Conference PaperPDF Available

RAM-Based PUFs: Comparing Static-and Dynamic Random Access Memory

Authors:

Abstract

Integrity, reliability and trustworthiness have always been the basic requirements for secure systems, including doubtlessly authenticated participants. This is increasingly relevant as systems become distributed and even more challenging as devices involved become low-resource Industrial Internet of Thing (IIoT) devices. Nevertheless, more efficient and secure techniques are required to ensure confidentiality and privacy. A promising solution is offered by Physical Layer Security (PhySec), in particular by Physically Unclonable Functions (PUFs). Their functional principle: the exploitation of the unique characteristics of semiconductors is inherent in both Static Random Access Memorys (SRAMs) and Dynamic Random Access Memorys (DRAMs). The paper discusses the properties of both types and compares them in terms of suitability for security-related applications.
RAM-Based PUFs: Comparing Static- and Dynamic
Random Access Memory
Pascal Ahr, Marjan Noushinfar, Christoph Lipps†∗
Intelligent Networks Research Group, German Research Center for Artificial Intelligence
D-67663 Kaiserslautern, Email: {firstname.lastname}@dfki.de
Institute for Wireless Communication and Navigation, University of Kaiserslautern
D-67663 Kaiserslautern, mail: {lastname}@eit.uni-kl.de
Abstract—Integrity, reliability and trustworthiness have al-
ways been the basic requirements for secure systems, including
doubtlessly authenticated participants. This is increasingly rele-
vant as systems become distributed and even more challenging
as devices involved become low-resource Industrial Internet of
Thing (IIoT) devices. Nevertheless, more efficient and secure
techniques are required to ensure confidentiality and privacy. A
promising solution is offered by Physical Layer Security (PhySec),
in particular by Physically Unclonable Functions (PUFs). Their
functional principle: the exploitation of the unique characteristics
of semiconductors is inherent in both Static Random Access
Memorys (SRAMs) and Dynamic Random Access Memorys
(DRAMs). The paper discusses the properties of both types
and compares them in terms of suitability for security-related
applications.
Index Terms—Physical Layer Security (PhySec); Physically
Unclonable Functions (PUFs); Static Random Access Memory
(SRAM); Dynamic Random Access Memory (DRAM)
I. HAR DWARE-BA SE D SECURITY AND ITS APP LICATI ON
Driven by the evolution of the Sixth Generation (6G)
Wireless Systems, Industrial Internet of Thing (IIoT) and edge
computing, the number of low complexity terminals increases.
One example of such terminal is a small environmental sensor
placed in a fabric that is driven by little solar cells and
is connected to the Internet. Thus they can communicate
their measurements to a corresponding client which can use
these information for further processing like controlling the
temperature. Those systems handle with sensible data, that
has to be protected. The low complexity terminals are often
driven by small energy sources and are therefore energy,
computing as well as cost constrained [1]. Thus they would
not be sufficient enough to perform complex security mech-
anisms like asymmetric cryptography, for instance Rivest-
Shamir-Adleman (RSA) algorithm. In addition side attacks for
example to the Non-Volatile Memory (NVM), which are used
to store the key, make the systems more vulnerable. Therefore
it is necessary to use new security mechanisms which suits
more to new technologies´requirements.
Information theoretic methods which can provide authen-
ticity, confidentiality and integrity in a more efficient way
could be used as a solution. The information theoretic methods
benefit the unique features of the medium under use, like
Integrated Circuits (ICs) or wireless channel. Furthermore
there are no assumptions made on the computing power, unlike
cryptographic primitives [1]. Physical Layer Security (PhySec)
as one of these methods provides security in physical layer by
using the intrinsic properties.
A promising approach of PhySec is the Physically Un-
clonable Functions (PUFs) which are defined by Basel Halak
as a: “[...] physical entity whose behaviour is a function of
its structure and the intrinsic variation of its manufacturing
process“ [2]. One prominent type of PUFs is the Random-
Access Memory (RAM)-based PUF since the RAM is already
integrated in most computing devices. One major advantage is
that instead of storing the secret in some digital memories, the
secrets are derived from physical characteristics of the ICs.
Even though the ICs are manufactured in the exactly same
way, they have some slight differences due to production
circumstances and therefore no two ICs would be identical
[3]. RAM-based PUFs take advantage of these fluctuations to
derive a unique pattern. Due to the physical disorder, these
fluctuations are highly random [2]. In comparison to classical
pseudo random number generators that based on deterministic
algorithms, the PUFs provides a true randomness.
Thus it can be concluded that, RAM-based PUFs do not re-
quire expensive hardware like NVM or complex computations
of cryptographic algorithms [4]. Taking into account the above
mentioned advantages, PUFs could be efficient. Considering
the importance of PUFs and also the fact that there are many
different types of them, next section introduces some of the
categories and well-known PUFs. The two most common used
RAMs in computing systems are the Static- and Dynamic
Random-Access Memory. In some devices both are present
and can be used to build a PUF. They has different properties
and advantages for specific applications. Therefor, there is a
choice which one to use. The focus of this work is on the
comparison of the SRAM and DRAM PUFs to provide a base
for this decision.
This paper is structured as follows: Section II gives an
introduction to the subject area PUFs and describes different
PUF derivatives. Section III, though, specifically explains
SRAM and Section IV DRAM PUFs, their architecture and
functionality. A detailed comparison of both RAM types is
given in Section V, before summarizing the work in Section
VI and providing an outlook for further work.
