple bits of each RO frequency difference while maintaining reliability by using different background configurations. We present the methodology using a bottom-up approach. Firstly, we detail the considered background noise configurations; this is required to understand the proposed methodology better. Subsequently, we present the new quantization method that is used to expand the number of bits for each CRP. Finally, we describe the methodology that increases the reliability of the responses.
3.1. Background Noise Configuration
The idea behind different background noise configurations is to impact the frequency of ROs under comparison by intentionally enabling other ROs from the RO-PUF matrix as a noise source. We considered four background configurations, as shown in
Figure 2. Configuration-A is the typical configuration where only the two ROs under comparison are activated. In Configuration-B, the ROs of the same column of one of the ROs under comparison are activated. Configuration-C expands on Configuration-B by having the neighboring columns also activated. Configuration-D activates all the ROs in the matrix. It is important to note that we selected only column configurations (instead of rows), as they have a higher impact as a result of the FPGA power line distribution.
Before explaining how to take advantage of the different background configurations, it is crucial to have an approximation of their impact. To that end, a RO-PUF matrix has been implemented in a Spartan-3E FPGA. The implemented matrix consists of 512 identical ROs (four inverters and a NAND gate) evenly distributed in a grid of 16 × 32. To guarantee an identical lay-out (i.e., the same structure and routing for the ROs), we created a hard macro that constrains each RO to a single slice. We placed the auxiliary components (such as muxes, RO-counters, comparators, etc.) in other FPGA regions. Finally, we instrumented the design with Xilinx Chipscope [
16] to read out the RO counters. Chipscope logic was restricted to an FPGA zone where the interference with the RO frequencies is negligible.
Figure 3 displays four histograms of the 512 measured frequencies for the different background configurations. As expected, the switching activity generated by the active ROs causes a frequency decrement. Note that, although the absolute frequency of the RO-PUFs changes, the change in differential value (i.e., the comparison result of the two ROs under comparison) in the case of the same background configurations is negligible, as observed by the state-of-the-art. This can be clearly seen also from the similar standard deviations that the four configurations have. In addition, the figure shows that Configurations B and C also affect, although to a lesser extent, the RO frequency. If such background configurations are used, they will reduce the reliability of CRPs as the frequency difference of two ROs is less. To overcome this limitation, we propose to carry out the frequency acquisition in two separate steps:
The user introduces a challenge that contains the two ROs under comparison while selecting one of the four background configuration randomly or based on user preference. The frequency of only one of the ROs under comparison is acquired.
In this step, the the RO frequency of the second RO under comparison is acquired. However, during this step, a different background configuration can be used.
This two-step approach allows the user to select between more background configurations and hence select those responses that enhance the reliability. A detailed description of the expansion and enhancement of CRPs is presented next.
3.2. CRP Expansion
The results depicted in
Figure 3 show that the frequencies of Configuration-D have almost no overlap with the other three configurations. As a result, any comparison where Configuration-D is involved with one of the other three background configurations will lead to a somewhat predictable output (i.e., the selected RO with Configuration-D will likely be slower). Hence, this mode is discarded for CRP expansion. A straightforward way of increasing the number of CRPs is using the traditional rank-based method (Equation (
1)) together with the proposed two-step frequency acquisition scheme. In this way, an upper bound on the number of possible pairwise comparisons can be expressed by
, where the numbers 3 represents the different background configurations,
N is the number of ROs and the number 2 denotes that the order between each two RO pairs is not accounted for. It is clear that many of the RO pairs are correlated [
12]. For example, the comparison between two ROs using the same background configuration (Configuration-A, -B or -C) will likely lead to the same result. To avoid security issues, a more restricted set of RO pairs has to be considered where the dependencies are not included. One of the popular method is to use a chain strategy [
13], where only neighboring ROs are selected for comparison. This results in the following RO-pairs:
;
; and
. Note that only one background configuration is used for each RO pair. The chain strategy results in a lower bound of
N pairs.
The quantization phase of the traditional rank-based method in
Figure 4a only takes into account the sign bit of the comparison, omitting some interesting information as the frequency differences between ROs. Although this loss of information results in more reliable responses, a large penalty is paid in terms of unused bits. To overcome this drawback and expand the number of bits generated by each challenge, we propose to define four contiguous intervals in the frequency range with equal probabilities (i.e., quartiles). As shown in
Figure 4b, each comparison generates a 2-bit response thereby doubling the number of bits responses compared to the traditional method. Other divisions can be explored to increase the number of bits per challenge when the penalty in reliability is acceptable. To increase the reliability, we present an CRP reliability enhancement scheme in the next section.
3.3. CRP Reliability Enhancement
To enhance the PUF response, several actions can be carried out.
Firstly, the selection strategy of RO pairs has to be chosen carefully in order to avoid security issues related to the spatial distribution of ROs [
14]. The chain strategy where only neighboring ROs are selected for comparison can be adopted, as it reduces the effects of operational conditions such as voltage and temperature.
