Physical Unclonable Functions
Physical Unclonable Functions (PUF) technology is one of the latest breakthroughs in semiconductor security. PUF is a silicon "biometrics" technology, a type of electronic DNA or fingerprint technology for semiconductor ICs. PUF extracts unique "secrets" from each and every IC. These secrets are used to authenticate ICs, and enable a broad range of security applications.
Concept
Semiconductor manufacturing process has unavoidable variations. Indeed any circuit design, when fabricated in silicon, exhibits slightly different electrical behavior from one chip to the next, even though the design, mask and fab are identical.
PUFs are a class of simple, tiny, low power circuit primitives that exploit these manufacturing process variations to uniquely characterize each and every IC. Since these manufacturing process variations are
- Unpredictable, though persistent
- Impossible to model or replicate
- Beyond manufacturer’s control
PUFs can extract virtually unlimited (implementation defined) number of unique characteristics from each IC. These unique characteristics serve as "secrets" for various security applications.
How PUFs Work?
PUFs can be implemented in many different ways, but all PUF implementations provide a mechanism to extract the unique characteristics or secrets from the semiconductor ICs. Some PUF implementations use a challenge and response protocol to extract these secrets.
The figure above shows a MUX and arbiter based PUF implementation (MUX-PUF). The MUX-PUF takes a random number input as a challenge. The bit length of the challenge is implementation specific, the example above assumes a 64 bit challenge. For each challenge input, the MUX-PUF generates a response. The bit length of this response is again implementation specific, the example above assumes a 64 bit response. These challenges and responses have the following characteristics:
- The number of challenge and response pairs for each IC can be arbitrarily large (2^64 in this example)
- For a given challenge, the same IC always has a consistent response
- For a given challenge, different ICs have different responses
- Secure authentication of ICs - ASICs, FPGAs
- Secret key generation for cryptographic applications
PUF based Secure Authentication
For simple IC authentication, PUF challenge response pairs are collected from each IC, and stored in a secure database. The number of challenge response pairs to store is application defined (configurable).
To authenticate any given IC at a later time, in the field, one of the challenges is presented to the IC. The PUF embedded in the IC generates a response. If the response matches the one stored in the secure database, the IC is authentic. To prevent man-in-the-middle attacks, each challenge and response pair is used only once.
Note, for a given challenge, a PUF may not necessarily generate the exact same bit-to-bit response every time. There may be some noise or bit errors. Verayo's patent pending PUF designs reduce and correct noise, and enhance the reliability of PUFs. These design enhancements ensure that for any given challenge, the noise or bit errors in responses from the same IC remain consistently below a well-defined threshold. And, for any given challenge, the noise or bit errors in responses from two different ICs remain consistently above a certain well-defined threshold.
PUF based Secret Key Generation
Conventional security solutions based on cryptographic schemes require secrets or keys stored in the ICs. The reliability of the entire system depends on the reliability of these stored keys.
Verayo's CryptoPUF (shown above) eliminates the need for stored keys. The CryptoPUF dynamically generates reliable secret keys for cryptographic operations. Even if the PUF does not generate the exact same output (response to a given challenge) every time, the advanced error reduction and correction technology included in the CryptoPUF ensures it generates the exact same secret keys every time. The Verayo CryptoPUF can generate virtually unlimited number of these unique, volatile secret keys for each IC. This allows the CryptoPUF to provision additional (virtually unlimited) vendors, services or features, a severe limitation in conventional crypto platforms. Additionally, the CryptoPUF can securely generate secrets keys and provision services or renew root master keys even after being deployed in the field.
PUF Technology Advantages
PUF technology is elevating the security and trust of semiconductor ICs and IC based systems. PUF based ICs and systems are:- Trusted
It is effectively impossible to clone PUF based ICs. PUF technology provides a reliable and secure way to authenticate PUF based ICs and systems. - Highly secure and robust
Unlike conventional security solutions, PUFs do not store secret keys for cryptographic operations. PUFs dynamically generate virtually unlimited number of unique, volatile secrets for each IC. - Tamper proof
PUFs are inherently tamper proof. An invasive physical attack on a PUF will change the PUF characteristics, and hence prevent successful authentication and disable key generation applications. - Simple to provision and manage
PUFs eliminate the need to securely provision, store and manage cryptographic keys. PUFs can dynamically and securely generate new keys for every authentication event, or for provisioning new services.
Performance and Reliability
Verayo has done extensive testing and characterization of PUF technology. Verayo has developed patent pending PUF circuit designs, error reduction and correction technologies that improve the security and reliability of PUF technology. Our test results demonstrate PUFs can securely and reliably authenticate ICs and generate volatile secret keys. With the right design and implementation, PUFs can have greater than 9-9s reliability, that is, a failure rate of less than one in a billion.