SRAM Characteristics as Physical Unclonable Functions
Contents
1. inc addr RESET inc buff std logic lt data p amp data lt buff 35 downto 0 COUNTER COUNTER 1 if COUNTER 434 then UART CLK lt not UART CLK COUNTER 0 end if end if end process counter buff 39 downto 36 lt 1000 state memory process USER CLK begin if rising edge USER CLK then if RESET 1 then CURR STATE S0 else if inc buff 1 then buff 35 downto 0 else buff 35 downto 0 end if CURR STATE NEXT STATE end if end if end process state memory next state logic process CURR STATE begin case CURR STATE is when S0 gt NEXT STATE lt S1 when S1 gt NEXT STATE lt S2 when S2 gt NEXT STATE lt S0 load address for read data available show state 255 end case end process next state logic with CURR STATE select oe lt l when SO when S1 0O when S2 when others with CURR STATE select ce 0 when SO when S1 when S2 when others with CURR STATE select inc buff lt 1 when Sl 0 when others GPIO LED lt count addr 19 downto 12 uart state memory process UART CLK inc sends rst sends begin if rising edge UART CLK then if RESET 1 then send five 0 count addr 0000000000000000000 UCURR STATE lt U0 else if inc sends 1 then send five send five 1 elsif rst sends 1 then send five 0 else send five send five end if if inc addr 1 the2. 34 Appendix B MATLAB Main Program per board oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o Je o Je o9 oe oe file name main prog m oo oo This program opens up the saved data which is stored in folders and performs all of the analysis It saves the figures clear tuc mkdir Aia status 1 join_files files length new my files out zeros 5 262144 no parity zeros 4 262144 all bits 36 262144 status 2 file data for j 1 files file name new my files j b char file name c b 10 14 time j str2num c c b 1 board j str2num c c b 6 8 trials j str2num c c b 3 4 order j str2num c end clear b c file name j out status 3 all_ent status 4 all_uniform status 5 all_stable_bits status 6 all_stable_bytes status 7 folders max order start zeros folders 1 stop start i 1 start i order i for j 1 files 1 35 a order 3 b order 3 1 if a b stop i j i i 1 start i j 1 end end stop folders files stats zeros folders 17 status 8 for CURR_FOLDER 1 folders hold off status 100 CURR_FOLDER some files new my files start CURR FOLDER stop CURR FOLDER save folder files some files programs which run on one folder only entropy graph uniform stable co
3. SRAM DOE 3 LOC H9 SRAM MODE LOC A13 SRAM OE B LOC B12 SRAM_WE_B LOC AF20 SRAM ADV LD B LOC H8 SRAM BW 0 LOC D10 SRAM BW 1 LOC D11 SRAM BW 2 LOC J11 SRAM BW 3 LOC K11 SRAM CLK LOC AG21 SRAM CS B LOC J10 T Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using 4 Bank 2 Vcco 3 3V Bank 20 Vcco 3 3V DCI using 4 Bank 20 Vcco 3 3V DCI using Bank 20 Vcco 3 3V DCI using Bank 20 Vcco 3 3V DCI using Bank 20 Vcco 3 3V DCI using Bank 4 Vcco 3 3V No DCI Bank 20 Vcco 3 3V DCI using 4 59 nm nm nm nm nm nm nm nm nm nm nm nm nm nm nm nm nm nm XO O O XO XO XO XO WO O XO iO XO XO tO XO tO tO to O XO XO XO XO XO XO WO WO XO iO XO XO tO XO tO tO LO O O O OO On O O O OQ OQ O O O O O 9 9 ohm resistors resistors resistors resistors resistors resistors resistors resistors resistors resistors resistors r
4. 4 Vcco 3 3V No DCI Vcco 23 3V Vcco 23 3V Veco 3 3V Veco 3 3V Veco 3 3V Veco 3 3V Vcco 23 3V Veco 3 3V Vcco 23 3V Veco 3 3V 1 Vcco 3 3V Vcco 23 3V Vcco 23 3V Vcco 23 3V Vcco 23 3V Vcco 23 3V Veco 3 3V Vccoz23 3V Vcco 23 3V Vcco 23 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 2 Vcco 3 3V 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 4 Vcco 3 3V No DCI 20 Vcco 3 3V DCI using 49 9 20 Vcco 3 3V DCI using 49 9 20 Vcco 3 3V DCI using 49 9 20 Vcco 3 3V DCI using 49 9 49 9 49 9 49 9 49 9 49 9 ohm ohm ohm ohm ohm resistors ohm resistors ohm resistors ohm resistors ohm resistors resistors resistors resistors resistors NET NET NET NET NET NET z e n z Ed pd Ed Dd Dd Dd Dd Dd pH Dd 3 3 F3 F3 L3 L3 GG GG GG 2999999999 3 3 3 3 1 DU pg x p Z22Z2222222222222 e NET uart_out LOC AG20 SRAM D 20 LOC M10 SRAM D 21 LOC E11 SRAM D 22 LOC F11 SRAM D 23 LOC L8 SRAM D 24 LOC M8 SRAM D 25 LOC G12 SRAM D 26 LOC G11 SRAM D 27 LOC C13 SRAM D 28 LOC B13 SRAM D 29 LOC K9 SRAM D 30 LOC K8 SRAM D 31 LOC J9 SRAM_DOP 0 LOC D12 SRAM DQP 1 LOC C12 SRAM DOE 2 LOC H10
5. a simple MATLAB script The command to turn the device on was linked to a browser shortcut labeled as on url and a similar command to turn the device off was linked to another labeled off url Once these shortcuts were created MATLAB was able to execute these shortcuts within its development environment by opening a web browser We also configured it to close this web browser using the system task kill command Between turning the board on and off we also initiated a pause using the pause command This pause was about 2 minutes the time it takes to cycle through the entire SRAM We also added another pause as the off time These commands were placed within a for loop so for multiple repetitions The program successfully automated the process of resetting the board The flow chart outlining this procedure is as follows in Figure 12 12 gt START Y Turn Board On Pause Y Turn Board Off Pause Figure 12 Flow chart outlining MATLAB function to automate the reset The script that was used to implement this is shown below in Figure 13 for i 1 1000 Uds Aone uel Opens up a shortcu sprintf Webpage is on Spower monitoring pause 1 system taskkill IM iexplore exe Closes the shortcu pause 126 Waits until board Las GEt uri Opens up a shortcu sprintf Webpage is off Sspower monitoring pause 1 System taskkill IM iexplore exe Closes the shortcu pause 300 Provides a r
6. bps which is the fastest common baud As a result we wanted our transmit line to appear as in the Figure 8 below 115200 baud O ETE AAA Figure 8 UART Protocol Additionally we determined that it would not be necessary for our FPGA to receive any data and only to transmit Therefore we decided to implement our UART as a simple state machine which controlled the TX line of our development board s RS 232 port The most basic form of this state machine is seen in Figure 9 115 2kHz 2 LSB DC q AN 729 RS WE Start bit q a n MES ANE O Figure 9 UART Transmitter State Machine In order to tailor UART transmitter to our purposes we made a few modifications First since we needed to transmit 36 bits for each address we added a loop to send 5 packets at a time Next because the 100 MHz clock on our board does not divide down to exactly 115 2 kHz we added an idle state after each word in which the clocks could resynchronize This was also the state in which the address incremented Finally because our application requires the transmission to start immediately and accurately on power up and cease transmission once the entire addresses have been sent we added start and stop states as shown in Figure 10 10 115 2kHz 5 bytes 1 word Word End address incremented Memory End iflend of memory not reached Figure 10 Final UART State Machine Since need thi
7. ede etes ete e ote e D Eb eI e tet 30 Conclusionis E A A 31 References eii din 32 Appendix A MATLAB UART Receiver TTT 33 Appendix B MATLAB Main Program per board eee eee 35 Appendix C MATLAB Single Set Analysis sese 37 Appendix D MATLAB Board Uniformity Analysis sss sss sss esse sees eee 40 Appendix E MATLAB Board Entropy Analysis sss sese eee eee 42 Appendix F MATLAB Single Set Entropy Analysis eee eee 43 Appendix G MATLAB Board Stability Analysis Bitwise sss sese eee 44 Appendix H MATLAB Board Stability Analysis Bytewise eese 46 Appendix I MATLAB Board Uniformity Analysis eene rene 47 Appendix J MATLAB Join Board Samples sese esse sees 49 Appendix K MATLAB Merge Data Sets sss sees 50 Appendix L Comparing Memories aneia ernea niaan ia nennen tnter ennt eren 53 Appendix M VHDL SRAM amp UART ieren eni e ettet deco tree beoe tete ta tte nent tne dte ane t e 54 Appendix iN UGE Pillo culinario PROCEDE site eee PU peer iie eet ipe ertt 58 111 Table of Figures Fisure T CIompnb Attack SA A A tu DT a 1 Figure 2 Six transistor SRAM cello iii eii 3 Figure 3 Threshold Voltage and Noise a e tds cuttin 4 Figure 4 Virtex 5 family Members A A 5 Figure 5 Automated Reset MA A ua 7 Figure 6 SRAM Read Write State Machete ita 8 Figure 7 SRAM Reading State Machine sees seer eee eee eee 9 Figure S UART Protoco liia a nnna entia rd 9 Figure 9 UART Transm
8. o 0 stable z 0 high 0 low 0 mid 0 for bit 1 36 for addr2 1 262144 if total mem map percent bit addr2 1 stable o stable o 1 total mem map sort bit addr2 5 elseif total mem map percent bit addr2 75 high high 1 total mem map sort bit addr2 4 Il o elseif total mem map percent bit addr2 stable z stable z 1 total mem map sort bit addr2 1 elseif total mem map percent bit addr2 lt 25 low low 1 total mem map sort bit addr2 2 else mid mid 1 total mem map sort bit addr2 3 end end end Suniformity stable tot stable o stable z st ones stable o stable tot st zeros stable z stable tot unstable all bits stable tot a stables tot stable tot all bits a unstables tot unstable all bits un highs high unstable un lows low unstable un mids mid unstable Stats CURR FOLDER 2 a stables tot Stats CURR FOLDER 3 st ones 38 stats CURR_FOLDER 4 st zeros Stats CURR FOLDER 5 un highs Stats CURR FOLDER 6 un lows Stats CURR FOLDER 7 un mids spatial correlation col zeros 262144 1 row zeros 36 1 for m 2 35 for addr 2 length mem map short 1 LE mem map short m addr amp amp mem map short m addr 1 0 mem map short m addr 1 0 x1 0 elseif mem map short m addr amp amp mem map short m addr 1 1 11 mem map short m addr 1 1
