EP3202041A1 - Integrated device for implementing a physical unclonable function and a physical unclonable constant - Google Patents
Integrated device for implementing a physical unclonable function and a physical unclonable constantInfo
- Publication number
- EP3202041A1 EP3202041A1 EP15791746.9A EP15791746A EP3202041A1 EP 3202041 A1 EP3202041 A1 EP 3202041A1 EP 15791746 A EP15791746 A EP 15791746A EP 3202041 A1 EP3202041 A1 EP 3202041A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- transistor
- terminal
- cell
- puc
- electrically connected
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000005669 field effect Effects 0.000 claims description 9
- 239000004065 semiconductor Substances 0.000 claims description 3
- 238000004519 manufacturing process Methods 0.000 abstract description 15
- 239000003381 stabilizer Substances 0.000 abstract description 4
- 230000036039 immunity Effects 0.000 abstract description 2
- 230000015654 memory Effects 0.000 description 16
- 230000006870 function Effects 0.000 description 10
- 238000000034 method Methods 0.000 description 10
- 230000004044 response Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000008901 benefit Effects 0.000 description 3
- 230000007423 decrease Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 239000003990 capacitor Substances 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 239000002800 charge carrier Substances 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000012885 constant function Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000005259 measurement Methods 0.000 description 1
- 229910044991 metal oxide Inorganic materials 0.000 description 1
- 150000004706 metal oxides Chemical class 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 229920002635 polyurethane Polymers 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H03—ELECTRONIC CIRCUITRY
- H03K—PULSE TECHNIQUE
- H03K19/00—Logic circuits, i.e. having at least two inputs acting on one output; Inverting circuits
- H03K19/003—Modifications for increasing the reliability for protection
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Definitions
- the technical reference field of the invention relates to hardware device authentication, and in particular, integrated circuit authentication via Physical Unclonable Constant (PUC) and Physical Unclonable Functions (PUF).
- PUC Physical Unclonable Constant
- PAF Physical Unclonable Functions
- a first example relates to the field of electronic systems adapted to ensure the unique identification and authentication of a user.
- a second example relates to the protection of on-board chip firmware.
- An effective solution to protect the firmware on-board of chips includes encrypting the firmware code before writing it to the memory and decrypting it a moment before execution. The encryption/decryption is done by the hardware of the chip itself and uses a symmetric algorithm provided with a decoding key.
- the secret decryption key is stored to non-volatile memory (such as in an EEPROM) making it available to be used as a digital signature or used on encrypted protocols to authenticate devices or protect private information.
- Non-volatile memory in fact, is vulnerable to invasive brute-force attacks as it keeps the information on the chip in a visible and clonable manner. Therefore, in order to ensure a high level of security for these memories, auxiliary circuitry must be used adapted to check the status of the integrated circuit in real time and prevent possible attacks. This solution is understandably very costly, both in terms of implementation cost and in terms of energy consumption.
- PAFs Physical Unclonable Functions
- PUFs are divided into two categories: strong PUFs and weak PUFs, according to their size. Strong PUFs have a large domain and their typical use is chip authentication based on the so-called Challenge Response Pairs (CRP) technique. Weak PUFs, on the other hand, have a very small domain which may be such as to reduce the PUF to a mere constant function, sometimes referred to as Physical Unclonable Constant (PUC).
- An ideal PUC may be described as a random constant: the random value is set during manufacture and is then output whenever the PUC is "queried". Reference is made hereinafter to PUFs to indicate devices of any complexity and thus including PUCs.
- the above random value generated in a PUF can be generated, for example, by the propagation delay of a signal through the interconnections and the transistors implemented on the chip, or by the exact length of the channel of a MOSFET.
- a potential attacker who wanted to take a key generated by a PUF should be able to get the key while the circuit is working to generate it, which is much more difficult than reading a key permanently stored unencrypted to non-volatile memory. Moreover, if the hypothetical attacker made an attack on the chip, he should be able to carry out his attack without modifying the physical structure of the circuit, because changing the physical structure of the circuit would change the same response of the circuit and thus the generated key.
