The researchers’ physically unclonable function (PUF) technology uses a microchip’s physical imperfections to produce unique security keys that can be used to authenticate devices linked to the IoT. The improved reliability of their technology, say the researchers, is provided through the generation of two unique fingerprints for each PUF.
This “zero-overhead” method uses the same PUF components to make both keys and does not require extra area and latency because of a design feature that also allows their PUF to be about 15 times more energy efficient than previously published versions.
“Basically each PUF unit can work in two modes,” says Kaiyuan Yang, assistant professor of electrical and computer engineering. “In the first mode, it creates one fingerprint, and in the other mode it gives a second fingerprint.”
“Each one is a unique identifier, and dual keys are much better for reliability,” says Yang. “On the off chance the device fails in the first mode, it can use the second key. The probability that it will fail in both modes is extremely small.”
PUF fingerprints have several of the same advantages as human fingerprints as a means of authentication, says Yang.
“First, they are unique. You don’t have to worry about two people having the same fingerprint,” says Yang. “Second, they are bonded to the individual. You cannot change your fingerprint or copy it to someone else’s finger. And finally, a fingerprint is unclonable. There’s no way to create a new person who has the same fingerprint as someone else.”
PUF-derived encryption keys are also unique, bonded, and unclonable, say the researchers. While the differences among more than a billion transistors crammed onto a chip half the size of a credit card may amount to a few more atoms in one or a few less in another, those miniscule differences are enough to produce the electronic fingerprints used to make PUF keys.
For a 128-bit key, a PUF device would send request signals to an array of PUF cells comprising several hundred transistors, allocating a one or zero to each bit based on the responses from the PUF cells. Unlike a numeric key that’s stored in a traditional digital format, PUF keys are actively created each time they’re requested, and different keys can be used by activating a different set of transistors.
Adopting PUF, say the researchers, would allow chipmakers to inexpensively and securely generate secret keys for encryption as a standard feature on next-generation computer chips for IoT devices like “smart home” thermostats, security cameras, and light bulbs.
“The general concept for IoT is to connect physical objects to the internet in order to integrate the physical and cyber worlds,” says Yang. “In most consumer IoT today, the concept isn’t fully realized because many of the devices are powered and almost all use existing IC feature sets that were developed for the mobile market.”
In contrast, say the researchers, the devices coming out of research labs like theirs are designed for IoT from the ground up. Measuring just a few millimeters in size, the latest IoT prototypes can include a processor, flash memory, wireless transmitter, antenna, one or more sensors, batteries and more into an area the size of a grain of rice.
While PUF is not a new idea for IoT security, say the researchers, their version of PUF outperforms previous work in terms of reliability, energy efficiency, and the amount of area it would take to implement on a chip. Performance gains of their technology were measured in tests at military-grade temperatures ranging from 125 degrees Celsius to minus 55 degrees Celsius and when supply voltage dropped by up to 50 percent.
“If even one transistor behaves abnormally under varying environmental conditions, the device will produce the wrong key, and it will look like an inauthentic device,” says Yang. “For that reason, reliability, or stability, is the most important measure for PUF.”
In addition, for improved energy efficiency, keys are created using a static voltage rather than by actively powering up the transistor.
“Normally, people have sleep mode activated, and when they want to create a key, they activate the transistor, switch it once and then put it to sleep again,” says Yang. “In our design, the PUF module is always on, but it takes very little power, even less than a conventional system in sleep mode.”
Finally, in terms of on-chip area – the amount of space and expense manufacturers would have to allocate to put the PUF device on a production chip – the researchers say their design occupied 2.37 square micrometers to generate one bit on prototypes produced using 65-nanometer complementary metal-oxide-semiconductor (CMOS) technology.
The researchers presented their work at the 2019 International Solid-State Circuits Conference.
Software-only PUF can ‘secure the IoT’
Protecting IoT devices from cyberattacks: A critical missing piece
IoT blockchain alliance promises security down to chip level
MCUs add PUF anti-cloning security technology