Journal of Electronic Testing (2019) 35:543–558https://doi.org/10.1007/s10836-019-05808-w

Enhanced Authentication Using Hybrid PUF with FSM for ProtectingIPs of SoC FPGAs

J. Kokila1 ·N. Ramasubramanian1

Received: 20 February 2019 / Accepted: 27 May 2019 / Published online: 29 June 2019© Springer Science+Business Media, LLC, part of Springer Nature 2019

AbstractA new generation of technology is harder and costlier to deliver because of the physical design limitations of the siliconchip. The minute chip alone is not only compromising the requirements of the user but also creates challenges with respectto security. Architecture for two-factor authentication is designed with low-power, area and with less- human intervention.The proposed model consists of hybrid physical unclonable functions (PUFs) and finite state machine (FSM), which is usedto secure the chip and intellectual property (IP) respectively. The PUFs are most often used in recent security applicationssuch as IP protection, IC metering, hardware signature, and obfuscation. This application needs a complex algorithm with adatabase which consumes more cost and time. In this paper, we have proposed an authentication model consisting of strongand weak PUF with an FSM which can be used for IoT applications. The main focus of this proposal is to authenticatehardware and software IP in circuits. The Experimental evaluation illustrates that the area and power consumed are 5% and9%, respectively, for authenticating 26 IPs with no false acceptance ratio (FAR) and 1% false rejection ratio (FRR).

Keywords System-on-a-chip design · Field - programmable gate array · Arbiter PUF · Butterfly PUF · Finite statemachine · Two-factor authentication · Hardware security and IP protection

1 Introduction

Everyday activity is completely associated with embeddeddevices. The design cost and complexity of such a deviceare increasing day by day with a demand for the light-weight authentication technique that can be implemented ona prevalent device. The technique used for authenticationshould be aware of the physical attack because the attackerwill directly access the device at any time [1]. The existingauthentication methods suffer from computational delay andperformance reduction because of multifactor involvement,which is not appropriate for any high-speed, hand-held andsensitive applications.

Responsible Editor: O. Sinanoglu

� J. Kokila406114002@nitt.edu

N. Ramasubramaniannrs@nitt.edu

1 Department of Computer Science and Engineering, NationalInstitute of Technology, Tiruchirappalli, India

System-on-a-chip (SoC) design incorporates the entiremodern computer system onto a distinct die. It is embeddedwith a high-speed processor like ARM along with GPU,dual data rate (DDR) memory, USB controller, WiFi,power management circuits, and wireless radios. The SoCtechnology serves as a subset of embedded systems, as allthe basic features will be available and extra functionalitycan be added to meet recent advancement [2]. The SoC isthe multidisciplinary technology that is used in smartphonesand consumer devices and has a vital role in the field ofagriculture, medical, academic, research, engineering, andtechnology. The SoC is the multidisciplinary technologythat is used in smartphones and consumer devices and has animportant role in the field of agriculture, medical, academic,research, engineering, and technology.

Field-programmable gate array (FPGA) is known forits flexibility in design, less time to market and low cost,hence it is more preferred in chip design recently insteadof application-specific integrated circuits (ASICs). FPGAsare used as a standard platform for designing hardware andsoftware in consumer electronics and space equipment asreferred in [3]. Such FPGAs can be embedded with high-speed processors to form an SoC FPGA platform. Hence,they offer high flexibility, bandwidth communication by

544 J Electron Test (2019) 35:543–558

lowering power consumption and area. The reuse of IPcores in the SoC FPGA platform have to encounter technicaland non-technical features. The ASIC, FPGA, SoC, andSoC FPGA, and many more chip designing techniquesrely on the reusable IPs and platform-based design forsupporting flexible and time-to-market constraints. Thiscreates a need for securing firm IPs and uncloning in theIC markets [4]. Since the demand for complex IC designis rising, which depends mostly on less design cycle, cost,area, and time-to-market along with high functionality andperformance. The first step in designing such ICs is to selectan IP core which satisfies the user needs with minimumeffort for integration and adaptability in a complex design.These types of IP cores can be executed and verified inany high-speed processing technologies. This is followedby an IP protection mechanism which involves the IPauthentication, authorization, maintenance and resistanceagainst physical attacks. The traditional password-basedauthentication and knowledge-based authentication (KBA)are more susceptible than the systems that require severalindependent methods. The multifactor authentication hasits own pros and cons. The cons include more focus oncost and flexibility as well as difficult for the end-user toimplement.

The traditional approaches of authentication system usepublic key encryption to secure the sensitive informationand store the secret key in the non-volatile memory(NVM),such as electrically erasable programm- able read-onlymemory (EEPROM). To process such keys, the crypto-graphic algorithms are used to authenticate and authorizethe device and its related services [5]. The following are thelist of problems in the existing approaches. First, in sym-metric encryption, the single key should be more secure toprotect the device and its related sensitive information oth-erwise, the key is vulnerable to security attacks. Second,At each time the device and its related service have to beauthenticated, which may lead to a large number of pro-cessing blocks and more power consumption. This makesthe processes vulnerable to side-channel attacks. Third, thesecrets which are programmed in the device are very costlybecause the designer should keep track of the keys generatedfor specific devices. To solve such problems, researchershave found a hardware security solution such as PUF asa powerful hardware authentication mechanism [6]. Thecontributions of the work are as follows

1. A lightweight authentication system is proposed whichuses the hybrid PUF with FSM model which acts asphysical tamper resistant. The chip is identified andits related IP cores are authenticated dynamically andbonded to the design with the help of FSM.

2. The FSM is redesigned in this paper which decides chipauthentication in the first level and IP authentication in

the second level. This also eliminates the storage costand avoids usage of complex security algorithms.

3. The PUF characteristics such as Uniqueness, Reliabil-ity, and Randomness have been measured for variousPUF to prove the security aspects. The new variablecalled identifiable is used to measure the performanceof the proposed authentication system.

4. The power, area, PUF characteristics, and performanceare measured and analyzed for proposed hybrid PUF in20 numbers of 28nm SoC FPGAs.

5. The security analysis of PUF based attack hasbeen studied and the applicability of the proposedauthentication system is explained with two use cases.

