PUF Technology
Physical unclonable functions (PUFs) are capable of generating device secret keys without the need to store the key bitstring in any type of non-volatile memory (NVM). In order to accomplish this, the PUF engine accepts challenges and applies them to a specialized (PUF) circuit, and then regenerates the key bitstring, a.k.a. response bitstring, from the values measured from the PUF circuit. PUFs typically also require helper data as input to deal with potential bit-flip errors that can occur when reproducing the key under adverse environmental conditions, e.g., a low battery condition or cold temperature. The helper data bitstring is produced by the PUF during the first application of the challenge, a process referred to as enrollment. The helper data and challenge are stored openly (in non-secure non-volatile memory) on the device, and can be used at any time in the future for key regeneration.
The PUF measures small analog signal differences that exist among a population of identically designed devices. The device itself may be embedded within a smart phone, a desktop computer or an electronic control unit (ECU) in a vehicle. Given that all devices in the population are identically designed, their functional behavior is identical and cannot be used to distinguish one device from another. However, the manufacturing process used to make the devices is imperfect, and therefore, small differences exist in the signal behavior of every device. There are many sources of small signal variations that a PUF can measure and use to generate key bitstrings. Unfortunately, many of them are not truly random and result in undesirable bias in the key generation process. Bias occurs when the key bitstring is not completely unpredictable, e.g., it possesses more binary 0’s than 1’s. The source of random signal variations, also called entropy, is the most important aspect of a PUF architecture.
The source of entropy for IC-Safety’s metal PUF technology is variations in the resistance of wires. As mentioned, the manufacturing process is imperfect, and small differences exist in the wires fabricated on the device. Metal, poly(silicon), contacts and vias are conductors used during the fabrication of a circuit as shown in the following figure. Vias are used to connect between wires routed on different metal layers, and can be stacked as shown for a five metal layer device. The geometries of the conductors are symmetric and well aligned for ‘Device #1’ but exhibit small displacements as shown for ‘Device #2’. The resistance of the series connected conductors is given as 100 Ohms and 110 Ohms respectively for the two devices. Although the overall difference is very small and has no impact on the functionality of the device, these differences represent a source of entropy, i.e., they manifest as random variations in the resistance of a routed wire between two points. The metal PUF infrastructure measures these resistances using on on-chip instrument, and then uses the digitized resistance values to generate random keys for each device.
Metal PUF Intellectual Property Block
The metal PUF is implemented as an intellectual property (IP) block, that can be directly integrated into a larger ASIC design. The following figure shows the components of the IP block, which consists of a 2 Kilobyte (2KB) SRAM, a PUF engine (implemented as a set of finite state machines), a voltage-to-digital converter (VDC) and an array of stimulus-measure-circuits (SMCs). The PUF Engine is a digital controller that coordinates a series of operations as described in the following sections. The SRAM shown on the left is used by the PUF Engine for voltage distribution analysis and for storing helper data during bitstring generation. The edge generator (Edge Gen.), voltage-to-digital converter and SMC array define the entropy source and conversion components. The entire IP block is only 0.125 mm2 in a 65 nm technology.
Stimulus-Measure Circuit (SMC)
The SMC elements, which define the source of entropy, are grouped into 4×4 blocks as shown at the top of the following figure. Each SMC element within the block supplies a single component of entropy. A schematic of the SMC is shown in the lower-left in the figure. It is composed of an AND gate, which serves to enable the SMC, and two pass gates (PGs) connected across the entropy source. The entropy source is a 1 micron silicided polysilicon wire and a single via stack from poly up to M5. An n-channel transistor connects to the polysilicon wire and provides the stimulus of approx. 500 mA when the SMC is enabled.
The M4-M5 via on the upper end of the entropy source connects to an M5 metal plate that covers the 4×4 SMC block. The plate is connected to the VDD supply grid through a controlled-resistance silicided Poly resistor of approx. 400 Ohms. Therefore, when an SMC is enabled, the transistor current creates a voltage drop across the entropy source which can be sensed by the two PGs. The M5 plate and Poly resistor provide a common node connected to VDD for all SMCs in the 4×4 block. This common node, in combination with the TrunkSense pass gate, allow voltage variations introduced by the different transistor currents within the SMCs of the block to be eliminated, through a process called Normalization.
The SMC pass-gates (PGs) connect to two wires labeled SenseUpper and SenseLower, which are shared among all SMCs within the block. Two additional PGs at the block level connect these wires to two globally routed GSenseUpper and GSenseLower wires, which connect across the entire array of SMC blocks (the same is true of the TrunkSense wires). The PUF Engine provides a sequence of control signals which allows each of these sense voltages to be digitized by the VDC.
System Components
The SMC array is constructed as a set of 128 4×4 SMC blocks, arranged in 16 rows and 8 columns, as shown on the left in the following figure. Therefore, the entire array defines an entropy source with 2048 components. The outputs of the SMC array, GSenseUpper, GSenseLower and TrunkSense, drive two of the inputs to the voltage-to-digital converter (VDC). The component labeled Edge Gen. is used by the VDC to digitize the voltage drop between the two input voltages. The VDC outputs two 128-bit thermometer codes (TCs) that reflect the magnitude of this voltage drop.
Voltage-to-Digital Converter (VDC)
The VDC is composed of two 256-stage delay chains. The GSenseLower input connects to 128 n-channel transistors, inserted in series with the odd-numbered inverters in the delay chain. GSenseUpper connects in a similar fashion to the upper delay chain. The PUF Engine starts the digitization process by driving a rising edge into the EdgeGen. The Edge Gen. passes e1 to the corresponding VDC input but delays e2 by a small delay (determined by 32-to-1 select MUX). The two edges then `race’ down the two inverter chains at speeds relative to the magnitude of the GSenseUpper/Lower inputs.
Under the condition that GSenseUpper > GSenseLower, the edge propagating along the top delay chain eventually passes the edge on the bottom delay chain. The outputs of the even inverters along both delay chains connect to a set of latches that record the point at which this occurs. The latches in the upper chain produce a thermometer code (TC), which is defined as a string of 1’s followed by a string of 0’s, while the latches in the lower chain produce a complementary pattern. A value proportional to the magnitude of the voltage drop between GSenseUpper and GSenseLower can be obtained by counting the number of 1s in either of these TCs. We refer to the number of 1’s as a PUFNum (PN).
Interface Specification
The input-output interface is implemented with a control and status register, along with two 32-bit data registers, which can be integrated into commonly used bus-based or point-to-point interfaces such as AXI. The interface supports three separate functions including key generation (enrollment and regeneration), authentication and true-random number generation (TRNG). The challenge, helper data and other parameters such as the key or authentication bitstring size are specified by the user through this interface. The metal PUF engine outputs response bitstrings through the data registers once started with the appropriate parameters.
The register interface to the control, status and data registers are given in the following figure. Parameters to the metal PUF data post-processing algorithm are loaded using the DataInAddr and DataIn registers, while the key bitstring is read out through the DataOutAddr and DataOut registers. Helper data generated during enrollment can be accessed through the SRAMAddr and SRAMDataOut registers, and loaded during regeneration using the SRAMDataIn register. Control operations, e.g., starting the PUF engine, and status information are available through the corresponding registers.
