Improved Reliability of FPGA-based PUF Identification Generator Design


Published in:
ACM Transactions on Reconfigurable Technology and Systems

Document Version:
Peer reviewed version

Queen's University Belfast - Research Portal:
Link to publication record in Queen's University Belfast Research Portal

Publisher rights
© 2017 ACM
This work is made available online in accordance with the publisher's policies. Please refer to any applicable terms of use of the publisher.

General rights
Copyright for the publications made accessible via the Queen's University Belfast Research Portal is retained by the author(s) and / or other copyright owners and it is a condition of accessing these publications that users recognise and abide by the legal requirements associated with these rights.

Take down policy
The Research Portal is Queen's institutional repository that provides access to Queen's research output. Every effort has been made to ensure that content in the Research Portal does not infringe any person's rights, or applicable UK laws. If you discover content in the Research Portal that you believe breaches copyright or violates any law, please contact openaccess@qub.ac.uk.

Open Access
This research has been made openly available by Queen's academics and its Open Research team. We would love to hear how access to this research benefits you. – Share your feedback with us: http://go.qub.ac.uk/oa-feedback

Download date: 27. Jul. 2023
Improved Reliability of FPGA-based PUF Identification Generator Design

Chongyan Gu, CSIT, ECIT, Queen’s University Belfast, Queen’s Road, United Kingdom, BT3 9DT
Neil Hanley, CSIT, ECIT, Queen’s University Belfast, Queen’s Road, United Kingdom, BT3 9DT
Máire O’Neill, CSIT, ECIT, Queen’s University Belfast, Queen’s Road, United Kingdom, BT3 9DT

Physical unclonable functions (PUFs), a new form of physical security primitive, enable digital identifiers to be extracted from devices, such as field programmable gate arrays (FPGAs). Many PUF implementations have been proposed to generate these unique n-bit binary strings. However, they often offer insufficient uniqueness and reliability when implemented on FPGAs, and can consume excessive resources. To address these problems, in this paper we present an efficient, lightweight and scalable PUF identification (ID) generator circuit that offers a compact design with good uniqueness and reliability properties, and is specifically designed for FPGAs. A novel post-characterisation methodology is also proposed, which improves the reliability of a PUF without the need for any additional hardware resources. Moreover, the proposed post-characterisation method can be generally used for any FPGA-based PUF designs. The PUF ID generator consumes 8.95% of the hardware resources of a low-cost Xilinx Spartan-6 LX9 FPGA and 0.81% of a Xilinx Artix-7 FPGA. Experimental results show good uniqueness, reliability, and uniformity with no occurrence of bit-aliasing. In particular, the reliability of the PUF is close to 100% over an environmental temperature range of 25°C to 70°C with ±10% variation in the supply voltage.

Additional Key Words and Phrases: Physical unclonable functions, identification generation, authentication, field programmable gate arrays (FPGAs), reliability.

1. INTRODUCTION

Physical unclonable functions (PUFs) allow hardware devices to be physically and uniquely identified by associating unique n-bit binary string identifiers with the devices, such as FPGAs. This has opened the door to a number of new security-orientated FPGA design opportunities, such as intellectual property protection, cloning prevention or complex security-on-chip designs. PUF designs have been extensively studied for hardware targets, both application specific ICs (ASICs) and field programmable field arrays (FPGAs), and recently have begun to appear in commercial products such as the latest version of the NXP SmartMX micro-controller integrated circuit (IC) targeted at transport and banking markets [Intrinsic-ID 2015], and the new Microsemi SmartFusion2 SoC FPGA line [Microsemi 2015]. The Xilinx UltraScale+ devices also have the option of using PUF for masking of the key used for bitstream encryption (note that it is not accessible for user designs), and have published whitepapers on how to enhance boot security with the use of a user designed “soft” PUF in the FPGA fabric [Peterson 2015]. Ideally, PUFs should offer a tamper-evident, unpredictable and uncloneable solution. However, due to machine learning attacks [Rührmair et al. 2010] and physical attacks, e.g. fault injection [Delvaux and Verbauwhede 2014], side channel attacks [Mahmoud et al. 2013] for some PUF designs their responses can be predicted. Recently, countermeasures have also been proposed to improve the physical security of PUF designs, e.g. modeling attack resistant PUFs [Kumar and Burleson 2014] [Vijayakumar and Kundu 2015]. Some of these proposals will be discussed in the next section. One advantage of using PUF over other approaches is that any device tampering can affect the PUF response and hence might be detected. Instead of storing a preset identifier in non-volatile memory (NVM) they exploit process variation effects via a “variability aware” circuit to generate a unique n-bit binary string identifier (response) from an FPGA when given a corresponding N-bit input (challenge). Since, ideally, each i-th challenge, Ci, uniquely maps to exactly one response, Ri, with-
out noise, they can be grouped together into so-called challenge-response pairs (CRPs), where $CRP_i = \{C_i, R_i\}$.

To enable practical use of the identifiers generated using the FPGA-based PUFs they have to 1) be unique so that no two devices map to the same ID, 2) offer high reliability to ensure that a device can repeatedly return the correct ID with as few noisy bits as possible, and 3) be efficient and feasible to implement on an FPGA. However, to date wide spread adoption in FPGAs has been limited as PUFs are difficult to implement and integrate on such devices, can require considerable FPGA logic resources, and have insufficient tolerance to temperature and voltage variations.

Uniqueness in PUF IDs is inherently difficult to achieve as they exploit manufacturing process variations, which FPGA microelectronic designers strive to minimize. If the level of variability is not sufficient, two challenges, $C_1$ and $C_2$, may map to the same or related responses for different FPGA instances i.e., $C_1 \rightarrow R_1$ and $C_2 \rightarrow R_1$. Furthermore, as FPGAs have highly regular and scalable architectures to allow them to implement arbitrary logic functions efficiently, this directly affects the implementation options. The design tools create layouts with unbalanced routing and interconnects with large capacitance, both of which introduce bit biases and skew in PUF response bits i.e., bit-aliasing.

