SRAM PUF: A Closer Look at the Most Reliable and Most Secure PUF
By Geert-Jan Schrijen (Intrinsic ID)
A recent article on the reliability of SRAM PUFs as a security mechanism for connected devices raised points worthy of discussion. Certainly, in today’s ever-more-connected world of the internet of things (IoT) and proliferating 5G networks, hardware-based security is more important than ever. So, if you’re looking for a way to secure a connected device, how do you evaluate the security and reliability of the various options available?
What is an SRAM PUF?
First, what is a PUF, and how does it provide security? A PUF is a Physical Unclonable Function – a physical structure placed within a physical entity to create a unique identity. This unique identity is used as the foundation, or “root of trust,” for security.
Multiple approaches to using a PUF to secure a device exist. One such approach is SRAM PUF, which uses the random differences in the SRAM’s threshold voltages to create a digital fingerprint unique to that device. This digital fingerprint is then used to create a secret key that forms the basis of the security subsystem for that device. Critically, this secret key is not stored but is dynamically regenerated from the SRAM PUF inside a secure perimeter. This means that even if the memory is breached, no key is stored there, so it can’t be stolen or compromised.
Intrinsic ID SRAM PUFs have been used in production for more than a decade, and so the technology has been honed and has matured over time. These SRAM PUFs are deployed in hundreds of millions of devices from leading-edge suppliers, including four of the five leading microprocessor suppliers. One of the reasons SRAM PUFs are so reliable and secure is that they have had the benefit of extended field use to influence their development.
Evaluating SRAM PUF Reliability
Let’s dig deeper into questions that might arise as you evaluate the reliability of the SRAM PUF. You may wonder if the random differences in the threshold voltages used to create the SRAM PUF are smaller with advanced process nodes, causing more start-up SRAM cell values to flip at repetitive readout. While it is true that the absolute differences in threshold voltages become smaller, it is also known that the impact of process variation becomes bigger with smaller technology nodes (Pelgrom’s law 1). In deployment, we have seen that smaller nodes – down to 7nm so far – often show fewer bit flips (less noise) in the SRAM PUF values. Intel has published their experience with SRAM PUFs at 14nm. 2
Some might question if variations such as temperature and voltage variations, as well as time, cause more noise in the random values extracted from the SRAM. Ambient conditions have an impact on all electronic devices, and devices do simply age. SRAM PUFs are mainly impacted by negative bias temperature instability (NBTI); it has been observed that the impact of aging depends strongly on the data stored in the SRAM. Based on this knowledge, anti-aging measures can be applied that cause the SRAM PUF to grow more reliable over time, and can actually extend the life of the SRAM!
Finally, you may have heard that SRAM PUFs use error-correction
codes to account for variations in start-up values, and so might
worry that this process is time-consuming or cumbersome. To the
contrary it has been well established that helper
data algorithms 3 4 or Fuzzy
Extractors 5 are used to
ensure that exactly the same key can be reconstructed under all
circumstances, from winter in Alaska to summertime in Death
Valley. Any PUF without some kind of correction system would be
vulnerable to ambient effects and aging. However, if designed and
deployed correctly, helper data ensures the reliability of a PUF
system. In fact, even if the PUF system had to correct an error
rate of up to 25 percent, SRAM PUFs would still function within
specification. In field deployment, the noise level encountered by
SRAM PUF systems is typically smaller than 10 percent, well within specification boundaries 6. In fact, SRAM PUFs
are so robust that they have been chosen for use in devices
intended to be deployed in outer space.
In God We Trust. All Others Bring Data.
Claims about the Hamming weight and distance for any particular solution are easy to publish. But if you’re evaluating IoT device security options and hear conflicting claims, ask to see the data behind the claims – not just a summary chart, but real, operational data. If you’d like to learn more about the reliability of Intrinsic ID SRAM PUFs 6, this whitepaper provides a detailed overview. You might also want to review this peer-reviewed paper, presented at CHES 2013 and published by Springer.7
Some Final Questions to Ask
Ask to see a list of customers, application types, and supported process platforms. We believe that when you see the data, hear the stories of actual customers and their applications, you’ll come to the same conclusion as the leaders in IoT devices: SRAM PUFs are the most reliable, secure solution available today.
Finally, ask if the security option you’re considering stores a key. Not only are they reliable enough to be used in space, but SRAM PUFs do not store a key. What isn’t stored can’t be stolen or compromised. Any solution that stores a key is vulnerable to attackers.
1 M. J. M. Pelgrom, C. J. Duinmaijer, and A. P. G. Welbers, “Matching properties of MOS transistors,” IEEE J. Solid-State Cir- cuits, vol. 24, no. 5, pp. 1433–1440, Oct. 1989.
2 Ting Lu, Ryan Kenny, Sean Atsatt, “Secure Device Manager for Intel® Stratix® 10 Devices Provides FPGA and SoC Security”, Intel White Paper,
3 Linnartz JP., Tuyls P. (2003) New Shielding Functions to Enhance Privacy and Prevent Misuse of Biometric Templates. In: Kittler J., Nixon M.S. (eds) Audio- and Video-Based Biometric Person Authentication. AVBPA 2003. Lecture Notes in Computer Science, vol 2688. Springer, Berlin, Heidelberg
4 Guajardo J., Kumar S.S., Schrijen GJ., Tuyls P. (2007) FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier P., Verbauwhede I. (eds) Cryptographic Hardware and Embedded Systems - CHES 2007. CHES 2007. Lecture Notes in Computer Science, vol 4727. Springer, Berlin, Heidelberg
5 Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors: How to generate string keys from biometrics and other noisy data. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 523–540. Springer, Heidelberg (2004)
6 “The Reliability of SRAM PUF”, Intrinsic ID White Paper: https://www.intrinsic-id.com/landing-page-white-paper-reliability-sram-puf
7 Maes R. (2013) An Accurate Probabilistic Reliability Model for Silicon PUFs. In: Bertoni G., Coron JS. (eds) Cryptographic Hardware and Embedded Systems - CHES 2013. CHES 2013. Lecture Notes in Computer Science, vol 8086. Springer, Berlin, Heidelberg
If you wish to download a copy of this white paper, click here
|