Physical unclonable functions: protection for electronics against illegal copying

Physical Unclonable Functions: Protection for Electronics against Illegal Copying

Сounterfeit electronic components deprive technology companies of potential income and bring health and safety risks to consumers. In May 2020, U.S. Customs and Border Protection and Homeland Security Investigation reported that within a year they seized counterfeit computer networking equipment with a total estimated manufacturer’s suggested retail price of nearly $7.3 million. 

A lot of the counterfeiting comes from China, Hong Kong and Singapore — not only electronic devices but also other products containing electronic components, such as clothes, shoes, watches, jewellery, cars.

It is impossible to calculate an exact figure for the losses associated with counterfeit electronics, the reports available today suggest that consumer and industrial businesses lose about $250 billion each year (the data from the global information board for counterfeiting, ERAI).

How to solve this problem?

This problem can be solved by various methods of protecting digital electronics from illegal copying, modification and reverse engineering: hardware encryption (AES, RSA, etc.), hashing (for example, SHA-256, MD-5), the introduction of digital watermarks and fingerprints in the design description, lexical and functional obfuscation, formal verification, and others.

In this article, we will talk about one of the most cost-effective protection methods in terms of hardware costs — physical unclonable functions (PUF).

The disadvantage of most of the methods mentioned above is significant hardware costs and, as a result, high power consumption.

With the emergence of the concept of the Internet of Things (IoT), the requirements for the area occupied by a digital device on a chip of an integrated circuit, as well as for power consumption, become more stringent as the size of devices dramatically decreases from year to year.

Physical unclonable functions (PUF)

One way to identify and authenticate digital devices is physical unclonable functions, which are much more economical to implement than the above protection methods.

What are PUF? It is difficult to find two absolutely identical objects among the material objects around us. Even in mass production, each object is unique due to inaccuracies and accidents. These features of each individual object can be registered and used as a unique identifier, a kind of a “fingerprint”.

A good example is optical PUF. Take a piece of melted glass, add air bubbles to it, cool this mass and cut it into equal bars. The chance of getting two absolutely identical bars is negligible; air bubbles inside will be distributed unevenly. We can fix these differences by sending a laser beam to the bar (request), and receiving at the output a unique interference pattern of radiation beams after refraction (response). As a result, we obtain a physical unclonable function that will determine the dependence of the response on the input request. Of course, this function is not an analytic one, so neither the legal owner of the object nor an attacker can find it out in advance. You can only test a batch of products and create a table of input and output values, which will serve as criteria for determining the authenticity of objects.

PUF for the protection of electronics are based on the use of manufacturing process variations during the manufacture of integrated circuits: for example, accurate values for threshold voltages, signal propagation delays, the frequency of component operation, etc. In the standard design process, electronics design engineers seek to reduce the impact of variations on the final product. For PUF, on the contrary, this uncontrolled phenomenon is used to extract the randomness and uniqueness of a digital device.

Actually, PUF is similar to hardware implementations of hash functions, the only difference is that the uniqueness of the output value of the PUF is based on the uniqueness of a particular integrated circuit, and not on a mathematical algorithm.

The PUF input argument (request) is called the challenge (CH), and the output value is the response (R). In this way, for some integrated circuits — ICk, the set of challenges — {CH0, …, CHN-1} — will be uniquely mapped to the set of responses {R0, …, RN-1} with PUF:

Ri = PUF (CHi)

A set of challenge-response pairs (CRP) {(CH0, R0), …, (CHN-1, RN-1)} uniquely characterizes the integrated circuit ICk and cannot be copied even for an absolutely identical design description (see diagram below).


Inter-chip and per-chip uniqueness of integrated circuits (IC)

Inter-chip and per-chip uniqueness of integrated circuits (IC)

As shown in the diagram, when implementing an identical design description of the PUF on different integrated circuits, the responses (Ri) to the same challenges (CHi) will be unique (significantly different from each other) for each copy. This phenomenon is called inter-chip uniqueness, i.e. the ability to distinguish integrated circuits from each other using PUF. When using identical realizations of PUF on a single chip to identify, for example, various components of intellectual property (IP), the phenomenon of per-chip uniqueness is observed. Since the realizations of the PUF inside a chip are different at least in their mutual arrangement, the per-chip uniqueness or chip-unique signatures is, as a rule, more pronounced than the inter-chip one.

