Highly Reliable Physically Unclonable Functions: Design, Characterization and Security Analysis

When moving into the upcoming Internet-of-Things (IoT) era, hardware security has become a very important research topic, due to the increasing demand of network-connected electronic devices. New cryptographic algorithms and hardware implementations are proposed to make the IoT ecosystem more secure, but they cannot work without good randomness. As a root-of-trust that generates randomness, a physically unclonable function (PUF) is an essential building block for hardware security. A PUF provides each electronic device a unique fingerprint originating from the random variations within an integrated circuit. The unique fingerprints are used for security applications such as entity authentication and cryptographic key generation. Ideally, the data generated by a PUF should be unpredictable, i.e., full entropy, and stable over time and environmental changes. In reality, the generated data can be biased or correlated, which results in entropy loss. Moreover, a PUF may not always exactly reproduce the same data, which results in instability. As a solution to solve these non-ideal phenomena, a new type of PUF implementations, the active PUF has been widely discussed, in which the PUF behavior is actively generated after chip fabrication. 

The soft-BD PUF utilizes the gate oxide breakdown positions of CMOS transistors as the entropy source, since these positions are stable and unpredictable. In this research, I designed two test chips in a 40nm commercial CMOS process, for both device-level and circuit-level validation of the soft-BD PUFs. Through this study, the soft-BD PUFs were implemented and characterized, demonstrating a good performance. The periphery circuits were also implemented in the second test chip, showing that soft-BD PUF is feasible to be integrated in a digital platform. I also performed statistical analysis on the experimental data, which has verified that the randomness and uniqueness are inline with the state-of-the-art PUF work. A first trial on attacking the soft-BD PUF using power analysis is also performed, showing that it is not easy to extract PUF data from the side-channel information.

As RRAM PUFs are considered as a good solution for reconfigurable PUFs, my second research topic is to verify whether they are reconfigurable or not. By surveying existing designs, several RRAM PUF implementations with possible reconfigurability are selected for further analysis. For all these RRAM PUFs, I have identified several physical phenomena that limit their reconfigurability. The limitation mainly comes from the structural variations of each RRAM device (e.g. having different numbers of oxygen vacancies), which affects the stochastic behavior of a RRAM device. Using an experiment-calibrated RRAM model, this effect can be well-described. By simulation empowered by this model, I have demonstrated that the reconfigurability of all these RRAM PUFs are not ideal.

In summary, my research demonstrated the advantages of active PUFs and wrote down a cautionary note when using them in security applications.