Second, we propose to compare ROs using all the aforementioned configurations and select the pairs with the most reliable responses during the enrolment process. This is in line with previous selection methods where pairs have been selected with the highest frequency difference [
5]. To determine the best configurations, we first randomly select the background configuration (i.e., Configuration-A, -B or -C) of each RO pair of the chain to measure the frequency response of one of the ROs. Subsequently, we measure the frequency response of the other RO using all four different background configurations; note that Configuration-D is only used for enhancement purposes. Therefore, for each of the
N RO pairs, we obtain four
m-bit results, where
m specifies the number of bits taken from the difference between the two RO frequencies under comparison. In this work, we consider
only, as shown in
Figure 4b.
If the four responses are exactly the same or when three of the four responses are the same and the remaining response is in an adjacent quartile (see also
Figure 4b), the output will be labeled as a
strong response pair. If three of the four responses have the same value and the remaining is not in an adjacent quartile, the output will be labeled as a
weak response pair. Only RO pairs that generate
strong and
weak responses pairs are allowed in the signature generation process; the remaining combinations are discarded. As an extra enhancement method, we have used an adjacent code to codify the output of quartiles. With this measure, only one bit of two will change in the case of a shift in frequency. Additional enhancement can be achieved by fixing a minimum number of strong bits in the complete PUF response.
5. Discussion
In this section, we discuss the main advantages and disadvantages of our proposal in comparison with the state-of-the-art solutions.
The traditional RO-PUFs [
12] are only used in CRPs using Configuration-A. Our approach improves this by selecting different background configurations.
In contrast to the state-of-the-art solutions [
5,
8], our proposal keeps the original RO implementation intact while it modifies slightly the RO enable/disable control circuit to enable different backgrounds configurations. As a result, it has a minor impact on the area. In addition, our methodology can be easily integrated with different types of post-processing techniques ([
5,
22,
23]), since the original RO-PUF structure is maintained. These post-processing blocks are necessary to avoid well-known attacks such as the modeling attack presented in [
24]. Another advantage of our proposal is the flexibility it offers. Users can select between: (1) an implementation that extends (i.e., doubles) the number of CRPs with a slight increase in area cost; and (2) an implementation that saves hardware resources by implementing fewer ROs while maintaining the same set of CRPs. This flexibility can be useful when selecting a fuzzy extractor as post-processing block. For example, given the entropy results and reliability obtained, we could use a fuzzy extractor that focuses on the sketch phase rather than the privacy amplification phase. Another possibility is the usage of a powerful fuzzy extractor [
22] along with our methodology using more divisions to quantize the different RO frequency differences.
Besides the above advantages, the increasing switching activity introduced by the different background configurations causes a higher noise level, which in turn leads to more randomness in the response with respect to the traditional RO-PUF. This is confirmed by the results of the uniqueness, bit-aliasing, uniformity and entropy metrics.
Finally, it is worth noting that our proposed scheme can be efficiently used in authentication protocols. The inclusion of the different configurations leads to a more robust authentication protocol when the ROS are controlled by a system of synchronized PRNGs [
25]. The user selects the ROs under comparison while the PRNG determines the configurations. The users know the PRNG states in advance if they are trusted. Therefore, when the PRNG is desynchronized, the user can identify that an untrusted user (attacker) is trying to gain access to the device. There are several limitations of our approached that need to be addressed. First, the power consumption will be higher than traditional RO-PUFs due to the higher switching activity. In addition, the power consumption may reveal the used background configurations. To overcome this drawback, we propose shuffling the order of ROs under comparison to obfuscate which ROs are measured each time. Moreover, the higher switching activity might also be negatively impacted by intra-die variations, which in turn affect the reliability of the response. However, based on the results presented in the previous section, this effect is negligible. Second, the acquisition of the RO frequencies in two different steps might introduce measurement errors as clock variations impact the measured frequencies. Nevertheless, the quantization method adopted by our proposal together with the enhancement method have proven to be an effective countermeasure against these phenomena. Finally, our methodology takes four times longer to enrol the ROs than the traditional RO-PUFs.
6. Conclusions
One of the main restrictions of PUF functions is the limited number of CRPs that can be generated. This is a key-point problem as they are used to distinguish/identify several chips and generate a strong cryptographic key. In this article, we improve the number of CRPs by considering different background configurations for one of the ROs under comparison. Our proposal was tested with an FPGA design. Our results show that we are able to expand the CPRs, while preserving the desired performance metrics (uniformity, bit-aliasing, reliability and uniqueness), which are required for a good PUF. In particular, the proposed method takes advantage of the background activity generated by the ROs already on-board of the original RO-PUF design. The overhead in terms of area is negligible, while a penalty is paid in terms of power consumption. Our scheme can be used to advance any application that depends on CRPs, such as IC identification or IP protection.