The article is organized as follows: Section 2 deals withthe literature survey of security and reliability issues relatedto IP protection followed by Section 3 which lists thebrief motivation for the proposed model. In Section 4,the PUF based authentication system is elaborated for areal-time environment with an error correction technique.In Section 5, the hybrid PUF with FSM is proposed forchip identification and IP core authentication. Section 6describes the hardware and software details along withthe implementation. The detail experimental analysis andresults are reported in Section 7 finally concluded with thefuture direction in Section 8.

2 Literature Survey

The PUF is the main metric to design a trustworthy system,which will serve as a solution for security and reliabilityissues together in SoC design [7]. The authenticationand authorization are needed to integrate and verify theheterogeneous IPs, in which strong and weak PUFs are usedin different phases, which have been studied in differentarticles. To secure SoC design, the protection of such IPat the various levels is concentrated in existing proposals,but the complication in designing IPs from the scratch andintegrating with the new design still need more focus. Inour authentication scheme, we have selected the strongand weak PUFs, by analyzing the characteristics. TheIoT edge computing, mobile computing, Internet services,multimedia and many more needs authentication forphysical devices [8]. Hence a solution for such applicationis proposed using our model in which two PUFs, FSM andheterogeneous IPs are engaged.

The output generated from PUF should be unique,random and reliable, hence it can be used in any security-related application to generate keys and to authenticate aservice or device. In the SoC market, the main challengeis to protect IPs, its components and to resists hardwareattacks such as side-channel, trojan, etc. To address the

J Electron Test (2019) 35:543–558 545

above problems the Zhang at al., [9] have proposed thePUF with two-level FSM with pay per license scheme. Thechip unique signature is generated to authenticate a systemusing the CRP of the proposed PUF which is referred in[10]. The response of PUFs are not stable, which may bedue to change in temperature, voltage and lifetime of achip. This problem is solved by existing helper data, fuzzyextractor and error-correcting codes such as BCH (BoseChaudhuri Hocquenghem) codes. The existing solutionsare not efficient in terms of area and time, which haveto be incorporated with the simple hardware design. Laoet al., [15] proposed a two-level FSM architecture that iscapable of authenticating IPs and to correct bit flips in theoutput of the PUF due to environmental variations. Whilecomparing with the existing PUF based authentication theerror-correction techniques used in previous work are morecostly than the proposed FSM. Edward Suh at al., [11]introduced a new ring oscillator (RO) PUF circuit design,which has the following benefits, they are; the ease ofimplementation and reliability over previously proposeddesigns. The above proposal uses PUFs to authenticatechip and to generate keys with low cost for cryptographicapplications. Many articles suggest that the PUF circuitsare used for generating a random number for specificdevices, hence PUFs are playing a major role in the fieldof authentication, protection, identification, key generation,and management. A binding mechanism has been studiedfor the license and piracy challenges which is suitable forreusable IP protection of the specific FPGAs. This article isabout non-encryption based technique and it involves PUFcircuit along with FSM for register transfer level design. Theadvantage of the above mechanism is providing a license forthe pay-per device and low hardware cost.

The most flexible technique for SoC fabrication is FPGA,in which the user or the designer can configure the hardwaremodules. Hence, IP protection in FPGA using PUF wasproposed as a new approach. Memory-based PUF is usedin the market in which SRAM is more popularly used. TheSRAM memory is not supported in FPGA devices becausethey are configured before it is used. To support memorybased PUF on FPGA a new PUF structure termed asButterfly PUF is proposed which is designed using latchesand cross-coupled combination loops. This PUF is classifiedas a weak PUF because of its physical behavior, but theoutput is stable for a condition such as temperature, voltage,and other parameter variations. The authentication schemefor devices and its multimedia services has been proposedas two-way real-time authentication for multimedia [12].This scheme is designed with an authentication protocoland RO PUF for security premises in surveillance videostreaming to authenticate multimedia services and device.

The implementation of RO PUF in FPGA is considered to besimple while compared to other PUFs. Architecture for IoThas been proposed in FPGA, which uses the dynamic partialreconfiguration (DPR) to modify the hardware componentat runtime [13]. They have implemented the two DPRarchitecture which is more secure and posses low overheadon implementation for IoT application. The DPR model forIoT node will generate possible threats which are analyzed,and PUF circuits are proposed as the possible solution toprevent hardware trojan attacks in the nodes.

In SoC design, the hardware and software co-designis used to construct an efficient design trade-off. A newruntime authentication system has been proposed whichuses the hardware and software approach in SoC andthe technique is termed as physically authenticated SoCplatform (PASC) [14]. A unique chip ID is extracted usingPUF architecture in the hardware module. This module willfunction based on the processor clock frequency at the real-time environment. A software module is used to check theauthenticity of the chip at runtime. Hence, the flexibilityof the software is combined with the uniqueness of thehardware to implement a dynamic authentication system inSoC platform.

3Motivation

The SoC design issues are focused on the complexity andtime to mark constraints by considering the reliability andsecurity as the prime factor [15]. Hence securing the deviceand IPs from cloning, misuse and attack are unsolvedsecurity challenges. These challenges are handled by arecent hardware primitive called PUF, which is used toextract the random and unique properties of the chipset.The FSM is a logical block, which is used along withPUF to control and strengthen the output of PUF. TheFSM is used in our model for the existing advantage suchas hard to extract the synthesis design, simple changein the design needs major redesigning, and it will takemore time to understand the RTL. The existing schemeuses complex security algorithms for key management,authentication and IP protection which involves encryption,PUF, FSM, dynamic and partial reconfiguration in real-time applications. All these schemes are employing asecure database, complex design, more time and highcost to implement in SoC. Hence, in our design, wetried the combination of hybrid PUF and FSM to solvethe above problem. The proposal uses the strong, weakPUF and two –level FSM to authenticate the SoC deviceand various IPs by considering the right composition ofPUF.

546 J Electron Test (2019) 35:543–558

4 PUF Based Authentication Systems

4.1 PUF-Based Chip Authentication

The IC authentication and cryptographic application [16]mostly use PUF, which is considered to be secure andreliable. In digital device, the key generation, storage, andmanagement are complex tasks, but PUF serves as a solutionfor extracting the unique key from the complex structurewithout storing in memory. The existing authenticationsystem is classified as remote and local. The remoteauthentication system involves a number of devices, serverand communication link. The server collects the PUFschallenge-response pair (CRP) for each chip and store ina secure database. The chip, which needs authenticationhave to request through the communication link and servicewill be provided by the server. These types of systemssuffer from man-in-the-middle attack and modeling attacks.The local authentication systems also need the supportof the PUF, because the chip has many components likecontrollers, ICs, IP cores, and functional modules. The IoTbased edge computing technology is mapped with localauthentication type, where intelligent computing with manyIP cores have to be authenticated and access the services inthe absence of server.

