Preserving authenticity and confidentiality in IoT networks are major concerns for researchers and industries due to the increase reliance on these networks at many applications such as, sensors, monitoring and healthcare [D.wang:2019].
To address these concerns, PUF approaches have recently been proposed as a promising alternative to conventional cryptography, which is largely unsuitable to IoT network mainly because of its sheer computational requirement, which often degrade battery efficiency on the lightweight IoT devices.
Additionally, conventional cryptography is based on the hardness of solving some mathematical problems. However, advances in quantum computers may render such problems easy to solve [J.zhang:2019][mahdi:2020][Shor-P.W:1994].
Moreover, key distribution techniques used in conventional cryptography usually require a third party, which makes it impractical for IoT applications [N.xie:2021] as large-scale wireless network require keys to be frequently updated, and that will introduce high overhead on the network.
Finally, some conventional cryptography primitives such as, message authentication code (MAC), rely on the upper-layer mechanisms, which can be manipulated by adversaries e.g., spoofing attack.
On the other hand, PUF offers an alliterative solution for lightweight hardware security suitable for IoT networks. PUF is based on the fact that no two identical chips having the same characterization and going through the same production line will never share the same physical properties to inevitable manufacturing variation during the fabrication of the chips. [Schinianakis:2019]. PUF circuits exploit these features and utilize such variations to generate secret keys and authenticate IoT devices.
The rest of the survey is organized as following: section 2 provides a brief discussion on the fundamentals of PUF. Section 3 describes PUF performance evaluation and quality metrics. PUF authentication protocols are then introduced in section 4 followed by a thorough description of the popular architectures of PUF in section 5 with analysis of specific security requirements such as, strengths and weakness for each circuit design as well as performance evaluation comparison. In section 6, we discuss common PUF implementations, mainly focusing on FPGA implementation. Section 7 discuss threats and common attack against PUF. Finally, we conclude this paper in section 8 and discuss some potential future research directions.
1.1 Related work
Several survey were published on PUF considering both current PUF devices and emerging technologies. Babaei and Schiele [babaei:2019] presented an overview of PUF for authenticating IoT devices and investigated the related challenges toward PUF exploitation. Similarly, the survey in [zhang_qu:2014] highlighted various silicon PUF, mainly on Ring Oscillator (RO) PUFs with related issues and challenges. Furthermore, Chang et al. [Chang:2017] reviewed the improvement of PUF over past decade and demonstrate vulnerabilities of PUF. Halak et al. [Halak:2016] presented an overview of PUF in term of principle and design challenges. A tutorial on PUF applications, error correction mechanism, PUF types and emerging technologies were presented in [Herder:2014]. Moreover, the authors in [Shamsoshoara:2020] presented a review of the IoT network security challenges and investigate related attacks based on several IoT domains and discussed fuzzy extractors schemes for key extractions. In addition, Alkatheiri et al. [Alkatheiri:2017] presented an experimental study of three designs in each of the two categories of PUFs: delay based and frequency variation PUFs. Table 1 provides a comparison between previous survey and ours.
One of the attractive lightweight security solutions for IoT devices is PUF. Consequently, many researchers discussed and reviewed the emerging PUF technologies and their security challenges.
In addition, several PUF architectures have been proposed in the recent years. However, to the best to our knowledge, there is no comprehensive review of PUF that discusses important aspects of PUF, such as the recent PUF implementations, quality evaluations and security perspective for common and recent attack for different PUF architectures. This has motivated us to write this survey and provide such recent review for this rather important and emerging technology.
1.3 Our contributions
Our contributions of this survey are as following:
We investigate the essential performance evaluation and quality metrics of different PUF category and design.
We introduce recent PUF authentication protocols and compare them for lightweight devices, while showing how they mitigate common attack.
We discuss different PUF architectures suitable for IoT applications, specially PUF designs implemented on FPGAs, which is becoming an attractive development platform.
We investigate the most common threats and attack on PUF and discussed multiple assumptions and scenario.
Finally, we discuss some open problems, identity gaps and make recommendations and directions for future work.
|Ref.||PUF Applications||PUF evaluation||PUF protocol||PUF Architectures||PUF implementation||PUF Threats and attack|
2 PUF fundamentals
The inherent unclonability of the PUF cannot be controlled as it is based on multiple random parameters that are generated during the manufacturing process. When the binary sequence applied to PUF system, it will react with corresponding response. That is, no two Integrated Circuits (IC) provide an identical response for the same challenge and this combination is called challenge-response pair (CRP). The PUF system contains uncontrollable random components, so when the challenge applied to the PUF system it will react with these components in a way to produce unpredictable and random response .
These random components and the inability to control the manufacturing process make the PUF system unpredictable, unique, and more important, Physically Unclonable[Chang:2016].
PUF system is considered physically disordered with the structural information as following:
The related information of the PUF system could be extracted in a reliable way through measurement when different challenge applied to the system to generate identical response .
Due to the large possible combination of challenges , the corresponding response cannot be predictable within restricted time.
It is very hard and almost impossible to model, computationally and numerically determine and predict the challenge-response pair (CRP) based on the available information and current pairs.
The PUF system cannot be cloned and reproduced due to the variation of the manufacturing process.
The physical characteristics of the PUF circuits can vary in term of: signals transmission speed, frequency oscillation, and the initial random state of the memory elements. These characteristics can be exploited to Physical Layer Security (PLS).