9. on the Virtex 5 differ from previous generations because they are based on six input look up table technology which provides a better performance 9 4 The Virtex 5 LXT ML3505 is the general purpose FPGA development board created by Xilinx which we were using throughout this project This board along with an on board memory has many capabilities such as industry standard connectivity interfaces The board has a 9 Mb Zero Bus Turnaround ZBT synchronous SRAM which communicates by using a 32 bit data bus with four parity bits Other features on this board include a JTAG configuration port and SPI FLASH It also has eight general purpose DIP switches LEDs pushbuttons and a rotary encoder Communications can be made to transmit and receive data from the board via an RS 232 serial port using Universal Asynchronous Receiver Transmitter UART communication A USB interface chip with host is also available on the board 9 Figure 4 shows a number of Virtex 5 family members comparing different options such as the number of the CLBs block RAM I O Banks and Ethernet Media Access Control MAC on different devices available from Xilinx The one that we are using is the Xilinx XC5VLXS50T which is highlighted and has an adequate 120 x 30 array of CLBs and 2 160 Kb of total block RAM 9 Device Configurable Logic Blocks CLBs DSPA8E Block CMTs PowerPC Endpoint Ethernet Max RocketlO Total O Max User Array Vertex 5 Max Distributed Slices Ram B
10. save all the data total mem map 47 B reshape total mem map 1 1 B B files save fig inverse gauss B files clear B addr bit loc byte choose byte col sum file h i J sis mem map mem map short one byte out temp total sum totals one 48 Appendix J MATLAB Join Board Samples Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF oe oe o oe oe oo file name join files m ode o oe oe This program joins the files so that analysis can be performed for each time interval new my files folder list dir a ls cellstr a length a 1 a 3 length a 1 length b 0 D O 0 ll for i 1 c if folder list it2 isdir 1 folder char b i str file list char b i Mfile list load str file list files length all my files for j 1 files a char all my files j new name folder al new my files new my files new name end end end save all files new my files clear a b c all my files files folder folder list i j new name str file list 49 Appendix K MATLAB Merge Data Sets oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o oe o oe Je oo oo file name merge m oo oo This program both boards to be plotted on the same graph clear mkdir fig NboardiXfi
11. vs Time OR Pecent of Stable Bits Time Off Figure 23 Stability vs Time Off In Figure 24 however we see that those data sets with more samples had much greater instability We do not mean to imply that taking the samples affects the stability of the bits rather many bits have the potential to flip and the more samples that are taken the more likely it is that this flip will occur With only a few samples we see 92 stability however when the number of samples is much greater 500 there is only 79 stability It would be useful to gather data over a larger range of samples to see if there is a lower bound on the stability and to see if the data truly follows the implied curve Stability vs Samples Pecent of Stable Bits ture PE 1 Samples Gathered Figure 24 Stability vs Samples lt 3 Next we wondered how the stable bits were distributed Figure 25 shows that the stable bits follow that same uniformity trend as the overall data Stable bits are not more likely to be a certain value Stables Ones 0 492 0 49 0 488 0 486 0 484 0482 Pecent of Stable Ones 0 48 0478 0474 10 10 Time Off Up to 3 Hours Figure 25 Distribution of Stable Bits Next we wondered how the unstable bits were distributed Figure 26 below shows that of those bits that are classified as unstable about 37 tend to 1 in 34 of cases 3746 tend to 0 and 25 are unclassifiable However this data would ben
12. was to implement a read of the entire memory which was initiated as soon as the board powered on We first started by reading from one address and then setting up a counter to cycle through all of the addresses We were able to successfully verify that all of the addresses were being read by using the LEDs on the board to represent the hexadecimal equivalent of the address Following the completion of reading the entire memory the next main goal was to import the contents of the memory to the PC for analysis This was successfully achieved via an RS 232 connection We were able to view the data from HyperTerminal confirming that bits were being sent and then turned to MATLAB to process the data in batch form more efficiently We were successfully able to import the data store it and place a time stamp on it for analysis The final portion of the project involved implementing a continuous automated reads and imports This included automating the reset of the board and allowing MATLAB to wait until data was sent from the board We used MATLAB s build in pause command and incremented the duration of time between reads to notice any interesting changes to the analysis We were able to leave the board over night and over the weekend to continuously read and extract data from the SRAM After all of the data was gathered we used MATLAB s analysis tools to plot our data and interpret the results These results showed that as time interval increases so
13. x1 0 else x1 1 end if x1 col addr col addr 1 end end end perc col col 2 262143 36 cmin_col min perc_col cmax_col max perc_col cmean col mean perc col cstd col std perc col Stats CURR FOLDER 8 cmin col Stats CURR FOLDER 9 cmax col Stats CURR FOLDER 10 cmean col Stats CURR FOLDER 11 cstd col row for m 2 35 for addr 2 1ength mem map short 1 if mem map short m addr KK mem map short m 1 addr mem map short m 1 addr 0 HE x1 0 elseif mem_map_short m addr amp amp mem map short m 1 addr 11 mem map short m 1 addr 1 x1 0 else x1 21 end if xl row m row m 1 end end end perc_row row 2 35 262144 rmin row min perc row rmax row max perc row rmean row mean perc row rstd row std perc row Stats CURR FOLDER 12 rmin row Stats CURR FOLDER 13 rmax row 39 Appendix D MATLAB Board Uniformity Analysis oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o oe o oe o oo oo file name all uniform m oo oo This code converts the mem map for all the samples and converts it to bytes It then calculates and generates a plot of how many ones are present in all of the samples from one particular board It saves this figure 5 It also generates a plot of an inverse Gaussian and saves this figure as well total mem m
14. 0 Timeout 500000 ReadAsyncMode continuous fopen s opens the serial port connection Figure 16 MATLAB commands that initiate the serial port Once the initial communication was established MATLAB s fread command was used to start reading data and storing it to a temporary variable labeled out It read 8 bits at a time to eventually fill an allocated 5 x 262144 space for doubles Each reading was saved as a MAT file only after the Input Buffer was filled The filename contained the date time and off time for the reading This information was gathered using MATLAB s clock and tic toc commands Saving the time was helpful during the analysis ensuring us that the readings were well timed and that there was no erroneous data Along with saving the data from the SRAM to MATLAB s data format files it was also important to log what files were actually saved to retrieve them for future analysis We saved the names of all of the files that were generated into another data format file which created a log of everything saved This allowed us to streamline analysis by loading this log of all of the files generated extracting each individual time stamped data and performing analysis on each batch We initially had some difficulties getting MATLAB to automatically close the serial port after completing a read Trying to open a serial port already in use resulted in an error which halted the program To combat this we to
15. 3 ANNANNNNNANNANNNNNNANANNANNANANNNNANANNANNANNANNNNHnNNNHNHNN M D Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF Filename sram top ucf LOC H18 LOC L18 LOC G15 LOC AD26 LOC G16 LOC AD25 LOC AD24 LOC AE24 LOC E8 LOC AG23 LOC AF13 LOC AG12 LOC AF23 LOC U8 LOC AH15 LOC K12 LOC K13 LOC H23 LOC G23 LOC H12 LOC J12 LOC K22 LOC K23 LOC K14 LOC L14 LOC H22 LOC G22 LOC J15 LOC K16 LOC K21 LOC J22 LOC L16 LOGS LES LOC L20 LOC L21 LOC AE23 LOC AE22 LOC AD19 LOC AE19 LOC AE17 LOC AF16 LOC AD20 LOC AE21 LOC AE16 LOC AFLI5 LOC AH13 LOC AH14 LOC AH19 LOC AH20 LOC AG13 LOC AH12 LOC AH22 LOC AG22 LOC N10 LOC E13 LOC E12 LOC L9 R GR II AAA no gt NON SN SN NN UN UN R ER SN SN UN UN UN N A AR SN S NN UN UN EE AR nr nn 58 Bank 3 Vcco 2 5V No DCI Bank 3 Vcco 2 5V No DCI Bank 3 Vcco 2 5V No DCI Bank 21 Vcco 1 8V DCI using Bank 3 Vcco 2 5V No DCI Bank 21 Vcco 1 8V DCI using Bank 21 Vcco 1 8V DCI using Bank 21 Vcco 1 8V DCI using Bank 20 Vcco 3 3V DCI using Bank 2 Vcco 3 3V Bank 2 Vcco 3 3V Bank 2 Vcco 3 3V Bank 2 Vcco 3 3V Bank 18 Vcco 3 3V No DCI Bank
