A Thesis Entitled Design of a Hardware Security PUF Immune To

A Thesis

Entitled

Design of a Hardware Security PUF Immune to Machine Learning Attacks

Nitin K. Pundir

Submitted to the Graduate Faculty as partial fulfillment of the requirements for the

Master of Science Degree in Electrical Engineering

______Dr. Mohammed Niamat, Committee Chair

______Dr. Mansoor Alam, Committee Member

______Dr. Hong Wang, Committee Member

______Dr. Amanda Bryant-Friedrich, Dean College of Graduate Studies

The University of Toledo

December 2017

This document is copyrighted material. Under copyright law, no parts of this document may be reproduced without the expressed permission of the author. An Abstract of

Design of a Hardware Security PUF Immune to Machine Learning Attacks

Nitin K. Pundir

Submitted to the Graduate Faculty as partial fulfillment of the requirements for the Master of Science Degree in Electrical Engineering

The University of Toledo

December 2017

The technology and cyberspace sector is losing billions each year to hardware security threats. The incidents of usage of counterfeiting chips are doubling each year. The

Electronic Resellers Association International (ERAI) reported that in the year 2011 more than 1300 counterfeits were reported. The incidents were double of what were reported in

2008. The report from Federal Contracts acknowledges the threats emanating from counterfeit chips and says it threatens the successful operations of US Weapon Systems.

Meanwhile, electronic counterfeiting of chips continues to be a very profitable business on the dark web by crooked operatives.

Physical Unclonable Functions (PUFs) are emerging as hardware security primitives to deal with security issues such as cloning, hacking, copying, and detection of

Trojans. PUFs are one-way physical structures embedded in chips to generate a unique signature for each chip. The well-known silicon-based PUFs are Arbiter PUF (APUF) and

Ring Oscillator PUF (ROPUF). The PUF uses timing delays caused by manufacturing process variations to generate challenge-response pairs (CRPs) unique to each chip. APUFs and ROPUFs are observed to be vulnerable to modeling attacks.

iii

In this research, a novel hybrid PUF is proposed which is a combination of both types of delay based PUFs, to generate strong cryptographic keys. The proposed design uses the CRPs of APUF and ROs of ROPUF to generate an n-bit response corresponding to an n-bit challenge, whereas primitive PUFs generate a 1-bit response for an n-bit challenge.

The CRPs produced using the proposed PUF are unique and random and can be considered as cryptographic keys. The experimental results show that the uniqueness of

APUF and ROPUF CRPs increase by 23% and 19%, respectively; when applied through the proposed scheme. The average passing rate for randomness is observed to be 97%.

The CRPs generated from the delay based PUFs are tested against machine learning attacks. The machine learning attacks are carried out considering different scenarios where the adversary has access to 50%, 70%, 80%, and 90% of the CRPs. The models are trained for four different best-optimizing algorithms: Adagrad, Adadelta, SGD, and NAdam. The results show that even after training for the same number of epochs, the average accuracy for the proposed PUF model is 7% compared to 56% and 72% of APUF and ROPUF, respectively. The lower prediction accuracy of the proposed PUF shows that CRPs generated from the proposed scheme are far more immune to machine learning attacks when compared to other delay based PUFs.

I would like to dedicate this thesis to my father who always motivated me to succeed whenever I felt low on the journey.

Acknowledgements

This journey would have been difficult without the support of my family, my advisor, professors, and friends. Firstly, I would like to thank my advisor Dr. Mohammed

Niamat for providing me an opportunity to conduct my Master's research under him and for continued support and guidance. My sincere thanks to Dr. Mansoor Alam and Dr. Hong

Wang for being a part of my thesis committee. Financial support from the EECS chair head

Dr. Mansoor Alam is also greatly acknowledged.

I would also like to thank my lab mates for their guidance and help. I would like to thank my parents, my entire family, and friends for their constant love, support, understanding, encouragement, and motivation that made this thesis possible.

Table of Contents

Abstract ...... iii

Acknowledgements ...... v

Table of Contents ...... vi

List of Tables ...... xi

List of Figures ...... xii

List of Abbreviations ...... xvi

List of Symbols ...... xviii

1 Introduction and Research Overview ...... 1

1.1. Introduction ...... 1

1.2. Architecture of FPGA ...... 4

1.2.1. Configurable Logic Blocks ...... 6

1.2.2. Input-Output Blocks ...... 6

1.2.3. Programmable Interconnect Network ...... 6

1.2.4. Architecture of Spartan 3e ...... 7

1.3. Smart Meter ...... 8

1.3.1. Evolution of Smart Meters ...... 8

1.3.1.1. Electromechanical Meter ...... 8

1.3.1.2. Electronic Meter ...... 9

1.3.1.3. Smart Meter ...... 10

1.4. Security Issues Related to FPGA and Smart Meters ...... 13

1.4.1. Reverse Engineering ...... 13

1.4.2. Overbuilding ...... 14

1.4.3. Cloning ...... 14

1.4.4. Physical Tampering ...... 15

1.5. Goals of the Thesis...... 15

1.6. Thesis Organization ...... 16

2 Basic Definitions and Terminologies ...... 17

2.1. Physical Unclonable Functions ...... 17

2.2. Hardware-Oriented Security ...... 18

2.3. Manufacturing Process Variation ...... 18

2.4. Randomness ...... 19

2.5. Uniqueness ...... 19

2.6. Hamming Distance ...... 19

2.7. Random Number Generator ...... 20

2.8. Pseudo Random Number Generator ...... 21

3 Physical Unclonable Functions ...... 22

3.1. PUF Classification ...... 23

3.1.1. Non-Electric PUF ...... 23

3.1.1.1. Optical PUF ...... 23

3.1.1.2. Paper PUF ...... 24

3.1.1.3. CD PUF ...... 25

3.1.1.4. RF DNA PUF ...... 25

3.1.1.5. Magnetic PUF ...... 25 vii

3.1.1.6. Acoustical PUF ...... 25

3.1.2. Analog Electric PUF ...... 26

3.1.2.1. VT PUF ...... 26

3.1.2.2. Power Distribution PUF ...... 26

3.1.2.3. Coating PUF ...... 26

3.1.2.4. LC PUF ...... 27

3.1.3. Delay-Based Intrinsic PUF...... 27

3.1.3.1. Arbiter PUF ...... 28

3.1.3.2. Ring Oscillator PUF ...... 29

3.1.4. Memory-Based Intrinsic PUF ...... 30

3.1.4.1. SRAM PUF ...... 30

3.1.4.2. Butterfly PUF ...... 32

3.1.4.3. Latch PUF ...... 32

3.1.4.4. Flip Flop PUF ...... 33

3.2. Applications of PUF ...... 33

3.2.1. Device Authentication ...... 33

3.2.2. Cryptography ...... 34

3.2.3. Intellectual Property Storage ...... 34

4 Proposed Design and Implementation ...... 35

4.1. Implementation of Arbiter PUF ...... 35

4.2. Implementation of Ring Oscillator PUF ...... 37

4.3. Combining APUF and ROPUF ...... 39

5 Uniqueness and Randomness ...... 40 viii

5.1. Uniqueness ...... 40

5.1.1. Intra-Chip Hamming Distance and Uniqueness ...... 42

5.1.2. Inter-Chip Hamming Distance and Uniqueness ...... 42

5.1.3. Comparison of Uniqueness ...... 43

5.2. Randomness Results ...... 44

5.2.1. Frequency (Monobit) Test ...... 45

5.2.2. Frequency Test within a Block ...... 47

5.2.3. Discrete Fourier Transform (Spectral) Test ...... 48

5.2.4. Linear Complexity Test ...... 49

5.2.5. Serial Test ...... 51

5.2.6. Approximate Entropy Test ...... 52

5.2.7. Cumulative Sums (Cusum) Test ...... 54

6 Machine Learning/Neural Network Algorithms ...... 56

6.1. Neural Network ...... 56

6.1.1. Backpropagation ...... 57

6.2. Optimization Algorithms ...... 59

6.2.1. Stochastic Gradient Descent (Batch Training) ...... 59

6.2.2. Adaptive Gradient Algorithm (Adagrad) ...... 60

6.2.3. Adadelta Algorithm ...... 60

6.2.4. Nesterov’s Momentum ...... 62

6.2.5. Nesterov's Adam (NAdam) ...... 62

6.3. Hyper Parameters ...... 64

6.4. Test Results ...... 65 ix

7 Conclusion ...... 96

7.1. Contributions...... 97

7.2. Future Work ...... 98

References ...... 99

Appendix A ...... 105

List of Tables

Table 5-1: Comparison of Inter-Chip Uniqueness with other PUF Designs ...... 43

Table 6-1: Hyperparameters for Different Optimization Algorithms ...... 65

Table 6-2: Training Error for different Machine Learning Algorithms ...... 72

Table 6-3: Accuracy of Training Data ...... 74

Table 6-4: Testing Error for Different Machine Learning Algorithms ...... 76

Table 6-5: Accuracy of Testing Data ...... 77

List of Figures

Figure 1-1: Generation of CRPs in primitive PUFs ...... 3

Figure 1-2. Basic FPGA Architecture ...... 5

Figure 1-3: Resources in Spartan 3E Slice ...... 8

Figure 1-4: Electronic Meter ...... 9

Figure 1-5: Smart Meter ...... 10

Figure 1-6: Development in Smart Meter Capabilities ...... 11

Figure 1-7: Block Diagram of a Smart Meter ...... 12

Figure 2-1: Hamming Weights of CRPs ...... 20

Figure 3-1: Optical Physical Unclonable Function ...... 24

Figure 3-2: Coating Physical Unclonable Function ...... 27

Figure 3-3: Arbiter Physical Unclonable Function ...... 29

Figure 3-4: Ring Oscillator Physical Unclonable Function ...... 30

Figure 3-5: Logic of SRAM ...... 31

Figure 3-6: Six Transistor SRAM cell ...... 31

Figure 3-7: Butterfly PUF cell ...... 32

Figure 3-8: Latch PUF ...... 33

Figure 4-1: Connected Multiplexers in Arbiter PUF ...... 36

Figure 4-2: Basic Blocks of Arbiter PUF ...... 36

Figure 4-3: Manual Routing of Arbiter PUF ...... 37

Figure 4-4: Ring Oscillator in a single CLB ...... 38

Figure 4-5: Implementation of Ring Oscillator PUF ...... 38

xii

Figure 4-6: Proposed Architecture of Hybrid PUF ...... 39

Figure 5-1: Intra-Chip Uniqueness of Proposed PUF ...... 42

Figure 5-2: Inter-Chip Uniqueness ...... 43

Figure 5-3: Pass Percentage of CRPs for Different NIST Tests ...... 45

Figure 5-4: P-Value Distribution for Frequency Monobit Test ...... 46

Figure 5-5: P-Value Distribution for Frequency Within Block Test ...... 48

Figure 5-6: P-Value Distribution for Discrete Fourier Transform Test ...... 49

Figure 5-7: P-Value Distribution for Linear Complexity Test ...... 51

Figure 5-8: P-Value Distribution for Serial Test ...... 52

Figure 5-9: P-Value Distribution for Approximate Entropy Test ...... 53

Figure 5-10: P-Value Distribution for Cumulative Sums Test ...... 55

Figure 6-1: Basic Neural Network Model ...... 56

Figure 6-2: Momentum vs Nesterov Momentum Update ...... 62

Figure 6-3: APUF 50% Training Data ...... 66

Figure 6-4: ROPUF 50% Training Data ...... 67

Figure 6-5 : Proposed PUF 50% Training Data ...... 67

Figure 6-6 : APUF 70% Training Data ...... 68

Figure 6-7 : ROPUF 70% Training Data ...... 68

Figure 6-8: Proposed PUF 70% Training Data ...... 69

Figure 6-9: APUF 80% Training Data ...... 69

Figure 6-10 : ROPUF 80% Training Data ...... 70

Figure 6-11: Proposed PUF 80% Training Data ...... 70

Figure 6-12: APUF 90% Training Data ...... 71 xiii

Figure 6-13 : ROPUF 90% Training Data ...... 71

Figure 6-14: Proposed PUF 90% Training Data ...... 72

Figure 6-15: Hamming Distance for FPGA 1 and 50% Training Data ...... 80

Figure 6-16: Hamming Distance for FPGA 2 and 50% Training Data ...... 81

Figure 6-17: Hamming Distance for FPGA 3 and 50% Training Data ...... 82

Figure 6-18: Hamming Distance for FPGA 4 and 50% Training Data ...... 83

Figure 6-19: Hamming Distance for FPGA 1 and 70% Training Data ...... 84

Figure 6-20: Hamming Distance for FPGA 2 and 70% Training Data ...... 85

Figure 6-21: Hamming Distance for FPGA 3 and 70% Training Data ...... 86

Figure 6-22: Hamming Distance for FPGA 4 and 70% Training Data ...... 87

Figure 6-23: Hamming Distance for FPGA 1 and 80% Training Data ...... 88

Figure 6-24: Hamming Distance for FPGA 2 and 80% Training Data ...... 89

Figure 6-25: Hamming Distance for FPGA 3 and 80% Training Data ...... 90

Figure 6-26: Hamming Distance for FPGA 4 and 80% Training Data ...... 91

Figure 6-27: Hamming Distance for FPGA 1 and 90% Training Data ...... 92

Figure 6-28: Hamming Distance for FPGA 2 and 90% Training Data ...... 93

Figure 6-29: Hamming Distance for FPGA 3 and 90% Training Data ...... 94

Figure 6-30: Hamming Distance for FPGA 4 and 90% Training Data ...... 95

Figure A-1: APUF Confusion Matrix FPGA 1-50% Training Data ...... 105

Figure A-2: APUF Confusion Matrix FPGA 2-50% Training Data ...... 106

Figure A-3: APUF Confusion Matrix FPGA 3-50% Training Data ...... 106

Figure A-4: APUF Confusion Matrix FPGA 4-50% Training Data ...... 107

Figure A-5: APUF Confusion Matrix FPGA 1-70% Training Data ...... 107 xiv

Figure A-6: APUF Confusion Matrix FPGA 2-70% Training Data ...... 108

Figure A-7: APUF Confusion Matrix FPGA 3-70% Training Data ...... 108

Figure A-8: APUF Confusion Matrix FPGA 4-70% Training Data ...... 109

Figure A-9: APUF Confusion Matrix FPGA 1-80% Training Data ...... 109

Figure A-10: APUF Confusion Matrix FPGA 2-80% Training Data ...... 110

Figure A-11: APUF Confusion Matrix FPGA 3-80% Training Data ...... 110

Figure A-12: APUF Confusion Matrix FPGA 4-80% Training Data ...... 111

Figure A-13: APUF Confusion Matrix FPGA 1-90% Training Data ...... 111

Figure A-14: APUF Confusion Matrix FPGA 2-90% Training Data ...... 112

Figure A-15: APUF Confusion Matrix FPGA 3-90% Training Data ...... 112

Figure A-16: APUF Confusion Matrix FPGA 4-90% Training Data ...... 113

List of Abbreviations

ABPNN …………… Adaptive Back Propagation Neural Network AMI ……………….. Advanced Metering Infrastructure AMR …………….... Advanced Meter Reading APUF……………….Arbiter Physical Unclonable Function ASIC ……………… Application Specific Integrated Circuit