II. TH E PUF ZO O: ANOVE RVIEW
According to Suh and Devadas a ”Physical Random Func-
tion (PRF) or Physically Unclonable Function is a function
that maps a set of challenges to a set of responses based on
an intractably complex physical system” [5]. This function is
unique for each physical instance. There are different catego-
rizations of electrical PUFs according to different concepts,
which can be divided into two areas:
i) Memory-based:
Flip-Flop PUF [6],
Butterfly PUF [6] and
SRAM PUF [7].
ii) Timing-based:
Arbiter PUF [2],
Ring-Oscillator (RO) PUF [2] and
Self-timed Ring PUF [2].
The enumeration above lists examples for those categories but
there are way more researched.
The channel-PUF as another category, uses specific char-
acteristics of the wireless communication channel to derive
unique patterns from it. Those characteristics are unique for
each communication pair (Sender/Receiver) and can not be
measured by a third party, that are further away than half of
the channel wavelength λ
2[8].
PUFs could also be categorized based on the source of
randomness, into PUFs using explicitly-introduced random-
ness, PUFs using intrinsic randomness and PUFs with easier
to control uniqueness, including optical and such as coating
PUFs. There are also more popular PUFs with no modification
to the original design namely: delay PUF (ring oscillator,
arbiter PUF, etc.), memory PUF (SRAM, DRAM, FF PUF,
etc.), mixed signal PUF (Analog PUF) and miscellaneous ones
(Bi-stable ring, magnetic stripe card, quantum confinement
PUF, etc.). PUFs are also classified as weak or strong, based
on size of the Challenge Response Pairs (CRPs) [9].
Low-cost authentication and secure key generation as two
main applications of PUFs are applicable by using PUFs from
two main types: strong PUFs and weak PUFs, respectively. A
black-box challenge-response model can be used to illustrate
the PUF. According to Herder, a challenge cpasses through
the PUF as the input and a response rwill be returned such
that r=f(c). Since the internal parameter of this function
is hidden from the user, then the black box model is suitable
to explain its behaviour. From this point of view, the PUF
security depends on two factors:
i) estimating these parameters, and
ii) having two chips with exactly same parameters.
It can be observed that, PUFs are grouped into strong and weak
based on the number of unique challenges cprocessed by the
PUF. While a weak PUF can only process a few challenges
(in extreme cases only one challenge), a strong PUF is able
to deliver many challenges [3].
III. STATIC RAM-BA SE D PUFS
A SRAM PUF, is based on the start-up state of completely
discharged six-transistor cells and is produced in Complemen-
Fig. 1: six transistor SRAM Cell
tary Metal-Oxide-Semiconductors (CMOS) technology. Figure
1 illustrates the architecture of such a cell. Transistors which
form two cross-coupled inverters which can store one of the
stable states (one or zero). This architecture is a bi-stable
system because it must always contain one out of the two
states. This behaviour results out of the regenerative property
which is illustrated in Figure 2. The voltage of the inverted
SRAM output and voltage of the non-inverted output are
placed at the x and y axis, respectively. The two transfer curves
of the coupled inverters has got an intersection point Vinversion
and split the system in two regions [7].
In case there is an input in one of the regions, this input will
be regenerated to one of the two states. The states correspond
to the stored value either value one or value zero. Therefore
those regions are called regenerative one and regenerative zero
areas. To store a specific value in the SRAM, it is necessary
to put its corresponding value from the zero or one area,
which is higher or lower than the one of the intersection point
Vinversion , at the input [7].
By powering the SRAM on, both inverters try to load their
outputs and influences the other one due to the cross coupling.
As soon as one inverter reaches as its output point Vinversion,
it dominates the the cell and defines the state to be adopted. If
the two inverters are manufactured exactly the same, then the
regenerative areas are equally sized and the point Vinversion is
placed on the bisecting angle. The result is, that the cell obtain
both states with the same probability and the adopted value by
SRAM changes by every start-up. This adopted value is also
called start-up value. The mentioned behaviour is represented
in the middle of Figure 2 [7].
Due to manufacturing fluctuations, these two inverters are
not exactly the same and Vinversion point shifts away from
bisecting angle. The more the inverters differ from each other,
the more distance Vinversion gets from the bisecting angle.
The main manufacturing related parameters that leads to this
behaviour are:
i) channel length,
ii) channel width,
Fig. 2: SRAM Cell Behaviours [7]
iii) oxide-layer thickness and
iv) dotation.
These fluctuations are technical and physical related and
highly random as well as specific for each SRAM transistor.
This leads to a unique behaviour for each SRAM cell. Accord-
ingly, there are three possible behaviours that are illustrated
in figure 2:
i) if Vinversion is shifted to the left-hand side, then the Start-
up value is zero with the highest probability,
ii) if Vinver sion is shifted to the right-hand side, then the
start-up value is one with the highest probability and
iii) if Vinversion is on the bisecting angle, then both Start-up
values are equally probable.
Through the SRAM manufacturing, the goal is to manufacture
the inverters identically and with the least possible mismatch.
Therefore the differences among two transfer curves are very
insignificant and Vinversion is very close to the bisecting angle.
Due to noises, it is also possible that a non-prioritized start-up
value to be adopted. The more similar the two inverters are,
the more probable is this behaviour and the more important
will be the noises [7]. In order to use the mentioned behaviour
of the SRAM to create a PUF following steps should be taken:
i) shut down the SRAM,
ii) wait until SRAM is completely discharged,
iii) power the SRAM on and
iv) read the start-up value by a simple read operation.
A function needs to produce always the same output for the
same input. Since there are cells that change their start-up
values after each power up, some suitable mechanisms are
required to deal with these errors. Therefore the challenge
response pairs are the chosen address and its appropriate start-
up value [7].