Existing implementations of PUF and their use

Currently, there are many PUF implementations based on:

  1. Signal propagation delays. Using the binary value of challenges, the configuration of symmetrical paths is set, along which several copies of one signal are distributed. The response of the PUF is the result of comparing the propagation signal delays.
  2. Frequencies of the components. The basis of this PUF is a comparison of pairs of identical components with a unique frequency. Challenges are all kinds of pairs of indexes of various components, and the responses are the result of comparing the frequency of their work.
  3. Memory status. As a result of power-up and/or resetting the state of static storage devices (SRAM), the value originally stored in each of the memory elements (0 or 1) is unique and random. The challenge for this PUF is power on / off, and the response is the observed state of each of the memory elements that uniquely characterizes the integrated circuit on which the PUF is implemented.
  4. CMOS Image Sensor. Each image created with the help of a photosensitive matrix (Image Sensor) has a constant noise component that characterizes the uniqueness of the implemented matrix. The principle of operation of this PUF is similar to the PUF based on the comparison of frequencies with the only difference being that the comparison is made according to the values of the threshold voltage of each of the elements of the matrix.
  5. Transistor threshold voltage. This type of PUF can only be implemented as an analogue one since an engineer has access to the threshold voltage values in this case. The basis for this PUF, like the PUF on the basis of frequencies, is the comparison of the characteristics of several transistors used in the integrated circuit.
  6. Current mirror. This class of PUF is based on the implementation of an array of current mirrors. The voltage values at the nodes of this array uniquely characterize the integrated circuit. The challenge, in this case, is the numbers of the columns and rows of the elements, which voltage values you want to compare. Accordingly, the response is the result of comparing the voltage differences in a pair of nodes with a threshold value.
  7. External pressure on a smartphone screen. In this implementation, the challenge of the PUF is a user action who swipes a finger on a screen according to a certain pattern (like a graphic key in smartphones). Based on a user's pressure values on the smartphone screen, a unique response value is calculated that characterizes the user and the smartphone and thus can be used for authentication.
  8. Paper structure. This implementation of the PUF is based on the uniqueness of the paper structure due to the variations during the manufacturing process. Accordingly, a certain paper medium can be used as a source of unique cryptographic keys.

As shown above, there is a wide variety of types of PUFs that can be implemented both on digital devices and using other technologies (optical, magnetic, paper, etc.).

The first commercial implementation of PUF in 2008 was radio frequency identifiers manufactured by the Verayo Company. Also, currently, many FPGA manufacturers — for example, Xilinx and Altera (Intel) — use PUFs as the embedded non-cloning FPGA identifier.

Since PUFs are used as cryptographic primitives (random number generators, unique identifiers, hardware hash functions), many manufacturers do not disclose the use of PUFs to keep secret the details of the implementation of their security protocols from intruders.

Example of PUF-based memory (SRAM)

As an example of PUF, we will use the implementation of the PUF based on memory using the Xilinx Spartan 3E FPGA, which is part of the Digilent Nexys-2 development board. The memory element emulation was implemented as a bistable element, and the power on / off was modelled by reprogramming the FPGA using the same configuration file.

The figure below shows the identifiers of two identical FPGAs, obtained as a result of their programming with the same bit file. The black colour denotes “memory elements” that retain the value of 0 as a result of 100 reprogrammings, the white colour denotes the value of 1. The shades of grey are those that change the value from launch to launch. Accordingly, the more black in the “element” colour, the more values of 0 were generated as a result of reprogramming.

The 64-bit identifiers of two identical FPGAs

The 64-bit identifiers of two identical FPGAs

As seen from the figure, the “memory cards” method differs significantly: the Hamming distance for 64-bit identifiers is about 20. Accordingly, the probability that the identifier will be the same on different FPGAs is quite small, less than 0.01. The abovementioned “memory cards” can be used in two ways: to identify the FPGA and as a source of randomness due to the presence of non-permanent elements.

Reliable identification will require the use of error correction codes (ECC) to stabilize the observed “memory cards.” Within this article, we used the majority selection method. To implement a random number generator, on the contrary, requires the “reproduction” of the randomness of those “memory elements” whose values are unstable. For this purpose, we used signature analysis as a loss data compression algorithm. Standard hashing algorithms (for example, SHA-256) can also be used if the hardware cost constraints are not very tight.

Existing problems and prospects for PUF

Despite the relative novelty of this concept, this year the term PUF is celebrating its 20th birthday (first mentioned in 2001). During this time, the scientific community has already managed to study both the problems and possible applications of PUF.

One of the main problems, which is demonstrated by the example of PUF based on memory, is the instability of some of the values, which, in turn, forces an engineer to use error correction codes and more reliable PUF architectures.

On the other hand, the very high stability puts PUF at risk of cryptographic attack using machine learning methods, i.e. the construction is sufficiently accurate—more than 95%—a mathematical model of the PUF, which was initially (until 2010) considered impossible in the scientific community.

Nevertheless, the use of PUF in modern commercial applications as a cryptographic primitive proves the promise of research in this field in search of new PUF architectures, as well as improving the characteristics of existing implementations.