16. Project Number MQP BS2 0803 SRAM Characteristics as Physical Unclonable Functions A Major Qualifying Project Report Submitted to the Faculty of the WORCESTER POLYTECHNIC INSTITUTE in partial fulfillment of the requirements for the Degree of Bachelor of Science by Robyn Colopy Jatin Chopra Date March 6 2009 Sponsored by General Dynamic C4 Systems Approved Professor Berk Sunar Abstract The purpose of this project is to determine whether the initial contents of SRAM when treated as a Physical Unclonable Function are a reasonable choice for generating an encryption key for an FPGA configuration bitstream The idea of an SRAM PUF was previously proposed by Gerardo et al and we verified his results with a different FPGA family We characterize the contents of SRAM on restart Using MATLAB we statistically analyze the data to determine how the contents vary with respect to the multiple dimensions Once the characterization is complete it will be possible to determine whether a certain bit pattern is likely to have come from the given SRAM Acknowledgements We are extremely grateful for all of the people who have helped us in completing this project We could not have done it without the on going support advice and the guidance of everyone involved We would like to thank Professor Berk Sunar our advisor We are appreciative of his time and knowledge in helping us achieve our goals and overall success for this project We
17. al mem map length new my files stable o 0 stable z 0 high 0 low 0 mid 0 for bit 1 36 for addr2 1 262144 if total mem map percent bit addr2 1 stable o stable o 1 total mem map sort bit addr2 5 elseif total mem map percent bit addr2 75 high high 1 total mem map sort bit addr2 4 elseif total mem map percent bit addr2 0 stable z stable z 1 total mem map sort bit addr2 1 elseif total mem map percent bit addr2 lt 25 low low 1 total mem map sort bit addr2 2 else mid mid 1 total mem map sort bit addr2 3 end end end Suniformity stable tot stable o stable z st_ones stable o stable tot st_zeros stable z stable tot unstable all bits stable tot a stables tot stable tot all bits a unstables tot unstable all bits un highs high unstable un lows low unstable un mids mid unstable 44 shows the stable ones and the total mem map percent2 total mem map percent 1 36 1 100 total mem map sort2 total mem map sort 1 36 1 100 imagesc total mem map sort2 1 5 colormap my color colorbar h gcf saveas h 1figisorted map fig imagesc total mem map percent2 0 1 colormap grayscale colorbar h gcf saveas h fig gradiant_map fig clear a_ addr2 bit h high low mid my color st stab total mem map un 45 Appendix H MATLAB Board Stability Analysis Bytewise oe Worcest
18. al of these bitmaps on top of each other and taking the average of each bit we were able to determine which bits changed or stayed the same over time Figure 22 below shows the first hundred addresses of data Those bits which were always the same are pure white or black Those that showed a tendency toward a certain value are gray The bits that changed most often are in red 21 Location of Unstable Bits 10 20 30 40 50 60 70 80 90 Addresses 1 to 100 Figure 22 Memory Map Black Always 1 White Always 0 Red Unstable This map shows that most bits remain constant while relatively few are constantly changing We also see that the proportion of ones to zeros appears about equal We see that some blocks of values occur but there are no tendencies over of the entire memory for example there are no rows or columns that are all ones Stability Next we wondered how many of the bits were stable and whether the uniformity data we found still held when it was broken down further For example were stable bits more likely to be ones Did bits that flipped take on a certain value more often We define stable as a bit which does not change in any trial To accomplish this we found the stability of each data set and plotted it against a number of variables In Figure 23 we see that there does not appear to be a relationship between the number of stable bits and the length of time the board is off 22 Stability
19. ap zeros 36 262144 mem map zeros 40 262144 mem map short zeros 36 262144 one byte zeros 8 1 totals one zeros files 1 for j 1 files file char new my files j load file for addr 1 262144 for byte 1 5 choose byte 8 byte 1 temp out byte addr if temp 128 one byte 1 1 temp temp 128 else one byte 1 0 end if temp gt 64 one byte 2 1 temp temp 64 else one byte 2 0 end if temp 32 one byte 3 1 temp temp 32 else one byte 3 0 end if temp gt 16 one byte 4 1 temp temp 16 else one byte 4 0 end if temp 8 one byte 5 1 temp temp 8 else one byte 5 0 end if temp gt 4 one byte 6 1 temp temp 4 else one byte 6 0 end if temp gt 2 one byte 7 1 temp temp 2 else one byte 7 0 end if temp gt 1 one byte 8 1 temp temp 1 else one byte 8 0 end Lor i 1 8 bit loc choose byte i mem map bit loc addr one byte i end end end mem map short mem map 5 40 total mem map total mem map mem map short col sum sum mem map short total sum sum col sum 40 totals one j 1l total sum all bits end save fig all_ones time totals one save all the data total mem map B reshape total mem map 1 B B files save fig inverse gauss B files clear B addr bit loc byte choose byte col sum file h i j mem ma
20. are also grateful for our on site advisors Evan Custodio Brendon Chetwynd and Gerardo Orlando Their technical and administrative support has helped us in numerous occasions and we are very appreciative of all their efforts We would also like to thank General Dynamics C4 Systems and Worcester Polytechnic Institute for making this opportunity available to us and allowing us to take advantage of this program die Table of Contents ADAC uti AAA taria 1 Acknowledgements ci ninia eee ii Table of Contents as eee qma etidm d bcd iii Tableof PIU E iv Problem Statement ume lll pe P tese trit a e HE late sedal 1 Literature REVIEW da te decr de e at lea tee 2 FPGA E 2 SRAM dutem tesi eit patei eee e ie PE seeded PER ROM 2 PUE zit etiem eter nete e RIE better Rt Tee eee decet deus 4 TOOLS RAS 4 Virtex gt Development Board emita il alte 4 Ailink ISEcoci a ai 5 MATLAB 0 dada 6 I S T TTT 6 Goal iaa ri dotado ld 7 Implementado 7 Reading th Memory TTT 7 Serial DU IA 9 Automating tlie Reset e ect me e e Pete o re p ree ted 11 A ECT EE 13 Result tas eee TET e EE TR eg EP a D a 18 Ad titi dit tl tallado ld 19 Uniformity TTT 19 Stability EE 22 Spatial Correlation 5 intecnae neg tee d e Ram dtes ie E STs 26 Entropy Estimation terit ete eet Mert et ode e ERE E ATA Aia 27 Across BOAT iria ria oe e ar oe ated eed ie ete iae 28 Future Considerations a al
21. as h fig unstable dist fig j 6 clear a b a char one j b char two j load a semilogx time setl y or hold on load b semilogx time set2 y squareb hold off h gcf saveas h fig unstable totl fig j 6 clear a b a char one j b char two 3 load a plot x y or hold on load b plot x y squareb hold off saveas h fig unstable tot2 fig j 77 clear a b a char one 3 51 b char two 3 load a semilogx x y or x y2 or hold on load b semilogx x y squareb x y2 squareb hold off saveas h fig row fig p 52 Appendix L Comparing Memories oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o oe o oe o oo oe This program creates two average maps and compares them load lboardllold datalall the data load board1 old_data file num b one total mem map f one files load board2 old_data all the data load board2 old_data file num b two total mem map f two files Clear total mem map b one p b one f one b two p b two f two a round b one p b round b two p c xor a b d sum c e sum d total bits 36 262144 perc dif e total bits G c 1 36 1 100 imagesc c 0 1 colorbar h gcf xlabel Addr
22. ch must be periodically refreshed SRAM is based on a bi stable latch which will retain its value as long as the circuit is powered Each bit is made of 6 transistors arranged as two cross coupled inverters and two access switches as show in Figure 3 below This bit has two stable states to represent either a logic zero or a logic one There are two additional transistors labeled as MS and M6 in the figure below which are known as access transistors since they control the access to the storage cell during write and read operations In order to read or write to the cell the word line labeled as WL needs to be enabled This in turn connects the two access transistors the bit lines labeled as BL and BLC in Figure 2 The presence of two access lines aids in reducing noise 3 Figure 2 Six transistor SRAM cell Source 10 Creative Commons When the SRAM is off the input to each inverter is O However due to the function of an inverter this is an unstable state which must change once the SRAM is turned on The two inputs must become either 01 or 10 Which state is taken on is dependent on the characteristics of the transistors making up each cell 4 Although ideally each transistor would be identical in actuality they vary slightly due to uncontrollable factors in the manufacturing process such as dopant concentrations Variations in the relative threshold voltages of the transistors cause each cell to tend towar