IV. DYNA MI C RAM-BAS ED PUFS
DRAM is a volatile Memory consisting out of one transistor
and one capacitor (1T1C). This structure is area efficient but
has got the drawback of being not static. The storage capacitor
(CS) stores the content regarding to a logical 0 or logical 1. To
choose specific cells of the DRAM the capacitor is connected
to the bitline (BL) by a metal–oxide–semiconductor field-
effect transistor (MOSFET) (M1), that connect or disconnect
it. The gate of the MOSFET is connected to the wordline
(WL). The schematic of a DRAM cell is shown in figure 3.
Due to the dimensions of the BL, a capacitance is build up,
called bitline capacitance (CBL ) that is much bigger then the
CS. According to Qtotal = (CS+CBL )·Vr=QS+QBL, the
ratio CS<< CBL effects an exchange of just a very small
amount of load carries, between the two capacitances [10].
This leads to a very small change of the bitline voltage (VBL)
to the resulting voltage (Vr).
To detect this small voltage change a sense amplifier
(SensAmp) is needed, that amplifies the voltage Vrto the
two maxima ground (GND) or supply voltage (VDD). This
SensAmp is similar to a SRAM cell and due to the pre-
charging of the BL to its exact inversion point (Vinversion ),
very sensitive to the small voltage change. Therefore the read-
out procedure of CSleads to the entering in the according
regenerative areas for a logical 0 or logical 1, regarding Section
III. Additionally to minimize the stress from the electrical field
one plate of the capacitor is biased to VDD /2[11]. The DRAM
is called dynamic, because the cell looses their stored data
during a read-out and after some time and needs a periodical
refresh, typically every 64ms. This is caused by leakage effects
of the storage capacitor (CS) and the not ideal MOSFET [12].
Similar to the SRAM, the manufacturing process leads to fluc-
tuations of the semiconductors and capacitences parameters
[2]. There are four types of DRAM-PUFs known [13]:
i) Retention Error,
ii) Row Hammer,
iii) Startup, and
iv) Latency.
Those types differ in terms of how the PUF is generated as
well as in their provided quality.
A. Retention Error
The Retention Error PUF (RE-PUF) is the first one based
on DRAMs and published in 2012 [13]. It uses the property
of the leakage of the DRAM cells and their production related
variations. Generating the PUF takes place in 4 steps:
i) deactivate the refresh mechanism of the DRAM,
ii) load the storage capacitor (CS) to VDD by writing,
iii) wait a predefined time, and
iv) read-out the stored values.
If CSis decayed in the predefined time that much that it
is, during the read-out, not able to load the bitline voltage
(VBL ) higher than the threshold voltage of the SensAmp,
it is interpreted as a logical 0, otherwise as a logical 1.
This is called a bit-flip and influenced by production related
variations, that causes slightly differences in the decay process
for every DRAM cell. Those variations are individual for
each cell and represent the PUF response. The bit-flips of the
RE-PUF are relatively rare and take a long time [14].
B. Row Hammer
An evolution of the RE-PUF is the so called Row Hammer
PUF (RH-PUF). To increase and accelerate the amount bit-
flips the Row Hammer takes place. There are PUF Rows, that
are read out and represent the PUF response, and Hammer
Rows as adjacent ones. In this procedure a quick repeated
read-out happen on the Hammer Rows.
Fig. 3: DRAM Cell
i) deactivate the refresh mechanism of the DRAM,
ii) select which rows are the PUF and which are the Hammer
ones,
iii) load the storage capacitor (CS) to VDD by writing,
iv) perform the Row Hammer procedure, and
v) read-out the stored values.
Due to the Row Hammer procedure the leakage effect happens
faster and additionally there are cells with bit-flips that would
not do so with the classical RE-PUF [15].
C. Startup
This type is similar to the SRAM PUF by using the
generated Startup-Values during the startup process.
i) shut the DRAM down,
ii) wait a defined time until the DRAM is completely dis-
charged,
iii) start the DRAM, and
iv) read-out the stored values.
After the startup, every cell is in a undefined state and point
VCin figure 3 has got, due to the precharge of one plate of CS
to VDD /2, a potential different form GND. If a red-out takes
place to those cells, they charge VBL either over or below
the threshold of the SensAmp. According to the production
related variations of the semiconductors and capacitors, a cell
prefers a logical 1 or a logical 0 [11].
D. Latency
DRAM cells take some time to perform the read and write
operation successfully. If this time is violated the operation is
failed. This time is, due to the manufacture related variations,
individual for every cell. Recommend values by the manufac-
tures are worst case scenarios.
i) write known data normally into a DRAM memory region,
ii) read the written memory region with a predefined lower
read time, and
iii) check which bit is not read correctly.
Some cells are read out correctly while others are not. Those
not correct read cells represent the PUF [16]. This procedure
is also possible for the write operation [17].
V. COMPARING SRAM AND DRAM PUFS
As in Section III and IV the technical background and
the mechanism of the SRAM and DRAM memory PUFs are
described, this chapter compares those two PUF types and
highlights their main differences.
A. Metrics of Evaluation
Important metrics to evaluate the quality of a PUF are the
uniqueness, reliability and uniformity [2]. To calculate those,
the Hamming Distance (HD) and Hamming Weight (HW) are
used. According to Basel Halak those metrics are defined as:
i) Hamming Distance (HD) ”The Hamming Distance
d(a, b)between two words a= (ai)and b= (bi)of
length n is defined to be the number of positions where
they differ, that is, the number of (i)s such that ai6=bi
[2].
ii) Hamming Weight (HW) ”Let 0denotes the zero vectors:
00...0, the Hamming Weight H W (a)of a word a=ai
is defined to be d(a, 0), the number of symbols ai! = 0
in a” [2].
