PUF Series 1: SRAM PUF is Increasingly Vulnerable

As semiconductor technology advances, SRAM is becoming outmoded as a reliable PUF security solution.

With the onset of the 5G era, security is a major concern as billions of devices are connected to networks each year, making security indispensable at the same time as vulnerability increases. Hardware security solutions are crucial as the most fundamental method for preventing attacks. For this reason, a reliable root of trust at the semiconductor level is a must for protecting systems against hacking.

Many solutions for finding or creating a root of trust exist in the market. Among them, the use of a PUF (Physically Unclonable Function) on a chip has drawn the most attention due to its unique features and characteristics such as randomness. However, to be the root of trust and seed for security over the lifetime of an electronic device, reliability, in terms of ambient variations such as power, temperature, noise, interference, etc., is imperative.

Concerns Surrounding SRAM PUF

An SRAM PUF is enabled by a local mismatch between the threshold voltage in a pair of MOSFETs to generate a positive feedback loop. The slight differences caused by the mismatch characteristics will be amplified and divided into 0 or 1 and stored in SRAM. A random value of either 0 or 1 results from the variations of the threshold voltage in the MOSFETs.

However, the stability of an SRAM PUF’s extracted random value is seriously impacted by the following factors:

  1. The degree of mismatch: As semiconductor process technology continues to advance, the degree of mismatch in a pair of MOSFETs becomes smaller, causing the latched position (random value 0 or 1) in the SRAM to be flipped over easily when the SRAM is reset.
  2. Variations of ambient conditions: Variations in ambient conditions such as temperature, noise, voltage and interference will cause changes in the random values extracted from the SRAM.

Therefore, the use of SRAM for a PUF results in instability of the memory’s initial state. These inherent drawbacks of SRAM make it a poor PUF solution.

Extra Costs of Post-process for SRAM PUF

To compensate for the changes in SRAM’s initial state during a power reset, an error correction code (ECC) needs to be employed. In order to recover the original data in SRAM, helper data needs to be stored and protected so that the ECC can use them to extract the original data.

This process is time consuming, which requires long delay to recover the data. Protecting helper data is also a cumbersome process that defeats the purpose of a PUF, which should be a simple and secure solution.

Moreover, if more error bits occur due to the aging effect in the operation of SRAM, the SRAM PUF will inevitably fail. Although there are ways to improve the reliability of SRAM PUF, the complicated ECC post-processing still introduce considerable risk and inefficiency over the lifetime of an electronic device.

Alternatives to SRAM PUF

The use of a reliable PUF is imperative for the security of any AIoT device. To address this need, eMemory has recently introduced its NeoPUF, which uses as its source of randomness variations in oxide quality on a chip that induce differences in tunnel current. This characteristic is very stable due to the quality of oxide, which is not affected by variations in ambient conditions since it is intrinsic to the material properties of a semiconductor.

In the next article, I will present the physical mechanism of NeoPUF in more detail. You can also find more information at www.ememory.com.tw and www.pufsecurity.com


Related Posts

Securing System-on-Chips: Hardware Protection in the Age of Chiplets
Why Hardware Root of Trust  Needs Anti-Tampering Design
PUFrt: Solving Chip Security’s Weakest Link