- \n
- Uniqueness:<\/strong> PUFs depend on the uniqueness of physical microstructure, which are expected to be different from each other or have the lowest chance of collision. Similarly, we use hamming distance to measure the difference between two sets of values in strings of the same length. For an ideal PUF, a 50% hamming distance indicates that between any two strings, half of the numbers remain the same while the rest are different. That would lower the chances of collision between any two strings.<\/li>\n<\/ul>\n\n\n\n
- \n
- Robustness:<\/strong> PUFs must be very stable and reliable to retain its number for the whole lifetime. This means that PUFs can maintain their stability so that the 0 and 1 in a sequence won\u2019t be reversed even under drastic environmental changes. In other words, an ideal PUF should have a bit-error-rate of 0% to prove its stability.<\/li>\n<\/ul>\n\n\n\n
- \n
- Non-traceability:<\/strong> As the root of trust, PUF needs to be resilient to physical attacks. Non-traceability is an important feature of an ideal PUF. That is, the random number in the PUF should not be detected and extracted by any means, such as reverse engineering, charge residue measurement, etc.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2020\/03\/Picture4.png\")
<\/figure>\n\n\n\n<\/p>
SRAM PUF vs. NeoPUF: Mechanism and Performance Comparison<\/strong><\/h2>
<\/p>\n\n\n\n
Here is an example of the comparison between two well-known PUFs in the current market: SRAM PUF (Intrinsic ID) and NeoPUF (PUFsecurity\/eMemory).<\/p>\n\n\n\n
An SRAM PUF is enabled by the local mismatch between the threshold voltage in a pair of MOSFETs to generate a positive feedback loop. The slight differences caused by the mismatch characteristics will be amplified and divided into 0 or 1 and stored in SRAM. A random value of either 0 or 1 results from the variations of the threshold voltage in the MOSFETs.<\/p>\n\n\n\n
However, the stability of an SRAM PUF’s extracted random value is seriously impacted by the following factors:<\/p>\n\n\n\n
- \n
- The degree of mismatch:<\/strong> As semiconductor process technology continues to advance, the degree of mismatch in a pair of MOSFETs becomes smaller, causing the latched position (random value 0 or 1) in the SRAM to be flipped over easily when the SRAM is reset.<\/li>\n<\/ul>\n\n\n\n
- \n
- Variations of ambient conditions:<\/strong> Variations in ambient conditions such as temperature, noise, voltage, and interference will possibly cause changes in the random values extracted from the SRAM. <\/li>\n<\/ul>\n\n\n\n
(For a more detailed explanation of SRAM, please refer to SRAM PUF is Increasingly Vulnerable<\/a>)<\/p>\n\n\n\n
NeoPUF, invented by eMemory, is a PUF that extracts the variations in the quality of intrinsic oxide to become a unique signature. It is a well-known fact that there are many silicon and oxygen dangling bonds (oxide traps) in the gate oxide which act as a leakage pass for electrons. As the gate oxide gets thinner, the electrons can tunnel through the thin oxide easily. It is also known that if the electrons gain enough energy, they can break si-o bonds and create more dangling bonds (oxide traps) that enhance the electron tunneling. ([Ref] Hsu, C. C. H., & Sah, C. T. (1988). \u201cGeneration-annealing of oxide and interface traps at 150 and 298 K in oxidized silicon stressed by Fowler-Nordheim electron tunneling.\u201d Solid-State Electronics, 31(6), 1003-1007.)<\/p>\n\n\n\n
As a result, we can take advantage of these intrinsic microstructure differences to create the PUF number. To do so, we need to apply a high electrical field to two adjacent transistor gates in parallel to see which one has the higher quantum tunneling current. A higher current occurs first due to more dangling bonds (oxide traps). By repeating this process for many pairs of transistor gates, we can create a PUF random number since we never know where we will see the high quantum tunneling current among the two gates. This is like tossing a coin, the chances of heads and tails are 50%. In addition, the dangling bonds of silicon or oxygen cannot be reconnected easily at a temperature below 700C.<\/p>\n\n\n\n
