DE102014215467A1 - Generating an identifier for a circuit - Google Patents

Abstract

A circuit is provided for generating an identifier for the circuit which functions as a physically nonclonable function and provides as a measurement result at least one bit from which an identifier of the circuit is generated alone or in conjunction with other measurement values. The circuit has at least two switching stages, the switching stages comprising in each case at least two switching stage elements, it being possible to fix an assignment of switching stage elements of successive switching stages to one another by means of a permutation rule assignable to a respective switching stage element. Further, an interface unit is provided to an initialization unit, the initialization unit suitable for setting a predetermined value as the output value of a respective output of the switching stage elements of the switching stages, so that the circuit is stable in an unstable state during an active phase of the initialization unit, wherein after completion of the active phase the circuit is set up to assume a characteristic state of the circuit as a function of the permutation rule. A detection unit is provided for detecting at least one bit within the circuit in the characteristic state for generating the identifier.

Description

In industrial and private environments, electronic devices, integrated circuits or embedded devices, so-called embedded devices, are used. These devices, i. For example, the physical objects or hardware on which, for example, an embedded system is implemented should be able to be uniquely identified or authenticated for many different applications. Moreover, for applications in the security environment cryptographic keys protected against unauthorized access stored on the devices described or can be used. There is often an interest in physical attacks on used cryptographic keys to destroy these keys.

It is known to use the principle of physically unclonable functions, so-called Physical Unclonable Functions, in short PUFs, whereby a complex behavior of a physical system is analyzed. The behavior is determined by factors that are neither directly observable, modifiable or reproducible by the manufacturer of the system nor by anyone else, in particular an attacker. It is assumed that a manufacturer of a hardware may not be able to produce a hardware with given physically unclonable properties. A PUF maps input values or challenges to output values or responses in a manner determined by the complex behavior. The illustration by the PUF is different for each physical copy, also called instance, and random for all practical purposes, but stable for the individual copy.

Thus, authentication by means of the physically unclonable function can be achieved by measuring the intrinsic physical property of the hardware and using information derived therefrom as an identifier. By means of a physically unclonable function, it can be checked whether a device or a semiconductor circuit is an original product, whereby here too, for example, a response or measurement is evaluated which are not generated on a replicated or manipulated device or semiconductor circuit can.

If the number of possible PUF Challenge Response Pairs is so large that it is impractical for an attacker to learn a significant proportion of them, even if they have physical access to the object, it is called a Strong PUF.

A specific expression of a Strong PUF has been found in Chen et al. "The Bistable Ring PUF: A New Architecture for Strong Physical Unclonable Functions" (2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 134-141, IEEE, 2011) presented. Here is a bistable ring PUF, short BRPUF described, which consists of a ring-connected even number of identical stages of digital circuit elements, each implementing the logical negation, eg inverter. Because of this structure, the ring has two stable states. Starting with any fixed selected stage of the ring, the outputs of the inverters may have either the pattern 0101 or 1010. The random variations in the characteristics of integrated circuits and their elements due to fabrication in each physical instance of a BRPUF affect which of the two stable states the ring occupies. The information of which of the two states is present corresponds to a PUF response of one bit. In order to realize a challenge-response formalism, two parallel signal paths exist within each stage, one of the two paths being configured as an active element of the ring via a challenge, while the other is deactivated. The bit length of the challenge corresponds to the number of stages of the ring, ie each bit of the challenge determines the configuration of the signal path in one stage. To enable readout of the response after a new challenge, a reset signal temporarily forces the ring into an unstable state in which all stages are in the same state, 0 or 1. After canceling the reset state, the ring falls after one settling time in one of the two stable states.

Unfortunately, real implementations of a BRPUF often provide the same response regardless of the challenge. Ideally, an equal distribution of responses is desired.

It's from the dissertation "Attacking and Protecting Ring Oscillator Physical Unclonable Functions and Code-Offset Fuzzy Extract" by D. Merli, 2013 , known to use a so-called twisted bistable ring PUF. In this case, a challenge bit is no longer used to deactivate one path element and to activate another, but to exchange two path elements within a ring. Thus, all path elements are always contained in the ring and the ring length remains constant. A path element only changes the position within the ring.

There is a need to provide as many challenge-response pairs as possible for a circuit with PUF functionality and at the same time to receive equally distributed responses.

This object is solved by the independent claims of the present application. Advantageous embodiments are specified in the dependent claims.

According to the invention, a circuit for generating an identifier for the circuit is provided, with
at least two switching stages, the switching stages each comprising at least two switching stage elements, wherein the respective output values at respective outputs of the at least two switching stage elements of a preceding switching stage are alternatively supplied to respective inputs of the at least two switching stage elements of a subsequent switching stage;
wherein a assignment of a respective input of the respective switching stage element of the following switching stage to exactly one output of a switching stage element of the preceding switching stage can be defined by a permutation rule that can be assigned to a respective switching stage element;
with an interface unit to an initialization unit, the initialization unit suitable for setting a fixed value as the output value of a respective output of the switching stage elements of the switching stages, so that the circuit is stable in an unstable state during an active phase of the initialization unit;
wherein after termination of the active phase, the circuit is arranged to assume a condition characteristic of the circuit as a function of the permutation rule;
at least one detection unit for detecting at least one bit at at least one position within the circuit, wherein the identifier can be generated by detecting the at least one bit within the circuit in the characteristic state with the aid of the at least one bit.

