Cloud native EDA tools & pre-optimized hardware platforms
For many years, silicon Physical Unclonable Functions (PUFs) have been seen as a promising and innovative security technology making steady progress. Today, Static Random-Access Memory (SRAM)-based PUFs have been deployed in hundreds of millions of devices and offer a mature and viable security component that is achieving widespread adoption in commercial products. They are found in devices ranging from tiny sensors and microcontrollers to high-performance Field-Programmable Gate Arrays (FPGAs) and secure elements where they protect financial transactions, user privacy, and military secrets.
Due to deep submicron manufacturing process variations, every transistor in an Integrated Circuit (IC) has slightly different physical properties. These lead to small but measurable differences in electronic properties such as transistor threshold voltages and gain factor. Since these process variations are not fully controllable during manufacturing, these physical device properties cannot be copied or cloned.
Threshold voltages are susceptible to environmental conditions such as temperature and voltage, so their values cannot be used directly as unique secret keys or identifiers.
The behavior of an SRAM cell, on the other hand, depends on the difference in the threshold voltages of its transistors. Even the smallest differences will be amplified and push the SRAM cell into one of two stable states. Its PUF behavior is, therefore, much more stable than the underlying threshold voltages, making it the most straightforward and most stable way to use the threshold voltages to build an identifier.
Includes in-depth technical articles, white papers, videos, upcoming webinars, product announcements and more.
An SRAM memory consists of a number of SRAM cells. Each SRAM cell consists of two cross-coupled inverters built up by a p- and n-MOS transistor. When power is applied to an SRAM cell, its logical state is determined by the relation between the threshold voltages of the p-MOS transistors in the invertors. The transistor that starts conducting first determines the outcome, a logical ¡®0¡¯ or ¡®1¡¯.
It turns out that every SRAM cell has its own preferred state every time the SRAM is powered, resulting from the random differences in the threshold voltages. This preference is independent of the preference of the neighboring cells and independent of the location of the cell on the chip or on the wafer.
Hence an SRAM region yields a unique and random pattern of 0¡¯s and 1¡¯s. This pattern can be called an SRAM fingerprint since it is unique per SRAM and, hence, per chip. It can be used as a PUF.
Keys that are derived from the SRAM PUF are not stored ¡®on the chip¡¯ but they are extracted ¡®from the chip¡¯, only when they are needed. In that way they are only present in the chip during a very short time window. When the SRAM is not powered, there is no key present on the chip, making the solution very secure.
Figure 1: Extracting a strong secret key from SRAM behavior
The deep submicron process variations that determine PUF behavior are frozen during manufacturing and do not change afterwards. Hence, the preference of the SRAM cells is persistent and stable over time.
However, there is still a degree of noise. A small number of the cells, close to equilibrium, are unstable and display a seemingly random preference at power-up. So, each time the SRAM powers up, a slightly different pattern emerges. This noise component depends on temperature, voltage ramp, and operating conditions.
The noise of SRAM-based PUF responses has been exhaustively characterized and tested under a wide variety of circumstances and foundry processes:
In particular, the SRAM PUF has been qualified for automotive, industrial, and military use in collaboration with customers and partners.
Millions of measurements have been performed. Under all these circumstances, the average noise level of the SRAM-based PUF response was found to be lower than about 15%. Despite this amount of noise, it is possible to reconstruct a high-entropy device's unique and reliable key every time the SRAM is powered. This can be done by applying error correction techniques such as ¡°helper data algorithms¡±1 or ¡°fuzzy extractors¡±.2 These algorithms perform two main functions that will be explained below: error correction and privacy amplification.
Error correction techniques for cryptographic key reconstruction require an enrollment phase and a reconstruction phase. In the enrollment phase (a one-time process), the PUF response is mapped onto a codeword of an error-correcting code. Information about the mapping is stored in the Activation Code (AC) or helper data. The AC is constructed not to leak any information about the key. It should be stored in memory that is accessible by the PUF algorithms, but it can be stored off-chip as it is not sensitive. Any change to the AC, malicious or not, will prevent key reconstruction. The AC is only valid for the chip on which it was created.
