Professional Documents
Culture Documents
CMOS-Based Physically Unclonable Functions: A Review
CMOS-Based Physically Unclonable Functions: A Review
Definition 5: An evaluable Pclass shows reproducibility if: F. PUF Anti-Tamper Sensitivity (Tamper Evidence)
Pr ( small Dintra
i
) is high One of the approaches to the study a PUF chip is by
Amid added noise and random errors, a PUF usage relies on accessing the internal structure of the chip. If the responses
measuring the response, which implies a degree of error are no longer the same, then the chip has the advantage of
tolerance [49], [44]. In some cases, an error-correcting code being anti-tamper sensitive. The tampred chip is considred
can be omitted. In such a case, only a predefined number of as another chip that is clone to the original chip. In other
bit errors is accepted; i.e., if the allowable Hamming distance words, if the genuine PUF (before the physical invasion), is
as a predetermined error threshold (∆) is not exceeded, then denoted as PUF1 , and its noisy response against a challenge
the PUF authentication is declared as ‘pass’. If ||Yi −Ri || ≤ ∆, word Xi was Y1, i , after the invasion, its would produce a
then the authentication is considered successful. This implies different output response Y2 , and the chip can be regarded as
ignoring the errors if their value is less than the
another one, that can be denoted as PUF2 or PUFclone .
predetermined threshold (∆), without needing to use any
A convenient approach to study the tamper effect on a PUF
helping data (Wi ) to correct those errors; where (i) is the CRP
is usually made by comparing the output response before and
index.
after the tamper. That is usually done by determining
The permitted tolerance threshold (∆) is related to the
following four parameters [50], [146], [147]: Dintra
1-2,i,α between the noisy response (Y1,i,α ) of the untampered
(PUF1 ), the response after tampering (Y2,i,α). The reason
1) BIT REJECTION RATE (BRR)
behind applying the intra -distance checkup rather than the
The ratio of the non-reliable bits to the total number of
inter-distance one is because it is assumed that the verifier
response bits. Such non-reliable bits are usually ignored.
side does not know about the tamper attempt and would still
2) BIT ERROR RATE (BER) consider the PUF as if it the sam e one. By extending the
The ratio of the fa ulty bits to the total number of response tamper concept discussed in [49], then it is possible to test
bits. the anti-tamper sensitivity, as: Dintra
1-2,i,α =||Y1,i,α − Y2,i,α ||. At
3) FALSE ACCEPTANCE RATE (FAR): standard conditions (α), the equation can be written as
The probability for a biometric security system to incorrectly Dintra
1-2 =|| Y1 − Y2 ||, for short.
accept an access attempt by an unauthorized user. There are three possibilities for a tamper sensitivity of a
4) FALSE RECOGNITION RATE (FRR) Pclass :
The probability that a biometric security system will 1) A very good tamper evidence indication is when (Y 2 ) is
incorrectly reject an access attempt by an authorized user. It very much different from (Y1 ), in other words, both are
is determined by dividing the number of false acceptances by less correlated to each other, which leads to a very high
the number of authentication attempts.
intra-distance (Dintra
1-2 ) among their responses. In other
words, if: Dinter intra
a ve < D1-2 . That means (PUF2 ) is distinct, not
E. PUF Physical Unclonability
only from (PUF1) but also from the entire (P class ). The
The physical unclonability of a PUF system within its class
can be defined as: larger the Dintra
1-2 is, the more anti-tamper the Pclass would be.
Definition 6: An evaluable Pclass shows physical 2) A good tamper-wise security indication is when (Y2 )
unclonability if it is hard to control its physical creation differs from (Y1 ), but not much. In other words, there is
procedure. still some correlation between (Y2 ) and (Y1 ); which leads
This definition is also applicable to the to a medium (Dintra 1-2 ), in other words;
mathematical/logical unclonability if it is hard to find a If: Dinter
ave ≤ D intra
1-2 ≤ Dinter , ∃1 ≤ i ≤ Nchallenge
precise mathematical model that can emulate the physical , then: PUF2 ≠ PUF1; however, still PUF2 ∈ Pclass
functionality of a PUF structure. or Pr (Dintra
1-2
) = 0 for at least one challenge (Xi ) is high.
Hypothetically, if the fabrication process first created the
(original) individual (PUF1 ) and attempted to create the 3) A bad tamper-wise security indication is when the
forged individual (PUFclone), then the clone can be checked response (Y2 ) is very nearly similar to (Y1 ) in term of intra -
by an inter-distance rule. The physical clonability can be distance (Dintra
1-2
) such that;
tested in the form of inter-Hamming distance Dinter 1-clone,i, α If: Dintra
1-2, i = 0 , ∀1 ≤ i ≤ Ncha , then PUF2 (Xi ) ≡PUF1 (Xi ).
between the responses of the Y1,i,α , Yclone,i,α of both the Alternatively, in less restricted mode:
original and the cloned PUFs. In this test, responses are If: Dintra
1-2, i = 0 , ∃1≤ i ≤ Nchallenge , then: (PUF2
measured against the same challenge (X) indexed by (i), (Xi ))≅(PUF1 (Xi )), where (N challenge ) represents the number
under the same environmental conditions α. Detailed of the tested challenges. In both last cases (2 and 3), it is
formulations of the inter-distance approach to check concluded that the tested PUF design (the entire Pclass ) is not
In other words, the inversion has a negligible probability and their corresponding reference responses (R1 ,…, R )
Ncha
if: are saved in the verifier database, where (Ncha ) is the
Pr( || X1,2,α -Xpredict,2,α || = 0 ), for more than one (i)) is low, maximum number of possible CRP sets. For example, if the
then the PUF function can be considered as a one-way number of the challenge bits (n = 64), then the number of
function until proving the opposite by figuring out an possible CRP sets is: Ncha = 2 n = 2 64 .
inversion model. For each Xi , it is expected that the measured response Yi
during the verification phase would be slightly different from
IV. PUF USAGE PHASES AND COMMUNICATIONS Ri , which was measured during the enrolment phase. That
In order to understand the PUF usage phases, first it is
relation can be represented as: Y=R+E, where (E) represents
necessary to distinguish authentication (or verification) from the error, and it is assumed to be zero during the enrolment
identification of an object. In case of identification, the phase. In this article, X, R, Y, and E are digital numbers of n
system recognizes an object, such as a smart card, by reading bits.
a serial number stored on a non-volatile memory (NVM), the During the verification phase, to improve the reliability of
system then matches that ID against any archived ID code. the response detection, the device manages the difference
Whereas an authentication process is based on a comparison between Y and R via a signal processing function (G):
of a received biometric pattern with a pattern archived since Si =G(Wi , Yi ), where (Wi ) is any form of helping data, which
the training (or enrolment) phase. For each of the assists error-correction. When: Si =Ri , then the authentication
identification and authentication cases, the system usually is successful.
adopts some FAR and FRR to decide whether the similarity To sum up, the verifier’s database must archive the PUF chip
is sufficient or not. The usage of a PUF consists of two ID (i.e., serial number) linked to the following data lists:
phases, enrollment phase and authentication phase [169]. - Challenge X: X1 ,…, X N
cha
A. Enrollment Phase