Physical cryptographic primitives by chemical vapor deposition of layered MoS2
Abdullah Alharbi, Darren Armstrong, Somayah Alharbi, Davood Shahrjerdi

TL;DR
This paper presents a novel physical cryptographic primitive based on layered MoS2 films synthesized via chemical vapor deposition, leveraging their random layer distribution and optical properties to generate secure cryptographic keys.
Contribution
The study introduces a new class of cryptographic primitives using MoS2 monolayer films with engineered speckle density, demonstrating their potential for security applications.
Findings
The MoS2 film exhibits complete spatial randomness of multilayer islands.
Optical responses depend on the random layer distribution, enabling key generation.
Security tests confirm the keys' uniqueness, reliability, and uniformity.
Abstract
Development of physical cryptographic primitives for generating strong security keys is central to combating security threats such as counterfeiting and unauthorized access to electronic devices. We introduce a new class of physical cryptographic primitives from layered molybdenum disulfide (MoS2) which leverages the unique properties of this material system. Using chemical vapor deposition, we synthesize a MoS2 monolayer film covered with speckles of multilayer islands, where the growth process is engineered for an optimal speckle density. The physical cryptographic primitive is an array of 2048 pixels fabricated from this film. Using the Clark-Evans test, we confirm that the distribution of islands on the film exhibits complete spatial randomness, making this cryptographic primitive ideal for security applications. A unique optical response is generated by applying an optical stimulus…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPhysical Unclonable Functions (PUFs) and Hardware Security · Advanced Memory and Neural Computing · Cryptographic Implementations and Security
NYU] Department of Electrical and Computer Engineering, New York University, Brooklyn, NY
NYU] Department of Electrical and Computer Engineering, New York University, Brooklyn, NY
Physical cryptographic primitives by chemical vapor deposition of layered \ceMoS2
Abdullah Alharbi
Darren Armstrong
Somayah Alharbi
[
Davood Shahrjerdi
[
Abstract
Development of physical cryptographic primitives for generating strong security keys is central to combating security threats such as counterfeiting and unauthorized access to electronic devices. We introduce a new class of physical cryptographic primitives from layered molybdenum disulfide (\ceMoS2) which leverages the unique properties of this material system. Using chemical vapor deposition, we synthesize a \ceMoS2 monolayer film covered with speckles of multilayer islands, where the growth process is engineered for an optimal speckle density. The physical cryptographic primitive is an array of 2048 pixels fabricated from this film. Using the Clark-Evans test, we confirm that the distribution of islands on the film exhibits complete spatial randomness, making this cryptographic primitive ideal for security applications. A unique optical response is generated by applying an optical stimulus to the structure. The basis for this unique response is the dependence of the photoemission on the number of \ceMoS2 layers which by design is random throughout the film. The optical response is used to generate cryptographic keys. Standard security tests confirm the uniqueness, reliability, and uniformity of these keys. This study reveals a new opportunity for generating strong and versatile nano-engineered security primitives from layered transition metal dichalcogenides.
keywords:
security, cryptographic primitives, physically unclonable, \ceMoS2, CVD growth
Modern society demands information security 1. Globalization of supply chains has undermined trust in electronic devices, which were once manufactured entirely by a single trusted factory. Further, the ubiquity of today’s advanced manufacturing poses additional challenges, because such resources are now more accessible to adversaries for developing sophisticated security attacks. A vast number of such attacks are physical 2, 3 and range from counterfeiting to various forms of unauthorized access such as reverse engineering and side-channel attacks. Authentication of electronic devices through unique security keys has become the first line of defense. A security key must be easy to generate and yet impossible to replicate. An increasingly popular method of generating security keys is based on physical cryptographic primitives which leverage the inherent randomness of a structure or a physical process (e.g. manufacturing variability or materials disorders) 4, 5, 6, 7, 8, 9, 10. Applying a challenge (such as an electrical or an optical stimulus) to the cryptographic primitive produces a unique response (a security key). Hence, this concept produces cryptographic keys that are unique for each electronic device.
