Types of physical unclonable function
Physical unclonable function, sometimes also called physically unclonable function, is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict.
All PUFs are subject to environmental variations such as temperature, supply voltage and electromagnetic interference, which can affect their performance. Therefore, rather than just being random, the real power of a PUF is its ability to be different between devices, but simultaneously to be the same under different environmental conditions.
PUF categorization
Measurement process
One way to categorise the numerous PUF concepts is by how the source of variation within each PUF is measured. For instance some PUFs examine how the source of uniqueness interacts with, or influences, an electronic signal to derive the signature measurement while others examine the effects on the reflection of incident light, or another optical process. This also typically correlates with the intended application for each PUF concept. As an example, PUFs that probe uniqueness through electronic characterization are most suitable for authenticating electronic circuits or components due to the ease of integration. On the other hand, PUFs that authenticate physical objects tend to probe the PUF using a second process, such as optical or radio frequency methods, that are then converted into electronic signal forming a hybrid measurement system. This allows for easier communication at a distance between the separate physical authenticating tag or object and the evaluating device.Randomness source
One major way that PUFs are categorized is based on examining from where the randomness or variation of the device is derived. This source of uniqueness is either applied in an explicit manner, through the deliberate addition of extra manufacturing steps, or occurring in an implicit manner, as part of the typical manufacture processes. For example, in the case of electronic PUFs manufactured in CMOS, adding additional CMOS components is possible without introducing extra fabrication steps, and would count as an implicit source of randomness, as would deriving randomness from components that were already part of the design to start with. Adding, for example, a randomized dielectric coating for the sole purpose of PUF fingerprinting would add additional manufacturing steps and would make the PUF concept or implementation fall into the explicit category. Implicit randomness sources show benefit in that they do not have additional costs associated with introducing more manufacturing steps, and that randomness derived from the inherent variation of the device’s typical manufacture process cannot be as directly manipulated. Explicit randomness sources can show benefit in that the source of randomness can be deliberately chosen, for instance to maximize variation or increase cloning difficulty.Intrinsic evaluation
In a similar manner to the classification of a PUF by its randomness source, PUF concepts can be divided by whether or not they can evaluate in an intrinsic manner. An PUF is described as intrinsic if its randomness is of implicit origin and can evaluate itself internally. This means that the mechanism for characterizing the PUF is intrinsic to, or embedded within, the evaluating device itself. This property can currently only be held by PUFs of entirely electronic design, as the evaluation processing can only be done through the involvement of electronic circuitry, and therefore can only be inseparable to an electronic randomness probing mechanism. Intrinsic evaluation is beneficial as it can allow this evaluation processing and post-processing to occur without having the unprocessed PUF readout exposed externally. This incorporation of the randomness characterization and evaluation processing into one unit reduces the risk of man-in-the-middle and side-channel attacks aimed at the communication between the two areas.PUF name | Measurement process | Randomness source | Intrinsic evaluation? | Year |
Delay PUF | Fully Electronic | Implicit | Intrinsic | 2002 |
SRAM PUF | Fully Electronic | Implicit | Intrinsic | 2007 |
Metal resistance PUF | Fully Electronic | Implicit | Intrinsic | 2009 |
Bistable Ring PUF | Fully Electronic | Implicit | Intrinsic | 2011 |
DRAM PUF | Fully Electronic | Implicit | Intrinsic | 2015 |
Digital PUF | Fully Electronic | Implicit | Intrinsic | 2016 |
Oxide Rupture PUF | Fully Electronic | Implicit | Intrinsic | 2018 |
Coating PUF | Fully Electronic | Explicit | Extrinsic | 2006 |
Quantum Electronic PUF | Fully Electronic | Explicit | Extrinsic | 2015 |
Optical PUF | Optical | Explicit | Extrinsic | 2002 |
Quantum Optical PUF | Optical | Explicit | Extrinsic | 2017 |
RF PUF | RF | Explicit | Extrinsic | 2002 |
Magnetic PUF | Magnetic | Implicit | Extrinsic | 1994 |
Electronic-measurement PUFs
Implicit randomness
Delay PUF
A delay PUF exploits the random variations in delays of wires and gates on silicon. Given an input challenge, a race conditionis set up in the circuit, and two transitions that propagate along different paths are compared to see which comes first. An arbiter, typically implemented as a latch, produces a 1 or a 0, depending on which transition comes first. Many circuits realizations are possible and at least two have been fabricated. When a circuit with the same layout mask is fabricated on different chips, the logic function implemented by the circuit is different for each chip due to the random variations of delays.
