Research on CRO Technology Based on Mesh Topology Structure

2018 International Conference on Computer, Communication and Network Technology (CCNT 2018) ISBN: 978-1-60595-561-2

Research on CRO Technology Based on Mesh Topology Structure

Jin-fu XU and Jin WU

*

Zhengzhou Information Science and Technology Institute, Zhengzhou Henan 450004, China

*Corresponding author

Keywords: Physical unclonable function, Ring oscillator, Modeling attack, Mesh topology.

Abstract. Physical Unclonable Function (PUF) is highly efficient in applications such as device authentication and secure key storage. This paper proposed a design of constructing a configurable ring oscillator unit based on the mesh topology. The dynamic configuration inside the unit increases the number of oscillation frequencies, which increases the complexity of the PUF's challenge-response behavior, thus improving its anti-modeling attack capabilities. According to the analysis of security, as the number of oscillators and frequencies generated by the RO unit increase, the times of attack required breaking the PUF increases exponentially. The experiment shows that the proposed design has higher robustness (99.224%) and uniqueness (50.2%).

Introduction

The introduction of Physical Unclonable Function (PUF) provides a new idea for solving information security problems. In the digital circuit PUF, the Ring Oscillator-based PUF(ROPUF) breaks through the limitation of the arbiter PUF to require high symmetry in layout routing, and can overcome the requirement that the SRAM PUF generate a response value every time the circuit needs to be restarted, ROPUFcan be flexibly applied to security protection[1]. Therefore, research on ROPUF is of great significance.

In order to improve the applicability of ROPUF in the application of security protection, domestic and foreign scholars mainly study the key factors affecting the performance of ROPUF, and propose many improved ROPUF structures[2][3][4]. Literature [2] proposed a method for selecting frequency of adjacent RO units to compensate the adverse effects of system process differences on ROPUF uniqueness, and designed a configurable ring oscillator (CRO) Structure to match the noise reduction method. This method increases the constraints of the ROPUF structure, reduces the number of challenge-response pairs (CRP) that can be generated, and does not consider the impact of the design on the ROPUF resistance to attack. Literature [3] proposed an optimal delay algorithm to improve ROPUF resistance to modeling attacks by increasing CRP space. However, the impact of environmental factors on the performance of ROPUF is not taken into consideration, and the frequency of the RO unit structure resulting from its improvement is less, and the efficiency of CRP space expansion is not high. Literature [4] proposed a frequency scheduling scheme based on Lehmer-gray coding for the drawbacks of traditional ROPUF [1] when it was applied to key generation, such as large noise and low entropy density. The module occupies a large amount of resources and has poor applicability to resource-constrained physical entities.

ROPUF System Model

[image:2.612.112.520.213.338.2]

In ROPUF system architecture, ring oscillators are instantiated from the same hard macro unit, so each oscillator has the same structure. Due to the uncontrollability of manufacturing, there is a slight difference between the frequencies generated by ring oscillators, and these random differences can be used to generate responses. The challenge acts on the data selector, selecting two ring oscillators and triggering the counter at the same time. When the number of reference cycles is long enough, the small difference between the oscillation frequencies accumulates to an observable degree, so it is easy to output a one-bit response by comparing the speeds of both. The randomness and uncontrollability in the manufacturing process determine the physical unclonability and uniqueness of PUF. Implementing PUF on different physical entities will produce different results.

Figure 1. The working principle of PUF based on ring oscillator.

Now consider a ROPUF, k-bit string with N ring oscillators, k bit strings c c_{1 2}ck and

' ' '

1 2 k

c c c

for selecting a set of ring oscillators ( , )U B _{, Mapping the challenge} C _{to an one-hot code.}

(

)

(

' ' '

)

1 2 1 2 1 2

map k map k N

w c c c _⊕w c c c ₌x x x ₍₁₎

In which xi =1,xj =1. The mapping challenge set is denoted by X, and non-zero Boolean attributes correspond to U and B.

Figure 2. The challenge-response behavior of the traditional ROPUF.

The oscillation frequency F =

{

fi|1≤ ≤i N

}

can be mapped to an integer interval

{

i|1

}

Z ₌ z _{≤ ≤}i N _{by counting, namely}H_:F _→Z_{. The excitation response behavior of a ROPUF}

can be expressed as

(

,

)

(

,

( )

)

(

map

( )

,

( )

)

R₌G X Z ₌G X H F ₌G w C H F

(2)

R _{represents a set of responses and} G _{represents a transfer function between challenge responses.}

Because the traditional ROPUF uses a static response generation mechanism, the frequency of the oscillator is fixed and only one oscillation frequency is generated. Therefore, Z _{is equivalent to a}

constant, and the excitation response behavior can be simplified as

( )

(

map

( )

)

R₌G X ₌G w C

[image:2.612.170.437.462.531.2]

ROPUF may have N N

(

₋1 / 2

)

_{pair of oscillator pairs, but because of its frequency-specific rising} order, the number of ROPUF responses will not exceed log

( )

N! _{, so the attacker needs only a small}

number of CRPs to accurately predict any incentive based on F _and G_.