Reliability in PUF ID generator designs is affected by environmental variations, the most significant of which are core supply voltage and temperature fluctuations. If an FPGA's core supply voltage levels diverge significantly from the recommended value gate delays will change and can cause incorrect ID responses. Similarly, elevated local temperatures will impact an FPGA's performance and response bit accuracy. Changes in temperature cause transistor threshold voltages to decrease and carrier mobility to increase: the former tends to speed up a circuit, while the latter tends to slow it down. Depending on which effect is dominant, a circuit may show either negative temperature dependence if the delay increases with temperature, positive temperature dependence if it decreases with temperature, or mixed temperature dependence if the trend is non-uniform [Wolpert and Ampadu 2012]. Ultimately, both types of environmental variation causes reliability issues.

In previous work by the authors [Gu et al. 2014], a novel FPGA-based PUF ID generator was proposed, which consumes minimal FPGA logic resources, and can be easily scaled to form an $n$-bit PUF ID generator and implemented in a low-cost FPGA device, such as a Spartan-6 LX9. Experimental results demonstrate that this PUF ID generator design achieves good uniqueness and reliability. Each 1-bit ID cell is implemented as a hard-macro on an FPGA ensuring balanced and stable routing for reliable operation. This is important when generating identifiers under different environmental conditions and minimizes statistical bias. Although the reliability of our previous work (93%) is sufficient for ID generation and authentication, for other applications, such as key generation, a more robust response is required. Ideally the aim is to improve the reliability result without utilising extra hardware resource on an FPGA, which is one focus of this paper.

In this paper, we build upon our previous work and propose a reliable characterisation process. We also provide a more complete analysis of the FPGA-based PUF ID generator. Specifically, our scientific research contributions are as follows:

— We propose a reliable and efficient post-processing characterisation process, which can be implemented on FPGA without any additional hardware resources. This characterisation process can be utilized to improve the reliability of any FPGA-based PUF ID generator design. It is employed to enhance the reliability of the 128-bit PUF ID generator previously proposed by the authors [Gu et al. 2014].
— The application of this automated characterisation process is presented, and an improvement in the reliability of the 128-bit PUF ID generator from 93.93% to 98.74% without the requirement of any additional hardware resources, and to 99.60% when simple majority voting post-processing is also employed, is shown.

— A more comprehensive evaluation of the PUF ID generator design previously proposed by the authors [Gu et al. 2014] is also presented, and includes an analysis of uniformity and bit-aliasing, with results of 51.06% and 56.48% achieved respectively pre-characterisation.

— The proposed improved 128-bit PUF ID generator is shown to achieve good overall results in terms of uniqueness, uniformity and bit-aliasing, with values of 45.60%, 50.60%, and 56.48% respectively using the proposed characterisation process, and a further improvement to 45.60%, 50.54% and 56.58% respectively using majority voting.

The rest of this paper is organized as follows. Section II discusses the related work of PUF designs. Section III introduces the principle of the PUF ID generator's operation. The implementation of the 128-bit PUF ID generator design is described in section IV and the post-characterisation process is outlined in section V. The evaluation of the proposed improved PUF ID generator design is given in section VI to validate the work. Finally, conclusions are drawn in section VII.

2. RELATED WORK

Since the first concrete implementation of a PUF was proposed [Pappu et al. 2002], many researchers have reported a range of different PUFs targeting both ASICs and FPGAs, e.g. static RAM (SRAM) PUFs [Guajardo et al. 2007; Holcomb et al. 2009], Latch PUF [Su et al. 2008], Flip-flop PUF [Maes et al. 2008], Buskeeper PUF [Simons et al. 2012], Butterfly PUF [Kumar et al. 2008], Ring Oscillator (RO) PUF [Suh and Devadas 2007; Murphy et al. 2012], Configurable RO (CRO) PUF [Yu et al. 2012], Arbiter PUF [Gassend et al. 2002] [Gu et al. 2016], Bistable Ring (BR) PUF [Chen et al. 2011], processor-based PUF [Maiti and Schaumont 2012], reconfigurable PUF (rPUF) [Kursawe et al. 2009]. Also, Charles et al. [Herder et al. 2014] and Sklavos [Sklavos 2013] provide a detailed introduction to PUF based security analysis and implementation. The RO PUF designs exploit the difference in period between two identical ring oscillators by incrementing two counters and then comparing the value reached in a given time frame. This structure at a minimum requires two configurable logic blocks (CLBs) on FPGA, even though strategies exist to re-use oscillators [Maiti et al. 2012]. The Arbiter PUF uses \(n\)-bit differential delay lines and a latch arbiter to generate a 1-bit PUF response. It is difficult to implement this design on FPGA as it requires the whole structure to be balanced to generate 1-bit, and then duplicated \(k\) times. Although Majzoobi et al. [Majzoobi et al. 2014] and Hori et al. [Hori et al. 2014] implemented Arbiter PUFs on FPGAs, they introduced an extra tuning circuit or reported results with low uniqueness. In memory-based PUFs, like SRAM PUFs, the initial state of static RAM cells, formed by two cross coupled inverters (also often known as a bistable latch) in FPGAs, is exploited to produce IDs based on different memory blocks on different FPGAs. However, SRAM PUFs require a device power-up operation to generate each ID. Although most FPGAs have SRAM memory, some SRAMs have an initial state which prevents them entering a random value during the start up stage. To address this Kumar et al. [Kumar et al. 2008] proposed a logical alternative called Butterfly PUF to emulate the behavior of an SRAM PUF on Virtex-5 FPGAs. It can be invoked at any time rather than only at power-up. It operates using two cross-coupled latches forming a bistable circuit, where the preset/clear force it into metastability. It still suffers from issues due to metastability, and indeed not all
FPGAs feature preset/reset pins in the required format. They reported 94% reliability over temperature variations, however, reliability over voltage changes is not provided. For 64 Butterfly PUF cells, 130 slices are consumed.

Improving the reliability has been the subject of much research with both SRAM and RO PUF designs. Efforts to improve the reliability of SRAM PUF have been proposed by many researchers, e.g. Bhargava et al. [Bhargava and Mai 2014], Garg et al. [Gary and Kim 2014] and Cortez et al. [Cortez et al. 2013]. However, aging testing based reinforcement techniques or special circuitry are required. Guajardo et al. [Guajardo et al. 2007] and Bohm et al. [Bohm et al. 2011] utilise error correction codes, BCH code or repetition code, to reduce the error rate for SRAM PUFs. A fuzzy extractor is used for error correction to enhance the reliability in the SRAM PUF design proposed by Holcomb et al. [Holcomb et al. 2013], the Flip-flop PUF design by Maes et al. [Maes et al. 2008], and the Butterfly PUF design by Kumar et al. [Kumar et al. 2008]. All these post processing methods incur additional hardware resource usage. Majority voting (or 1-out-of-k-method) is a straightforward and simple way to reduce noise. However, its usefulness depends on the level of noise. For example, in the case of 50% noise, even if majority voting is applied, the result cannot be improved. Hence, a lightweight reliability improvement is needed to enhance the reliability of FPGA-based PUF designs in general.