BPNN ……………... Back Propagation Neural Network

CGNN …………….. Conjugate Gradient Neural Network CLB ……………….. Configurable Logic Block CRP ……………….. Challenge Response Pair

FPGA ……………... Field Programmable Gate Array FRAM …………….. Fixed Random Access Memory

GA ………………… Genetic Algorithm

HAN ………………. Home Area Network HDL …………....….. Hardware Descriptive Language

IC ………………….. Integrated Circuit IP ………………….. Intellectual Property IOB ……………...… Input-Output Block

LCD ……………….. Liquid Crystal Display LUT ……………….. Look Up Table

MLP ……………….. Multi-Layer Perceptron

NIST……………….. National Institute of Standards and Technology NN ………………… Neural Network NSF ……………….. National Science Foundation

PUF ……………….. Physical Unclonable Function PRNG ……………... Pseudo Random Number Generator

QNNN …………….. Quasi-Newton Neural Network

RAM ……………… Random Access Memory RF ………………… Radio Frequency RNG ………………. Random Number Generator

xvi

sPUF ………………. Silicon Physical Unclonable Function SRAM ……………... Static Random Access Memory

TTM ………………. Time to Market

VHDL ………………Very High-Speed Integrated Circuit Hardware Description Language .

xvii

List of Symbols

훼 …………………… The significance Level 휀 …………………… The original input string of zeros and ones 푒푟푓푐 ……………….. Complimentary Error Function 퐻0………………….. The null hypothesis log(푥) ……………… The natural logarithm of x 휋 ………………….... 3.14159… 휎 ………………….... The standard deviation of a random variable 휎2 ………………….. The variance of a random variable 푆표푏푠 ………………… The observed value which is used as a statistic in Frequency test. ∑ …………………… The summation symbol 휙 ………………….... Standard Normal Cumulative Distribution Function 휒2 …………………... The chi-square distribution 휒2(표푏푠) ……………. The chi-square statistic computed on the observed values.

xviii

Chapter 1

Introduction and Research Overview

1.1. Introduction

Hardware is considered an indispensable part of any system and works in reciprocal partisanship with the software layer. The hardware provides a boost to the computational capacity of the system and is mostly involved in storing and analyzing critical information.

For a long time, everybody inclined on cybersecurity to protect the data and system from adversaries and was believed the Integrated circuits (ICs) in the system are protected from intrusions such as virus and Trojans attacks. With globalization and focus to cut costs in chip manufacturing, the third-party fabrication and third-party soft/hard IP cores contracts increased. The third-party format reduced design workload, fabrication cost, and time to market (TMM) but increased security concerns due to fake chips, hardware Trojans, reverse engineering, cloning, tampering, etc. For instance, a third-party vendor or fabrication house may insert malicious hardware Trojan which can cause malfunctioning of a critical military equipment or may leak significant information to the adversaries.

The idea of hardware-oriented security developed to counter the threats possessed by the outsourcing of chip manufacturing like hardware Trojan. Initially, hardware- oriented security was adopted to focus on hardware Trojans, detect the foundries

responsible for it, and isolate them. The primary focus was on the post-silicon phase with an emphasis on the testing methods [1]. But later it was realized that third-party IP cores might also be a potential gateway for malicious Trojan or logic insertion, making pre- synthesis equally necessary [2][3][4][5][6]. The concept of hardware security covers a vast area; a few areas include hardware Trojan detection, testing, formal verification to fingerprinting, and device authentication. The high-security measures have been designed using hardware descriptive languages (HDL) to provide security to hardware designs even if the adversary get hold of original chip designs [7]. This formal method helps to ensure protection from hardware Trojans, and also in cases when adversary tries to inject malicious logic into the original design or attempt to tamper with the IC. In recent years the research on hardware security has evolved from just hardware Trojan detection.

Today’s primary focus is to develop a reliable and secure hardware system and whenever needed authenticate for its trustworthiness. For this, many hardware-based security applications have been developed which uses intrinsic properties of the silicon chips. A significant example of such security application is Physical Unclonable Function (PUF) which uses device process variation to generate challenge-response pairs (CRPs) unique to the chip which can be used as a fingerprint of the device [1].

The expansion of the energy and electric sector of the country has raised new issues and concerns. According to the survey [8][9] conducted it showed more than 75% of companies in oil, natural gas, and electric had experienced at least one successful cyber- attack in past 12 months. This survey shows the grave importance of security upgrade needed in the electricity grid. The electric grid is an interconnected network of transmission lines, relays, switches, meters, powerhouses, etc. for delivering power from suppliers to 2

the consumers. The electricity meters are the end link of this interconnected network. With time, smart meters have taken the place of the traditional meters, which are now capable to store data, run advanced algorithms and connect to utility servers over the wireless. This advancement has undoubtedly reduced workload by removing manual reading and testing but has also raised security concerns as they could be tapping points for the attackers to the secure servers of the utility companies. FPGA based smart meters in [10] can use the manufacturing variation properties of the IC to authenticate and encrypt communication with the utility center, hence providing an additional layer of hardware-oriented security on the top of other layers making it very difficult for the attackers to break in.

This research proposes a novel architecture of physical unclonable function which is a hybrid combination of two notable delay based PUFs namely Arbiter PUF and Ring

Oscillator PUF. The motivation behind this is the way the CRPs are generated in primitive

PUFs. In primitive PUFs, each n-bit challenge generates a 1-bit response as shown in

Figure 1-1. This unequal generation of bits makes it difficult to directly use these CRPs for authentication/encryption/cryptographic keys.

Figure 1-1: Generation of CRPs in primitive PUFs

The proposed hybrid PUF generates an n-bit response for each n-bit challenge making it suitable to be directly used as cryptographic keys. The challenge-response pairs

to be used as cryptographic keys need to be unique, random, and unpredictable. Hence, we begin by calculating uniqueness of CRPs using Hamming Weights and then randomness using the National Institute of Standards and Technology (NIST) guidelines. The experimental results show that uniqueness is close to the ideal value of 0.50 and for randomness average passing rate was 97%.

To test for unpredictability, we trained machine learning models using Keras API written in Python. It is well known that APUF and ROPUF are vulnerable to modeling attacks and has been demonstrated in [11] on artificially/software-based generated CRPs.

The tests were conducted assuming various situations where the attacker have access to

50%, 70%, 80%, and 90% of the CRPs. The experimental results show that proposed PUF is more resistant to modeling attacks compared to APUF and ROPUF by achieving test accuracy of only 7%.

Later parts of this chapter discuss the architecture of FPGA and smart meters, security concerns related to FPGAs, goals, and thesis organization.

1.2. Architecture of FPGA

FPGAs can be programmed by the end user to suit his requirement compared to its counterpart Application Specific Integrated Circuits (ASIC) which performs a specific operation as designed by the manufacturer [12]. FPGA consists of an array of logic blocks, input-output blocks, memory and in some cases a softcore. The user can implement combinational and sequential logic functions any number of times, enabling the user to debug and check the logic. Some of the latest FPGAs enables to be programmed during the runtime and can also be reconfigured partially. Because of the re-programmability, FPGAs

helps in testing and debugging of new logics thus saving Non-Recurring Engineering costs.

The newer FPGAs comes with large RAMs, high processing capabilities, high-speed communication IO’s, due to all these they are finding their use in satellites, image processing, military, etc., increasing their demand in the market.

The basic FPGA architecture looks like islands in the sea, where islands are the configurable logic blocks surrounded by the vast programmable interconnects. The generalized example is shown in Figure 1-2 where the CLBs are organized in a two- dimensional grid and are interconnected by the programmable interconnects. The programmable routing resources are connecting the I/O blocks which are located at the periphery of the grid. These routing resources and CLBs change their characteristic behavior based on the programmed function. A number of logic blocks and routing resources depends on the logic implemented. The different components of FPGA are described more in detail below.

Figure 1-2. Basic FPGA Architecture 5

1.2.1. Configurable Logic Blocks

The CLBs are regarded as one of the vital element and building block of FPGA.

They are used to store the design logic. The typical CLB consists of Look-up Tables

(LUTs), Flip-Flops (FFs), Multiplexers (MUXs) and NAND gates as basic elements. The

LUT is used to store any desired logic by implementing them as a truth table when combined with the Flip-Flops they can act as a storage device. The number of LUTs in a

CLB and number of inputs to each LUT vary from FPGA to FPGA. The n input LUT means 2푛 logics could be implemented [13]. To increase the logics or to select different logic elements multiplexers in CLB can also be used.

1.2.2. Input-Output Blocks

To connect the FPGA with peripheral devices the input/output blocks are used. The

IOs are the special logic blocks for external connections, which comprise of input and output pads. The input pad is driven by the input signal from a pin and output pad is connected to the buffer which drives the output signal. The I/O standard chosen by the user defines what mode of operation is to be selected for the IOB i.e. low power or the high- speed connection [14]. The IOB can be used as an input or output block based on the need and user mapping. Please refer Xilinx guide for the detailed architecture of IO blocks in

Spartan 3E.

1.2.3. Programmable Interconnect Network

The programmable interconnect which covers most of the FPGA is used to connect multiple logic blocks. The programmable interconnect network helps in propagating signal

between CLBs and IOBs. The interconnect network comprises of channels, connection boxes, switch boxes and the programmable switch matrix.

The channels are the wires which run vertically and horizontally along the FPGA.

They run between columns and rows of the CLBs, and different length wires could also be connected if needed. The connection boxes are the programmable links; they are used to connect input and output of CLBs to the wires of the horizontal and vertical routing channels. The switch boxes are also the programmable links located at the intersections of the vertical and horizontal channels. They are used to connect wire segments in the horizontal and vertical channels. The programmable switch matrix is a programmable switch element which is used to turn the corners and change directions of the propagating signal.

1.2.4. Architecture of Spartan 3e

The FPGA used for the experiments is from the Spartan 3E family XC3S100E

CP132. It contains 100,000 gates in 240 CLBs and uses 90nm process technology [15].

The fig shows the internal layout of the Spartan 3E FPGA with the distribution of CLBs.

Each CLB consists of 4 slices, which in turn includes of two 4-input LUTs, two Flip-Flops, multiplexers, carry logic, etc. Each 4-input LUT can be used as a random logic, 16 × 1 bit

RAM or SR. The internal of the Slice is shown in Figure 1-3. There are eight 4-input LUTs in each CLB.

Figure 1-3: Resources in Spartan 3E Slice

1.3. Smart Meter

Smart Meters for electricity is an electronic device which is capable of recording electric energy consumption of the consumer and send it to the electric utility companies at regular intervals for monitoring and billing. Smart Meters are also capable of raising flags in case of any power outage or electrical faults for the speedy restoration of the service.

1.3.1. Evolution of Smart Meters

In this section, we discuss the path taken by the traditional electric meter to reach the present smart meters. We discuss different technological developments in electric meter over the time.

1.3.1.1. Electromechanical Meter

The development of electric meter in the proper transmission system can be traced back to the traditional electromechanical energy meter. It was capable of measuring only 8

active energy and was consisting of two electromagnets and a revolving aluminum disc.

The Major problem for this type meter was the power theft. People were involved in illegal connection of power lines, and bypassing an electric meter which could not be detected by the meter. Also, it required physical meter reading practices involving large workforce.

1.3.1.2. Electronic Meter

Figure 1-4: Electronic Meter

The traditional metering system was restituted by electronic meters which were more tamper-proof and reliable than electromechanical meters. They were also capable of measuring various other electric parameters other than active power, such as reactive power, phase current, phase voltage, apparent power, etc. Very few electrical meters also had the capability of transmitting data through a transmission link. Figure 1-4 shows an image of an electronic meter.

1.3.1.3. Smart Meter

Smart meters are entirely different of electronic meters since they have microcontroller inbuilt. They are better from previous meters regarding accurate reading, tamper detection, outage detection, load profiling, remote readings, etc. Figure 1-5 shows an image of one of the new smart meter.

Figure 1-5: Smart Meter

The Evolution of smart meters can be seen in three phases as shown in Figure 1-6.

The first phase was of Advanced Meter Reading (AMR) which provided one-way communication from the smart meter to utility center. It offered features like automated monthly readings, one-way outage detection, tamper detection and load profiling. The second phase was of AMR Plus which provided an edge over the previous phase by providing daily or on-demand readings, hourly data and other electric parameters read. The current and most advanced phase is Advanced Metering Infrastructure (AMI) which offers full two-way communication between utility center and smart meter. The AMI has entirely transformed the metering infrastructure by providing some advanced features like:

 Time-Based Rated: Based on the load and utilization consumers are offered the benefit

of low rates when the load is less.

 Remote Meter Programming: The meter can be programmed remotely to run different

client-based software or diagnostics tools on the smart meter.

 HAN Interface: The smart meter can communicate/interface with intelligent appliances

at home to provide utilization details or provide remote ON/OFF capability to the user.

Figure 1-6: Development in Smart Meter Capabilities

1.1.1. Architecture of Smart Meter

The Figure 1-7 shows the basic block diagram of Smart Meter. The functions of each block are described as below:

 Microcontroller – It is the brain of the smart meter. It is responsible for all the

computation and allocates the data and process to the respective components.