23. choose bit 8 choose bit 0 choose bit 0 when others UCURR STATE select uart data lt 1 when UO 0 when U1 1 when U10 1 when U11 1 when U12 buff buff index UCURR_STATE select GPIO_LED_S lt T when Ul2 0 when others UCURR_STATE select GPIO LED E lt when U12 0 when others UCURR_STATE select GPIO LED W lt when U12 0 when others UCURR STATE select GPIO LED C lt when U12 0 when others UCURR_STATE select GPIO LED N lt T when Ul2 0 when others if count_addr when Ul2 gt UNEXT_STATE end case 1000000000000000000 then else UNEXT STATE Ul end if UCURR STATE 57 UNEXT STATE lt U12 when when when when SS LJ NE 8M o8 when others Appendix N UCF File E El GP GP GP GP GP GP GP GP GP GP GP 3 3 3 3 C 3 3 3 3 1 Ed pd Ed Dd Dd Dd Dd Dd pH ob pH 3 re G 3 29999 Q Q FU FU Ae Ed Dd 3 3 Q TO Ed pi pH 3 GG GG GG 29999999 El Ed Ed Ed Dd d Ed pi pH 3 GG GG GG 2999999 Ed pd Ed Dd ef pH E El E pi 5345965 3 d 1395 3H LS L JT pd Ed pi pH 3 E GG GG E 29999999 El pd pd Ed Dd d Ed pi pH 3 GG G 29999 3 1 3 c Z22Z22222222222222222222222222222222242222222222222222222242224 p pl pg pIop OI OTIO OI O19 o omo a LD t 0 e E A ti 3
24. d a 1 or a 0 The more closely matched the threshold voltages are the more influence noise will have over the initial state possibly causing the bit to flip These variations can be seen in Figure 3 Figure 3 Threshold Voltage and Noise Source Reproduced from 4 Holcomb PUF Physical Unclonable Functions are the result of random uncontrollable variables in the manufacturing process They are measurable but meaningless aspects of a physical system and are unique in each instance A PUF can be used as a source of random but reliable data for applications such as generating encryption keys An intrinsic PUF is one that is the result of a preexisting manufacturing process and does not require any additions such as a coating to be used Since there is no overhead an intrinsic PUF is cost effective If a good PUF is considered as a challenge and a response 1 e if section A is measured result B is found then one pair of challenges and responses should have no bearing on another pair Additionally if one tries to take apart or tamper with a PUF the PUF will no longer function 3 Tools Virtex 5 Development Board The Virtex 5 family consists of high end Xilinx FPGAs which contain up to 330 000 logic cells 207 360 internal fabric flip flops as well as 207 360 six input look up tables The Configurable Logic Block CLB which is the basic logic elements for FPGAs provides synchronous and combinatorial logic The CLBs
25. does the number of one s in the data Also the amount of time the SRAM is unpowered does not have an effect on the stability of the bits About 80 of bits are stable and 50 change between different memory chips of the same type Using these guidelines it should be possible to generate a key is References 1 2 3 4 5 6 7 8 9 10 11 ChipDesignMag http www chipdesignmag com display php articleId2434 amp issueId 16 Accessed February 20 2009 ChipDesignMag http www chipdesignmag com display php articleld 2899 Accessed March 7 2009 Guajardo Jorge Kumar Sandeep Schrijen Geert Jan Tuyls FPGA Intrinsic PUFs and Their Use for IP Protection In Information and System Security Group pages 63 80 2000 Holcomb David E Wayne P Burleson and Kevin Fu Initial SRAM state as a fingerprint and source of true random numbers for RFID tags Proceedings of the Conference on RFID Security July 2007 http prisms cs umass edu kevinfu papers holcomb FERNS RFIDSec07 pdf TP Power 9258 User Manual Aviosys International Inc February 2002 http www jeffcosoho com docs ippower9258 pdf IS61NLP2563A Integrated Silicon Solution Inc May 2005 http www xilinx com products boards m1505 datasheets 6 1 NLP_NVP25636A_5 1218A pdf Introduction to MATLAB Mathworks February 2008 http www mathworks com moler intro pdf Rose Jonathan Abbas El Gamal Alb
26. e reading of the BRAM without destroying the original contents an implementation of this similar project can be done to characterize the BRAM Similar analysis can be performed to conclude if an encryption key can then be generated from this characterization We only had two boards to work with but for future consideration more boards would benefit the analysis For example it can support the fact that a PUF circuit is unique and prove that it can be distinguishable among all boards It seems from some of our analysis that temperature has a significant effect It would be useful to gather quantitative data regarding this effect perhaps through the use of a temperature chamber or onboard monitoring device 30 Conclusion We successfully implemented a design to read the initial state of SRAM We gathered and characterized data in hope of showing that SRAM s initial state is a Physical Unclonable Function which may be used to create an intrinsic cryptographic key for identification and IP protection All of the goals set forth at the beginning of the project were met The complete development environment and production flow used to achieve the final PUF are fully documented to allow future designs to implement a similar SRAM characterization and analysis We also include considerations for future expandability and reusability to assist in any future implementations based on this research and work performed in this project The first goal
27. efit from a greater number of samples 24 Stability vs Samples 3 S t a t oS t qe po sh ss x Samples Gathered i Time Off Up to 3 Hours Figure 26 Distribution of Unstable Bits Finally Figure 27 shows a histogram of the values of each bit We see that a large number of bits are completely stable A small amount has a marked tendency one way or the other and bits which have less than a 90 tendency toward one side or the other occur with equal low frequency This is an inverse Gaussian distribution with very steep sides x 1 Stability Distribution Occurences 04 05 06 Stable O Stable 1 Figure 27 Stability Histogram 25 Bytewise stability can also be considered Figure 28 below shows the location in memory of all bytes red which were completely stable for all 1 400 or so reads of the first board Completely stable bytes account for 7 96 of all bytes on the first board Stable Bytes 0 5 e 7 1 4 Fr 109 F 0 8 15 l A Gg 11 E F 107 g O 25 i L 105 3r F 0 4 40 3 1 F 0 2 1 05 15 2 25 d Address x10 Figure 28 Stable Bytes Spatial Correlation We also looked for spatial correlation We found that there was no linkage between adjacent bits of different addresses These were found to be com
28. ei Ae ee eee CRS ee 28 Figure 33 Difference Between Boards 1 and Zi Bie ie te eae es 29 1v Problem Statement Many Intellectual Property IP vendors sell Field Programmable Gate Array FPGA hardware designs to external parties There is a concern that attackers may steal and clone the designs without paying the original designer This results in a loss of revenue to the vendor A configuration bitstream which represents an FPGA design is stored in external non volatile memory such as Programmable Read Only Memory PROM When an FPGA is powered up the bitstream is used to automatically load the design Because the bitstream is stored external to the FPGA it is possible to tap the line connecting them This attack allows copying and cloning as seen in Figure 1 below An attacker can illegally program other FPGAs without paying licensing fees to the IP vendor Product PROM filled with intellectual property Cloned products Figure 1 Cloning Attack One proposed solution to this problem is to encrypt the bitstream This would prevent an attacker from gaining meaningful information through tapping But where is the encryption key to be stored One proposed method is to place the key on a non volatile ROM Another is to use a volatile ROM with a backup battery However these solutions have additional costs associated with them An alternative solution is to use an intrinsic Physical Unclonable Function PUF to c
29. er Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o o9 Je o o9 oe oe file name all stable bytes m o oe oo This code goes through all the bit map and calculates the stables and unstable bytes stable b zeros 4 262144 for j 1 files file char new my files j load file no parity out 2 5 262144 if j stable b no parity else for addr 1 262144 for byte 1 4 if no parity byte addr stable b byte addr stable b byte addr 300 end end end end end stable list zeros 1048576 3 total 0 unstables 0 m 1 for byte 1 4 for addr 1 262144 total total 1 if stable_b byte addr 300 unstables unstables 1 stable_b byte addr 0 else stable_list m 1 byte stable_list m 2 addr stable_list m 3 stable_b byte addr m m 1 stable b byte addr 1 end end end stable total unstables stable list stable list 1 stable save list stables stable list hold off imagesc stable b 0 1 colormap grayscale colorbar h gcf saveas h fig all_stable fig perc stables total unstables total clear addr ans byte file graysacle h hl h2 j k mn one byte ones array out stable stable b stable list temp total total mem map unstables xout 46 Appendix I MATLAB Board Uniformity Analysis oo Worcester Polytechnic Institute General Dyna
