EP3202041A1 - Integrated device for implementing a physical unclonable function and a physical unclonable constant - Google Patents

Integrated device for implementing a physical unclonable function and a physical unclonable constant

Info

Publication number
EP3202041A1
EP3202041A1 EP15791746.9A EP15791746A EP3202041A1 EP 3202041 A1 EP3202041 A1 EP 3202041A1 EP 15791746 A EP15791746 A EP 15791746A EP 3202041 A1 EP3202041 A1 EP 3202041A1
Authority
EP
European Patent Office
Prior art keywords
transistor
terminal
cell
puc
electrically connected
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP15791746.9A
Other languages
German (de)
French (fr)
Inventor
Riccardo Bernardini
Roberto Rinaldo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Universita degli Studi di Udine
Original Assignee
Universita degli Studi di Udine
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universita degli Studi di Udine filed Critical Universita degli Studi di Udine
Publication of EP3202041A1 publication Critical patent/EP3202041A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03KPULSE TECHNIQUE
    • H03K19/00Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
    • H03K19/003Modifications for increasing the reliability for protection
    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3278Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry

Definitions

  • the technical reference field of the invention relates to hardware device authentication, and in particular, integrated circuit authentication via Physical Unclonable Constant (PUC) and Physical Unclonable Functions (PUF).
  • PUC Physical Unclonable Constant
  • PAF Physical Unclonable Functions
  • a first example relates to the field of electronic systems adapted to ensure the unique identification and authentication of a user.
  • a second example relates to the protection of on-board chip firmware.
  • An effective solution to protect the firmware on-board of chips includes encrypting the firmware code before writing it to the memory and decrypting it a moment before execution. The encryption/decryption is done by the hardware of the chip itself and uses a symmetric algorithm provided with a decoding key.
  • the secret decryption key is stored to non-volatile memory (such as in an EEPROM) making it available to be used as a digital signature or used on encrypted protocols to authenticate devices or protect private information.
  • Non-volatile memory in fact, is vulnerable to invasive brute-force attacks as it keeps the information on the chip in a visible and clonable manner. Therefore, in order to ensure a high level of security for these memories, auxiliary circuitry must be used adapted to check the status of the integrated circuit in real time and prevent possible attacks. This solution is understandably very costly, both in terms of implementation cost and in terms of energy consumption.
  • PAFs Physical Unclonable Functions
  • PUFs are divided into two categories: strong PUFs and weak PUFs, according to their size. Strong PUFs have a large domain and their typical use is chip authentication based on the so-called Challenge Response Pairs (CRP) technique. Weak PUFs, on the other hand, have a very small domain which may be such as to reduce the PUF to a mere constant function, sometimes referred to as Physical Unclonable Constant (PUC).
  • An ideal PUC may be described as a random constant: the random value is set during manufacture and is then output whenever the PUC is "queried". Reference is made hereinafter to PUFs to indicate devices of any complexity and thus including PUCs.
  • the above random value generated in a PUF can be generated, for example, by the propagation delay of a signal through the interconnections and the transistors implemented on the chip, or by the exact length of the channel of a MOSFET.
  • a potential attacker who wanted to take a key generated by a PUF should be able to get the key while the circuit is working to generate it, which is much more difficult than reading a key permanently stored unencrypted to non-volatile memory. Moreover, if the hypothetical attacker made an attack on the chip, he should be able to carry out his attack without modifying the physical structure of the circuit, because changing the physical structure of the circuit would change the same response of the circuit and thus the generated key.
  • a PUF is generally obtained through a circuit which uses the inherent variability in the manufacturing process to generate a binary output which is the result of the combination of the variables inside the circuit made and represents a sort of "fingerprint" thereof.
  • PUFs Since said statistic variations cannot be controlled from the outside but only statistically predicted, they imply that the single PUF circuit cannot be replicated or cloned because it is substantially dependent on the randomness of the production, process.