A PUF based on a delay loop, i.e., a ring oscillator with logic, in the publication that introduced the PUF acronym and the first integrated PUF of any type. A multiplexor-based PUF has been described, as has a secure processor design using a PUF and a multiplexor-based PUF with an RF interface for use in RFID anti-counterfeiting applications.
SRAM PUF
These PUFs use the randomness in the power-up behavior of standard static random-access memory on a chip as a PUF. The use of SRAM as a PUF was introduced in 2007 simultaneously by researchers at the Philips High Tech Campus and at the University of Massachusetts. Since the SRAM PUF can be connected directly to standard digital circuitry embedded on the same chip, they can be immediately deployed as a hardware block in cryptographic implementations, making them of particular interest for security solutions. SRAM-based PUF technology has been investigated extensively. Several research papers explore SRAM-based PUF technology on topics such as behavior, implementation, or application for anti-counterfeiting purposes. Notable is the implementation of secure secret key storage without storing the key in digital form. SRAM PUF-based cryptographic implementations have been commercialized by Intrinsic ID, a spin-out of Philips, and as of 2019, are available on every technology node from 350nm down to 7nm.Due to deep submicron manufacturing process variations, every transistor in an Integrated Circuit has slightly different physical properties. These lead to small differences in electronic properties, such as transistor threshold voltages and gain factor. The start-up behavior of an SRAM cell depends on the difference of the threshold voltages of its transistors. Even the smallest differences will push the SRAM cell into one of the two stable states. Given that every SRAM cell has its own preferred state every time it is powered, an SRAM response yields a unique and random pattern of zeros and ones. This pattern is like a chip’s fingerprint, since it is unique to a particular SRAM and hence to a particular chip.
Post-processing of SRAM PUF
SRAM PUF response is a noisy fingerprint since a small number of the cells, close to equilibrium is unstable. In order to use SRAM PUF reliably as a unique identifier or to extract cryptographic keys, post-processing is required. This can be done by applying error correction techniques, such as ‘helper data algorithms’ or fuzzy extractors. These algorithms perform two main functions: error correction and privacy amplification. This approach allows a device to create a strong device-unique secret key from the SRAM PUF and power down with no secret key present. By using helper data, the exact same key can be regenerated from the SRAM PUF when needed.Aging of SRAM PUF
An operational IC slowly but gradually changes over time, i.e. it ages. The dominant aging effect in modern ICs that at the same time has a large impact on the noisy behavior of the SRAM PUF is NBTI. Since the NBTI is well understood, there are several ways to counteract the aging tendency. Anti-aging strategies have been developed that cause SRAM PUF to become more reliable over time, without degrading the other PUF quality measures such as security and efficiency.SRAM PUF in commercial applications
SRAM PUFs were initially used in applications with high security requirements, such as in defense, to protect sensitive government and military systems, and in the banking industry, to secure payment systems and financial transactions. In 2010, NXP started using SRAM PUF technology to secure SmartMX-powered assets against cloning, tampering, theft-of-service and reverse engineering. Since 2011, Microsemi is offering SRAM PUF implementations to add security to secure government and sensitive commercial applications on the company's flash-based devices and development boards. More recent applications include: a secure sensor-based authentication system for the IoT, incorporation in RISC-V-based IoT application processors to secure intelligent, battery-operated sensing devices at the edge, and the replacement of traditional OTP-plus-key-injection approaches to IoT security in high-volume, low-power microcontrollers and crossover processors.Some SRAM-based security systems in the 2000s refer to "chip identification" rather than the more standard term of "PUF." The research community and industry have now largely embraced the term PUF to describe this space of technology.
Butterfly PUF
The Butterfly PUF is based on cross-coupling of two latches or flip-flops. The mechanism being used in this PUF is similar to the one behind the SRAM PUF but has the advantage that it can be implemented on any SRAM FPGA.Metal resistance PUF
The metal resistance-based PUF derives its entropy from random physical variations in the metal contacts, vias and wires that define the power grid and interconnect of an IC. There are several important advantages to leveraging random resistance variations in the metal resources of an IC including:- Temperature and voltage stability: Temperature and voltage variations represent one of the most significant challenges for PUFs in applications that require re-generation of exactly the same bitstring later in time, e.g., encryption. Metal resistance varies linearly with temperature and is independent of voltage. Therefore, metal resistance provides a very high level of robustness to changing environmental conditions.