30. eros 5 262144 all bits 36 262144 totals one zeros files 1 totals zero zeros files 1 for j 1 files file char some files j load file for addr 1 262144 for byte 1 5 choose byte 8 byte 1 temp out byte addr 1f temp gt 128 one byte 1 1 temp temp 128 else one byte 1 0 end if temp gt 64 one byte 2 1 temp temp 64 else one byte 2 0 end if temp gt 32 one byte 3 1 temp temp 32 else one byte 3 0 end if temp 16 one byte 4 1 temp temp 16 else one byte 4 0 end if temp 8 one byte 5 1 temp temp 8 else one byte 5 0 end if temp gt 4 one byte 6 1 temp temp 4 else one byte 6 0 end if temp gt 2 one byte 7 1 temp temp 2 else one byte 7 0 end if temp 1 one byte 8 1 temp temp 1 else one byte 8 0 end for i 1 8 bit loc choose byte i mem map bit loc addr one byte i end end end mem map short total mem map mem map 5 40 total mem map mem map short 37 col_ sum sum mem map short total sum sum col sum totals one j 1 total sum all bits end tot ones mean totals one Stats CURR FOLDER 1 tot ones hist totals one files name fig ones num2str CURR FOLDER saveas h name fig stability B reshape total mem map 1 B B files figure 2 hist B 50 total mem map percent total mem map files stable
31. erto Sangiovanni Vincentelli Architecture of Field Programmable Gate Arrays Proceedings of the IEEE vol 81 no 7 pp 1013 1029 July 1993 Virtex 5 Family Overview Xilinx February 2009 http www xilinx com support documentation data_sheets ds100 pdf Creative Commons http en wikipedia org wiki File SRAM Cell 6 Transistors svg Accessed March 17 2009 Xilinx http www xilinx com itp xilinx 10 isehelp isehelp_start htm Accessed February 18 2009 i Appendix A MATLAB UART Receiver oe Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF AP oe oe o oe oe oo filename my serial simple m oo This code opens the communication with clear tic while 1 a datestr clock mm dd HH MM SS fprintf l Starting now sin a load fzle list d instrfind Port COM1 if length d 0 fclose d delete d end S serial COM1 InputBufferSize Timeout 500000 ReadAsyncMode fopen s a datestr clock fprintf 1 Waiting readasync s for input mm dd HH MM Ss ss n the serial port and reads in data Clears all local variables Initiate the start of clock SAlways run Sdefines the format stamp Display on command prompt 1oad previously logged Sfiles 1ists all available ports Sif the port is not available closes those devices that Sare using COMI Sdeletes those de
32. esistors resistors resistors resistors resistors resistors resistors resistors 49 9 ohm resistors 49 9 ohm resistors 49 9 ohm resistors 49 9 ohm resistors 9 9 ohm resistors
33. ess 1 to 100 FontSize 16 ylabel Word FontSize 16 title it XORed Memories FontSize 16 set gcf PaperPositionMode auto print dpng C MMQP final M jpg Nchanges 53 Appendix M VHDL SRAM amp UART Worcester Polytechnic Institute General Dynamics C4 Systems MOP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF Filename sram top vhd This file is designed to read from the SRAM It cycles through all of the address and sends the contents of the SRAM through the UART port The main clock is converted down to the clock frequency of the UART which is 115200 Hz library IEEE use IEEE STD LOGIC 1164 ALL use IEEE STD LOGIC ARITH ALL use IEEE STD LOGIC UNSIGNED ALL entity sram top is Port GPIO LED out std logic vector 7 downto 0 GPIO LED C out std logic GPIO LED E out std logic GPIO LED N out std logic GPIO LED S out std logic PIO LED W out std logic PIO SW N in std logic SER CLK in std logic RAM A out std logic vector 21 downto 0 RAM D inout std logic vector 31 downto 0 RAM DQP inout std logic vector 3 downto 0 RAM BW out std logic vector 3 downto 0 RAM MODE out std logic RAM OE B out std logic RAM WE B out std logic RAM ADV LD B out std logic RAM CLK out std logic RAM CS B out std logic uart out out std logic NANNNNNNNNNAADA end sram top architecture Behavioral of sram
34. est of 5 minutes Figure 13 MATLAB script to automate the reset Serial In t that turns device on is done t that turns device off Next we dealt with receiving information from the board In order to verify the functionality of our UART design we first used HyperTerminal a communications program included in Windows XP Although HyperTerminal was helpful in determining 13 if data was being received it was not capable of storing our data or displaying it as individual bits Once we verified that our design worked and communication was possible from the board our next task was to read save and separate the data from the SRAM After researching several options we found that MATLAB can complete all of these tasks and since we were planning on using it for analysis it was perfect for our application After reading several help and example files related to MATLAB s serial communications capabilities we some simple commands to read some values from the serial port one that simply defines the serial port and another that opens the communication to it This script is shown below in Figure 14 S serial COM1 setups the serial port to open COMI fopen s opens the serial port connection Figure 14 Simple MATLAB code for serial reception After verifying that MATLAB could successfully communicate with the serial port we modified our code to detect the end of a send save the data with a timestamp and to main
35. gVX Aboard2XfigV ov ll c 1 all ent mat c 2 all_ones mat c 3 inverse gauss mat c 4 st ones mat c 5 f unstable dist mat c 6 unstable tot mat c 7 row mat one c two C for j 1 length c m char c j p a m n cellstr p one j n p b m n cellstr p two j n end j 1 clear a b a char one j b char two j load a semilogx time ent or hold on load b semilogx time ent ob hold off h gcf saveas h fig all_ent fig j 2 clear a b a char one j b char two 3 load a semilogx time totals one or hold on load b semilogx time totals one ob hold off h gcf saveas h fig totals_ one fig 50 j 3 clear a b a char one j b char two 3 load a hist B 100 hold on load b hist B 100 hold off h gcf saveas h fig inverse gauss fig J 45 clear a b a char one j b char two 3 load a semilogx x y or time setl x hold on load b semilogx x y ob time set2 x hold off h gcf saveas h fig st_ones fig j 5 clear a b a char one j b char two j load a plot x y og x y2 ob x y3 or hold on load b plot x y squareb x y2 squareb x y3 squareb hold off h gcf save
36. he device also incorporates a no wait state where wait cycles are eliminated when switching between modes such as read to write or write to read operation 6 Xilinx ISE Xilinx Integrated Software Environment ISE is the software we used to implement our design on our FPGA It is a design software suite created by Xilinx which includes a design environment for creating a top level design using a Hardware Description S Language HDL We used VHDL to implement our design however other languages such as Verilog ABEL and schematic layout are also supported by the software Using the software code is written that describes the design or function to be performed on the board After the coding process the software takes the created design and optimizes it during synthesis It also verifies functionality and timing restrictions through its own simulations The language design is then verified if it complies with Xilinx s rules of syntax and if successful it is converted into a corresponding netlist file This file is then converted into a physical file format known as a bitmap and is ready to be downloaded onto the target device After loading the design onto the FPGA there are a number of ways to debug the design if it does not function properly One method is by using an internal logic analyzer created by Xilinx known as ChipScope that can view internal signals or nodes on the board for debugging purposes 11 MATLAB MATLAB i
37. his fuzzy extractor error correction is implemented to compensate for noisy measurements Privacy amplification is also implemented which guarantees a uniform distribution of the final secret We were interpreting the results from the SRAM without the use of this block and for future considerations this fuzzy extractor or helper data algorithm can be implemented to extract a secure key 3 We attempted to get as many reads from the SRAM as possible However when we increased the time duration between reads we could only obtain a certain number of samples within a restricted time period We did leave the board on over night and over the weekend to try to get as many samples For future considerations more readings from the boards would be benefit the analysis and we would get more accurate plots With this particular FPGA Virtex 5 LXT ML505 reading from the initial or start up values of the Block RAM BRAM was not possible Although originally we were attempting to read and perform analysis on the BRAM we soon realized that in order to read the contents for this particular chip we first had to initialize the contents This initialization process outlined by Xilinx set all of the bits of the BRAM equal to zero This would destroy the original contents and defeat our purposes of characterizing a chip that can be used to authenticate a particular board based on a key However for future considerations with an FPGA chip whose capabilities allow th