  • NVM non-volatile memories
  • PUF circuits The main drawback of PUF circuits is that the same circuit may have different outputs in response to the same inputs.
  • the randomness of the error is related to the own noise generated by the circuit, while the deterministic part of the error is related to the combination of the various mismatches present and related to the nominal values of the characteristic parameters of the circuit.
  • SRAM static RAM
  • the problem related to the use of SRAM is related to the fact that the "preference” shown by each cell varies almost continuously from one cell to another, with some particularly “uncertain” cells which can take values “0" and “1 " with probability close to 50%.
  • Those "uncertain” cells lower the overall reliability of the system, in the sense that at each switch on of the chip, the ID generated by the chip itself is likely to fluctuate between two or more substantially equiprobable IDs, thus making the use of such an ID as a cryptographic key very difficult.
  • These uncertain cells are usually managed by obtaining a surplus of cells in the chip, then measuring the uncertainty degree of the cells to finally discard the cells considered not reliable enough.
  • the risk to cope with by means of this solution is that after discarding unreliable cells, there may not be enough to create the encryption key, thus making the chip unusable.
  • the best way to reduce the likelihood of such a possibility, reducing the risk of not achieving the minimum number of useful cells, is to increase said surplus of cells, but doing so makes the chip more complex and larger, thus reducing the yield and increasing the manufacturing costs.
  • error control methods and devices are further available - sometimes referred to as stabilizers - adapted to ensure that the PUF generates the correct output.
  • the European patent application EP2615571 describes a method for generating an identifier starting from the outputs of two PUFs which generate the desired output when combined by a certain function.
  • two preferred embodiments of the inventions include combining the outputs of the two PUFs in a function adapted to return the correct output, or using the so-called challenge-response technique, i.e. using the output of the first PUF as an input to the second PUF, and afterwards a function which processes the second output to generate the desired output, respectively.
  • the international patent application WO03090259 describes a method of authenticating an integrated circuit based on designing said circuit so as to implement a wide range of measurable physical characteristics which are difficult to be duplicated with accuracy.
  • the integrated circuit can be authenticated by selectively measuring a subset of said physical characteristics and comparing the results measured with previously stored measurements. If they match, the chip is authenticated.
  • the chip is thus designed so that the number of measurable physical characteristics is large enough so that it is virtually impossible for any attacker to measure all the physical characteristics completely and store the result measured.
  • the international patent application WO2009/024913 describes a technique in which the output of a PUF provides authentication to devices having programmable memories.
  • the data in memory are encrypted with a secret key.
  • An access code is generated by combining the output of the PUF (due to a particular input) with said secret key. Therefore, in order to decrypt the data, the correct input is required to have the correct output which, combined with the secret key, will provide the necessary access code to decrypt the data.
  • the circuit according to the present invention is characterized by a complexity comparable to the complexity of an SRAM cell and allows to obtain, in production, a fraction of uncertain cells which can be much smaller than the fraction of SRAM- based uncertain cells and such as not to require the use of stabilizer devices or methods.
  • figure 1 shows the diagram of the general model of an SRAM cell which forms a PUC (a) and relevant vector diagram of the equilibrium states (b);
  • figure 2 shows the circuit diagram of a preferred embodiment of the present invention
  • figure 3 shows the transfer function Vout/Vin of the comparator/inverter block of the device according to the present invention.
  • FIG 1 accompanying the present patent application shows a diagram of the general model of an SRAM cell which forms a prior art PUC and the vector diagram of the equilibrium states of said SRAM cell, related to the case where Ci
  • Each SRAM cell of the type used for manufacturing PUCs has three equilibrium points: two stable equilibrium points, corresponding to the storage of values "0" and "1 " - indicated with “0” and “1 " in figure 1 (b) - and one unstable equilibrium point, indicated with "X” in figure 1 (b).