4.2 PUF-Based IP Authentication

The IP authentication is needed for local chip or deviceand along with add-on functionality, it is also essentialfor remote bit execution. The soft, hard and firm IPs areused in the SoC market for the following concern they arehigh computation and cost followed by IP theft, misuseand license limitation for specific SoC FPGAs. The IPs areprotected by using the existing mechanism such as creatinga patent, copyrights, trademarks, and key encryption anddecryption. In recent works [17, 18] the disadvantages ofprotecting IPs in FPGAs are as follows: (a) the individualIP core uses high-cost and hard encryption algorithms forbitstream configuration;(b) Pay-per license scheme is notyet defined for single and composite IP cores, and (c) thepermanent storage and management of secret key are proneto attack. The PUFs CRP is generated by the chip designeror the IP vendors and stored in the Chip dynamically inencrypted form. The chip or IP which needs authenticationto have to use the same PUF to extract the CRPs atrun time and check with stored one. Figure 1 shows thereal-time authentication environment which involves chipand IP authentication in the untrusted environment. Theproposed Hybrid PUF and FSM model are embedded withchip designer and IP vendor and the view is projected forunderstanding.

The PUF is a random number generator and itsuniqueness should be high enough to withstand modelingattacks. The robustness of the PUFs output is affectedby environmental changes. Hence the error correctiontechnique is used to preserve the security issue. In remoteauthentication, the hamming distance threshold is enoughto tolerate bit error to a certain range. The helper dataor syndrome is the existing solution to correct the errorin the response to local device authentication. The errorcorrection code (ECC) and fuzzy extractor [19] is alsoadopted in many previous works to correct the CRPs. Themain limitations of these error correction techniques areimplementation cost, hardware utilization and database tomaintain patterns. A two-level FSM based error correctiontechnique is proposed which occupies less area and powerthen BCH [15]. In the proposed model, we have useda hamming distance threshold for chip identification andsyndrome for IP protection.

5 Proposed Hybrid PUFs with FSM BasedAuthentication System

5.1 Hybrid PUFs

Each specific chip is fabricated using the same technology,but a small variation in each phase is determined and whichis used in logical design to create a PUF, the output ofthe PUF is very difficult to predict. The physical hardwaremodule is used to extract the CRPs from the chipset,which should be unique, random and unpredictable based onfabrication process, material usage, the feature of wires, thebehavior of transistors, internal triggers and route planning.The authentication system consists of hybrid PUFs withbutterfly, arbiter PUF and FSM to authenticate chip and IPcores as implemented in [16]. Figure 1 shows the hybridPUFs with FSM diagram for the proposed model.

5.1.1 Butterfly PUFs (BPUF)

BPUF is weak PUF, which is the special case of saving keysto nonvolatile memory [20, 21]. These have less number ofchallenges. A BPUF is a cross-coupled circuit which canbe brought to an unstable state before allowing it to settleto one of the two stable states that are possible. It consistsof two latches, each with a preset (PRE) signal and a clear(CLR) signal. The data D is transferred to the output Q whenthe CLK is high. The clock signal is set to high to initiatethe weak PUF operation. The BPUF reaches an unstablestate when the latches receive the opposite signals on theirD and Q. The excite signal is set to low, after a few clockcycles which will first start the PUF circuits and is allowed

J Electron Test (2019) 35:543–558 547

Fig. 1 Block diagram of hybridPUFs with FSM

to attain the possible stable states as zero or one, on theresponse. The weak PUF has less set of CRP and accessrestricted responses. Some examples are SRAM, RO, SR,and butterfly and it is mainly applied for key generation inthe cryptography algorithm. This PUF is vulnerable to mostof the attacks along with cloning and invasive attack.

5.1.2 Arbiter PUFs (APUF)

APUF is strong PUF with a large set of CRPs so that oneach time the authentication process can utilize new CRPsthat have not been used earlier [17]. The APUF is a delay-based PUF with MUXes and flip-flops. The n-bit input wasfed to the circuit which as MUXes at every stage betweentwo delay paths to control and switches the given input. Theresponse is evaluated for the specific challenge by givingthe rising clock at the same time to the two delay paths. Theclock signal races through the paths of the same length andthe latch at the end will produce the response. The responseis zero if the signal to the arbiter data input is slow andone otherwise. By randomly varying the delay path betweendifferent inputs, the obtained output is unpredictable. Thestrong PUF is impossible to clone, it has a rich set ofCRP and hence impossible to predict the response. Someexamples are arbiter, Optical, and Anderson and it is mainlyapplied for device authentication and IP protection. TheAPUF is used in the recent authentication protocol andhas been evaluated and implemented in Xilinx FPGA. It is

proved to be practically resistant against machine learningattacks [22].

5.1.3 Hybrid Model

The APUF, BPUF, and FSM form the hybrid model. Theinput and output of APUF are termed as challenge-responsepair (CRP), the challenge is a variable and it is referred to as’C’ in the proposed model. To identify the chip the responseof APUF is used, which is fed to the first level of FSM as’in’. The CRP of APUF is difficult to predict because theresponse will vary for each CRPs, chipset and designer. TheBPUF is triggered by an input clock signal to produce theunique output called response. The FSM is the logical blockwhose transition is triggered by ’Key’ the output of BPUFsin level one. This unique key is mapped to different IP cores,which is needed to be authenticated in the proposed model.The selected IPs in this model are authenticated when theparameter ’in’ and ’Key’ are in the preferred range. TheAPUFs responses are not used directly in FSM because theCRPs of APUF are vulnerable to modeling attacks. Hence,the hamming distance (HD) between CRP is determinedand given as input to the FSM. This makes the design andanalysis easier and harder for attackers. Hence, an attackercannot find the input parameter ’Key’ and ’in’ easily. Thevalues of HD and number of occurance(OC) of APUF isselected according to the experiment and similarly the Keyvalue is also set in the FSM by the designer. In order to

548 J Electron Test (2019) 35:543–558

Fig. 2 Two-level FSM transition

authenticate an IP, the configuration bit file is executed. TheHD and OC are determined for the current response whichis obtained by supplying the input challenge to APUF.The weak and strong PUFs are experimentally analyzed insession 7.2 and the performance of each is recorded basedon uniqueness, randomness, and reliability as listed in thereferences [5] and [24].

