Hybrid Boolean Networks as Physically Unclonable Functions
Noeloikeau Charlot, Daniel Canaday, Andrew Pomerance, Daniel J., Gauthier

TL;DR
This paper presents a novel Physically Unclonable Function based on a chaotic Hybrid Boolean Network implemented on FPGA, demonstrating high entropy, reliability, and resistance to modeling, with potential for secure hardware authentication.
Contribution
The paper introduces a chaotic Hybrid Boolean Network PUF that exploits transient chaos and manufacturing variations for high entropy and robustness, outperforming existing PUF designs.
Findings
Approximately 50% of maximum entropy extracted.
High uniqueness with inter-Hamming distance of 102.4 bits for 256-node network.
Resistant to modeling by PUFmeter tool.
Abstract
We introduce a Physically Unclonable Function (PUF) based on an ultra-fast chaotic network known as a Hybrid Boolean Network (HBN) implemented on a field programmable gate array. The network, consisting of coupled asynchronous logic gates displaying dynamics on the sub-nanosecond time scale, acts as a `digital fingerprint' by amplifying small manufacturing variations during a period of transient chaos. In contrast to other PUF designs, we use both -bits per challenge and obtain -bits per response by considering challenges to be initial states of the -node network and responses to be states captured during the subsequent chaotic transient. We find that the presence of chaos amplifies the frozen-in randomness due to manufacturing differences and that the extractable entropy is approximately of the maximum of bits. We obtain PUF uniqueness and reliability…
Click any figure to enlarge with its caption.
Figure 1
Figure 2
Figure 3
Figure 4
Figure 5
Figure 6
Figure 7
Figure 8
Figure 9
Figure 10
Figure 11| 4 | ||||
| 5 | ||||
| 6 | ||||
| 7 | ||||
| 8 | ||||
| 16 | ||||
| 32 | ||||
| 64 | ||||
| 128 | ||||
| 256 | ||||
| 512 |
| Response Bit | UB | AS | NS | |
|---|---|---|---|---|
| XOR | 0.468 | 0.298 | 0.249 | 0 |
| 0th | 0.469 | 0.316 | 0.246 | 0 |
| Challenge | Node 1 | Node 2 | Node 3 |
|---|---|---|---|
| 001 | |||
| 010 | |||
| 011 | |||
| 100 | |||
| 101 | |||
| 110 |
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
\history
Date of publication xxxx 00, 0000, date of current version xxxx 00, 0000.
\tfootnote
This work was supported by the Department of the Army through award number W31P4Q-19-C-0014 and by (for NC and DJG) Asymmetric Technologies, LLC through the project ‘Resilient and enhanced security UAS flight control’ supported by the Ohio Federal Research Network. A patent was filed based on this work under PCT/US2020/027072 for Systems and methods using hybrid Boolean networks as physically unclonable functions.
\corresp
Corresponding author: Noeloikeau Charlot (e-mail: [email protected]).
Hybrid Boolean Networks as Physically Unclonable Functions
NOELOIKEAU CHARLOT1
DANIEL CANADAY2, ANDREW POMERANCE3, AND DANIEL J. GAUTHIER
4 (Member
IEEE)
Ohio State University, Department of Physics, 191 West Woodruff Ave, Columbus, OH 43202, USA, (e-mail: [email protected], [email protected])
Potomac Research, LLC, 801 N Pitt St #117, Alexandria, VA 22314, USA (e-mail: [email protected], [email protected])
Abstract
We introduce a Physically Unclonable Function (PUF) based on an ultra-fast chaotic network known as a Hybrid Boolean Network (HBN) implemented on a field programmable gate array. The network, consisting of coupled asynchronous logic gates displaying dynamics on the sub-nanosecond time scale, acts as a ‘digital fingerprint’ by amplifying small manufacturing variations during a period of transient chaos. In contrast to other PUF designs, we use both -bits per challenge and obtain -bits per response by considering challenges to be initial states of the -node network and responses to be states captured during the subsequent chaotic transient. We find that the presence of chaos amplifies the frozen-in randomness due to manufacturing differences and that the extractable entropy is approximately of the maximum of bits. We obtain PUF uniqueness and reliability metrics = 0.400.01 and = 0.050.00, respectively, for an network. These metrics correspond to an expected Hamming distance of 102.4 bits per response. Moreover, a simple cherry-picking scheme that discards noisy bits yields while still retaining bits/response (corresponding to a Hamming distance of bits/response). In addition to characterizing the uniqueness and reliability, we demonstrate super-exponential scaling in the entropy up to and demonstrate that PUFmeter, a recent PUF analysis tool, is unable to model our PUF. Finally, we characterize the temperature variation of the HBN-PUF and propose future improvements.
Index Terms:
Chaos, Physically Unclonable Function (PUF), Field Programmable Gate Array (FPGA), Autonomous Boolean Network (ABN), Hybrid Boolean Network (HBN)
\titlepgskip
=-15pt
I Introduction
Physically unclonable functions (PUFs) are an emerging technology that extract randomness, or entropy, from uncontrollable manufacturing variations in the physical structure of identically produced devices [1, 2]. PUFs use this entropy to reliably generate a ‘digital fingerprint’ - a unique sequence of 0’s and 1’s known as a bitstream - that is produced by the device but never stored [3]. In practice, PUFs are often circuits embedded in other devices that reliably map an input (or challenge) to an output (or response) in a way that is unique to a particular copy (or instance) of the device.