  • the SRAM cell shown in accompanying figure 1 has a preference for the equilibrium point 1 meaning that any evolution of the state of the cell, in the absence of noise, which starts from a situation corresponding to the origin of the graph in figure 1 (b), point (0,0), will end in point 1 along the continuous line.
  • the present invention thus introduces a new circuit for manufacturing a PCU circuit, a circuit which is characterized by a single stable equilibrium point the position of which is strongly influenced by the physical construction parameters of the circuit itself.
  • the PUC cell according to the present invention comprises:
  • a first pair of transistors comprising a first field effect transistor - FET - or Metal Oxide Semiconductor Field Effect Transistor - MOSFET Q1 , of the P-channel type, and a second field-effect transistor, Q2, of the N-channel type;
  • first terminal electrically connected to the gate contact of said first transistor Q1 and to the gate contact of said second transistor Q2, said first terminal being adapted to receive a first DC voltage V0 equal to half the supply voltage of the circuit; a second terminal electrically connected to the drain contact of said first transistor Q1 and to the drain contact of said second transistor Q2;
  • a third terminal electrically connected to the source contact of said first transistor Q1 , said third terminal being adapted to receive a second DC voltage 2V0 equal to the supply voltage of the circuit;
  • a comparator/inverter block connected with the input to said second terminal and with the output to the output terminal of said PCU cell, and adapted to map the voltage value on said second terminal in the output values 0V and 2V0.
  • said comparator/inverter block preferably comprises
  • a second pair of transistors comprising a third transistor Q3, preferably made by a field-effect transistor of the P-channel type, and a fourth transistor Q4, preferably made by a field-effect transistor of the N-channel type, in which:
  • drain contact of said third transistor Q3 and the drain contact of said fourth transistor Q4 are both connected to the output terminal of said PUC cell;
  • the source contact of said third transistor Q3 is electrically connected to said third terminal
  • the source contact of said fourth transistor Q4 is electrically connected to the ground reference of the circuit.
  • Said transistors Q1 - Q4 and said capacitance C are preferably made within a semiconductor chip according to the methods available in the prior art.
  • FIG. 3 shows the transfer function Vout/Vin of the above preferred embodiment of said comparator/inverter block in which the voltage values VI L and VI H represent the points where the curve of said transfer function Vout/Vin has a slope equal to -1 , said points delimiting the region of indeterminacy of said comparator/inverter block.
  • the current flowing in transistor FET Qi is equal to:
  • VGS the voltage applied between gate and source of the FET
  • VDS the voltage present between drain and source of the FET
  • transistors Q1 and Q2 are FET of the enhancement type VTI ⁇ 0 ⁇ VT2, moreover, transistors Q1 and Q2 are made so that the cell is symmetrical in the sense that, nominally, we have:
  • the output voltage and logical value of the PUC cell according to the present invention depends only on the initial value of current lc, lc(0) taken upon the switching on of the cell and the output logical value of said cell will be equal to 1 in the cases where lc(0) ⁇ 0. This implies that the PUC cell according to the present invention is practically independent of any changes in the operating temperature since any changes in temperature are obviously the same for both Q1 and Q2, without affecting the overall operation of the cell itself.
  • the PUC cell according to the present invention has a single equilibrium point also causes that any noise superimposed to the voltages involved does not lead to achieving a "wrong" state by that cell, making the PUC cell according to the present invention substantially immune to noise.
  • the PUC cell according to the present invention has a very low complexity comparable to that of an SRAM cell and has a much greater reliability than an SRAM cell as it is characterized by only one stable equilibrium point the position of which depends on random differences introduced during the step of manufacturing the chip.
  • the PUC cell according to the present invention is stable over a wide range of operating temperatures and offers considerable noise immunity, thus making the use of stabilizers adapted to ensure the correct output and which are normally used along with conventional SRAM type cells unnecessary.