To distinguish between different intrinsic PUF designs, Guajardo et al. [Guajardo et al. 2007] introduced two PUF subtypes with regard to the behavior of CRPs, namely “Weak PUF” and “Strong PUF”. Weak PUFs exhibit the following characteristics: 1) they may have very few challenges and in the extreme case they may generate just one response; 2) it is assumed that an attacker can not access the response of Weak PUFs as one or a few CRPs could be used to build a model of the security system. The previously mentioned SRAM PUF and Butterfly PUF are examples of Weak PUFs. For many applications, their responses can be useful for key generation as an intrinsic key, in place of secure memory. Compared to other key storage approaches in which keys are stored in NVM, the key is intrinsically linked to the physical hardware of the device itself. Furthermore, Weak PUFs are low-cost since they do not need any special manufacturing process. Compared to Weak PUFs, Strong PUFs have the following characteristics: 1) they may have many possible CRPs; 2) an attacker may have access to the CRPs, however it should be impossible for them to determine or attack the CRPs in a given time frame, for example, a few days or weeks.

Practical realisations of the Strong PUF definition of Guajardo et al. [Guajardo et al. 2007] has proven to be somewhat more difficult than originally anticipated. For example, the Arbiter PUF was an example of a Strong PUF, however, it is known that Arbiter PUFs can be modeled as linear additive models [Rührmair et al. 2010], and recent work has shown how to attack the non-linearity of XOR-Arbiter PUFs using reliability-based evolution strategies [Becker 2015]. Hence, in more recent literature, a Strong PUF is required to have a number of CRPs that scales exponentially with the circuit area, but no other constraints such as resistance against modeling are imposed. For Weak PUF, such attacks do not apply as it is assumed that there is no external access to the response for an attacker. Hence, machine learning attacks are not considered here. For Strong PUFs, poor reliability is one reason why XOR PUFs can be attacked, as described in [Becker 2015]. Hence, the characterisation process presented in this paper to help achieve high reliability, may be helpful for Strong PUFs to protect against machine learning attacks.

3. PUF ID GENERATOR CIRCUIT DESIGN

The previously proposed PUF ID generator design by the authors [Gu et al. 2014] comprises of \( n \) elementary 1-bit PUF ID cells and is designed to fit compactly in one FPGA
slice, as shown in Fig.1. An \( n \)-bit PUF ID generator circuit is formed by instantiating an array of \( n \) 1-bit ID cells. A 1-bit response is generated as follows: two matched time delay paths, \( T0 \) and \( T1 \), implemented by two D type flip-flops are excited simultaneously by the rising edge of a \textit{START} signal connected to their clock pins after first being reset by \textit{CLEAR}; since flip-flops are coarse grained delay components, the rising edge on their \( Q \) outputs propagate the excited signal differently, thus racing against each other; the timing of two delay lines will differ due to underlying manufacturing variability; cross-coupled NAND gates are utilized to decide which transition arrived first and sets their output to either binary 10 or 01. A timing diagram of the 1-bit PUF ID generator design is shown in Fig. 2. It can be seen that a \textit{CLEAR} signal is first activated to reset the circuit and on the rising edge of a \textit{START} signal the delay paths are activated. The output signals, \( Z0 \) and \( Z1 \), will be 01 when \( Q0 \) and \( Q1 \) are 10 whenever the arrival time of the delay path \( T0 \) is faster. A multiplexer outputs a unique 1-bit response depending on the value of the challenge. This PUF ID generator bit generation circuitry requires two LUTs, two flip-flops and one multiplexer per bit.

The use of cross-coupled NAND gates as an arbiter ensures that the feedback paths are balanced, symmetrical and contribute minimally to \( T0 \) and \( T1 \). The arbiter design also increases reliability as the effects on each feedback path are equally balanced. Previous work by Lim \textit{et al.} \cite{lim2005} uses a D-latch for the arbiter, but it introduces a 10% skew on the response.

In order to maximize variation and to avoid bit aliasing in the ID responses the wiring paths must be placed and routed as symmetrically as possible so as to minimize the nominal delay difference between the two paths. In FPGAs this can be accomplished by manual routing and timing analysis, but due to the natural architecture of FPGAs this is inherently problematic. Careful place and route in the target device ensures an estimated delay difference between the paths of only 10 ps according to the design tool.

Due to external influences as mentioned previously (temperature and supply voltage), some bits will be unstable and vary between 0 and 1. The straightforward solution to this problem is to obtain each response bit \( N \) \((N=5\) for this work\) times and then use the majority as the correct bit. As the number of repetitions increases, the probability of an undecipherable error decreases proportionately. This does not work however when significant instability in the bit response occurs. In the next section, a characterisation process is proposed to address instability and improve reliability.
4. IMPLEMENTATION OF PROPOSED PUF ID GENERATOR DESIGN

The previously proposed \( n \)-bit PUF ID generator design is implemented in Xilinx Spartan-6 FPGA and each bit is implemented as a hard macro, as shown in Fig.3. The floor plan location is set by declaring location (LOC) constraints using Xilinx’s Unified Constraints Format (UCF) file.

![Fig. 3. Floor plan of a 128-bit PUF ID generator based on a 1-bit single slice hard macro.](image)

To ensure that the ID response bits are a function of device variability only, it is essential that all circuit elements are identical and routing is balanced. Otherwise, the response bits will exhibit bit-bias due to the interconnect and layout mismatch. The authors in [Suh and Devadas 2007] suggest using FPGA hard-macros as a solution to help meet strict design parameters. Therefore, in this research the circuit elements are manually placed and routed and a hard-macro, as shown in Fig.4, is used to implement a 1-bit ID cell, which occupies exactly one slice of the target Xilinx Spartan-6 FPGA device. Fig.5 shows an example of the unbalanced routing that results from automated place and route of the design, which will lead to a bias of the response. Other FPGA families can be targeted using the 1-bit ID cell by re-creating the hard-macro. A 5-bit majority voting circuit for each 1-bit ID cell is also implemented as a hard macro in one slice.