- a PUF is generally obtained through a circuit which uses the inherent variability in the manufacturing process to generate a binary output which is the result of the combination of the variables inside the circuit made and represents a sort of "fingerprint" thereof.
- PUFs Since said statistic variations cannot be controlled from the outside but only statistically predicted, they imply that the single PUF circuit cannot be replicated or cloned because it is substantially dependent on the randomness of the production, process.
- NVM non-volatile memories
- PUF circuits The main drawback of PUF circuits is that the same circuit may have different outputs in response to the same inputs.
- the randomness of the error is related to the own noise generated by the circuit, while the deterministic part of the error is related to the combination of the various mismatches present and related to the nominal values of the characteristic parameters of the circuit.
- SRAM static RAM
- the problem related to the use of SRAM is related to the fact that the "preference” shown by each cell varies almost continuously from one cell to another, with some particularly “uncertain” cells which can take values “0" and “1 " with probability close to 50%.
- Those "uncertain” cells lower the overall reliability of the system, in the sense that at each switch on of the chip, the ID generated by the chip itself is likely to fluctuate between two or more substantially equiprobable IDs, thus making the use of such an ID as a cryptographic key very difficult.
- These uncertain cells are usually managed by obtaining a surplus of cells in the chip, then measuring the uncertainty degree of the cells to finally discard the cells considered not reliable enough.
- the risk to cope with by means of this solution is that after discarding unreliable cells, there may not be enough to create the encryption key, thus making the chip unusable.
- the best way to reduce the likelihood of such a possibility, reducing the risk of not achieving the minimum number of useful cells, is to increase said surplus of cells, but doing so makes the chip more complex and larger, thus reducing the yield and increasing the manufacturing costs.
- error control methods and devices are further available - sometimes referred to as stabilizers - adapted to ensure that the PUF generates the correct output.
- the European patent application EP2615571 describes a method for generating an identifier starting from the outputs of two PUFs which generate the desired output when combined by a certain function.
- two preferred embodiments of the inventions include combining the outputs of the two PUFs in a function adapted to return the correct output, or using the so-called challenge-response technique, i.e. using the output of the first PUF as an input to the second PUF, and afterwards a function which processes the second output to generate the desired output, respectively.
- the international patent application WO03090259 describes a method of authenticating an integrated circuit based on designing said circuit so as to implement a wide range of measurable physical characteristics which are difficult to be duplicated with accuracy.
- the integrated circuit can be authenticated by selectively measuring a subset of said physical characteristics and comparing the results measured with previously stored measurements. If they match, the chip is authenticated.
- the chip is thus designed so that the number of measurable physical characteristics is large enough so that it is virtually impossible for any attacker to measure all the physical characteristics completely and store the result measured.
- the international patent application WO2009/024913 describes a technique in which the output of a PUF provides authentication to devices having programmable memories.
- the data in memory are encrypted with a secret key.
- An access code is generated by combining the output of the PUF (due to a particular input) with said secret key. Therefore, in order to decrypt the data, the correct input is required to have the correct output which, combined with the secret key, will provide the necessary access code to decrypt the data.
- the circuit according to the present invention is characterized by a complexity comparable to the complexity of an SRAM cell and allows to obtain, in production, a fraction of uncertain cells which can be much smaller than the fraction of SRAM- based uncertain cells and such as not to require the use of stabilizer devices or methods.
- figure 1 shows the diagram of the general model of an SRAM cell which forms a PUC (a) and relevant vector diagram of the equilibrium states (b);
- figure 2 shows the circuit diagram of a preferred embodiment of the present invention
- figure 3 shows the transfer function Vout/Vin of the comparator/inverter block of the device according to the present invention.
- FIG 1 accompanying the present patent application shows a diagram of the general model of an SRAM cell which forms a prior art PUC and the vector diagram of the equilibrium states of said SRAM cell, related to the case where Ci
- Each SRAM cell of the type used for manufacturing PUCs has three equilibrium points: two stable equilibrium points, corresponding to the storage of values "0" and "1 " - indicated with “0” and “1 " in figure 1 (b) - and one unstable equilibrium point, indicated with "X” in figure 1 (b).