Abstract

A PUC (Physical Unclonable Constant) cell characterized by a very low complexity comparable to that of an SRAM cell and by much greater reliability than an SRAM cell as it is characterized by only one stable equilibrium point the position of which depends on random differences introduced during the step of manufacturing the chip. The PUC cell according to the present invention is also stable over a wide range of operating temperatures and offers considerable noise immunity, thus making the use of stabilizers adapted to ensure the correct output and which are normally used along with conventional SRAM type cells unnecessary.

Description

INTEGRATED DEVICE FOR IMPLEMENTING A PHYSICAL UNCLONABLE FUNCTION AND A PHYSICAL UNCLONABLE CONSTANT
**********
Field of the invention
The technical reference field of the invention relates to hardware device authentication, and in particular, integrated circuit authentication via Physical Unclonable Constant (PUC) and Physical Unclonable Functions (PUF).
Background art
In several current applications of integrated electronics there is a need to provide every chip used with a code which uniquely identifies the chip (as a sort of fingerprint) and which is known only to the chip itself. An essential feature of this identification code is the almost absolute security and inviolability even by attackers who are motivated and able to make sophisticated attacks, such as the observation of the chip itself using electron microscopes, for example.
An increasing number of applications require the use of integrated circuits provided with the above-described functions.
A first example relates to the field of electronic systems adapted to ensure the unique identification and authentication of a user.
This field requires increasing levels of security as the number of connections between different users is increasing, which involves the exchange of sensitive information, which exchange must take place securely and protected from fraudulent interceptions. A typical example of such transactions is given by RFID systems, increasingly used to control the authentication of people and their access to protected areas, and by the NFC chips used in bank transactions. Ultimately, it is thus essential to have integrated circuits which are able to ensure operations such as the authentication of devices, the protection of personal information and the secure communication of information in a highly reliable and possibly cost- effective manner.
A second example relates to the protection of on-board chip firmware. An effective solution to protect the firmware on-board of chips includes encrypting the firmware code before writing it to the memory and decrypting it a moment before execution. The encryption/decryption is done by the hardware of the chip itself and uses a symmetric algorithm provided with a decoding key. It is apparent that when said decoding key is stored unencrypted on a memory block, a sufficiently motivated attacker could read the key and use it to decrypt the firmware code, thus appropriating it; however, if the chip had its own embedded and secret ID, known to that chip and only to that chip, the cryptographic key could be generated as needed, before executing the firmware, avoiding the need to store such unencrypted key to a memory block as it occurs in most cases of the prior art. Typically, in fact, the secret decryption key is stored to non-volatile memory (such as in an EEPROM) making it available to be used as a digital signature or used on encrypted protocols to authenticate devices or protect private information.
As mentioned before, storing the secret key to non-volatile memory entails several drawbacks, the most important of which is the fact that securely managing a secret key in a memory is difficult and expensive.
Non-volatile memory, in fact, is vulnerable to invasive brute-force attacks as it keeps the information on the chip in a visible and clonable manner. Therefore, in order to ensure a high level of security for these memories, auxiliary circuitry must be used adapted to check the status of the integrated circuit in real time and prevent possible attacks. This solution is understandably very costly, both in terms of implementation cost and in terms of energy consumption.
The so-called Physical Unclonable Functions (PUFs) can overcome, among others, the drawback described due to their main innovative feature: the secret keys which were previously stored to non-volatile memories, are directly generated on the chip starting from the physical complexity of the circuit implemented in the chip.
In literature, PUFs are divided into two categories: strong PUFs and weak PUFs, according to their size. Strong PUFs have a large domain and their typical use is chip authentication based on the so-called Challenge Response Pairs (CRP) technique. Weak PUFs, on the other hand, have a very small domain which may be such as to reduce the PUF to a mere constant function, sometimes referred to as Physical Unclonable Constant (PUC). An ideal PUC may be described as a random constant: the random value is set during manufacture and is then output whenever the PUC is "queried". Reference is made hereinafter to PUFs to indicate devices of any complexity and thus including PUCs.
The above random value generated in a PUF can be generated, for example, by the propagation delay of a signal through the interconnections and the transistors implemented on the chip, or by the exact length of the channel of a MOSFET.
Due to this inherent feature of PUFs, it is apparent that the output of said PUFs, i.e. the key or keys which are generated, is linked to the variability in the manufacturing process of the various integrated circuits, and is thus difficult to predict. All of this dramatically increases the level of security and robustness of the secret key associated with a given PUF. In fact, the volatile key generated in said PUFs exists only in digital form - without being stored permanently to some hardware device - only during the time interval in which the chip itself is powered and used.