![Fig. 4. Balanced routing](image)  ![Fig. 5. unbalanced routing](image)
The cross-coupled NAND gate arbiter is implemented in two LUTs, the D type flip flops are implemented in two registers; and the 2:1 selector is implemented in a multiplexer. These are easily instantiated in hardware description language (HDL) (e.g., Verilog) by using a stub file, which can be declared multiple times as desired to build \( n \)-bit PUF ID generators. In this work 128 hard-macros, arranged in an \( 8 \times 16 \) array, are used to construct the 128-bit PUF ID generator as shown in Fig. 3. The Xilinx Spartan-6 device employed in this work is the XC6SLX9, which has 1,430 slices, half of which are SLICEXs, a quarter of which are SLICELs and a quarter SLICEMs [Xilinx 2011]. Compared to SLICEX, the SLICEL and SLICEM primitives have wide MUXs and carry chain components. As the proposed design does not need wide MUXs or carry chains it can be implemented in any type of slice, and for this work it is implemented in SLICEX primitives.

Since a 1-bit ID cell only occupies half a Spartan-6 slice, the remaining resources can be used to implement other functionality or alternatively a second 1-bit ID cell yielding 2-bits of an ID response per slice [Gu and O’Neill 2015]. For this work, a single bit per slice is implemented, such that each ID cell occupies the upper half of the slice and the upper slice within a CLB. Utilizing only half a slice allows a great amount of flexibility in the design of complex systems as the ID hard-macro cells can be placed anywhere on the FPGA floor plan to maximize overall resource consumption and to minimize routing congestion.

5. POST-CHARACTERISATION METHODOLOGY
To improve the reliability of the PUF ID generator design, a post-characterisation phase to analyse the robustness is introduced to find the unstable bits in an FPGA layout. Robustness represents how reliable the PUF ID generator design is at nominal supply voltage and room temperature. It is generally calculated by the intra-chip hamming distance between \( S \) sample responses from the same PUF device under the same operational conditions. A manual characterisation process is employed to prove the feasibility of this methodology.

Fig. 6. Characterising the floor plan of a 128-bit PUF ID generator based on a 1-bit single slice hard macro.
5.1. Manual Characterisation Process
A flow chart outlining the steps involved in the characterisation process is shown in Fig.7. The steps are as follows:

— Implement an $N$-bit PUF ID generator in the target FPGA, e.g. Spartan-6, as shown in Fig.3.
— Generate $S$ responses from the $N$-bit PUF ID generator, where $S$ is the sample number.
— Evaluate the robustness of $S$ $N$-bit PUF ID generator responses (robustness represents the reliability of the PUF design under normal operating conditions);
— Identify the unstable bits ($m$) and their positions in the floor plan of the FPGA,
— Find $m$ stable bits and their position as shown in Fig.6;
— Move the PUF cells in unstable bit positions to stable bit positions (repeat several times until all PUF cells positions are stable). The placement of the PUF ID cells is achieved by manually declaring LOC constraints using Xilinx’s UCF in the Xilinx ISE tool;
— Update and save the final bit file with the new bit positions as the default floor plan;
— Generate the $N$-bit PUF ID generator response.

Fig. 7. The flow chart of characterising the floor plan of PUF ID generator IP core architecture.
In this work the characterisation process was first manually executed following the above steps, which demonstrates the feasibility of the technique. However, an automated post-processing characterisation process was also considered to improve the efficiency of the approach.

5.2. Automated Characterisation Process

The flow chart for the automated characterisation process is similar to that of the manual process and is shown in Fig. 8. Algorithm 1 describes in detail the execution of each step in the process and includes six phases. Similar to the manual characterisation process, the automated process explores the most stable bit output for the response in order to improve the reliability of the PUF ID generator design. Moreover, the automated characterisation process simplifies the post-processing, and only needs to be carried out once to find out all the unstable and stable bit positions over the whole FPGA device. The execution time depends on the size of the FPGA, where the larger the FPGA, the longer the time it takes to identify the unstable and stable bit positions.

**ALGORITHM 1: Pseudo-code for automated characterisation process**

1: **Phase0:** Setup
2: Declare the position of an \( M \)-bit PUF ID cell in the UCF, where \( M \) is the maximum available slices of the target FPGA
3: Implement \( M \)-bit PUF ID generator design on the FPGA
4: **Phase1:** PUF Response
5: for \( i = 0 \) to \( S \) do (where \( S \) is the sample number for robustness)
6: Generate the response of the \( M \)-bit PUF ID generator
7: end for
8: **Phase2:** Evaluate
9: Evaluate the robustness of \( S M \)-bit PUF ID generator responses
10: **Phase3:** Identify
11: Identify the unstable bits (\( p \)) and the stable bits (\( q \)) of the robustness result
12: Note the position of the stable bits (\( q \))
13: **Phase4:** Choose
14: Randomly choose the position of \( n \) stable bits from the \( q \) bits as the position of \( N \)-bit PUF ID generator, where \( N \) is the required bit length of the PUF ID generator
15: Update and declare the position of the \( N \)-bit PUF ID cell in the UCF
16: **Phase5:** Generate
17: Generate the response of the \( N \)-bit PUF ID generator

6. EVALUATION OF PROPOSED IMPROVED PUF ID GENERATOR DESIGN

6.1. Experimental Setup

The Xilinx ISE Design Suite 14.7 tool was used for the proposed design and Matlab was utilised to communicate with and test the PUF IP core, with a simple interface written to send and receive data over the USB-UART port of target FPGA boards. To evaluate the manual characterisation process, the 128-bit PUF ID generator design was implemented on a Spartan XC6SLX9 microboard which comprises of a low-cost Xilinx Spartan-6 (CSG324) FPGA device (45nm technology). The 128-bit identification generator design was programmed into ten identical Spartan-6 LX9 Microboards as shown in Fig. 9. One was manually modified to conduct temperature and voltage experiments by varying the core voltage (\( \pm 10\% \)) and the temperature from 25°C to 70°C as shown in Fig. 9.