For example, the start-up behavior of static random-access memory (SRAM) produces an identifying bit pattern suitable for use as a PUF [4]. Ideally, this identifying behavior cannot be reproduced (or cloned), either because it is physically impossible to recreate the same conditions in another device, or because it is mathematically impossible to accurately predict the PUF’s behavior. In summary, we highlight three practical properties of PUFs:
- •
Uniqueness: Responses from different instances to the same challenge are different enough to distinctly identify each instance;
- •
Reliability: Responses from an individual instance to the same challenge are similar enough to consistently identify that instance;
- •
Unclonability: The challenge-response pairs (CRPs) of an individual instance cannot be: (1) physically replicated by another instance, or (2) inferred from knowledge of the device manufacturing process or previously revealed CRPs.
In early work, PUFs were constructed using complex optical scattering devices or custom fabricated silicon chips [5]. More recently, there is an industry trend toward using reprogrammable devices such as field-programmable gate arrays (FPGAs) for PUF-based IP protection. For example, IntrinsicID offers the commercially available ‘butterfly PUF,’ an SRAM-PUF embedded directly into some manufacturers higher-end FPGAs [6].
However, SRAM-PUFs, such as the butterfly PUF, are ‘weak’ in the sense that there are relatively few CRPs obtainable per device (in this case resulting from the static initialization of each memory cell at power-up) [2]. As a result, their use for authentication purposes are limited because an attacker can clone the device by obtaining the full set of CRPs in a short amount of time. ‘Strong’ PUFs, on the other hand, contain a relatively large number of independent CRPs, making attempts to extract or predict all of them a difficult or impossible task [7]. Moreover, the design and practical implementation of strong FPGA-based PUFs remains an open problem [1].
Modern PUF proposals have also started to explore chaotic dynamics as an additional source of entropy [8, 9, 10]. Chaos is characterized by a exponential divergence between initially similar trajectories. As discussed in more detail below, this behavior can be used by a PUF to amplify the entropy available from the small physical variations inherent in any manufacturing process. Moreover, we hypothesize that chaos provides resilience to machine learning due to the existence of ‘fractal basin boundaries’ [11], which is a phenomenon in chaotic systems in which dividing lines between different behaviors have a fractal structure. In the standard interpretation, this means that an infinitesimal change in the initial conditions of the system does not yield a smooth change in the asymptotic behavior of the system; instead, the system may evolve to a disjoint attracting set. We hypothesize that a chaotic PUF has a similar behavior with respect to the system parameters, such that an infinitesimal change does not yield a smooth change in the measured response. Hence, even marginal uncertainty in the system parameters changes the entire class of possible outcomes, likely confusing attempts at prediction.
Finally, many PUFs incorporate asynchronous (unclocked and analog-like) logic into their design [2, 1]. Asynchronous logic can require fewer resources (time, area and power) than conventional synchronous circuits governed by a global clock. Morevoer, compared to synchronous designs, asynchronous designs are much more sensitive to manufacturing variations. This is because clocked operations are stabilized by waiting an entire clock period before the next operation, so that any variations in, e.g., rise time or signal propagation time are eliminated. On the other hand, dynamical properties of even simple unclocked systems such as the frequency of a ring oscillator depend sensitively on variations in rise and fall times. In general, combinatorial loops can be designed that operate at the maximum frequency allowed by the hardware, where the dynamics are most sensitive to manufacturing variations. Thus, asynchronous PUFs are useful as compact, low-power cryptography primitives.
I.A This Work
In this paper, we propose a design for a strong, chaos-enhanced, asynchronous PUF and demonstrate its implementation on an FPGA. Our PUF is based on a network of coupled, unclocked logic gates known as an autonomous Boolean network (ABN) combined with a clocked digital control and readout layer, forming what we call a hybrid Boolean network (HBN, HBN-PUF). The HBN-PUF can be incorporated into existing FPGA designs without specialized hardware, having a resource count proportional to the number of nodes in the network . The unique properties of the HBN-PUF compared to existing strong PUF proposals are:
- •
The HBN-PUF produces (or potentially more) response bits per -bit per challenge. Thus, extracting secrets of a given length requires the number of queries, which translates into time, storage and network traffic efficiency. Moreover, the additional bits per response can be used for error correction and improving environmental resilience, and the multi-dimensional response space and possible fractal basin boundaries will likely frustrate machine learning attacks.
- •
Unlike many conventional PUFs, such as delay-line PUFs [2], the HBN-PUF does not require carefully constructed circuit paths with specified delay characteristics; rather, automatic placement of circuit elements by standard vendor-supplied compilation and synthesis tools yield usable HBN-PUFs.
- •
The ABN part of the HBN-PUF exhibits picosecond-scale asynchronous transient-chaotic dynamics. Because of these ultra-fast dynamics, response readout occurs in less than 10 ns, which has important practical applications because the number of CRPs required for strong industrial-scale enrollment can be obtained in a short time.
The paper is organized as follows. Our proposed HBN-PUF design is described in Sec. II, with a discussion of the circuit and data collection process in Sec. II.A and the physical origins of PUF behavior in Sec. II.B. Section III is devoted to experimentally characterizing the HBN-PUF behavior by measuring its uniqueness and reliability (III.A), entropy scaling (III.B), resilience to machine learning (III.C), and temperature variation (III.D). Section IV concludes with a brief discussion and future work. Supporting materials are given in the Appendix, including the hardware description language code that instantiates our design.
II Proposed HBN-PUF Design
\Figure
[!h](topskip=0pt, botskip=0pt, midskip=0pt)[width=5.in]charl1.pdf Proposed HBN-PUF design. The studied XOR-ABN topology is shown in the upper left, and the logic of an individual node in the upper right. Shown in the bottom are the clocked logic used to apply the challenge and the tapped delay line used to select the response. The specific connections between nodes (i.e, the identity of nodes ) are governed by the topology of the network; shown is an regular random graph of degree 3.
