A Configurable RO-PUF for Securing Embedded Systems Implemented on Programmable Devices

Martínez-Rodríguez, Macarena C.; Camacho-Ruiz, Eros; Brox, Piedad; Sánchez-Solano, Santiago

doi:10.3390/electronics10161957

Cited by 12 publications

(25 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the other hand, multiple competitions of the same pair of ROs will also produce slightly different results, as a consequence of changes in operating conditions and the possible presence of different sources of noise in the device that implements the system. The results obtained in the characterization of the RO-PUF presented in [10] experimentally demonstrated that stability and entropy are inversely proportional when analyzing these properties for each of the bits of the counters. The characterization process showed that the four LSBs correspond to the most unstable bits and therefore represent the highest level of entropy within each number generated by the losing counters.…”

Section: Introductionmentioning

confidence: 94%

“…This paper presents a TRNG, developed from an existing RO-PUF circuit [10], designed in VHDL language for the Xilinx Zynq-7000 family devices and implemented on the Pynq-Z2 development board. This design also uses the strategy of comparing RO pairs to generate random bits, but differs from the last referenced work in the way the RO pairs are selected to perform such counts, allowing us to explore different competition strategies [11], which in our context represents different options to build a TRNG.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

True Random Number Generator based on RO-PUF

Rojas-Muñoz

Sánchez-Solano

Martínez-Rodríguez

et al. 2022

2022 37th Conference on Design of Circuits and Integrated Circuits (DCIS)

Self Cite

View full text Add to dashboard Cite

The implementation of true random number generators is of vital importance to preserve the reliability of cryptographic systems. The lack of entropy can compromise their integrity, affecting the security of the entire chain of applications. Ensuring the effectiveness of a random number generator can be understood as reducing the risk of information loss due to possible attacks by third parties. This paper presents a novel approach for a true random number generator based on a Ring Oscillator-Physical Unclonable Function. Since the principle of operation of physical unclonable functions is based on the physical properties of each device, they can be used for security applications such as device identification, counterfeit prevention and increase the robustness of cryptographic functions. In addition, increasing the versatility of the design to use them as a source of entropy, they can also fulfill tasks such as generation of initialization vectors or nonces and keys for symmetric cryptography. The system incorporates multiple operating configurations, which allows a complete analysis of its performance to adapt it to different application scenarios. The randomness and correct operation of the proposed design have been evaluated online, by incorporating it into a hybrid HW/SW embedded system able to run the official test suite published by the National Institute of Standards and Technology without any need for post-processing. The architecture has been designed for Xilinx Zynq-700 family devices and implemented on the Pynq-Z2 development board.

show abstract

Section: Introductionmentioning

confidence: 94%

Section: Introductionmentioning

confidence: 99%

True Random Number Generator based on RO-PUF

Rojas-Muñoz

Sánchez-Solano

Martínez-Rodríguez

et al. 2022

2022 37th Conference on Design of Circuits and Integrated Circuits (DCIS)

Self Cite

View full text Add to dashboard Cite

show abstract

“…The output of the RO-PUF is a bitstream conformed by the concatenation of the bits selected for each of the comparisons after the complete challenges sequence has been applied. However, in our contribution, two simultaneous comparisons will be carried out in parallel taking advantage of the two different behaviors identified in [19], depending on whether the comparison is made between two ROs implemented in LookUp Tables (LUTs) placed in the same position of different CLBs or between ROs implemented in LUTs placed in different positions within the same or a different CLB, thus doubling the bit generation rate in the PUF response. The selection and enabling signals for the two pairs of ROs to be compared in each comparison cycle are provided, respectively, by the challenge generation (ro_chl) and enable (ro_en) blocks.…”

Section: Ro-puf Ip Module Design and Implementationmentioning

confidence: 99%

“…The operating principle of silicon PUFs is based on the variations that arise during the manufacturing process of an integrated circuit. Roughly, research on silicon PUFs has focused on three categories: (i) memory-based PUFs (SRAM [7], DRAM [8,9]) that use unpredictable start-up values of memory cells; (ii) delay-based PUFs that use the relative time delay differences between two theoretically identical circuits (Ring oscillators [10]- [19], Arbiter [20], Butterfly [21]); and (iii) analog PUFs that exploit measurements of variables in mixed-signal and analog integrated circuits (for instance, current mirrors [22]).…”

Section: Introductionmentioning

confidence: 99%

Efficient RO-PUF for Generation of Identifiers and Keys in Resource-Constrained Embedded Systems