 LCD – Liquid Crystal Display (LCD) is a display screen for the user which displays

readings and other different user options to select.

Figure 1-7: Block Diagram of a Smart Meter

 Nonvolatile Memory – It is a memory which stores the factory reset software of the

smart meter and helps to initialize the smart meter when powered on.

 Powerline Communications – It connects the AC power lines to the smart meter.

 Wired I/O – It provides wired connectivity to the technician to run physical diagnostics

tests on the smart meter.

 Wireless Communications – It provides a two-way wireless communication link to a

utility to provide regular meter readings, software updates, and outage information.

 FRAM – Fixed random-access memory is the memory available to the microcontroller

for storage of functions and data for the processing and communication.

 Sensors – Sensors are the transducer devices which measure physical changes and

report to the microcontroller for further processing. Various sensors available are

voltage, current and tamper sensors.

1.4. Security Issues Related to FPGA and Smart Meters

The widespread use of FPGA in aerospace, satellite, image processing, communication, etc. has increased the concern for security issues in FPGA. The attacker tries to steal original design or data in many ways. The attacker can steal the IP and sell it as its original design [14] to make easy money. Most of the fabrication houses are located outside the country, and the design is provided as the Intellectual Property (IP) to be mapped, even if the IP is encrypted it is highly likely that the key is stolen from the bitstream. Sometimes, the design stores some valuable data in the memory of FPGA, the attacker with the help of hardware Trojans can steal the data which can threaten the personal and national security. Some of the threats to FPGA are discussed as below: -

1.4.1. Reverse Engineering

Reverse engineering is known as to obtain the initial design from the results of the design. The third parties acquire outputs of the logic design by cycling all the possible inputs through exhaustive test bench. Based on all the test results the original design or logic function could be guessed. Since to correctly guess the design it requires all the possible inputs and their respective outputs; the reverse engineering proves to be very

difficult. The complex logic functions have very large number of inputs (e.g., microprocessor with 200 inputs), and with large number of inputs the number of test patterns grows exponentially 2푛. The reverse engineering still poses a great threat to small designs because even if the design is provided as black box, with the help of pseudo- exhaustive tests the duplicate function could easily be generated. The manufacturers can easily increase the time process required for reverse engineering by being careful and using some special design techniques.

1.4.2. Overbuilding

Overbuilding is a grave issue and a breach of contract. The fabrication house which has the agreement to manufacture chips, manufacture more than the required by the company. The extra chips perform as precisely as the other chips and are sold for extra money. Since, these chips are exactly similar in functionality and build, identification, and removal of these chips from the market is next to impossible.

1.4.3. Cloning

Cloning is a process of copying the original design function and creating a replica of it. Since the replica is built without the understanding of the functionality, the replicated design might lack some of the features of the original design. Since there is no development cost involved in the cloning, the attacker makes a huge profit even after selling it at cheaper rates. These counterfeit cloned chips are a significant threat to national security when used in aerospace or missile technology. As in 2008, US aircraft was found to using fake chips

[16].

1.4.4. Physical Tampering

Tampering is outlined as an effort created by the offender to gain the unauthorized access to an electronic system. A way to try to do it is through reverse engineering.

Spoofing could be a technique of tampering wherever the offender replaces all or some bits of an FPGA bitstream. Attackers could tamper the devices with malicious goals. By the method of tampering, an adversary could attempt to extract the in operation knowledge of the initial design to destroy it. From recent studies, the Physical Unclonable Functions are found to be a viable solution to overcome several security problems associated with programmable devices.

1.5. Goals of the Thesis

 To design silicon-based Arbiter PUF and Ring Oscillator PUF separately on the FPGA.

 Do manual routing for APUF to make the paths symmetric with the same delay and

create a hard macro for ROs.

 Develop a system to combine APUF and ROPUF and generate CRPs.

 Check for Inter-Chip and Intra-Chip hamming distance for the uniqueness of CRPs.

 Check for Randomness of CRPs according to NIST guidelines.

 Develop machine learning prediction models using Python libraries to run modeling

attacks on APUF, ROPUF, and Proposed PUF.

1.6. Thesis Organization

In Chapter 2, the different terminology used in this thesis such as PUFs, hardware- oriented security, process variations, uniqueness, random number generators, etc. are briefly introduced for a better understanding of this thesis.

Chapter 3 talks about different types of PUFs introduced in literature with their construction and working. The significance, applications, and drawbacks of the PUFs are also discussed.

Chapter 4 discusses the proposed architecture. It also explains the detailed implementation of PUF on the FPGA and how the CRPs are generated by combining APUF and ROPUF.

Chapter 5 discusses uniqueness and randomness of CRPs and provide respective results and comparison for APUF, ROPUF and proposed PUF.

Chapter 6 discusses Neural Networks and machine learning. It gives an elaborate discussion of different optimization algorithms and loss function used in this thesis in an effort to predict CRPs of the APUF, ROPUF, and proposed PUF. It provides detailed results and graphs on learning curves, training error, the accuracy of models, and prediction graphs.

Finally, conclusions are drawn and presented in Chapter 7.

Chapter 2

Basic Definitions and Terminologies

2.1. Physical Unclonable Functions

A Physical Unclonable Function (PUF) is a physical entity mapped on a physical device which can be used to generate purely random numbers. A PUF output is easy to evaluate but very difficult to predict. It exploits the uniqueness of the physical microstructure, and even if the devices follow same manufacturing process, it’s highly unlikely PUF produce same responses [17]. The unique property of microstructure is introduced during manufacturing because of the random physical factors, which are unpredictable and uncontrollable.

Physical Unclonable Functions uses a challenge as an input to generate a response.

Each challenge produces unique response forming a challenge-response pair (CRP). Each

CRP is unique and highly unpredictable dependent on a physical device. PUFs are becoming primitive for hardware-oriented security and gaining their importance in applications with high-security requirements.

2.2. Hardware-Oriented Security

The widespread use of Integrated circuits in different vital areas have increased the possibility of adversaries trying to introduce malicious circuitry to leak confidential information or disrupt the usual functionality [18]. These malicious circuits are also called hardware Trojans. Hardware Trojans are different from the software Trojans since they are introduced to the physical hardware, and standard software-based techniques are ineffective on them. To detect and protect the systems from such malicious circuits there is a critical need for hardware-oriented security. This field is gaining high importance to tackle security issues, and many hardware Trojan detection techniques [18][19] and device fingerprinting methods have been proposed in the past.

2.3. Manufacturing Process Variation

The final integrated chip (IC) we see in the market goes through subsequent processes of design, fabrication, and manufacturing. During these operations, an inevitable randomness is induced in the IC in terms of varied effective channel length, gate threshold, channel-width and oxide thickness [20]. Even the ICs cut from same die or wafer possess different variations. The variations in the die may be due to one of the many reasons, i.e., mask variations, lithography, temperature, etc. known as a system component of delay variations [17]. These variations lead to uncontrollable varied delay characteristics in the

ICs used by sPUFs to generate random and unique challenge-response pairs.

2.4. Randomness

Randomness, in general, can be defined as failure to predict the occurrence of next event. In the case of n bit response, it could be truly called random if it lacks pattern or any combination and hence making it impossible to predict. A random bit sequence can be interpreted as a result of flips of an unbiased coin with sides marked as 0 or 1 [21]. The challenge-response pairs generated by PUFs need to be truly random to make it impossible for hackers or machine learning algorithms to predict. The CRPs generated by this work are tested through series of test suggested by NIST, to check for the randomness. Details about the tests are provided in chapter 5.

2.5. Uniqueness

The literal meaning of uniqueness means the quality of being the only one of its kind and is determined by the distribution of Hamming Distance of CRPs. In this section, the CRPs generated are tested for intra-chip, and inter-chip hamming distance and their uniqueness is determined. As stated in section 2.5 the CRPs are considered unique enough if their average Hamming Distance distribution is at 50%.

It is one of the most critical metrics for PUF analysis. It is defined as the ability of the PUF to generate distinguishable responses within the chip and on different chips.

Uniqueness is determined by calculating Hamming Distance (HD) of response bits. 2.6.

2.6. Hamming Distance

Hamming Distance in two equal length binary response strings can be defined as the sum of the bits which are different from each other. When responses are compared in

the same chip, it is called Intra-Chip Hamming Distance, and when CRPs are compared with CRPs from different chips it is called Inter-Chip Hamming Distance.

For example, given two binary strings A and B:

A = “1101011001” B = “0110111001”

HWAB = 40% because the two strings differ at four places.

Let’s suppose we have m unique challenge-response pairs and each response pattern is of n bits. Hamming weight of response 퐻푊푖 where 푖 ≤ 푚 as shown in figure.

Figure 2-1: Hamming Weights of CRPs

Therefore, Average Hamming weight can be defined as the average of all hamming weights of n bit responses, calculated as in:

∑푛 퐻푊 퐻푊 = 푖=1 푖 푎푣𝑔 푛

2.7. Random Number Generator

Random Number Generators are used to generate random numbers for cryptographic and other security purposes. The RNGs uses a non-deterministic source as entropy to generate randomness. Typically, the physical quantity is used as a source such as electrical noise, the quantum effect in semiconductor, etc. Some of the physical sources

which appear to be random are predictable during statistical tests. For cryptographic purposes, the numbers need to be purely random and sometimes generating high-quality random numbers from these physical quantities could be time-consuming.

2.8. Pseudo Random Number Generator

The Pseudorandom number generators are the second generator type. They use some inputs and generates pseudorandom numbers. The inputs to the PRNGs are called seed which is provided by the random number generator. The outputs of the PRNGs are of the deterministic nature; the only random thing is the seed generation. The pseudorandom number generation appears to be random, but each value in the sequence is produced from the previous value through some mathematical transformations which appear to add some additional randomness.

Chapter 3

Physical Unclonable Functions

PUFs are the one-way function which is used as a hardware-based security primitive for cryptographic and security purposes. PUF notion was firstly introduced by

Devdas et al. [11] as an alternative and practical solution to enhance the security of electronic devices that use non-volatile memory based to store the secret keys. Since then

PUFs have been studied a lot, and many improvements have been proposed. In general,

PUFs can exploit the process variation properties of the chip to generate the unique cryptographic key. The generated keys are not stored on the device making it less prone to attacks by the hackers and intruders.

The PUFs can be implemented on ICs, ASIC or FPGAs making it difficult for the attacker. The keys generated can be called as a signature of the device which is unique to each device. The randomness is uncontrollable because of the lack of manufacturing control over the sub-micron process variation. The unique key generation from the PUFs can be used device identification, device authentication, cryptography, encryption, and other security purposes. This chapter discusses different PUFs and their classification.

3.1. PUF Classification

Physical Unclonable Functions can be classified based on the area of the implementation.

3.1.1. Non-Electric PUF

The PUFs which extract randomness from non-electric devices or in other words

PUFs implemented on Non-electric devices are termed as Non-Electric PUFs. In this, we have discussed various Non-Electric PUFs.

3.1.1.1. Optical PUF

The early Optical PUFs were used for the identification of strategic arms and were based on random optical reflection patterns [22].

Optical PUFs proposed in [17] were based on transparent media as Physical one- way functions. The core element of the design is an optical token containing optical microstructure which is constructed by mixing microscopic 500휇푚 refractive glass spheres in a small 10 × 10 × 2.54푚푚 transparent epoxy plate. When the optical token is radiated with Helium-Neon laser, the irregular emerging wavefront is obtained because of the multiple scattering of laser beam with refractive particles. The irregular pattern is captured by camera for digital processing. The hash function normally Gaber hash is applied to observed pattern to extract features as a string of bits representing hash. I have been experimentally verified that even a minute change in the orientation of laser beam and token results in completely different pattern and hash value. Figure 3-1 represents the implementation and basic operation of Optical PUF.

It is clear that because of extensive setup and complex mechanical system the

Optical PUFs are rarely used and restricted to research laboratories.

Figure 3-1: Optical Physical Unclonable Function [23]

3.1.1.2. Paper PUF

As the name implies, the Paper PUF uses the scanning of unique and random fiber structure of regular or modified paper. Many concepts were introduced in [24] and were mainly used for an anti-counterfeiting strategy for currency notes before the actual implementation of PUF concept. In [25] and [26] approaches are proposed where reflected laser pattern from the irregular fiber structure is used as fingerprint combined with the data on the document to develop PUF.

3.1.1.3. CD PUF

[27] shows that because of probabilistic variations induced due to the manufacturing process, the measured lengths of lands and pits on a regular compact disk randomly deviate from their intended lengths. Also, the deviation is significant enough to be observed by monitoring the electrical signal of the photodetector.

3.1.1.4. RF DNA PUF

An inexpensive token called radio-frequency (RF)-DNA comparable to one in

Optical PUF was proposing in [28] which uses thin copper wires placed randomly in silicon rubber sealant. The near-field EM waves randomly scattered by the copper wires notable in 5-6 GHz band are observed and measured by a scanner consisting of a matrix of RF antennas.

3.1.1.5. Magnetic PUF

Magnetic PUFs on [29] uses the inherent uniqueness of the particle patterns in the magnetic media. They are used to prevent credit card frauds by commercial companies.

3.1.1.6. Acoustical PUF

Acoustical delay lines are used to convert alternating electric signals into mechanical vibrations and vice-versa. The Acoustical PUF proposed in [30] uses the characteristic frequency spectrum of an acoustical delay line. The bit string is generated by performing principal component analysis on the frequency spectrum.

3.1.2. Analog Electric PUF

In this section, we discuss Analog Electric PUFs which uses the analog measurement of an electric or electronic quantity. These PUFs contrasts to Non-Electric

PUFs which uses non-electric features for the design of PUF.

3.1.2.1. VT PUF

The first proposal to assign a unique identification to every instance of a conventional integrated circuit (IC) was called ICID [31]. The addressable array consisting of equally designed transistors drives a resistive load. The current through the load is partially random because of manufacturing variation in the threshold voltages (푉푇). The bit stream is generated by passing the voltages over load through an auto-zeroing comparator.