A potential attacker who wanted to take a key generated by a PUF should be able to get the key while the circuit is working to generate it, which is much more difficult than reading a key permanently stored unencrypted to non-volatile memory. Moreover, if the hypothetical attacker made an attack on the chip, he should be able to carry out his attack without modifying the physical structure of the circuit, because changing the physical structure of the circuit would change the same response of the circuit and thus the generated key.
A PUF is generally obtained through a circuit which uses the inherent variability in the manufacturing process to generate a binary output which is the result of the combination of the variables inside the circuit made and represents a sort of "fingerprint" thereof.
Said variables inside the circuit, during the step of producing the circuit itself, obviously undergo statistic variations around their nominal value. These variations, combined with one another result in that the same circuit may have different outputs in response to the same inputs.
Since said statistic variations cannot be controlled from the outside but only statistically predicted, they imply that the single PUF circuit cannot be replicated or cloned because it is substantially dependent on the randomness of the production, process. In addition to a very high intrinsic security level, as shown above, PUFs also offer important advantages in terms of manufacturing costs. In fact, PUFs do not require non-volatile memories (NVM) to store the generated key, thus avoiding the costs and security concerns related to the use of said memories.
The main drawback of PUF circuits is that the same circuit may have different outputs in response to the same inputs.
This variation of the output in response to the same input is due to errors occurring in PURs partly randomly, partly deterministically.
The randomness of the error is related to the own noise generated by the circuit, while the deterministic part of the error is related to the combination of the various mismatches present and related to the nominal values of the characteristic parameters of the circuit.
According to the prior art, most PUF circuits available are based on static RAM (SRAM) memory cells. Each cell is capable of storing a single bit and sets to switch to one of the two logical states - "0" or "1 " - in a theoretically random manner. Actually, what is observed experimentally is that, due to random asymmetries introduced during the production of the chip, a cell shows a certain preference for one of the two states. For example, a given cell may set to state "1 " 85% of the time, while another might set to state "0" 70% of the time. Therefore, SRAM cells have the mixture of randomness and determinism required for manufacturing PUF circuits.
The advantage resulting from the use of SRAM cells for manufacturing PUF circuits is that the SRAM technology is mature and well established and therefore is low risk and easy to be implemented.
On the other hand, the problem related to the use of SRAM is related to the fact that the "preference" shown by each cell varies almost continuously from one cell to another, with some particularly "uncertain" cells which can take values "0" and "1 " with probability close to 50%. Those "uncertain" cells lower the overall reliability of the system, in the sense that at each switch on of the chip, the ID generated by the chip itself is likely to fluctuate between two or more substantially equiprobable IDs, thus making the use of such an ID as a cryptographic key very difficult. These uncertain cells are usually managed by obtaining a surplus of cells in the chip, then measuring the uncertainty degree of the cells to finally discard the cells considered not reliable enough. The risk to cope with by means of this solution is that after discarding unreliable cells, there may not be enough to create the encryption key, thus making the chip unusable. The best way to reduce the likelihood of such a possibility, reducing the risk of not achieving the minimum number of useful cells, is to increase said surplus of cells, but doing so makes the chip more complex and larger, thus reducing the yield and increasing the manufacturing costs.
In order to improve the reliability of PUFs and thus the yield in the manufacturing step, error control methods and devices are further available - sometimes referred to as stabilizers - adapted to ensure that the PUF generates the correct output. The European patent application EP2615571 describes a method for generating an identifier starting from the outputs of two PUFs which generate the desired output when combined by a certain function. In said patent application, two preferred embodiments of the inventions include combining the outputs of the two PUFs in a function adapted to return the correct output, or using the so-called challenge-response technique, i.e. using the output of the first PUF as an input to the second PUF, and afterwards a function which processes the second output to generate the desired output, respectively.
The international patent application WO03090259 describes a method of authenticating an integrated circuit based on designing said circuit so as to implement a wide range of measurable physical characteristics which are difficult to be duplicated with accuracy. At this point, the integrated circuit can be authenticated by selectively measuring a subset of said physical characteristics and comparing the results measured with previously stored measurements. If they match, the chip is authenticated. The chip is thus designed so that the number of measurable physical characteristics is large enough so that it is virtually impossible for any attacker to measure all the physical characteristics completely and store the result measured.