Our proposed design is shown in Fig. II, which consists of a network of coupled ‘nodes’ and a clocked digital readout and control layer, forming an HBN. Each node is a combinatorial logic circuit that takes as input the outputs of other nodes in the network and a global reset signal; we refer to the output of this circuit as the ‘state’ of each node in the network. When the reset signal is high, the state of the node is the corresponding bit in the challenge string, and the state of the entire network is exactly equal to the challenge string . When the reset signal is low, the state of the node is given by the XOR of the states of its input nodes and the entire network is a large recurrent combinatorial loop that evolves in time without a clock (i.e., autonomously). Typical clocked digital logic circuits constrain voltages to be near logic high or low most of the time so that the output voltages of a gate is near logic high or low. In contrast, the individual semiconductor devices in an ABN act as highly nonlinear input-output devices with analog (but Boolean-like) dynamics, and the voltages take on a continuous range of values between logic-high and -low. During this time, the digital readout layer captures a Booleanized representation of the true analog network state in discrete time intervals. A single state at the optimal time of measurement is then selected as the response .
In contrast to other PUF designs, we stress that the challenge and response are both -bit strings, specifying the network’s initial condition and Booleanized state in a chaotic transient, respectively. Thus, there are response bits for each of challenges. Hence, the number of extractable bits from the HBN-PUF may scale super-exponentially as , yielding a strong PUF.
II.A Design Specifics and Data Collection
For the specific HBN considered in this work, each node takes exactly 3 inputs, and the combinatorial function is the 3-input XOR, as shown in the upper right of Fig. II. Both of these design choices are flexible. The XOR function is chosen because it is maximally sensitive to its inputs, and the output is balanced between high and low; the overall bias of the response can be controlled by replacing the XOR with a Boolean function that has more or fewer high outputs. Three inputs were chosen in order to fit within a Cyclone V logic element; more or fewer inputs can be used to match the layout to other FPGA architecture details. Moreover, structure can be applied to the network (such as ring topologies [12]) to fine tune statistical and performance properties of the resulting response. These aspects will be explored in follow up papers, but in this work each node’s XOR gate takes the output of three nodes ( in Fig. II), randomly chosen without replacement from among the other nodes, and in turn its multiplexer feeds the XOR gate of three other nodes ( in Fig. II). When the clocked reset signal is low, the multiplexer passes the node’s XOR gate. When the reset signal is high, the node’s multiplexer holds the initial condition, which is given by a corresponding bit of the challenge. In this way, the analog state of all nodes in the network are initially held fixed to the digital -bit challenge string C, described mathematically as
[TABLE]
The HBN stabilizes to the initial condition nearly instantaneously, but we hold it there for several MHz clock cycles of holding Reset high. The dynamics are then enabled by setting the Reset signal low, causing each multiplexer to pass the output of the autonomous XOR gate that feeds it. The network then evolves continuously in time and each XOR gate updates asynchronously based on the analog voltage of its neighbors.
During this time, the HBN dynamics are measured by sending the Reset signal down pairs of inverter gates (i.e., a delay line). An associated register is triggered after the delayed Reset signal passes over a given pair of inverters. Each register Booleanizes the analog state of the HBN at that time and stores it digitally. This results in a sequence of -bit Boolean state vectors in memory recording the bitstream produced by the network .
Here, ns is the mean delay time of a single inverter-gate, which is similar to the timescale of the XOR gate and multiplexer operations. Thus, the bitstream is sampled at a similar rate as the HBN dynamics, in roughly ns intervals. However, like all logic elements, each delay is subject to manufacturing variation, and so the sampling rate is not completely uniform. This also contributes to the manufacturing variation that gives rise to PUF behavior. Moreover, by using pairs of inverter gates rather than a clock source, the delay through the delay line varies with temperature and voltage in a similar way to the dynamical timescale of the nodes in the network. Thus, the delay line imparts some robustness to environmental variation.
The response R is selected from among this bitstream as a single state of the network at an optimal point in time during the chaotic transient
[TABLE]
where is an element-wise thresholding operation, corresponding to the Booleanization of the real-valued performed by the registers. The details of determining are discussed in Sec. III.
II.B HBN Dynamics and PUF Behavior
If each logic gate in an HBN were synchronously updated by a global clock, it would execute the digital Boolean XOR function exactly, and node states would take on discrete values 0 or 1 at each clock cycle. In this mode, the state at each discrete time step would be exactly determined by the -bit Boolean state at the previous time step, and the entire network would act as a pseudo-random number generator. However, because the logic gates are unclocked, their inputs can change at the same time that they are transitioning between logic high and low. As a result, nodes have the potential to take on intermediate logic values (analog voltages) [13]. Thus, the dynamics of nodes are better described by continuous differential equations that model the rise and fall times resulting from the finite capacitances and resistances in the devices, and not by discrete Boolean dynamics. Moreover, the state at a specific time is not given by the states of its inputs at the current time, but rather by time-delayed versions, due to the finite speed at which signals propagate along interconnects. Taken together, this causes the asynchronous XOR gate to behave as a highly nonlinear input-output device that multiplies signal edges, which quickly causes the dynamics to reach the maximum switching frequency allowed by the hardware [14, 15].
Under these conditions, the network dynamics become highly sensitive to amplitude fluctuations about the intermediate voltage value. Here, small perturbations to the voltage at the XOR gate, such as those due to manufacturing variation, noise, and differences in initial conditions, will cause the time at which the node switches between logic high and low to vary, resulting in previously similar waveforms diverging. As a result, ABNs consisting of XOR gates can exhibit chaos even in small networks[16]. When combined with a digital readout and control layer to form an HBN, they have been used as ultra-fast true-random-number generators (TRNGs) capable of a Gbit/s entropy rate[12].