- the SRAM cell shown in accompanying figure 1 has a preference for the equilibrium point 1 meaning that any evolution of the state of the cell, in the absence of noise, which starts from a situation corresponding to the origin of the graph in figure 1 (b), point (0,0), will end in point 1 along the continuous line.
- the present invention thus introduces a new circuit for manufacturing a PCU circuit, a circuit which is characterized by a single stable equilibrium point the position of which is strongly influenced by the physical construction parameters of the circuit itself.
- the PUC cell according to the present invention comprises:
- a first pair of transistors comprising a first field effect transistor - FET - or Metal Oxide Semiconductor Field Effect Transistor - MOSFET Q1 , of the P-channel type, and a second field-effect transistor, Q2, of the N-channel type;
- first terminal electrically connected to the gate contact of said first transistor Q1 and to the gate contact of said second transistor Q2, said first terminal being adapted to receive a first DC voltage V0 equal to half the supply voltage of the circuit; a second terminal electrically connected to the drain contact of said first transistor Q1 and to the drain contact of said second transistor Q2;
- a third terminal electrically connected to the source contact of said first transistor Q1 , said third terminal being adapted to receive a second DC voltage 2V0 equal to the supply voltage of the circuit;
- a comparator/inverter block connected with the input to said second terminal and with the output to the output terminal of said PCU cell, and adapted to map the voltage value on said second terminal in the output values 0V and 2V0.
- said comparator/inverter block preferably comprises
- a second pair of transistors comprising a third transistor Q3, preferably made by a field-effect transistor of the P-channel type, and a fourth transistor Q4, preferably made by a field-effect transistor of the N-channel type, in which:
- drain contact of said third transistor Q3 and the drain contact of said fourth transistor Q4 are both connected to the output terminal of said PUC cell;
- the source contact of said third transistor Q3 is electrically connected to said third terminal
- the source contact of said fourth transistor Q4 is electrically connected to the ground reference of the circuit.
- Said transistors Q1 - Q4 and said capacitance C are preferably made within a semiconductor chip according to the methods available in the prior art.
- FIG. 3 shows the transfer function Vout/Vin of the above preferred embodiment of said comparator/inverter block in which the voltage values VI L and VI H represent the points where the curve of said transfer function Vout/Vin has a slope equal to -1 , said points delimiting the region of indeterminacy of said comparator/inverter block.
- the current flowing in transistor FET Qi is equal to:
- VGS the voltage applied between gate and source of the FET
- VDS the voltage present between drain and source of the FET
- transistors Q1 and Q2 are FET of the enhancement type VTI ⁇ 0 ⁇ VT2, moreover, transistors Q1 and Q2 are made so that the cell is symmetrical in the sense that, nominally, we have:
- the output voltage and logical value of the PUC cell according to the present invention depends only on the initial value of current lc, lc(0) taken upon the switching on of the cell and the output logical value of said cell will be equal to 1 in the cases where lc(0) ⁇ 0. This implies that the PUC cell according to the present invention is practically independent of any changes in the operating temperature since any changes in temperature are obviously the same for both Q1 and Q2, without affecting the overall operation of the cell itself.
- the PUC cell according to the present invention has a single equilibrium point also causes that any noise superimposed to the voltages involved does not lead to achieving a "wrong" state by that cell, making the PUC cell according to the present invention substantially immune to noise.
- the PUC cell according to the present invention has a very low complexity comparable to that of an SRAM cell and has a much greater reliability than an SRAM cell as it is characterized by only one stable equilibrium point the position of which depends on random differences introduced during the step of manufacturing the chip.
- the PUC cell according to the present invention is stable over a wide range of operating temperatures and offers considerable noise immunity, thus making the use of stabilizers adapted to ensure the correct output and which are normally used along with conventional SRAM type cells unnecessary.