The international patent application WO2009/024913 describes a technique in which the output of a PUF provides authentication to devices having programmable memories. With this system, the data in memory are encrypted with a secret key. An access code is generated by combining the output of the PUF (due to a particular input) with said secret key. Therefore, in order to decrypt the data, the correct input is required to have the correct output which, combined with the secret key, will provide the necessary access code to decrypt the data.
Therefore, it is the general object of the present invention to provide a circuit adapted to implement PUF which allows to overcome the drawbacks of the prior art, in particular by reducing the fraction of uncertain cells produced.
The circuit according to the present invention is characterized by a complexity comparable to the complexity of an SRAM cell and allows to obtain, in production, a fraction of uncertain cells which can be much smaller than the fraction of SRAM- based uncertain cells and such as not to require the use of stabilizer devices or methods.
Brief description of the drawings
Further features and advantages of the present invention will become more apparent from the following detailed description, given by way of a non-limiting example and shown in the accompanying figures which are schematic and show functional blocks adapted to implement certain features which can be practically implemented according to different circuit solutions. In detail:
figure 1 shows the diagram of the general model of an SRAM cell which forms a PUC (a) and relevant vector diagram of the equilibrium states (b);
figure 2 shows the circuit diagram of a preferred embodiment of the present invention;
figure 3 shows the transfer function Vout/Vin of the comparator/inverter block of the device according to the present invention.
Detailed description of the invention
Figure 1 accompanying the present patent application shows a diagram of the general model of an SRAM cell which forms a prior art PUC and the vector diagram of the equilibrium states of said SRAM cell, related to the case where Ci Each SRAM cell of the type used for manufacturing PUCs has three equilibrium points: two stable equilibrium points, corresponding to the storage of values "0" and "1 " - indicated with "0" and "1 " in figure 1 (b) - and one unstable equilibrium point, indicated with "X" in figure 1 (b).
The SRAM cell shown in accompanying figure 1 has a preference for the equilibrium point 1 meaning that any evolution of the state of the cell, in the absence of noise, which starts from a situation corresponding to the origin of the graph in figure 1 (b), point (0,0), will end in point 1 along the continuous line.
However, in the non-ideal case where there is a noise component, it may happen that the logical state of the cell evolves towards the attraction domain "0" so that there is a non-zero probability that eventually, the cell reaches the "wrong" equilibrium point along, for example, the dotted line in figure 1 (b). It is apparent that if an SRAM cell is almost balanced, its "reliability" referred to the equilibrium point is thus low.
In essence, the fundamental problem which practically determines the possible occurrence of these "unreliable" SRAM cells is the presence of two stable equilibrium points which may allow the cell to be sometimes in the "wrong" equilibrium state.
While this sort of bistability is clearly useful when an SRAM cell is used as a digital memory cell, it is just as harmful when said SRAM cell is used as a PUC.
The present invention thus introduces a new circuit for manufacturing a PCU circuit, a circuit which is characterized by a single stable equilibrium point the position of which is strongly influenced by the physical construction parameters of the circuit itself.
With reference to accompanying figure 2, the PUC cell according to the present invention comprises:
a first pair of transistors comprising a first field effect transistor - FET - or Metal Oxide Semiconductor Field Effect Transistor - MOSFET Q1 , of the P-channel type, and a second field-effect transistor, Q2, of the N-channel type;
a first terminal electrically connected to the gate contact of said first transistor Q1 and to the gate contact of said second transistor Q2, said first terminal being adapted to receive a first DC voltage V0 equal to half the supply voltage of the circuit; a second terminal electrically connected to the drain contact of said first transistor Q1 and to the drain contact of said second transistor Q2;
a capacitance C electrically connected between said first terminal and said second terminal;
a third terminal electrically connected to the source contact of said first transistor Q1 , said third terminal being adapted to receive a second DC voltage 2V0 equal to the supply voltage of the circuit;
a fourth terminal electrically connected to the source contact of said second transistor Q2, said fourth terminal being further connected to the ground reference of the circuit;
a comparator/inverter block connected with the input to said second terminal and with the output to the output terminal of said PCU cell, and adapted to map the voltage value on said second terminal in the output values 0V and 2V0.
Again with reference to accompanying figure 2, said comparator/inverter block preferably comprises
a second pair of transistors comprising a third transistor Q3, preferably made by a field-effect transistor of the P-channel type, and a fourth transistor Q4, preferably made by a field-effect transistor of the N-channel type, in which:
the gate contact of said third transistor Q3 and the gate contact of said fourth transistor Q4 are both connected to said second terminal;
the drain contact of said third transistor Q3 and the drain contact of said fourth transistor Q4 are both connected to the output terminal of said PUC cell;
