Paper 2013/656

Bias-based modeling and entropy analysis of PUFs

Robbert van den Berg and Boris Skoric and Vincent van der Leest

Abstract

Physical Unclonable Functions (PUFs) are increasingly becoming a well-known security primitive for secure key storage and anti-counterfeiting. For both applications it is imperative that PUFs provide enough entropy. The aim of this paper is to propose a new model for binary-output PUFs such as SRAM, DFF, Latch and Buskeeper PUFs, and a method to accurately estimate their entropy. In our model the measurable property of a PUF is its set of cell biases. We determine an upper bound on the ‘extractable entropy’, i.e. the number of key bits that can be robustly extracted, by calculating the mutual information between the bias measurements done at enrollment and reconstruction. In previously known methods only uniqueness was studied using information-theoretic measures, while robustness was typically expressed in terms of error probabilities or distances. It is not always straightforward to use a combination of these two metrics in order to make an informed decision about the performance of different PUF types. Our new approach has the advantage that it simultaneously captures both of properties that are vital for key storage: uniqueness and robustness. Therefore it will be possible to fairly compare performance of PUF implementations using our new method. Statistical validation of the new methodology shows that it clearly captures both of these properties of PUFs. In other words: if one of these aspects (either uniqueness or robustness) is less than optimal, the extractable entropy decreases. Analysis on a large database of PUF measurement data shows very high entropy for SRAM PUFs, but rather poor results for all other memory-based PUFs in this database.