3.1.2.2. Power Distribution PUF

These types of PUFs were proposed in [32]. The power distribution PUF uses resistance variations in the power grid of the chip to generate a random bit stream. The manufacturing process variation affects the voltage drops and their equivalent resistances in the power distribution system.

3.1.2.3. Coating PUF

Coating PUFs uses the randomness of capacitance measurements in comb-shaped sensors in the top metal layer of an IC [33]. Other than manufacturing variation, extra randomness is explicitly introduced using a passive dielectric coating sprayed on top of the

sensors. A complete theoretical evaluation of Coating PUF can be found in [34] whereas

Figure 3-2 shows implementation and operation of coating PUF.

Figure 3-2: Coating Physical Unclonable Function [35]

3.1.2.4. LC PUF

LC PUF is in the form of LC circuit which absorbs an amount of power when placed in an RF field. In LC PUF, a metal plate is placed on each side of a small glass plate. Thus, a capacitor serially chained with a metal coin on the plate acting as an inductive component

[36]. The resonant frequency of the circuit depends on the capacitor and inductor which slightly depend on the manufacturing process variations.

3.1.3. Delay-Based Intrinsic PUF

Delay-Based Intrinsic PUF is the widely studied PUFs which uses propagation delay in IC/embedded device to extract response bits. For the PUF implemented on IC to qualify as intrinsic, it should comply with some conditions such as 27

1. The PUF design and the measuring unit should be fully integrated into the IC/embedded system.

2. The complete construction of PUF should consist of primitives which are available due to the manufacturing process of the IC/embedding device.

Thus, if the conditions are met the challenge and response pairs are not supposed to leave the IC, and the whole manufacturing of PUF should be without any overhead cost, i.e., without building any special component.

3.1.3.1. Arbiter PUF

The Arbiter PUF was first introduced by Devdas in [17] and most widely studied.

Various improvements have been proposed which significantly improved the statistical results of the challenge-response pairs obtained. The basic idea in the first architecture proposed was to lay off two symmetric paths with equal delay and allow two signals to race along the paths. If the two paths are symmetric, the outcome of the race is truly random and depends on the manufacturing process variation of the chip. These manufacturing variations affect the physical properties of the material determining the exact delay of the path hence making it device dependent.

Figure 3-3 shows the underlying architecture of the APUF which consists of serially connected Flip-Flops/Multiplexers and an arbiter at the end. At the input of first mux rising edge signal is providing to start the race. The binary challenge to each mux decides whether the path will be straight or crosslinked and at the end, the arbiter decides which signal reached first and based on that generated a response bit either 1 or 0. The point under consideration is that each n-bit challenge generates a one-bit response making it easier for

the modeling attacks. The proposed design of AROPUF took this point into consideration and generated an n-bit response to an n-bit challenge making it easier to use CRP for device authentication.

Figure 3-3: Arbiter Physical Unclonable Function

3.1.3.2. Ring Oscillator PUF

The ring oscillator PUF is also the most widely studied delay-based PUF’s on

FPGA, first introduced by [17]. ROPUF contains identical ring oscillators implemented on different CLB’s of the FPGA. All RO's are run for same time. Therefore their frequency should be same, but all have different characteristic frequency because of manufacturing process variation. ROs with odd number stages of inverters namely 3,5 and seven stages are widely studied and used. Different schemes are used to select two ROs using challenges and generate a response of either 1 or 0 after comparing the frequency. Implementation of the ROPUF on ASIC is easy compared to an FPGA because of the fixed architecture of the

FPGA. Figure 3-4 shows a typical Ring Oscillator PUF.

Figure 3-4: Ring Oscillator Physical Unclonable Function

3.1.4. Memory-Based Intrinsic PUF

Memory-based PUFs are intrinsic PUFs which depends on the initial state of the memory storage primitives. A typical digital memory storage has two stable states either one or zero. If it can be brought into an unstable state, it might start oscillating between two states or settle back to one of the stable state. The settling into which stable state is mostly depended on the manufacturing variation and can be utilized to create effective

PUFs.

3.1.4.1. SRAM PUF

Static Random-Access Memory (SRAM) is a digital memory consisting of series of cells/flip-flops each capable of storing one bit. First SRAM PUF was proposed in [37].

Figure 3-5 shows a typical SRAM cell which is constructed through two cross-coupled inverters, hence having two stable states. The circuit is implemented using 4 MOSFETs in

CMOS technology, and two halves of the design are made symmetrical as much as possible. Therefore, it is not sure in which state the cell will be just after the power up. It is observed that some of the cells power-ups storing zero and some storing zeros. The physical mismatch in the cell is caused by the manufacturing variation and is responsible for the power-up behavior of the memory cell. Figure 3-6 shows typical six transistor

SRAM cell.

Figure 3-5: Logic of SRAM

Figure 3-6: Six Transistor SRAM cell

3.1.4.2. Butterfly PUF

Figure 3-7: Butterfly PUF cell

The butterfly structure displays to logically stable states like SRAM PUF. Figure

3-7 shows the typical Butterfly PUF cell structure [38]. An unstable state is introduced with the use of clear/preset functionality of latches after which the circuit settles to one of the stable states. The functioning of Butterfly PUF is like that of SRAM PUF but unlike the latter does not require a power up the device. The physical mismatch between the latches and the cross-coupling interconnect determines which stable state the PUF will settle to.

3.1.4.3. Latch PUF

Latch PUF is an IC identification technique similar to SRAM PUF and Butterfly

PUF proposed in [39]. The two NOR-gates are cross-coupled to form a latch as shown in

Figure 3-8. The latch becomes unstable after asserting reset signal and depending on the internal electronic components converges to a random stable state.

Figure 3-8: Latch PUF

3.1.4.4. Flip Flop PUF

Flip Flop PUFs are similar to SRAM PUFs just that power up the behavior of a Flip

Flop is studied to create random cryptographic keys. [40] Shows the study of Flip Flop

PUFs for 4096 flip-flops from 3 FPGAs.

3.2. Applications of PUF

This section discusses about various uses of PUF structure in device authentication, cryptography, and intellectual property storage.

3.2.1. Device Authentication

Fingerprints are unique to each and are used to identify people. Similarly, PUF structures can generate unique and unpredictable signatures due to manufacturing process variation of each device. These unique signatures usually are in the form of challenge- response pairs. Any trusted partner, at the time of manufacturing, can collect these CRPs and store them. These CRPs in the future can be used to authenticate the chip before usage or to unlock the chip to access data stored on the chip.

3.2.2. Cryptography

The unique signatures generated from silicon chips can be used for cryptography.

The challenge-response pairs can be generated in the dynamic process and can be used to encrypt and decrypt the communication with the chip. The cryptographic keys generated are first subjected to error correction before usage because various environmental conditions can cause bit-flips in the keys.

3.2.3. Intellectual Property Storage

Another critical application of PUF is Intellectual Property (IP) protection. The intellectual property is encrypted using a private key which is generated through PUF design. To decrypt the design a public key is used which is also generated by PUF design.

Since private and public keys are randomly generated through PUF design, an adversary trying to reverse engineer the architecture of the chip which not be able to generate same cryptographic keys [41]. Hence the adversary fails in producing a device into the market, which can’t be authenticated.

Chapter 4

Proposed Design and Implementation

In this chapter, we provide the detailed discussion on the implementation of our proposed PUF design. In the initial sections of the chapter, we discuss the implementation of APUF and ROPUF on the FPGA, then in a later section we discuss our proposed scheme to combine these two-delay based PUF designs to generate stronger challenge-response keys.

4.1. Implementation of Arbiter PUF

The Arbiter PUF code is written in Verilog and implemented on Basys 2 Spartan

3E-100 CP132. The data is collected from a set of 30 FPGA boards and analyzed. The custom design strategy is implemented to prevent ISE 14.7 tool from optimizing the circuit to the logic and keep the hierarchy of the design as shown in Figure 4-1. Two additional blocks are also implemented, one to generate the challenges and other to provide clock and triggering high pulse at regular intervals.

Figure 4-1: Connected Multiplexers in Arbiter PUF

Figure 4-2 shows the blocks implemented in APUF i.e. clock generator, challenge generator, and PUF. At each positive edge of the clock, a new challenge is generated and fed to the APUF. After a new challenge is fed, a rising edge signal is passed which race across the two paths. An arbiter at the end of the PUF decides which signal reached first and accordingly decides the output either 0 or 1. The two paths should be symmetric and their path delays should be same so that the output is independent of the design delay but exclusively depend on manufacturing process variation. To make the two paths of APUF identical the wires are routed manually using FPGA editor as shown in Figure 4-3.

Figure 4-2: Basic Blocks of Arbiter PUF

Figure 4-3: Manual Routing of Arbiter PUF

4.2. Implementation of Ring Oscillator PUF

Figure 4-4 shows the implementation of the RO on a CLB of Spartan 3E-100 CP132 with fixed routing delay [15][42]. To control active RO oscillations, LUTs in slices 1 and

2 are used as controlled inverters. The slices 3 and 4 act as buffers grounding one of their input to bypass the inverted RO-bit from bottom F6MUX throughout the RO.

Figure 4-4: Ring Oscillator in a single CLB

To get the frequency readings from ROs on the logic analyzer, synchronization is required for all the components. Figure 4-5 shows the complete implementation of a Ring

Oscillator PUF to collect the frequency of ring oscillators. In an FPGA, 256 RO’s are implemented. To cancel noise from nearby RO’s, a single RO is activated at a time using

16-bit challenge selector. Each RO is activated for 0.1ms using timing controller and the corresponding frequency is recorded using logic analyzer

Figure 4-5: Implementation of Ring Oscillator PUF

4.3. Combining APUF and ROPUF

The flow diagram of the proposed architecture to combine both APUF and ROPUF is shown in Figure 4-6. The 16-bit challenge is provided to the APUF to generate a 1-bit response. The challenge and their respective response are randomized using the Mersenne

Twister random number generator [43]. The randomized CRPs are paired sequentially to form n-bit response, corresponding n challenges of n bits are passed through XOR to form n bit challenge corresponding to the n bit response. The generated n bit response treats as challenge for the ROPUF consisting of two multiplexers with 2푛/2 ROs as input to each multiplexer. Response bits generated from APUF 푅1 to 푅푛 are connected to the select lines 2

푅 to the first multiplexer and the rest bits from 푛 to 푅 are connected to select lines to the 2 푛 second multiplexer. The final output of the architecture is the 16-bit response corresponding to a 16-bit challenge.

Figure 4-6: Proposed Architecture of Hybrid PUF 39

Chapter 5

Uniqueness and Randomness

One of the main parameters to test CRPs to be used as cryptographic keys is uniqueness and randomness. In this chapter, we discuss and calculate uniqueness and randomness of CRPs.

5.1. Uniqueness

Our work has two different cases of PUF architecture. First is traditional arbiter

PUF where each 16-bit challenge has a one-bit response and the second is the proposed

PUF where each 16-bit challenge has a 16-bit response. Two different approaches need to be followed to calculate uniqueness for each case.

Firstly, we have calculated average inter-chip Hamming Distance distribution, which provides the idea of how unique response bits are generated on different FPGA chips for the same challenges.

For the APUF and ROPUF, we calculate inter-chip uniqueness by determining

Hamming Distance of response bits corresponding to the challenges across all the chips.

For a challenge vector 퐶 = [퐶1, 퐶2, … , 퐶푚], the response vector 푅 = [푟1, 푟2, … , 푟푚] is obtained from each FPGA chip. Then the response matrix for k FPGA chips is given as:

푅1 푅2 R = [ ⋮ ] 푅푘

Then the inter-chip uniqueness is calculated as:

푘−1 푘 2 퐻퐷(푅 , 푅 ) 푈푛푖푞푢푒푛푒푠푠 = ∑ ∑ 푖 푗 × 100% (퐴푃푈퐹,푅푂푃푈퐹) 푘(푘 − 1) 푁 푖=1 푗=푖+1

푇 In the case of proposed PUF, for the challenge vector 퐶 = [퐶1, 퐶2, … , 퐶푚] , the response matrix for a single chip can be given as:

푟11 푟12 … 푟1푛 푟21 푟22 … 푟2푛 푅 = [ ⋮ ⋮ … ⋮ ] 푟푚1 푟푚2 … 푟푚푛

The inter-chip uniqueness for proposed PUF for the k FPGA boards, each having m responses of n-bits is calculated as:

푘−1 푘 푚 2 퐻퐷(푅 , 푅 ) 푈푛푖푞푢푒푛푒푠푠(푃푟표푝표푠푒푑) = ∑ ∑ ∑ 푖푧 푗푧 푖푛푡푒푟 푘(푘 − 1) 푛 푖=1 푗=i+1 푧=1

For the proposed PUF, we have also calculated the average distribution of

Hamming Distance for each n-bit response within the chip (Intra-Chip). Intra-chip uniqueness provides the clarification that different n-bit challenges within the chip generate unique n-bit responses. The intra-chip uniqueness for proposed PUF is calculated as:

푚−1 푚 2 퐻퐷(푅 , 푅 ) 푈푛푖푞푢푒푛푒푠푠(푃푟표푝표푠푒푑) = ∑ ∑ 푖 푗 intra 푚(푚 − 1) 푛 푖=1 푗=i+1

5.1.1. Intra-Chip Hamming Distance and Uniqueness

As stated the response bits generated from the same FPGA are compared to each other to state how unique they are from each other. It is to state that responses generated from the same FPGA are not monotonous if so they are prone to machine learning attacks.

The bar graph in Figure 5-1 shows the uniqueness of 1024 response streams from four different FPGA boards for the proposed PUF.

FPGA 4 FPGA 3 FPGA 2 FPGA 1

0.499768031

Intra-Chip 0.499978402 Uniqueness 0.499973748

0.499847502

0.4996 0.4997 0.4998 0.4999 0.5

Figure 5-1: Intra-Chip Uniqueness of Proposed PUF

5.1.2. Inter-Chip Hamming Distance and Uniqueness

In this subsection, the responses from one FPGA is compared to other respective responses from different FPGA boards for uniqueness. Figure 5-2 shows the bar graph comparing inter-chip uniqueness between APUF, ROPUF, and the proposed PUF. It can be seen that the distribution is close to 50% for the proposed PUF depicting unique CRPs.