The circuit acts as a physically unclonable function and provides as a measurement result at least one bit from which alone or in conjunction with other measurement values an identifier of the circuit is generated. The identifier may in particular be a bit pattern. This bit pattern is characteristic and uniquely identifies a specific copy of the circuit. A replica or forgery of the circuit or another copy of the circuit will provide a different identifier if the circuit is mapped identically. The circuit is, for example, an integrated circuit, in particular a digital circuit, an FPGA or an ASIC. In particular, the circuit is only a portion or portion of an integrated circuit or FPGA or ASIC. For example, only this section has a PUF functionality. This section is then used for the generation of the identifier, for example for the verification of identity of a present circuit with an original circuit.

For example, if an access to the original circuit does not exist, for example, because it is a different device or another copy of the circuit in an existing and to be tested circuit, or if there is a modified, manipulated or replicated circuit, the identifier can not be determined by the physically unclonable function.

The switching stage is understood to mean a block of at least two switching stage elements. The logical grouping of several switching stage elements to the block arises from the fact that all alternative switching stage elements to which a respective output value can be supplied are logically combined. This means that a signal propagation potentially propagating in the circuit passes through a switching stage element of a specific switching stage and is then fed to the next switching stage and a causally caused by this signal change signal another switching stage element of this specific switching stage or the same switching stage element only after a circulation time through all existing switching stages again can happen.

A switching stage element is understood to mean a functional element which implements a logic function. In particular, they are inverters which output the logical negation of an input signal as an output signal. In particular, digital circuit elements are used to realize the desired logic function. On reprogrammable digital components, so-called field programmable gate arrays, short FPGAs, for example, the inversion function can be particularly favorable by so-called look-up tables, short LUTs, realized. LUTs can realize arbitrary logic functions within the scope of their available input and output signals, since a corresponding output value can be stored in the form of a value table for each possible combination of input signals. In particular, the switching stage elements are functional elements which have two inputs and acts as an inverter, for example NOR gates, as a function of an input signal fixedly present on one of the inputs for signals at the other input.

The interconnection between two switching stages is provided such that only one of a plurality of inputs of a switching stage element is connected to an output of a switching stage element of the preceding switching stage. When using a multiplexer, which is connected upstream of a switching stage element, by the multiplexer selected one of possible connections of outputs of previous switching stage elements to inputs of subsequent switching stage elements. At the same time, only one output of the previous switching stage is supplied to a switching stage element, so that an interconnection of switching stage elements of the previous switching stage to switching stage elements of the subsequent switching stage is permuted with respect to the assignment of the respective switching stage elements to one another. In this case, two assignments or more can be interchanged, ie all achievable by permutation combinations of interconnections can be accepted.

The permutation rule specifies the interconnection with the outputs of the shift stage elements of the preceding shift stage for each shift stage element of a shift stage. For example, inputs of the respective shift stage elements are actively switched by the permutation rule and an output of a shift stage element of a previous stage can be fed to only one shift stage element of the subsequent shift stage. In particular, a permutation rule determines the assignment for all switching stage elements of a switching stage together. For each switching stage, all switching stage elements provided for the permutation are taken into account when selecting the permutation rule. Thus, a double assignment of multiple outputs of switching stage elements of previous switching stages to an input of a switching stage element is advantageously avoided. In a variant, switching stage elements can be provided which are not configured via the permutation rule but have invariable connections to previous or subsequent switching stages. The number of switching stage elements involved in the permutation coincides in adjacent switching stages. The permutation rule can be understood as a challenge for measuring the circuit acting as a PUF.

In particular, a respective permutation rule is provided for all switching stages of the circuit, so that a maximum number of different interconnections of switching stage elements of the respective switching stages to each other is possible.

In order to put the circuit in an unstable state, which defines fixed output values of the respective outputs of the switching stage elements independently of an interconnection of the switching stage elements and independently of a production-related characteristic of the installed components, an interface device to an initialization unit is provided. The interface device can be configured in such a way that, in particular, an input is provided for all switching stage elements of a switching stage and for each of the built-in switching stages, to which a value predeterminable by the initialization unit is permanently applied, so that a value independent of the respective other input, by the switching stage element, which receives the output signal of the upstream circuit element is output. Thus, for example, the inverting function of the switching stage elements during the active phase of the initialization unit is suppressed and there is no signal change due to the implemented logic function of the switching stage element. Once the active phase is completed, i. For example, as soon as the input of a switching stage element triggered by the initialization unit is assigned such that the switching stage element maps an image of the value at the other input independently of the input occupied by the initialization unit, the circuit leaves the unstable state. Thus, a reset functionality is installed by the initialization unit, which, regardless of an existing state in the circuit, the circuit temporarily put in an unstable state and only after the termination of the active phase has no influence on the state. After leaving the unstable state, the output signals of the switching elements in the circuit may exhibit for some time partially chaotic oscillatory behavior, which eventually ends when the circuit assumes a stable state determined by the permutation regulation and its individual, copy-specific properties becomes. The circuit may also remain in a non-stable state for a predetermined period of time. Then the characteristic state is that neither of the two stable states is assumed. An identifier can also be derived from this information, for example by evaluating multi-bit responses which, in addition to the two possible stable states, also detect the unstable state as a characteristic state.