Each time the device runs an authentication protocol and needs the secret PUF key, a new noisy PUF measurement is carried out, and the PUF key (without noise) is extracted from the AC and this new PUF response. This is called the reconstruction phase. Both enrollment and reconstruction phases are illustrated in Figure 2. The error correction algorithms have been designed to reconstruct the key with an average error rate of less than 10-12.3
Figure 2: Enrollment and reconstruction phase for the generation of PUF keys. Note that R is the initial PUF response during enrollment, while R¡¯ is a PUF response in the field with a noise component
Secret keys provide security since they are entirely random and, hence, unpredictable. Physical measurements, such as PUF responses, have a high degree of randomness but are usually not entirely uniformly random. Privacy amplification is used to generate uniformly random keys.
By combining error correction and privacy amplification, SRAM PUFs are constructed which create 256-bit uniformly random keys from as little as a 1kByte of SRAM while ensuring complete randomness. A typical SRAM PUF contains so much entropy that only a few dozen bytes are required to provide a collision-free globally unique identifier that can be used as a unique (but noisy) electronic chip ID (ECID) or as a serial number.
Dedicated security labs and security teams at customers have analyzed the security of Synopsys¡¯ SRAM PUF against various invasive and non-invasive physical attacks without revealing any weaknesses. Attacks with Scanning Electron Microscopes, Lasers, FIBs and probes have not been successful. Side-channel attacks have not led to any leakage of sensitive information.
Accelerated ageing tests have been performed on SRAM-PUFs to investigate the noise level as a function of time. Using a patented anti-aging technique4 a lifetime reliability can be guaranteed for SRAM PUF technology on the SoC.
Synopsys has bundled the above error correction, randomness extraction, security countermeasures and anti-ageing techniques into its products. They extract cryptographic keys from the SRAM PUF in a very secure manner and are available as RTL netlist or as software (compiled C Code).
The RTL solution is small and fast and connects to standard interconnects, such as AMBA AHB and APB, as well as proprietary interfaces. A Built-In Self-Test (BIST), diagnostics, and health checks are included in the logic. A driver and C model are provided to ease integration with software. Since it is purely digital, single-clock logic, it synthesizes readily to any technology.
Software reference implementations start from approximately 6KB of code and are available for major platforms, such as ARC, ARM, RISC-V, Intel, and Xtensa. Software implementations can be used to add PUF technology to existing products by a firmware upgrade.
Both Synopsys SRAM PUF IP types can be optimized for low footprint, low latency or low memory use, depending on the application. Re-using or integrating with existing crypto cores and random number generators can further enhance performance and reduce footprint. The Synopsys solutions come with comprehensive product specifications and integration guidelines, including reference code that illustrates API usage offered to the application programmer.
More information about the Synopsys PUF products can be found on the Synopsys website.
These Synopsys products use un-initialized SRAM. This can be a separate SRAM block or a part of a bigger existing SRAM. Standard SRAM suffices. To store the Activation Code (AC), access to a storage medium is needed. This can be embedded Non-Volatile-Memory (NVM), a separate memory on the board, e.g. flash, or cloud storage. For the software version a microcontroller is needed for which a C-compiler exists. The PUF algorithms can be stored in any NVM, e.g., flash, ROM.
SRAM is embedded in almost any microprocessor and SoC in every technology node and is part of the standard manufacturing process. There is no need for time-consuming qualification and chip testing, as extensive testing by Synopsys and its partners has shown that technology reliably scales down to the smallest technology nodes currently available.
Many of the world¡¯s largest semiconductor companies have successfully implemented our SRAM-based PUFs in their products. They are already deployed in a wide range of microcontrollers, FPGAs, smart card controllers, and data center SoCs. In other markets, software implementations have enabled rapid deployment of this technology even as a retrofit solution. Synopsys works with leading semiconductor companies and has solutions for protecting embedded systems, sensors, and controllers.
SRAM-based Physical Unclonable Functions have been successfully implemented in many commercial products. SRAM PUFs combine high security and reliability with low cost, low footprint designs, and easy implementation. They have been deployed in hundreds of millions of devices, from tiny microcontrollers and sensors to high-performance FPGAs and secure elements.
The numerous implementations have consistently demonstrated the reliability and security of the technology. SRAM PUFs are a mature and robust technology designed for security and based on solid theoretical foundations. SRAM PUFs have gained their credibility in high-security markets. They are now deployed in markets ranging from low-cost IoT applications to high-end security solutions for government, aerospace, data center, and the payment industry.
References
In-depth technical articles, white papers, videos, webinars, product announcements and more.