It is clear that when APUF responses are passed through the proposed scheme there is a huge increase in the uniqueness of the response bits.

0.48 0.41 0.5 0.39 0.4 0.3 0.2 0.1 0 APUF ROPUF Proposed PUF

Figure 5-2: Comparison of Inter-Chip Uniqueness

5.1.3. Comparison of Uniqueness

In this subsection, the uniqueness of the proposed design is compared with designs of different authors in the literature.

Table 5-1 shows comparison of inter-chip uniqueness with designs [44] [45] [46]

[47]. It is clear that the proposed design has better uniqueness as it is closer to 0.50 when compared with other designs.

Table 5-1: Comparison of Inter-Chip Uniqueness with other PUF Designs

Design Inter-Chip Uniqueness Proposed Technique 0.48

Yohei APUF [44] 0.3675

Yingjie APUF [45] 0.88

Gu APUF [48] 0.40

Machida 2-1 DAPUF [49] 0.464

Sahoo APUF [50] 0.4525

Susana ROPUF [51] 0.4494

Sauvagya ROPUF [47] 0.4524

5.2. Randomness Results

In this section, the CRPs generated are tested for randomness based on the statistical tests suggested by NIST. In literature, all the response bits produced from a single FPGA are tested for randomness but since only single CRP at a time will be used for authentication and adversary need to guess that instead of all response bits generated from the FPGA.

Hence to overcome this drawback each 16-bit response pair from the FPGA is tested for randomness. The test results for frequency monobit test, frequency within block test, cumulative sums test, discrete Fourier transform test, approximate entropy test, serial test, and linear complexity test is given in following subsections.

Figure 5-3 shows the pass percentage of CRPs for different NIST tests. As it can be seen that all the tests have a pass percentage of more than 99% except the linear complexity test, where the pass percentage is near 94%.

100% 90% 99.02% 99.32% 99.02% 99.61% 100.00% 99.71% 94.24% 80% 70% 99.51% 99.32% 99.41% 99.41% 100.00% 99.80% 92.97% 60% 50% 40% 99.61% 99.61% 99.61% 99.32% 100.00% 99.12% 94.14%

Pass Percentage Pass 30% 20% 99.32% 99.22% 99.32% 99.71% 100.00% 99.51% 94.92% 10% 0% Frequency Block Cumulative Discrete Approximate Serial Linear Monobit Frequency Sums Fourier Entropy Complexity Transform

FPGA 1 FPGA 2 FPGA 3 FPGA 4

Figure 5-3: Pass Percentage of CRPs for Different NIST Tests

5.2.1. Frequency (Monobit) Test

The frequency monobit test is the most basic test and checks for the distribution of

1’s and 0’s in the bitstream. The test check for the same proportion of 1’s and 0’s in the same sequence. The randomness of the bitstream is determined by calculating the p-value.

If the p-value of the bitstream is less than 0.01, then it is non-random otherwise it is random.

Figure 5-4 shows the distribution of p-values for different FPGA boards.

The test affirms that the probability of ones is ½ in an identically distributed

Bernoulli random variables (X’s). The Bernoulli random variables can be represented as:

푥 = 2휖 − 1

푆푛 = 푋1 + 푋2 … + 푋푛 = 2((휖1 + 휖2 … + 휖푛) − 푛)

The test uses the standard normal distribution to approximate the distribution of 1’s in a bitstream. According to De Moivre-Laplace theorem, for a large number of trials, the

distribution of binary sum, normalized by √푛, is closely approximated by standard normal deviation. The test is derived from Central Limit Theorem, according to which:

푧 푆푛 1 −푢2 Lim 푃 ( ≤ 푧) = 휙(푧) ≡ ∫ 푒 ⁄2 푑푢 푛→∞ √푛 √2휋 −∞

It implies that for positive z,

푆 푃 ( 푛 ≤ 푧) = 2휙(푧) − 1 √푛

According to test, 푠 = |푆푛|/√푛, experimental value is calculated |푠(표푏푠)| =

|푋1 + ⋯ 푋푛|/√푛. Then to check the results for test P-value is calculated as:

|푠(표푏푠)| 2[1 − 휙(|푠(표푏푠)|] = 푒푟푓푐( ) √푛

where 푒푟푓푐 is the complementary error function defined as;

∞ 2 2 푒푟푓푐(푧) = ∫ 푒−푢 푑푢 √휋 푧

Figure 5-4: P-Value Distribution for Frequency Monobit Test

5.2.2. Frequency Test within a Block

The test decomposes the bitstream into a number of non-overlapping sub-sequences and then check for the localized distribution of 1’s. The test applies chi-square test to find the ideal ½ distribution of 1’s in the subsequences. The small p-values indicate that there is an unequal distribution of 1’s and 0’s in at least one of the subsequence.

The parameters of this test are M and N, so that n = MN, i.e., the original string is partitioned into N substrings, each of length M. For each of these substrings, the probability of ones is estimated by the observed relative frequency of 1's, 휋푖, 푖 = 1, … 푁.

푁 1 X2(표푏푠) = 4푀 ∑[ 휋 − ] 푖 2 푖=1

The sum under the randomness hypothesis has the 푋2 distribution with N degrees of freedom. The P-value can be calculated as follows:

푁 푋2(표푏푠) 푃 = 푖푔푎푚푐( , ) 2 2

Figure 5-5 shows the p-value distribution for a frequency within block test. Less than 10 CRPs out of 1024 has a p-value less than 0.01.

Figure 5-5: P-Value Distribution for Frequency Within Block Test

5.2.3. Discrete Fourier Transform (Spectral) Test

This test checks for repetitive patterns in the bitstream which are close to each other.

The presence of these patterns in the bitstream indicates that the pattern is non-random.

The results for the distribution of P-value of responses are given in Figure 5-6.

The DFT test is a class of spectral methods test and tests for periodic features in the bitstream that would determine the non-random characteristic of the bit stream. Assume

푡ℎ the bits are coded as -1 and 1 and 푥푘 be the 푘 bit of the sequence then:

푛 2휋 (푘 − 1)푗 푓 = ∑ 푥 exp ( 푖 ) 푗 푘 푛 푘=1

2휋 (푘−1)푗 2휋푘푗 2휋푘푗 Where exp ( 푖 ) = cos ( ) + 푖푠푖푛 ( ) , 푗 = 0, … , 푛 − 1 푎푛푑 푖 ≡ √−1 푛 푛 푛

Because of the symmetry of real to complex transformation only values from

푛 0 푡표 − 1 are considered and let 푚표푑 be the modulus of the complex number 푓 . 95% of 2 푗 푗 48

1 the 푚표푑 values should be less than ℎ = √log ( ) 푛. In the distribution let 푁 be the 푗 0.05 1

푛 .95푁 number of peaks less then h, also to note only first peaks are considered. Let 푁 = 2 0 2

푁 −푁 and 푑 = 1 0 . Then the P-value of the samples is given by: √푛(0.95)(0.05)/4

|푑| 푃 − 푣푎푙푢푒 = 2(1 − 휙(|푑|)) = 푒푟푓푐( ) √2

Figure 5-6: P-Value Distribution for Discrete Fourier Transform Test

5.2.4. Linear Complexity Test

The purpose of the test is to determine the complexity of the bitstream. It checks if the bitstream is complex enough to be considered as the random. Random sequences are characterized by a longer feedback register. A short feedback register implies non- randomness [21].

To check the bitstream for randomness the test uses linear complexity. The linear complexity can be directly linked to popular bitstream generator: Linear Feedback Shift 49

Registers (LFSR). Such type of registers consists of L delay elements each having one input and one output. If the initial state of LFSR is (휀퐿−1, … 휀1, 휀0), then the output sequence, (휀퐿, 휀퐿+1, … ), satisfies the following recurrent formula for j ≥ L

휀푗 = (푐1휀푗−1 + 푐2휀푗−2 + ⋯ + 푐퐿휀푗−퐿)푚표푑2

The asymptotic distribution of (퐿푛 − 휇푛)/휎푛 along the sequence of even or odd values of n is that of a discrete random variable obtained via a mixture of two geometric random variables (one of them taking only negative values). Strictly speaking, the asymptotic distribution as such does not exist. The two cases of n even and n odd should be treated separately. The distribution for both the cases are different. Hence, the following sequence is adapted

2 푇 = (−1)푛[퐿 − ξ ] + 푛 푛 n 9

푛 4+푟 Where, ξ = + 푛. n 2 18

P-value corresponding to the observed value 푇표푏푠 can be evaluated in the following way.

1 푃 − 푣푎푙푢푒 = 22휅−1

The results of the distribution of P-value is shown below in Figure 5-7.

Figure 5-7: P-Value Distribution for Linear Complexity Test

5.2.5. Serial Test

The serial test is done to check the frequency of each m-bit pattern across the sequence. The purpose is to determine whether the number of occurrences of the 2m m-bit overlapping patterns is approximately the same as would be expected for a random sequence [21]. The results of the distribution of P-value is shown below in Figure 5-8.

The test check for the uniformity in distribution of patterns of a given length.

Specifically, for 푖1, … , 푖푚 running through the set of all 2m possible 0,1 vectors of length

m, let 푣푖1…..푖푚 denote the frequency of the pattern 푖1, … , 푖푚 in the “circularized” string of bits 휀1, … , 휀푛, 휀1, … , 휀푚−1.

2푚 푛 2 2푚 ψ2 = ∑ (푣 − ) = ∑ 푣2 − 푛 푚 푛 11…푖푚 2푚 푛 푖1…푖푚 푖1…푖푚 푖1…푖푚

The generalized serial statistics for testing of randomness is given by:

2 2 2 ∇ψm = ψm − ψm−1

and

2 2 2 2 2 ∇ ψm = ψm − 2ψm−1 + ψm−2

The corresponding P-values of the distribution can be calculated as;

푚−2 2 푃 − 푣푎푙푢푒1 = 푖푔푎푚푐(2 , ∇ψm/2

푚−3 2 2 푃 − 푣푎푙푢푒2 = 푖푔푎푚푐(2 , ∇ ψm/2

Figure 5-8: P-Value Distribution for Serial Test

5.2.6. Approximate Entropy Test

The purpose of the test is to compare the frequency of overlapping blocks of two consecutive/adjacent lengths (m and m+1) against the expected result for a random sequence [21]. The results of the distribution of P-value is shown below in Figure 5-9.

This test is based on repeating patterns in the string. If 푌푖(푚) = (휀푖, … 휀푖+푚−1), then

1 퐶푚 = #{푗: 1 ≤ 푗 < 푛 − 푚, 푌 (푚) = 푌 (푚)} = 휋 푖 푛 + 1 − 푚 푗 푖 푖 52

And

푛+1−푚 1 휙푚 = ∑ 푙표푔퐶푚 푛 + 1 − 푚 푖 푖+1

푚 퐶푖 is the relative frequency of occurrences of the pattern 푌푖(푚) in the string, and

−휙푚 is the entropy of the empirical distribution arising on the set of all 2푚 possible patterns of length m.

2푚 푚 −휙 = ∑ 휋푙 log 휋푙 푙=1

where 휋푙 is the relative frequency of pattern 푙 in the string. The approximate entropy

퐸푛푎푝푝푟표푥 is defined as:

푚 푚+1 퐸푛푎푝푝푟표푥(푚) = 휙 − 휙

2 With 푋 (표푏푠) = 푛[log 2 − 퐸푛푎푝푝푟표푥(푚)], the P-value is given as:

푋2(표푏푠) 푃 − 푣푎푙푢푒 = 푖푔푎푚푐(2푚−1, ) 2

Figure 5-9: P-Value Distribution for Approximate Entropy Test 53

5.2.7. Cumulative Sums (Cusum) Test

The cumulative sums test is done to determine whether the cumulative sum of the partial sequences occurring in the tested sequences is too large or too small relative to the excepted behavior of the cumulative sum for random sequences [21]. The results for the distribution of the P-value for different FPGA's is given below in Figure 5-10.

The test uses the maximum absolute value of partial sums of the bitstream. The bitstream is converted to +1 and -1. The large values of the result indicate that there are either too many ones or zeros in the bitstream whereas small values depict intermixed zeros and ones.

The test is based on limiting distribution of the maximum of the absolute values of the partial sums, max |푆푘|, 푙≤푘≤푛

max |푆푘| 퐻(푧) = lim 푃 (1≤푘≤푛 ≤ 푧) 푛→∞ √푛

1 ∞ (푢 − 2푘푧)2 = ∫ (−1)푘 exp {− } 푑푢 √2푛 푘=−∞ 2

∞ 4 (−1)푗 (2푗 + 1)2휋2 = ∑ exp {− } = 퐻(푧) 휋 2푗 + 1 8푧2 푗=0

With the test statistic 푧 = max |푆푘|(표푏푠)/√푛, the randomness hypothesis is 푙≤푘≤푛 rejected for large values of z and the corresponding P-values is:

1 − 퐻( max |푆푘|(표푏푠)/√푛) = 1 − 퐺( max |푆푘|(표푏푠)/√푛) 푙≤푘≤푛 푙≤푘≤푛

Where

4 푧2 퐺(푧) = 1 − exp {− } , 푧 → ∞ √2휋푧 2 54

The P-value is given as:

푃( max |푆푘| ≥ 푧) 푙≤푘≤푛

= 1

∞

− ∑ 푃((4푘 − 1)푧 < 푆푛 < (4푘 + 1)푧) 푘=−∞

∞

+ ∑ 푃((4푘 + 1)푧 < 푆푛 < (4푘 + 3)푧) 푘=−∞

Figure 5-10: P-Value Distribution for Cumulative Sums Test

Chapter 6

Machine Learning/Neural Network Algorithms

6.1. Neural Network

The artificial neural network is the computational model used in machine learning, which is a network of connected artificial neurons resembling the biological neural system in a human body.

Figure 6-1: Basic Neural Network Model

In an artificial neural network, the neurons are connected in layers, and the signal travels from the first layer to the last layer. Figure 6-1 shows a typical 3-layer artificial neural network also called Multi-layer feed forward network.