38. itched to a similar but independent Virtex 5 LXT ML505 development board near the end of the project and compared the results For most of the time periods we took 30 samples However for a few we took slightly less or more Additionally for two time periods we took a much greater number of samples For one of the time intervals at a 300 second wait period we took two batches of samples for the first board One of these batches totaled 30 readings altogether and another batch totaled 500 We decided to keep both batches of data and perform analysis on them At the lowest intervals of 1 and 5 seconds we encountered some instability in our MATLAB retriveal software and as a result gained fewer samples We believe the reason for this instability was that the hardware did not have time to fully power down After we switched to the second board we attempted to get as many readings as possible however we were subject to time constraints We also later discovered that a reading of a 300 wait period for the second board was erroneous and decided to delete the readings for this particular time interval We did not get a chance to replace the readings for this particular time interval of 300 seconds for the second board After all of the data was gathered we created MATLAB scripts that interpreted the data to process the analysis in the most efficient way The results were plotted using a number of visual graphs such as histogram logarithmic and se
39. itter State Machine ssp estes ton dee onact 10 Figure 10 Final UART State Machines 2 sese eee eee 11 Figure 11 Commands to power cycle the power management device 12 Figure 12 Flow chart outlining MATLAB function to automate the reset 13 Figure 13 MATLAB script to automate the reset eiecit ecole iren 13 Figure 14 Simple MATLAB code for serial reception sss sese sese eee neee 14 Figure 15 MATLAB s data collecting and storing procedure sss 15 Figure 16 MATLAB commands that initiate the serial port 16 Figure 17 MATLAB commands that ensure that COMI is available 16 Figure 18 MATLAB flow chart with added power management feature 17 Figure 19 Measurements per Time Interval ero e eet ocius 19 Figure 20 Uniformity vs Time O onum d eee pac Dur weal 20 Figure 21 Percent Ones Distribution hid eee eree 2l Figure 22 Memory Maps qas easttetete estu odt s 22 Figure 23 Stability vs Time Off escindida diu e ela ideal 23 Figure 24 Stability ys Samples o oem eite nd 23 Figure 25 Distribution er Stable Bits citada 24 Figure 26 Distribution of Unstable Bits oie de ete idad 25 Figure 27 Stability Estos dde lira 25 Figure 28 Stable Bytes 0 A AAA AA E A A Baek 26 Figure 29 gt Byte Decente pa aid 26 Figure IO Zeros per e da tado e la o tut e do 27 Figure 31 Entropy STS eT 27 Figure 32 Entropy vs Mme Qf ios
40. locks Processor Blocks for MACs Transceivers Banks 1 0 Slices RAM kB 18kB 36kB Max kB Blocks PCI Express GTP GTX XC5VLX30 80x30 4 800 320 32 64 62 1 152 2 N A N A N A N A N A 13 400 XC5VLX50 120x30 7 200 480 48 96 48 1 728 6 N A N A N A N A N A 17 560 XC5VLX85 120x54 12 960 840 48 192 96 3 456 6 N A N A N A N A N A 17 560 XC5VLX110 160x54 17 280 1 120 64 256 128 4 608 6 N A N A N A N A N A 23 800 XC5VLX155 160x76 24 320 1 640 128 384 192 6 912 6 N A N A N A N A N A 23 800 XC5VLX220 160x108 34 560 2 280 128 384 192 6 912 6 N A N A N A N A N A 23 800 XC5VLX330 240x108 51 840 3 420 192 576 288 10 368 6 N A N A N A N A N A 33 1 200 XC5VLX20T 60x26 3 12 210 24 52 26 936 1 1 2 4 4 N A 7 172 XC5VLX30T 80x30 4 800 320 32 7 36 1 296 2 1 4 8 8 N A 12 360 XC5VLX50T 120x30 7 200 480 48 120 60 2 160 6 1 4 12 12 N A 15 480 XC5VLX85T 120x54 12 960 840 48 216 108 3 888 6 1 4 12 12 N A 15 480 XCS5VLX110T 160x54 17 280 1 120 64 296 148 5 328 6 1 4 16 16 N A 20 680 XC5VLX155T 160x76 24 320 1 640 128 424 212 7 632 6 1 4 16 16 N A 20 680 Figure 4 Virtex 5 family members Source Reproduced from 9 Xilinx The development board we are using has a 9 Mb high speed low power synchronous SRAM designed by Integrated Silicon Solution Incorporated ISSI Designed to provide a continuous or burstable read it is a high performance device for networking and communications applications The architecture consists of 256K words by 36 bits with advanced CMOS technology T
41. lues than the first The memory becomes more uniform as the time off increases although there are a number of outliers After examining our data we found that these outliers occurred at the beginning of each data set which implies there may be a residual affect from the previous reading Since it is known that outside temperature can affect initial SRAM values perhaps this is an artifact of the heat generated by constantly reading the memory at different rates However this would need further tests to verify It also seems like the range of values may decrease at longer intervals It would be necessary to gather more samples to verify this since we have very few samples at longer intervals 20 Figure 21 shows the distribution of the uniformity for one of the larger datasets It has a Gaussian distribution with a range of about 01 10 000 bits Ones Occurrences ll Ni 0 4888 0 489 0 4892 0 4894 0 4896 0 4898 Percent Ones Figure 21 Percent Ones Distribution Memory Map Our next goal was to produce a map of the memory to see if any clear visual patterns appeared For example were there any large sections of all ones To do this we first translated our data which came in as 8 bit integers arranged as 5x266144 into single bits arranged as 36x262144 We then used MATLAB s imagesc command to create a simple visual representation We did not see any noticeable patterns in this image By stacking sever
42. mi logarithmic graphs Figure 19 shows how many measurements were taken for each board for a corresponding time interval 18 Time Off Time Off Board 1 Board 2 seconds Samples Samples lap gs m NEN greg p a m 10800 3 hours Lue e pog pn Figure 19 Measurements per Time Interval The tests detailed below were all executed using MATLAB scripts included in the appendices Analysis Uniformity First we attempted to find the uniformity of the memory We wanted to know if the memory was composed of mostly ones mostly zeros or if it was about equal In order to accomplish this we took the sum of the bitmap and divided it by the total number of bits to obtain what percent of bits were one We found the uniformity of every sample we took and plotted them together against the time the board was off This is shown below in Figure 20 Red circles are data points from board 1 while the blue are from board 2 19 Uniformity 0 492 Pecent of Ones x eque c0 0 o gt oJ um o 99 edP coe m 00 10 10 Time Off Up to 3 Hours Figure 20 Uniformity vs Time Off All of the data points range from 47 5 to 49 5 so there are slightly more zero bits than one bits One percent represents about 100 000 bits A number of other trends are also visible in the figure Both boards followed the same basic shape but the second board blue tends to have lower va
43. mics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o Je o Je o9 oe oo file name all uniform m oo oo This program generates a plot of total ones vs time total mem map zeros 36 262144 mem map zeros 40 262144 mem map short zeros 36 262144 one byte zeros 8 1 totals one zeros files 1 for j 1 files file char new my files j load file for addr 1 262144 for byte 1 5 choose byte 8 byte 1 temp out byte addr if temp 128 one byte 1 1 temp temp 128 else one byte 1 0 end if temp 64 one byte 2 1 temp temp 64 else one byte 2 0 end if temp 32 one byte 3 1 temp temp 32 else one byte 3 0 end if temp gt 16 one byte 4 1 temp temp 16 else one byte 4 0 end if temp 8 one byte 5 1 temp temp 8 else one byte 5 0 end if temp gt 4 one byte 6 1 temp temp 4 else one byte 6 0 end if temp gt 2 one byte 7 1 temp temp 2 else one byte 7 0 end if temp gt 1 one byte 8 1 temp temp 1 else one byte 8 0 end Per i 168 bit loc choose byte i mem map bit loc addr one byte i end end end mem map short mem map 5 40 total mem map total mem map mem map short col sum sum mem map short total sum sum col sum totals one j 1 total sum all bits end save fig all_ones time totals one
44. n count addr lt count addr 1 else count addr count addr end if UCURR STATE UNEXT STATE end if end if end process uart state memory uart next state logic process UCURR STATE send five count addr begin case UCURR STATE is when UO gt idle 1 initializing state UNEXT STATE lt U1 when U1 gt UNEXT STATE lt U2 start 0 when U2 gt UNEXT STATE U3 lsb when U3 gt UNEXT_STATE lt U4 when U4 gt UNEXT STATE lt U5 when U5 gt UNEXT STATE lt U6 when U6 UNEXT STATE U7 when U7 gt UNEXT STATE lt U8 when U8 gt UNEXT STATE lt U9 when U9 gt UNEXT STATE lt U10 msb when U10 gt stop 1 if send five 4 then UNEXT STATE lt U11 else UNEXT STATE Ul end if when U11 gt idle 1 56 end process uart next state logic with with with with with with with with with with with end Behavioral UCURR STATE select inc addr lt k when U11 0 when others UCURR_STATE select inc_sends lt r when U10 0 when others UCURR_STATE select rst_sends lt when UO 1 when U11 0 when others UCURR_STATE select choose bit lt 0 when U2 1 when U3 2 when U4 3 when U5 4 when U6 5 when U7 6 when U8 7 when U9 0 when others send five select send MSBs first buff index lt 32 choose bit when 0 24 choose bit 16