5.2 Two-Level FSMModel

The FSM can be coded in Verilog for sequential,combinational and output logic, which is a two-leveldecision maker in our model. The finite term in FSMdescribes the finite number of states, which is used toprocess input and output. The proposed FSM is a mealymachine because the output depends on both the currentstate and input. The FSM should possess the following; theyare the limited number of states which are encoded frominitial to the final state, a clock signal to trigger the states,initialize the current state, keep track of the state transitionand change in output for specific input.

The two-level FSM is shown in Fig. 2. FSM is describedas a 5-tuple entity with a beginning state, a set of inputsymbols, transition function, output symbols, and a subsetof final states. The start state is referred as the beginningstate. The first level of FSM is activated by the response’in’ of the APUF and it comprises of HD and frequency ofoccurrence (OC), which will make a transition to the nextstate. The HD for the valid CRP is found and the OC isalso evaluated. The BPUFs KEY is represented as ’K1,...,Kn’, which is fed as the input for level 2. In the FSM thelevel 1 to level 2 transition is triggered by ’K1,..., Kn’,which is evaluated from the BPUF each time dynamically,

and reaches the final state such as authenticated (A) orunauthenticated (UA) state. For example, consider thevalues of HD=7 and OC=8, the next state becomes F1. Ifit is HD=8 and OC=17, the next state becomes F2 and soon.. In the proposed 2–level FSM model the states are F1,F2,..., Fn which forms the first level. This is followed by thesecond level which has A or UA state based on the specific’K1,..., Kn’ values. These values are fixed based on primaryanalysis on the Hybrid model, which is described in the latersection. In the FSM, HD can be a limited as 1 to 5 or adefinite value, which is fixed by the designer at run-time.The HDs are taken as definite values, for example, if HD isequal to 9, OC is 14 and BPUFs KEY is K3, the next state is’A’. If HD is not equal to 9, it will make a transition to ’UA’state. The experiments have been conducted to set the valuesof FSM. The states of the FSM are triggered each time byconfiguring bit file of the APUF and BPUF. This behavioris termed as dynamic and transition from one state to otherstate happens based on the response from APUF and BPUF.

Summary The properties of the hybrid PUF with FSM canbe summarized as below

1. APUF and BPUF are strong and weak PUFs which areused for authentication and key generation respectively,and these combinations with FSM leads to the proposedhybrid model.

2. The weak PUF cannot be replaced by strong PUF andvise versa, because the weak PUF generates a lessnumber of CRP and its indirect response is difficult topredict. Similarly, the strong PUF can generate hugeCRPs for low frequency, less area and time which canuse new CRP each time for the authentication process.

3. Hence our hybrid model has two secure phases, onefor checking the unique ID of the device and secondfor selecting the proper IPs which will avoid cloning,misuse, and attacks.

4. The IP core cannot be verified without the originalchipset. The proposed system cannot be utilized byanother device or chip to effectively validate the IP corewithout the right key.

5. A hacker with the access to PUF response and key fromother chip is still unable to authenticate new IP coreswithout the correct challenge. The IP core does notneed to store any information and only the FSM decideswhich is to be authenticated.

6 Experimental Setup and ImplementationDetails

Zedboard is a Xilinx Zynq�-7000 All Programmable SoCwith 28nm FPGA, which is used to implement the proposed

J Electron Test (2019) 35:543–558 549

Fig. 3 Vivado block diagram

design. The various IP blocks are coded using Verilog andVHDL, which is synthesized and implemented in XilinxVivado 2016.2. Xilinx Software Development Kit (XSDK)is used to control the IPs and to test the design at thesoftware level using C language. The PuTTy is a serialterminal, which is used to observe the outputs and the resultsare analyzed. In SDK, a C code is written to generate aresponse 500 times and it takes approximately 13.25 s tocomplete the execution and such process is repeated forvarious challenges. There are 8 LEDs in Zedboard whichshow the transition of states by glowing the lights. Operatingtemperature range of Zedboard is between 35 and 55 degreeCelsius. The PUF response is analyzed for 10,000 iterationsover 20 boards. Each CRP of arbiter PUF is set for 500 timesand hence 20 times the CRP is extracted from APUF andKEY values from BPUF.

6.1 Block Design

Figure 3 shows the block diagram of hardware implemen-tation in Vivado suite. The block such as arbiter new,bpuf new, and fsm test 0 are connected to the pro-cessing system through (Advanced eXtensible Interface)AXI interconnects. The clock signal is set as 126 MHzinternally, which is used by all the IP blocks. The ZYNQprocessing system is also connected to the AXI-GPIO, toobserve the state transition of FSM. The four IP block

used in our model is connected through the Slave-AXIbus of the ZYNQ. Based on the transition of the FSM,the GPIO’s LED will change state. The unauthenticatedstate is shown in the PL part using LED1, whereas LED4shows authenticated state of IPs. In this design, the IPcores are authenticated using 16-bit BPUF response pairand APUF CRP and it is explained to be hybrid and secure.The number of IPs can be increased along with CRPsof PUF, which can be extended to support many applica-tions. The authentication is considered to be more secureif the following criteria are satisfied: simplicity, security,and controllable (https://isecom.org/Secure AuthenticationMeasures.Sample.pdf/2017-17/8). This model is very sim-ple, secure, and controllable, which is clearly shown in thefollowing section.

6.2 Implementation Details

Figure 4 depicts the proposed implemented design onZedboard. The logic blocks are implemented and its entiredesign is exposed in the yellow circle. The design iscomposed of weak and strong PUFs, whose responses areused in FSM for decision-making. The area and powerneeded for the design will be automatically adjusted bythe vivado optimizer. The placement in each board will bedifferent and metrics used will also determine the overallutilization.

550 J Electron Test (2019) 35:543–558

Fig. 4 Implementation design

7 Result Analysis and Discussion

7.1 Area and Power Analysis

The utilization graph in Fig. 5a shows the occupiedresources in programmable logic . The logic cells usedto model the design in the target board consumes 4% of

the resources, which seems to be very less. However, theoverall resource utilization is measured as 27%, in whichIO resource consumes 20% of the overall resource, and only7% is utilized for the implemented design. The IO will onlybe used to check the input and output of the circuit, hence inthe practical fabrication, the IO resource utilization can beomitted.