the source contact of said third transistor Q3 is electrically connected to said third terminal;
the source contact of said fourth transistor Q4 is electrically connected to the ground reference of the circuit.
Said transistors Q1 - Q4 and said capacitance C are preferably made within a semiconductor chip according to the methods available in the prior art.
Accompanying figure 3 shows the transfer function Vout/Vin of the above preferred embodiment of said comparator/inverter block in which the voltage values VI L and VI H represent the points where the curve of said transfer function Vout/Vin has a slope equal to -1 , said points delimiting the region of indeterminacy of said comparator/inverter block.
To illustrate the operation of the PUC cell described, VTI indicates the threshold voltage of the FET transistors, βί the transconductance, Wi the width and Li length of the channels of FETs Qi (i = 1 , 2) so that the relationship βί = Cox μ (Wi / U) applies, where Cox is the capacitance related to the gate oxide layer and μι is the value of mobility of charge carriers. The current flowing in transistor FET Qi is equal to:
li = βί [(VGSI - VTI) - VDSI / 2] VDSI (i = 1 , 2) in the triode operation region and li = (VGSI - VTI)2 βί / 2 (i = 1 , 2) in the saturation operation region, where VGS is the voltage applied between gate and source of the FET and VDS is the voltage present between drain and source of the FET.
Since both Q1 and Q2 are FET of the enhancement type VTI < 0 < VT2, moreover, transistors Q1 and Q2 are made so that the cell is symmetrical in the sense that, nominally, we have:
VTI = - VT2 and βι = β2, i.e. W2 / L2 = (μη / μΡ) Wi / Li .
Assuming that the circuit described is switched on at a certain initial time t (t = 0), the input voltages V0 and VX are applied. Capacitance C is initially not charged and then the voltage at its terminals Vc(0) = 0. At time t = tmax, the output voltage value Vout(tmax) of the cell is acquired as the cell constant value. Now we see how said characteristic value Vout(tmax) of the PUC cell according to the present invention depends on the implementation asymmetries of the circuit described and shown in accompanying figure 2.
Assuming the initially not charged capacitance and the ideal case where the components are all characterized by their nominal values, we have VGSI = VDSI (i = 1 , 2) and both FETs are in saturation. Since VGS2 = - VGSI = V0 and the FETs are identical, then h = I2 and therefore lc = 0, the voltage at the terminals of the capacitor constantly remains equal to zero, Vc = 0, and thus the output voltage of the first pair of FETs Q1 , Q2 is equal to V0, Vraw(tmax) = V0.
In the real case where the components are characterized by real parameters other than the nominal/ideal parameters, we will necessarily have li ≠ I2 and one of two FETs will conduct more than the other. If, for example, h (0) > l2(0) (i.e. βι > β2), then lc > 0 and therefore the voltage at the terminals of capacitance C, Vc increases. Since:
VDSI = VGSI + Vc, we have that both VDSI and VDS2 increase. Since Q2 is an N- channel FET, an increase of VDS2 is adapted to maintain Q2 in saturation, while since Q1 is a P-channel FET, when voltage Vc(t) increases the current through Q1 decreases until, at a value of Vc(t) large enough, Q1 exits the saturation zone. This situation will asymptotically lead to achieving an equilibrium point in which h = I2 and the charge of capacitance C will stop when the voltage at the terminals of C reaches a stable equilibrium value Veq > 0.
Therefore, we have that if lc(0) > 0, then V0 + Veq > Vraw(tmax) > 0. It is apparent that, as soon as Vraw(tmax) reaches a value greater than Vm, voltage Vout(tmax) will become approximately equal to 0V and the PUC cell according to the present invention will produce an output voltage of 0V and thus a logical value of q = 0. Similarly, if circuit asymmetries are such that, initially, h (0) < l2(0) (i.e. βι < β2), then voltage Vc(t) at the terminals of capacitance C decreases, after switching on, until a stable equilibrium is asymptotically reached at a voltage value Veq < 0 which corresponds to a voltage Vraw < V0. Thereby, if IC(0) < 0, then V0 + Veq < Vraw(tmax) < V0 and therefore, as soon as the voltage value Vraw(tmax) becomes < of V1 L, voltage Vout(tmax) will become approximately equal to 2V0 and the PUC cell according to the present invention will produce an output voltage approximately equal to the supply voltage of circuit 2V0 and thus a logical value of q = 1 .
The output voltage and logical value of the PUC cell according to the present invention depends only on the initial value of current lc, lc(0) taken upon the switching on of the cell and the output logical value of said cell will be equal to 1 in the cases where lc(0) < 0. This implies that the PUC cell according to the present invention is practically independent of any changes in the operating temperature since any changes in temperature are obviously the same for both Q1 and Q2, without affecting the overall operation of the cell itself.
The fact that the PUC cell according to the present invention has a single equilibrium point also causes that any noise superimposed to the voltages involved does not lead to achieving a "wrong" state by that cell, making the PUC cell according to the present invention substantially immune to noise. In conclusion, the PUC cell according to the present invention has a very low complexity comparable to that of an SRAM cell and has a much greater reliability than an SRAM cell as it is characterized by only one stable equilibrium point the position of which depends on random differences introduced during the step of manufacturing the chip.
Finally, the PUC cell according to the present invention is stable over a wide range of operating temperatures and offers considerable noise immunity, thus making the use of stabilizers adapted to ensure the correct output and which are normally used along with conventional SRAM type cells unnecessary.