45. n order to meet this goal we established several milestones These are outlined below Read entire memory initiated by power on Import entire memory to PC Continuous automated full reads full imports Batch process samples Interpret results Implementation Reading the Memory Our first goal was to read an entire memory block on the Virtex 5 development board Initially we intended to use the Block Random Access Memory BRAM which is inside the Virtex 5 FPGA chip itself However after research and further investigation we discovered that in order to read values from the BRAM we would first have to instantiate them This instantiation process clears the BRAM and sets all of its bits to zero This deletes the data which we are interested in Therefore we instead decided to read values from the external SRAM which had no such instantiation process Our development board has an external on board SRAM which we used This on board SRAM that we used is manufactured by Integrated Silicon Solution Incorporated ISSI and is 9 Mb arranged as 256K x 36 After careful analysis of its data sheet we decided to implement a simple state machine which could both read from and 7 write to a user defined address Both the write and read could be triggered by the user and the lower bits of the read data would be viewable on the board s LEDs By both reading and writing we could verify that our SRAM interface was working correctly To accomplish thi
46. ok additional steps to ensure that the port closed before attempting to open a new one as shown in Figure 17 d instrfind Port COM1 lists used COMI ports if length d 0 if the port is in use fclose d closes the port delete d deletes those devices end Figure 17 MATLAB commands that ensure that COMI is available This MATLAB code was created to be left overnight and over the weekends in order to gather as much data as possible Due to this all of the MATLAB code was placed within a forever while loop which was always running ready to receive data whenever the board is ready to transmit We later combined the two MATLAB scripts that can both perform the automation of resetting the board and data collection and storage script The finished script s procedure is illustrated below in Figure 18 16 La START Y Available Ports No S gt Clear Ports m Yes _s AGSSRSRLLLLOOE Turn Board On Y Pause Data being Transferred No r Wait Yes Y Read Data Y Time Stamp Store Data Turn Board Off Figure 18 MATLAB flow chart with added power management feature Minor modifications can be made to this code to allow for sequential data gathering i e gather 30 samples at 20 seconds off then 20 samples and 30 seconds off 17 Results We took numerous samples varying the time interval between resetting the board We initially read from one board and later sw
47. p mem map short one byte out temp total sum totals one 41 Appendix E MATLAB Board Entropy Analysis oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o Je Je o Je oe oo file name all ent m oo oo This code performs the entropy of plots them together on a log graph entropy vs time B zeros 1048576 1 a zeros 1 256 ent zeros 1 files for j 1 files file char new my files 3 load file no parity out 2 5 1 262144 B reshape no parity 1 a hist B 256 ent j 0 for i 1 256 all of the samples from one Siterates through all of the time one board Performs the entropy p i a i sum a ent j ent j p i log2 p i end ent j ent 3 end Saves the figure save fig all_ent time ent Clear B a ent file h i j out p Clears variables 42 sparticular board and Sintervals from Appendix F MATLAB Single Set Entropy Analysis oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o oe o oe o oo oo file name entropy graph m oo oo This code generates a histogram for each time interval that represents SRAM from 0 to 255 load folder files files length some files out zeros 5 262144 no parity zeros 4 262144 B zeros 1048576 1 C zero
48. pletely random However we did find that the words had some dependencies Figure 29 below is a histogram of the integer values of each byte over one dataset While there is a base line there are also significant peaks in several locations Bytewise Distribution LIU 200 250 300 Byte Value Figure 29 Byte Occurrence Compare Figure 29 to Figure 30 below Figure 30 shows how many zeros appear in the binary representation of each 8 bit integer The peaks in Figure 31 correspond to those values with the most zeros Consecutive zeros are more likely to appear than consecutive ones For example in the extreme case a byte with a value of zero all zeros occurs twice as often as a byte with the value of 255 all ones 26 Zero Distribution T Number of Os w 150 Byte Value Figure 30 Zeros per byte Entropy Estimation Shannon entropy is a measure of the unpredictability of a message x taken from the distribution X By taking a large number of samples from the distribution we can form a probablity distribution function from which we can estimate the Shannon Entropy as follows in Figure 31 n H X K pi log pi i 1 Figure 31 Entropy Equation In this case our K was equal to 1 N is 256 since that is the number of values which can be represented with 8 bits P is percent occurrences of each byte value Since a byte is 8 bits an entropy value of 8 indicate
49. reate a key without overhead Static Random Access Memory SRAM which is internal to many FPGAs has been proposed as a source of this PUF 3 We characterize the startup state of two external independent SR AMS in order to analyze their suitability as the source of a PUF Literature Review FPGA An FPGA is a semiconductor device that can be programmed and configured after manufacturing FPGAs can be re programmed many times after deployment which is an advantage over ASICs whose designs must be completed prior to manufacture FPGAs are programmed through a source code which describes the logical function to be implemented One language commonly used in FPGA design is VHDL The typical FPGA architecture consists of an array of configurable logic blocks CLBs rather than solely transistors These logic blocks contain memory used to implement logic functions and can be a composition of transistor pairs multiplexers basic small gates such as two input NAND gates exclusive OR gates or look up tables LUTs These logic blocks are then connected together with wire segments of varying length interconnecting each other by electronically programmable switches which are configured during the synthesis process via a computer After the design is downloaded onto the device a routing architecture is created and implemented on the board 8 SRAM SRAM is a type of semiconductor memory consisting of CMOS transistors Unlike dynamic RAM DRAM whi
50. rr end save all stats stats status 9 for CURR FOLDER 1 folders some files new my files start CURR FOLDER stop CURR FOLDER file name some files 1 b char file name c b 10 14 time set CURR FOLDER str2num c CG b 1 5 board set CURR FOLDER str2num c c b 6 8 trials set CURR FOLDER str2num c c b 3 4 order set CURR FOLDER str2num c end hold off x time set y stats 3 save fig st_ones x y x time set y stats 12 y2 stats 13 save VfigXrow x yty ye x trials set y stats 5 y2 stats 6 y3 stats 7 save XfigXunstable dist x y y2 y x I trials set y stats 2 save fig unstable_tot x y toc 36 Appendix C MATLAB Single Set Analysis oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o Je Je o Je oe oo file name uniform stable corr m oo This codes generates a graph of total ones spatial correlation both column wise and row wise to see if three finds stability does bits are the same load folder files files length some files total mem map zeros 36 262144 total mem map sort zeros 36 262144 total mem map percent zeros 36 262144 mem map zeros 40 262144 mem map short zeros 36 2602144 one byte zeros 8 1 out z
51. s we implemented the following state machine as shown in Figure 6 100MHz load address for read read data available request display read data on LEDs wait Ass write complete load address for write Figure 6 SRAM Read Write State Machine Once we verified that our reading interface was correct we removed the write portion gt and changed the address from user selectable to a slow counter as shown in Figure 7 With these changes we could see that that data changed with the addresses 100MHz load address for read read data available address provided by outside counter save to register wait Figure 7 SRAM Reading State Machine In this configuration this state machine is always reading from the SRAM However the address that is being read will only change based on an external counter As we began to work with the serial communications we determined that the best time to change the address would be immediately after the send of the each address data completed Serial Out In order to save our reads of the SRAM it was necessary to communicate with a PC After analyzing several options we determined that an RS 232 UART connection would be the easiest to implement A UART connection consists of one start bit a set number of data bits an optional parity bit and one stop bit sent at a baud rate know to both the transmitter and receiver We chose to send 8 data bits at a time at 115200 bits per second