Fig. 5 a Resource utilization graph and b Power analysis

J Electron Test (2019) 35:543–558 551

Table 1 Area and powercomparison of different PUFs Parameter Resource APUF BPUF RO Hybrid Proposed

PUF RO PUF Hybrid

PUF

AREA (utilization %) LUT 1.23 1.05 1.87 2.244 1.43

LUT 0.39 0.39 0.39 0.39 0.39

RAM

FF 1.12 0.82 1.37 1.644 1.01

IO 8 8 8 8 8

BUF G 3.13 3.13 3.13 6.26 3.13

Total 13.87 13.39 14.76 18.538 13.96

POWER (on- chip power %) Device static 5 7 6 7 9

Dynamic 95 93 94 93 91

The power analysis of implemented netlist is shownin Fig. 5b, which measures the on-chip power alongwith junction temperature. This analysis states that thereliability of the PUF is not disturbed by the externalcondition. The existing design will consume more powerbecause of the encryption algorithm, which uses databaseand high computation. Since our model stores the detailsimplicitly in the states of the FSM, the power consumptionis comparatively less. The PuTTY terminal is used togive input and to observe the random outputs. The inputchallenge is fed to the APUF and the evaluated HD betweenCRP is displayed in the serial terminal, to verify the workingof APUF. The status of the FSM will allow the light toglow in the Zedboard LEDs. There are 8 LEDs which willbe used to indicate 28 bits of IP cores. Table 1 shows theresource utilization and power consumption of the PUFimplementation obtained from the simulation report usingthe Xilinx Vivado system edition. The 32-bit APUF, BPUF,RO PUF, Hybrid RO PUF and proposed Hybrid PUFs areaare compared. The overhead of using BPUF to generatekey in terms of area and power is estimated to be 4%and -2% respectively. A negative percentage infers thatour B-PUF design has actually improved the power. The

area and power consumption of single and hybrid PUF aremeasured in same 28nm technology. The proposed model’sarea consumption seems to be less and on-chip dynamicpower is also less compared to individual PUFs and hybridRO PUFs as shown in Fig. 6.

7.2 Evaluation Approach of Hybrid PUFs

The PUF is a strong security solution for complex circuitsand attacks. The PUF quality can be measured in termsof three major units as mentioned in the references[23–25].such as uniqueness, reliability, randomness, andIdentifiability( for performance measures). The detaileddefinition with formula is listed in Table 2. In the proposedexperiment, these three major measures are estimated toprove the strength of the hybrid model and the results areanalyzed.

Table 3 lists the different sized hybrid PUFs comparisonfor 8-bit, 16-bit, 32-bit and 64-bit. The 16-bit hybridmodel seems to show betterment in evaluation measures,hence 16-bit hybrid PUF with FSM is implemented inthis proposal. Table 4 lists the PUF measures for HybridPUF, such as hybrid RO, RO and Anderson, RO and

Fig. 6 Area and power analysisof different PUFs

552 J Electron Test (2019) 35:543–558

Table2

Characteristic

sof

PUFs

with

theform

ulae

anddescriptions

S.No.

Units

Form

ulae

Descriptio

ns

1Uniqueness[24]

Ui,j,k

=2

k(k

−1)

∑k−1

i=1∑

k j=i

+1H

D(r

i,r

j)

n×

100%

The

averageinter-chip

variation

ismeasuredam

ongresponsesri

andrjforn-bitsandkchip

using

hammingdistance

(HD).

2Reliability[24]

Rb

=100%

−1 m

∑m t=

1H

D(r

i,r

i,t)

n×

100%

The

intra-chip

variation

based

ontim

eduratio

ntis

measured

among

responses

rifor

n-bit

usingHD.

3Randomness

[23]

Rd

=1 L

∑L i=

1r i

,j

×100%

The

uncertainty

ineach

bitis

measuredforLiteratio

ns,where

ri,jisthej-thbinary

bitofann-bit

response

from

achip

i.

4Identifiability

FA

R(T

)=

Fbin

(T,n,P

ir)

Measuresthecorrectly

identified

FR

R(T

)=

1−

Fbin

(T,n,P

ia)

applicableresponse

ofPU

Fsfor

authentication.The

threshold

valueTisselected

todeduce

the

FARandFR

R.T

hevariablesn,

PirandPiaarenumberof

bits,

interandintra-

distance

binaom

ial

probabilitiesrespectiv

ely.

J Electron Test (2019) 35:543–558 553

Table 3 PUF based evaluationmeasures for 8, 16, 32 and 64bits

Hybrid PUFs with FSM model 8-bit 16-bit 32-bit 64-bit

Power (W) 1.704 1.717 1.786 1.8

Area (28nm)(%) 5.96 6.66 9.49 10.79

Temperature(◦C) 44.7 44.8 45.6 46.7

Uniqueness(%) 34.5 46.23 42.4 40.7

Reliability(%) 81.8 95.06 92.3 85.4

Randomness(%) 35.4 42.5 45.6 48.5

Table 4 Evaluation measure ofdifferent hybrid PUFs PUF Evaluation Low-power Hybrid Hybrid Proposed

Measure hybrid RO PUF [31] {RO & Anderson} [32] {RO & SR} [32]

Power 32.3 mW NA NA 1.777W

Process (nm) 65 90 90 28

Resource utilization 250μm2 32% 22% 22.66%

Uniqueness (%) 50.42 48.55 46.06 46.23

Reliability (%) 97.22 98.48 97.5 98.76

Uniformity (%) NA 45.4 49.4 48.49

Temperature (◦C) (-)40 to 120 35 to 70 35 to 70 0 to 85

Voltage (v) 1.2 1.13v to 1.5 1.13v to 1.5 1.3 to 1.8

Fig. 7 HD for one example CRP-1 in chip 1

Fig. 8 HD for another example CRP-2 in chip 1

554 J Electron Test (2019) 35:543–558

SR separately to observe the difference and to study thecomparison. The results show that low-power hybrid ROPUF is comparatively high, but the implementation is foronly 8-bit. Other than low-power hybrid RO PUF, allare 16-bit implementation on different processes such as65nm, 90nm and 28nm technology in which the proposedmodels measure is enhanced. The power consumptionis measured for existing hybrid model using differentsimulations and processes hence the power consumptionof the proposed hybrid PUFs seems to be high. But themain advantage of hybrid PUF is implementation in 28nm,and it consumes less power. The uniqueness, reliability, anduniformity seems to be better for 28nm. Since to improvethe uniqueness the FSM is utilizing the HD and OC totriggering first level. The reliability of the proposed model is0.28 more while comparing with existing model and henceit can be used in IoT application.

