Skip to content

My final project

The project

Description

A Physical Unclonable Function (PUF) is a “digital fingerprint” for semiconductor devices, using unique, uncontrollable physical variations in silicon to generate secure keys and authenticate chips. It provides a secure, unclonable identifier for microprocessors.

Strong PUFs generate a massive set of Challenge-Response Pairs (CRPs) based on manufacturing process variations (delays, capacitance), making them suitable for authentication, as opposed to weak PUFs used for key generation.

For each manufactured PUF installed on a device, a huge amount of pairs are recorded in a database. This is the digital device fingerprint. Once deployed, the device generates a challenge, submit it to the PUF and sends the challenge-response pair to the server. Server answers with a Go-NoGo and mark the pair as used in the database, to prevent replay attacks.

Implementing strong PUFs in Verilog often involves Arbiter-based or Ring Oscillator-based architectures, often enhanced with XOR structures to resist machine learning modeling attacks

My goal is to implement a RO-based strong PUF, based on this work work and this Tiny Tapeout project. This is not my work, this is from Pablo Aravena, I’m leveraging it as a learning tool for my own education. My contribution is to document, to test and to run it through the tools.

At high level, the device provides a 8 bits challenge and gets back a 8 bits response.

Block diagram

At lower level, a ring oscillator (RO) PUF is a delay-based PUF which uses frequency variations in inverter chains to generate unique IDs. ROs are made up of an odd numbers of inverters connected in a chain which oscillates at a specific frequency. Process variation introduced during IC manufacturing causes the frequencies in each RO to be slightly different. An RO PUF consists of identically-laid out ring oscillators fed into a two MUXs. The PUF challenge feeds into the MUX select lines and chooses which two ROs to compare. The MUX outputs are fed into a counter, each of which counts up to a preset value. If the top or the bottom counter reaches the preset value, the race arbiter will output a ‘1’ or a ‘0’ as the response depending which counter finishes first.

Here are the modules we need:

  • Ring oscillator (RO):
    • input: a signal to enable it. Then it oscillates on its own in a loop.
    • output: the output of the inverter chain, i.e a pulse with a tiny difference in frequency.
    • job to do: manage a n odd numbers of inverters connected in a chain which oscillates at a specific frequency.
  • MUX
    • input: half the challenge, i.e 16 possible values + 16 RO outputs
    • output: the output of one of the 16 ROs
    • job to do: manage a set of Ros (Hint: not a set of heroes :-). Route the selected RO pulse to the MUX output.
  • Counter:
    • input: items to count, coming from the MUX, in a pulse
    • output: a bit
    • job to do: flip the bit when the count > a given threshold
  • Arbiter
    • input: the signals coming from the two counters
    • output: a bit, the value depends on which counter won
    • job to to: decide which counter wins (i.e trigs first)
  • An orchestrator
    • input = the 8 bits challenge
    • output = the 8 bits response
    • job to to: manage the MUXes, ROs, Counters and Arbiter to get the job done. Basically, it manages a race between to ROs, the first one being choosen by the MSB of the challenge and the second one being selected by the LSB.
  • Scrambler is optionnal and is used to increase internal entropy in the system.
  • Top level amd buffer:
    • input: abriter’s decision
    • output: 8 sequential bits, i.e “The response”
    • job to to: wait, pack and deliver

Sources

After toughts..

In summary, with a 8 bits challenge, there are 256 differents possible races. Each one is a race between a RO in the first set and another RO in the other set. Since the ROs oscillates a different frequencies, repeating the same race 8 times in sequence does not guarantee that each race result will be identical. Hopefully, otherwise the Response would be always 00000000 or 11111111

What I’m not sure about is whether the Challenge-Response pairs set is 100% stable for a given PUF. What if the temperature varies, what is the power is not stable.. ???

According to my IA friend,…

To ensure CRPs remain consistent despite temperature changes, several techniques are used: * Error Correcting Codes (ECC) and Helper Data: These are standard methods to correct unstable bits, ensuring the PUF output is reliable. * Temperature-Aware Design: Specialized designs like the “Temperature-aware RO-PUF” pair ring oscillators that cooperate, allowing them to produce stable bits across different environmental conditions. * Masking/Filtering: Techniques such as 1-out-of-k masking (selecting the fastest/slowest resonators) or filtering out “unstable” bits (those that change frequently) can improve stability, though they may require high hardware overhead. * Calibration: Utilizing phase calibration processes can reduce bit errors to less than 1% in RO-PUFs.

The other project I had in mind.. but I have to sleep sometimes..

I’ve been working 20 years in R&D in the telecom test and mesurement industry. There are very nice and powerful equipements in telecom to feed bits and bytes into an optical tunnel and get back the same bits and bytes on the other end (sometimes, it is on the other side of the ocean end !)

What I would like to do as final project is a simplified version of that kind of equipment (less powerful but less costly as well)

This is a 4 weeks journey and part-time schedule, let’s be realistic. I would like to start from this

This repository contains a standalone, simple S/PDIF transmitter module written in Verilog. This module can operate using either an internal or an external audio clock and expects 32-bit input (two 16-bit audio samples) for simple integration with a FIFO buffer.

S/PDIF (Sony/Philips Digital Interface) is a type of digital audio interface used in consumer audio equipment to output audio over relatively short distances. The signal is transmitted over either a coaxial cable using RCA or BNC connectors, or a fibre-optic cable using TOSLINK connectors. S/PDIF interconnects components in home theaters and other digital high-fidelity systems.