The permutation rule determines the configuration of the circuit, ie, the position of switch elements within the circuit. In this case, the configuration of the entire circuit is determined and in particular it is determined which switching stage elements are located within a bistable ring and in particular a common bistable ring. The permutation rule thus simultaneously determines how many rings result from the interconnection of the respective shift stage elements. Furthermore, the permutation rule determines how many potentially stable rings are formed. For example, a bistable ring is formed, which has all the circuit elements. In another variant, two bistable rings are formed. It is also possible that one or more bistable rings are formed by the permutation rule and an unstable ring, eg a resonant circuit.

The interface device consists in particular of an interface of all the switching stage elements located in the circuit to form an initialization unit which uniformly specifies the output value for all switching stages. Preprinting by an output value at a position within the circuit which predetermines the assumption of one of the two bistable states is thus avoided.

If the permutation rule is present, i. If a permutation rule has been selected and if the permutation rule has been transmitted to the respective switching stage elements via units such as multiplexers, so that the assignment could be made in each case, an initialization signal, i. a predetermined value can be specified, which specifies fixed output values of the switching stage elements. The circuit is now kept in an unstable state, so that previously assumed values within the circuit no longer have any influence on the unstable state. Thereafter, the active phase of the initialization unit is terminated and in the one or more bistable ring circuits, one of the bistable states or an unstable state is assumed.

The selected state of the rings is characteristic of the realization or the copy of the circuit configured via the permutation rule and can be read out by means of a detection unit provided at at least one position of the circuit, for example in each bistable closed ring. The detection unit detects a bit or a multi-bit pattern in response to the selected permutation rule, i. the chosen challenge. If a bit is detected at a position within a bistable closed ring, which registers the logical value at this point, then it is uniquely determined which of the two bistable states was assumed. The identifier can now be formed, for example, from a read-out bit if a single ring has been formed by the configuration. A multi-bit response to determine one of the three possible characteristic states - stable 0101 ... or stable 1010 ... or unstable - is analogous to the formation of the identifier. If multiple rings have been formed, the bits representing the state in each of the rings may be combined to produce the identifier. In particular, a bit from a short formed ring may be included in the generation of the identifier to prevent challenge-response behavior of the short ring with manageable challenge-response space.

The permutation rule provides a multiplicity of possible interconnections, which leads to a multiplicity of different configurations. The configurations differ both in the number of rings formed and in the shape of the rings, ie the position of individual switching stage elements within the circuit. The chosen permutation rule can be regarded as a challenge, which is given to the circuit and from which results a configuration of the circuit. Thus, a very large challenge space is available, which is determined by the number of possible permutations of respective shift stage elements of respective shift stages. For a number L of successive switching stages, each with a number N of different switching stage elements results in a number of N! ^L possible configurations. The identifier can be considered a response. For a copy of a circuit, a response to a given challenge is unpredictable because assuming either of the two stable states is due to manufacturing variations of the hardware that are neither reproducible nor predictably hardware-in-one from the manufacturer.

The challenge-response behavior of the circuit is thus neither predictable nor reproducible, and the identifier generated is thus able to provide information about the originality of a circuit. If the circuit has been manipulated, this can also be detected via a challenge-response behavior in which responses to selected challenges do not match the responses made by a manufacturer or a trusted entity at a time when no manipulation has been secured has taken place.

The circuit exhibits an advantageous response behavior which avoids an excessive tendency for a fixed response, independent of the applied challenge. The strong mixing of the signal paths by choosing the configuration by means of the permutation rule and variation of the ring lengths as a function of the challenge results in a greater variance of the internal circuit parameters, which ensures a balanced response behavior. Due to the large internal complexity, so-called machine learning attacks on the PUF, which attempt to predict the responses of the PUF to any other challenges based on a known subset of challenge-response pairs, are made more difficult. The cost of circuit resources and thus the costs in the implementation are low.

According to one embodiment, by supplying respective outputs of switching stage elements of a following switching stage to respective ones Inputs of switching stage elements of a preceding switching stage at least one bistable closed ring constructable. This means that the switching stages can be closed to form a ring, it being determined by the permutation rule which switching stage elements are interconnected at the feedback point. The assignment of switching stage elements to each other thus takes place at any point within the ring in an analogous manner. Through the interaction of all Permutationsvorschriften, ie all assignments to the built-shift levels, the behavior of the circuit is determined in terms of the number of rings. Only when the permutation rule at all switching stages, which are designed configurable, is fixed and specified, the configuration of the entire circuit is fixed.

According to one embodiment, three or more switching stages are provided, the respective switching stage elements are interconnected in each case via the permutation rule according to claim 1, so that at least one bistable closed ring can be constructed.

In this case, both the total number of switching stages provided is variable, as well as the number of different shift stage elements per shift stage. It can be provided in the circuit in addition to the configurable switching stages and switching stages, which are not changeable via a permutation with respect to their interconnection within the circuit. Thus, it may be advantageous to balance between the overhead of additional circuit resources and the ability to vary the configuration of the circuit.