7.3 Performance Analysis for Authentication System

The proposed authentication system performance should beanalyzed to prove quality. The existing approaches com-pared different types of the authentication system [26] and[27] theoretically to many factors like usability, flexibility,complexity, non-intrusive, security and privacy [28, 29]. Allthese comparisons are suitable for software authentication,but for hardware-based authentication, technology mappingis needed [30].

The APUFs HD and BPUFs KEY is the major measureto evaluate the performance of the proposed authenticationsystem. For example in Figs. 7 and 8, the HD is plottedas a histogram for 500 iterations. The HD is determinedfor the challenges and its corresponding response of APUFfor 10 different CRPs involving 500 iterations each. Theexperimental measure shows that single CRP leads to adiffering HD and is independent of the BPUF keys. The HDis represented by each histogram starting from 6 to 14 andvaries for 10 different CRPs. In Fig. 7 it is observed that theOC is higher for HD = 8 and BPUF = FEFE. This can beused as the criteria to set the states in the FSM. The sameprocedure can be applied for 128-bit hybrid PUF with FSMand uniqueness can be obtained.

Different Keys and HDs are set and tested for 500 timesin approximately 10,000 iterations to obtain the above data.The results may change when the number of iterations,CRPs, and keys is increased. A similar calculation is madefor 10,000 rounds with 100 different CRPs and keys for500 iterations each. For example, Table 5 lists the valuesof BPUF keys and ’in’ of APUF along with time andperformance of two different chip. The performance isanalyzed for 10 CRPs for 500 iterations by fixing HDbetween 5 and 13 for different keys so that no attackers canguess the CRP or key and no database is required. The time

Table 5 Performance measure for authenticating APUF HD withBPUFs KEY

APUF BPUF Time Performance

HD(in) (KEY) (sec) (%)

12 KEY1 13.1 99

11 KEY2 11.9 90

9 KEY3 11.5 87

3 KEY4 11.8 89

10 KEY5 12.2 92

8 KEY6 10.5 79

7 KEY7 12 91

10 KEY8 10.9 82

9 KEY9 10.5 79

9 KEY10 13 98

10 KEY1 13.1 98

12 KEY2 11.9 89

10 KEY3 12.8 96

13 KEY4 12 90

7 KEY5 12.4 93

12 KEY6 12.8 96

8 KEY7 12.2 91

14 KEY8 11.8 88

13 KEY9 10.6 79

8 KEY10 11.7 87

taken for authenticating each IP is also measured. The falseacceptance ratio (FAR) [26] and false rejection ratio [26](FRR) are considered to be the advanced metrics for goodquality authentication systems. FAR means that if the HDsfor other CRPs of APUFs are accepted as authentic, then itmay lead to the wrong authentication. Similarly, an originalHD of CRP can be rejected as fake due to unwanted delay.Both FAR and FRR are also measured for APUF CRP todecide the best among both and is listed in Table 6.

Table 6 Number of IPs Authenticated, FAR and FRR measures ofproposed model

APUFs (in) No. of IPs FAR (%) FRR (%)

for BPUFs KEY Authenticated

CRP 1 21 0.9 0.1

CRP 2 24 0.5 0.2

CRP 3 25 0.3 0.2

CRP 4 21 0.2 0.1

CRP 5 23 1 0.5

CRP 6 23 0.9 0.4

CRP 7 24 0.2 0.1

CRP 8 26 0 0.1

CRP 9 24 0.2 0.2

CRP 10 21 0.1 0.1

J Electron Test (2019) 35:543–558 555

Fig. 9 Number of IPsAuthenticated for FAR and FRR

In Fig. 9, the number of IPs that can be authenticatedusing an existing CRP pair is shown for every 500 iterations.The highest IPs that can be authenticated is under CRP-8, which depends on APUF CRPs, BPUF KEY, FAR, andFRR. If more authentic IPs are needed, then the 64-bitPUFs can be extended and iterations can be increased. Theproposed model has been framed after analyzing 10,000iterations for fixed APUF in and BPUF key. Since the PUFis an unpredictable entity, if the framework is extended itmay need a serious analysis, so that it can be incorporatedin recent technologies with area and performance as majorconstraints. Table 6 specifies the CRP for the number of IPsauthenticated for FAR and FRR.

Table 7, list the maximum IP cores that authentic withAPUF HD, performance, FAR, and FRR. The APUF isused to check the chip identification for 20 boards, andon experimentation, it is found that the delay, structureplacement of PUF circuit determines the HD. The KEYvalue of BPUF will be different for each chipset and rangewill be determined by the IP vendor and designer clocks.Hence the maximum IP core which can be plug and playin the chip is 26 with less FAR and FRR. Figure 10 depictsthe performance measure for maximum IP authentic cores.Board 6 shows the highest performance for 26 IP cores withless FAR and FRR. Figure 11 compares the FAR and FRRfor 20 boards with different HD and KEY. The graph shows

Table 7 Comparison ofmaximum IP coreauthentication withperformance, FAR, FRR for 20different zedboards

Board No. APUF Max. IP Performance (%) FAR FRR

HD(in) authenticated

Board 1 7 25 76 0.3 0.4

Board 2 8 13 84 0.2 0.5

Board 3 7 25 89 0.1 0.4

Board 4 8 23 87 0.3 0.5

Board 5 10 18 89 0.5 0.2

Board 6 8 26 87 0 0.1

Board 7 11 19 91 0.3 0.5

Board 8 12 24 82 0.2 0.4

Board 9 7 25 87 0.3 0.1

Board 10 8 23 83 0.2 0.5

Board 11 9 23 85 0.3 0.6

Board 12 8 19 87 0.5 0.6

Board 13 7 18 79 0.4 0.3

Board 14 6 17 85 0.5 0.3

Board 15 11 16 86 0.6 0.5

Board 16 9 25 87 0.3 0.4

Board 17 13 23 85 0.4 0.5

Board 18 12 24 86 0.6 0.5

Board 19 10 23 84 0.5 0.4

Board 20 8 25 72 0.3 0.5

556 J Electron Test (2019) 35:543–558

Fig. 10 Measuring maximum IP cores with performance for 20 boards

that the ratios are random and average FAR and FRR is 0.34and 0.41 respectively.

