Predictive Analysis of 3D ReRAM-based PUF for Securing the Internet of Things Jeeson Kim Hussein Nili School of Engineering Electrical and Computer Engineering RMIT University University of California Santa Barbara Melbourne, Australia Santa Barbara, USA [email protected] [email protected] Gina C. Adam Nhan Duy Truong Electrical and Computer Engineering School of Engineering University of California Santa Barbara RMIT University Santa Barbara, USA Melbourne, Australia gina [email protected] [email protected] Dmitri B. Strukov Omid Kavehei Electrical and Computer Engineering Electrical and Information Engineering University of California Santa Barbara The University of Sydney Santa Barbara, USA Sydney, Australia [email protected] [email protected] Abstract—In recent years, an explosion of IoT devices challenge [2, 3]. Widely used traditional cryptographic and its use leads threats to the privacy and security solutions, for example, advanced encryption standard concerns of individual users and merchandises. As one (AES) and elliptic curve cryptography (ECC), can be of promising solutions, physical unclonable function (PUF) has been extensively studied. This paper investigates quality used for both the integrity and the authentication of of randomness in the first generation of 3D analog ReRAM exchanging data and messages. PUF primitives using measured and gathered data from IoT hardware anti-counterfeiting, integrated circuit fabricated ReRAM crossbars. This study is significant as (IC) trust and physical tampering are also critical the randomness quality of a PUF directly relates to its tasks [4]. In 2014, defense advanced research projects resilience against various model-building attacks, includ- ing machine learning attack. Experimental results verify agency (DARPA) launched the supply chain hardware near perfect (50%) predictability. It confirms the PUFs integrity for electronics defense (SHIELD) program so- potentials for large-scale, yet small and power efficient, licits hardware root-of-trust for IC authentication which implementation of hardware intrinsic security primitives. aims to be low-cost, energy-efficient, tiny size, resilience Index Terms—hardware-intrinsic security primitives, In- ternet of Things, resistive random access memories, ma- to threats, and fully-fledged solutions. [5]. Hardware chine learning attacks security primitives such as physical unclonable function (PUF) and true random number generation (TRNG) have I. INTRODUCTION emerged as promising low-overhead security applica- Internet of Things (IoT) products from wearables and tions based on the inherent physical constraint of IoT implants to smart supply chain have brought paramount devices [6]. benefits into near all aspects of our life over the past In particular, PUF is relatively new breed of crypto- few decades. Since the interconnected objects may be graphic primitives that gain an advantage of otherwise remotely accessed from the Internet, the accelerated pace disadvantageous variation in physical system manufac- of IoT adoption poses increased privacy and security turing with the aim to produce secrets that are unclon- concerns of individual users and merchandises [1]. As able [7]. While their role in security hierarchy is still the typical IoT devices possess a lack of sophisticated under study, they eliminate the need to explicitly store computing capabilities, securing sensitive information secrets in memory (e.g. EEPROM) and therefore are between lightweight devices or between IoT device expected to significantly improve security [8, 9]. A PUF and trust center is an important but yet a difficult is, in its mathematical form, a hardware implementation of a one-way function that maps an input (challenge) to II. ANALOG RERAM-BASED PUF OPERATION an ideally unique and unpredictable output (response). A fully passive and monolithically integrated A PUF should ideally be unclonable against a wide 2 2×10×10 TiO2−x nm was employed for the ReRAM- range of adversarial attacks including: modeling, ran- based PUF design (Fig. 1(a)). The top and bottom dom guessing, man-in-the-middle, wide variety of side- crossbars are accessible using top electrode (TE) and channels and machine learning attacks. Recently, there bottom electrode (BE), respectively, by sharing a middle has been an increased focus on implementing hardware- electrode (ME). Full details on fabrication process can intrinsic security primitives based on inherent random- be found in Reference [11]. Individual devices show ness in emerging electronic memory technologies. a large dynamic range of resistance and an excellent I–V nonlinearity. While the analog crossbars show Memory hardware such as resistive random ac- excellent uniformity in their switching and