Based on past research and the discussions above, we identify three sources of entropy in XOR-HBNs related to PUF behavior:
Frozen-in heterogeneity (manufacturing differences), 2. 2.
Thermal and charge fluctuations (noise), and 3. 3.
Deterministic chaos (unpredictability and nonlinear amplification of timing differences)
Each source of entropy produces variations in the bitstream generated by the digital readout layer of the clocked portion of the network. However, each source has a separate physical origin as discussed in the rest of this section.
\Figure
[!htb](topskip=0pt, botskip=0pt, midskip=0pt)[width=5.0in]charl2.pdf (a). (blue) and (red) vs time. Light lines correspond to the metrics calculated on a single PUF class (i.e., choice of random network and placement on an FPGA) for an node HBN-PUF, and the dark lines correspond to the average values calculated over all PUF classes (i.e., the average expected behavior for an random, 3-input HBN-PUF). (b) vs time, with same definitions for light and dark lines. The highlighted is the time at which the average is maximum. We note, however, that there is some variation in the specific for each PUF class.
Frozen-in heterogeneity is due to small variations in the physical properties of the wiring and logic elements and it is this source of entropy that forms the primary basis of PUF behavior. Slight physical differences between nodes and wires - such as node input impedence, switching rate, and signal propagation time - alter the time at which the analog voltage of individual nodes cross the logic threshold for nominally identical inputs. The effect of these manufacturing variations are more pronounced at the ultra-fast time scale of the dynamics, which become distinctly correlated with the unique physical characteristics of an individual device. Such correlations produce the identifying information used to distinguish different FPGAs programmed with the same HBN design. They are quantified by the uniqueness parameter (Appendix A.C, (9)).
Thermal and charge fluctuations are sources of time-dependent stochastic behavior (often referred to as ‘noise’), which reduce the reliability of the PUF. Noise perturbs the amplitude of the logic gates in the asynchronous portion of the network and changes the times at which nodes cross the threshold separating logic high from logic low. If a transition is near the time at which the readout logic registers the node state, small variations in the threshold crossing time can change a registered zero to a one or vice versa. This alters the bitstream of a single device under repeated measurement, introducing unreliability quantified by (Appendix A.C, (8)).
Chaotic systems have a positive entropy rate separate from noise and manufacturing variations, which serves to amplify both of these sources of entropy. The entropy attributed to chaos is due to the finite precision of physical measurements and the exponential sensitivity of chaotic systems to initial conditions. Any physical measurement of initial conditions has a necessarily limited precision, and so two trajectories measured to have the same initial conditions will diverge due to the unmeasurable differences in the true initial state of each system. Chaos thereby magnifies any small differences in the applied challenge over time, acting as a nonlinear amplifier of the other sources of entropy and contributing to the unclonability property.
These three sources of entropy are visible in Fig. II.B(a), which is a plot of and vs. measurement time. Frozen-in heterogeneity is illustrated by the separation between and at very short measurement times, noise is illustrated by the fact that is non-zero, and the effect of chaos is illustrated by the fact that both measures grow exponentially until saturating at 0.5. In the next section, we discuss finding that balances these competing effects.
III ABN-PUF Performance Statistics
To be an effective PUF, the entropy rate due to the frozen-in heterogeneity of the HBN must be greater than the noise-induced entropy rate. This is captured by the metric
[TABLE]
which is plotted vs. time for in Fig. II.B(b). There is an optimal time of measurement for which the network has coupled sufficiently to manufacturing variations to act as a unique identifier (), while remaining unperturbed enough by noise to be reliable (, defined by
[TABLE]
All future statistics are calculated from the network state at this time. In practice, we find ns for the networks studied, with slowly increasing with network size . Note that is calculated exactly once over an entire PUF class and represents a characteristic timescale of the HBN dynamics. Further, we do not observe significant variation in or due to differences in the layout of the network or delay line, as demonstrated in Fig. II.B and described in Appendix A.A.
In the remainder of this section, we study the performance statistics of the proposed HBN-PUF, including its reliability and uniqueness (III.A), entropy (III.B), resilience to machine learning (III.C), and temperature variation (III.D). Corresponding definitions and experimental procedures are elaborated in Appendices A.A-A.G.
III.A Reliability and Uniqueness
Reliability and uniqueness are standard means of gauging PUF performance [1]. The average fraction of dissimilar bits between responses of different PUFs to a given challenge is ideally 0.5 (random). It is known as ‘uniqueness’ and described by . Likewise, the average fraction of dissimilar bits between responses of a fixed PUF to a given challenge, known as ‘reliability’ (), is ideally 0 (no error). To gauge these measures, we study the pairwise difference between HBN-PUF responses to various challenges; see Appendix A.C for details.
\Figure
[!hbt](topskip=0pt, botskip=0pt, midskip=0pt)[width=6.0in]charl3.pdf Challenge-response histograms for network sizes (a) , (b) , (c) . We plot (8) and (9) (see Appendix A.C), the means of which are and , respectively.
Figure III.A shows the number of unique challenge bitstrings yielding response pairs differing on average by the given fraction (bottom axis) or number of bits (top axis) for three different PUF sizes, , 256, and 1024. Two histograms are plotted, where the differences are calculated with respect to the same chip (red) and with respect to other chips (blue). Eight different chips were used to estimate . There appears clear separation of intra- and inter-device distributions, indicating vanishing false-positive rate for authentication using both network sizes, especially as increases. This means that our PUF is well-suited to authentication. Furthermore, fewer challenges () are required for authentication than with single-bit PUFs since the HBN-PUF produces -bit responses.