The tunneling current of the structure will remain over the lifetime of the devices. The microstructure changes in the oxide property cannot be detected using FIB (Focused Ion Beam) on SEM (scanning electron microscope) or TEM (Transmission electron microscopy) samples. This undetectable feature makes the secret in this PUF is physically untraceable. Consequently, this PUF meets the four important characteristics of an ideal PUF.<\/p>\n\n\n\n
Thus, compared to SRAM PUF, the value of a NeoPUF is unlikely to be affected by environmental conditions or physical aging issues. Furthermore, PUFsecurity developed a PUF-based true random number generator which is adapted from NeoPUF and has passed the full NIST 800-22 test. The NeoPUF is also silicon-proven and meets an outstanding reliability performance of 0 error bit rate. In addition, NeoPUF also demonstrates impressive statistical results in Hamming Weight and Hamming Distance, which indicate the ideal randomness and uniqueness.\u00a0The comparison of\u00a0NeoPUF\u00a0and SRAM\u00a0PUF\u00a0is summarized in the following table.\u00a0<\/p>\n\n\n\n
![\"\"](\"https:\/\/www.pufsecurity.com\/wp-content\/uploads\/2020\/03\/Picture3.png\")
<\/figure>\n\n\n\n*Reference: Wu, M. Y., Yang, T. H., Chen, L. C., Lin, C. C., Hu, H. C., Su, F. Y., … & Yang, E. C. S. (2018, February). A PUF scheme using competing oxide rupture with a bit-error-rate approaching zero. In 2018 IEEE International Solid-State Circuits Conference-(ISSCC) (pp. 130-132). IEEE.<\/p>\n\n\n\n
**Reference: Claes M., van der Leest V., Braeken A. (2012) Comparison of SRAM and FF PUF in 65nm Technology. In: Laud P. (eds) Information Security Technology for Applications. NordSec 2011. Lecture Notes in Computer Science, vol 7161. Springer, Berlin, Heidelberg<\/p>\n\n\n\n
***Reference: R. Maes, V. Rozic, I. Verbauwhede, P. Koeberl, E. van der Sluis and V. van der Leest, “Experimental evaluation of Physically Unclonable Functions in 65 nm CMOS,” 2012 Proceedings of the ESSCIRC (ESSCIRC), Bordeaux, 2012, pp. 486-489.<\/p>\n\n\n\n
<\/p>
Usage of PUF: Take NeoPUF as an Example<\/strong><\/h2>
<\/p>\n\n\n\n
Not only does NeoPUF have advantages with its robust performance, its usage is widespread too. For example:<\/p>\n\n\n\n
\n- Securing Storage<\/strong><\/li>\nNeoPUF can be used as the invisible key for protecting injected secrets which are essential for IoT devices when the shared key is stored inside the IoT chip.\n<\/ul>\n<\/div><\/div>\n\n\n\n\n
- Inborn Root of Trust<\/strong><\/li>\nNeoPUF\u2019s inborn root of trust can also allow it to become the unique key for security functions. It\u2019s inborn randomness and uniqueness is ideal for UID, especially since NeoPUF is qualified with a lifetime zero bit-error-rate. Its on-demand keys also make it perfect for on-chip secret and off-chip ID generation.<\/ul>\n<\/div><\/div>\n\n\n\n\n
- The ideal static entropy source of tRNG<\/strong><\/li>\nNeoPUF is a good seed for random number generation. For example, PUFsecurity uses NeoPUF as a static entropy to develop PUFtrng with its own logical designs. The PUFtrng features ultra-fast initial time (ready in m-sec), high-speed throughput (over 100Mbits\/sec) and low power consumption (lower than 1pJ\/bit), which is suitable for lightweight and cost-effective IoT devices. More impressively, the quality of its true random number bits passed the NIST SP 800-22 test and 800-90B compliance criteria.<\/ul>\n<\/div><\/div>\n\n\n\n\n