performance cess memory (ReRAM) crossbars are among the most characteristics (Fig. 1(b), the small spatial variations in promising alternatives for large scale memory class, due resistance across the array can be used as an effective to their relative low-cost fabrication, simple operation source of randomness. To this end, our proposed PUF (yet rich switching dynamics), and a major intrinsic, architecture (Fig. 1(c)) employs a selection scheme layout-independent, variations in their switching charac- that generates 1-bit response based on differential teristics. We suggested experimentally verified ReRAM comparison between currents passed through two sets PUF based on monolithically integrated 3D analog cross- of selected rows/columns, each includes sneak-path bar arrays and showed its robust performance in a currents component through neighboring unselected large-scale study [10]. Our results indicate the immense devices [12]. In this work, the PUF uses a selection potential of state tuning and harnessing conductance scheme with 5 rows and 2 columns. nonlinearity in analog crossbars for reconfigurable and The aim is to implement an effective one-way function secure security primitives. Herein, we present a test on that incorporates array-scaled random spatial variations true randomness generation of these PUFs entirely based (Fig. 1(d)), thereby complicating many side-channel on experimentally gathered response string of length of probing attacks, therefore, allows for more depend- 352 kbits. The test has a conventional part based on able operation. The significant difference between our National Institute of Standards and Technology (NIST) ReRAM PUF and a conventional CMOS-based PUF is statistical test suite, and more deliberate evaluation of the the additional layout-independent variation in ReRAMs. PUF resilience against various model-building attacks We extract this feature by varying applied bias, Vb of using advanced deep learning models. the lowest at 0.2 V to the highest at 0.6 V, which employs device nonlinearity as an additional source of entropy [10]. To effectively combine the contribution of variation sources to the overall transfer function and avoid unintentional systematic biases, all devices in the a b array are programmed in a tight highly nonlinear range. III. EVALUATION OF RANDOMNESS In Reference [10], randomness and stability of the analog ReRAM-based PUF against key PUF metrics Top device Bottom device c VG VG PUF Response b Floating μ Vb d Resistance (kΩ) a PUF A Vb Selected 250 350 V Vb : Row Bias 50% b PUF D 50% μ Vb VG : Virtually Vb grounded 50% μ 50% % Comparator PUF Response 50 PUF A PUF B ∆Ii, j > 0 → 1 50% ∆I < 0 → 0 PUF C Response i, j μ μ Fig. 1. (a) Top-view scanning electron microscopy (SEM) image, equivalent circuit and cross-sectional schematic of the 3D stacked Fig. 2. Traditional PUF performance evaluations metrics. (a) rep- crossbar. (b) Current-voltage (I–V ) curves for all 2×10×10 devices resents intra-Hamming distance (HD) measuring stability of a PUF with two representative curves being highlighted. (c) PUF primitive instance. (b) represents inter-HD showing PUF randomness measured operation scheme. (d) Example of the tuned crossbar. across multiple PUF instances. TABLE I MACHINE LEARNING TESTS CONFIGURATION AND PREDICTABILITY. Configuration Training sequence length Output dimension of Predictability 301 LSTM: 128, Dense: 128, 2 50.41% LSTM–Dropout–LSTM–Dense–Dense–Softmax 101 LSTM: 128, Dense: 128, 2 50.52% 64 LSTM: 256, Dense: 256, 2 50.28% are exhaustively evaluated. The stability measures the it is important to carefully design the significance level robustness of a PUF against spatio-temporal variation for the appropriate test setup. which will ideally be represented as 0% (Fig. 2(a)), The computed p-values and successful test results are while ideal 50% randomness is the highest level of shown in Fig. 3(a). With the significance level α at 0.01 stochasticity across PUF instances (Fig. 2(b). Here, we (dotted red line), a PUF response sequence passes all 15 investigate the degree of predictability and statistical test (total 118 sub-tests). randomness of the PUF response, utilizing a relatively We also statistically quantify the degree of random- large subset of the 1-bit responses at different biases (350 ness using 200 × 10 kbits response sequences. The em- kbits × 5 for 5 different biases included in the network pirical results then can be interpreted with two methods; challenge). The PUF response sequence is subjected to (1) the proportion of sequences that pass the statistical two randomness evaluations including machine learning test (proportion analysis) and (2) the distribution of p- and statistical randomness tests. values for uniformity (uniformity