In practice, we find that is driven by a relatively small, fixed subset of nodes (where the subset depends on the chip and the response). We hypothesize that these nodes are in a metastable state at the measurement time , and that a cherry picking error correction scheme [17] that removes these error-prone bits from the response can be highly effective. This is illustrated in III.D and will be studied more extensively in future work.
III.B Exponential Scaling of Entropy with Network Size
Entropy is of central importance in determining the cryptographic and security properties of a PUF [18]. The HBN-PUF, with its multiple bits per response, presents unique challenges to entropy estimation that will be discussed in future work, but in this section we apply previously reported entropy estimation techniques adapted to the HBN-PUF. A PUF can be idealized as a table that gives the response corresponding to a given challenge (called the ‘CRP table’ below). For most strong PUFs, the number of challenges (i.e., the number of rows in the CRP table) grows as , and each response is a single bit so the CRP table for a given PUF realization can be described by a binary string of length . For the HBN-PUF, on the other hand, each row in the CRP table is itself an -bit string so the entire CRP table is described by an -bit string. Estimating the distribution of binary strings of length is infeasible even for relatively small ; however, we can apply entropy estimates from the PUF literature that make assumptions about this distribution–, , and (see Appendices A.D-A.F). We do not report the values of below because in nearly all cases it produces full entropy and is never below or .
The most basic measure is the minimum entropy , which assumes no correlations between bits and responses and serves as a median. The joint entropy does not assume independence, but does assume that all correlations are pairwise and that no other higher-order correlations exist. Finally, the context-tree weighted entropy serves as an upper bound by generating a minimum-length compressed binary string encoding the CRP behavior. We plot the first two of these quantities as a function of in Fig. III.B and Table I, observing that , which is true by definition.
\Figure
[!hbt](topskip=0pt, botskip=0pt, midskip=0pt)[width=6.5in]charl4.pdf Entropy (a) measures and (b) densities of HBN-PUF classes as a function of network size . Violin plots are over the distribution of classes, and solid lines indicate an average over classes.
Table I records the entropy and entropy density, or , defined as the fraction of the observed entropy to the maximum possible entropy . We see that the entropy density for our median estimate hovers around 0.6, suggesting that the number of extractable bits is roughly and hence that the min entropy scales super-exponentially with network size. Note however that there are theoretical bounds to the maximum entropy of PUFs and indeed any physical system, with arguments to be made that the entropy must be bounded polynomially by its size, such as the number of atoms [7]. What our measurements show is that in the range , for which entropy measures are calculated exactly over all possible CRPs, we observe super-exponential scaling with . Outside this region, the entropy is computationally infeasible to calculate, and the reported values are extrapolations from limited measurements - which may not reflect the true entropy bounds of the system.
The inset to Fig. III.B illustrates the distribution of these entropy measures over 80 PUF classes for the exactly calculable network sizes (see Appendix A.A). We observe that there is significant variation in the entropy estimates at very small PUF sizes, and that the joint entropy estimate in this region is approximately of full entropy. Note, however, that the joint entropy density increases and tightens as increases. We expect it to approach for larger networks.
We expect to approach for two reasons. Firstly, larger networks () consistently exhibit chaos, while small ABNs () may enter non-chaotic periodic regimes [13] that induce pair-wise correlations. Secondly, there exist certain challenge strings that are steady-state fixed points. For the odd-input XOR functions used in this work, the all-zero and all-one challenge strings are fixed points; this can be seen since the output of the 3-XOR is zero or one if all its inputs are zero or one. (In the case of an even number of inputs, the all-one challenge is not a fixed point.) These trivial fixed points are filtered by our analysis, but there may exist other fixed points based on the details of the network wiring diagram that would need to be searched for via Boolean satisfiability algorithms which is not done in this work. We expect the density of these fixed points to go to zero as , but a non-negligible fraction of the challenge space at the industrially-irrelevant network sizes shown in the inset may be steady-state fixed points that reduces the entropy. We see some evidence of this in the observed tightening of both entropy distributions with increasing , and by the super-exponential growth of the extrapolated curve at larger sizes (see Appendix A.D).
Investigating these hypotheses and developing other means of estimating the entropy from limited samples for large networks is the subject of future work, as the exponential growth of the challenge space prevents full exploration even in principle.
III.C Machine Learning Attack with PUFmeter
PUFmeter [19] is a recently designed machine learning platform used to assess the security of a PUF. It attempts to learn the challenge-response behavior of a given PUF using probably-approximately-correct learning, and indicates whether a PUF’s behavior can be learned and hence is susceptible to various attacks without actually performing specific attacks. The theory behind PUFmeter is based upon single-bit responses. For this reason, we use PUFmeter to assess the security of an individual bit of our responses to an attack, as well as the XOR of our entire response string. These results are presented in Table II.
In Table II, is the minimum number of Boolean variables usable by PUFmeter to predict the response to a given challenge. Because , PUFmeter is unable to model the behavior of the HBN-PUF. The noise upper bound, average sensitivity, and noise sensitivity are used to gauge the theoretical bounds for the types of attacks that are expected to be possible. From these results, PUFmeter indicates that an HBN-PUF may be susceptible to a Fourier-based attack.
Summarizing, the observed super-exponential entropy scaling, the presence of chaotic nonlinear dynamics, and the failure of PUFmeter to model our PUF suggests that the behavior of the HBN-PUF may be resilient to machine learning attack. We have attempted machine learning attacks, including deep learning-based methods and model-based attacks, which have also failed and will be described in future publications. Further study is required to explicitly rule out any given attack, such as Fourier-based attacks and side-channel attacks. In such cases, instantiating multiple HBN-PUFs on the chip may obscure the power supply draw or the EM radiation emitted due to the chaotic transients of nearby networks.
