FPGA_ro_Frequency - Fraunhofer AISEC

Large Scale RO PUF Analysis over Slice Type, Evaluation Time and Temperature on 28nm Xilinx FPGAs

Runtime accessible, general purpose, secure secret storage based on physical unclonable functions (PUFs) implemented within the programmable logic fabric is one of the most interesting applications of PUFs on field programmable gate arrays (FPGAs). To properly evaluate the quality of a PUF design, data from a large number of devices is required. Now a huge dataset is available containing 100 repeated measurements of 6592 ring oscillators (ROs) on 217 Xilinx Artix-7 XC7A35T FPGAs. This is both larger, and based on a more recent technology node than other publicly available datasets of related work.

Apart from making the raw data publicly available, a thorough analysis is performed. The location and type of slice is found to affect the RO frequency by approx. 5 MHz, fast switching logic decreases the frequency by approx. 10 MHz, and ROs adjacent to clock routing resources showed an expected frequency of 20MHz less than others on the device. We also address the time-to-response of ring oscillator PUFs (RO-PUFs), which can be large, by optimizing the evaluation time with regard to the measurement precision and found 70.71 μs to be optimal for the device and architecture under test. The temperature induced bit error rate was estimated to be 3.5% and 5.8% for temperature differences of 60 C and 100 C respectively.

Finally, access to the FPGA array used to obtain the data will be granted to interested researchers.

Paper Download

Large Scale RO PUF Analysis over Slice Type,
Evaluation Time and Temperature
on 28nm Xilinx FPGAs

Download

Bibtex

Download

Raw Data

Download

Authors

Contact Press / Media

Robert Hesselbarth

Security Researcher

Fraunhofer AISEC
Lichtenbergstraße 11
85748 Garching b. München

Send email
robert.hesselbarth@aisec.fraunhofer.de

Contact Press / Media

Florian Wilde

Technical University of Munich (TUM), Munich, Germany

Send email
florian.wilde@tum.de

Contact Press / Media

Neil Hanley

Center for Secure Information Technologies (CSIT), Queen’s University Belfast, Belfast, UK

Send email
n.hanley@qub.ac.uk

Contact Press / Media

Chongyan Gu

Center for Secure Information Technologies (CSIT), Queen’s University Belfast, Belfast, UK

Send email
c.gu@qub.ac.uk

Requirements for future secure embedded systems

1. Security for more than 10 years (target 30 years)

2. Secure machine to machine communication (M2M)

3. Protection of embedded systems against manipulation and misuse

4. Fulfillment of typical non functional requirements, i.e.:

– Real time behavior

– Resource limitations (cost, power)

5. Maintain security despite increasing complexity

6. Protection of intellectual property

7. Secure software update during operation

Ring-osciallator architecture

The design under test is a three stage RO. It has an enable input, to start or stop the oscillation as required, and an output buffered by a toggle flip flop resulting in a signal that is half the actual RO frequency. The entire architecture can fit in a single Xilinx Artix-7 slice.

Consteallations of CLB...

Due to the physical layout of the FPGA device, it was not possible to identically route all ROs exactly the same resulting in 6 different RO types. For the Artix-7 device under consideration the slices are paired up in configurable logic blocks (CLBs). Depending on the position within a CLB, the RO type is identified as upper or lower. The routing switch matrix can be to the left or to the right of the CLB hence we further identify the type as left or right. Since there are two slice variants we also have to identify the RO type as SLICEL or SLICEM with only the lower slices containing SLICEMs.