skip to main content
research-article

Microcontroller Fingerprinting Using Partially Erased NOR Flash Memory Cells

Published:27 March 2021Publication History
Skip Abstract Section

Abstract

Electronic device fingerprints, unique bit vectors extracted from device's physical properties, are used to differentiate between instances of functionally identical devices. This article introduces a new technique that extracts fingerprints from unique properties of partially erased NOR flash memory cells in modern microcontrollers. NOR flash memories integrated in modern systems-on-a-chip typically hold firmware and read-only data, but they are increasingly in-system-programmable, allowing designers to erase and program them during normal operation. The proposed technique leverages partial erase operations of flash memory segments that bring them into the state that exposes physical properties of the flash memory cells through a digital interface. These properties reflect semiconductor process variations and defects that are unique to each microcontroller or a flash memory segment within a microcontroller. The article explores threshold voltage variation in NOR flash memory cells for generating fingerprints and describes an algorithm for extracting fingerprints. The experimental evaluation utilizing a family of commercial microcontrollers demonstrates that the proposed technique is cost-effective, robust, and resilient to changes in voltage and temperature as well as to aging effects.

References

  1. Anys Bacha and Radu Teodorescu. 2015. Authenticache: Harnessing cache ECC for system authentication. In Proceedings of the 48th International Symposium on Microarchitecture (MICRO’15). Association for Computing Machinery, 128--140. https://doi.org/10.1145/2830772.2830814Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Lawrence T. Clark, James Adams, and Keith E. Holbert. 2019. Reliable techniques for integrated circuit identification and true random number generation using 1.5-transistor flash memory. Integration 65, (2019), 263--272. DOI:https://doi.org/10.1016/j.vlsi.2017.10.001Google ScholarGoogle Scholar
  3. Adam R. Duncan, Matthew J. Gadlage, Austin H. Roach, and Matthew J. Kay. 2016. Characterizing radiation and stress-induced degradation in an embedded split-gate NOR flash memory. IEEE Trans. Nucl. Sci. 63, 2 (2016), 1276--1283. DOI:https://doi.org/10.1109/TNS.2016.2540803Google ScholarGoogle ScholarCross RefCross Ref
  4. Blaise Gassend, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. 2002. Silicon physical random functions. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02). Association for Computing Machinery, 148--160. DOI:https://doi.org/10.1145/586110.586132Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Jorge Guajardo, Sandeep S. Kumar, Geert-Jan Schrijen, and Pim Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. In Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’07). Springer-Verlag, 63--80. DOI:https://doi.org/10.1007/978-3-540-74735-2_5Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Maryam S. Hashemian, Bhanu Singh, Francis Wolff, Daniel Weyer, Steve Clay, and Christos Papachristou. 2015. A robust authentication methodology using physically unclonable functions in DRAM arrays. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE’15), 647--652. DOI:https://doi.org/10.7873/DATE.2015.0308Google ScholarGoogle ScholarCross RefCross Ref
  7. Charles Herder, Meng-Day Yu, Farinaz Koushanfar, and Srinivas Devadas. 2014. Physical unclonable functions and applications: A tutorial. Proc. IEEE 102, 8 (2014), 1126--1141. DOI:https://doi.org/10.1109/JPROC.2014.2320516Google ScholarGoogle ScholarCross RefCross Ref
  8. Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu. 2009. Power-Up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput 58, 9 (2009), 1198--1210. DOI:https://doi.org/10.1109/TC.2008.212Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Texas Instruments. 2008. MSP430 Flash memory characteristics. Retrieved from http://www.ti.com/lit/an/slaa334b/slaa334b.pdf.Google ScholarGoogle Scholar
  10. Texas Instruments. 2009. MSP430F543x, MSP430F541x Mixed-Signal Microcontrollers datasheet (Rev. F). Retrieved from http://www.ti.com/lit/ds/symlink/msp430f5438.pdf.Google ScholarGoogle Scholar
  11. Shijie Jia, Luning Xia, Zhan Wang, Jingqiang Lin, Guozhu Zhang, and Yafei Ji. 2015. Extracting robust keys from NAND flash physical unclonable functions. In Information Security (Lecture Notes in Computer Science), Springer, Cham, 437--454. DOI:https://doi.org/10.1007/978-3-319-23318524Google ScholarGoogle Scholar
  12. Jeremie S. Kim, Minesh Patel, Hasan Hassan, and Onur Mutlu. 2018. The DRAM latency PUF: Quickly evaluating physical unclonable functions by exploiting the latency-reliability tradeoff in modern commodity DRAM devices. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’18), 194--207. DOI:https://doi.org/10.1109/HPCA.2018.00026Google ScholarGoogle ScholarCross RefCross Ref