III.D Cherry Picking and Temperature Variation
\Figure
[!htb](topskip=0pt, botskip=0pt, midskip=0pt)[width=5.25in]charl5.pdf (a) The number of cherry picked stable bits vs. time for an network. Stable bits are those that have less than 1% error rate. (b) calculated with respect to a room temperature enrollment (20 C) vs. measurement time for the same network when queried at different temperatures. Dashed lines correspond to calculated without cherry picking, and solid lines are with cherry picking.
A simple method of reducing errors is to mask out unreliable bits on a per challenge and per device basis, an approach known as cherry picking [17]. That is, at enrollment, each PUF is queried multiple times (100 in this case) and any bits that vary are discarded; the bit mask used to discard bits is stored as helper data for reconstructing the PUF response at query time. Fig. III.D(a) shows the number of bits retained by this procedure (termed ‘stable bits’) as a function of measurement time. As can be seen, for measurement times up to about 7 ns, more than half of the 256 bits are stable at an error rate of less than 1%.
We illustrate the usefulness of this cherry picking approach when querying the HBN-PUF at different temperatures, which is an important practical concern when comparing PUFs in different environmental conditions or over long operating times [20]. A single HBN-PUF on a single chip was enrolled at room temperature (20 C), and was calculated with respect to this enrollment at three additional temperatures (-20 C, 0 C, and 40 C, see Appendix A.G). This is plotted vs. measurement time in Fig. III.D(b) in dashed lines, and compared to a control of a second collection at 20 C (black). We see that indeed there is an increased error rate compared to the control. It is significant in the case of raw data; however, the cherry picking procedure (solid lines) does significantly reduce the error due to temperature variation.
The HBN-PUF has some degree of environmental stability due to the use of the delay line for triggering the capture of the network state. Because the delay line is based on the same digital logic building blocks as the rest of the ABN, it is likely affected by temperature and voltage effects (e.g., changing rise, fall, and signal propagation times) in a way similar to the rest of the ABN. Thus, if the entire network sped up or slowed down, the delay line would speed up or slow down in a commensurate way. Contrast this with, e.g., an external, temperature-stabilized clock signal. Early designs using a clock signal rather than delayed reset showed close to 50% for small temperature changes, but the delay line design is much more robust.
Strategies to reduce environmental variation, as well as experiments to test voltage sensitivity and aging effects, are future work for the HBN-PUF. Referring to Fig. III.D, we see that there is a trade-space between entropy/response (i.e., shorter measurement time corresponds to less entropy), error rate, bits/response, and effect temperature range that can be optimized over for specific applications. This observation suggests that we can trade some of those bits for error correction ability to reduce errors to a level needed for key exchange because of the large number of bits available per response. Moreover, the temperature effects do not appreciably change the overall behavior of the PUF. That is, there exists a (that is constant for a PUF class over temperature) corresponding to at any given temperature; it is changes to the specific bitstream, not differences in qualitative behavior, that drives these errors. As a result, a temperature-aware enrollment protocol, in which the HBN-PUF is enrolled at multiple temperatures may be applicable [21].
IV Conclusions and Future Work
In summary, we present a novel HBN-PUF design that maps the challenge-response mechanism of the PUF onto the full state-space of a chaotic dynamical system (the HBN). The HBN-PUF represents an improvement in the state-of-the-art for strong PUFs several ways. First, to our knowledge, the HBN-PUF is the only strong PUF proposal that produces multiple bits per response, thus reducing time, network, and storage resources for authentication and key exchange. This will also likely frustrate machine learning attacks, as illustrated by our tests with PUFmeter, because the attacker will need to guess an -dimensional Boolean vector instead of a one-dimensional one. Second, the HBN-PUF is fast: response readout occurs in less than 10ns, which combined with the multiple bits per response, means that Gbps key generation rates are easily achievable. Finally, the HBN-PUF is relatively insensitive to placement on the FPGA chip and resource usage scales linearly with the size of the PUF. As a result, or larger HBN-PUFs are easily realizable within resource constraints on modern low-end FPGAs (Cyclone V), but could produce upwards of independent cryptographic keys at a rate of 100 Gbps. This is fast enough so that, for instance, modern communications networks could be one-time pad encrypted with HBN-PUF output, but with such a large CRP space that it would take many lifetimes of the universe to exhaust the entropy.
The HBN-PUF has many attractive properties that suggest that it could be a true, machine-learning resistant and practical strong PUF. However, there remain substantial questions to be addressed in future work. The most obvious is further environmental testing and development of error mitigation strategies that are applicable to the HBN-PUF. On a more theoretical level, the multiple bits per response stress existing entropy estimation methods and will require new techniques to more accurately lower-bound the actual extractable entropy. Moreover, we need to test and confirm the hypothesis that HBN-PUFs are in fact chaotic to prove the security properties of the HBN-PUF. We have developed models of HBN-PUFs that can reproduce the behavior described here, which will appear in a follow up study, and we will use these models to execute model-based attacks to demonstrate machine learning resistance. In addition to this theoretical work, a study of the effects of the network layout (e.g, random vs. ring vs. other possible topologies) and detailed placement of the HBN-PUF elements in terms of the optimal measurement time and entropy per response will also appear in follow up work.
Appendix A
A.A Experimental Procedure
The HBN-PUF is created by coding our design using the hardware description language Verilog (code in Appendix A.H) using the Quartus CAD software, which compiles our code with automatic placement and routing chosen by its optimization procedure. We then program separate DE10-Nano SOCs hosting Cyclone V 5CSEBA6U23I7 FPGAs with the same .sof file. This ensures each FPGA instantiates an identical copy of our PUF in both layout and design, meaning the only variations of instances within a PUF class are due to variations in the manufacturing of the FPGAs.