The first layer is the input layer, and the last layer is the output layer, all intermediate layers are called hidden layer. The output of the previous layer acts as input 56

to the next layer. The inputs to each node are added using a linear combination and passed through some non-linear function to get the output from that node. For example, in the given figure, the input into the hidden neuron j is given by

푧푗 = 푏푗 + ∑ 푤푖,푗푥푖 푖=1

The input in the hidden neuron is modified by some non-linear function to give the output (input to the next layer). An example of non-linear function can be a sigmoidal function given by:

1 푠(푧) = 1 + 푧−푧

The goal of the network is to find those values of weights for each node so that the difference between obtained output and the actual output becomes minimal. The difference between outputs is calculated using error/cost function which is used to update weights to reduce the error.

6.1.1. Backpropagation

Backpropagation is the most commonly used algorithm to train artificial neural network. It is typically used with an optimization method such as gradient descent. The basic functionality of the algorithm is that when an input is provided to the network is propagates forward layer by layer and generates an output at the output layer. The output is compared to the desired output, and an error value is calculated for each neuron in the output layer using error function. Then the error values propagate backward, and error values for each neuron are calculated. The backpropagation algorithm uses these error values to calculate the gradient of the error function with respect to the weights of the 57

neurons. Then these gradients are fed to the optimization method which uses them to update weights in the network. Then the whole process is repeated again till the error function is minimized. In short, the whole process can be broken down into 5 parts:

1) Initialize Network: - The network is created with the desired number of input, output

and hidden neurons and organized into layers. The weights and bias of each neuron are

randomly initialized.

2) Forward Propagate: This step could be further broken into 3 steps

a) Neuron Activation: In this process activation value of each neuron is calculated as

푎푐푡푖푣푎푡푖표푛 = 푠푢푚(푤푒푖푔ℎ푡푖 ∗ 푖푛푝푢푡푖) + 푏푖푎푠.

b) Neuron Transfer: Once the neuron is activated it is transferred to obtain the output.

The transfer of the activation is done using a nonlinear function, in case of

sigmoidal function it is given as

1 표푢푡푝푢푡 = 1+푒−푎푐푡푖푣푎푡푖표푛

c) Forward Propagation: In this process, the output from the previous layer is fed to

the next layer as input.

3) Back Propagate Error: This section can be broken down into 2 parts.

a) Transfer Derivative: For a given output value its slope is calculated. For a given

sigmoidal function its derivative can be given as

푠푙표푝푒 = 표푢푡푝푢푡 ∗ (1 − 표푢푡푝푢푡)

b) Error Backpropagation: In this process, firstly error of each output neuron is

calculated as:

푒푟푟표푟 = (푒푥푝푒푐푡푒푑 − 표푢푡푝푢푡) ∗ 푠푙표푝푒(표푢푡푝푢푡)

Then the error value calculation is back propagated and an error value for each

hidden neuron is calculated as the weighted error of each neuron in the output layer:

푒푟푟표푟 = (푤푒푖푔ℎ푡푘 + 푒푟푟표푟푗) ∗ 푠푙표푝푒(표푢푡푝푢푡), where 푒푟푟표푟푗 is the error signal

from jth neuron in the output layer, and 푤푒푖푔ℎ푡푘 is the weight that connects kth

neuron to the current neuron.

4) Train Network: Once the error is calculated for each neuron the weights in the network

are updated as

푤푒푖푔ℎ푡 = 푤푒푖푔ℎ푡 + 푙푒푎푟푛푖푛푔 − 푟푎푡푒 ∗ 푒푟푟표푟 ∗ 푖푛푝푢푡.

If the weights are updated after passing all the inputs and using accumulated error then it is called batch training otherwise if weights are updated after each input, then it is called step by step training.

5) Predict: The trained model with updated weights is used to predict outputs of the inputs.

6.2. Optimization Algorithms

In this section, we have briefly explained about different optimization algorithms used in our research.

6.2.1. Stochastic Gradient Descent (Batch Training)

It’s a stochastic approximation of the gradient descent optimization method which is used to minimize the cost/loss function. SGD performs weight update for every training dataset

휃 = 휃 − 휂. ∇휃퐽(휃)

The whole training process can be summarized as follows in python: 59

for i in range(no_of_epochs): gradient_param = gradient_eval(loss_function, data, params) params = params – learning_rate * params_gradient

6.2.2. Adaptive Gradient Algorithm (Adagrad)

Adagrad is an improvement to SGD. It is different from SGD in terms that it adapts the learning rate of parameters. The parameters which change frequently are updated with smaller updates whereas parameters are infrequent they are updated with larger updates.

This characteristic of the algorithm makes it suitable for the sparse dataset. For SGD, all parameters 휃 are updated at once using the same learning rate 휂. Adagrad uses different learning rate for parameter 휃푖 at every time step t. The gradient of the parameter at time step t is given by:

푔푡,푖 = ∇휃퐽(휃푖)

Therefore, SGD update for each parameter 휃푖 at each time step t is given by:

휃푡+1,푖 = 휃푡,푖 − 휂. 푔푡,푖

The learning rate is modified at each step which is based on the past gradients computed for 휃푖 휂 휃푡+1,푖 = 휃푡,푖 − . 푔푡,푖 √퐺푡,푖푖 + 휖

where G is a diagonal matrix in which each diagonal element is the sum of the squares of the gradients up to the time t.

6.2.3. Adadelta Algorithm

Adadelta is an extension of Adagrad which instead of storing all the past calculated gradients, stores only a fixed size w. Adagrad does not just save w previous squared

gradients instead, stores the average of all past squared gradients. The running average

2 퐸[푔 ]푡 at time step t is dependent on previous average and current gradient and is given as:

2 2 2 퐸[푔 ]푡 = 훾퐸[푔 ]푡−1 + (1 − 훾)푔푡

Where 훾 is the fraction similar to momentum. Now the update of parameter in adadelta can be given as:

휃푡+1 = 휃푡 + ∆휃푡

Where ∆휃푡 can be defined as 휂 ∆휃푡 = − 푔푡 2 √퐸[푔 ]푡 + 휖

Where denominator can be defined as the root mean square error of the gradient, thus the equation becomes:

휂 ∆휃푡 = − 푔푡 푅푀푆[푔]푡

Since the update should have the same units as the parameter, another exponentially decaying average function is defined:

2 2 2 퐸[∆휃 ]푡 = 훾퐸[∆휃 ]푡−1 + (1 − 훾)∆휃푡

2 Since 푅푀푆[∆휃]푡 = √퐸[∆휃 ]푡 + 휖 is unknown we approximate it with the RMS of parameter updates until the previous time step. Hence replacing the learning rate 휂 with

푀푆[∆휃]푡−1 :

푅푀푆[∆휃]푡−1 ∆휃푡 = − 푔푡 푅푀푆[푔]푡

휃푡+1 = 휃푡 + ∆휃푡

6.2.4. Nesterov’s Momentum

It’s a different version of momentum update which is favored over standard momentum in optimization algorithms. In Nesterov momentum, instead of calculating the gradient at the current position, it calculates the gradient at a future position known as lookahead gradient. Figure 6-2 shows the difference between momentum update and

Nesterov momentum update.

Figure 6-2: Momentum vs Nesterov Momentum Update

6.2.5. Nesterov's Adam (NAdam)

Adam is another optimization method used instead of stochastic gradient descent to update weights during training of the neural network. Adam is derived from adaptive moment estimation. Adam optimization technique is well suited over gradient descent for a large dataset with broad parameters, non-stationary objects, and noisy/sparse gradients.

Each weight in the network is updated separately with individual learning rate. The learning rate for each weight is estimated from first and second moments of the gradient.

Adam realizes the benefit of both AdaGrad and RMSProp.

The algorithm calculates an exponential moving average of the gradient and the squared gradient and the parameters 훽1 and 훽2 control the decay rates of these moving averages. Initial value of the moving averages, 훽1, and 훽2 is initialized with 1 or close to 1 which result in a bias of moment estimates towards zero. For complete algorithm please refer [52].

Adam configuration Parameters

푚푡 = 훽1푚푡−1 + (1 − 훽1)푔푡

2 푣푡 = 훽2푣푡−1 + (1 − 훽2)푔푡

The parameter update rule is given by:

휂 휃푡+1 = 휃푡 − 푚̂푡 √푣̂푡 + 휖

Where

푚푡 푚̂t = 푡 1 − 훽1

NAdam is a variant of Adam optimization technique which modifies the momentum component of Adam algorithm with Nesterov’s accelerated gradient algorithm.

The modified momentum update rule using NAG is given as:

푔푡 = ∇휃푡퐽(휃푡)

푚푡 = 훾푚푡−1 + 휂푔푡

휃푡+1 = 휃푡 − (훾푚푡 + 휂푔푡)

The main thing to note here is the update parameter instead of utilizing the previous momentum 푚푡−1 uses the current momentum 푚푡. Now expand the update equation of

Adam with the definitions of 푚̂푡 푎푛푑 푣̂푡: 63

휂 훽1푚푡−1 (1 − 훽1)푔푡 휃푡+1 = 휃푡 − ( 푡 + 푡 ) √푣̂푡 + 휖 1 − 훽1 1 − 훽1

훽1푚푡−1 Where 푡 the bias-corrected estimate of the momentum is vector of previous 1−훽1 time step and can be replaced with 푚̂푡−1. Now using the Nesterov momentum, the bias- corrected estimate of the momentum vector of the previous time step 푚̂푡−1 can be replaced with the bias-corrected estimate of the current momentum vector 푚̂푡. Thus NAdam update rule can be given by:

휂 (1 − 훽1)푔푡 휃푡+1 = 휃푡 − (훽1푚̂푡 + 푡 ) √푣̂푡 + 휖 1 − 훽1

6.3. Hyper Parameters

In this section, we describe different hyper-parameters used to train the neural network for different optimization algorithms. The loss/error function used in the neural network to minimize the training error is mean square error function which can be given as:

푛 1 2 푚푒푎푛_푠푞푢푎푟푒_푒푟푟표푟 = ∑(푌 − 푌 ) 푛 푒푥푝 표푏푠푖 푖=1

Table 6-1 lists the other hyper-parameters used for the training of machine learning model. All the models were trained for 10,000 number of epochs for all scenarios of the dataset.

Table 6-1: Hyperparameters for Different Optimization Algorithms

Optimizer/Training Algorithm Hyper-Parameter

Adadelta Learning rate = 1.0, rho = 0.95, epsilon = 1e-08, decay 0.0

Adagrad Learning rate = 0.01, epsilon = 1e-08, decay = 0.0

Nadam Learning rate = 0.002, beta_1 = 0.9, beta_2 = 0.999,

epsilon = 1e-08, schedule_decay = 0.004

SGD Learning rate = 0.01, momentum = 0.0, decay=0.0,

Nesterov=false

6.4. Test Results

In this section, the CRPs from four FPGA boards are passed through machine learning models. While testing for machine learning attacks, the dataset from each board is divided into training dataset of 50%, 70%, 80%, and 90%, and tested individually.

Different ratio of training dataset reflects that the hacker was successfully able to steal that much amount of CRPs and is trying to predict the rest of CRPs using them. Four different optimization algorithms are used for each dataset namely Adadelta, Adagrad, Nadam, and

SGD.

Figure 6-3 to Figure 6-14 shows the learning curve for the training models. As it is clear from the figures that SGD has smoother curve compared to others and take more time

to converge. From the learning curve, it is clear that NAdam has the very high learning rate whereas SGD has the slowest learning rate.

Figure 6-3: APUF 50% Training Data

Figure 6-4: ROPUF 50% Training Data

Figure 6-5 : Proposed PUF 50% Training Data

Figure 6-6 : APUF 70% Training Data

Figure 6-7 : ROPUF 70% Training Data 68

Figure 6-8: Proposed PUF 70% Training Data

Figure 6-9: APUF 80% Training Data

Figure 6-10 : ROPUF 80% Training Data

Figure 6-11: Proposed PUF 80% Training Data

Figure 6-12: APUF 90% Training Data

Figure 6-13 : ROPUF 90% Training Data 71

Figure 6-14: Proposed PUF 90% Training Data

Table 6-2 shows the training error for APUF, ROPUF, and proposed PUF for different algorithms and different ratios of datasets. With less training data the error is less compared to more training data as the machine learning models are able to easily classify less samples of data. The average training error for APUF and ROPUF for all the cases is

0.08 and 0.05 respectively, compared to proposed PUF which is 0.225. All the cases were run for the same number of epochs, batch size, and other parameters.

Table 6-2: Training Error for different Machine Learning Algorithms

Testing Board PUF Dataset Adadelta Adagrad Nadam SGD 50% 0.037559 0.014739 0.009948 0.115174

FPGA 1 70% 0.069514 0.041097 0.024346 0.150129 APUF 80% 0.048733 0.062208 0.034695 0.145102

90% 0.084142 0.059866 0.046119 0.167403 ROPUF 50% 0.009684 0.004241 0.000833 0.062653

70% 0.082105 0.008076 0.003727 0.081958 80% 0.154497 0.011842 0.008003 0.078956 90% 0.101962 0.020378 0.008383 0.076001 50% 0.200518 0.230574 0.19513 0.258657 70% 0.211931 0.214859 0.208364 0.24698 Proposed 80% 0.217021 0.21781 0.214189 0.248043 90% 0.22291 0.222524 0.218366 0.26592 50% 0.047823 0.020949 0.008567 0.126543 70% 0.10334 0.062295 0.033885 0.166631 APUF 80% 0.118387 0.073738 0.051365 0.160778 90% 0.10899 0.080966 0.062129 0.179054

FPGA 2 50% 0.011131 0.004501 0.003967 0.059841 70% 0.101107 0.011095 0.005331 0.086119 ROPUF 80% 0.1533 0.028552 0.009544 0.091304

90% 0.09441 0.029592 0.023664 0.089744 50% 0.213542 0.198088 0.19364 0.261036 70% 0.213429 0.213677 0.208245 0.261491 Proposed 80% 0.233168 0.218776 0.212735 0.263798 90% 0.237393 0.222448 0.218621 0.249359 50% 0.048846 0.041366 0.005943 0.127086 70% 0.101915 0.050389 0.034857 0.159756 APUF 80% 0.079976 0.072505 0.044756 0.165556 90% 0.109578 0.067904 0.057198 0.163841

FPGA 3 50% 0.013699 0.00559 0.001256 0.068438 70% 0.123413 0.018164 0.002362 0.073344 ROPUF 80% 0.32349 0.016798 0.009791 0.066751

90% 0.145293 0.026562 0.017717 0.097205 50% 0.201743 0.20232 0.214889 0.263403 70% 0.215047 0.213828 0.22538 0.248246 Proposed 80% 0.221668 0.219188 0.215976 0.282665 90% 0.222548 0.221389 0.219859 0.265814 50% 0.056538 0.024394 0.008285 0.103011 70% 0.101229 0.047585 0.031174 0.147709 APUF 80% 0.084914 0.074417 0.032287 0.163977

FPGA 4 90% 0.097188 0.078431 0.059814 0.150911 50% 0.019551 0.003997 0.000142 0.076106

70% 0.119252 0.010317 0.004033 0.080427 ROPUF 80% 0.309103 0.021747 0.00768 0.084497 90% 0.152751 0.014464 0.014501 0.090198 Proposed 50% 0.217529 0.198198 0.194025 0.246652 73

70% 0.21528 0.214533 0.222932 0.263149 80% 0.219693 0.218415 0.213528 0.249479 90% 0.222177 0.221326 0.218408 0.249985

Table 6-3 shows the accuracy of training data. It is clear from the table the accuracy of APUF and ROPUF training data is close to 100% whereas for the proposed PUF is around 10%. It is also clear that as the training data size increases, accuracy decreases showing the complexity increases to fit the model.