At present, silicon-based security primitives are widely used due to their compatibility with the complementary metal-oxide-semiconductor (CMOS) technology 10. However, the device variability begins to diminish as a given CMOS technology matures, thereby reducing the effectiveness of these silicon cryptographic primitives. In fact, mature CMOS technologies are increasingly used in many applications ranging from automotive industry to smart gadgets for the so-called Internet-of-Things, thereby leaving them vulnerable to the growing security threats. It is also infeasible for silicon-based primitives to secure many emerging technologies simply due to practical considerations such as material compatibility, robust operation, and cost. Flexible electronics and self-powered sensor nodes are prime examples for such emerging technologies. Hence, there is a need for developing new non-silicon cryptographic primitives that are strong, robust, and versatile.
Nanomaterials offer distinct physical properties which are often nonexistent in silicon. In the past two decades, the continual discovery of new nanomaterials, from carbon nanotubes to two-dimensional (2D) transition metal dichalcogenides (TMDs), has formed the basis for creating the next-generation electronics that are high-speed and low-power 11, 12, 13. However, the variability of nanomaterials remains a practical barrier for making these devices on a large scale 14, 15. On the other hand, this randomness provides an opportunity for making physically unclonable security primitives. This concept is experimentally demonstrated by the recent work of Hu et al. which implements a new electrical cryptographic primitive using the randomness of a carbon nanotube assembly process 16. Beyond carbon nanotubes, the prospects of layered TMDs for security applications are still unexplored.
Here, we introduce a physical cryptographic primitive constructed from layered molybdenum disulfide (\ceMoS2). We used \ceMoS2 as the model system since it has been heavily studied in the family of 2D layered TMDs 17, 18. Figure 1 illustrates the proposed concept. Our approach combines two fundamental phenomena for producing physically unclonable \ceMoS2-based primitives. The first phenomenon is the inherent difference in excitonic emission strengths of a monolayer and a multilayer \ceMoS2, an attribute unique to most semiconducting TMDs as shown in figure 1a. The second phenomenon relates to complete spatial randomness of an ideal island growth, that is inherent to thin film growth techniques. A large-area \ceMoS2 film is produced using a chemical vapor deposition (CVD) process in a layer-plus-island growth mode (figure 1b). Figure 1c shows the photo of a CVD \ceMoS2 film, illustrating two distinct growth regions on the substrate. The region of interest (i.e. region II) is composed of a continuous \ceMoS2 monolayer (1L) with speckles of multilayer (bilayer 2L or few-layer FL) islands. We engineer the growth process to achieve an optimal island density in this region. We confirmed the spatial randomness of the multilayer islands using the statistical test by Clark-Evans 19. The physical cryptographic primitive itself is fabricated as a 2048-pixel array from the film in this region (figure 1d). Application of an optical (laser) stimulus to the security primitive results in random ON and OFF pixels (figure 1e), owing to the spatial randomness of the multilayers and the different photoemission strengths of monolayer and multilayer pixels. Using standard security tests, we confirm the randomness and stability of security keys generated from the proposed physical cryptographic primitive.
Layer-plus-island growth of CVD \ceMoS2
Among the different methods for growing TMDs, CVD techniques have shown better thickness control on a large scale 20, 21, 22, 23. We grew large-area \ceMoS2 films onto 285 nm \ceSiO2 on silicon substrates by CVD from sulfur and \ceMoO3 precursors 24. Figure 1b schematically illustrates the CVD reactor based on the solid-phase precursors. Two distinct growth regions are typically evident along the substrate (see figure 1c), indicating that in this CVD process the growth depends on the distance of the substrate from the \ceMoO3 powder. Region I is the farthest from the \ceMoO3 powder in the reactor, where the optimal growth conditions yield a continuous monolayer. Region II, located closer to the \ceMoO3 powder, is covered by a continuous monolayer film with randomly distributed multilayer islands. According to the surface science of thin film growth, the growth mode strongly depends on the deposition rate of the growth species and the substrate temperature 25. It is known that the growth mode will deviate from the layer-by-layer mode to the layer-plus-island mode once the deposition rate exceeds a critical value. This explains the presence of these two prominent growth modes along the substrate 22, 25. Indeed, the layer-by-layer growth occurs in region I with low Mo vapor pressure and the growth follows a site-saturated growth kinetics (see Supplementary Information). Despite the spatial randomness of the nucleation sites, region I of our samples is sub-optimal for constructing a dense array of random binary code because of the the relatively sparse spatial distribution of the multilayer films grown mostly at the grain boundaries (spacing from 20-80 ). In contrast, region II (closer to the \ceMoO3 powder) is exposed to a higher concentration of \ceMo vapor, resulting in the layer-plus-island growth mode and thus the random nucleation of multilayer islands on the monolayer film, as shown in figure 2a. To produce the physical cryptographic primitive, we engineer the growth process in this region to achieve an optimal surface coverage of the multilayer islands.