1) Uniqueness: The uniqueness indicates how unique a
individual PUF chip is and how well it can be distinguished
from others. It is specified by the Inter Hamming Distance
(HDinter) and is calculated with Equation 1:
HDinter =
2
k·(k1)
k1
X
i=1
k
X
j=i+1
HD(Ri(n), Rj(n))
n×100% (1)
Whereby Ri(n)is the response of chip iand Rj(n)is the
response of chip jout of kchips with the same challenge.
With the ideal value of 50%, the response of two chips are
completely nonidentical.
2) Reliability: How well a PUF is able to generate a
consistence response for a specific challenge, is specified
by the Intra Hamming Distance (HDintra). It is calculated
according to Equation 2:
reliability = 100% HDintra (2)
with:
HDintra =1
k
k
X
i=1
HD(Ri(n), R0
i(n))
n×100% (3)
Whereby R0
i(n)is the response of the same chip at a different
condition for the same challenge. This can also be different
time points with the best case of 100%
3) Uniformity: This metric specifies the unpredictability of
a specific PUF response and is therefore a indicator for the
randomness. An uniformity of 50% indicates a true random-
ness. Equation 4 defines the calculation:
Uniformity = 1
k
k
X
i=1
ri×100% (4)
Whereby riis the HW of the ith out of kresponses of the
same chip.
TABLE I: Comparison of the SRAM PUF and the four DRAM PUF types by its important metrics
Property SRAM DRAM
Startup [18] Retention Error [19] Row Hammer [15] Startup [11] Latency [16]
Availability nearly every Microcontroller only in bigger controller or extern
Implementable in already
existing devices yes in nearly every device yes in many devices
Existing of research a lot of not that much because it is a relatively new topic
Area consumption per bit higher (6 transistors) lower (1 transistor and 1 capacitor)
Memory cost per bit higher lower
Type of PUF electrical voltage based
memory PUF electrical current based memory PUF
CRP weak strong
Temperature dependent yes yes
Output generation time only by first power up every time every time only by first
power up every time
Time to generate PUF
sequence just time for one read-out decay time depening:
up to minutes 60s-120s just time for
one read-out 88,2ms
Reliability HDintra = 95.585% high Jintra = 94.54% HDintra<81.4% Jintra>65%
Uniqueness HDinter = 51.392%
decay time depending:
HDinter =
43.1% 79.7%
Jinter 0% HDinter = 49.37% Jinter<25%
Uniformity 46.772% decay time depending:
32.3% 53.7% -48% 55% -
B. Jaccard index
For DRAMs it is also common to use instead of the HD,
the Jaccard index. It specifies the ratio of the intersection
of two sets s1and s2. Therefore the closer this value is to
factor one the similar those two sets are. According to the
HDintra (chapter: V-A2) and HDinter (chapter: V-A1), there
is the Intra Jaccard index (Jintra), for two sets of the same
chip and Inter Jaccard index (Jinter) for two sets of different
chips [15]. Equation 5 provides the calculation:
J(s1, s2) = |s1s2|
|s1s2|(5)
For the Jinter the best possible value is 0% and for Jintra it is
100%.
C. The Comparison
Starting by small IIoT devices up to big super computers,
DRAM and SRAM are common and highly used memory
types in computing systems. Using those as a PUF, is therefore
easy to implement and cost efficient, even in already existing
systems. Sometimes there is, due to the presence of both, the
opportunity to choose one of them for the PUF implementa-
tion. Table I contrasts important properties of the SRAM and
the four different DRAM types. The most similar type of the
SRAM PUF is the DRAM Startup PUF. Both of them have got
the disadvantage of not being accessible at any time but just
at the fist power up. Furthermore, both are very fast, because
they just have to be red out after the startup process. Nerveless
the readout operation of a SRAM is much faster than the one
of the DRAM memory. All other DRAM based PUFs require
much more time to provide the response, up to minutes for
the Retention Error one.
All types have got a high reliability and uniqueness. For
the Row Hammer and Latency DRAM PUF no uniformity
values are given by the papers. The SRAM, DRAM Retention
Error and DRAM Startup PUF provide a high uniformity.
Furthermore the SRAM PUF is defined as a weak while the
DRAM one is defined as a strong PUF. A throwback that both
memory PUF have got is a strong temperature dependency.
VI. CONCLUSION AND OU TL OO K
To put it in a nutshell, both the SRAM and the DRAM
are suitable to be used as a PUF. Which of those types are
chosen mainly depend on two factors: i) at which time point
the response of the PUF is needed and ii) is the memory
type present in the given computing system. If the response
is needed during run-time, the DRAM PUF is the only one
that provides a type for this purpose. Is the given computing
system for example a very small IIoT device, without a DRAM
memory, the SRAM PUF is the only choice. Due to a non
perfect reliability and temperature dependency, both types have
to include a mechanism that is able to handle this behavior.
Future works should also include comparisons of SRAM
and DRAM PUFs embedded in complete PUFs algorithms
with error corrections and further applications. Additionally a
comparison with other memory and non memory PUFs can
provide a more extensive overview of possible integration
choices for specific systems.
ACKNOWLEDGMENT
This work has been supported by the Federal Ministry of
Education and Research of the Federal Republic of Germany
(F¨
orderkennzeichen 16KIS1283, AI-NET PROTECT). The
authors alone are responsible for the content of the paper.
REFERENCES
[1] O. G¨
unl¨
u and R. F. Schaefer, “An Optimality Summary:
Secret Key Agreement with Physical Unclonable Func-
tions,” Entropy, vol. 23, no. 1, 2021. DOI: https://doi.
org/10.3390/e23010016.
