This Is AuburnElectronic Theses and Dissertations

Exploiting Power-Up State of Latches as Hardware Security Primitives: PUF, TRNG and Recycled IC Detection




Wang, Wendong

Type of Degree

PhD Dissertation


Electrical and Computer Engineering


Over the last two decades, hardware security has become more and more important and became a hot topic in both academia and industry. Threats seen on cyber-infrastructure and electronic devices are becoming more and more advanced each year, resulting in huge corresponding economy and resource loss. Furthermore, in a world that relies heavily on technology to function on a daily basis, individuals should be able to trust that it is safe to use and that our information will be protected \cite{gordon2021flash}. Whether it be your car, laptop, phone, or smart thermostat, we often utilize these smart devices to help us in our daily life. However, we barely give much thought as to how the information collected could be used against us if it falls into the wrong hands. The reality is that the things such as identity theft based on a computer virus, attacks via weaknesses in device security, are becoming more and more prevalent today. This puts a big responsibility on the designers of such devices to ensure that information stays secure, and this is where the constantly evolving field of hardware security comes into play. Memory such as SRAM has become the hot spotlight due to its possible hardware security application. Due to the unavoidable process variation during the manufacturing process, each SRAM cell will obtain a unique electrical character and therefore, have been proposed as a source for hardware security primitives such as physical unclonable function (PUF), true random number generator(TRNG) and recycling integrated circuit detection. The SRAM-based PUFs is one of the appealing PUFs candidates because of the easy implementation and nearly zero hardware penalty~\cite{xiao2014bit}. Holcomb\el proposed the very first idea of using the power-up value of SRAM array as the response of PUFs\cite{holcomb2008power}. However, part of SRAM cells will not have consistent value under multiple powering up. This instability in the SRAM PUF response over the expected range of operating voltages and temperature, as well as environmental noise and aging degradation over time, is a challenge. Recent proposals aim at identifying a subset of all the cells in an SRAM, the most robust or “strong” cells, and using only these to construct a PUF~\cite{miller2019highly,shifman2018method}. However, it requires modification of the original SRAM design, which will increase the overall design cost and limit the range of application. In this dissertation, we will propose a systematic bit selection method to identify those most "strong" cells for PUF application. Furthermore, the proposed method will not require any hardware-level modification of the original design of SRAM. The silicon data indicates that the selected cell can reach 100\% reliability under multiple powering up and temperature/voltage variation. Besides the SRAM-based PUF, the power-up value of an SRAM array has also been widely accepted as an entropy source for generating random numbers. However, only a few cells of the SRAM are truly random upon repeated power-ups; the vast majority of cells display a distinct bias due to manufacturing process variations. Consequently, a relatively large SRAM array is required to obtain sufficient entropy for generating random numbers. To improve the overall entropy of an SRAM array and avoid large SRAM array being the entropy source, researchers have proposed the use of controlled device aging at the pre-deployment stage to enhance the initial entropy of an SRAM array. However, aging in the field can adversely affect entropy and degrade randomness. In this dissertation, we exhibit how the initially controlled aging to increase SRAM entropy will have a counter effect when the SRAM array has been used in the field. To cope with this, we proposed an SRAM-based TRNG, that relies on periodically powering up and down the device during deployment to maintain/maximize the entropy of the entire SRAM array. The key idea is to continuously stress the SRAM cells in their power-up states at regular intervals. This helps to counter the aging caused by the random memory states that occur during operation. Silicon results are presented to validate our proposed approach. The power-up value of the SRAM array also can be used for recycled ICs detection. The recycled ICs sold as new parts pose a serious security problem due to the shorter lifetime, potentially poorer performance compared to fresh and authentic parts. In this dissertation, we propose a novel method to identify the recycled ICs based on the power-up state of the SRAM array. The proposed method will not require any pre-historic information from those obsolete chips and only requires the ability to read out the power-up value of the SRAM array. Our methodology is based on a basic observation - an unused SRAM will always obtain a virtually equal number of logical 1 and logical 0 during power-up. Afterward, the ratio of logical 1 and logical 0 will be skewed due to biased aging during normal in-field operation. In this dissertation, we will discuss two different application scenarios. First, where SRAM arrays have been manufactured in advanced technology. Second, where the SRAM chip is fabricated by very mature/old technology (in um level). For both scenarios, we will propose our method to detect the recycled SRAM based on the power-up state. Our silicon data validate the efficiency of our proposed method in the real world. Although the method to detect recycled ICs based on the power-up state of the SRAM array is very effective, its applicability is somewhat limited as a large number of older designs do not have large on-chip memories. To be effective in such scenarios, we also propose an alternate detection approach based on the initial power-up state of scan flip-flops, which are present in virtually every digital circuit. Since the flip-flops, unlike SRAM cells, are generally not perfectly symmetrical in layout, an equal number of scan cells will not power up to 0 or 1 logic states in most designs. Consequently, a stable time zero reference of 50\% logic 0s and 1s cannot be used for determining the subsequent usage of a chip. To overcome this key limitation, we first identify a significant number of asymmetrically stressed flip-flops in the design, divided into two groups. One group of flip-flops is selected such that it mostly experiences the 1 logic state during functional operation, while the other group mostly experiences the 0 states. The resulting differential stress during operation causes growing disparity over time in the number of 0s (and 1s) observed in these two groups on power-up. When the chip is new and has not experienced aging, these two groups behave similarly, with a similar percentage of 1s (or 0s). However, over time the differential stress makes these counts diverge. We show that this changing count can be a measure of operational aging. Our simulation results show that it is possible to reliably detect used ICs after as little as three months of operation. SRAM/DFF has the potential to be one of the hardware security primitive. However, many challenges exist before the SRAM-based hardware security solution. In this dissertation, we proposed a new systematic bit selection method to reach 100\% reliability for SRAM-based PUF applications. For the SRAM-based TRNG, we can maintain/maximize the entropy of the SRAM array through our proposed aging strategy. For the recycled ICs detection, to the best of our knowledge, it is the first time that a piratical method has been proposed to identify the recycled ICs based on the power-up state of SRAM without requiring any pre-historic information from obsolete ICs. We also proposed a novel method to detect recycled ICs by exploiting the power-up state of DFF.