Ring oscillators analysis for security purposes in Spartan-6 FPGAs

Abstract

Nowadays, many digital applications domains are arising and posing new design issued and challenges related to the security and trustworthiness. Physically Unclonable Functions (PUFs) are emergent and promising solutions in providing some security mechanisms, such as key storing and generation, challenge/response provider, and protection of Intellectual Properties (IPs). As a huge range of embedded applications is deployed on Field Programmable Gate Arrays (FPGAs) devices, most widespread PUFs’ architectures are based on Ring Oscillators (ROs), as they are suitable for an implementation on programmable devices. ROPUF exploits comparisons of measured frequencies, obtained by picking a RO pair, aiming to generate bit responses. In this paper, we present a study of the frequencies characteristics, implementing ROs on a significant number of Xilinx Spartan 6 devices, in order to statistically characterize the oscillations, evaluating the impact of some external uncontrolled parameters that can disturb and alter their original qualities, useful to validate the effectiveness of the ROPUF.

Introduction

As security of digital applications relies on trustworthy hardware platforms, new design challenges emerge from requirements of in-field applications which adopt Field Programmable Gate Arrays (FPGAs) as the hardware implementation technology [1], [2]. Indeed, the FPGA technology, contrary to the Application Specific Integrated Circuits (ASICs), is able to be configured and updated in-field, out of the foundry, by means of a configuration file called bitstream. Its design methodology allows to fast prototype hardware devices and to avoid expensive non-recurring engineering costs, which characterize ASIC projects, especially when the production scale is limited to few units [3]. These advantages are really attractive and have created a new huge market segment around such devices.

However, as they are reconfigurable, FPGAs are more exposed to security attacks than ASICs. For instance, the intellectual property (IP) theft attack can be accomplished by read out the bitstream from the internal configuration memory or from external flash memories, once the application is deployed. Bitstream theft enables cloning of the original device into compatible devices or, by exploiting reverse engineer techniques, to analyze the netlist disclosing sensitive information, such as cryptographic keys or algorithms.

For these reasons, FPGA vendors have been starting to implement decryption algorithms on new and high-end FPGA devices, in order to program them by using enciphered bitstreams. Indeed, ciphered bitstreams guarantee confidentiality against IP theft and authenticity, such that it is not possible to use the bitstream on FPGAs that are not configured with the secret key. However, this technique is not a silver bullet for the FPGA security, since tampering and side-channel attack techniques are improving in efficacy and effectiveness, as recently demonstrated in [4].

With respect to the trustworthiness of integrated circuit (IC), the most important breakthroughs were given by the introduction of Physically Unclonable Functions (PUFs) [5]. They exploit unavoidable and uncontrollable manufacturing imperfections, which are tolerated for the properly circuit operations, giving unique and unclonable hardware signatures. For instance, the propagation delay, through either nominally identical metal wires or through gates, depends on these variations. Hence, the PUF circuit has to mainly quantify a physical phenomenon affected by variability in order to be able to provide some responses. Since exploited quantities are from electrical phenomena, the responses are inherently affected by noise. The environmental and working conditions, such as the temperature and the supplied voltage, can dramatically alter PUFs responses, making them not suitable secure primitives due to lack of reliability.

PUFs work in a challenge/response paradigm, such that a PUF is a function which maps a set of inputs (challenges) to a set of outputs (responses) in a unique manner, defining a Challenge/Response pairs (CRPs) set. CRPs can be pragmatically used as key storage and key material provider and, if they are characterized by a huge cardinality, they can be even adopted in an authentication scheme [6]. PUFs are hard to attack and, furthermore, are tamper evident, such as physical attack attempts modify permanently their responses [5], [7].

Among all PUFs architectures that are discussed in the literature, we can list the SRAM PUF [8], [9], MRAM PUF [10] and the D flip-flop PUF [11] for the memory-based family, and the Arbiter PUF [12], the Ring Oscillator (RO) PUF [6], [13], [14], [15], the Butterfly PUF [16], and the Anderson PUF [17], [18] for the delay-based family. Ring Oscillators-based PUFs (ROPUFs) are currently the most affordable secrecy source, since they can be easily implemented on every hardware technology, even on low-end and old FPGA device families, and received a great attention from the research community [14], [19], [20], [21], [22]. ROPUFs work by exploiting the variability on oscillations frequencies: considering a pair of Ring Oscillators (ROs), it is possible to extract one response bit by testing their frequencies with a binary comparator.

In this paper, through a large amount of experiments conducted over Xilinx Spartan-6 XCS6LX16 45nm devices, we collect some characterizations of RO frequencies, mainly aiming at analyzing how frequencies, generated by different ROs structures placed over a device and among different devices, are distributed. Furthermore, targeting a single device, we empirically study some noise sources, in particular the temperature variations, the logic which surrounds the ROs and the aging, in order to give better characterizations of read frequencies under different working conditions.

The remainder of the paper is organized as follows. In Section 2 we give a short overview about ROs characterization attempts and their usages as basic primitive for PUFs. Section 3 illustrates some details about the exploited methodology to gather oscillation frequencies from FPGAs. Main results are analyzed and discussed in Section 4. The paper is concluded by the Section 5.