Slight variations during fabrication make each chip slightly different from the next. This is a headache for chip designers, who have to ensure that chips nevertheless all behave the same. But security specialists rejoice: they can exploit the chip variation flaw to stamp each chip with a unique fingerprint. And with these fingerprints, chips can authenticate and generate encryption keys in a more secure way, making connected applications much safer to use. With world-class research teams in chip fabrication variability and hardware security, imec has hit on the right combination of expertise to design such chip biometrics. They form one of the cornerstones of imec’s research into a tight and lightweight hardware security that should help ensure the security and privacy of billions of future IoT devices.
No two chips are made alike
If your self-driving car is contacted to come and drive you to the airport, it has no way of knowing that it was contacted by the one unique smartphone that is allowed to call it. It could have been called by a copy. So here is a security issue: people can be identified uniquely, electronic applications not (yet). People have fingerprints and other biometric characteristics that are unique, that you can measure easily, and that are very hard to duplicate. Not so for the growing number of connected intelligent applications such as self-driving cars, drones, IoT sensors … In the electronic world, it is much harder to distinguish the real from the fake.
One solution that comes to mind, an easy and cheap way out, would be to use unique fabrication identifiers for each chip. When the chip is contacted by an application – ‘challenged’ in security parlance – it will send a unique response that is derived from that identifier (or a cryptographic key derived from that identifier). The application then checks if the response is a valid one. If so, it will hence trust the chip.
But this is far from secure, because it is e.g. possible to have a second, rogue chip use the same identifier. What we need is something that uniquely and physically identifies one chip and no other.
Enter physically unclonable functions (PUFs), or the equivalent of a human fingerprint. They are made possible because, during the chip’s fabrication, countless random variations compound to give each chip unique characteristics. On the nanoscale, it is simply not possible to fabricate two chips that are identical. Researchers have long been thinking about how they could profit from this uniqueness and derive an identifier that when used, can unequivocally identify a chip. The result have been a whole range of proposals for PUFs, each with their strength and weaknesses.
For imec, PUFs are a natural extension of the research in process variability and its mitigation. “With shrinking dimensions, the relative importance of variability on a chip’s performance is growing. And our experts have amassed world-class expertise in how to mitigate these effects,” says Thomas Kallstenius, Program Director Security and Distributed Trust at imec. “With the recent expansion of imec, we now also have an R&D group that has a world reputation in hardware security. They had all the knowledge about PUFs but lacked the fabrication capability and variability expertise. Together, we can now work on all aspects of providing chips with fingerprints.”
What an ideal fingerprint would look like
“What we are looking for is a chip identity not based on a program that is installed in the circuits, but on the physical characteristics of that chip. That identity should be unique and impossible to copy, not because it is protected by passwords and cryptography but because it is based on random, uncontrollable physics that are impossible to fabricate twice,” says Ingrid Verbauwhede, who leads the embedded systems and hardware group at imec – COSIC – KU Leuven.
Some examples of PUFs that have been proposed and tried are e.g. arbiter PUFs, ring oscillator PUFs or SRAM PUFs. The latter e.g. rely on the fact that an SRAM cell powers up to 0 or 1 depending on its nanofabrication characteristics. So reading out a chip’s SRAM bank after power up is a good basis for a unique fingerprint. Ingrid Verbauwhede: “Each of the PUFs that have been proposed have their advantages and disadvantages. Some cost more, e.g., because you need additional circuits. Other have a fingerprint that will change over time, and for others the security community has already found security flaws. And that is why we’re still looking for new methods of creating PUFs, e.g. making use not of circuits but of the characteristics of transistors in the latest technology nodes.”
An ideal chip fingerprint should be easy to evaluate and stable. This means that it doesn’t cost the chip much time and energy to use its fingerprint, and that the fingerprint will not change over time. Moreover, it should be unique for that chip and near impossible to physically clone in another chip. Also it should be unpredictable from all the responses (or keys) that the chip divulges. Last, in the ideal case it should be tamper resistant: if someone tries to physically unlock the chip, this should destroy or change the fingerprint.
Ingrid Verbauwhede: “Such a chip fingerprint can basically be used in two ways. One is as a very lightweight way to authenticate the chip, to make sure that this is the correct chip. You send it a challenge and it gives you the response. You then check this response against your database of all legitimate responses. That database has been made beforehand and should of course be kept protected. And – very important – each challenge should only be used once, because otherwise a hacker could listen in, record the challenge/response pairs and use them to hack the chip.”
“A second application of chip fingerprints is to use them as basis to generate cryptographic keys. This is a bit more complicated, and you’ll need some additional algorithms and helper data to make the keys 100% secure. But the result is effectively a key that is derived from the chip’s random properties and not from some stored secret or physical process that can be wiretapped.”
A fingerprint based on deeply-scaled transistors
Dimitri Linten is R&D manager at imec’s reliability team. With his colleagues, he has been studying the variations in FinFET fabrication, and is now looking how these could be used to create a new PUF. “Given the problems with some of the other PUFs, we especially looked for a fingerprint that would require no additional circuits or processing and that would remain stable during the chip’s lifetime.”
The new method they came up with uses the intrinsic randomness of the positions at which the gate oxide goes into soft-breakdown. The oxide layer at the gate has been made extremely thin. Over time, with voltage being applied repeatedly, random defects will accumulate in the gate oxide. At a certain point, these defects create a percolation leakage path through the gate. “At that point,” says Dimitri Linten, “the transistor can no longer serve its purpose, it has gone into soft breakdown. But what we are interested in is that the location of percolation path in the gate will be randomly distributed between source and drain, and their position can be measured.”
“Of course, oxide breakdowns are an ageing effect. We want to keep a chip healthy for as long as possible and mitigate or delay this ageing breakdown effect as much as possible. But we could reserve a circuit where we can intentionally apply a high voltage to force the gates to form soft-breakdown paths. So we force part of the chip to age very fast and as a side-effect give us a random fingerprint. And compared to e.g. fingerprints based on SRAMs, this PUF allows a more robust readout, meaning that there is less error correction and post processing needed.”
The way how we construct the PUF, by way of a momentanous ageing offers an additional advantage for security: the PUF can.
Comprehensive hardware security
A lot of research and work is still needed before this PUF can be used in commercial chips, but the researchers see a wide variety of use cases, e.g. in the chips that make up the wireless control networks of cars, industrial machinery or medical equipment. Says Thomas Kallstenius: “Such networks are especially vulnerable. They employ many small connected processors that rely on each other to perform the right actions. It’s thus a key issue that they are able to authenticate and trust each other in the most secure way possible, and that is through hardware security.”
Want to know more?
The work on oxide breakdown PUFs is supported in part by the European Commission through the Horizon 2020 research and innovation program under grant agreement No 644052 HECTOR.
5 April 2017