[2] B. Halak, Physically Unclonable Functions. Springer
International Publishing, 2018. DOI: 10 . 1007/ 978 - 3-
319-76804-5.
[3] C. Herder, M.-D. Yu, F. Koushanfar, and S. Devadas,
“Physical Unclonable Functions and Applications: A
Tutorial,Proceedings of the IEEE, vol. 102, no. 8,
pp. 1126–1141, 2014. DOI: 10 . 1109 / JPROC . 2014 .
2320516.
[4] C. Lipps, A. Weinand, D. Krummacker, C. Fischer,
and H. Schotten, “Proof of Concept for IoT Device
Authentication Based on SRAM PUFs Using ATMEGA
2560-MCU,” 1st International Conference on Data In-
telligence and Security (ICDIS), 2018. DO I: 10 .1109/
ICDIS.2018.00013.
[5] G. E. Suh and S. Devadas, “Physical Unclonable Func-
tions for Device Authentication and Secret Key Gen-
eration,” in 2007 44th ACM/IEEE Design Automation
Conference, 2007, pp. 9–14.
[6] C. Lipps, P. Ahr, and H. Schotten, “The PhySec Thing:
About Trust and Security in Industrial IoT Systems,
Journal of Information Warfare, vol. 19, no. 3, pp. 35–
49, Aug. 2020.
[7] P. Ahr, C. Lipps, and H. Schotten, “The PUF Commit-
ment: Evaluating the Stability of SRAM-Cells,20th
European Conference on Cyber Warfare and Security
(ECCWS2021), 2021. DOI: 10.34190/ECW.21.031.
[8] C. Lipps, S. B. Mallikarjun, M. Strufe, C. Heinz, C.
Grimm, and H. D. Schotten, “Keep Private Networks
Private: Secure Channel-PUFs, and Physical Layer Se-
curity by Linear Regression Enhanced Channel Pro-
files,” 3rd International Conference on Data Intelli-
gence and Security (ICDIS), 2020. DOI: 10 . 1109 /
ICDIS50059.2020.00019.
[9] Q. Tang, C. Zhou, W. Choi, G. Kang, J. Park, K. K.
Parhi, and C. H. Kim, “A DRAM based physical
unclonable function capable of generating Challenge
Response Pairs per 1 Kbit array for secure chip au-
thentication,” in 2017 IEEE Custom Integrated Circuits
Conference (CICC), 2017, pp. 1–4. DOI: 10.1109/CICC.
2017.7993610.
[10] L. Stiny, Aktive elektronische Bauelemente. Springer
Fachmedien Wiesbaden, 2016. DOI : 10 . 1007 / 978 - 3 -
658-14387-9.
[11] F. Tehranipoor, N. Karimian, W. Yan, and J. A. Chandy,
“DRAM-Based Intrinsic Physically Unclonable Func-
tions for System-Level Security and Authentication,
IEEE Transactions on Very Large Scale Integration
(VLSI) Systems, vol. 25, no. 3, pp. 1085–1097, Mar.
2017. DO I: 10.1109/tvlsi.2016.2606658.
[12] K. Kim and J. Lee, “A New Investigation of Data
Retention Time in Truly Nanoscaled DRAMs,” vol. 30,
no. 8, pp. 846–848, Aug. 2009. DOI: 10.1109/led.2009.
2023248.
[13] N. Anagnostopoulos, S. Katzenbeisser, J. Chandy, and
F. Tehranipoor, “An Overview of DRAM-Based Secu-
rity Primitives,Cryptography, vol. 2, no. 2, p. 7, Mar.
2018. DO I: 10.3390/cryptography2020007.
[14] C. Keller, F. Gurkaynak, H. Kaeslin, and N. Felber,
“Dynamic memory-based physically unclonable func-
tion for the generation of unique identifiers and true
random numbers,” in 2014 IEEE International Sympo-
sium on Circuits and Systems (ISCAS), IEEE, Jun. 2014.
DO I: 10.1109/iscas.2014.6865740.
[15] A. Schaller, W. Xiong, N. A. Anagnostopoulos, M. U.
Saleem, S. Gabmeyer, S. Katzenbeisser, and J. Szefer,
“Intrinsic Rowhammer PUFs: Leveraging the Rowham-
mer effect for improved security,” in 2017 IEEE In-
ternational Symposium on Hardware Oriented Security
and Trust (HOST), May 2017. DOI : 10.1109/hst.2017.
7951729.
[16] J. S. Kim, M. Patel, H. Hassan, and O. Mutlu,
“The DRAM Latency PUF: Quickly Evaluating Phys-
ical Unclonable Functions by Exploiting the Latency-
Reliability Tradeoff in Modern Commodity DRAM De-
vices,” in 2018 IEEE International Symposium on High
Performance Computer Architecture (HPCA), IEEE,
Feb. 2018. DOI: 10.1109/hpca.2018.00026.
[17] M. S. Hashemian, B. Singh, F. Wolff, D. Weyer, S.
Clay, and C. Papachristou, “ARobust Authentication
Methodology using Physically Unclonable Functions in
DRAM Arrays,” in 2015 Design, Automation Test in
Europe Conference Exhibition (DATE), 2015. DOI: 10.
7873/date.2015.0308.
[18] M. Barbareschi, E. Battista, A. Mazzeo, and N. Maz-
zocca, “Testing 90 nm microcontroller SRAM PUF
quality,” in 2015 10th International Conference on
Design Technology of Integrated Systems in Nanoscale
Era (DTIS), 2015, pp. 1–6. DOI: 10.1109 /DTIS .2015.