- The Wide extension of PUF-based hardware security IPs<\/strong><\/li>\nPUFsecurity will continue to publish article series to discuss PUF-based hardware security in the future.<\/ul>\n<\/div><\/div>\n\n\n\n
For more information, please visit www.pufsecurity.com<\/a> and www.ememory.com.tw<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
PUF stands for \u201cPhysically Unclonable Function\u201d and is […]<\/p>\n","protected":false},"author":7,"featured_media":1860,"template":"","doc_tags":[203],"class_list":["post-737","dlp_document","type-dlp_document","status-publish","has-post-thumbnail","hentry","doc_categories-article","doc_tags-puf"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/dlp_document\/737"}],"collection":[{"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/dlp_document"}],"about":[{"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/types\/dlp_document"}],"author":[{"embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/users\/7"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/media\/1860"}],"wp:attachment":[{"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/media?parent=737"}],"wp:term":[{"taxonomy":"doc_tags","embeddable":true,"href":"https:\/\/www.pufsecurity.com\/zh-hant\/wp-json\/wp\/v2\/doc_tags?post=737"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- The Wide extension of PUF-based hardware security IPs<\/strong><\/li>\nPUFsecurity will continue to publish article series to discuss PUF-based hardware security in the future.<\/ul>\n<\/div><\/div>\n\n\n\n
- The ideal static entropy source of tRNG<\/strong><\/li>\nNeoPUF is a good seed for random number generation. For example, PUFsecurity uses NeoPUF as a static entropy to develop PUFtrng with its own logical designs. The PUFtrng features ultra-fast initial time (ready in m-sec), high-speed throughput (over 100Mbits\/sec) and low power consumption (lower than 1pJ\/bit), which is suitable for lightweight and cost-effective IoT devices. More impressively, the quality of its true random number bits passed the NIST SP 800-22 test and 800-90B compliance criteria.<\/ul>\n<\/div><\/div>\n\n\n\n
- Inborn Root of Trust<\/strong><\/li>\nNeoPUF\u2019s inborn root of trust can also allow it to become the unique key for security functions. It\u2019s inborn randomness and uniqueness is ideal for UID, especially since NeoPUF is qualified with a lifetime zero bit-error-rate. Its on-demand keys also make it perfect for on-chip secret and off-chip ID generation.<\/ul>\n<\/div><\/div>\n\n\n\n
- Securing Storage<\/strong><\/li>\nNeoPUF can be used as the invisible key for protecting injected secrets which are essential for IoT devices when the shared key is stored inside the IoT chip.\n<\/ul>\n<\/div><\/div>\n\n\n\n
- Variations of ambient conditions:<\/strong> Variations in ambient conditions such as temperature, noise, voltage, and interference will possibly cause changes in the random values extracted from the SRAM. <\/li>\n<\/ul>\n\n\n\n
- The degree of mismatch:<\/strong> As semiconductor process technology continues to advance, the degree of mismatch in a pair of MOSFETs becomes smaller, causing the latched position (random value 0 or 1) in the SRAM to be flipped over easily when the SRAM is reset.<\/li>\n<\/ul>\n\n\n\n
- Non-traceability:<\/strong> As the root of trust, PUF needs to be resilient to physical attacks. Non-traceability is an important feature of an ideal PUF. That is, the random number in the PUF should not be detected and extracted by any means, such as reverse engineering, charge residue measurement, etc.<\/li>\n<\/ul>\n\n\n\n
- Robustness:<\/strong> PUFs must be very stable and reliable to retain its number for the whole lifetime. This means that PUFs can maintain their stability so that the 0 and 1 in a sequence won\u2019t be reversed even under drastic environmental changes. In other words, an ideal PUF should have a bit-error-rate of 0% to prove its stability.<\/li>\n<\/ul>\n\n\n\n