Title: Silicon Physical Unclonable Functions: Past, Up-to-date, and Future


Chip-Hong Chang, Nanyang Technological University, Singapore
Gang Qu, University of Maryland at College Park, USA


Severe security threats and alerts associated with the use of smart devices have drawn increasing public attentions since the inception of Internet of Things (IoT) in late 1990s. The booming of IoT market imposes a desperate need to protect smart devices with very limited resources. Because IoT is a network of heterogeneous "things" that are not customarily associated with the internet, the existing forms of unique identity used conveniently to connect devices to the internet for authentication can be easily compromised to create attacks that could introduce catastrophic economic and safety treats. As most IoT devices rely on sensor data to acquire information about users and their environment, the leakage of device identities may also leak physical locations and movements, which can be utilized for grievous intelligent and criminal attacks.

In this light, silicon Physical Unclonable Function (PUF), a burgeoning technology rooted in 2002, emerges as an inexpensive security primitive to overcome the device tagging problem by its radically different way of generating and processing secret keys in security hardware. The security of PUF rests in the intrinsic complexity and irreproducibility of a random physical disorder system instead of a hard-to-solve mathematical problem. Device signature generated by PUF cannot be physically replicated even by the original manufacturer with the same photolithography masks due to the uncontrollable nature of manufacturing process variations. As the secret information can only be generated by querying the PUF device when it is powered on, active manipulation of circuit structure will cause dysfunction of challenge-response mechanism and destroy the secret.

As unique and unclonable chip identifiers, PUFs find its niche in active hardware metering, which enables chip designers to lock and unlock the circuit functionality to gain post-fabrication control of their intellectual property. Besides, as chip makers are blazing new path for semiconductors to replace the plain CMOS process technology in the next decade. The rich variety of post-CMOS technologies, such as Fin Field Effect Transistor, Phase Change Memory, Spin Transfer Torque Magnetic Random Access Memory, offer different challenges and opportunities to derive new PUF systems with atypical security features and performances. Last but not least, sensors are integral parts of an IoT ecosystem for life-changing applications. Direct integration of PUF credentials into sensor circuitry or sensing data without compromising the original sensing operations holds strong promises in influencing the technological development of hardware security in IoT.

A rapid development of PUFs was witnessed in the late 2000s with leapfrog advancement towards their quality enhancement. This effort to overcome the mediocre practicality of ordinary PUFs has a positive impact towards their application development and commercialization. Meanwhile, the commercial viability of PUFs as a security token for device identification has incentivized their attacks. With enhanced speed and precision of measurements made more affordable, side channel analysis is becoming more reachable to recover the integrated secret of the ''black box'' PUF. The blossoming of machine learning has also led to myth-breaking successes over the last few years in accurately predicting the ''unpredictable'' responses and physically cloning the ''unclonable'' PUFs. Identifying the vulnerabilities and new threat landscapes of existing PUF structures has been an active ongoing research effort. The underpinning of these attacks impels countermeasures to undermine their chance of success beyond the complexity that makes them possible in the first place.

As we usher PUF into its 15th anniversary in 2017, it is time to review the advancements of PUF over the past decade. Besides classical PUF structures and their applications, this tutorial will address new PUF species derived from emerging nano-devices and sensors, as well as powerful attacks based on advanced machine learning