Implementation and Analysis of Ring Oscillator Circuits on Xilinx FPGAs
Mario Barbareschi, Giorgio Di Natale and Lionel Torres
As security of digital applications relies on trustworthy hardware platforms, new design challenges emerge from requirements of in-fleld applications which adopt field programmable gate arrays (FPGAs) as the hardware implementation technology. Indeed, the FPGA technology, contrary to the application-speciflc integrated circuits (ASICs), is able to be configured and updated in-fleld, out of the foundry, by means of a configuration file called bitstream. Its design methodology allows to fast prototype hardware devices and to avoid expensive nonrecurring engineering costs, which characterize ASIC projects, especially when the production scale is limited to few units. These advantages are really attractive and have created a new huge market segment around such devices.
However, as they are reconfigurable, FPGAs are more exposed to security attacks than ASICs. For instance, the intellectual property (IP) theft attack can be accomplished by read out the bitstream from the internal configuration memory or from external flash memories, once the application is deployed. Bitstream theft enables cloning of the original device into compatible devices or, by exploiting reverse engineer techniques, to analyze the netlist disclosing sensitive information, such as cryptographic keys or algorithms.
M. Barbareschi (B)
G. Di Natale • L. Torres
LIRMM UMR 5506—CNRS—University of Montpellier, 161 rue Ada,
© Springer International Publishing Switzerland 2017 N. Sklavos et al. (eds.), Hardware Security and Trust, DOI 10.1007/978-3-319-44318-8_12
For these reasons, FPGA vendors have been starting to implement decryption algorithms on new and high-end FPGA devices, in order to program them by using enciphered bitstreams. Indeed, ciphered bitstreams guarantee confidentiality against IP theft and authenticity, such that it is not possible to use the bitstream on FPGAs that are not configured with the secret key. However, this technique is not a silver bullet for the FPGA security, since tampering and side-channel attack techniques are improving in efficacy and effectiveness, as recently demonstrated in .
With respect to the trustworthiness of integrated circuit (IC), the most important breakthroughs were given by the introduction of physically unclonable functions (PUFs) . They exploit unavoidable and uncontrollable manufacturing imperfections, which are tolerated for the properly circuit operations, giving unique and unclonable hardware signatures. For instance, the propagation delay, through either nominally identical metal wires or through gates, depends on these variations. Hence, the PUF circuit has to mainly quantify a physical phenomenon affected by variability in order to be able to provide some responses. Since exploited quantities are from electrical phenomena, the responses are inherently affected by noise. The environmental and working conditions, such as the temperature and the supplied voltage, can dramatically alter PUFs responses, making them not suitable secure primitives due to lack of reliability.
PUFs work in a challenge/response paradigm, such that a PUF is a function which maps a set of inputs (challenges) to a set of outputs (responses) in a unique manner, defining a challenge/response pairs (CRPs) set. CRPs can be pragmatically used as key storage and key material provider and, if they are characterized by a huge cardinality, they can be even adopted in an authentication scheme . PUFs are hard to attack and, furthermore, are tamper evident, such as physical attack attempts modify permanently their responses [5, 10].
Among all PUFs architectures that are discussed in the literature, we can list the SRAM PUF [4, 6], MRAM PUF  and the D flip-flop PUF  for the memory- based family, and the Arbiter PUF , the ring oscillator (RO) PUF [11-13, 17], the Butterfly PUF , and the Anderson PUF [2, 3] for the delay-based family. Ring oscillators-based PUFs (ROPUFs) are currently the most affordable secrecy source, since they can be easily implemented on every hardware technology, even on low-end and old FPGA device families, and received a great attention from the research community [13-15, 23, 24]. ROPUFs work by exploiting the variability on oscillations frequencies: considering a pair of ring oscillators (ROs), it is possible to extract one response bit by testing their frequencies with a binary comparator.
In this chapter, through a large amount of experiments conducted over Xilinx Spartan-6 XCS6LX16 45 nm devices, we collect some characterizations of RO frequencies, mainly aiming at analyzing how frequencies, generated by different ROs structures placed over a device and among different devices, are distributed. Along the way, we detail how to implement a RO on such devices and how to measure and extract frequencies from each implemented RO. In particular, for the frequency extraction we adopt Xilinx ChipScope. Furthermore, targeting a single device, we empirically study some noise sources, in particular the temperature variations, the logic which surrounds the ROs and the aging, in order to give better characterizations of read frequencies under different working conditions.