superpuf : integrating heterogeneous physically unclonable functions michael wang, andrew yates,...

SuperPUF : Integrating Heterogeneous Physically Unclonable Functions

Michael Wang, Andrew Yates, Igor L. Markov

2

Outline

• Motivation• Existing PUF Designs • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation • Generalizing SuperPUF • Extending to 3D• Empirical Validation• Future Work

3

Motivation• Counterfeit ICs damage suppliers’ reputations and dis-

place IC sales

• Secret keys stored in non-volatile memory are expensive and can be probed

• Alternative: Physical Unclonable Functions (PUFs) gener-ate secret keys by sampling on-chip process variation

A physical unclonable function is a physical entity that is embodied in a physical structure and is easy to evaluate but hard to predict. Further, an individual PUF device must be easy to make but practically impossible to duplicate, even given the exact manufacturing process that produced it. In this respect it is the hardware analog of a one-way function.

"Physical unclonable function." Wikipedia, The Free Encyclopedia. Wikimedia Foundation, Inc. 11 September 2014. Web. 30 Oct. 2014.

5

Existing PUF DesignsArbiter PUFs• Composed of pairs of identical delay paths, MUXes, and an arbiter• Signal is sent through delay paths, arbiter detects which path propagates signal first • Large number of possible challenges (2N for N MUXes), but responses are highly correlated

Ring Oscillator (RO) PUFs• Generate CRPs by comparing the frequencies of identical ring oscillators• Multiple oscillations compound the small differences in circuits; well suited for low process

variation situations

Clock PUFs• Use clock skews to generate CRPs• Clock PUFs are connected to many parts of the IC; difficult to tamper with

SRAM PUFs, • On chip power-up, process variation biases an SRAM cell to start at either a 1 or a 0• One bit per SRAM cell• Simple: no precisely-timed circuits and SRAM arrays are widespread

6

Outline

• Motivation• Existing PUF Design • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation• Generalizing SuperPUF• Extending to 3D• Empirical Validation• Future Work

7

Process Variation in PUFs• Three main types of variation: granular, spatial, dynamicGranular Variation- Constant with distanceSpatial Variation - Decays with distance- Represented by the spherical equation below:

Dynamic Variation - Includes thermal fluctuations, EM noise and IR drop, circuit-aging ef-fects- Stable PUFs must be insensitive to dynamic variation

8

Entropy in PUFs• Differential Entropy h can be estimated:

• Discrete Entropy quantifies losses during integration and extraction of discrete PUF readouts

• To extract discrete entropy from continuous distribution: perform quantization into ∆, assign single probabilities to each, and apply Shannon’s formula:

9

Note on PUF Robustness• PUFs convert continuous values (transition time, voltage,

transistor strength, etc.) into bits

• Minute dynamic variations of near-threshold values rou-tinely produce undesirable fluctuations in generated bits

• There is a general tradeoff between extracted entropy and robustness

10

Outline

• Motivation• Existing PUF Design • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation• Generalizing SuperPUF• Extending to 3D• Empirical Validation• Future Work

11

ClockPUF Revisited• Clock signals are tapped,

returned to arbiter using tree structure

• Sinks chosen to form dia-mond annulus

Y. Yao, M.-B. Kim, I.L. Markov, F. Koushanfar,“ClockPUF: Physical Unclonable Functions Based on ClockNetworks”, DATE 2013:422-427.

12

SuperPUF Architecture• Previous tree structure from ClockPUF can be extended to link en-

tropy sources in general

• Overhead can be improved using path (fig. a vs fig. b). Path removes need for entropy sources to be placed in a diamond annulus

• A path not restricted to diamond annulus shape; has flexibility to link entropy sources to take advantage of both high (c) and low (d) spatial correlation

13

SuperPUF Architecture• Transition from ClockPUF tree to SuperPUF path requires

architecture that can carry several signal transition on sin-gle wire

• Entropy sources connected by a path; time-varying signals combined with path using XOR gates:

14

SuperPUF Architecture

Figure 1: The rise and fall of SuperPUF: linking entropy sources (from ClockPUF) with a single path using XOR gates. SPICE waveforms are shown for 6 (top), 12 (middle) and 24 (bottom) XOR gates.