According to one embodiment, at least one switching stage element comprises a plurality of signal paths, wherein one of the plurality of signal paths can be activated via a selection rule. For the derivation of the identifier is then next to the Challenge, which determines the interconnection of the switching stage elements for selected switching stages, also created another challenge per switching stage element that selects individually for each switching stage element with multiple signal paths one or both signal paths for forwarding and processing of the signal in the circuit. Thus, even more variants than possible configurations can be chosen. Both challenges are specified for setting the configuration, whereupon the active phase of the initialization unit is started. After completing the active phase, the one or more responses can then be evaluated.

According to one embodiment, the circuit further comprises a respective detection unit in each of the bistable closed rings constructed by the permutation rule for detecting at least one respective bit, the identifier being derivable from a plurality of bits of the respective bits. Advantageously, a respective detection unit is provided in each track, wherein the number of tracks is defined by the number of shift stage elements per shift stage. Depending on the configuration, only a portion of the built-in detection units will be used to detect at least one particular bit, i. a respective characteristic state in a ring, needed. The maximum number of constructible rings is determined by the number of tracks, i. at switching stage elements per switching stage, specified.

According to one embodiment, the permutation rule can be specified as a challenge, which determines the assignment for each shift stage element of the shift stage. The challenge is specified for each shift stage the shift stage elements, wherein for two consecutive over Challenges responsive shift stages, the same number of shift stage elements per shift stage is permuted. For a further pair of successive switching stages, a different number of switching stage elements per switching stage can be interconnected via the permutation rule. The challenge is especially multi-bit, i. includes more than one bit, and thus may contain information about the input to be selected per switch stage element.

According to one embodiment, the at least one bit represents a response in response to the challenge, and the response is characteristic of a copy of the circuit. Depending on the number of rings formed, the response consists of information about the assumed characteristic state of each bistable closed ring. In particular, the response can be formed from a combination of the respectively detected bits and form the identifier for the circuit.

According to one embodiment, the response is unanimous or multi-bit. In this case, it can already be predetermined for a given challenge from the configuration selected thereby how many bits the response comprises. The evaluation of a bit or bit pattern detected in a ring can be done depending on the challenge. If the configuration of the tracks was such that only one ring is formed, the state of a particular stage is used as a one-bit response. If several rings arise, their responses can be handled in exactly the same way as when these responses are taken from separately implemented PUF circuits. Several bits can be output in response to the number of rings. Alternatively, a linking and processing of the states to a common response of one or more bits, for example by a combinatorial circuit. The identifier can be formed from one or more responses. Depending on how clear or meaningful the existence of a response for authentication or key derivation is, an identifier composed of any number of detectable responses can be formed.

According to one embodiment, the circuit further comprises a unit for evaluating the response regarding a stabilization property. It can incorporate the temporal behavior of the stabilization process in the evaluation of the detected from different rings bits. For example, for each ring in addition to the detected bit and the required time from the exit of the initialization state or reset state is detected until reaching the assumed stable state. Based on this information, one or more bits of the individual rings may be output for output or further processing, the stabilization time of which satisfies predetermined conditions. In particular, a long stabilization time indicates that the intrinsic tendency of a ring to one of the two possible stable end states is only slightly pronounced. So, for example, if you always choose the responses to different challenges whose stabilization times were the longest, you can expect that overall there will be a more balanced distribution of 0-1 responses. This is advantageous if easy guessing or predictability of a response is to be avoided. At the same time, a fast stabilization process points to a strong intrinsic tendency to one of the stable states, which suggests that even under changing environmental conditions and under the influence of physical noise, which is unavoidable in real implementations, the identical applied challenge always leads to the same response. Again, this is desirable in terms of reliability and accuracy of Challenge Response methods on PUFs. These two aspects can be taken into account in order to select a favorable evaluation or a favorable selection criterion for the responses, depending on the requirement for the response. The unit may also be advantageously used to establish a period of time within which a condition in a bistable ring must be assumed to be recognized as a stable condition. If the time span is exceeded and no stable state has been assumed, the characteristic state is considered to be unstable.

According to one embodiment, the unit has a time recording unit, in particular a counter, and / or a selection unit for selecting responses and for forwarding to an output unit. Thus, the stabilization property can be technically determined such that a counter in a ring counts the periods of a clock signal. Thus, it is detected how long a respective ring formed by the configuration takes until it assumes a steady state or assumes a steady state. In this case, threshold values can be specified for the selection unit, which specify for which interval of a required stabilization time a detected bit in a ring should be selected as the response. For example, the selected response is provided directly as an identifier of an output device. Alternatively, multiple responses are forwarded to the output unit and output there, either one-bit or multi-bit, directly or after applying a shortcut function.

According to one embodiment, the circuit further comprises an evaluation circuit for detecting the characteristic state, the evaluation circuit suitable for detecting a temporally stable alternating pattern along the step circuits. The evaluation circuit in particular carries out cross-over of the track and reconstructs the signal course along the rings. If a time stable alternating pattern of states 0 and 1 occurs along the tap circuits within one track, i. belonging to a ring, so the stabilization process is completed, the ring has taken a stable state and a response can be evaluated. Thus, advantageously, the minimum time required to generate the identifier may be determined without having to wait an unnecessarily long time. The evaluation circuit may further specify a period of time within which the assumption of a stable state is expected. If no stable state has been assumed until then, the characteristic state is detected as unstable.