For each network size , we instantiate different HBN-PUF classes, where each class corresponds to a particular network topology randomly drawn from the set of possible regular graphs of degree 3 ( draws) and/or a particular location of the PUF on the chip ( PUFs per random graph). These draws are performed using custom Python scripts and the numpy.random module and written to the indicated positions in the Verilog file in Appendix A.H.
In order to reduce the dependence on random seeds in the CAD’s optimization procedures for the experiments presented here, we fix the locations of the nodes in the network to specific logic elements on the chip (which are randomly chosen from within a grid) but nothing about the HBN-PUF’s behavior requires detailed control of node placement. For , ; else, . For all sizes, . We create one .sof file per random graph and place PUFs at different locations (each with the same graph layout) on the chip in order to populate the distribution of HBN-PUFs. We find that the variation due to location is comparable to the variation due to graph layout, and so treat these on an equal footing; this yields a total of different HBN-PUF classes for and HBN-PUF classes for .
The Cyclone V chips that we use have an integrated hard processor running Linux. We therefore use Altera’s Avalon interface to make the PUF accessible to the Linux system and collect CRPs using custom C code that presents to each PUF via this interface to set the initial state of a given HBN. The HBN is held at a challenge for several MHz clock cycles due to synchronous controller logic and to stabilize the dynamics of the autonomous nodes. The network is then released and evolves for a short time during the transient phase, and the state is registered at a given delay time by choosing the length of the delay line via a multiplexer. The response is transferred and and the PUF is reset to the same challenge. The entire process is repeated times before moving to the next challenge, so that the total number of applied challenges to each HBN is equal to .
Peculiar to the XOR function, there are two steady-state fixed points corresponding to when the network is all 0 or all 1. These fixed points are discarded from the challenge space as they have no entropy, however they can be used to identify ‘glitchy’ PUF classes. That is, since the HBN-PUF violates most commonly accepted design rules (in particular the guidance against large combinatorial loops), occasionally the Quartus software produces glitchy designs. If a given PUF class does not produce all-ones or all-zeros as the response to an all-one or all-zero challenge, we discard the PUF class from consideration. This occurs approximately 10% of the time. All metrics are calculated using the valid challenges, . For , . For , unique and randomly selected valid challenges. In all cases, .
These parameters are used for all experimental data collection unless otherwise noted.
A.B Formal Challenge-Response Definitions
Let be a particular PUF instance belonging to the set of all PUF instances of a particular PUF class. The response R is a random variable mapping from the set of all possible physical states of PUF instance to the set of all binary strings of length , denoted . Specifically, the response takes as input a particular state of PUF instance resulting from challenge .
We characterize the reliability and uniqueness of by studying the distributions of R for various and C. That is, we study how our design performs as a PUF by comparing responses from individual and different instances on a per-challenge basis using the metrics defined in the next appendix.
A.C Intra- and Inter-Device Statistics Definitions
The degree to which two binary strings are different is given by the Hamming distance:
[TABLE]
where A and B are the two binary strings to compare, of length , A(i) and B(i) refer to the -th bits of A and B, respectively, and is the XOR function. For random strings, the Hamming distance is on average . Moreover, it is convenient to normalize the Hamming distance by : . For random strings A and B, .
Consider two different responses from the same challenge string . These responses may result from applying the same challenge string to the same PUF instance (indexed by ) two different times (indexed by for repetition), and , or they may result from applying the challenge exactly once to two different PUF instances, and . Repeated application used to gauge reliability: a single PUF instance should ideally produce identical responses when presented with the same challenge (i.e., for all , and ). Applying the same challenge to different PUF instances is used to gauge uniqueness: two different PUF instances should give responses to the same challenge which, when compared, appear random and uncorrelated. In terms of Hamming distances, (although this does not capture correlations in bits).
For clarity we summarize these indices:
- •
: Distinct challenge;
- •
: Separate applications of distinct challenge;
- •
: Separate PUF instances.
If we take each response to be an -bit string, then the fraction of dissimilar bits between the two responses is denoted as
[TABLE]
[TABLE]
Above, (mnemonic ‘reliability’) is the intra-device fractional Hamming distance between responses for the fixed PUF instance resulting from applications and of challenge . Likewise, (mnemonic ‘uniqueness’) is the inter-device fractional Hamming distance between responses of PUF instances and resulting from the fixed application of challenge .
To obtain distributions of these distances on a per-challenge basis, we average over the pairwise combinations used to construct them, and then further average over the remaining indices to obtain mean measures of reliability and uniqueness . Specifically, if we let indicate the average of a quantity over indices , then
[TABLE]
[TABLE]
We record a time series of -bit strings representing the time evolution of the network, so that the metrics introduced above exist at every measurement time. If we wish to measure the reliability on a per-chip basis, we simply do not average over in (8).
Fig. III.A shows the histograms of (8) and (9) at time . We further summarize the reliability and uniqueness as single numbers by averaging (8) and (9) over challenges, i.e.,
[TABLE]
[TABLE]
A.D Minimum Entropy
The min-entropy of a random variable is defined as
[TABLE]
where is the probability of the most likely outcome. If is a vector of independent random variables, then the min-entropy is
[TABLE]
In the case of a strong PUF with multiple challenges and a large response space, we need an ordering of the response bits in order to make sense of entropy calculations. A natural ordering is to define the response of the -th node to the -th challenge as , where the challenges are ordered lexicographically. This is illustrated in Table 3 for the simple case of . Here, there are only 6 challenges because we omit the all-0 and all-1 challenges as discussed in Appendix A.A.