2.2 PUF Applications
The main goal of PUF is to ensure communication security and prevent possible attack. There are several applications of PUF that can be utilized for identification, confidentiality and to authenticate. Below we list some popular PUF application, each of which may prefer some PUF designs over others based on their requirements:
True Random number sequence generator: usually used to generate keys for encryption in communication and digital signatures and create password to protect the system[Suh:2007].
Malware detection: Malware detection is one of the most time-consuming processes in hardware security. However, PUF can efficiently detect differences between original devices and malware injected device by examining the corresponding challenge-response pairs [Tehranipoor:2010]. That is, when a chip is injected with malware, it will inevitably changes the power distribution of the device and that will deviate the response of the chip.
Detection of degraded hardware performance: The performance of the chip can be degraded due to natural aging and time, as a result PUF challenge-response pair can detect such devices specially with the critical applications such as, aviation, military, and healthcare.
Hand weapon authentication: Utilizing embedded PUF device to authenticate, secure the authorized users of a weapon. For instance, if the weapons are lost, no one other than its original owner will be able to use it [armatix:2021].
Self-destruction electronics: self-destruction is commonly required in the military and defense applications, such as when a devices is left in the battlefield [Jeremy-Hsu:2021]. In this case, PUF can inspect self-destruction signals, and only executes self-destruction if it passes authentication.
PUF has been widely used to provide essential security services, such as authentication and secret key generations, specially at constrained environments, such as IoT, where power consumption and security need to be balanced. In most applications, the main function of the PUF is to authenticate IoT devices as well as store the secret keys. The basic operation of PUF based security is to get a random choice of challenges bits to the PUF circuit and produce unpredictable and random response. Moreover, the manufacturing process variations of the PUF circuit has a unique silicon fingerprint, which provides a unique challenge-response pair (CRP) for each IoT devices even with the same input challenge bits [babaei:2019]. Figure 1 illustrate the general operation of PUF where -input bits represent the challenges and -output bits provide the unique responses.
Several security criteria should be considered to achieve high secrecy. First, the response bits need to be correlated to the specific challenge’s bits and is reproducible for the same challenge, despite any environmental factors, such as temperature and voltage. Second, the uniqueness of the CRP pairs should be verified by applying same challenges to different PUF circuit that must generate different responses. Third, the challenge -bits need to be large enough to limits the searchable and predictable computational of the eavesdropper.
2.3 PUF categories
Several types of PUFs have been proposed, the authors in [Maes:2010]
categorized PUF as: memory-based PUFs, which exploit the initial binary sequences of memory when it is powered on, and delay-based PUFs, which use delay variations between propagation signals of the circuit. However, more commonly, other authors classified PUFs into three types: weak, strong, and controlled PUFs[uhrmair:2010], each with it is own security properties and applications.
2.3.1 Strong PUFs
Strong PUF provides exponential growth in term of the number of CRPs pairs due to the large size of the circuits. However, while it would be impossible to efficiently recount all the CRPs pairs for large CRPs pairs, strong PUF is generally stable under environmental conditions changes. Strong PUF is also considered unpredictable, since CRPs contains multiple combination, and unclonable, where response can be readable without any additional information from the internal design of PUF. Strong PUF can be used for authentication and key establishment [Schinianakis:2019][uhrmair:2010].
2.3.2 Weak PUFs
Weak PUF can be utilized for key generations and digital fingerprinting. However, it accepts limited number of CRPs and is increasingly linear. Compared to strong PUF, weak PUFs provide constant response under environmental conditions, utilize small number of CRPs pairs, and provides responses that are both unclonable and unpredictable.
2.3.3 Controlled PUFs
The controlled PUF use strong PUF as main block and adds a control logic to control challenges from being freely applied to the PUF circuit while preventing immediate readout of the responses. Therefore, the control logic can be utilized to hinder machine learning attack[Gassend:2002].
3 PUF performance evaluation
In this section, we discuss PUF performance evaluation and quality metrics that need to be considered while designing PUF circuits to achieve high security and prevent major attacks.
A comprehensive study of PUF performance to evaluate the security can be found in [Maiti:2011]. The first commercial performance evaluation based PUF-embedded for radio frequency identification (RFID) tags in [Kang:2012] and the PUF performance evaluation by delay statistics presented in [Jouini:2011].
There are four essential parameters to evaluate on a PUF circuit, namely: uniformity, uniqueness, reliability, and bit-aliasing.
Uniformity. Uniformity reflects the randomness of the response bit, and is calculated as the percentage of Hamming Weight of the response bit as shown equation in (1).
Where is the bit of the response -bit from a chip .
Uniqueness: The ability of PUF to distinguish a specific IC from other IC of the same structure when the same challenge is applied to the PUF circuit. Technically, it is defined as Inter-device (Hamming Distance) between different devices and the ideal value of uniqueness supposed to be 50%. If the two chip and () have the responses and for the same challenge , the average inter-device can be calculated as:
Reliability: The PUF design must be able to reproduce the same response bit to the same challenge
under fluctuation of the environmental conditions, such as supply voltage and temperature. The reliability of PUF can be estimated as an average intra-deviceand indicate the unreliable or noisy responses bits:
Where for the chip measured at the normal operation condition and extracted at different supply voltage and temperature. is the -th sample of . The total of -bit response obtained for group. In other word, the reliability is reflecting the stability of PUF and it is measured with both equations (3)(4):
Bit-aliasing: Bit-aliasing indicates the similarity of PUFs responses. When bit-aliasing occurs, different IC may produce identical response. The bit-aliasing of the -th bit of an -bit response is the average hamming wight of the -th bit across several devices. The ideal value is 50% and it is defined as:
where is the number of PUF devices and is the -th bit of the response -bit response.