7127360.
[19] I. Kumari, M.-K. Oh, Y. Kang, and D. Choi, “Rapid
Run-Time DRAM PUF Based on Bit-Flip Position for
Secure IoT Devices,” in 2018 IEEE SENSORS, Oct.
2018. DO I: 10.1109/icsens.2018.8589608.
... Start-up based SRAM PUFs exploit the unique start-up values of SRAM cells when power is first applied. Due to manufacturing process variations, each SRAM cell may start in a different state, creating a unique pattern of 0s and 1s [1,2]. When powered off and then on again, a good SRAM PUF exhibits the same start-up pattern due to inherent cell characteristics [3]. ...
... For optimal security, uniqueness should be as high as possible, ideally close to 1, indicating that responses are nearly completely distinct. The uniqueness is evaluated as in Equation (1). Where N is the total number of devices (PUFs) being compared. ...
... A main argument for their application: Both types are already implemented in most computing devices. Therefore, Ahr et al. compare those two PUF concepts in more detail and highlight the characteristics and applications [9]. The main difference between the two PUF variants is the access time of the PUF response. ...
Conference Paper
Full-text available
The ongoing development towards the Industrial Internet of Things (IIoT) and the industrial metaverse pose several challenges for both, customers and manufacturers. These relate mainly to security, usability and energy consumption of the utilized hardware. As most industrial use-cases are referring on traditional communication scenarios and considering data generated and exchanged between producer and consumers, there is a fundamental need for confidentially, integrity and authenticity within the systems. A worthwhile approach to meeting these requirements are Physically Unclonable Functions (PUFs): Semiconductors, which are-based on nano-scale and uncontrollable imperfections occurring during manufacturing of the microchip-in particular suitable for resource-constrained and lightweight applications. Potential implementations for PUF thereby range from unique device's fingerprint, to secret key derivation, to seeds for True Random Number Generators (TRNGs). This work proposes another potential application of SRAM-PUFs, specifically as an additional source of entropy for a Password-Based Key Derivation Function (PBKDF) communication scheme. Apart from an evaluation of the proposed concept, the suitability of SRAM cells is demonstrated by a dependence study on the effects of supply voltage fluctuation.
... A main argument for their application: Both types are already implemented in most computing devices. Therefore, Ahr et al. compare those two PUF concepts in more detail and highlight the characteristics and applications [9]. The main difference between the two PUF variants is the access time of the PUF response. ...
Preprint
Full-text available
The ongoing development towards the Industrial Internet of Things (IIoT) and the industrial metaverse pose several challenges for both, customers and manufacturers. These relate mainly to security, usability and energy consumption of the utilized hardware. As most industrial use-cases are referring on traditional communication scenarios and considering data generated and exchanged between producer and consumers, there is a fundamental need for confidentially, integrity and authenticity within the systems. A worthwhile approach to meeting these requirements are Physically Unclonable Functions (PUFs): Semiconductors, which are-based on nano-scale and uncontrollable imperfections occurring during manufacturing of the microchip-in particular suitable for resource-constrained and lightweight applications. Potential implementations for PUF thereby range from unique device's fingerprint, to secret key derivation, to seeds for True Random Number Generators (TRNGs). This work proposes another potential application of SRAM-PUFs, specifically as an additional source of entropy for a Password-Based Key Derivation Function (PBKDF) communication scheme. Apart from an evaluation of the proposed concept, the suitability of SRAM cells is demonstrated by a dependence study on the effects of supply voltage fluctuation.
... Furthermore, Random-Access Memory (RAM) is intergraded in almost every computing unit and thus inherently existing in many systems. Now that the Static RAM (SRAM) variant has been discussed in detail in the scientific community, the focus is currently shifting to the Dynamic RAM (DRAM) one [4]. But, although there is work available [5], these merely compare different approaches, whereas the present work calls for a unified and standardized approach. ...
Conference Paper
Full-text available
Dynamic Random-Access Memory (DRAM)-based Physically Unclonable Functions (PUFs) are a part of the Physical Layer Security (PhySec) domain. Those electrical PUFs are memory based and exhibit a high availability, Shannon Entropy, low energy consumption and high amount of Challenge Response Pairs (CRPs). Because of those properties, the DRAM PUF is a promising approach for security applications in the Industrial Internet of Things (IIoT) context as well as securing the Sixth-Generation (6G) Wireless Systems and edge computing. DRAM, with its most common one-Transistor one-Capacitor (1T1C) architecture, and as a volatile memory is embedded in almost every modern computing unit. Regarding the PUF security applications, four main types of applications are currently distinguished in the scientific community: Retention Error, Row Hammer, Startup and Latency PUFs. Thereby these differ in their procedure in how responses are generated as well as by the physical mechanisms. Each of them with varying properties in terms of availability, reliability, uniqueness and uniformity. To examine this, and to obtain comparable results, this work proposes to compare the four different DRAM-PUF types i) with the same metrics of evaluation and ii) implemented on the same DRAM cells. This represents both the difference with regard to the work done in the literature and the added value of this work presented. As far as known, there is no work to date that performs the intended evaluations using the same evaluation platform under the identical conditions. However, this is required for comparable results. This consistent comparison is ensured by a self-developed and implemented evaluation platform, which is accordingly equipped with a significant number of DRAMs. By an appropriate high volume of measurements, a corresponding resolution will be given. Monitoring the environmental conditions prevents from wrong interpretations caused by environmental influences but also provides useful context information. Furthermore, a detailed technical and physical background will be described. The results of this approach will assist by the consideration of which DRAM-PUF is appropriate in which (environmental) conditions and thereby provide a guideline for practitioners.