Table 6-3: Accuracy of Training Data

Testing Board PUF Dataset Adadelta Adagrad Nadam SGD 50% 0.992188 1 1 0.841797 70% 0.932961 0.98324 0.99581 0.794693 APUF 80% 0.968254 0.95116 0.992674 0.803419 90% 0.920738 0.952226 0.97177 0.7557

FPGA 1 50% 1 1 1 0.945312 70% 0.906425 1 1 0.907821 ROPUF 80% 0.758242 0.997558 0.998779 0.90232

90% 0.872964 0.991314 0.998914 0.917481 50% 0.056641 0.113281 0.091797 0.099609 70% 0.060056 0.110335 0.074022 0.076816 Proposed 80% 0.084249 0.070818 0.08547 0.086691 90% 0.094463 0.070575 0.084691 0.051031 50% 0.980469 0.994141 1 0.833984 70% 0.891061 0.955307 0.98743 0.769553 APUF 80% 0.854701 0.934066 0.965812 0.769231 90% 0.854506 0.913138 0.95114 0.739414

FPGA 2 50% 0.998047 0.998047 0.996094 0.957031 70% 0.863128 0.997207 1 0.914804 ROPUF 80% 0.813187 0.989011 1 0.891331

90% 0.877307 0.989142 0.989142 0.90228 50% 0.210938 0.158203 0.179688 0.107422 70% 0.122905 0.148045 0.129888 0.128492 Proposed 80% 0.150183 0.112332 0.137973 0.114774 90% 0.127036 0.142237 0.144408 0.112921 74

50% 0.972656 0.978516 1 0.820312 70% 0.860335 0.967877 0.980447 0.773743 APUF 80% 0.908425 0.935287 0.970696 0.752137 90% 0.854506 0.94354 0.953312 0.756786

FPGA 3 50% 0.998047 1 1 0.929688 70% 0.804469 1 1 0.920391 ROPUF 80% 0.565324 1 0.998779 0.932845

90% 0.809989 0.986971 0.994571 0.871878 50% 0.097656 0.099609 0.162109 0.078125 70% 0.152235 0.086592 0.121508 0.041899 Proposed 80% 0.115995 0.119658 0.112332 0.074481 90% 0.131379 0.07709 0.14658 0.080347 50% 0.960938 0.998047 1 0.869141 70% 0.899441 0.97486 0.993017 0.776536 APUF 80% 0.920635 0.919414 0.986569 0.759463 90% 0.871878 0.929425 0.954397 0.777416

FPGA 4 50% 0.998047 0.998047 1 0.912109 70% 0.808659 1 1 0.903631 ROPUF 80% 0.588523 0.995116 1 0.893773

90% 0.791531 0.998914 0.996743 0.90228 50% 0.111328 0.111328 0.085938 0.066406 70% 0.115922 0.117318 0.148045 0.057263 Proposed 80% 0.10989 0.091575 0.089133 0.065934 90% 0.078176 0.103149 0.124864 0.059718

Table 6-4 shows the testing error of the machine learning algorithms. Testing error for all the cases is close to each other. The testing error is calculated as the mean square error average of all the output neurons. Hence, the testing error cannot be taken as the measure of the accuracy of the model. That’s why we also calculated the accuracy of the model for testing data. Table 6-5 shows the accuracy of the testing data. It is clear from the table that where the accuracy of the APUF and ROPUF is around 56% and 72% on the same hand accuracy for proposed is about 6%.

Table 6-4: Testing Error for Different Machine Learning Algorithms

Testing Board PUF Dataset Adadelta Adagrad Nadam SGD 50% 0.425756 0.375136 0.615833 0.267338 30% 0.32537 0.353568 0.449374 0.228477 APUF 20% 0.330462 0.340131 0.362321 0.224997 10% 0.371883 0.303926 0.254044 0.226448

FPGA 1 50% 0.215451 0.19308 0.289133 0.152866 30% 0.258833 0.206152 0.258532 0.149879 ROPUF 20% 0.274116 0.146039 0.214282 0.118274

10% 0.264048 0.197261 0.278962 0.173707 50% 0.307848 0.339408 0.321962 0.276738 30% 0.292855 0.289685 0.306721 0.258868 Proposed 20% 0.287778 0.285665 0.28667 0.259075 10% 0.275615 0.28122 0.285281 0.269227 50% 0.442495 0.470841 0.620836 0.272774 30% 0.397532 0.412908 0.630493 0.264931 APUF 20% 0.363364 0.384741 0.394882 0.287188 10% 0.456069 0.440392 0.502042 0.267886

FPGA 2 50% 0.22904 0.240958 0.314992 0.170335 30% 0.299667 0.244858 0.330155 0.161186 ROPUF 20% 0.265701 0.195978 0.255097 0.143777

10% 0.210156 0.190184 0.248877 0.147152 50% 0.332952 0.307287 0.324089 0.274963 30% 0.291259 0.291348 0.296332 0.27205 Proposed 20% 0.30322 0.282179 0.297263 0.274516 10% 0.301662 0.288731 0.299922 0.258497 50% 0.475547 0.420603 0.585398 0.269313 30% 0.399635 0.381284 0.46612 0.232837 APUF 20% 0.42052 0.370426 0.512307 0.249111 10% 0.431396 0.433363 0.409474 0.275485

FPGA 3 50% 0.2068 0.241043 0.290039 0.157804 30% 0.26649 0.179496 0.365298 0.121375 ROPUF 20% 0.399873 0.191224 0.310464 0.123677

10% 0.250696 0.156485 0.222974 0.115558 50% 0.310054 0.30638 0.333474 0.276926 30% 0.29374 0.291914 0.315907 0.259352 Proposed 20% 0.281979 0.282667 0.28864 0.286752 10% 0.273336 0.27947 0.283937 0.274281 76

50% 0.391779 0.40384 0.570093 0.245505 30% 0.31689 0.350394 0.42585 0.234409 APUF 20% 0.361625 0.253031 0.439857 0.192581 10% 0.311819 0.326715 0.344225 0.191689

FPGA 4 50% 0.284927 0.285273 0.459734 0.165416 30% 0.301114 0.209556 0.278856 0.144587 ROPUF 20% 0.380523 0.19352 0.289807 0.154036

10% 0.167179 0.154102 0.180387 0.100111 50% 0.322457 0.31106 0.326743 0.262364 30% 0.286434 0.290431 0.307021 0.276609 Proposed 20% 0.287083 0.28565 0.296406 0.256334 10% 0.282413 0.289606 0.285918 0.260602

Table 6-5: Accuracy of Testing Data

Testing Board PUF Dataset Adadelta Adagrad Nadam SGD 50% 0.537109 0.556641 0.433594 0.580078 30% 0.61039 0.545455 0.50974 0.646104 APUF 20% 0.634146 0.541463 0.570732 0.639024 10% 0.475728 0.553398 0.728155 0.699029

FPGA 1 50% 0.767578 0.75 0.679688 0.796875 30% 0.691558 0.720779 0.704545 0.756494 ROPUF 20% 0.653659 0.809756 0.726829 0.843902

10% 0.68932 0.747573 0.699029 0.747573 50% 0.050781 0.054688 0.037109 0.056641 30% 0.035714 0.051948 0.051948 0.051948 Proposed 20% 0.039024 0.034146 0.029268 0.063415 10% 0.038835 0.058252 0.097087 0.048544 50% 0.474609 0.507812 0.402344 0.587891 30% 0.532468 0.50974 0.483766 0.574675 APUF 20% 0.482927 0.55122 0.55122 0.541463

FPGA 2 10% 0.533981 0.495146 0.553398 0.563107 50% 0.730469 0.724609 0.65625 0.767578 30% 0.633117 0.704545 0.642857 0.762987

ROPUF 20% 0.658537 0.760976 0.692683 0.77561 10% 0.728155 0.776699 0.718447 0.786408 50% 0.082031 0.101562 0.095703 0.087891 Proposed 30% 0.077922 0.055195 0.081169 0.123377 77

20% 0.097561 0.087805 0.063415 0.078049 10% 0.07767 0.058252 0.097087 0.087379 50% 0.525391 0.498047 0.466797 0.619141 30% 0.594156 0.551948 0.519481 0.642857 APUF 20% 0.570732 0.517073 0.507317 0.614634 10% 0.572816 0.533981 0.514563 0.563107

FPGA 3 50% 0.748047 0.712891 0.669922 0.777344 30% 0.681818 0.788961 0.681818 0.818182 ROPUF 20% 0.521951 0.721951 0.678049 0.834146

10% 0.68932 0.805825 0.718447 0.84466 50% 0.070312 0.035156 0.082031 0.058594 30% 0.081169 0.061688 0.084416 0.042208 Proposed 20% 0.043902 0.087805 0.082927 0.053659 10% 0.106796 0.048544 0.067961 0.106796 50% 0.5 0.511719 0.417969 0.648438 30% 0.551948 0.577922 0.529221 0.662338 APUF 20% 0.536585 0.692683 0.478049 0.770732 10% 0.679612 0.592233 0.582524 0.728155

FPGA 4 50% 0.667969 0.658203 0.597656 0.765625 30% 0.678571 0.743506 0.681818 0.805195 ROPUF 20% 0.565854 0.746341 0.682927 0.765854

10% 0.776699 0.834951 0.757282 0.854369 50% 0.029297 0.0625 0.042969 0.044922 30% 0.081169 0.048701 0.077922 0.025974 Proposed 20% 0.068293 0.034146 0.043902 0.068293 10% 0.067961 0.029126 0.07767 0.087379

The responses generated from the PUFs are truly random and it is difficult for the machine learning algorithms to completely predict the CRPs. In the case of APUF the machine learning is able to predict CRPs with about 70% when trained with 90% of the data but in the same scenario for proposed PUF its only 5%. This shows the prediction of

CRPs become extremely difficult when APUF CRPs are passed through the proposed scheme.

For the proposed PUF the output response is 16 bits for each challenge, hence matching all 16 bits with the predicted response will be abrupt. Therefore we calculated

Hamming distance between the predicted response and the actual response to measure at how many bits the predicted response differed. Figures show the Hamming Distance between the predicted responses and actual responses for different FPGA boards. It can be seen from Figure 6-15 to Figure 6-30 that average Hamming Distance is around 8. This depicts that the actual and the predicted response bits differ at 8 bits. Even after training the models with 90% of the training data the Hamming Distance between predicted and actual responses does not decrease. This shows that the accuracy of the proposed model is very less hence making the predictions very difficult.

Figure 6-15: Hamming Distance for FPGA 1 and 50% Training Data

Figure 6-16: Hamming Distance for FPGA 2 and 50% Training Data

Figure 6-17: Hamming Distance for FPGA 3 and 50% Training Data

Figure 6-18: Hamming Distance for FPGA 4 and 50% Training Data

Figure 6-19: Hamming Distance for FPGA 1 and 70% Training Data

Figure 6-20: Hamming Distance for FPGA 2 and 70% Training Data

Figure 6-21: Hamming Distance for FPGA 3 and 70% Training Data

Figure 6-22: Hamming Distance for FPGA 4 and 70% Training Data

Figure 6-23: Hamming Distance for FPGA 1 and 80% Training Data

Figure 6-24: Hamming Distance for FPGA 2 and 80% Training Data

Figure 6-25: Hamming Distance for FPGA 3 and 80% Training Data

Figure 6-26: Hamming Distance for FPGA 4 and 80% Training Data

Figure 6-27: Hamming Distance for FPGA 1 and 90% Training Data

Figure 6-28: Hamming Distance for FPGA 2 and 90% Training Data

Figure 6-29: Hamming Distance for FPGA 3 and 90% Training Data

Figure 6-30: Hamming Distance for FPGA 4 and 90% Training Data

Chapter 7

Conclusion

ASIC chips and FPGAs have penetrated deep into our society and are continuously exposed to threats from adversaries. Therefore, there is an immediate need to check these risks and protect the security breach incurred because of these devices. A true incident related to US Navy P-8A plane showed the use of a counterfeit chip in the plane which was supposed to be supplied by Xilinx [53]. Further investigation showed that the chip was supplied by a fake Chinese company. This incident reveals the usage of chips/FPGA in critical operational fields and the widespread disaster which could be caused to the national security and economy if supply chain contains counterfeit parts. This raises serious safety and security issues. There have been several methods proposed in the literature to ensure the authenticity of the chips. One of the prominent hardware oriented measures is the usage of Physical Unclonable Functions which can act as a primitive security measure for chips authentication and prevent adversaries from hacking in the system. However, recent research shows that hackers are using machine learning attacks to break PUFs. In this thesis, we propose a Hybrid PUF which is more immune to machine learning attacks. This claim has been asserted based on the uniqueness, randomness, and machine learning tests.

