Paper 2019/312

Side-Channel Analysis of the TERO PUF

Lars Tebelmann, Michael Pehl, and Vincent Immler


Physical Unclonable Functions (PUFs) have the potential to provide a higher level of security for key storage than traditional Non-Volatile Memory (NVM). However, the susceptibility of the PUF primitives to non-invasive Side-Channel Analysis (SCA) is largely unexplored. While resistance to SCA was indicated for the Transient Effect Ring Oscillator (TERO) PUF, it was not backed by an actual assessment. To investigate the physical security of the TERO PUF, we first discuss and study the conceptual behavior of the PUF primitive to identify possible weaknesses. We support our claims by conducting an EM-analysis of a TERO design on an FPGA. When measuring TERO cells with an oscilloscope in the time domain, a Short Time Fourier Transform (STFT) based approach allows to extract the relevant information in the frequency domain. By applying this method we significantly reduce the entropy of the PUF. Our analysis shows the vulnerability of not only the originally suggested TERO PUF implementation but also the impact on TERO designs in general. We discuss enhancements of the design that potentially prevent the TERO PUF from exposing the secret and point out that regarding security the TERO PUF is similar to the more area-efficient Ring Oscillator PUF.

Available format(s)
Publication info
Published elsewhere. In: Polian I., Stöttinger M. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2019. Lecture Notes in Computer Science, vol 11421. Springer, Cham
TERO PUFSide-Channel AnalysisNon-InvasiveEM Side-ChannelPhysical Unclonable Function
Contact author(s)
lars tebelmann @ tum de
2019-03-22: revised
2019-03-20: received
See all versions
Short URL
Creative Commons Attribution


      author = {Lars Tebelmann and Michael Pehl and Vincent Immler},
      title = {Side-Channel Analysis of the TERO PUF},
      howpublished = {Cryptology ePrint Archive, Paper 2019/312},
      year = {2019},
      doi = {10.1007/978-3-030-16350-1_4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.