• – wobei jeweilige Ausgangswerte an jeweiligen Ausgängen der mindestens zwei Schaltstufenelementen einer vorangehenden Schaltstufe jeweiligen Eingängen der mindestens zwei Schaltstufenelemente einer folgenden Schaltstufe alternativ zugeführt werden;
• – wobei durch eine einem jeweiligen Schaltstufenelement zuordenbare Permutationsvorschrift eine Zuordnung eines jeweiligen Eingangs des jeweiligen Schaltstufenelementes der folgenden Schaltstufe zu genau einem Ausgang eines Schaltstufenelementes der vorangehenden Schaltstufe festgelegt wird;
• – wobei mittels einer Initialisierungseinheit ein festgelegter Wert als Ausgangswert eines jeweiligen Ausganges der Schaltstufenelemente der Schaltstufen vorgegeben wird, so dass die Schaltung während einer aktiven Phase der Initialisierungseinheit in einem instabilen Zustand gehalten wird;
• – wobei nach Beenden der aktiven Phase die Schaltung einen für die Schaltung charakteristischen Zustand einnimmt in Abhängigkeit von der Permutationsvorschrift und mittels einer Erfassungseinheit mindestens eines Bits an mindestens einer Position innerhalb der Schaltung im charakteristischen Zustand erfasst wird zum Erzeugen des Identifizierers.

The invention further relates to a method for generating an identifier for a circuit having at least two switching stages, the switching stages each comprising at least two switching stage elements,

• Wherein respective output values at respective outputs of the at least two switching stage elements of a preceding switching stage are alternatively supplied to respective inputs of the at least two switching stage elements of a subsequent switching stage;
• - An assignment of a respective input of the respective switching stage element of the following switching stage to exactly one output of a switching stage element of the preceding switching stage is determined by a respective switching stage element assignable Permutationsvorschrift;
• - By means of an initialization unit, a predetermined value as the output value of respective output of the switching stage elements of the switching stages is set, so that the circuit is kept in an unstable state during an active phase of the initialization unit;
• - After completion of the active phase, the circuit occupies a characteristic state for the circuit in response to the Permutationsvorschrift and is detected by means of a detection unit of at least one bit at least one position within the circuit in the characteristic state for generating the identifier.

• – Bereitstellen einer Schaltung mit mindestens zwei Schaltstufen, die Schaltstufen umfassend jeweils mindestens zwei Schaltstufenelemente, wobei die mindestens zwei Schaltstufen derart ausgebildet sind, dass jeweilige Ausgangswerte an jeweiligen Ausgängen der mindestens zwei Schaltstufenelemente einer vorangehenden Schaltstufe jeweiligen Eingängen der mindestens zwei Schaltstufenelemente einer folgenden Schaltstufe alternativ zuführbar sind;
• – Anlegen einer Challenge mittels einer Permutationsvorschrift, wobei durch die Permutationsvorschrift eine Verschaltung eines jeweiligen Eingangs des jeweiligen Schaltstufenelementes der folgenden Schaltstufe zu genau einem Ausgang eines Schaltstufenelementes der vorangehenden Schaltstufe festgelegt wird;
• – Vorgeben eines festgelegten Wertes als Ausgangswert eines jeweiligen Ausganges der Schaltstufenelemente der Schaltstufen zum Halten eines instabilen Zustandes der Schaltung während einer aktiven Phase;
• – Erfassen einer Response nach Beenden der aktiven Phase, wobei die Response aus mindestens einem an mindestens einer Position der Schaltung in einem charakteristischen Zustand der Schaltung abgegriffenen Bit gebildet wird und abhängig von der Challenge ist sowie charakteristisch für ein Exemplar der Schaltung.

The invention further relates to a method for generating an identifier for a circuit comprising the steps:

• - Providing a circuit having at least two switching stages, the switching stages comprising at least two switching stage elements, wherein the at least two switching stages are formed such that respective output values at respective outputs of the at least two switching stage elements of a preceding switching stage respective inputs of the at least two switching stage elements of a subsequent switching stage fed alternatively are;
• - Creating a challenge by means of a permutation rule, wherein the interconnection of a respective input of the respective switching stage element of the following switching stage is set to exactly one output of a switching stage element of the preceding switching stage by the permutation rule;
• - Specifying a predetermined value as the output value of a respective output of the switching stage elements of the switching stages for maintaining an unstable state of the circuit during an active phase;
• Detecting a response after termination of the active phase, wherein the response is formed from at least one bit tapped at at least one position of the circuit in a characteristic state of the circuit and is dependent on the challenge and characteristic for a copy of the circuit.

The invention further relates to a computer program product with a computer program having means for carrying out the method according to one of the preceding claims, when the computer program is executed on a program-controlled device.

The invention will be explained in more detail by means of embodiments with the aid of the figures. Show it:

1 a schematic representation of a circuit for generating an identifier for the circuit according to a first embodiment of the invention;

2 a schematic representation of a circuit for generating an identifier for the circuit according to a second embodiment of the invention;

3 a schematic representation of a circuit for generating an identifier for the circuit according to a third embodiment of the invention;

4 a schematic representation of a switching stage of a circuit according to a fourth embodiment of the invention.

In 1 is a circuit 1 which is, for example, a digital integrated circuit with four switching stages 10 . 20 . 30 . 40 , wherein each of the four shift stages 10 . 20 . 30 . 40 each of two shift stage elements 100 . 101 . 200 . 201 . 300 . 301 . 400 . 401 consists.