Engineering and testing growth randomness
Complete spatial randomness (CSR) is central to constructing strong cryptographic keys in our proposed concept. To test for CSR of the island growth in region II, we apply the statistical test by Clark and Evans 19 on images from this region, taken at an early stage of the multilayer nucleation on the continuous monolayer film, e.g. figure 2a at . If the island growth is CSR, then the distribution of nearest neighbor distances (i.e. the distances between the islands and their nearest neighbor) has a mean and a variance , where is the particle density per unit area. Therefore, we can test for CSR by testing the null hypothesis that the mean of nearest neighbor distances is equal to . Using the two-tailed test for the population mean, we compute the standard -score given by:
[TABLE]
where is the sample mean of the nearest neighbor distances computed with particles. That is,
[TABLE]
where is the nearest neighbor distance of the th island. At a 0.05 significance level, the null hypothesis is to be rejected if or . We calculated typical Z values of about 0.7–1.0 for our samples (see Supplementary Information). Hence, at the 0.05-level of significance, we cannot reject the null hypothesis that the mean nearest neighbor distance is . This suggests that the island growth in region II exhibits CSR, hence all the nucleations are independent and the probability of nucleation is the same everywhere on the surface.
Considering CSR island growth in region II, the Avrami equation 26 can be used to draw insight into the time evolution of island growth. For a growth time , the fractional surface coverage by the multilayer islands is approximated by:
[TABLE]
where the Avrami exponent gives information about the kinetics of the island growth. To analyze the growth kinetics, we prepared several samples with varying growth times while keeping the other processing conditions identical including the sample dimensions and its position relative to \ceMoO3. We then imaged the samples to compute the surface coverage in region II, as shown in figure 2a. Assuming time-invariant growth kinetics, this experiment provides a good approximation of the time evolution of the surface coverage 27. From the optical images, we made two key observations: (i) nucleation is continuous evident from the concurrent presence of thin (mostly 2L) and thick islands in all different stages of the growth, and (ii) the growth is mostly 2D, i.e. the lateral dimensions of islands grow faster than the thickness. Figure 2b summarizes the time evolution of the normalized surface coverage for the monolayer film and the multilayer islands. In this plot, T is the normalized growth time, defined as , where denotes the approximate growth time at which the surface is fully covered by a continuous monolayer and represents the time at which 50% of the monolayer surface area is exposed and the rest is covered by the multilayer islands. In figure 2c, we plotted as a function of , where the slope of the fitted line gives the estimate for the Avrami exponent . We found for our growth experiments, suggesting a 2D disk-shaped growth governed by the surface diffusion. Equation 3 provides a reasonable fit to the experimental data in figure 2b, further confirming CSR of the growth in region II. Further, the inflection point of the fitted curve at corresponds to the cross-over from the isolated island growth to the island overlap growth.
After analyzing the growth kinetics, we adjusted the growth time to obtain \ceMoS2 films with equal surface areas of exposed monolayer film and of the multilayer islands, i.e. . This was done to achieve the maximum randomness in the physical cryptographic primitive and in the security key responses.