- Ubiquity: Metal is the only conducting material on the chip that is layered, effectively enabling high density, and very compact, PUF entropy sources. Advanced processes create 11 or more metal layers on top of the plane of the underlying transistors.
- Reliability: The wear-out mechanism for metal is electro-migration, which like TV variations, adversely affects the ability of the PUF to reproduce the same bitstring over time. However, the electro-migration process is well understood and can be completely avoided with proper sizing of the metal wires, vias and contacts. Transistor reliability issues, e.g., NBTI and HCI, on the other hand, are more difficult to mitigate.
- Resiliency: Recent reports have shown that transistor-based PUFs, in particular the SRAM PUF, are subject to cloning. Metal resistance PUFs are not subject to these types of cloning attacks due to the high complexity associated with 'trimming' wires in the clone as a means of matching resistances. Moreover, by adding one or more shielding layers in the thicker upper metal layers that overlay the underlying PUF, front-side probing attacks designed to extract the metal resistances for the clone is extremely difficult or impossible.
Bistable Ring PUF
DRAM PUF
Since many computer systems have some form of DRAM on board, DRAMs can be used as an effective system-level PUF, which was presented for the first time by Tehranipoor et al. DRAM is also much cheaper than static RAM. Thus, DRAM PUFs could be a source of random but reliable data for generating board identifications. The advantage of the DRAM PUF is based on the fact that the stand-alone DRAM already present in a system on a chip can be used for generating device specific signatures without requiring any additional circuitry or hardware. PUFs intrinsic to DRAM ICs have not been explored extensively as a system-level security PUF.Digital PUF
Digital PUF overcomes the vulnerability issues in conventional analog silicon PUFs. Unlike the analog PUFs where the fingerprints come from transistors' intrinsic process variation natures, the fingerprints of digital circuit PUFs are extracted from the VLSI interconnect geometrical randomness induced by lithography variations. Such interconnection uncertainty however is incompatible to CMOS VLSI circuits due to issues like short-circuit, floating gate voltages etc. for transistors. One solution is to use strongly skewed latches to ensure the stable operating state of each CMOS transistor hence ensuring the circuit itself is immune against environmental and operational variations.Oxide Rupture PUF
Oxide rupture PUF is a type of PUF benefiting from randomness obtained from inhomogeneous natural gate oxide properties occurring in IC manufacturing process. Along with the truly random, un-predictable and highly stable properties, which is the most ideal source for physical unclonable function. IC design houses can strongly enhance security level by implementing oxide rupture PUF in its IC design, without concerns about the reliability and life time issue and can get rid of the additional costs from complicated ECC circuits. Oxide rupture PUF can extract uniformly-distributed binary bits through amplification and self-feedback mechanism, the random bits are activated upon enrollment, and due to a large entropy bit pool, users are provided the desired flexibility to choose their own key-generation and management approaches. Security level can be upgraded by oxide rupture PUF's intrinsic truly randomness and invisible features.Explicit randomness
Coating PUF
A coating PUF can be built in the top layer of an integrated circuit. Above a normal IC, a network of metal wires is laid out in a comb shape. The space between and above the comb structure is filled with an opaque material and randomly doped with dielectric particles. Because of the random placement, size and dielectric strength of the particles, the capacitance between each couple of metal wires will be random up to a certain extent. This unique randomness can be used to obtain a unique identifier for the device carrying the Coating PUF. Moreover, the placement of this opaque PUF in the top layer of an IC protects the underlying circuits from being inspected by an attacker, e.g. for reverse-engineering. When an attacker tries to remove the coating, the capacitance between the wires is bound to change and the original unique identifier will be destroyed. It was shown how an unclonable RFID tag is built with coating PUFs.Quantum Electronic PUF
As the size of a system is reduced below the de Broglie wavelength, the effects of quantum confinement become extremely important. The intrinsic randomness within a quantum confinement PUF originates from the compositional and structural non-uniformities on the atomic level. The physical characteristics are dependent on the effects of quantum mechanics at this scale, whilst the quantum mechanics are dictated by the random atomic structure. Cloning this type of structure is practically impossible due to the large number of atoms involved, the uncontrollable nature of processes on the atomic level and the inability to manipulate atoms reliably.It has been shown that quantum confinement effects can be used to construct a PUF, in devices known as resonant-tunneling diodes. These devices can be produced in standard semiconductor fabrication processes, facilitating mass-production of many devices in parallel. This type of PUF requires atom-level engineering to clone and is the smallest, highest bit density PUF known to date. Furthermore, this type of PUF could be effectively reset by purposely overbiasing the device to cause a local rearrangement of atoms.