CRO Technology based on Mesh Topology

The static RO unit can only generate an oscillation frequency. For the selected ring oscillator pair, the non-zero Boolean attribute in the mapping excitation can mark its corresponding frequency, and the attacker can arrange the various oscillators through the obtained CRPs. With respect to the frequency order, it is easy to implement modeling attacks. However, if the RO unit generates a random frequency change or can generate multiple frequencies, even when no frequency is generated, the non-zero Boolean attribute identifies the frequency that will no longer be fixed, and the oscillation frequency cannot be ranked by mapping the excitation and response so as to overcome the ROPUF plane. The vulnerability to modeling attacks.

The RO unit serves as the core of the ROPUF. This paper designs a dynamic RO unit based on the mesh model to improve the security of the PUF. According to network graph theory, the inverters that make up the RO unit can be used as nodes, and the line between the two inverters can be used as a link. The dynamic structure is based on the mesh model. As many paths as possible are created (multiple oscillation frequencies are generated). Each path should be a cyclic structure with an odd number of nodes. Taking the 3×3 mesh model as an example, the new topology is shown in Figure 3. Node A is the “starting point”, B and C are the “endpoints,” and the feedback link between AB and AC is used to build a circular path.

[image:3.612.135.479.370.509.2]

Figure 3. 3×3 mesh topology. Figure 4. Circuit structure of the MC-RO unit.

According to the topology, the specific circuit of the RO unit can be designed, as shown in Figure 4. The 3×3 mesh model divides 9 XOR gates and 10 multiple output selectors into 9 nodes. The enable signal Enable controls the turning on and off of the RO unit. The feedback link transmits the output signal of the data selector to node 1, forming a loop structure.

According to the number of inverting units in the ring oscillator, the RO series can be divided into 3, 5, 7, 9 and other four cases. Taking into account the rationality of the path logic, the inputs to the multiple output selectors and data selectors are properly configured. The reasons for the configuration are as follows:

1) The path selection for node 1 should be random and be individually configured asS

[ ]

0 _;

2) Nodes 2 and 4 are symmetric and are configured asS

[ ]

1 _;

4) The connection between node 5 and nodes 2, 4 and 8 is bidirectional. Same as in 3), nodes 2, 4 and 5 are spread in the same direction. Nodes 5 and 8 are also the same. 5 configured three state selection bitsS

[ ]

1 _, S

[ ]

_{3 and}S

[ ]

_{4 ;}

5) Node 7 acts as an inflection point without path shunting.

Entering different S

[

0..4

]

_{causes the RO series of the ring oscillator to change and the resulting}

oscillation frequency is different. For example, when S

[

0..4

]

₌000XX _("X_{" represents 0 or 1), the}

path of the RO circuit is 1-2-3 (the numbers in "1-2-3" represent nodes, and the numerical order represents the path In the direction of propagation, the RO unit can only generate one path with a RO progression of 3. WhenS

[

0..4

]

₌001XX_{, the path is 1-2-3-6-9, and a total of nine paths of RO series} [image:4.612.107.516.251.288.2]

5 can be generated in the RO unit. By analogy, the path generation of different RO series can be obtained, as shown in Table 1.

Table 1. Path Generation.

RO series 3 5 7 9

Path number 1 9 7 1

Since node 5 and nodes 2, 4 and 8 are bi-directionally propagating, if the input S

[

0..4

]

_{is not}

constrained, the path node may flow back, and the loop path cannot be formed. In network topology, this phenomenon is called path deadlock. The path deadlock of the RO unit is divided into 5-4-7-8-5 and 4-7-8-5-4, with deadlock α and β, as shown in Figure 5.

Figure 5. Path deadlock.

Security Analysis

PUF based on dynamic RO unit can effectively defend against modeling attacks. For a PUF with N

ring oscillators, each dynamic RO unit can generate m _{oscillation frequencies. The mapping}

challenge x x_{1 2}xN is used to select a group of RO units (Mi,Mj), and Mi and Mj respectively

input ₁i ₂i i k

S S S and ₁j ₂j j k

S S S to configure the internal path, generate the oscillation frequency

groups

{

f₁,f₂,,fm

}

and

{

f1',f2',,fm'

}

, and map to the integer intervals Zi and Zj. The attacker

cannot obtain the configuration information through the input generation module and the deadlock correction circuit, then Mi and Mj still have the deadlock state

{

α β,

}

. The incentive response

behavior of PUF constructed based on dynamic RO unit can be expressed as

(

,

*

)

(

,

( )

,*

)

(

map

( )

,

( )

,*

)

R

=

G X Z

,

=

G X H F

=

G w

C

H F

[image:4.612.186.424.357.493.2]

configuration information. The attacker can no longer arrange the oscillation frequency according to a few CRPs. Relative order. In addition, the existence of a deadlock state has greatly increased the difficulty of modeling attacks.