To evaluate the automated characterisation process, the 128-bit PUF ID design was implemented on Digilent Nexys4 microboard which comprises of a Xilinx Artix-7.
XC7A100T FPGA (28nm technology) to prove its feasibility on a more recent technology. The communication and control units on the Xilinx Artix-7 FPGA are similar to those on the Xilinx Spartan-6. One Xilinx Artix-7 FPGA was again modified to conduct temperature and voltage experiments. The core voltage was varied by $\pm 10\%$ and the temperature from $0^\circ C$ to $75^\circ C$. The core voltage of the Artix-7 FPGA is 1.0 volts, which differs from the Spartan-6 FPGA which has a core voltage of 1.2 volts.

There are four important metrics used to quantify the performance of a PUF ID generator circuit: uniqueness, reliability, uniformity and bit-aliasing. These are used to evaluate the improved PUF ID generator design.

6.2. Uniqueness

Uniqueness measures inter-chip variation by evaluating how easily a particular PUF ID generator circuit design can differentiate between $k$ different devices. Specifically, it quantifies the average inter-chip hamming distances (HDs) between sets of responses extracted from different devices, which implement the same PUF ID generator circuit.
and have been supplied with the same challenge, to show the extent of the difference of responses.

Ideally, when a PUF ID generator circuit is implemented on different devices it should produce an average inter-chip HD of 50% when compared between two devices supplied with the same challenge, implying that, on average, half the response bits are different between the two devices even though the same challenge has been used.

Accordingly, a percentage figure-of-merit for uniqueness based on average inter-chip HD can be defined. If two chips $i$ and $j$ both implement the same PUF ID generator circuit and have $n$-bit responses $R_i$ and $R_j$ to the same challenge, $C$, then uniqueness expressed as the average inter-chip HD among $k$ devices is defined as:

$$\text{Uniqueness} = \frac{2}{k(k-1)} \sum_{i=1}^{k-1} \sum_{j=i+1}^{k} \frac{\text{HD}(R_i, R_j)}{N} \times 100$$

A probability density function (PDF) plot of the $\frac{\text{HD}(R_i, R_j)}{N} \times 100$ values is shown in Fig.10, where values near to 50% indicate higher uniqueness. The distribution is Gaussian, clustering around the uniqueness value of 45.60%. This confirms a uniqueness approaching the ideal value can be expected for the proposed PUF ID generator on this particular FPGA.

6.3. Reliability

Ideally a given PUF ID generator circuit, implemented in any device should be able to perfectly reproduce its output whenever it is queried with a challenge. However in practice, environmental changes, such as temperature and power supply voltage variations, as well as the natural properties of metastability in PUF ID generator circuits induce noise in the responses. Therefore, reliability is used to quantify a PUF ID generator's ability to reproduce a response. Reliability can be regarded as a percentage measure of the number of noisy ID response bits.

For a device $i$, reliability is established as a single value by finding the average intra-chip HD of $s$ response samples, $R'_i$, taken at different operating conditions compared
to a baseline $N$-bit reference response, $R_i$, taken at nominal operating conditions. The average intra-chip HD is estimated as follows:

$$HD_{\text{INTRA}} = \frac{1}{s} \sum_{t=1}^{s} \frac{\text{HD}(R_i, R'_i,t)}{N} \times 100$$ (2)

where $R(i, t)'$ is the $t$--th sample of $R'_i$. The percentage figure of merit for reliability can be defined as:

$$\text{Reliability} = 100 - HD_{\text{INTRA}}$$ (3)

Obviously, the ideal value for reliability is 100%. To investigate the reliability of the proposed PUF ID generator design, a 128-bit reference response $R_i$ was extracted from a chip $i$ under normal conditions, that is at room temperature and with normal supply voltage. This is compared with the responses $R'_i$, taken under varying operating conditions. Note, robustness can be calculated using the same formula as reliability. The only difference is that the response samples for robustness are derived under nominal operating conditions.

6.3.1. Reliability with manual characterisation process. The temperature was varied from $25^\circ C$ to $70^\circ C$ ($5^\circ C$ each step) using a convection heat chamber while the core supply voltage was varied by $\pm 10\%$ 0.2 Volts using a DC regulated power supply. This covered the permitted operating range of the FPGA and swept all combinations of operating points. Fig.11 and Fig.12 show the results and compare the responses from the previously presented PUF ID generator design, with those from the PUF ID generator design post-characterisation, as well as the PUF ID generator design post-characterisation that includes majority function circuit. Over all voltage operating points the improved PUF ID generator designs exhibit a high level of reliability of between 93% and 100% for the design post-characterisation, and between 96.5% and 100% for the design that employs both characterisation and majority function circuitry. For the temperature results, both improved PUF ID generator designs achieve reliability of 100% for the FPGAs under evaluation. As expected, the designs that use the characterisation and majority function circuitry are more reliable than the original
PUF ID generator design. The average reliability results are listed in Table V. As discussed in the previous section the improvement is due to changing the position of the unreliable 1-bit ID cells which improves the robustness of the response bits.

To estimate the fluctuation in reliability of each bit, the variation of each response bit was compared under normal operating conditions and varying operating conditions. A variation map is used to explain the effects of the ID cell positioning on the response bits. A group of 128-bit responses was extracted under various environmental conditions. The variation from the original response bit is obtained by comparing these responses to the reference response obtained under normal conditions. At each specific position, the difference between the derived response and the reference response can be represented as either ‘0’ or ‘1’, where ‘0’ means no difference between responses and ‘1’ means the response from the conditioned situation is different to the one obtained under normal conditions. Therefore, the sum of the difference in responses at each position $S_{r_{i,j}}$ can be found, where $r_{i,j}$ denotes the $l$-th position bit on the $i$-th chip. Fig. 13 shows the distribution of differences ($S_{r_{i,j}}$) from the reliability results for the 128-bit
positions. $X$ represents the bit position on the x-axis of the floor plan in Fig.3, and $Y$ represents the bit position on the y-axis of the floor plan. The ranges of $X$ and $Y$ are $1 \rightarrow 8$ and $1 \rightarrow 16$ respectively, which indicate the response position as follows:

$$r_{i,l} \Rightarrow \{l_X, l_Y\}$$

(4)

where $l_X$ and $l_Y$ are the x-axis and y-axis response position $r_{i,l}$. The subfigures respectively show the distribution of the difference on reliability for the PUF ID generator design, the PUF ID generator design using the characterisation process and the PUF ID generator design post-characterisation and including the majority function circuitry. The colorbar ranges are $0 \rightarrow 120$ in Fig.13, where the samples are from 12 different voltages $\times$ 10 different temperatures. The darker color indicates that the difference value, $S_{r_{i,l}}$, at position $r_{i,l}$ is larger. In other words, the PUF ID generator exhibits more instability at specific positions. After the manual characterisation process, this instability is reduced. Moreover, using the majority function, the variation of the response is essentially eliminated. It is clear that the characterisation process significantly improves the PUF ID generator design in terms of reliability, and by itself provides close to optimal results.