... Nevertheless, the overall idea is not completely new, as since the general description of the principle by Gassend et al. in 2002(Gassend, et al., 2002, there are many different approaches how PUF derivatives can be used. According to Ahr, Noushinfar and Lipps (2021), a fundamental distinction of the approaches is possible into Memory-based and Timing-based PUFs. Memory-based include among others, Flip-Flop (Khan, et al., 2020), Butterfly (Kumar, et al., 2008) and SRAM-PUFs (Halak, 2018), whereas Arbiter- (Machida, et al., 2014), Ring-Oscillator- (Gao, et al., 2014) and Self-Timing PUFs are attributed to the Timing-based PUFs (Halak, 2018). ...
Article
Full-text available
In an increasingly interconnected and globalized world in which the volume but also the confidentiality of transmitted content is becoming ever more important, trust, confidence and trustworthiness are of fundamental importance. Particularly in human societies, this trust is established, sustained and strengthened by personal relationships and experiences. But, in a globally connected world with Cyber-Physical Production Systems (CPPS), Industrial Internet of Things (IIoT) and Digital Twins (DTs), these personal relationships do not longer exist. (Remote) access to systems is possible from anywhere on the globe. However, this implies that there have to be technical solutions to detect, identify and acknowledge entities -people and machines- in the networks and thus to establish an initial level of trust. Especially since the proliferation of appropriate use-cases, Physical Layer Security (PhySec) is becoming increasingly popular in the scientific community. Using systems' intrinsic information for security applications provides a lightweight but secure alternative to traditional computationally intensive and complex cryptography. PhySec is therefore not only suitable for the IIoT and the multitude of resource-limited devices and sensors, it also opens up alternatives in terms of scalability and efficiency. Moreover, it provides security aspects regarding the entropy H and Perfect Forward Secrecy (PFS). Therefore, this work provides insight into three major branches of PhySec: i) Human - Physically Unclonable Functions (PUFs) ii) silicon/electrical - PUFs, and iii) Channel-PUFs. Based on the PUF operating principle, the silicon derivatives consider the electrical properties of semiconductors. Individual and uninfluenceable deviations during the manufacturing process result in component-specific behavior, which is described in particular for Static- and Dynamic Random Access Memory (S-/DRAM). Following this PUF principle, human characteristics -biological, physiological and behavioral features-, are used to recognize and authenticate them. With respect to the wireless channel, the characteristic properties of electromagnetic wave propagation and the influences on the wireless channel -diffraction, reflection, refraction and scattering-, are used to achieve symmetric encryption of the channel. In addition to the "conventional" wireless PhySec, especially the development of the Sixth Generation (6G) Wireless Systems, opens up a wide range of possibilities in terms of PhySec, for example in relation to Visible Light Communication (VLC), Reconfigurable Intelligent Surfaces (RIS) and in general the application of frequencies in the (sub)THz range. Thus, the work provides an overview of PhySec fields of application in all areas of the IIoT: in terms of humans, machines, and the transmission channel.
Article
Full-text available
Dynamic Random-Access Memory (DRAM)-based Physically Unclonable Functions (PUFs) are a part of the Physical Layer Security (PhySec) domain. Those electrical PUFs are memory based and exhibit a high availability, Shannon Entropy, low energy consumption and high amount of Challenge Response Pairs (CRPs). Because of those properties, the DRAM PUF is a promising approach for security applications in the Industrial Internet of Things (IIoT) context as well as securing the Sixth-Generation (6G) Wireless Systems and edge computing. DRAM, with its most common one-Transistor one-Capacitor (1T1C) architecture, and as a volatile memory is embedded in almost every modern computing unit. Regarding the PUF security applications, four main types of applications are currently distinguished in the scientific community: Retention Error, Row Hammer, Startup and Latency PUFs. Thereby these differ in their procedure in how responses are generated as well as by the physical mechanisms. Each of them with varying properties in terms of availability, reliability, uniqueness and uniformity. To examine this, and to obtain comparable results, this work proposes to compare the four different DRAM-PUF types i) with the same metrics of evaluation and ii) implemented on the same DRAM cells. This represents both the difference with regard to the work done in the literature and the added value of this work presented. As far as known, there is no work to date that performs the intended evaluations using the same evaluation platform under the identical conditions. However, this is required for comparable results. This consistent comparison is ensured by a self-developed and implemented evaluation platform, which is accordingly equipped with a significant number of DRAMs. By an appropriate high volume of measurements, a corresponding resolution will be given. Monitoring the environmental conditions prevents from wrong interpretations caused by environmental influences but also provides useful context information. Furthermore, a detailed technical and physical background will be described. The results of this approach will assist by the consideration of which DRAM-PUF is appropriate in which (environmental) conditions and thereby provide a guideline for practitioners.