Hybrid-measurement PUFs
Implicit randomness
Magnetic PUF
A magnetic PUF exists on a magnetic stripe card. The physical structure of the magnetic media applied to a card is fabricated by blending billions of particles of barium ferrite together in a slurry during the manufacturing process. The particles have many different shapes and sizes. The slurry is applied to a receptor layer. The particles land in a random fashion, much like pouring a handful of wet magnetic sand onto a carrier. To pour the sand to land in exactly the same pattern a second time is physically impossible due to the inexactness of the process, the sheer number of particles, and the random geometry of their shape and size. The randomness introduced during the manufacturing process cannot be controlled. This is a classic example of a PUF using intrinsic randomness.When the slurry dries, the receptor layer is sliced into strips and applied to plastic cards, but the random pattern on the magnetic stripe remains and cannot be changed. Because of their physically unclonable functions, it is highly improbable that two magnetic stripe cards will ever be identical. Using a standard-sized card, the odds of any two cards having an exact matching magnetic PUF are calculated to be 1 in 900 million. Further, because the PUF is magnetic, each card will carry a distinctive, repeatable and readable magnetic signal.
- Personalizing the magnetic PUF: The personal data encoded on the magnetic stripe contributes another layer of randomness. When the card is encoded with personal identifying information, the odds of two encoded magstripe cards having an identical magnetic signature are approximately 1 in 10 Billion. The encoded data can be used as a marker to locate significant elements of the PUF. This signature can be digitized and is generally called a magnetic fingerprint. An example of its use is in the Magneprint brand system.
- Stimulating the magnetic PUF: The magnetic head acts as a stimulus on the PUF and amplifies the random magnetic signal. Because of the complex interaction of the magnetic head, influenced by speed, pressure, direction and acceleration, with the random components of the PUF, each swipe of the head over the magnetic PUF will yield a stochastic, but very distinctive signal. Think of it as a song with thousands of notes. The odds of the same notes recurring in an exact pattern from a single card swiped many times are 1 in 100 million, but overall the melody remains very recognizable.
- Uses for a magnetic PUF: The stochastic behavior of the PUF in concert with the stimulus of the head makes the magnetic stripe card an excellent tool for dynamic token authentication, forensic identification, key generation, one-time passwords, and digital signatures.
Explicit randomness
Optical PUF
An optical PUF which was termed POWF consists of a transparent material that is doped with light scattering particles. When a laser beam shines on the material, a random and unique speckle pattern will arise. The placement of the light scattering particles is an uncontrolled process and the interaction between the laser and the particles is very complex. Therefore, it is very hard to duplicate the optical PUF such that the same speckle pattern will arise, hence the postulation that it is "unclonable".Quantum Optical PUF
Leveraging the same quantum derived difficulty to clone as the Quantum Electronic PUF, a Quantum PUF operating in the optical regime can be devised. Imperfections created during crystal growth or fabrication lead to spatial variations in the bandgap of 2D materials that can be characterized through photoluminescence measurements. It has been shown that an angle-adjustable transmission filter, simple optics and a CCD camera can capture spatially-dependent photoluminescence to produce complex maps of unique information from 2D monolayers.RF PUF
The digitally modulated data in modern communication circuits are subjected to device-specific unique analog/RF impairments such as frequency error/offset and I-Q imbalance, and are typically compensatedfor at the receiver which rejects these non-idealities. RF-PUF, and RF-DNA utilize those existing non-idealities to distinguish among transmitter instances. RF-PUF does not use any additional hardware at the transmitter and can be used as a stand-alone physical-layer security feature, or for multi-factor authentication, in conjunction with network-layer, transport-layer and application-layer security features.