4 PUF authentication protocols and key generation
In this section, we describe how PUFs circuit can be used to authenticate low cost devices, such as IoT devices and Radio-frequency identification (RFID), without resorting to conventional cryptography to maintain an acceptable low power consumption and reduce the overhead circuit area.
Authentication in PUF can be performed in two phases as shown in figure 2: the enrollment and verification phase. In the enrollment phase, the PUF circuit is directly connected to the server to receive the challenge bits, then the PUF provides the response bits to be stored and used later in the verification phase by the server. In the verification phase, since the PUF chip is implemented into IoT devices to be authenticated by the server, the server sends the original challenges bits that has been utilized in the enrollment phase and the IoT device reply with the generated responses bits. If the generated responses bits match any entry in the original (stored) CRPs table, the IoT devices is authenticated. Additionally, the response bits for PUF circuit can be used to extract secret key to ensure confidentiality when exchanging data [babaei:2019]. Also, the challenges must never be reused to prevent man-in-the-middle attack and consequently predict the CRPs.
In fact, authentication in PUF can be done in plaintext. The authors in [Suh:2007] proposed key generation protocol using PUF circuits to be implemented with conventional cryptographic primitives (e.g., RSA). The key generation operation proceeds in two steps. First, the error correction code (ECC) consisting of initialization and regeneration to ensure that PUF circuit generates the same keys under variation of environmental conditions or fluctuations of power supply and temperature. Second, key generation is executed to transform the PUF output into keys.
Moreover, the PUF based lightweight protocol proposed in [Mahalat:2018] authenticates IoT devices during an establish WiFi connection. It was shown that this protocol overcomes the security issues against several WiFi attack, such as, MAC spoofing attack, invasive attack and evil twin attack by using only 3 CRPs to secure the connections [Nakhila:2016]. A mutual authentication protocol based PUF was proposed in [Satamraju:2020], which utilizes keys generated by PUF to authenticate IoT devices while using on the fly keys to avoid key storage. Furthermore, the authors in [Aman:2019] introduced PUF based authentication protocol combined with exploiting wireless channel properties such as, Received Signal Strength Indicator (RSSI) to distinguish between legitimate and eavesdropper channels. Thus, data provenance is achieved in terms of confidence and data source e.g., locations and time. In addition, the authentication protocol based on continuously confirming the existence of device is proposed in [Goutsos:2019]. This protocol was developed to detect the displacement of nodes through the link state changing using one CRP. Another work [Noura:2019]
proposed multi-factor authentication that depends on cryptographic primitive such as, hash functions and XOR gates with configurable PUF as the first factor and the second factor exploits channel characteristics such as, RSSI and Signal-to-Noise Ratio (SNR) as a fingerprint for the devices. Similar work[Jiang:2019] introduced two factor authentication protocol for Internet of Vehicles (IoV). This protocol relied on a combination of password and PUF to enhance the authentication mechanism, eliminate secret key storage in devices and ensure that the adversary cannot compromise the device even with the physical access. Table 2 illustrate the comparison between PUF authentication protocols.
|[Suh:2007]||Authenticate individual ICs||PUF-based||Suitable for low-cost platform such as, RFIDs|
|[Mahalat:2018]||Wi-Fi authentication of IoT devices||PUF-based||Less resource and computation overhead using only 3 pairs of CRPs.|
|[Satamraju:2020]||Mutual Authentication Protocol||PUF-based||Used for real-time applications No need to store the generated keys|
|[Aman:2019]||Authentication privacy preservation||PUF-based and wireless link fingerprint||Mitigate against physical and cloning attacks. Low energy consumption compared to related protocols.|
|[Goutsos:2019]||Lightweight pairwise protocol||PUF-based||The protocol can detect nodes that have been removed or replaced|
|[Noura:2019]||Mutual multi-factor authentication||PUF-based and cryptographic method||Lower communication overhead. Three messages required to achieve the authentication Fast to execute|
|[Jiang:2019]||Two-factor authentication for IoV system||PUF-based and cryptographic method||There is no storage required of any secret data. They combine password with PUF (two-factor)|
5 PUF Architectures
In this section, we describe several PUF architectures suitable for IoT applications. We will also discuss the strengths, weakness, quality metrics and evaluation of common architectures as shown in table 3. The following criteria need to be taken into account when selecting a PUF architecture:
Robustness against different possible attack, such as machine learning attack and side channel attack [babaei:2019].
Statistical properties and quality metrics such as:
Uniqueness: the ability of PUF circuit to generate a unique secret key when a challenges bit is provided.
Reliability: the ability of the PUF circuit to generate the same secret key under different environmental factors, e.g., temperature and voltages.
Randomness: the response bits generated from PUF circuit contain sufficient entropy.
The growth of the number of CRPs in strong and weak PUF need to be taken into account as it can lead to increased computational complexity, which, in turn, will consume power.
The PUF circuits need to be implemented easily in silicon chip.