Table I. BER results for voltage variations for the original design, the design post-characterisation and the design post-characterisation and including error correction circuitry.

<table>
<thead>
<tr>
<th>Design</th>
<th>BER (%)</th>
<th>SD (%)</th>
<th>Mean (%)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Original</td>
<td>9.2</td>
<td>9.8</td>
<td>10.4</td>
</tr>
<tr>
<td>CHAR</td>
<td>5.5</td>
<td>6.1</td>
<td>0</td>
</tr>
<tr>
<td>CHAR &amp; MAJ</td>
<td>2.4</td>
<td>1.2</td>
<td>0</td>
</tr>
</tbody>
</table>

Table II. BER results for temperature variations for the original design, the design post-characterisation and the design post-characterisation and including error correction circuitry.

<table>
<thead>
<tr>
<th>Design</th>
<th>BER (%)</th>
<th>SD (%)</th>
<th>Mean (%)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Original</td>
<td>4.3</td>
<td>3.7</td>
<td>3.5</td>
</tr>
<tr>
<td>CHAR</td>
<td>0</td>
<td>0</td>
<td>0</td>
</tr>
<tr>
<td>CHAR &amp; MAJ</td>
<td>0</td>
<td>0</td>
<td>0</td>
</tr>
</tbody>
</table>

The bit error rate (BER) of the PUF responses for different voltages and temperatures was investigated. Table I and Table II show the BER, standard deviation (SD) and mean (Mean) values across the voltage range from 1.08 v to 1.32 v and across the temperature range from 25 °C to 70 °C. The PUF ID generator design post-characterisation and including majority voting provides the lowest BER, SD and Mean when the voltage is varied. Interestingly decreasing the core voltage has little effect on the BER. The $SD = 0.8\% \times 128bit = 1bit$, which means that there is variation in just 1-bit of the 128 bit response, and the average BER is 0.4%. The BER, SD and Mean values of both the design post-characterisation (CHAR) and the design post-characterisation and including error correction circuitry (CHAR & MAJ) over temperature changes are zero indicating that no errors occur in these designs.

6.3.2. Reliability with automated characterisation process. Initially the robustness of the PUF ID cell design (that is the intra HD of responses from the same device under nominal operating conditions) on an Artix-7 device was calculated for every slice to visualise the variability across a more recent FPGA.

A 128-bit reference response, $R_i$, is extracted from a chip $i$ (Artix-7 FPGA) at room temperature and with normal supply voltage. This is compared to the responses $R_i^s$, taken under the same operating conditions, where $s = 1000$ samples. Eq.2 and Eq.3
are used in calculate robustness. Fig.14 depicts the heat map which shows the stable and unstable bits of a sample chip $i$. The percentage of stable '0' bits is 27.12%, the percentage of stable '1' bits is 30.75%, and the percentage of the remaining unstable bits is 42.13%. The robustness distribution of stable and unstable bits in the Artix-7 FPGA is shown in Fig.15.

Table III presents detailed robustness results of the stable '0' bits, stable '1' bits and the unstable bits on each Artix-7 FPGA, and also presents the mean and standard deviation (STD) values over 10 FPGAs. It can be seen that the distribution of stable '0' bits, stable '1' bits and unstable bits on the 10 FPGAs is very similar and has a very small STD.

To evaluate the reliability of the proposed PUF ID generator design when the automated characterisation process is applied, 128-bit reference responses, $R_i$, were extracted from a chip $i$ under normal conditions. These are compared with responses $R_i'$, taken under varying operating conditions. Temperature was varied from 0°C to 75°C (in steps of 5°C) using a thermal electric plate while the core supply voltage was varied by 1.0 Volts ±10% using a DC regulated power supply. This covered the permitted operating range of the FPGA and swept all combinations of operating points. Fig.16 shows the results and compares the responses from the PUF ID generator design, with those from the PUF ID generator design post auto-characterisation as well as the PUF ID generator design post auto-characterisation that includes majority voting. Over all voltage operating points the improved PUF ID generator designs exhibit a high level of reliability of between 95% and 100% for the design post auto-characterisation, and between 97% and 100% for the design that employs both auto-characterisation and...
Fig. 15. Robustness distribution of the compact PUF ID generator in Artix-7 FPGA

Table III. Robustness results of stable ‘0’ bits, stable ‘1’ bits, and unstable bits on the ten Artix-7 FPGAs

<table>
<thead>
<tr>
<th>FPGA</th>
<th>Bits</th>
<th>Stable 0’s</th>
<th>Stable 1’s</th>
<th>Unstable</th>
</tr>
</thead>
<tbody>
<tr>
<td>1</td>
<td>15850</td>
<td>4299 (27.12%)</td>
<td>4874 (30.75%)</td>
<td>6677 (42.12%)</td>
</tr>
<tr>
<td>2</td>
<td>15850</td>
<td>4951 (31.23%)</td>
<td>4388 (27.68%)</td>
<td>6511 (41.07%)</td>
</tr>
<tr>
<td>3</td>
<td>15850</td>
<td>4579 (28.89%)</td>
<td>4728 (29.83%)</td>
<td>6543 (41.28%)</td>
</tr>
<tr>
<td>4</td>
<td>15850</td>
<td>4242 (26.78%)</td>
<td>4831 (30.47%)</td>
<td>6777 (42.75%)</td>
</tr>
<tr>
<td>5</td>
<td>15850</td>
<td>4586 (31.45%)</td>
<td>4832 (30.48%)</td>
<td>6032 (38.05%)</td>
</tr>
<tr>
<td>6</td>
<td>15850</td>
<td>5505 (34.73%)</td>
<td>5492 (34.65%)</td>
<td>4853 (30.61%)</td>
</tr>
<tr>
<td>7</td>
<td>15850</td>
<td>4338 (27.36%)</td>
<td>4582 (28.90%)</td>
<td>6930 (43.72%)</td>
</tr>
<tr>
<td>8</td>
<td>15850</td>
<td>4048 (25.53%)</td>
<td>5080 (32.05%)</td>
<td>6722 (42.41%)</td>
</tr>
<tr>
<td>9</td>
<td>15850</td>
<td>4262 (26.89%)</td>
<td>5113 (32.25%)</td>
<td>6475 (40.85%)</td>
</tr>
<tr>
<td>10</td>
<td>15850</td>
<td>5572 (35.13%)</td>
<td>4041 (25.49%)</td>
<td>6237 (39.35%)</td>
</tr>
<tr>
<td>Mean</td>
<td></td>
<td>4678 (29.51%)</td>
<td>4796 (30.25%)</td>
<td>6576 (40.22%)</td>
</tr>
<tr>
<td>STD</td>
<td></td>
<td>546 (3.44%)</td>
<td>403 (2.54%)</td>
<td>595 (3.75%)</td>
</tr>
<tr>
<td>All</td>
<td></td>
<td>1 (0.006%)</td>
<td>0 (0.000%)</td>
<td>15849 (99.99%)</td>
</tr>
</tbody>
</table>