Each output of the switching stage elements 100 . 101 a preceding shift stage 10 is alternatively a respective input of all switching stage elements 200 . 201 the subsequent switching stage 20 fed. The circuit is designed such that all interconnections are possible for two shift stage elements in one shift stage, ie both a connection between a first shift stage element 100 the previous switching stage 10 with the first shift stage element 200 the subsequent switching stage 20 as well as with the second shift stage element 201 the subsequent switching stage 20 , A respective shift stage element can always be connected via only one input to an output of a previous shift stage element. All possible alternative combinations are shown in FIG.

Schematically is also shown as for each switching stage 10 . 20 . 30 . 40 a respective challenge C10, C20, C30, C40 is created. One of the Challenges C10, C20, C30, C40 contains as information the permutation rule, which can be particularly unanimous for this embodiment and for both switching stage elements of a switching stage together for the switching stage at which the respective challenge is applied, specifies an input to be selected. The two combinatorial ways of connecting the two switching stage elements of the two adjacent switching stages can be specified via the challenge. Specifying the challenge can in particular for all switching stages 10 . 20 . 30 . 40 carried out analogously. At least one point within the circuit, a detection unit E is provided, which detects a logical state value at this point of the circuit. Despite the linear Application of the switching stages are all illustrated switching stages within the circuit 1 equivalent. Accordingly, the detection unit E between all switching stages shown and can be installed in all tracks meaningful.

A track within the circuit is formed by a juxtaposition of shift stage elements of respective successive shift stages. For example, if all challenges C10, C20, C30, C40 respectively specify to select the upper input illustrated in the drawing, two parallel tracks are formed. Thus, all the shift stage elements of the shift stage depicted in the upper row and in each case all the lower shift stage elements each form one track. The designation of an interconnection as a track or as a signal course within a track is arbitrary, but can be chosen so meaningful, for example, that the shortest signal paths are selected to mark a track.

The detection unit E checks whether a stable state of the circuit has been assumed, in particular by maintaining a logical value unchanged on the detection unit for a sufficiently long time, and outputs this logical value as a response. The identifier I can be generated from the response. If two bistable rings are formed by the challenge, the respective response is generated in both tracks by the detection unit, at the same or different logical location within the circuit. Has the challenge been selected, ie the configuration of the circuit 1 made, so will the circuit 1 initially put in an unstable state.

The provision of an initialization unit for holding the unstable state is in 2 shown.

In all figures, functionally identical elements are provided with the same reference numerals, unless stated otherwise.

2 schematically shows how an interface device is provided with an initialization unit R with interfaces to all the switching stage elements of all switching stages. The switching stage elements are, for example, NOR gates or look-up tables or so-called look-up tables, which implement the logic function of a NOR gate in software.

To set the configuration via respective permutation rules at the switching stages three challenges were chosen. In particular, the first challenge C10 becomes the first shift stage 10 , the second Challenge C20 of the second shift stage 20 and the fourth Challenge C40 of the fourth shift stage 40 chosen such that no lane change is performed by the interconnection. The third Challenge C30, which at the third shift stage 30 is applied, however, was chosen so that a permutation between the second switching stage 20 and the third switching stage 30 occurs. A signal at the output of the switching stage element 201 the upper track is accordingly the input of the switching stage element 300 fed to the lower track. This assignment causes a long ring of length 2 × 4, ie 8, arises and that all switching stage elements of the circuit are interconnected within this ring.

For the sake of clarity, in 2 only the activated interconnections, ie the connections selected via the challenges, are displayed.

For the initialization of the circuit 1 At each interface input of each switching stage element to the initialization unit R, for example, the value 1 or logical HIGH is fixed, so that regardless of the logical value, which is present at the input of a switching stage element selected via the permutation rule, there will always be a logic 0 or a logic LOW at the output of each switching stage element is applied. The assumption of the logical value 0 thus becomes by the initialization unit at each point of the circuit 1 ie forced between all switching stages and in all tracks or rings.

To derive the response associated with the challenge applied via the permutation rule, the interface input of each switching stage element to the initialization unit R is set to the logical 0 value. The switching stage elements now each act as inverters and deliver at their respective outputs the logical negation of the logical value applied to the input selected via the permutation rule.

After completion of the active phase of the initialization unit, in which an unstable state is assumed at all positions within the circuit, now all switching stage elements switch according to their logically negating functionality, theoretically at the same time. Due to production-related differences from the cycle time of the individual switching stage elements or by temporal variations and delays in the implementation of the logical function using built-look-up tables, one of the bistable states within the ring, which depends on the hardware for the circuit 1 characteristic trend towards a bit pattern characteristic 0101 or 1010 and so on. For the detection of the bit pattern in successive measurements, an identical position between two inverters should be chosen for comparability sure. Alternatively, an identical logical position may be useful, ie, for example, a position offset by two inverters compared to the original position, so that the bit pattern appears equal again due to the two intervening negations.

