A physically unclonable function (PUF) is used in cryptography and within embedded security ICs to generate on-demand secret keys that are erased right after they're used. What makes PUF technology so effective is that it's based on random physical factors (unpredictable and uncontrollable) that exist natively and/or are incidentally introduced during a manufacturing process. Because of this, a PUF is virtually impossible to duplicate or clone.
PUF technology natively generates a digital fingerprint for its associated security IC. This digital fingerprint is then used as a unique key/secret to support cryptographic algorithms and services including encryption/decryption, authentication, and digital signature. If someone tries to use microprobing or another invasive technique to seek out the PUF key, this activity will disrupt the sensitive circuitry used to construct the PUF key and render the output useless. This is how PUF technology provides such strong security for embedded systems.
Figure 1 provides a simplified, general view of two separate example devices, each with a 64-bit PUF-based key.
Figure 1. Here's a simplified, general view of two devices and their PUF key generation blocks.
Each device in Figure 1 has 64 different PUF blocks that generate 1 bit of data. The bits are then shifted to create the 64-bit key. Now our target is to have independent keys for each of these devices that are repeatable over voltage, temperature, and age. Device 1 will produce a key that will have sufficient number of bits that are different from the key produced by Device 2. Each of the device keys, however, will stay constant over the specified voltage and temperature range.
Let's consider a potential implementation of the PUF blocks of one of the devices in detail. Figure 2 provides a simple PUF implementation scheme based on the frequency variation of ring oscillators.
Figure 2. PUF data bit generation using ring oscillators.
Let's assume for this example that each of the PUF blocks has two ring oscillators that produce slightly different frequencies. In PUF block 1, F1 will be slightly different than F2 and this will let the compare block produce a bit 0 or bit 1 based on whether or not F2 is faster than F1.
How does this design help with voltage, temperature, and age variations? We'll compare two values to generate the bits rather than basing it on one frequency output. Thus, if with a higher voltage F2 increases, F1 will also increase but the delta between the two values should stay very much the same. This results in the same bit value produced with a different applied voltage. The effects of temperature and aging can be mitigated in a similar way.
As PUF blocks 2 to 64 are instantiated, the ring oscillator blocks inside them will produce slightly different frequencies from each other in an unpredictable way. This results in an unpredictable bit pattern for bits 1 to 64. Although the overall bit patterns can't be predicated, the actual bit pattern produced is repeatable as each block always produces the same bit.
You Can't Steal a Key that Isn't There
Maxim Integrated has produced an implementation of PUF technology called ChipDNA. It is not ring-oscillator-based like we've discussed. Instead, ChipDNA fundamentally operates from the naturally occurring random variation and mismatch of the analog characteristics of MOSFET semiconductor devices. This randomness originates from factors similar to those previously described: oxide variation, device-to-device mismatch in threshold voltage, interconnect impedances, and variation that exists within wafer manufacturing through imperfect or non-uniform deposition and etching steps. ChipDNA also operates from a patented approach to ensure that the unique binary value generated by each PUF circuit has high cryptographic quality and is guaranteed to be repeatable over temperature, voltage, and the device's lifetime.
Learn more about PUF technology by reading our tutorial, "Cryptography: Understanding the Benefits of the Physically Unclonable Function (PUF)."