Ring oscillators analysis for security purposes in Spartan-6 FPGAs
Introduction
As security of digital applications relies on trustworthy hardware platforms, new design challenges emerge from requirements of in-field applications which adopt Field Programmable Gate Arrays (FPGAs) as the hardware implementation technology [1], [2]. Indeed, the FPGA technology, contrary to the Application Specific Integrated Circuits (ASICs), is able to be configured and updated in-field, out of the foundry, by means of a configuration file called bitstream. Its design methodology allows to fast prototype hardware devices and to avoid expensive non-recurring engineering costs, which characterize ASIC projects, especially when the production scale is limited to few units [3]. These advantages are really attractive and have created a new huge market segment around such devices.
However, as they are reconfigurable, FPGAs are more exposed to security attacks than ASICs. For instance, the intellectual property (IP) theft attack can be accomplished by read out the bitstream from the internal configuration memory or from external flash memories, once the application is deployed. Bitstream theft enables cloning of the original device into compatible devices or, by exploiting reverse engineer techniques, to analyze the netlist disclosing sensitive information, such as cryptographic keys or algorithms.
For these reasons, FPGA vendors have been starting to implement decryption algorithms on new and high-end FPGA devices, in order to program them by using enciphered bitstreams. Indeed, ciphered bitstreams guarantee confidentiality against IP theft and authenticity, such that it is not possible to use the bitstream on FPGAs that are not configured with the secret key. However, this technique is not a silver bullet for the FPGA security, since tampering and side-channel attack techniques are improving in efficacy and effectiveness, as recently demonstrated in [4].
With respect to the trustworthiness of integrated circuit (IC), the most important breakthroughs were given by the introduction of Physically Unclonable Functions (PUFs) [5]. They exploit unavoidable and uncontrollable manufacturing imperfections, which are tolerated for the properly circuit operations, giving unique and unclonable hardware signatures. For instance, the propagation delay, through either nominally identical metal wires or through gates, depends on these variations. Hence, the PUF circuit has to mainly quantify a physical phenomenon affected by variability in order to be able to provide some responses. Since exploited quantities are from electrical phenomena, the responses are inherently affected by noise. The environmental and working conditions, such as the temperature and the supplied voltage, can dramatically alter PUFs responses, making them not suitable secure primitives due to lack of reliability.
PUFs work in a challenge/response paradigm, such that a PUF is a function which maps a set of inputs (challenges) to a set of outputs (responses) in a unique manner, defining a Challenge/Response pairs (CRPs) set. CRPs can be pragmatically used as key storage and key material provider and, if they are characterized by a huge cardinality, they can be even adopted in an authentication scheme [6]. PUFs are hard to attack and, furthermore, are tamper evident, such as physical attack attempts modify permanently their responses [5], [7].
Among all PUFs architectures that are discussed in the literature, we can list the SRAM PUF [8], [9], MRAM PUF [10] and the D flip-flop PUF [11] for the memory-based family, and the Arbiter PUF [12], the Ring Oscillator (RO) PUF [6], [13], [14], [15], the Butterfly PUF [16], and the Anderson PUF [17], [18] for the delay-based family. Ring Oscillators-based PUFs (ROPUFs) are currently the most affordable secrecy source, since they can be easily implemented on every hardware technology, even on low-end and old FPGA device families, and received a great attention from the research community [14], [19], [20], [21], [22]. ROPUFs work by exploiting the variability on oscillations frequencies: considering a pair of Ring Oscillators (ROs), it is possible to extract one response bit by testing their frequencies with a binary comparator.
In this paper, through a large amount of experiments conducted over Xilinx Spartan-6 XCS6LX16 45nm devices, we collect some characterizations of RO frequencies, mainly aiming at analyzing how frequencies, generated by different ROs structures placed over a device and among different devices, are distributed. Furthermore, targeting a single device, we empirically study some noise sources, in particular the temperature variations, the logic which surrounds the ROs and the aging, in order to give better characterizations of read frequencies under different working conditions.
The remainder of the paper is organized as follows. In Section 2 we give a short overview about ROs characterization attempts and their usages as basic primitive for PUFs. Section 3 illustrates some details about the exploited methodology to gather oscillation frequencies from FPGAs. Main results are analyzed and discussed in Section 4. The paper is concluded by the Section 5.
Section snippets
Related work and background
RO is a widespread adopted primitive in the hardware design. Thanks to its easiness in the implementation in hardware description languages, it can be used in any hardware technology. In the FPGA design, ROs are mainly exploited to implement secure primitives, such as true random number generator (TRNG) and PUFs. The former is an unstable circuit which has to output a stream of random bits, the latter is a primitive which provides unique and stable hardware fingerprints. Both rely on the RO,
RO frequencies characterization
The ROPUF is an easily implementable hardware primitive and, with respect to other proposed PUFs architectures, it does not require special attention to symmetric placement, since its structure is a single closed loop [6]. For the FPGA technology, this implies a suitable implementation for every device and family. The design parameters which characterize the RO loop include: the number of stages, the routing and the placement of the loop. As for the first, it affects the oscillation frequency
Result and validation
In this Section, we illustrate the issues involved with measuring technique previously introduced, analyzing read frequencies that are gathered under different conditions. Thus, we illustrate how RO frequencies are altered by external and uncontrolled conditions.
Conclusion and future directions
In this paper we have shown that ROs frequencies are tight coupled not only with design parameters, but also with other working conditions. In particular, we have illustrated the role played by the on-chip logic which surrounds ROs and how the choice of the number of stages modifies ROs average frequencies and the dispersion of measured values around them. As for the working condition, we have posed our attention on the temperature, surrounding logic and aging effects on the measured
Mario Barbareschi received the PhD in Computer and Automation Engineering in 2015 and the Master Degree in Computer Engineering cum laude in 2012, both from the University of Naples Federico II, where he is currently working a post-doctoral fellow. His research interests include Hardware Security and Trust, Cyber Physical Security, Approximate Computing and embedded systems design on the FPGA technology.
