Integration of Physically Unclonable Functions (PUFs) in CMOS
Silicon-based Physically Unclonable Functions (PUFs) are a new type of cryptographic primitive designed to extract unique key signatures from random process-related variations in the physical quantities of semiconductor devices. The signatures are intrinsically hidden inside the complex manufacturing history of the silicon material making it difficult for an adversary to steal the information enclosed in the microstructure of a PUF device. Thus, the core design provides a secure, forgery-proof storage place for device-specific secrets that does not require peripheral anti-temper protection making the usage of PUFs appealing for low-cost chip authentication purposes and lightweight cryptographic key applications. Although the concept realization of a PUF is simple in theory, implementing a design in hardware is a challenging task due to the physical nature of the quantities from which the keys are derived. The randomness and uniqueness of the extracted keys are closely related to the uniformity of the manufacturing process. Furthermore, the signature generation is error-prone to noise and changes in the operating conditions of a PUF, thus potentially lowering the ability to distinguish different devices and limiting the usage of the raw signatures for cryptographic key applications. Since the randomness, uniqueness and stability of a PUF-based key generator are tied to the fabrication process of a device, security-relevant features inevitably depend on the hardware implementation of a PUF. The main subject of this thesis is to analyze, model and resolve this form of implementation dependency in a systematic and mathematically convenient way. For this purpose, a probabilistic model framework is developed to investigate the randomness, uniqueness and reproducibility of binary keys derived from the electrical characteristics of a PUF device. Starting from a random field description of the electrical characteristics of a PUF, the aforementioned performance metrics are modeled in terms of deterministic and stochastic process variations. The model is used to establish a link between critical design parameters of a PUF concept such as the key entropy and error correction capacity to the distributional properties of the fabrication process of a PUF design. The stochastic process representing the manufacturing conditions is approximated by parametric probability distributions, whose parameter values can be readily estimated from experimental data using variation decomposition techniques common in spatial statistics. The process model allows to accurately assess the performance of a given PUF concept fabricated in a particular production line and manufacturing process as is demonstrated for the well-known ring oscillator PUF design implemented on FPGAs. Motivated by the analysis results, a simple pair selection scheme is proposed to increase the randomness and reproducibility of keys extracted from arbitrary analog PUF devices. A high degree of randomness is achieved by pairing PUF devices featuring a similar systematic mismatch in their electrical properties in a way that minimizes the deterministic bias of individual key-bits. In order to increase the stability of the generated keys, higher order pairs are formed which prevent noise induced bit-errors to occur during the key generation process. The length and number of keys obtainable by this quantization procedure scales linearly with the size of a PUF instance. The size limitation is overcome by introducing a boolean function which recursively performs XOR operations on the output-bits of a PUF to produce an exponential number of keys.Applicability of the two concepts is verified by experimental data obtained for various devices including transistors, resistors, ring oscillators and image sensor based PUFs, implemented and fabricated in different processing technologies. Compared to state-of-the-art solutions evaluated for the same datasets, the randomness, uniqueness and stability of the generated keys could be significantly improved. Extensive measurements demonstrate that the performance of the developed concepts is nearly independent of the used device type and implementation form, whereas existing solutions fail to produce consistent results across the range of tested devices.