Conference Paper
Full-text available
Static Random Access Memory (SRAM) based Physical Unclonable Functions (PUFs) are a dedicated sub-area of silicon PUFs in the research area of Physical Layer Security (PhySec). Due to their high Shannon Entropy, low energy consumption and availability they are particularly suitable for Industrial Internet of Things (IIoT) security applications. SRAMs are volatile memories, bistable systems which always adopt one of two values: zero or one. During the startup process - powering up the cells-, the cells take one of these states, the so called Startup- Value. This “hardware fingerprint” is depending due to physical features, fluctuations and deviation occurring during the manufacturing process of the semiconductors and the devices, and can thus be different at each restart. For a function in a mathematical meaning, and particularly for cryptographic applications, it is necessary that every element of the definition area is only mapped to one element of the codomain. For this purpose the startup-values of the SRAM have to be (mostly) stable for every restart. To verify the suitability, and appropriateness for cryptographic applications, the paper examines the stability of the startup-values; how often does the same but still individual bit-patterns occur and how many and which bits are flipping. To provide comparable results, 30 SRAMs are evaluated with 500 startup procedures each. For automated testing a Printed Circuit Board (PCB) is implemented, controlled by a Microcontroller Unit (MCU). In order to monitor the temperature and humidity –as external influencing factors of the startup behaviour- corresponding sensors are integrated as well. The evaluation provides a high resolution of the course of stability over the various measures, and thus enables a detailed analysis. As a part, the mapping of functions to data-points is done by using regression tools. Thereby it is not only possible to determine the stability in total, but the course over all restarts as well. The results of the work contribute to PUF research in general and prove the applicability of SRAM-PUFs in IIoT and other application areas, especially for resource constrained devices, by evaluating and proofing the stability of SRAM cells.
Conference Paper
Full-text available
In the context of a rapidly changing and increasingly complex (industrial) production landscape, securing the (commu-nication) infrastructure is becoming an ever more important but also more challenging task - accompanied by the application of radio communication. A worthwhile and promising approach to overcome the arising attack vectors, and to keep private networks private, are Physical Layer Security (PhySec) implementations.The paper focuses on the transfer of the IEEE802.11 (WLAN) PhySec - Secret Key Generation (SKG) algorithms to Next Generation Mobile Networks (NGMNs), as they are the driving forces and key enabler of future industrial networks. Based on a realworld Long Term Evolution (LTE) testbed, improvements of the SKG algorithms are validated. The paper presents and evaluates significant improvements in the establishment of channel profiles, whereby especially the Bit Disagreement Rate (BDR) can be improved substantially. The combination of the Discrete CosineTransformation (DCT) and the supervised Machine Learning (ML) algorithm - Linear Regression (LR) – provides outstanding results, which can be used beyond the SKG application. The evaluation also emphasizes the appropriateness of PhySec for securing private networks
Article
Full-text available
We address security and privacy problems for digital devices and biometrics from an information-theoretic optimality perspective to conduct authentication, message encryption/decryption, identification or secure and private computations by using a secret key. A physical unclonable function (PUF) provides local security to digital devices and this review gives the most relevant summary for information theorists, coding theorists, and signal processing community members who are interested in optimal PUF constructions. Low-complexity signal processing methods are applied to simplify information-theoretic analyses. The best trade-offs between the privacy-leakage, secret-key, and storage rates are discussed. Proposed optimal constructions that jointly design the vector quantizer and error-correction code parameters are listed. These constructions include modern and algebraic codes such as polar codes and convolutional codes, both of which can achieve small block-error probabilities at short block lengths, corresponding to a small number of PUF circuits. Open problems in the PUF literature from signal processing, information theory, coding theory, and hardware complexity perspectives and their combinations are listed to stimulate further advancements in the research on local privacy and security.
Article
Full-text available
Recent developments have increased the demand for adequate security solutions, based on primitives that cannot be easily manipulated or altered, such as hardware-based primitives. Security primitives based on Dynamic Random Access Memory (DRAM) can provide cost-efficient and practical security solutions, especially for resource-constrained devices, such as hardware used in the Internet of Things (IoT), as DRAMs are an intrinsic part of most contemporary computer systems. In this work, we present a comprehensive overview of the literature regarding DRAM-based security primitives and an extended classification of it, based on a number of different criteria. In particular, first, we demonstrate the way in which DRAMs work and present the characteristics being exploited for the implementation of security primitives. Then, we introduce the primitives that can be implemented using DRAM, namely Physical Unclonable Functions (PUFs) and True Random Number Generators (TRNGs), and present the applications of each of the two types of DRAM-based security primitives. We additionally proceed to assess the security such primitives can provide, by discussing potential attacks and defences, as well as the proposed security metrics. Subsequently, we also compare these primitives to other hardware-based security primitives, noting their advantages and shortcomings, and proceed to demonstrate their potential for commercial adoption. Finally, we analyse our classification methodology, by reviewing the criteria employed in our classification and examining their significance.
Conference Paper
Full-text available
Physically Unclonable Functions (PUFs) have become an important and promising hardware primitive for device fingerprinting, device identification, or key storage. Intrinsic PUFs leverage components already found in existing devices, unlike extrinsic silicon PUFs, which are based on customized circuits that involve modification of hardware. In this work, we present a new type of a memory-based intrinsic PUF, which leverages the Rowhammer effect in DRAM modules; the Rowhammer PUF. Our PUF makes use of bit flips, which occur in DRAM cells due to rapid and repeated access of DRAM rows. Prior research has mainly focused on Rowhammer attacks, where the Rowhammer effect is used to illegitimately alter data stored in memory, e.g., to change page table entries or enable privilege escalation attacks. Meanwhile, this is the first work to use the Rowhammer effect in a positive context: to design a novel PUF. We extensively evaluate the Rowhammer PUF using commercial, off-the-shelf devices, not relying on custom hardware or an FPGA-based setup. The evaluation shows that the Rowhammer PUF holds required properties needed for the envisioned security applications, and could be deployed today.
Book
This book discusses the design principles of physically unclonable functions (PUFs) and how these can be employed in hardware-based security applications, in particular, the book provides readers with a comprehensive overview of security threats and existing countermeasures. This book has many features that make it a unique source for students, engineers and educators, including more than 80 problems and worked exercises, in addition to, approximately 200 references, which give extensive direction for further reading. © Springer International Publishing AG, part of Springer Nature 2018. All rights reserved.