Cryptographic key generation
To implement the \ceMoS2 physical cryptographic primitives, we fabricated dense arrays consisting of 3264 pixels from the film in region II (see Methods). These arrays have a pixel size of 2 2 and an equal pixel spacing of 2 . This pixel size was chosen because it is comparable with the dimensions of the state-of-the-art CMOS image sensors 28. Figure 3a shows the optical image of a 2D \ceMoS2 array with 2048 pixels, fabricated on a \ceSiO2/Si substrate. Due to the randomness of the nucleation, the content of each pixel is random. Specifically, a pixel might consist of a monolayer, a multilayer, or a mixture of the two. Figure 3b illustrates the zoomed-in view of three neighboring pixels. These pixels visually look different from one another, indicating their thickness difference. The Raman fingerprint of these pixels in figure 3c confirms the material type (which is \ceMoS2 here) and the corresponding thickness, determined from the distance between the peak position of the in-plane () and the out-of-plane () phonon modes.
After fabrication, the physical security primitive was stimulated using a laser light to generate an optical response. We expect the response to be unique to the cryptographic primitive given the random thickness distribution of the CVD \ceMoS2 and the thickness dependence of the excitonic emissions in \ceMoS2. Specifically, pixels covered mostly by a monolayer film are expected to exhibit strong photon emission (ON pixels), while pixels mostly comprising of a multilayer film are OFF due to their weak emission properties. Figure 3d compares the typical photoluminescence (PL) spectra for three pixels comprising of: (i) full monolayer, (ii) full bilayer, and (iii) 50% monolayer and 50% bilayer. The corresponding optical images are shown in Supplementary Information. The PL spectra were normalized relative to that of the monolayer film. Two key observations are made from this plot. First, the photoemission of the full monolayer pixel is noticeably stronger than the pixel with full bilayer film. Second, the photoemission of the pixel with 50% monolayer coverage is about 1/10th of the pixel with full monolayer. Considering that the photoemission of a bilayer film is stronger than that of a film with three or more layers, the mixed monolayer-bilayer pixel represents the most ambiguous case for classifying a pixel as ON or OFF within an array. Therefore, for ON/OFF classification of the pixels, we set the threshold of the normalized photoemission to 0.1. We measured the corresponding PL spectrum of each pixel and then calculated the total area under the PL emission curve in the wavelength range of 580-770 nm (the integrated photoemission). Figure 4a is the spatial map of the normalized integrated photoemission for a 2D \ceMoS2 array. We then converted the photoemission map to a 2D array of zero and one binary bits by comparing the normalized integrated emission of each pixel with the ON/OFF threshold of 0.1. The extracted 2D random binary code is shown in figure 4b.
Considering CSR of the island growth and the equal surface coverage by the monolayer and multilayer \ceMoS2, it is however expected that the distribution of the ON and OFF pixels shows no or weak dependency on the pixel size and the pixel spacing in the 2D \ceMoS2 array. We confirmed this by fabricating multiple arrays with different pixel sizes and spacings, where the arrays demonstrate equal distribution of random ON and OFF pixels (see Supplementary Information). Hence, the strength of the cryptographic primitive is robust to the pixel choice and spacing choice.
Analyzing security and stability metrics
We next analyzed the security metrics of the 2D binary array. Three important metrics are typically used to evaluate the strength of a cryptographic primitive 29: uniqueness, repeatability, and uniformity.
Uniqueness is the ability of a key to be distinguished from other keys. We use the average Hamming inter-distance to quantify uniqueness. The Hamming inter-distance between two keys is the minimum number of bit substitutions required to transform one key to another. The 32 rows of the 2D binary array are 64-bit security keys to be tested. We compute the Hamming inter-distance of all 496 possible pairs of keys (see Supplementary Information). Figure 4c shows the Hamming inter-distance distribution. A binomial distribution with parameters and provides a good fit based on the Kolmogorov-Smirnov test. The inverse of the binomial distribution at cumulative probability 0.05 is 25. This means that for two randomly generated 64-bit keys, there is a 95% probability that the keys differ in at least 25 bits. Hence, there is a 95% chance that it will require at least 64 choose 25 (or ) worst-case number of attempts to guess an unknown key from another known key.
A random key must also produce a consistent response to a given input challenge. The difference in response of a given binary key to the same challenge is quantified by the Hamming intra-distance, which represents the repeatability of the random binary code. Therefore, the ideal intra-distance is zero. Figure 4c shows the results of the Hamming intra-distance, indicating high repeatability of the \ceMoS2 security keys. The observed bit error rates are measurement artifacts and originate from the limited spatial accuracy of the automated sample stage when measuring the array.
