Making Sense Of PUFs
By BRYON MOYER (Semiconductor Engineering)
As security becomes a principal design consideration, physically unclonable functions (PUFs) are seeing renewed interest as new players emerge onto the market. PUFs can play a central role in hardware roots of trust (HRoTs), but the messaging in the market can make it confusing to understand the different types of PUF as well as their pros and cons.
PUFs leverage some uncertain aspect of some natural phenomenon to generate a unique, unpredictable, repeatable, random number. As described in a paper, “PUFs at a Glance” by Rührmair and Holcomb, “Their key idea is to exploit the ‘random physical disorder’ or the ‘manufacturing variations’ that occur in almost all physical systems on small length scales.” The generated number must be readable reliably, regardless of the temperature, voltage, or any other condition. Critically, they must be impossible to read by an unauthorized entity. The fact that no one can determine or guess the value is what makes them “unclonable.” PUFs are therefore usually heavily tamper-proofed to thwart efforts to learn the PUF value or values.
There is a wide range of proposed PUF technology, including optical. The scope of this article will be restricted to silicon-based PUFs that can be implemented monolithically with other CMOS circuits. In this case, the PUFs make use of something that is otherwise not considered useful — process variation. An effective PUF takes advantage of the minute differences between chips. The structures to be sampled must be numerous enough to provide high entropy over all of the devices to be built.
Weak and strong PUFs
Broadly speaking, there are two categories of PUFs, “weak” and “strong.” Those names are misleading because it would seem that strong PUFs would provide greater security, which is not the case. Instead, the two are used in very different ways.
Weak PUFs provide a single value — or perhaps a small number (low hundreds) of values. Most frequently, the PUF is simply accessed and a value returned. Strong PUFs, by contrast, have thousands to millions of values — the more the better. With a strong PUF, the act of requesting one of those values is referred to as a “challenge”; the value received is the “response.” As it turns out, weak PUFs currently provide the strongest security; strong PUFs have not yet proven themselves secure enough to be deployed commercially.
A third middle ground that some refer to as “controlled” PUFs aims to protect strong PUFs by preventing the direct readout of the responses. “A controlled PUF … uses a Strong PUF as a building block, but adds control logic that surrounds the PUF. The logic prevents challenges from being applied freely to the PUF and hinders direct read-out of its responses,” notes a paper by Ruhrmair et al.
Many PUF types require initialization during manufacturing — typically during final test. This step is referred to as “enrollment.” The enrollment is the first time that the variations in the chip are leveraged to create a value, and depending on the type of PUF, it has different effects. The specifics for the more common types are described below....more