5.1 Arbiter PUF
During manufacturing variations of multiplexers, different delay paths are formed, where one path is usually faster than others. Depending on the input challenges bits, each multiplexer will select the next path to be switched to, which provides multiple combinations of bit path selections. Arbiter PUF [Gassend-B:2002] operates by comparing two path delays as shown in figure 3 and generates a response bit ‘0’ or ‘1’ depending on the faster path being selected by the latch at the output.
Arbiter PUF is categorized as strong PUF. Moreover, to achieve practical statistic properties, all the delay-paths must have the same length. The arbiter PUF can be implemented in both Field Programmable Gate Arrays (FPGA) and application-specific integrated circuit (ASIC).
In [Dubrova:2018], a reconfigurable arbiter PUF presented with 44 switch block instead of the classical 22. such that the 44 switch block can be reconfigured to increase the numbers of paths connection, which can be used for the applications that required regular keys generation. The authors in [Cao:2019] proposed an energy efficient arbiter PUF using Current starved (CS) inverters at the back stage of each multiplexers. The proposed arbiter utilizes two RS latches and NAND gate instead of D flip-flop in classical arbiter to improve the propagation delay at the output phase. Therefore, the design alleviates effectiveness of fluctuating temperature at the output responses. Similarly, in [Moradi:2020], the authors demonstrated an energy efficient arbiter PUF that consists of 64 PUF cells using 45nm CMOS technology, each cell contains 8 switching elements which competes between different paths depend on challenge values, 8 selecting modules, and an arbiter. The design achieves high uniqueness and consume low energy.
5.2 Ring Oscillator PUF
Ring Oscillator (RO) PUF [Suh:2007] is based on the circuit oscillation between two voltage levels in specific frequency as shown in figure 4. By comparing two RO frequencies, the binary bits are generated based on incoming challenges bits. However, while the theoretical properties of RO PUF show that the oscillating frequencies must be the same, during the hardware manufacturing variations process it will inevitably cause some differences in the oscillation frequencies.
RO PUF is a strong PUF and can be implemented on FPGA. The main drawback of RO PUF is its sensitivity to the environment. To address this issue, the authors in [Deng:2020] proposed configurable RO using only two hybrid logic gates, which is not only reliable under environment variation conditions, but also consumes less power and circuit area. The work in [Qian:2019] further enhances the response entropy by adding configurable multiplexer with RO PUF circuit, which can select from inputs challenges based on proposed selection algorithm. The FinFET 20 nm technology based RO PUF proposed in [Zayed:2019] to overcome hardware overhead and power consumption of classical RO PUF, however they introduce frequency divider with flip-flop instead of counters, comparator to reduce power consumption.
5.3 Sram Puf
One of the common PUF based on memory architecture is SRAM PUF [D.E.Holcomb:2007] [Guajardo:2007]. The main idea of SRAM PUF is to generate a response bit based on boot-up of SRAM cells, which are unpredictable; that is, when the SRAM is powered ON, the initial values of the single cells in the SRAM can be ‘0’ or ‘1’ randomly as they are considered noisy fingerprint. Furthermore, each SRAM has unique states during this boot-up period. Figure 5 illustrates SRAM PUF circuit.
However, SRAM PUF is weak PUF with limited number of CRPs and is mainly applicable for microcontrollers. Hence, more layers of security are required to thwart machine learning attacks. Additionally, SRAM PUF suffers from noise effects and requires error correction [babaei:2019][D.E.Holcomb:2007].
5.4 Hybrid PUF
Lightweight Hybrid PUF (LHPUF) [Sankaran:2018] combines features of Arbiter PUF and RO PUFs to enhance the security as illusrated in figure 6. LHPUF consists of to 1 multiplexers, two counters, NAND gate, NOT gate, and one arbiter circuit. The result of bit output response depends on the count of the number of ‘1’s or ‘0’s in the counter at the output. The authors in [Sankaran:2018] implemented LH-PUF using FPGA (Xilinx) and it provides higher security performance as shown in table 3 compared to traditional arbiter PUF and RO PUF with less power consumption.
Another work [Yanambaka:2016] introduced FinFET based-PUF with two hybrid oscillator-arbiter PUF designs, which improved the power consumption and speed compared to traditional RO and arbiter PUF.
5.5 Optical PUF
The optical PUF was first proposed in [Pappu:2001][Pappu:2002] to demonstrate an inexpensive non-silicon system that consists of a token with the integrated three-dimensional micron scale glass as a physical system to generate 2400-bit unique key. The authors in [michael:2017] developed an optical PUF that can be implemented in Printed Circuit Board (PCB) by adding an imager and Light-emitting diodes (LED). These components are covered by polymer waveguide. However, the LED light is emitted and reflected by the waveguide to the imager to generate a unique number that can be used for authentication and key generation. Therefore, any invasive attack attempting to discover the unique key will destroy the waveguide coating, which damages the secret key. Rührmair et al [Rhrmair:2013] represent new image transformation that enhance the PUF entropy to measure the interference pattern through the optical PUF instead of detecting the reflection compared to the previous work in [Pappu:2001][Pappu:2002] with the same hardware cost.