To maximize the combination randomness of a binary array, each pixel should have an equal probability of being ON or OFF. That is, there should be a uniformity in the distribution of ON and OFF pixels in the array, with an ideal proportion of 0.5. Uniformity is quantified by the Hamming weight of the key, defined as the number of bit substitutions to convert the key to an array of all zeros. We calculate the normalized Hamming weight on all 32 64-bit rows of the 2D binary array, and found the average to be 0.48 (see Supplementary Information). The uniformity of the binary array arises from engineering the CVD process to achieve equal surface coverage by monolayer and multilayer.
Finally, the emission properties of the physical cryptographic primitives are unchanged after 6 months storage in ambient air, confirmed by measuring a random sample of 200 pixels, shown in figure 4d. Those pixels were either fully covered by a monolayer or a multilayer \ceMoS2 film. The data indicates that our \ceMoS2 physical cryptographic primitives are highly stable.
Conclusions
We introduced a physical cryptographic primitive based on layered molybdenum disulfide (\ceMoS2). Two fundamental properties underlie this security technology: (i) complete spatial randomness of multilayer island growth during chemical vapor deposition (CVD) of \ceMoS2, and (ii) strong thickness dependence of photoemission in \ceMoS2. These security primitives are easy to produce on a large scale using CVD and yet impossible to duplicate because of complete spatial randomness of the multilayer island growth. The findings of this study can be readily extended for the development of physically unclonable primitives based on other semiconducting transition metal dichalcogenides.
Acknowledgement
This work was supported in part by NSF award 1638598. This research used resources of the Center for Functional Nanomaterials, which is a U.S. DOE Office of Science Facility, at Brookhaven National Laboratory under Contract No. DE-SC0012704.The authors acknowledge C. Black and J. Uichanco for helpful discussions.
Methods
We performed CVD growth using \ceMoO3 and sulfur solid precursors without requiring a growth promoter. The growth was performed using a custom-made setup at 850 °C with a nitrogen flow of 10 sccm. The optimal quantities of \ceMoO3 and sulfur precursors are about 6 mg and 100 mg. In all the experiments, the films were grown in the presence of excess sulfur. The 2D \ceMoS2 array was fabricated using an e-beam lithography step followed by patterning in an \ceCF4/\ceO2 plasma. The 2D arrays were stimulated using a green laser for producing an optical response.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1Perry 2017 Perry, T. S. Why Hardware Engineers Have to Think Like Cybercriminals, and Why Engineers Are Easy to Fool. 2017; Spectrum.IEEE.org [Online]; Published: May 15, 2017
- 2Rostami et al. 2013 Rostami, M.; Koushanfar, F.; Rajendran, J.; Karri, R. Hardware security: Threat models and metrics. Proceedings of the International Conference on Computer-Aided Design. 2013; pp 819–823
- 3Rostami et al. 2014 Rostami, M.; Koushanfar, F.; Karri, R. Proceedings of the IEEE 2014 , 102 , 1283–1295
- 4Pappu et al. 2002 Pappu, R.; Recht, B.; Taylor, J.; Gershenfeld, N. Science 2002 , 297 , 2026–2030
- 5Pham et al. 2007 Pham, H. H.; Gourevich, I.; Jonkman, J. E.; Kumacheva, E. Journal of Materials Chemistry 2007 , 17 , 523–526
- 6Huang et al. 2010 Huang, C.; Lucas, B.; Vervaet, C.; Braeckmans, K.; Van Calenbergh, S.; Karalic, I.; Vandewoestyne, M.; Deforce, D.; Demeester, J.; De Smedt, S. C. Advanced Materials 2010 , 22 , 2657–2662
- 7Han et al. 2012 Han, S.; Bae, H. J.; Kim, J.; Shin, S.; Choi, S.-E.; Lee, S. H.; Kwon, S.; Park, W. Advanced Materials 2012 , 24 , 5924–5929
- 8Blumenthal et al. 2012 Blumenthal, T.; Meruga, J.; May, P. S.; Kellar, J.; Cross, W.; Ankireddy, K.; Vunnam, S.; Luu, Q. N. Nanotechnology 2012 , 23 , 185305