A comparison of the improved designs post-manual characterisation and post-automated characterisation are provided in Table IV. It is clear from the results that the post-characterisation processes are an effective way to improve the reliability of the PUF ID generator design.
6.4. Uniformity

The uniformity of a PUF ID generator circuit measures the proportion of binary ones and zeros in a response, i.e. one-to-zero ratio, and the likelihood of each value. If a response possesses ideal uniformity and is truly random the distribution of bit values will be 50% ones and zeros. Having this property is required from a security perspective to prevent an attacker from guessing if a response of a particular device is biased towards a particular value. To estimate uniformity is simply a matter of finding the hamming weight (HW) of a response, which will reveal the proportion of bit values.

For device $i$ and an $n$-bit response the percentage HW of the $n$-bit response is given as follows:

$$\text{(HW)}_l = \frac{1}{n} \sum_{i=1}^{n} r_{i,l} \times 100 \quad (5)$$

where, $r_{i,l}$ is the $l$-th position of the response bit on the $i$-th chip.

The proportion of 0's and 1's in a response is expected to be close to 50%, and in this work the response uniformity is 51.06% for the original PUF ID generator design, 50.60% for the PUF ID generator design post-characterisation, and 50.54% for the PUF ID generator design post-characterisation and including the majority function circuitry, as shown in Table V.

6.5. Bit Aliasing

An effective PUF ID generator design should not exhibit bit-aliasing when implemented on different devices. Bit-aliasing is when the ID response at stable positions on different chips is identical or almost identical. To determine if bit-aliasing occurs,
the total number of 0s and 1s in a response from the same \( p \)-th position of \( k \)-devices is calculated using the HW as follows:

\[
(HW)_p = \frac{1}{k} \sum_{i=1}^{k} r_{i,p} \times 100
\]  

(6)

where, \( r_{p,i} \) is the \( p \)-th position of a response bit on the \( i \)-th chip.

If bit-aliasing occurs and different devices generate the same response from many physical positions, the security guarantees no longer hold. The percentage of 0s and 1s at the same position in ten chips \((k = 10)\) is evaluated and is shown in Table V. The value for each of the designs is 56.48%, which means that all of the bit positions are sufficiently different such that bit-aliasing is avoided for all three PUF ID generator designs.

### Table V. PUF ID generator results of the original design, the design post-characterisation and the design post-characterisation and including error correction circuitry.

| Metrics             | Original | CHAR | CHAR & MAJ
|---------------------|----------|------|-------------
| Uniqueness          | 48.52%   | 45.90%| 43.69%      |
| Reliability         | 92.00%   | 98.97%| 99.53%      |
| Uniformity          | 51.96%   | 50.60%| 50.54%      |
| Non-bit-aliasing    | 56.48%   | 56.48%| 56.48%      |

### Table VI. Comparison of hardware resource consumption and metrics of different Weak PUF designs.

<table>
<thead>
<tr>
<th>PUF design</th>
<th>U (%)</th>
<th>R (%)</th>
<th>Hardware</th>
<th>Resp (bit)</th>
<th>Consumption</th>
</tr>
</thead>
<tbody>
<tr>
<td>SRAM PUF [Guajardo et al. 2007]</td>
<td>49.97%</td>
<td>&gt; 88%(^1)</td>
<td>FPGA</td>
<td>128</td>
<td>4600 SRAM memory bits</td>
</tr>
<tr>
<td>Latch PUF [Su et al. 2008]</td>
<td>50.55%</td>
<td>96.96%</td>
<td>0.13um CMOS</td>
<td>128</td>
<td>1 latch for each ID cell</td>
</tr>
<tr>
<td>Latch PUF [Yamamoto et al. 2011]</td>
<td>48%</td>
<td>&gt; 87%(^1)</td>
<td>Spartan 3</td>
<td>128</td>
<td>2 \times 128 slices</td>
</tr>
<tr>
<td>Flip-flop PUF [Maes et al. 2008]</td>
<td>≈ 50(^\ast)</td>
<td>&gt; 95(^\ast)</td>
<td>Virtex 2</td>
<td>4096</td>
<td>4096 flip flops</td>
</tr>
<tr>
<td>Flip-flop PUF [van der Leest et al. 2010]</td>
<td>36%</td>
<td>&gt; 87%(^1)</td>
<td>ASIC</td>
<td>1024</td>
<td>1024 flip flops</td>
</tr>
<tr>
<td>Buskeeper PUF [Simons et al. 2012]</td>
<td>49%</td>
<td>&gt; 80(^\ast), &gt; 95(^\ast)</td>
<td>TSMC 65nm</td>
<td>192</td>
<td>1GE(^1)</td>
</tr>
<tr>
<td>Butterfly PUF [Kumar et al. 2008]</td>
<td>≈ 50(^\ast)</td>
<td>94%</td>
<td>Virtex 5</td>
<td>64</td>
<td>130 slices</td>
</tr>
<tr>
<td>RO PUF [Suh and Devadas 2007]</td>
<td>46.15%</td>
<td>99.52%</td>
<td>Virtex 4</td>
<td>128</td>
<td>16 \times 64 array(^*)</td>
</tr>
<tr>
<td>CRO PUF [Merli et al. 2010]</td>
<td>43.50%</td>
<td>&gt; 96(^\ast), ≈ 100(^\ast)</td>
<td>Spartan 3</td>
<td>127</td>
<td>64 slices for ROs except counters</td>
</tr>
<tr>
<td>PUF ID generator [Gu et al. 2014]</td>
<td>48.52%(S-6), 49.90%(A-7)</td>
<td>93.21%(S-6), 93.93%(A-7)</td>
<td>Spartan 6, Artix 7</td>
<td>128</td>
<td>128 slices</td>
</tr>
<tr>
<td>Ultra-compact PUF ID generator [Gu and O’Neill 2015]</td>
<td>49.93%</td>
<td>93.96%</td>
<td>Spartan 6</td>
<td>128</td>
<td>40 slices</td>
</tr>
<tr>
<td>Proposed improved PUF ID generator</td>
<td>45.60%(S-6), 99.42%(M), 98.74%(A)</td>
<td>93.21%(S-6), 93.93%(A-7)</td>
<td>Spartan 6, Artix 7</td>
<td>128</td>
<td>128 slices</td>
</tr>
</tbody>
</table>