Abstract
Description
Claims
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
ITPD20140253 | 2014-10-01 | ||
PCT/IB2015/057516 WO2016051370A1 (en) | 2014-10-01 | 2015-10-01 | Integrated device for implementing a physical unclonable function and a physical unclonable constant |
Publications (1)
Publication Number | Publication Date |
---|---|
EP3202041A1 true EP3202041A1 (en) | 2017-08-09 |
Family
ID=52014266
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP15791746.9A Withdrawn EP3202041A1 (en) | 2014-10-01 | 2015-10-01 | Integrated device for implementing a physical unclonable function and a physical unclonable constant |
Country Status (2)
Country | Link |
---|---|
EP (1) | EP3202041A1 (en) |
WO (1) | WO2016051370A1 (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9966954B1 (en) * | 2017-02-03 | 2018-05-08 | The Regents Of The University Of Michigan | Physically unclonable function design |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5332931A (en) * | 1991-06-24 | 1994-07-26 | Harris Corporation | High speed differential comparator |
US7840803B2 (en) | 2002-04-16 | 2010-11-23 | Massachusetts Institute Of Technology | Authentication of integrated circuits |
EP2191410B1 (en) | 2007-08-22 | 2014-10-08 | Intrinsic ID B.V. | Identification of devices using physically unclonable functions |
EP2615571A1 (en) | 2012-01-16 | 2013-07-17 | Gemalto SA | Method of generating an identifier of an electronic device |
CN102710251A (en) * | 2012-05-28 | 2012-10-03 | 宁波大学 | Physical unclonable functions (PUF) circuit unit |
-
2015
- 2015-10-01 EP EP15791746.9A patent/EP3202041A1/en not_active Withdrawn
- 2015-10-01 WO PCT/IB2015/057516 patent/WO2016051370A1/en active Application Filing
Also Published As
Publication number | Publication date |
---|---|
WO2016051370A1 (en) | 2016-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11729005B2 (en) | Apparatus and method for processing authentication information | |
Rührmair et al. | PUFs at a glance | |
Joshi et al. | Everything you wanted to know about PUFs | |
CN106257590B (en) | Tamper-resistant non-volatile memory device and integrated circuit card | |
CN106257860B (en) | Random number processing device and integrated circuit card | |
US9536581B2 (en) | Tamper-resistant non-volatile memory device | |
US9548113B2 (en) | Tamper-resistant non-volatile memory device | |
US11856116B2 (en) | Method and apparatus for protecting embedded software | |
Garg et al. | Design of SRAM PUF with improved uniformity and reliability utilizing device aging effect | |
US8749265B2 (en) | Semiconductor chip and method for generating digital value using process variation | |
Halak | Physically unclonable functions | |
Oren et al. | On the effectiveness of the remanence decay side-channel to clone memory-based PUFs | |
US9729324B2 (en) | Semiconductor integrated circuit, authentication system, and authentication method | |
US20160148680A1 (en) | Tamper-resistant non-volatile memory device | |
Wachsmann et al. | Physically unclonable functions (PUFs): Applications, models, and future directions | |
US10797891B2 (en) | Physically unclonable function resistant to side-channel attack and method therefor | |
KR101359783B1 (en) | System for physical unclonable function based on mismatching load resistor component | |
US20110128030A1 (en) | Monitoring of the activity of an electronic circuit | |
Gao et al. | Efficient erasable PUFs from programmable logic and memristors | |
Felicetti et al. | Exploiting silicon fingerprint for device authentication using CMOS-PUF and ECC | |
US9860062B2 (en) | Communication arrangement and method for generating a cryptographic key | |
WO2016051370A1 (en) | Integrated device for implementing a physical unclonable function and a physical unclonable constant | |
Noor et al. | Defense mechanisms against machine learning modeling attacks on strong physical unclonable functions for iot authentication: a review | |
Cambou | Enhancing secure elements—technology and architecture | |
JP4530229B2 (en) | Card authentication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE |
|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE |
|
17P | Request for examination filed |
Effective date: 20170428 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR |
|
AX | Request for extension of the european patent |
Extension state: BA ME |
|
DAV | Request for validation of the european patent (deleted) | ||
DAX | Request for extension of the european patent (deleted) | ||
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20180501 |