In 3 is shown schematically, how can change the number of rings formed when changing an adjacent Challenge. In this third embodiment takes place both between the first switching stage 10 and the second switching stage 20 as well as between the third switching stage 30 and the fourth shift stage 40 a permutation of the tracks instead. Now the tracks intersect in two places, so that the effect of the track change after the even number of permutations, namely two permutations, is canceled again. Thus, a signal at the output of the fourth switching stage 40 is potentially fed back to the input of that switching stage element from which the signal from a previous pass has already been started. With regard to a signal curve, two rings are formed, each of which has an even number of switching stages. In each ring four shift stage elements are included, which, however, come from different tracks. Accordingly, by applying a logically negated challenge, it can also be achieved that two bistable closed rings exist, with just each switching stage element being supplied with the respective other switching stage element of the adjacent switching stage in comparison to the previous configuration. Thus, by applying various challenges, the membership of shift stage elements to tracks or rings and thus the influence of individual shift stage elements in these rings can be changed. Unique tendencies, which drive the taking of one of the possible stable states, are suppressed by permuting at different positions within the circuit, for example in different rings.

For reasons of clarity, the drawing in of the initialization unit with the respective interfaces was omitted here.

4 shows schematically how, according to a fourth embodiment of the invention, a plurality of signal paths can be provided within a switching stage element again, being specified via a further challenge per switching stage element, which of the two or more signal paths is activated. For a switching stage element 100 the first switching stage 10 For example, it is shown how two NOR gates or two NOR look-up tables are installed in parallel, and another, or inner, challenge C100 specifies a selection rule for selecting the signal paths. Analog can be in another switching stage element 101 the first switching stage 10 via an internal challenge C101 as well as a further variation of the selected signal path can be specified. Alternatively, the controllable by the Challenge switching a delay path in one of the switching stage elements is possible and provides a great deal of circuit complexity, a variation of the circuit properties.

In particular, the inner challenge C100 or C101 is applied to a multiplexer as the control signal which determines which input of the multiplexer is selected, i. which of the two NOR function elements is selected in order to pass on the signal from this function element path to the output of the switching stage element.

By combining the outer challenge to determine the permutation with the inner challenge to select parallel alternative paths, an even larger number of challenge-response pairs are created and thus the challenge space is advantageously increased again. The introduction of alternative signal paths which are selected as active by the internal challenge can be provided for individual shift stage elements or multiple shift stage elements of one or more different stages and in particular for all shift stage elements.

The embodiments are limited to variants of the circuit according to the invention, which have a manageable number of switching stages, namely four switching stages, and a small number of switching stage elements per switching stage, namely two switching stage elements. The examples were chosen to ensure readability in the figures. Advantageously, a plurality of switching stage elements per switching stage is provided, so that a multiplicity of possible interconnections of switching stage elements of two adjacent switching stages can be configured with one another, namely with a number N of switching stage elements N! possible permutations. It can also be used circuits with an odd number of switching stages, as by a suitable Permutationsvorschrift the configuration of the circuit can be specified such that a ring of even number of switching stage elements is created by an even multiple connected to adjacent tracks. If, in one case, there remains an odd number of switching stage elements which can not be closed to form a bistable ring, this can be disregarded in the evaluation. If an even number of switching stage elements is present, taking into account all the switching stages, then the longest constructible one is available Ring always given by the total number of switching stage elements.

For reasons of readability was in the 2 to 4 waived the registration unit. This can be provided in all tracks at a common position within the circuit or for different tracks at different positions. Furthermore, the detection unit can be installed in combination with an evaluation circuit which, for example, picks off a bit behind each stage circuit for recognizing the time-stable alternating pattern. Also, the evaluation circuit is preferably provided in all tracks of the circuit, so that regardless of the number of rings formed the appropriate time for reading the response can be detected.

Depending on the field of application, the physically unclonable function realized by the circuit is used as a key memory or as an authenticity check. The derived identifier serves, for example, to form a cryptographic key, which is stored in a non-readable form on a hardware and can only be generated on this hardware provided for this purpose. For an authenticity check, the identifier may enter into a response which a validator of a device expects from the circuit.

In order to further increase the quality of the response data, in a learning phase, in which challenge-response pairs are collected, which are subsequently used for authentication or for generating a cryptographic key, such challenges can be sorted out, which are based on a strong predistinction to interpret the response. In particular, the time that the PUF needs to reach a stable state is measured per challenge. Challenges below a certain threshold will not be used in the future. This ensures that a response can not be guessed or is not meaningfully recognized as belonging to a challenge.

The functional elements within a switching stage can be chosen arbitrarily. If the invention is within a reprogrammable digital device, i. Field programmable gate arrays, short FPGAs, is realized, the selection, inversion and reset function can be realized particularly well together by so-called look-up tables. Look-up tables can realize arbitrary logic functions within the scope of their available input and output signals, since a corresponding output value can be stored in the form of a value table for each possible combination of input signals.

QUOTES INCLUDE IN THE DESCRIPTION

This list of the documents listed by the applicant has been generated automatically and is included solely for the better information of the reader. The list is not part of the German patent or utility model application. The DPMA assumes no liability for any errors or omissions.