Martínez-Rodríguez¹,

Rojas-Muñoz²,

Camacho-Ruiz³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Generation of unique identifiers extracted from the physical characteristics of the underlying hardware ensures the protection of electronic devices against counterfeiting and provides security to the data they store and process. This work describes the design of an efficient Physical Unclonable Function (PUF) based on the differences in the frequency of Ring Oscillators (ROs) with identical layout due to variations in technological processes involved in the manufacture of the integrated circuit. The logic resources available in the Xilinx Series-7 programmable devices are exploited in the design to make it more compact and achieve an optimal bit-per-area rate. On the other hand, the design parameters can also be adjusted to provide a high bit-per-time rate for a particular target device. The PUF has been encapsulated as a configurable Intellectual Property (IP) module, providing it with an AXI4-Lite interface to ease its incorporation into embedded systems in combination with soft- or hard-core implementations of general-purpose processors. The capability of the proposed RO-PUF to generate implementation-dependent identifiers has been extensively tested, using a series of metrics to evaluate its reliability and robustness for different configuration options. Finally, in order to demonstrate its utility to improve system security, the identifiers provided by RO-PUFs implemented on different devices have been used in a Helper Data Algorithm (HDA) to obfuscate and retrieve a secret key.

show abstract

“…Two groups of silicon PUFs are usually distinguished in the literature based on the circuitry utilized to exploit intrinsic variability in the Integrated Circuit (IC) manufacturing process: memory-based and delay-based PUFs. Memory-based PUFs (SRAM [14], DRAM [15,16]), rely on the erratic start-up values of memory cells when the circuit is turned on, while delay-based PUFs (Ring oscillators (ROs) [17][18][19][20][21][22][23][24][25][26], Arbiter [27], Butterfly [28]), take advantage of the differences in delays in signal transmission through two ideally identical paths of an electronic circuit. The on-chip memories of programmable devices are typically initialized to a fixed value after startup, making SRAM-based PUFs impractical for these devices.…”

Section: Introductionmentioning

confidence: 99%

On-Line Evaluation and Monitoring of Security Features of an RO-Based PUF/TRNG for IoT Devices

Rojas-Muñoz¹,

Sánchez-Solano²,

Martínez-Rodríguez³

et al. 2023

Preprint

View full text Add to dashboard Cite

The proliferation of devices for the Internet of Things (IoT) and their implication in many activities of our lives have led to a considerable increase in concern about the security of these devices, posing a double challenge for designers and developers of products. On the one hand, the design of new security primitives, suitable for resource-limited devices, that can facilitate the inclusion of mechanisms and protocols to ensure the integrity and privacy of the data exchanged over the Internet. On the other hand, the development of techniques and tools to evaluate the quality of the proposed solutions as a step prior to their deployment, as well as to monitor their behavior once in operation against possible changes in operating conditions arising naturally or as a consequence of a stress situation forced by an attacker. To address these challenges, this paper first describes the design of a security primitive that plays an important role as a component of a hardware-based root of trust, as it can act as a source of entropy for true random number generation (TRNG) or as a physical unclonable function (PUF) to facilitate the generation of identifiers linked to the device on which it is implemented. The work also illustrates different software components that allow carrying out a self-assessment strategy to characterize and validate the performance of this primitive in its dual functionality, as well as to monitor possible changes in security levels that may occur during operation as a result of device aging and variations in power supply or operating temperature. The designed PUF/TRNG is provided as a configurable IP module, which takes advantage of the internal architecture of the Xilinx Series-7 and Zynq-7000 programmable devices and incorporates an AXI4-based standard interface to facilitate its interaction with soft- and hard-core processing systems. Several test systems that contain different instances of the IP have been implemented and subjected to an exhaustive set of on-line tests to obtain the metrics that determine its quality in terms of uniqueness, reliability, and entropy characteristics. The results obtained prove that the proposed module is a suitable candidate for various security applications. As an example, an implementation that uses less than 5% of the resources of a low-cost programmable device is capable of obfuscating and recovering 512-bit cryptographic keys with virtually zero error rate.

show abstract

A Configurable RO-PUF for Securing Embedded Systems Implemented on Programmable Devices

Cited by 12 publications

References 28 publications

True Random Number Generator based on RO-PUF

True Random Number Generator based on RO-PUF

Efficient RO-PUF for Generation of Identifiers and Keys in Resource-Constrained Embedded Systems

On-Line Evaluation and Monitoring of Security Features of an RO-Based PUF/TRNG for IoT Devices

Contact Info

Product

Resources

About