Assuming independence of , the min-entropy for the HBN-PUF can be readily calculated with (13) from empirical estimates of [4, 22]. For each , the estimate of is simply the observed frequency of 0 or 1, which ever is larger. To put the entropy calculations into context, we also present them as a fraction of the optimal case. If all of the were independent and completely unbiased, i.e., each were equally likely to be 0 or 1 (i.e., ), then the min-entropy would be equal to times the number of valid challenges . We therefore define the min-entropy density as
[TABLE]
Due to the exponential scaling of the challenge space, we do not measure these values using all of the possible valid challenges for . This is because of the computing time required in both calculating the entropy measures and obtaining the full CRP space. For , we randomly choose challenges from a representative sample and multiply by the fraction of the unused space to obtain . In the next appendix, we study the full challenge space for low .
A.E Joint Entropy
In the previous appendix, we assume hat are independent, though this need not be the case. It is possible that some bits reveal information about others, reducing the entropy. Here we study these correlations between bit pairs, first by calculating the mutual information defined as
[TABLE]
between all pairs of , . Unlike min-entropy, the mutual information is difficult to calculate for higher , so we will restrict our attention to and use the full valid challenge space.
An adversary can use knowledge of any structure in the mutual information to more effectively guess response bits, thereby reducing the available entropy. In particular, the entropy is reduced to [18]
[TABLE]
where the ordering of the bits is such that the penalty is as large as possible. Calculating the ordering of the bits to maximize the joint information penalty is effectively a traveling salesman problem, which we solve approximately with a 2-opt algorithm [23].
A.F Context-Tree Weighting Test
In this appendix, we estimate the entropy through a string compression test. The results here should be understood as an upper-bound for the true entropy, especially for larger . In particular, we consider the context tree weighting (CTW) algorithm [24].
The CTW algorithm takes a binary string called the context and forms an ensemble of models that predict subsequent bits in the string. It then losslessly compresses subsequent strings into a codeword using the prediction model. The size of the codeword is defined as the number of additional bits required to encode the PUF instance’s challenge-response behavior. If the context contains information about a subsequent string, then the codeword will be of reduced size.
In the case of PUFs, the codeword length approaches the true entropy of the generating source in the limit of unbounded tree depth [25]. However, the required memory scales exponentially with tree depth, so it is not computationally feasible to consider an arbitrarily deep tree in the CTW algorithm. Instead, we vary the tree depth up to 20 to optimize the compression.
We perform a CTW compression as follows:
- •
We collect data for HBN-PUFs with .
- •
We concatenate the resulting measurements for all but one PUF instances into a 1D string of length to be used as context.
- •
We apply the CTW algorithm to compress the measurements from the last PUF with the context, using various tree depths to optimize the result.
- •
We repeat steps 2-3, omitting measurements from a different PUF instance, until all PUFs have been compressed.
The final entropy estimate is the average codeword length from all of the compression tests described above. If the behavior of the PUF instance can be used to predict the behavior of the unseen instance, then the PUFs do not have full entropy.
A.G Temperature Variation
We calculate at each temperature the deviation of an HBN-PUF with respect to itself at 20 C, a quantity which we denote . This measure is equivalent to considering an individual chip as consisting of different instances - one for each temperature. It is calculated at each temperature by comparing responses to those generated at 20 °C, then averaging over all challenges. These plots are presented in Fig. III.D as a function of , the number of inverter gates after which the response is registered. Each curve is a separate temperature.
A.H Hardware Description Language Code
This Verilog code is used for synthesizing the HBN in Fig. II.
This Verilog code is used for synthesizing the tapped-delay line in Fig. II.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] R. Maes, Physically Unclonable Functions: Concept and Constructions . Springer Berlin Heidelberg, 2013, ch. 2, pp. 25–48. [Online]. Available: http://link.springer.com/10.1007/978-3-642-41395-7_2
- 2[2] T. Mc Grath, I. E. Bagci, Z. M. Wang, U. Roedig, and R. J. Young, “A PUF taxonomy,” Applied Physics Reviews , vol. 6, no. 1, p. 011303, Mar 2019. [Online]. Available: http://aip.scitation.org/doi/10.1063/1.5079407
- 3[3] J. Zhang, T. Q. Duong, A. Marshall, and R. Woods, “Key generation from wireless channels: A review,” IEEE Access , vol. 4, pp. 614–626, 2016. [Online]. Available: http://ieeexplore.ieee.org/document/7393435/
- 4[4] D. Holcomb, W. Burleson, and K. Fu, “Power-up SRAM state as an identifying fingerprint and source of true random numbers,” IEEE Transactions on Computers , vol. 58, no. 9, pp. 1198–1210, Sep 2009. [Online]. Available: http://ieeexplore.ieee.org/document/4674345/
- 5[5] R. Pappu, “Physical one-way functions,” Science , vol. 297, no. 5589, pp. 2026–2030, Sep 2002. [Online]. Available: https://www.sciencemag.org/lookup/doi/10.1126/science.1074376
- 6[6] S. S. Kumar, J. Guajardo, R. Maes, G.-J. Schrijen, and P. Tuyls, “Extended abstract: The butterfly PUF protecting IP on every FPGA.” IEEE, Jun 2008, pp. 67–70. [Online]. Available: http://ieeexplore.ieee.org/document/4559053/
- 7[7] U. Rührmair, H. Busch, and S. Katzenbeisser, Strong PU Fs: Models, Constructions, and Security Proofs , ser. Information Security and Cryptography. Springer Berlin Heidelberg, 2010, ch. chapter 4, pp. 79–96. [Online]. Available: http://link.springer.com/10.1007/978-3-642-14452-3_4
- 8[8] K. Gołofit and P. Wieczorek, “Chaos-based physical unclonable functions,” Applied Sciences , vol. 9, no. 5, p. 991, Mar 2019. [Online]. Available: https://www.mdpi.com/2076-3417/9/5/991