7.4 Security Analysis

The PUF itself is security primitive though some sortof security analysis is needed for the design space. Thefollowing attacks have been considered.

Brute Force Attack The hacker tries to guess the Chip id andIP key to utilizing the advancement. The PUF responses andFSM make the possibility to exponential tail, hence bruteforce attack is impossible.

Reverse Engineering Extracting the whole model fromcomplex design is not easy and also FSM with a numberof states and dynamic behaviors it is also difficult topredict. Hence adversary cannot extract the data by reverseengineering.

Simulating PUF and FSM PUF simulation and implemen-tation in each chipset will vary based on delay, clock,placement, and routing concept. Therefore simulating PUFand FSM is intractable.

Invasive Attack There is no need to store the secret key inthe chip, the hardware circuit itself acts as a random numbergenerator and it is dynamically deleted after use. The keyscannot be duplicated hence is resistant to invasive attacks.

Modeling Attack A strong machine learning technique isapplied to CRP of strong PUFs. Arbiter PUFs are vulnerableto this attack because of the most powerful machinelearning technique. Hence, by increasing the CRP andusing complex XOR will resist this attack. The Trojanhorse attack will be detected and corrected at the designand hardware level. PUF have full resistance against sidechannel attack and semi resistance over Trojan horseattack.

7.5 Case Study

The device and IP protection mechanisms for ASIC,SoC, and FPGAs have been already proposed in thecommercial and academic environment. The proposedscheme is explained with a recent example as a case studyto prove the importance in the real world scenario. Thisauthentication scheme can be used in Smartphone apps andIoT edge computing, which is discussed in the followingsection.

Fig. 11 FAR and FRR measures of different boards

J Electron Test (2019) 35:543–558 557

7.5.1 Case 1: Smartphone Apps

A two-factor authentication provides an extra login codeto secure your sensitive information. The method in whichthe devices or Apps are authenticated will fall into threetypes, which includes knowledge factor, possession factorand inherent factors. The values that the device knowslike password, shared key, device identity number, etc. willfall in the category of knowledge factor. The possessionfactors are such as security token, the device itself, the keystored in NVM, etc. Determining some of the values bymapping the physical characteristic of the device such asfingerprint, watermark, PUF, etc are the inherence factor.The two-factor authentication process should use the twodifferent factors at different levels of verification. It ismore commonly used in the recent application like banking,web technology, smartphone apps, IP protection in devices,etc. The ’Google’, ’Lastpass’, ’Microsoft’, ’Authy’ and’Apple ID’ are using two-factor authentication for Apps.The proposed scheme is an adopting two factor in twodifferent levels: they are Key for Apps selection and the PUFCRPs for device authentication. These factors are derivedfrom the SoC design and used for selecting an App orservice from different vendors. The first level of the processis to derive the inherence factor of SoC chipset using PUFfor authenticating a device to avoid cloning, misuse, andattack. The security token for apps selection is extractedfrom the hardware module of a specific device, which willfall in the possession factor and serve as the second level ofauthentication.

7.5.2 Case 2: IoT Edge Computing

In IoT applications, the main concern is about the edgedevices which should perform smart computing betweenthe huge network and billions of end devices. The smartedge devices must use heterogeneous services and lightweight protocols with less resource utilization and power.The edge devices are controlled by end-user or applicationservices, hence the challenge relays on physical andapplication security. The SoC FPGA will act as an IoTedge device which will protect IP for transmission, routing,processing, monitoring, filtering, translation and storageof data passing between networks. The proposed schemewill serve as a solution for authenticating the device usingphysical behaviors without any key management overhead.This is followed by authenticating IP service in specificdevice from service providers or servers with minimumarea, power and cost. The IoT security is enhancedusing RF-PUF in [33] without any extra hardware.RF-PUF is used to authenticate nodes in IoT applicationand in-situ ML framework is also used to verify theidentities.

8 Conclusion

There is a serious necessity to develop a systematic methodto secure the SoC platform from the ground up [34].Hence we have implemented the physical design with twotypes of PUFs in this model, which balances the strengthand weakness of both APUF and BPUF. The CRP isexperimentally evaluated, and a hybrid model using thesePUFs is proposed for SoC-based authentication systems. Inthe traditional approach, a huge database is needed to storethe PUF’s CRP, which are processed at runtime to validatethe devices. Hence the design complexity is increasingalong with area and power. To overcome this issue, ourapproach uses an FSM as a decision maker for PUFs CRP.The results are analyzed and evaluated concerning power,area, performance and uniqueness of the hybrid PUF. Thistechnique can be used in device, service, App and IPauthentication for smart and IoT edge devices which havebeen described with recent case studies. The outcomes ofthe proposed model are promising; hence, it can be usedin IoT based edge computing applications to protect IPusing hardware signature and IC metering techniques. Thefuture direction is to use the model in IoT application andto measure the complexity of the FSM. The input size canbe increased to improve the prediction rate in PUF and toenhance the overall system performance.

References

1. Wang D et al (2015) Anonymous two-factor authentication indistributed systems: certain goals are beyond attainment. IEEETrans Dependable Secure Comput 12.4:428–442

2. Baklouti M et al (2015) FPGA-based many-core system-on-chipdesign. Microprocess Microsyst 39.4:302–312

3. Trimberger SM, Moore JJ (2014) FPGA security: motivations,features, and applications. Proc of the IEEE 102.8:1248–1265

4. Yan W, Tehranipoor F, Chandy JA (2015) A novel wayto authenticate untrusted integrated circuits. In: Proc of theIEEE/ACM International conference on computer-aided design.IEEE Press, pp 132–138

5. Zaker S (2016) Mehrdad secure and lightweight hardwareauthentication using isolated physical unclonable function

6. Aysu A, Schaumont P (2015) Hardware/software co-design ofphysical unclonable function based authentications on FPGAs.Microprocess Microsyst 39.7:589–597

7. Kokila J, Ramasubramanian N, Indrajeet S (2016) A survey ofhardware and software co-design issues for system on chip design.In: Proc. advanced computing and communication technologies.Springer, Singapore, pp 41–49

8. Herder C et al (2014) Physical unclonable functions andapplications: a tutorial. Proc of the IEEE 102.8:1126–1141

9. Zhang J et al (2015) A PUF-FSM binding scheme for FPGA IPprotection and pay-per-device licensing. IEEE Trans Inf ForensicsSecur 10.6:1137–1150