5.6 Memristor PUF
Memristor (refer to memory resistor) is first proposed in 1971 by Chua [Chua:1971], which provides a relation between charge and flux. In 2008, HP labs [strukov:2008] present a physical model of two-terminal device, which is based on switching process between two resistance states, such as high resistance state (HRS) (called OFF state, ‘0’) and low resistance state (LRS) (called ON state, ‘1’). This state is changed when the voltage is applied to across terminals for specific period with two main operations: SET (that represent the change of state from HRS to LRS) and RESET (refer to transition from LRS to HRS). As a result, memristor is suitable for PUF due to the variability of the state and switching process. Also, it is used as True Random Generator [Uddin:2019]. Koeberl et al [Koeberl:2013] proposed memristor PUF to exploits undefined logic state region based on memory functionality that depends on access time and applied voltage. Consequently, unpredictable sequence value is produced due to the utilization of the weak-write method. The authors in [Rose:2013] present a single bit memristor PUF with two control signals that specify the writing and reading operation. On the other hand, the authors in [RoseA:2013] describe a multi bit memristor PUF as an entropy source based on the process variations of the write-time memristor cell. The Xbar memristive architecture [Uddin:2018] that consists of size word-lines as a rows to receive the challenge bits and bit-line as a columns to produce response bits . The more Xbar rows size, the more randomness generated. An optimized and robust architecture based on memristive Xbar is presented in [Muhammad:2021][Khan:2021], which implements two memristive Xbar PUF utilizing two memristors devices and the logic circuit that processing the challenges and activate the PUFs.
5.7 Quantum PUF
Quantum PUF provides control on the unique parameters of the process variation that created the classical PUF. Škorić in [Boris:2010] proposed quantum readout PUF (QR-PUF), which uses quantum state for both challenges and responses, usually to implement remote authentication protocols. By exploit the no-cloning theorem [Wootters:1982] of the quantum state, the adversary will be detected if they intercept the CRP. Another work [Goorden:2014] present quantum secure authentication (QSA), which rely on phase shaping of irradiate light pulse using spatial light modulator (SLM) and analyzer plane to detect the reflected response. The quantum confinement is described in [roberts:2015] to provide a unique identifier for the devices by measuring the variation in resonant tunnelling diodes (RTD). A comprehensive study of the quantum PUF is presented in [arapinis:2021], which defines a quantum attack model and security parameters of the quantum PUF. The authors in [Phalak:2021] propose a quantum PUF to address the security issues of a workload scheduling algorithm threats for cloud-based quantum computers.
5.8 Mram Puf
Magnetoresistive Random-Access Memory (MRAM) based PUF is proposed in [Jayita:2014] [Das:2015] to generate unique keys and provide authentication by exploit the variation geometric of the MRAM cell. The stream bits are stored in Magnetic Tunnel Junction (MTJ) that consists of several layers. Due to the variation of the manufacturing process, the geometric of the cell vary in shape (rectangle or ellipse). Experimental evaluation of the MRAM PUF is presented in [Nejat:2020] with Thermally Assisted Switching MRAM (TAS-MRAM) method that are fabricated in dies. The experiment shows that TAS-MRAM consumes low power and high speed compared to SRAM. Furthermore, the authors in [Ali:2021] proposed reconfigurable arbiter PUF based on hybrid Spin Transfer Torque (STT-MRAM/CMOS). The design employed the variation process of the transistors and MTJs connected in series with the control signals. The switch selection and pre-charge sense amplifier (PCSA) is used as an arbiter to determine the delays of the discharge current between paths. Therefore, the design provide sufficient entropy response and produce large and unpredictable CRPs compared to the silicon/classical arbiter PUF (section 5.1). The reliability enhancement/improvement of STT-MRAM PUF response is demonstrated in [Hu:2021].
5.9 Carbon PUF
Carbon Nanotube Field Effect Transistor (CNTFET) based PUF is a promising technology to provide a unique signature with low power consumption. The first design of Carbon Nanotube PUF (CNPUF) is presented in [Konigsmark:2014], which is composed of pairs of CNTFET connected in series that share the same input voltage and response bits produced from comparing two stage currents. The simulation result in [Konigsmark:2014] shows that the CNPUF is reliable under temperature and voltage variation. The authors in [Moradi:2017] introduced CNTFET PUF cell, which compares the input voltage twice using two inverters and comparator. Similarily, the work in [Lee:2019] demonstrated the fabrication of 400 CNTFET PUF device with same manufacturing process and evaluate their performance. The measurement show that the devices produce high quality metrics in term of uniformity and uniqueness. Ternary cycle operator based CNTFET PUF is proposed in [Srinivasu:2021] with two delays line using cycle operators.
5.10 Others PUFs
Several other PUF designs have been proposed to enhance the quality metrics, including:
Glitch PUF[Suzuki:2010]: exploits the glitch waveform variation of the logic gates.
Butterfly PUF[Kumar:2008]: overcomes the initialization SRAM in some FPGAs making it suitable to be implemented on all FPGAs types.
Latch PUF[Su:2007]: introduce a unique identification number (ID) for IC using cross-coupled NOR gates arrays, which improve the speed and power consumption.
Digital PUF (D-PUF)[Miao:2018]: improves the reliability of analog PUFs.
Coin Flipping PUF (CF-PUF)[Tanaka:2018]: exploits the convergence time of the bistable ring circuit.
Finite State Machine (PUF-FSM)[Gao:2018]: removes the need of error correction code (ECC) in Controlled PUF (section 2.3.3) and improve the security.
Subthreshold current array PUF (SCA-PUF)[Zhuang:2020]: exploits the characteristics of the two arrays of transistors and the response is produced based on the comparison between two output voltages.
