How to exploit the uniqueness of FPGA silicon for security applications
By exploiting the silicon uniqueness of each FPGA device and extracting these "silicon biometrics", FPGAs can be used for new security-oriented applications not previously possible.
By Mandel Yu, Verayo
Programmable Logic DesignLine
(12/10/08, 01:32:00 PM EST)
FPGAs are used in place of ASICs for an increasing number of applications. Traditionally seen primarily as devices with programmable gates, FPGAs have progressively evolved since year 2000 into "platform" devices with many integrated system-on-a-chip features, including components such as Ethernet MACs, DSP engines, microcontrollers, clock management circuitry, I/Os with reconfigurable signaling standards and terminations, and facilities supporting Bitstream encryption to prevent reverse engineering of designs.

This article expands the application areas covered by FPGAs by introducing a new class of primitives called "Soft PUFs." By exploiting the silicon uniqueness of each FPGA device and incorporating a special circuit (using existing FPGA fabric) to extract these "silicon biometrics", FPGAs can be used for new security-oriented applications that were not previously possible.

Physical Unclonable Functions
Physical Unclonable Functions (PUFs) are circuits that extract chip-unique signatures based on semiconductor fabrication variations that are very difficult to control or reproduce. These chip-unique signatures can be used to identify chips (a form of "silicon biometrics"), and can be used to generate "volatile" cryptographic keys. These keys disappear when the device is powered off; they can be bit-accurately restored, with aid of error correction, on subsequent power-ups.

An example of PUF circuit is shown in Fig 1. The circuit consists of N stages, followed by an arbiter. Each stage contains a cross-bar switch. A race condition is created between two paths, and the paths are determined by N Challenge bits that feed the mux select lines for each stage.


1. A simplified version of the PUF circuit.

An arbiter digitizes the race condition to determine a "1" output bit or "0" output bit for each Challenge applied. What is formed is the following function:

FPUF_INSTANCE: {0,1}N ý' {0,1}

Here, FPUF_INSTANCE depends on the manufacturing instance of the device containing the PUF circuit, and is different for each device. Multiple single bit outputs can be concatenated together to form a multi-bit response. Challenge bits CN to C1 can be based on an initial Challenge phase that is run through a mixer (for example, a linear feedback shift register) to produce subsequent instantaneous Challenge phases, with each instantaneous Challenge phase being used as CN to C1 to produce a 1 bit output for that phase.

Hard versus Soft PUFs
In the case of ASIC implementations, Hard PUFs are implemented directly into the ASIC silicon. By comparison, in the case of FPGAs, Soft PUFs are implemented using a very small amount of the FPGA's standard programmable resources, such as Lookup Tables, Registers, and Memories.

These circuits can be implemented without modifications to existing FPGA silicon or existing FPGA design tools. Successful implementation requires careful placement and routing to ensure tight "race" conditions. Fig 2 shows the results of Soft PUFs implemented in Xilinx Virtex-4 FPGAs using standard Xilinx ISE design tools.


2. Inter-PUF / Intra-PUF characteristics of Soft-PUFs in Xilinx FPGAs.
(Click this image to view a larger, more detailed version)

Each of the three plots contains two curves. The middle curves, centered around block size / 2, is obtained by comparing hamming distances of Responses from different FPGA devices given the same Challenge applied across these devices. This curve is thus called "Inter-PUF" curve and is a measure of cross-correlation of different Responses across different chips given same Challenge.

The left curve is the "Intra-PUF" curve, which shows hamming distance of Responses on a device given repeated Challenge on that same device. It is an auto-correlation measurement. The chasm between the two curves indicates that this design implementation is useful as a PUF circuit. Specifically, a hamming threshold can be set to identify one FPGA device from other. Cryptographic key generation can be achieved using an error correction code that can account for Intra-PUF (auto-correlation) variations.

The Inter-PUF curve also peaks very close to ideal value of block size / 2, indicating that the PUF is a good entropy source with excellent DC bias to provide virtually uncorrelated keys across different FPGAs. To put this another way; identical Bitstreams programmed across different devices produce different and virtually uncorrelated keys on those devices.

Opening new application areas for FPGAs
Soft PUFs open the door to a wealth of new security-oriented applications on FPGAs; some examples are as follows:

Board / Blade Authentication
In many defense and aerospace systems, large expensive FPGA devices with dense Ball Grid Arrays are used, often with 1000+ pins. To the extent that the binding between BGA device and underlying printed circuit board remains intact, authenticating FPGA silicon is an excellent proxy for authenticating the underlying board. This method, for example, can be used to aid authentication of networking or telecom plug-in cards, to prevent counterfeiting of these products (Fig 3).


3. Board / Blade authentication.

Deployment of Keyed Applications
Currently, in devices such as Xilinx Virtex-4 and Virtex-5 FPGAs, there exists a battery-backed key capability that is used to store a Bitstream decryption key. This key cannot be accessed from the programmable fabric. By incorporating Soft PUFs into these devices, system designer can now deploy cryptographic keys/seeds on FPGAs. For example, a single encrypted Bitstream can be deployed across thousands of FPGA devices, with each device producing chip-unique keys.


4. Deployment of keyed applications on FPGAs using Soft PUFs.
(Click this image to view a larger, more detailed version)

Other Application Ideas
Two more application ideas are as follows, but readers will doubtless think of many more possibilities:

Conclusions
When "platform" features such as high speed serial I/Os, DSP engines, and support for Bitstream encryption were introduced in FPGAs, system designers began to think about FPGAs in different ways, for use in areas traditionally relegated to ASICs and ASSPs.

Similarly, in the case of Soft PUFs, system designers have a new primitive to increase application space of FPGA-based designs. By having the ability to authenticate FPGAs at the device level, and the ability to store "volatile" keys in these devices, FPGAs have the potential to permeate into entire new application realms.

About Verayo: Verayo was founded in Silicon Valley in 2005. The company is focused on building security and authentication solutions based on Silicon Physical Unclonable Function (PUF) technology, which was invented and first implemented at MIT by Prof. Srini Devadas and his team.

Since its founding, the Verayo team has designed, built, and tested ICs using PUFs and built-up a growing body of additional IP and substantive know-how beyond the initial IP that Verayo licensed exclusively from MIT. In addition to developing commercial products, the company is working on projects for various U.S. Defense Agencies.

Mandel Yu is a Sr. Design Engineer at Verayo (www.verayo.com), and is a technical lead in the development of PUF-based intellectual property for ASICs and FPGAs.

Mandel has over 10 years of industry experience where he designed complex signal processing systems using ASICs, FPGAs, and embedded processors. He holds two US patents in signal processing and has held management, engineering, and research roles at TSI, Zoran, Oak Technologies, TeraLogic, Sprint Advanced Technology Labs, and Stanford Center for Telecommunications. Mandel holds BSEE and MSEE degrees from Stanford University, where he was a Mayfield Fellow. He can be reached at myu@verayo.com.