10. Frikken KB, Blanton M, Atallah MJ (2009) Robust authenticationusing physically unclonable functions. In: Proc. internationalconference on information security. Springer, Berlin

558 J Electron Test (2019) 35:543–558

11. Edward Suh G, Devadas S (2007) Physical unclonable functionsfor device authentication and secret key generation. In: Proc. ofthe 44th annual design automation conference. ACM

12. Shahrak MZ et al (2016) Two-way real time multimedia streamauthentication using physical unclonable functions. In: IEEE 18thInternational workshop on multimedia signal processing (MMSP).IEEE

13. Johnson AP, Chakraborty RS, Mukhopadhyay D (2015) A PUF-enabled secure architecture for FPGA-based IoT applications.IEEETransactionsonMulti-Scale Computing Systems 1.2:110–122

14. Aysu A, Schaumont P (2013) PASC: physically authenticatedstable-clocked soc platform on low-cost FPGAs. In: 2013 Inter-national conference on proceedings reconfigurable computing andFPGAs (ReConFig). IEEE

15. Lao Y et al (2017) Reliable PUF-based local authentication withself-correction. IEEE Trans Comput Aided Des Integr CircuitsSyst 36.2:201–213

16. Kokila J, Chellam MB, Das AM, Ramasubramanian N (2017)Light weight two-factor authentication using hybrid PUF andFSM for SOC FPGA. In: Proc. International conference on nextgeneration computing technologies. Springer, Singapore, pp 381–395

17. Zhang J et al (2013) Design and implementation of a delay-basedPUF for FPGA IP protection. In: 2013 International conference oncomputer-aided design and computer graphics (CAD/graphics).IEEE

18. Narasimhan S, Chakraborty RS, Chakraborty S (2012) HardwareIP protection during evaluation using embedded sequential trojan.IEEE Des Test Comput 29.3:70–79

19. Yan W, Tehranipoor F, Chandy JA (2017) PUF-based fuzzyauthentication without error correcting codes. IEEE Trans ComputAided Des Integr Circuits Syst 36.9:1445–1457

20. Kumar SS et al (2014) The butterfly PUF protecting IP onevery FPGA. In: IEEE International workshop on proceedingshardware-oriented security and trust, 2008. HOST 2008. IEEE

21. Sutar S, Raha A, Raghunathan V (2016) D-puf: an intrinsicallyreconfigurable dram puf for device authentication in embeddedsystems. In: 2016 International conference on proceedingscompliers, architectures, and sythesis of embedded systems(CASES). IEEE

22. Zalivaka SS, Ivaniuk AA, Chang C-H (2019) Reliable andmodeling attack resistant authentication of arbiter PUF in FPGAimplementation with trinary quadruple response. IEEE Trans InfForensics Secur 14.4:1109–1123

23. Maiti A, Gunreddy V, Schaumont P (2013) A systematic methodto evaluate and compare the performance of physical unclonablefunctions. Embedded systems design with FPGAs. Springer, NewYork, 2013. 245–267

24. Cherkaoui A, Bossuet L, Marchand C (2016) Design, evaluation,and optimization of physical unclonable functions based ontransient effect ring oscillators. IEEE Trans Inf Forensics Secur11.6:1291–1305

25. Sehwag V, Saha T (2016) TV-PUF: a fast lightweight analogphysical unclonable function. In: 2016 IEEE Internationalsymposium on proceedings nanoelectronic and informationsystems (iNIS). IEEE

26. Koeberl P et al (2012) A practical device authentication schemeusing SRAM PUFs. J Cryptogr Eng 2.4:255–269

27. Halunen K, Haikio J, Vallivaara V (2017) Evaluation of userauthentication methods in the gadget-free world. Pervasive MobComput 40:220–241

28. Bacha A, Teodorescu R (2015) Authenticache: harnessingcache ECC for system authentication. In: 2015 48th annualIEEE/ACM international symposium on proceedings microarchi-tecture (MICRO). IEEE

29. Abdulwahid AA et al (2016) Continuous and transparentmultimodal authentication: reviewing the state of the art. ClustComput 19.1:455–474

30. Lal NA, Prasad S, Farik M (2015) A review of authenticationmethods. Int J Sci Technol Res 4.8:246–249

31. Cao Y et al (2015) A low-power hybrid RO PUF with improvedthermal stability for lightweight applications. IEEE Trans ComputAided Des Integr Circuits Syst 34.7:1143–1147

32. Khoshroo S (2013) Design and evaluation of FPGA-based hybridphysically unclonable functions

33. Chatterjee B et al (2019) RF-PUF: enhancing IoT security throughauthentication of wireless nodes using in-situ machine learning.IEEE Internet Things J 6.1:388–398

34. Ray S et al (2018) System-on-chip platform security assurance:architecture and validation. Proc of the IEEE 106.1:21–37

Publisher’s Note Springer Nature remains neutral with regard tojurisdictional claims in published maps and institutional affiliations.

J. Kokila is Full-time Ph. D. research scholar under DEITY schemein the department of computer science and Engineering at NationalInstitute of Technology, Tiruchirappalli, India. She has completedM. E. degree in Computer Science and Engineering from OxfordEngineering College affiliated to Anna University, Chennai during2008- 2010. She worked in teaching profession for the past 7 years.Her research interests includes System on Chip design, FPGA andComputer Architecture. Currently her research mainly focuses onreliability, Fault tolerance system and security issues of SoC FPGAs.

Dr. N. Ramasubramanian is a Professor in the Departmentof Computer Science and Engineering at National Institute ofTechnology, Tiruchirappalli, India. He did his BE(ElectronicsandCommunication Engineering) from University of Madras, Madrasduring 1979-83. ME(Computer Science) and obtained his Ph.D. degreefrom National Institute of Technology - Tiruchirapalli, Tamil Nadudoing his research in the area of “Efficient Resource Utilization forMulti-core Architectures”. He worked as a Senior Project Officerin the Department of CSE, Indian Institute of Technology, Madras.He also worked inthe Dept. of Computer Science & Engineering,MIT Madras as a Lecturer. His research interests include multi-core architecture, advanced digital design, Reconfigurable Computing,and Hardware Cryptography. He is Member of Infosys ScienceFoundations, Bengalore.