Spin Orbit Torque (SOT) PUF[Cao:2021]: reconfigurable PUF based on Spin Orbit Torque (SOT) to stimulate the motion of the Domain Wall (DM).
6 PUF implementation
FPGA is widely used to simulate the design of PUF circuit due to flexibility, customizability and configurable logic gate as well as faster to be deployed in IoT devices. In this section, we discuss PUF implementation in FPGAs. We will cover only the architectures that are suitable for FPGA implementation. Table 3 summarizes the quality metrics and evaluation of designs in this section.
6.1 Arbiter PUF on FPGA
Many types of Arbiter FPGA PUFs has been proposed to improve the security of lightweight devices. The authors in [Machida:2014] proposed 3-1 Double Arbiter PUF with 3 arbiter PUF and 1 bit response and new mode of operation for wires connection to arbiter which enhance uniqueness of output responses. The feedback Oriented XOR flip-flop based arbiter (FOXFF APUF) [Sushma:2018] for identification applications and provides a uniqueness improvement compared to FFAPUF [Gu:2016] by adding delay elements, such as, feedback flip-flop to the design. Another work [Sahithi:2018] introduced a combination of flip-flop and XOR gates based arbiter which enhance the uniqueness to 16% using families of FPGAs and consume more resources compared to [Gu:2016] design. Flip-Flop Based Arbiter PUF (FF-APUF) demonstrated in [Gu:2019] provides sufficient entropy and reliability compared to conventional arbiter PUF, which is suited for FPGA implementation and can be utilized in authentication protocols for lightweight devices. Moreover, the authors in [He:2020] introduced the new concept of bit self test (BST) based arbiter PUF by designing a detection circuit that produces reliability flag. BST depends on propagation delay between paths and fluctuations in temperature and voltages. Therefore, based on the reliability flag a robust responses generated, which is suitable for key generation and authentication.
6.2 RO PUF on FPGA
One of the alternative solution to conventional RO PUF is Transient effect ring oscillator (TERO-PUF) [Bossuet:2014], which exploits oscillation of four 64-loop TERO cells; each cell consists of cross-coupled circuit of 2 AND gates and 2 inverters. The design thwarts electromagnetic attack [Bayon:2013], which analyses electromagnetic emanation and obtains information from RO circuit. However, the circuit utilizes more hardware resources. Furthermore, the authors in [Yan:2017] introduce Phase Calibration Process (PCPUF) technique to precisely measure the frequency of 128 RO array, which improves the stability and reduces the bit error rate of responses. In addition, the authors in [Garcia-Bosque:2020] demonstrated Galois ring oscillators (GARO-PUF) that compares different statistical parameters, such as, variability and location of implemented PUF in FPGA of oscillators instead of frequencies, so the design overcomes the systematic issues that produced by RO frequencies and correlations when RO PUF implemented in some physical locations in FPGA. The RO PUF based Lookup Table (LUT) FPGA introduced in [Li:2020] extracts more entropy by applying proposed method called Difference on Summed Difference (DSD) to obtain the differences between frequencies. The design achieved sufficient entropy with low area overhead. Moreover, the authors in [Aguirre:2020] proposed two schemes: parallel and serial based RO PUF, and replace the counters with Linear feedback shift register (LFSR) to eliminate the linear behaviour in counters. However, the problem of linearity still appear in LFSR, so the scrambler circuit is also proposed to obliterate the correlation behaviour. Therefore, the design produces unpredictable output and consumes low area and power. In [Yao:2021], a reconfigurable XOR gate based RO PUF is proposed, which produced larger CRP and enhance responses stability; reconfigurable XOR gate implemented in the RO circuit instead of inverter.
6.3 LFSR PUF on FPGA
Generally, Linear feedback shift register (LFSR) has been widely used as Random Number Generator (RNG) in cryptography, specially for lightweight devices with limited hardware resources. One of security concern associated with LFSR is its linearity and predictability. To address this, the authors in [hou:2020] proposed lightweight configurable Shift Register based PUF (SRPUF), with a non-linear function to improve the entropy and thwart machine learning attacks. Similarly, the work in [Hou:2019] introduced LFSR-based strong PUF (L-PUF), which is a weak PUF at front-end of the circuit, such as Anderson PUF [Anderson:2010], combined with LFSR. Consequently, the authors in [Amsaad:2018] proposed asynchronous LFSR based PUF (LFSR-PUF) that utilizes basic building block of the FPGA such as, LUTs and flip-flops, which exploits the variation process of LFSR circuit to produce random responses. Another work [Zhou:2020] proposed pseudo linear feedback shift register with multiple RO (PL-MRO) PUF, which utilizes logic gates instead of shift registers in LFSR to exploit the delay behaviour of the RO circuit. The PL-MRO PUF, produces sufficient entropy, high speed operation and low power consumption compared to conventional RO PUF.