Claims

1 . A device for making PUC cells comprising:
an output terminal;
an electrical ground reference;
a first pair of transistors comprising a first field-effect transistor (Q1 ), of the P-channel type, and a second field-effect transistor, (Q2), of the N-channel type;
a first terminal electrically connected to the gate contact of said first transistor (Q1 ) and to the gate contact of said second transistor (Q2), said first terminal being adapted to receive a first DC voltage (V0);
a second terminal electrically connected to the drain contact of said first transistor (Q1 ) and to the drain contact of said second transistor (Q2);
a capacitance (C) electrically connected between said first terminal and said second terminal;
a third terminal electrically connected to the source contact of said first transistor (Q1 ), said third terminal being adapted to receive a second DC voltage (2V0) having a value approximately twice said first DC voltage (V0); a fourth terminal electrically connected to the source contact of said second transistor (Q2), said fourth terminal being further connected to said electrical ground reference;
a comparator/inverter block connected with the input to said second terminal and with the output to said output terminal, and adapted to map the voltage value on said second terminal in the output values 0V and 2V0.
2. A device according to claim 1 , characterized in that said first transistor (Q1 ) and said second transistor (Q2) are MOSFET transistors of the enhancement type.
3. A device according to one or more of claims 1 to 2, characterized in that said comparator/inverter block comprises:
a second pair of transistors comprising a third field-effect transistor (Q3), of the P-channel type, and a fourth field-effect transistor (Q4), of the N- channel type, wherein the gate contact of said third transistor (Q3) and the gate contact of said fourth transistor (Q4) are both connected to said second terminal; the drain contact of said third transistor (Q3) and the drain contact of said fourth transistor (Q4) are both connected to the output terminal of said PUC cell; the source contact of said third transistor (Q3) is electrically connected to said third terminal; the source contact of said fourth transistor (Q4) is electrically connected to said electrical ground reference.
4. A device according to claim 3, characterized in that said third transistor (Q3) and said fourth transistor (Q4) are MOSFET transistors of the enhancement type.
5. A device according to one or more of the preceding claims, characterized in that said transistors (Q1 - Q4) and said capacitance (C) are provided inside a semiconductor chip.
6. A PUC cell comprising the device according to one or more of the preceding claims.
7. A PUF device comprising a plurality of PUC cells according to claim 6.
EP15791746.9A 2014-10-01 2015-10-01 Integrated device for implementing a physical unclonable function and a physical unclonable constant Withdrawn EP3202041A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ITPD20140253 2014-10-01
PCT/IB2015/057516 WO2016051370A1 (en) 2014-10-01 2015-10-01 Integrated device for implementing a physical unclonable function and a physical unclonable constant

Publications (1)

Publication Number Publication Date
EP3202041A1 true EP3202041A1 (en) 2017-08-09

Family

ID=52014266

Family Applications (1)

Application Number Title Priority Date Filing Date
EP15791746.9A Withdrawn EP3202041A1 (en) 2014-10-01 2015-10-01 Integrated device for implementing a physical unclonable function and a physical unclonable constant

Country Status (2)

Country Link
EP (1) EP3202041A1 (en)
WO (1) WO2016051370A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9966954B1 (en) * 2017-02-03 2018-05-08 The Regents Of The University Of Michigan Physically unclonable function design

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5332931A (en) * 1991-06-24 1994-07-26 Harris Corporation High speed differential comparator
US7840803B2 (en) 2002-04-16 2010-11-23 Massachusetts Institute Of Technology Authentication of integrated circuits
EP2191410B1 (en) 2007-08-22 2014-10-08 Intrinsic ID B.V. Identification of devices using physically unclonable functions
EP2615571A1 (en) 2012-01-16 2013-07-17 Gemalto SA Method of generating an identifier of an electronic device
CN102710251A (en) * 2012-05-28 2012-10-03 宁波大学 Physical unclonable functions (PUF) circuit unit

Also Published As

Publication number Publication date
WO2016051370A1 (en) 2016-04-07

Similar Documents

Publication Publication Date Title
US11729005B2 (en) Apparatus and method for processing authentication information
Rührmair et al. PUFs at a glance
Joshi et al. Everything you wanted to know about PUFs
CN106257590B (en) Tamper-resistant non-volatile memory device and integrated circuit card
CN106257860B (en) Random number processing device and integrated circuit card
US9536581B2 (en) Tamper-resistant non-volatile memory device
US9548113B2 (en) Tamper-resistant non-volatile memory device
US11856116B2 (en) Method and apparatus for protecting embedded software
Garg et al. Design of SRAM PUF with improved uniformity and reliability utilizing device aging effect
US8749265B2 (en) Semiconductor chip and method for generating digital value using process variation
Halak Physically unclonable functions
Oren et al. On the effectiveness of the remanence decay side-channel to clone memory-based PUFs
US9729324B2 (en) Semiconductor integrated circuit, authentication system, and authentication method
US20160148680A1 (en) Tamper-resistant non-volatile memory device
Wachsmann et al. Physically unclonable functions (PUFs): Applications, models, and future directions
US10797891B2 (en) Physically unclonable function resistant to side-channel attack and method therefor
KR101359783B1 (en) System for physical unclonable function based on mismatching load resistor component
US20110128030A1 (en) Monitoring of the activity of an electronic circuit
Gao et al. Efficient erasable PUFs from programmable logic and memristors
Felicetti et al. Exploiting silicon fingerprint for device authentication using CMOS-PUF and ECC
US9860062B2 (en) Communication arrangement and method for generating a cryptographic key
WO2016051370A1 (en) Integrated device for implementing a physical unclonable function and a physical unclonable constant
Noor et al. Defense mechanisms against machine learning modeling attacks on strong physical unclonable functions for iot authentication: a review
Cambou Enhancing secure elements—technology and architecture
JP4530229B2 (en) Card authentication system

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20170428

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20180501