It is now assumed that the attacker adopts a modeling attack to acquire a set of CRF subsets of the PUF and extract a mathematical model from it to predict the PUF response under any excitation. Using the same challenge C multiple times to select a pair of oscillator pairs (Mi,Mj), the response to

[image:5.612.169.431.242.370.2]

a PUF may be different. The attacker uses the CRP subset to predict the complete PUF challenge response behavior. Because it does not know that the RO unit has a dynamic change mechanism, the correct result cannot be obtained. Even if the attacker knows that the RO unit's oscillation frequency is variable, because the structure of the input generation module cannot be obtained through physical attack, the attacker cannot obtain the path configuration information without any other information, and thus cannot know the current incentive.

Figure 6. The incentive response behavior of MC-ROPUF.

Experimental Results

The experimental platform used in this article is Xilinx's Spartan-6 FPGA. In order to have a set of identical ring oscillators in terms of place and route, the dynamic RO unit is treated as a hard macro unit and instantiated in the top-level PUF design. The uniqueness, robustness, and resource utilization of the ROPUF designed in this paper are tested and evaluated below.

Uniqueness

Uniqueness means that the response values of multiple identical PUF instances under the same excitation are random and independent from each other. The uniqueness of the PUF is evaluated by measuring the inter-chip Hamming distance of multiple PUF devices.

(

)

(

)

1

1 1

, 2

100% 1

g g

i j

i j i

HD r r Uniqueness

g g n

−

= = +

= ×

× −

∑ ∑

₍₅₎

Where g _{is the number of PUF instances actually tested,} n _{is the number of bits of the response, and}

HD represents the Hamming distance between the two response samples ri andrj. Ideally, the PUF

should be 50% unique. The test experiment was to input the same challenge on 40 ROPUF instances and measure the response (a set of 3920-bit responses), the average Hamming distance is 1968 bits, and the uniqueness of ROPUF is Uniqueness=50.2%.

Robustness

(

)

(

)

1 1 1 , 2 1 100% 1 m m i j

i j i

HD r r Reliabilit

m m n

− = = +     =_ − _× × − 

∑ ∑

 (6) Where m _{is the number of response samples,} n _{is the number of bits in the response, and HD is the}

Hamming distance between the two response samples ri andrj. Ideally, the PUF should be 100%

robust. The test experiment is to perform 100 sets of measurements on a single ROPUF instance (a set of 3920-bit responses) and compare these 100 sets of measurements to each other, the average Hamming distance is 30.4 bit, and the robustness of ROPUF is 99.224%.

Resource Consumption

[image:6.612.83.529.332.448.2]

ROPUF performance index analysis is shown in Table 2. The ROPUF designed in this paper is configured with 512 MC-RO units. Each unit can generate 18 different oscillation frequencies. ROPUF may theoretically generate a random response of 18 × log (512!) bits, that is, the MC-RO structure can be Increase the number of random responses that ROPUF can generate. Compared with the literature [2]~[5], the frequency generation efficiency is 1.35~15 times that of theirs. The results show that the ROPUF designed in this paper has a higher frequency generation efficiency, that is, the proposed design has higher anti-modeling attack capability.

Table 2. ROPUF performance index analysis.

PUF type The area of a single RO unit Frequency

Number

CLB SLICE LUT

Traditional ROPUF[2] 2 5 6 1

Configurable ROPUF[3] 1 3 6 8

d-ROPUF [4] 1 4 8 4

Hybrid ROPUF[5] 5 12 15 2

post-processing ROPUF[6] 2 5 6 1

MC-ROPUF 2 3 9 18

Summary

The traditional ring oscillator-based PUF is based on a static response generation mechanism. In the process of generating a response, the oscillator has a single oscillation frequency and is easily attacked by modeling attacks. The design idea of the dynamic RO unit based on the mesh model proposed in this paper can generate a variety of oscillation frequency and path deadlock, which makes the PUF's incentive response behavior more unpredictable. Theoretical analysis and experimental results show that the design of this paper has significant advantages in performance indicators such as robustness and uniqueness, and can also significantly improve the anti-modeling attack capability of PUF.

References

[1]B. Gassend, D. Clarke, M. Van Dijk, and S. Devadas. Silicon physical random functions. In Proceedings of the 9th ACM conference on Computer and communications security, pages 148-160. ACM, 2002.

[2]A. Maiti and P. Schaumont, “Improving the quality of a Physical Unclonable Function using configurable Ring Oscillators,” in Field Programmable Logic and Applications, 2009. FPL 2009. International Conference on, Sept. 2009, pp. 703–707.

[4]Khoshroo S. Design and Evaluation of FPGA-based Hybrid Physically Unclonable Functions[J]. 2013.

[5]R. Maes, A. V. Herrewege, and I. Verbauwhede, “PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator,” in CHES. Springer, 2012, pp. 302–319.