6.4 Others PUF on FPGA
Several other PUF architectures have been proposed targeting FPGAs implementation and taking advantages of inherent FPGAs structures such as, LUT and flip-flops. For instance, the authors in [Ardakani:2016] proposed an area efficient SR-Latch PUF with two methods of implementations that consist of 4 NAND gates with multiplexers to generate high entropy responses. In addition, the work in [Wang:2018] introduced parallel scan design based PUF and exploits the delay difference between pairs of shift registers as chains through the SR-Latch arbiter to reduce the area overhead and improve the uniqueness. Consequently, a combination of weak PUF and pseudo Strong PUF (p-SPUF) were proposed in [Shen:2019]. The weak PUF produces 1-bit response from the variation process of the logic gates, which feeds as an input to the LFSR. The design enhances the response randomness and can be well fitted in FPGAs due to low area cost. Furthermore, the dynamic reconfigurable PUF introduced in [Cui:2019] based on 3 different logic circuit design stored in external memory, so the FPGA can be configured by the programming system (PS) that has an access to external memory to select between configurable logic. This technique improves the hardware overhead, provides large amount of CRPs and thwarts machine learning attack. Similar work [Wei:2020] proposed transformer PUF based on reconfigurable properties of RO basic circuit such as, multiplexers which select between different paths and configurable XOR gates. As a result, transformer PUF improves hardware efficiency and reliability compared to conventional configurable RO. Moreover, a modified Anderson PUF with Low-density parity checker error correction (LDPC) is proposed in [kalya:2020] to enhance the error bits in responses. The LDPC was utilized to provide reliability under environmental variations condition and high uniformity. However, the design has less uniqueness which is not suitable for authentication applications. Another work [Lotfy:2021] introduced optimization of Anderson PUF that utilized one configurable logic block (CLB) in FPGA with inherent XOR gates, which improves unpredictability of responses compared to conventional Anderson PUF.
7 Threat landscape and Security
In this section we discuss some attacks and threats on IoT devices based on PUF. We start by describing some possible attacks and assumption. Then we consider the following scenarios:
Scenario 1: an adversary eavesdropping the communications channel between IoT devices.
Scenario 2: an eavesdropper with physical access the devices.
In addition, the adversary can be active or passive; an active adversary can manipulate the operational temperature and power supply, while a passive adversary attempts to observe and intercept data in the communication channel. Ultimately, the physical access to the PUF chip is required for active attacks.
The attacker can try to clone the CRP table of the PUF circuit by enumerating all possible combination of challenge-response pairs by repeatedly querying the PUF circuit. Clearly, this attack is very time consuming and will generate a huge CRP table requiring a considerable storage.
7.2 Invasive attack
This attack measures internal PUF properties, such as delays of the circuit, to predict the response for a particular challenge. Such measurement entails physically removing external packaging and chip metal layers. However, as any probing attempt will directly affect the wiring and routing of the circuit’s delayed-paths, such actions will inevitably change the PUF chip characteristics or even destroy it [Gassend-B:2002]. This attack is both costly and impractical since the attacker needs specialized laboratory equipment while the IoT devices could be installed in protected or public areas.
7.3 Non-invasive attack
This attack attempts to intercept the communication channel between the device and the server without physical access to the internal components of the IoT device. In this case, the adversary intercept the authentication protocol that forms the challenge-response pairs and develop a machine learning models to predict them (see section 7.5). The Arbiter-PUF (section 5.1) is vulnerable to machine learning attack, which works by building a model that learns the correlation of known CRPs and predict the unknown CRPs. The authors in [Yu-Zhuang:2021] introduced a defensive interface that improves the arbiter-PUF and similar design to resist the machine learning attack. Several designs have been proposed to overcome this vulnerability in the arbiter-PUF, such as XOR Arbiter PUF [Suh:2007][Mursi:2019] and Feed-Forward Arbiter PUF [Gassend-Blaise-Lim:2004] [Lee:2004][Tajik:2014]. In addition, the authors in [Ruhrmair:2013]Bahar:2021] demonstrated a a non-invasive attack against SRAM PUF based on chip correlation parameters, identical specification that sharing manufacturing process. The experiment showed that the adversary was able to guess approximately 45% of the CRPs for SRAM PUF.
This attack tries to access the PUF chip without destruction, so the adversary can apply multiple techniques, such as photonic emission analysis[Tajik:2019], to physically characterize the arbiter-PUF from the backside. In addition, other techniques, such as laser fault injection and optical contactless probing, have been demonstrated by [Merli:2013] to predict the secret key from the PUF chip. Similarly, the authors in [Bayon:2013] proposed an electromagnetic analysis attack that identifies leakage frequencies of the Ring Oscillator PUF (section 5.2). However, these types of attacks still require specialized laboratory equipment.
7.5 Machine learning attack
Machine learning attack is the most popular and effective attacks on PUF. In this attack, the attacker intercepts the communication link between the device and the server without physical access to the internal components of the chip. The attacker then develops a machine learning models to predict the CRPs. Numerous research papers used these attacks against several designs, so designers can evaluate the security strength, weakness and how effectively the attacker can predict the CRPs.
The PUF circuit can be designed to maintain a limited number of challenges in a very short period for each authentication process. However, the challenge-response pair must never be reused to prevent any machine learning attack [uhrmair:2010]. In fact, producing large number of pairs is usually required to prevent such prediction. In this case, the PUF circuit will be large and that will increase computational overhead. To address this issue, the authors in [Babaei:2017] proposed a reconfigurable design that increases the number of pairs without affecting the computational resources of the IoT.