References (31)
- et al.
Exploiting vulnerabilities in cryptographic hash functions based on reconfigurable hardware
IEEE Trans. Inf. Forensics Secur.
(2013) - et al.
Secure distribution infrastructure for hardware digital contents
IET Comput. Digital Tech.
(2014) New techniques and tools for application-dependent testing of fpga-based components
IEEE Trans. Industrial Inform.
(2015)- et al.
Breakthrough silicon scanning discovers backdoor in military chip
(2012) - et al.
Silicon physical random functions
Proceedings of the 9th ACM Conference on Computer and Communications Security
(2002) - et al.
Physical unclonable functions for device authentication and secret key generation
Proceedings of the 44th Annual Design Automation Conference
(2007) - et al.
Physically unclonable functions: A study on the state of the art and future research directions
Towards Hardware-Intrinsic Security
(2010) - et al.
Power-up sram state as an identifying fingerprint and source of true random numbers
Comput. IEEE Trans.
(2009) - et al.
Testing 90 nm microcontroller sram puf quality
Design & Technology of Integrated Systems in Nanoscale Era (DTIS), 2015 10th International Conference on
(2015) - et al.
Spin-transfer torque magnetic random access memory (stt-mram)
ACM J. Emerg. Technol. Comput. Syst. (JETC)
(2015)
Hardware intrinsic security from d flip-flops
Proceedings of the fifth ACM Workshop on Scalable Trusted Computing
Extracting secret keys from integrated circuits
Very Large Scale Integration (VLSI) Syst. IEEE Trans.
A large scale characterization of ro-puf
Hardware-Oriented Security and Trust (HOST), 2010 IEEE International Symposium on
Improved ring oscillator puf: An fpga-friendly secure primitive
J. cryptology
Improving the quality of a physical unclonable function using configurable ring oscillators
Field Programmable Logic and Applications, 2009. FPL 2009. International Conference on
Cited by (7)
FPGA based generic RO TRNG architecture for image confusion
2020, Multimedia Tools and ApplicationsNovel Randomized Placement for FPGA Based Robust ROPUF with Improved Uniqueness
2019, Journal of Electronic Testing: Theory and Applications (JETTA)On the susceptibility of SRAM-based FPGA routing network to delay changes induced by ionizing radiation
2019, IEEE Transactions on Nuclear ScienceEnhancing PUF based challenge-response sets by exploiting various background noise configurations
2019, Electronics (Switzerland)A Ring Oscillator-Based Identification Mechanism Immune to Aging and External Working Conditions
2018, IEEE Transactions on Circuits and Systems I: Regular Papers
Mario Barbareschi received the PhD in Computer and Automation Engineering in 2015 and the Master Degree in Computer Engineering cum laude in 2012, both from the University of Naples Federico II, where he is currently working a post-doctoral fellow. His research interests include Hardware Security and Trust, Cyber Physical Security, Approximate Computing and embedded systems design on the FPGA technology.
Giorgio Di Natale received the PhD in Computer Engineering from the Politecnico di Torino (Italy) in 2003 and the HDR (Habilitation à Diriger les Recherches) in 2014 from the University of Montpellier II (France). He is currently a researcher for the National Research Center of France at the LIRMM laboratory in Montpellier. He has published more than 100 publications spanning diverse disciplines, including VLSI Testing, Memory Testing, Fault Tolerance, Reliability, Hardware Security and Trust. He is the Action Chair of the COST Action IC1204 (TRUDEVICE) on Trustworthy Manufacturing and Utilization of Secure Devices. He is the chair of the European group of the TTTC, Golden Core member of the Computer Society and Senior member of the IEEE.
Florent Bruguier received the M.S. and Ph.D. degrees in microelectronics from the University of Montpellier, France, in 2009 and 2012, respectively. From 2012 to 2015, he was a Scientific Assistant with the Montpellier Laboratory of Informatics, Robotics and Microelectronics, University of Montpellier. Since 2015, he is a Permanent Associate Professor. He has co-authored over 30 publications. His research interests are focused on self-adaptive and secured approaches for embedded systems.
Pascal Benoit received a M.S. and PhD degrees in Microelectronics from the University of Montpellier, France, in 2001 and 2004, respectively. Then he joined the Karlsruhe Institute of Technology at the University of Karlsruhe in Germany where he worked as a scientific assistant. Since 2005, he is a permanent Associate Professor at LIRMM / University of Montpellier. He has co-authored over 130 publications in books, journals and conference proceedings, and holds 5 patents. His present research interests are self-adaptive and secured approaches for embedded systems.
Lionel TORRES (M, SR) obtained respectively his Master and PhD degree in 1993 and 1996 from the University of Montpellier 2. From 1996 to 1997 he was with ATMEL as IP core methodology R&D engineer. From 1997 to 2000 he was assistant professor at the University of Montpellier 2 and LIRMM laboratory. Since 2004 he is full Professor and was at the head of the Microelectronic department of the LIRMM from 2007 to 2010. He is now deputy head of Polytech’Montpellier (engineering school of Montpellier) in charge of research and industrial relationship. His research interests and skills concern reconfigurable computing and system level architecture, with a specific focus in the security, reliability and nano-design. He leads several European, national and industrial projects in this field. He is involved in different major conferences such as DATE, VLSI, FPL, ISVLSI, DAC and is (co)author of more than 30 journal papers, 150 conference publications and 8 patents.