Cited non-patent literature

• Chen et al. "The Bistable Ring PUF: A New Architecture for Strong Physical Unclonable Functions" (2011 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 134-141, IEEE, 2011) [0005]
• "Attacking and Protecting Ring Oscillator Physical Unclonable Functions and Code-Offset Fuzzy Extract" by D. Merli, 2013 [0007]

Claims (15)

Circuit ( 1 ) for generating an identifier (I) for the circuit ( 1 ), with - at least two switching stages ( 10 . 20 ), the switching stages ( 10 . 20 ) comprising in each case at least two switching stage elements ( 100 . 101 . 200 . 201 ), wherein the at least two switching stages ( 10 . 20 ) are formed such that respective output values at respective outputs of the at least two switching stage elements ( 100 . 101 ) of a preceding switching stage ( 10 ) respective inputs of the at least two switching stage elements ( 200 . 201 ) of a following switching stage ( 20 ) can be fed alternatively; wherein by a respective switching stage element ( 10 . 20 ) Assignable Permutationsvorschrift an assignment of a respective input of the respective switching stage element ( 200 . 201 ) of the following switching stage ( 20 ) to exactly one output of a switching stage element ( 100 . 101 ) of the preceding switching stage ( 10 ) is definable; - an interface device to an initialization unit (R), the initialization unit (R) suitable for specifying a predetermined value as the output value of a respective output of the switching stage elements ( 100 . 101 . 200 . 201 ) of the switching stages ( 10 . 20 ), so the circuit ( 1 ) is stable in an unstable state during an active phase of the initialization unit; wherein after termination of the active phase the circuit is set up to take one for the circuit ( 1 ) characteristic state as a function of the permutation rule; At least one detection unit (E) for detecting at least one bit at at least one position within the circuit, wherein by detecting the at least one bit within the circuit (E) 1 ) in the characteristic state with the aid of the at least one bit of the identifier (I) can be generated. Circuit ( 1 ) according to claim 1, wherein by supplying respective outputs of switching stage elements ( 200 . 201 ) of a following switching stage ( 20 ) to respective inputs of switching stage elements ( 100 . 101 ) of a preceding switching stage ( 10 ) At least one bistable closed ring is constructable. Circuit ( 1 ) according to claim 1 or 2, wherein three or more switching stages ( 10 . 20 . 30 , ...) are provided whose respective switching stage elements ( 100 . 101 . 200 . 201 . 300 . 301 , ...) in each case via the permutation rule according to claim 1 are connected, so that at least one bistable closed ring can be constructed. Circuit ( 1 ) according to one of the preceding claims, wherein at least one switching stage element ( 100 ) comprises a plurality of signal paths and wherein one of the plurality of signal paths can be activated via a selection rule. Circuit ( 1 ) according to one of the preceding claims, further comprising a respective detection unit (E) in each of the bistable closed rings constructed by the permutation rule for detecting at least one respective bit, the identifier (I) being derivable from a plurality of bits of the respective bits. Circuit ( 1 ) according to one of the preceding claims, wherein the permutation rule is predeterminable as a challenge (C10, C20), which for each shift stage element ( 100 . 101 ) of the switching stage ( 100 ) determines the assignment. Circuit ( 1 ) according to claim 6, wherein the at least one bit represents a response in response to the challenge, and the response is characteristic of an instance of the circuit ( 1 ). Circuit ( 1 ) according to claim 7, wherein the response is single-bit or multi-bit. Circuit ( 1 ) according to one of the preceding claims, further comprising a unit for evaluating the response with respect to a stabilizing property. Circuit ( 1 ) according to claim 9, wherein the unit comprises a time detection unit, in particular a counter, and / or a selection unit for selecting responses and for forwarding to an output unit. Circuit ( 1 ) according to one of the preceding claims, further comprising an evaluation circuit for detecting the characteristic state, the evaluation circuit suitable for detecting a temporally stable alternating pattern along the step circuits. A method for generating an identifier for a circuit having at least two switching stages, the switching stages comprising at least two switching stage elements, - wherein respective output values are supplied to respective outputs of the at least two switching stage elements of a preceding switching stage respective inputs of the at least two switching stage elements of a subsequent switching stage alternatively; - An assignment of a respective input of the respective switching stage element of the following switching stage to exactly one output of a switching stage element of the preceding switching stage is determined by a respective switching stage element assignable Permutationsvorschrift; - By means of an initialization unit, a predetermined value as the output value of a respective Output of the switching stage elements of the switching stages is set so that the circuit is kept in an unstable state during an active phase of the initialization unit; - After completion of the active phase, the circuit occupies a characteristic state for the circuit in response to the Permutationsvorschrift and is detected by means of a detection unit of at least one bit at least one position within the circuit in the characteristic state for generating the identifier. Method for generating an identifier for a circuit comprising the steps: - Providing a circuit having at least two switching stages, the switching stages comprising at least two switching stage elements, wherein the at least two switching stages are designed such that respective output values at respective outputs of the at least two switching stage elements of a preceding switching stage respective inputs of the at least two switching stage elements of a subsequent switching stage fed alternatively are; - Creating a challenge by means of a permutation rule, wherein the interconnection of a respective input of the respective switching stage element of the following switching stage is set to exactly one output of a switching stage element of the preceding switching stage by the permutation rule; - Specifying a predetermined value as the output value of a respective output of the switching stage elements of the switching stages for maintaining an unstable state of the circuit during an active phase; Detecting a response after termination of the active phase, wherein the response is formed from at least one bit tapped at at least one position of the circuit in a stable state of the circuit and is dependent on the challenge and characteristic for a copy of the circuit. The method of claim 13, wherein three or more switching stages are provided, the respective switching stage elements are each interconnected via the permutation rule according to claim 13, so that at least one bistable closed ring is configured. A computer program product comprising a computer program having means for carrying out the method according to one of the preceding claims, when the computer program is executed on a program-controlled device.

Images