The aforementioned attack scenarios need to be considered to develop a secure PUF circuit that can resist the machine learning attack and detect any possible invasive attack. Strong PUFs can be used with the secure authentication protocol to satisfy this security requirements. The authors in [Gao:2016] introduced obfuscated challenge response protocol to prevent machine learning attack without conventional cryptography, which consists of PUF chip, random number generator and control block. Furthermore, the authors in [Mursi:2019]
proposed a training model with Mutli-layer Perceptrons (MLP) as neural network to predict CRPs for XOR Arbiter PUF. The study shows that the accuracy of the prediction depends on the size of the XOR gates (i.e., when the XOR size increase the prediction accuracy percentage decreased). However, the authors believe that prediction rate below 80% can be considered secure as the authentication process relied on multiple response bits (approximately 64 bits). Similarly, the authors in[Avvaru:2020] demonstrated a neural network attack against feed-forward XOR PUF with 50% prediction rate for multiple PUF stages. This shows that the proposed feed-forward XOR PUF is considered more secure compared to XOR PUF. Moreover, the authors in [hou:2020] introduced various attack models in their design of configurable LFSR PUF. They performed Logistic Regression (LR), Evolution Strategies (ES) and Neural Network. As a result, the prediction rate is approximately 50% of the proposed models. In [Wei:2020], the authors implemented two models attack, LR and ES for 128 stages Transformer PUF with 8 XOR gates. The evaluation achieved 60% accuracy compared to classical RO PUF with 90% prediction rate. In addition, the authors in [Sahoo:2015] developed two mathematical attack on previous PUF design, lightweight secure PUF [Majzoobi:2008] and composite PUF [Sahoo:2014], which consists of multiple different PUF design stages that usually combine strong and weak PUFs. On the other hand, the authors in [Ali:2021] applied SVM, LR and MPL modeling attack on their proposed Spin-transfer torque (STT)-MRAM reconfigurable Arbiter PUF. It was shown that the design reduces the prediction rate to 65.12% without utilizing XOR gates and 44.34% with XOR gates. Furthermore, the authors in [Fang:2018] studied the various modeling attack such as, LR, ES, Naive Bayes and AdaBoost on Arbiter PUF with different cases in terms of number of training sets, efficiency of the machine learning algorithms and several number of Arbiter stages. The experiment show that LR and ES performed better for large data sets, while Naive Bayes and AdaBoost applied for small data sets. Additionally, the training time of Naive Bayes faster (0.0007s) compered to other models with the highest prediction rate as shown in table 4. Moreover, the multiplexers have been widely used in delay based PUFs for switching between paths. However, the authors in [Alamro:2021] evaluated multiple stages of multiplexer PUF based on Neural Network method to predict the generated responses and showed that the multiplexer PUF is vulnerable to the machine learning attack with high prediction rate. Consequently, the LR and SVM modelling attacks have been analyzed against memristive Xbar PUF in [Khan:2021] under linear and nonlinear (e.g. XOR) architectures. The evaluation of LR based attack show that the XORing nonlinearity drop the prediction rate accuracy from 73% to 50.5%, which is near ideal, while exhibiting high resilience against such attack. Table 4 summarizes the common machine learning attack models and related PUFs with the accuracy of predicting CRPs table.
7.6 Side-Channel attack
The side-channel attack is one of the common and powerful technique used to breach a PUF circuit. This attack relied on the leakage information that can be occupied by the power dissipation during the key generation process. For instance, the adversary can exploit the relation between power dissipation and CRPs on the PUF and measure the correlation between two variables, such as, responses and correlation coefficient with the corresponding power dissipation . Several works evaluated the side-channel attack in their proposed design. The authors in [Ali:2021] evaluated the (STT)-MRAM reconfigurable Arbiter PUF by measuring the correlation between power consumption and 800 generated responses. It was shown that there are no correlation associated between the two variables and the design resist side-channel attacks. Furthermore, the authors in [Kroeger:2020] proposed Cross-PUF attacks, which exploit the leakage power of the Latch in Arbiter PUF to train machine learning models, such as SVM, to predict responses. Therefore, the adversary targets one PUF as a references without recording CRPs to breach all PUFs that fabricated from the same Graphic Design System (GDS), which contains a database of circuit layout.
8 Conclusion and Outlook
In recent years, advances in PUF architectures provided a solution for solving and enhancing the security of IoT devices. In this paper, we provided an overview of PUF architectures to provide applicable security solutions for IoT environments due to the low computational complexity of PUF circuit design, less energy and improve the quality metrics such as, randomness, uniqueness and reliability. In addition, the PUF based authentication protocols has been discussed and common security concerns and effective attacks against PUF were reviewed.
More work is still needed to test different properties of PUF to evaluate their security strengths and weakness. The aforementioned techniques provide lightweight authentication for IoT without utilizing the traditional cryptography methods that can increase the power and the resources consumption, still without having to store secret keys in memory.
More investigations is need to design proper PUF architecture that prevent machine learning attack, which traditional cryptography methods such as Hash function are used to prevent in non PUF solutions. However, confidentiality and integrity based PUF for exchanging information between IoT devices is still not addressed by the PUF community, which makes it largely an open problem.
In practice, conventional confidentiality and integrity techniques have been utilized by the PUF authentication protocols, trading off circuit and computational complexity. Therefore, more research is needed to provide suitable and practical encryption and integrity mechanism that can be implemented in the lightweight applications with low energy consumption and more secure.
This work is partially funded by the G5797 “Developing Physical-Layer Security Schemes for Internet of Things Networks” project under the NATO’s Science for Peace Programme.