From experimental results, the average intra-chip uniqueness of proposed PUF is observed to be 49.9%, which is almost desired 50% whereas the inter-chip uniqueness is 96

observed to be 48%. The results in Section 5.2 show that the proposed PUF passes most of the NIST randomness test with more than 95% passing rate. The PUFs when subjected to different machine learning attacks, the prediction rate of proposed PUF is worse when compared to other APUF and ROPUF designs. The results in Chapter 6 show that adversary will have more difficulty in predicting CRPs of the proposed PUF, hence making it better and strong than others.

7.1. Contributions

The major contributions to the research are summarized below-

 A 16 stage Arbiter PUF is implemented with buffer stages to increase the

manufacturing process variation effect on response bit generation. The two paths of the

APUF are made identical and symmetric using manual routing using FPGA editor.

 A Ring Oscillator PUF is implemented with 256 RO frequencies. The hard macro is

implemented to make each ring oscillator identical to each other.

 A hybrid PUF is introduced which combines both delay based PUFs, namely, APUF

and ROPUF. The hybrid PUF generates an n-bit response for each n-bit challenge

compared to other PUFs which generate a 1-bit response for each n-bit challenge.

 The challenge-response pairs generated from all three PUFs are compared in terms of

uniqueness. It is found that the uniqueness of proposed PUF is greater than APUF and

ROPUF by 23% and 19%, respectively. The randomness results showed that the hybrid

PUF has an average passing percentage of more than 97%.

 Machine learning attacks were carried out on all three PUF CRPs considering the

scenario that the adversary has successfully access to 50%, 70%, and 90% of the CRPs. 97

The models were trained for four different best-optimizing algorithms: Adagrad,

Adadelta, SGD, and NAdam. The results show that even after training for the same

number of epochs the average accuracy for the proposed PUF model is 7% compared

to 56% and 72% for APUF and ROPUF, respectively. Therefore, it is more difficult to

break the proposed PUF.

7.2. Future Work

The following items constitute topics for future research:

 Designing a standalone system on chip (SoC) on FPGA which takes the n-bit challenge

and generates n-bit response internally combining APUF and ROPUF. Hence,

removing the usage of external computers and interference from humans.

 Comparing the CRPs of all three PUFs on different parameters such as reliability,

temperature and voltage variations, and bit-flips.

 Capturing CRPs for a higher bit of challenge and response pairs such as 128 bits and

256 bits.

 Implementing machine learning attacks using deep learning models and artificial

intelligence.

References

[1] Y. Jin, “Introduction to Hardware Security,” Electronics, vol. 4, no. 4, pp. 763–

784, 2015.

[2] A. Waksman, M. Suozzo, and S. Sethumadhavan, “FANCI : Identification of

Stealthy Malicious Logic Using Boolean Functional Analysis,” Ccs 2013, no. c,

pp. 697–708, 2013.

[3] Y. Jin and Y. Makris, “Proof carrying-based information flow tracking for data

secrecy protection and hardware trust,” in Proceedings of the IEEE VLSI Test

Symposium, 2012, pp. 252–257.

[4] Y. Jin, N. Kupp, and Y. Makris, “DFTT: Design for Trojan test,” in 2010 IEEE

International Conference on Electronics, Circuits, and Systems, ICECS 2010 -

Proceedings, 2010, pp. 1168–1171.

[5] M. Hicks, M. Finnicum, S. T. King, M. M. K. Martin, and J. M. Smith,

“Overcoming an untrusted computing base: Detecting and removing malicious

hardware automatically,” in Proceedings - IEEE Symposium on Security and

Privacy, 2010, pp. 159–172.

[6] S. Drzevitzky, U. Kastens, and M. Platzner, “Proof-carrying hardware: Towards

runtime verification of reconfigurable modules,” in ReConFig’09 - 2009

International Conference on ReConFigurable Computing and FPGAs, 2009, pp.

189–194.

[7] E. Love, Y. Jin, and Y. Makris, “Proof-carrying hardware intellectual property: A

pathway to trusted module acquisition,” IEEE Trans. Inf. Forensics Secur., vol. 7,

no. 1 PART 1, pp. 25–40, 2012.

[8] T. Vaidya, “2001-2013: Survey and Analysis of Major Cyberattacks,” CoRR, vol.

abs/1507.0, pp. 1–25, 2015.

[9] (Edison Electrical Institute/EEI and AEIC MeterComittees), “Smart Meters and

Smart Meter Systems : A Metering Industry Perspective,” 2011.

[10] M. Mustapa, M. Niamat, A. P. D. Nath, and M. Alam, “Hardware-Oriented

Authentication for Advanced Metering Infrastructure,” IEEE Trans. Smart Grid,

vol. PP, no. 99, p. 1, 2017.

[11] U. Rührmair, F. Sehnke, J. Sölter, G. Dror, S. Devadas, and J. Schmidhuber,

“Modeling Attacks on Physical Unclonable Functions.”

[12] L. T. Wang, C. E. Stroud, and N. A. Touba, System-on-Chip Test Architectures.

2008.

[13] Xilinx, Introduction to FPGA Design with Vivado High-Level Synthesis, vol. 998.

2013.

[14] W. Wolf, FPGA-based system design. Pearson education. 2004.

[15] Xilinx and Inc, “Xilinx DS312 Spartan-3E FPGA Family Data Sheet, Data

Sheet,” 2013.

[16] H. Lessig, “‘Flood’ of fake Chinese parts in U.S. military, according to Senate

report,” McClatchy - Tribune Business News, p. n/a, 2012.

[17] B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Silicon physical random

functions,” in Proceedings of the 9th ACM conference on Computer and

communications security - CCS ’02, 2002, p. 148.

[18] M. Tehranipoor and F. Koushanfar, “A survey of hardware trojan taxonomy and 100

detection,” IEEE Design and Test of Computers, vol. 27, no. 1. pp. 10–25, 2010.

[19] X. Wang, M. Tehranipoor, and J. Plusquellic, “Detecting malicious inclusions in

secure hardware: Challenges and solutions,” in 2008 IEEE International

Workshop on Hardware-Oriented Security and Trust, HOST, 2008, pp. 15–19.

[20] H. Yu, Q. Xu, and P. H. W. Leong, “Fine-grained characterization of process

variation in FPGAs,” in Proceedings - 2010 International Conference on Field-

Programmable Technology, FPT’10, 2010, pp. 138–145.

[21] L. E. Bassham et al., “A statistical test suite for random and pseudorandom

number generators for cryptographic applications,” no. April, 2010.

[22] Tolk and K. M, “Reflective particle technology for identification of critical

components.” 1992.

[23] R. Maes and I. Verbauwhede, “Physically Unclonable Functions: A Study on the

State of the Art and Future Research Directions,” 2010, pp. 3–37.

[24] D. Kirovski, “Anti-Counterfeiting: Mixing the Physical and the Digital World.”

[25] J. D. R. Buchanan et al., “Forgery: ‘Fingerprinting’ documents and packaging,”

Nature, vol. 436, no. 7050, pp. 475–475, 2005.

[26] P. Bulens, F.-X. Standaert, and J.-J. Quisquater, “How to strongly link data and its

medium: the paper case,” IET Inf. Secur., vol. 4, no. 3, pp. 125–136, 2010.

[27] G. Hammouri, A. Dana, and B. Sunar, “CDs have fingerprints too,” in Lecture

Notes in Computer Science (including subseries Lecture Notes in Artificial

Intelligence and Lecture Notes in Bioinformatics), 2009, vol. 5747 LNCS, pp.

348–362.

[28] G. DeJean and D. Kirovski, “RF-DNA: Radio-Frequency Certificates of 101

Authenticity,” in Cryptographic Hardware and Embedded Systems - CHES 2007,

Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 346–363.

[29] R. Indeck and M. Muller, “Method and apparatus for fingerprinting magnetic

media,” US Pat. 5,365,586, vol. 26, no. 5, 1994.

[30] S. Vrijaldenhoven, “Acoustical physical uncloneable functions,” 2004.

[31] K. Lofstrom, W. R. Daasch, and D. Taylor, “IC identification circuit using device

mismatch,” Dig. Tech. Pap. - IEEE Int. Solid-State Circuits Conf., pp. 372–373,

2000.

[32] R. Helinski, D. Acharyya, and J. Plusquellic, “A physical unclonable function

defined using power distribution system equivalent resistance variations,” in

Proceedings of the 46th Annual Design Automation Conference on ZZZ - DAC

’09, 2009, p. 676.

[33] P. Tuyls, G.-J. Schrijen, B. Skori, J. Van Geloven, N. Verhaegh, and R. Wolters,

“Read-Proof Hardware from Protective Coatings.”

[34] B. Škorić, S. Maubach, T. Kevenaar, and P. Tuyls, “Information-theoretic

analysis of capacitive physical unclonable functions,” J. Appl. Phys., vol. 100, no.

2, 2006.

[35] R. Maes and I. Verbauwhede, “Physically Unclonable Functions: A Study on the

State of the Art and Future Research Directions,” 2010, pp. 3–37.

[36] J. Guajardo et al., “Anti-counterfeiting, key distribution, and key storage in an

ambient world via physical unclonable functions,” Inf. Syst. Front., vol. 11, no. 1,

pp. 19–41, 2009.

[37] J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, “FPGA Intrinsic PUFs and 102

Their Use for IP Protection,” Cryptogr. Hardw. Embed. Syst. - CHES 2007, pp.

63–80.

[38] S. S. Kumar, J. Guajardo, R. Maes, G. J. Schrijen, and P. Tuyls, “The Butterfly

PUF protecting IP on every FPGA,” in 2008 IEEE International Workshop on

Hardware-Oriented Security and Trust, HOST, 2008, pp. 67–70.

[39] Y. Su, J. Holleman, and B. Otis, “A1.6pJ/blt 96% stable chip-ID generating

circuit using process variations,” in Digest of Technical Papers - IEEE

International Solid-State Circuits Conference, 2007.

[40] R. Maes, P. Tuyls, and I. Verbauwhede, “Intrinsic PUFs From Flip-Flops on

Reconfigurable Devices,” in Workshop on Information and System Security, 2008,

no. 71369, pp. 1–17.

[41] J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, “FPGA Intrinsic PUFs and

Their Use for IP Protection,” in Cryptographic Hardware and Embedded Systems

- CHES 2007, Berlin, Heidelberg: Springer Berlin Heidelberg, 2007, pp. 63–80.

[42] Xilinx and Inc, “Xilinx XAPP466 Using Dedicated Multiplexers in Spartan-3

Generation FPGAs application note,” 2005.

[43] A. Jagannatam, “Mersenne Twister – A Pseudo Random Number Generator and

its Variants,” 2008.

[44] C. E. Yin and G. Qu, “Obtaining statistically random information from silicon

physical unclonable functions,” IEEE Trans. Emerg. Top. Comput., vol. 2, no. 2,

pp. 96–106, 2014.

[45] Y. Hori, T. Yoshida, T. Katashita, and A. Satoh, “Quantitative and Statistical

Performance Evaluation of Arbiter Physical Unclonable Functions on FPGAs.” 103

[46] S. Eiroa and I. Baturone, “An analysis of ring oscillator PUF behavior on

FPGAs,” in 2011 International Conference on Field-Programmable Technology,

FPT 2011, 2011.

[47] S. R. Sahoo, S. Kumar, and K. Mahapatra, “A novel ROPUF for hardware

security,” in 2015 19th International Symposium on VLSI Design and Test, 2015,

pp. 1–2.

[48] C. Gu, Y. Cui, N. Hanley, and M. O’Neill, “Novel lightweight FF-APUF design

for FPGA,” in 2016 29th IEEE International System-on-Chip Conference

(SOCC), 2016, pp. 75–80.

[49] T. Machida, D. Yamamoto, M. Iwamoto, and K. Sakiyama, “Implementation of

double arbiter PUF and its performance evaluation on FPGA,” in The 20th Asia

and South Pacific Design Automation Conference, 2015, pp. 6–7.

[50] D. P. Sahoo, R. S. Chakraborty, and D. Mukhopadhyay, “Towards Ideal Arbiter

PUF Design on Xilinx FPGA: A Practitioner’s Perspective,” in 2015 Euromicro

Conference on Digital System Design, 2015, pp. 559–562.

[51] S. Eiroa and I. Baturone, “An analysis of ring oscillator PUF behavior on

FPGAs,” in 2011 International Conference on Field-Programmable Technology,

2011, pp. 1–4.

[52] D. P. Kingma and J. L. Ba, “ADAM: A METHOD FOR STOCHASTIC

OPTIMIZATION.”

[53] J. Villasenor and M. Tehranipoor, “Chop shop electronics,” IEEE Spectr., vol. 50,

no. 10, pp. 41–45, Oct. 2013.

104

Appendix A

Prediction Results

The below are the confusion matrix for the prediction of APUF CRPs.

Figure A-1: APUF Confusion Matrix FPGA 1-50% Training Data

105

Figure A-2: APUF Confusion Matrix FPGA 2-50% Training Data

Figure A-3: APUF Confusion Matrix FPGA 3-50% Training Data

106

Figure A-4: APUF Confusion Matrix FPGA 4-50% Training Data

Figure A-5: APUF Confusion Matrix FPGA 1-70% Training Data

107

Figure A-6: APUF Confusion Matrix FPGA 2-70% Training Data

Figure A-7: APUF Confusion Matrix FPGA 3-70% Training Data

108

Figure A-8: APUF Confusion Matrix FPGA 4-70% Training Data

Figure A-9: APUF Confusion Matrix FPGA 1-80% Training Data

109

Figure A-10: APUF Confusion Matrix FPGA 2-80% Training Data

Figure A-11: APUF Confusion Matrix FPGA 3-80% Training Data

110

Figure A-12: APUF Confusion Matrix FPGA 4-80% Training Data

Figure A-13: APUF Confusion Matrix FPGA 1-90% Training Data

111

Figure A-14: APUF Confusion Matrix FPGA 2-90% Training Data

Figure A-15: APUF Confusion Matrix FPGA 3-90% Training Data

112

Figure A-16: APUF Confusion Matrix FPGA 4-90% Training Data

113