15

Outline

• Motivation• Existing PUF Design • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation• Generalizing SuperPUF• Extending to 3D• Empirical Validation• Future Work

16

Design Automation

17

RCM/LK

• Step 5a is done using Re-verse Cuthill-Mckee Algo-rithm

• Step 5b is done using the Lin Kernighan TSP solver; linking sources to a least-cost path reduces to TSP:

View n points in the Manhattan plane as ver-tices of a clique G with Manhattan distances as edge weights. Form a larger clique G’ by adding a ghost vertex g connected to all other vertices in G through 0-cost edges. Then each least-cost path of G corresponds (one-to-one) to a least-cost tour in G’ with the two edges ad-jacent to g removed.

18

Greedy

19

Greedy• Greedy approach selects and links

sources simultaneously (as opposed to RCM-LK 2-step).

• ‘First’ source is chosen arbitrarily.

• At each iteration afterwards, select source nearest to the previously selected source, subject to an entropy cutoff.

• Backtrack if no sources reach entropy cutoff before desired length of path is reached.

• Multiple random starts can be done with different ‘first’ sources.

20

Outline

• Motivation• Existing PUF Design • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation• Generalizing SuperPUF • Extending to 3D • Empirical Validation• Future Work

21

Generalizing SuperPUF• Applying SuperPUF methodology to a heterogeneous set

of entropy sources introduces three complications:

1. PUFs that require different readout regimes (ClockPUF, RO PUF, etc) must be multiplexed on a single ECP with appropriate enable signals

2. Estimating conditional-entropies between heterogeneous sources may require more complicated simulations

22

Generalizing SuperPUF3. Introduction of entropy

sources with flexible loca-tions requires revisions in highlighted step (right)

• Potential for optimization: consider possible RO-PUF locations, estimating their correlations as functions of dis-tance to other sources

• A more directed optimization: place entropy sources along an already con-structed ECP

23

Generalizing SuperPUF

24

3D • Through-silicon vias (TSVs)

act as additional entropy sources that can be linked by a path (blue highlight)

• TSVs must also be ac-counted for as intercon-nects in both the entropy matrix and the distance matrix (red highlight)

25

3D• Pairwise distances between entropy sources on adjacent

2D dice are calculated by:

1. Finding the TSV that ensures the shortest total distance 2. Adding the cost of the TSV to that of the planar inter-

connects

26

Outline

• Motivation• Existing PUF Design • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation• Generalizing SuperPUF • Extending to 3D• Empirical Validation• Conclusions

27

RCM-LK vs Greedy• Algorithms implemented in C++ and compiled with g++

4.7 on a Linux system

• Accurate circuit simulation performed by 500x Monte Carlo runs of ngSPICE- 25 to model process variation

• Benchmarked algorithmic approaches using clock net-works from ISPD 2010

28

RCM-LK vs Greedy• RCM-LK performs poorly compared to Greedy; LK links en-

tropy sources effectively, but RCM selects sources poorly• Greedy optimizes for entropy and wire-length simultane-

ously, and so bits/mm is maximised

Discrete entropy is expressed in bits. Wire length is expressed in millimeters .

29

Empirical Validation• Impact of spatial correlation and distance between

sources affect entropy on RO-based SuperPUF:

30

Outline

• Motivation• Existing PUF Design • Process Variation and Entropy for PUFs • SuperPUF Architecture • Design Automation• Generalizing SuperPUF • Extending to 3D• Empirical Validation• Conclusions

31

Our Work:• Anticipates the potential integration of multiple PUFs from reusable

IP blocks and new entropy sources; increasingly likely with 3D ICs • Differs from previous research in its empirical entropy calculations• Employs simulation based validation; test chip validation is imprac-

tical

• Acknowledgment. This work was partially supported by the NSF Award 1162087.

Conclusions

Thank you!