\(^1\)GE represented gate equivalent. \(^2\)16 \times 64 array = 1024 ROs; each RO consisting of 5 inverters and 1 AND. U is uniqueness, R is reliability. Resp is response. \(^\ast\) under temperature variation. \(^\ast\) under supply voltage variation. \(^\ast\) required post-processing. M is manual characterisation process, A is automated characterisation process.

Table V lists the results of all the evaluated PUF ID generator metrics. As previously mentioned, the reliability result has significantly improved using characterisation and a majority function, and is very close to the ideal value of 100%, with the uniformity also improving. The uniqueness decreases slightly using the improved PUF ID generator design; however this could be optimized by changing the position of the 1-bit ID cell.
hard-macro to also balance the percentage of 1s and 0s in each response. Bit-aliasing does not occur in any of the designs.

6.6. Hardware Resources and Performance Analysis

For the manual characterisation process, ten identical Xilinx Spartan-6 boards were tested, each assembled with identical parts and components. There are a total of 1,430 slices on a Spartan-6 LX9 FPGA, where each slice contains four LUTs and eight flip-flops. Each 1-bit response generation design only needs one slice; hence, our 128-bit identification generator without error correction circuitry occupies only \( \frac{128}{1430} \times 100\% = 8.95\% \) of the total slice resource, and \( \frac{128+128}{128+130} = 17.90\% \) with error correction circuitry. As can be seen the resource usage is minimal, even on a small FPGA. The layout is controlled using hard macros, which helps achieve the minimal resource footprint.

For the automated characterisation process, ten identical Xilinx Artix-7 boards were tested. Although a Xilinx Artix-7 FPGA does not have a SLICEX, its SLICEL and SLICEM are essentially the same as that of a Xilinx Spartan-6. The SLICEL and SLICEM of the Xilinx Artix-7 FPGA include all of the components of a SLICEX; hence the 1-bit PUF ID generator can be implemented on either the SLICEM or SLICEL also. In this experiment, a SLICEL is used to implement the hard macro. There are a total of 15,850 slices on a Xilinx Artix-7 XC7A100T FPGA. Each 1-bit PUF ID generator design only needs one slice; hence, the 128-bit PUF ID generator design without majority voting circuitry occupies only \( \frac{128}{15,850} \times 100\% = 0.81\% \) of the total slice resource available on this FPGA.

The resource usage comparison between the proposed PUF ID generator and other Weak PUFs implemented on hardware devices is shown in Table VI. The SRAM PUF proposed by Guajardo et al. [Guajardo et al. 2007], using SRAM memory cell, can return a response on power-up. The Latch PUF proposed by Su et al. [Su et al. 2008] is implemented on an ASIC not FPGA. The Flip-flop PUF proposed by Maes et al. [Maes et al. 2008], similar to SRAM, uses the power-up values of the flip-flops, however its randomness is limited and post-processing is required. The Butterfly PUF [Kumar et al. 2008], which is also suitable for FPGA implementation as it can be implemented using basic logic gates, reported 94% reliability over temperature variations. However reliability over voltage changes is not provided. It consumes 130 slices of a Xilinx Virtex-5 FPGA device for a 64-bit response generation, hence uses twice the hardware resources of the proposed 1-bit PUF ID generator design. The RO PUFs [Merli et al. 2010; Suh and Devadas 2007] and the CRO PUF [Merli et al. 2010] have been implemented on different FPGAs, e.g. Xilinx Virtex-4 and Spartan-3. The hardware resource consumption is at least 384 slices for a 64-bit response. It can be seen that the proposed PUF ID generator design is the most lightweight FPGA-based Weak PUF design reported to date. Moreover, the performance results for uniqueness and reliability show the effectiveness of the proposed PUF design.

7. CONCLUSIONS

In this paper, we have shown that an effective, reliable and low-cost PUF ID generator design is achievable for an FPGA device. A single ID cell fits efficiently within one FPGA slice and can be tailored for instantiation as a hard-macro to achieve balanced routing. The design is the most compact FPGA-based Weak PUF architecture reported to date. An example 128-bit PUF ID generator is implemented on both a Xilinx Spartan-6 and Artix-7 FPGA. It utilizes only half a slice for each 1-bit ID cell which consumes only 8.95% of the overall hardware resources of the Spartan-6 device and 0.81% of the Artix-7 device. The manual characterisation post-processing enhances the reliability of the 128-bit PUF ID generator design from 93.21% to 99.42%
without the requirement of any additional hardware resources. A further improvement to 99.78% is achieved when majority voting is also employed. An automated characterisation method is presented, which improves the reliability of the 128-bit PUF ID generator from 93.93% to 98.74% without the requirement of any additional hardware resources, and 99.60% for the design that employs a majority voting. Overall, experimental results demonstrate high uniqueness, reliability, uniformity and no bit-aliasing with values of 45.60%, 50.60% and 56.48% using characterisation process, and values of 45.60%, 50.54% and 56.58% using a further majority voting.

ACKNOWLEDGMENTS

This work has been supported by the KeyHAS project, the R&D program of IITP/MSIP (Study on secure key hiding technology for IoT devices), and by the SPARKS project, funded by EU 7th Framework Programme (FP7/2007-2013, grant agreement no. 608224; www.project-sparks.eu).

REFERENCES