  13. Donghyuk Lee, Samira Khan, Lavanya Subramanian, Saugata Ghose, Rachata Ausavarungnirun, Gennady Pekhimenko, Vivek Seshadri, and Onur Mutlu. 2017. Design-induced latency variation in modern DRAM chips: Characterization, analysis, and latency reduction mechanisms. In Proceedings of the ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’17 Abstracts). Association for Computing Machinery, 54. DOI:https://doi.org/10.1145/3078505.3078533Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. J. W. Lee, Daihyun Lim, B. Gassend, G. E. Suh, M. van Dijk, and S. Devadas. 2004. A technique to build a secret key in integrated circuits for identification and authentication applications. In Proceedings of the Symposium on VLSI Circuits. 176--179. DOI:https://doi.org/10.1109/VLSIC.2004.1346548Google ScholarGoogle Scholar
  15. Muqing Liu, Chen Zhou, Qianying Tang, Keshab K. Parhi, and Chris H. Kim. 2017. A data remanence-based approach to generate 100% stable keys from an SRAM physical unclonable function. In Proceedings of the IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED’17), 1--6. DOI:https://doi.org/10.1109/ISLPED.2017.8009192Google ScholarGoogle Scholar
  16. Harsha Mandadi. 2017. Remote integrity checking using multiple PUF-based component identifiers. Retrieved from https://vtechworks.lib.vt.edu/handle/10919/78200.Google ScholarGoogle Scholar
  17. The-Nghia Nguyen, Sunghyun Park, and Donghwa Shin. 2020. Extraction of device fingerprints using built-in erase-suspend operation of flash memory devices. IEEE Access 8, (2020), 98637--98646. DOI:https://doi.org/10.1109/ACCESS.2020.2995891Google ScholarGoogle ScholarCross RefCross Ref
  18. Ravikanth Pappu, Ben Recht, Jason Taylor, and Neil Gershenfeld. 2002. Physical one-way functions. Science 297, 5589 (2002), 2026--2030. DOI:https://doi.org/10.1126/science.1074376Google ScholarGoogle Scholar
  19. Prawar Poudel, Biswajit Ray, and Aleksandar Milenkovic. 2019. Microcontroller TRNGs using perturbed states of NOR flash memory cells. IEEE Trans. Comput. 68, 2 (2019), 307--313. DOI:https://doi.org/10.1109/TC.2018.2866459Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Pravin Prabhu, Ameen Akel, Laura M. Grupp, Wing-Kei S. Yu, G. Edward Suh, Edwin Kan, and Steven Swanson. 2011. Extracting device fingerprints from flash memory by exploiting physical variations. In Trust and Trustworthy Computing (Lecture Notes in Computer Science), Springer, Berlin, 188--201. DOI:https://doi.org/10.1007/978-3-642-21599-5_14Google ScholarGoogle Scholar
  21. Sami Rosenblatt, Srivatsan Chellappa, Alberto Cestero, Norman Robson, Toshiaki Kirihata, and Subramanian S. Iyer. 2013. A self-authenticating chip architecture using an intrinsic fingerprint of embedded DRAM. IEEE J. Solid-State Circuits 48, 11 (2013), 2934--2943. DOI:https://doi.org/10.1109/JSSC.2013.2282114Google ScholarGoogle ScholarCross RefCross Ref
  22. Sadman Sakib, Aleksandar Milenković, Md Tauhidur Rahman, and Biswajit Ray. 2020. An aging-resistant NAND flash memory physical unclonable function. IEEE Trans. Electron Devices 67, 3 (2020), 937--943. DOI:https://doi.org/10.1109/TED.2020.2968272Google ScholarGoogle ScholarCross RefCross Ref
  23. André Schaller, Wenjie Xiong, Nikolaos Athanasios Anagnostopoulos, Muhammad Umair Saleem, Sebastian Gabmeyer, Boris Škorić, Stefan Katzenbeisser, and Jakub Szefer. 2019. Decay-based DRAM PUFs in commodity devices. IEEE Trans. Dependable Secure Comput. 16, 3 (2019), 462--475. DOI:https://doi.org/10.1109/TDSC.2018.2822298Google ScholarGoogle ScholarCross RefCross Ref
  24. G. Edward Suh and Srinivas Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th Annual Design Automation Conference (DAC’07). Association for Computing Machinery, 9--14. DOI:https://doi.org/10.1145/1278480.1278484Google ScholarGoogle Scholar
  25. Soubhagya Sutar, Arnab Raha, and Vijay Raghunathan. 2016. D-PUF: An intrinsically reconfigurable DRAM PUF for device authentication in embedded systems. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems (CASES’16). Association for Computing Machinery, 1--10. DOI:https://doi.org/10.1145/2968455.2968519Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. B. M. S. Bahar Talukder, Biswajit Ray, Mark Tehranipoor, Domenic Forte, and Md Tauhidur Rahman. 2018. LDPUF: Exploiting DRAM latency variations to generate robust device signatures. Retrieved from http://arxiv.org/abs/1808.02584.Google ScholarGoogle Scholar
  27. Fatemeh Tehranipoor, Nima Karimian, Wei Yan, and John A. Chandy. 2017. DRAM-based intrinsic physically unclonable functions for system-level security and authentication. IEEE Trans. Very Large Scale Integr. Syst. 25, 3 (2017), 1085--1097. DOI:https://doi.org/10.1109/TVLSI.2016.2606658Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Yinglei Wang, Wing-kei Yu, Shuo Wu, Greg Malysa, G. Edward Suh, and Edwin C. Kan. 2012. Flash memory for ubiquitous hardware security functions: True random number generation and device fingerprints. In Proceedings of the IEEE Symposium on Security and Privacy. 33--47. DOI:https://doi.org/10.1109/SP.2012.12Google ScholarGoogle Scholar

Index Terms

  1. Microcontroller Fingerprinting Using Partially Erased NOR Flash Memory Cells

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      • Article Metrics

        • Downloads (Last 12 months)32
        • Downloads (Last 6 weeks)1

        Other Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!