52. s 1048576 1 a zeros 1 256 Siterates through all of the time Sintervals from one board for j 1 files file char some_files j load file no parity out 2 5 1 262144 B reshape no parity 1 1 Generates the histogram a hist B 256 figure 1 hist B 256 hold on Performs the entropy ent j 0 for i 1 256 p i a i sum a ent j ent j p i log2 p i end ent j ent 3 end stats CURR_FOLDER 14 min ent Stats CURR FOLDER 15 max ent Stats CURR FOLDER 16 mean ent Stats CURR FOLDER 17 std ent h findobj gca Type patch set h FaceColor w EdgeColor r h gcf Saves the figure for each Sindividual time interval name fig ent num2str CURR FOLDER saveas h name fig hold off 43 the bits in the Appendix G MATLAB Board Stability Analysis Bitwise oo Worcester Polytechnic Institute General Dynamics C4 Systems MQP Robyn Colopy Jatin Chopra C Term 2009 SRAM PUF o Je o Je o9 oe oo file name all stable bits m oo oo This code goes through all the bit map and calculates the stables ones Sand the stables zeros in the data It then plots a sorted map where it stable zeros and the distribution in Sbetween with colors load colors load colors2 total mem map percent zeros 36 262144 total mem map sort zeros 36 2602144 Sstability total mem map percent tot
53. s a high performance language used for technical computing with many applications including data acquisition math computation data analysis scientific and engineering graphics It is a high level language that can perform computing problems relatively faster compared with other languages because of its build in functions and commands 7 MATLAB also has input output communication capabilities to a serial port and can also read and write to text files or MATLAB s data format files with a MAT extension It also performs data analysis such as matrix manipulation data plotting and build in functions that can perform common statistics 7 IP Power 9258 Aviosys International Inc developed IP Power 9258 which is an Ethernet controlled device used to manage power on a time schedule With this device a user can control or query the power supply of up to four 120 V electrical outlets using pre configured commands Communication is through an RJ 45 Ethernet cable via the PC Other capabilities of this device include an RS 232 port for debugging purposes and a manual on off switch It also has LEDs to indicate power usage of the device connected to it 5 The automated reset system is shown below in Figure 5 PC running MATLAB ETHERNET IP Power Figure 5 Automated Reset System Goals Our overall technical goal was to determine whether the initial state of SRAM creates a reasonable PUF for use as a cryptographic key I
54. s design to be immediately available on start up we used Xilinx to create a MCS file to be stored on the non volatile PROM This file automatically loads our design onto the FPGA on power up Automating the Reset In order to perform analysis on the data from the SRAM it would be beneficial to get as many multiple readings as possible We initially performed a manual reset using the standard power switch on the board However in order to obtain numerous samples with a time precise rest period between readings we researched a method to automate this process of resetting the board 11 After considering several options we ordered the IP Power9258 which would serve as our power management tool Our motivations for this choice were a tradeoff between price and ease of use We communicated to it via an Ethernet cable by sending commands through its IP address The following commands shown in Figure 11 correspond to turning one outlet on and off http admin 12345678 192 168 1 207 Set cmd CMD SetPower P60 1 http admin 12345678 192 168 1 207 Set cmd CMD SetPower P60 0 Figure 11 Commands to power cycle the power management device Our next task was to find a way to send these two commands automatically time precisely and repeatedly We also had to allow enough time for the board to boot up properly from PROM extract the data and finally increment a variable rest period between reads We decided to implement
55. s that the distribution is completely uniform Entropy was plotted with respect to time in Figure 32 The entropy follows the same trend as the uniformity graph seen in Figure 20 with values ranging from 7 97 to 7 99 27 Entropy vs Time E i 9 e t o P L py U gt 1 Time Off Figure 32 Entropy vs Time Off Across Boards Finally it was necessary to determine whether there was any correlation between the two boards We used the average reading of each bit over all readings to create a correct memory map for each board We then XORed the two maps to find how many of the corresponding bits were different We found that 49 4296 of bits were different This suggests that there is no noticable correlation between the two memories However two memories is very small sample size and this test should be repeated with more data across many boards Figure 33 below shows a portion of the XORed memory map The red bits are those which are different across the two memories 28 XORed Memories Figure 33 Difference Between Boards 1 and 2 29 Future Considerations Due to the noisy nature of PUF responses and the fact that the responses are not uniformly distributed a fuzzy extractor or helper data algorithm is typically implemented to extract the secure keys from the PUF responses For instance we observed a noise level of between 10 and 20 Within t
56. tain a list of all of the saved files A block diagram of MATLAB s data collecting and storing procedure is as follows in Figure 15 14 START Available Ports No X Clear Ports Yes Y Data being transterred No e Wait Read Data Time Stamp Store Data Figure 15 MATLAB s data collecting and storing procedure MATLAB is able to communicate through the serial port at various baud rates The maximum baud rate that MATLAB can read data is 115 200 baud In order to initiate communication we used MATLAB s serial command to define the baud rate the input buffer size timeout length port number and whether to read asynchronously or synchronously We chose 115 200 bits per second since this allowed for the fastest data transfer possible and an asynchronous read operation since we were not sending out any data through the UART or writing to the SRAM The input buffer size was calculated based on the available space within the SRAM on the FPGA which was 262144 words 40 bits 1 310 720 bits The timeout was defined as 500 000 seconds which allowed MATLAB to continuously have the serial port open and gather data for several days Once these initial values were defined MATLAB s fopen command permitted MATLAB to access this port The MATLAB script which brings all of these tools together is as follows in Figure 16 15 setup the serial port serial COM1 InputBufferSize 1310720 BaudRate 11520
57. top is type STATE TYPE is SO S1 S2 type UART STATE TYPE is UO Ul U2 U3 U4 U5 U6 U7 U8 U9 U10 signal UCURR STATE UART STATE TYPE signal UNEXT STATE UART STATE TYPE signal CURR STATE STATE TYPE signal NEXT STATE STATE TYPE signal addr std logic vector 21 downto 0 signal data std logic vector 31 downto 0 signal buff std logic vector 39 downto 0 signal data p std logic vector 3 downto 0 signal bwx std logic vector 3 downto 0 signal oe std logic signal we std logic signal adv std logic signal ce std logic 7 7 54 Ul1 U12 signal count_addr std logic vector 19 downto 1 signal UART CLK std logic signal uart data std logic signal send five integer range 0 to 4 signal choose bit integer range 0 to 7 signal buff index integer range 0 to 39 signal inc sends rst sends begin uart out uart data SRAM CLK lt USER CLK RAM D lt data RAM DOP lt data p RAM BW bwx RAM MODE 0 RAM OE B oe RAM WE B we RAM ADV LD B adv RAM CS B ce NANNNnNNNNN SRAM A lt addr bwx lt X 0 adv lt 0 RESET lt GPIO SW_N high impedance data lt ZZZ22222222222222222222222222222 data p lt ZZZZ we lt 1 addr lt 00 amp count addr amp 0 counter process U variable COUNTER begin SER CLK integer range 0 to 434 if rising edge USER CLK then
58. vices setups the serial port 1310720 BaudRate continuous 115200 opens the serial port connection a Sdefines the format stamp displays the time asynchronous read mode Turn board on DO ld on url a datestr clock mm dd HH MM SS fprintf 1 Turning ON sin a pause 1 system taskkill IM iexplore exe waits within this loop until Sdata is available to be read DO while s BytesAvailable 0 end a datestr clock mm dd HH MM SS filename data al fprintf 1 Data received s n a out fread s 5 262144 uint8 b toc G num2str b 04 0 filename filename c tic data is read and placed in out Sinitiates the time stamp Stime stamp is converted to a string filename gets the value of the timestamp calculates the difference 33 Sof time save filename out saves out as the time Sstamp Sgenerates a log of all of Sthe filenames all_my files all_my files filename save ile list all my files 1ogs all of the files generated file count length all my files fprintf 1 File count 1 0fin file count STurn board off td off url a datestr clock mm dd HH MM SS fprintf 1 Turning OFF s n a pause 1 system taskkill IM iexplore exe fprintf l Xn pause 10 fprintf l n pause 900 SWait 900 seconds before next read end
Download Pdf Manuals
Related Search