Abstract
Electronic device fingerprints, unique bit vectors extracted from device's physical properties, are used to differentiate between instances of functionally identical devices. This article introduces a new technique that extracts fingerprints from unique properties of partially erased NOR flash memory cells in modern microcontrollers. NOR flash memories integrated in modern systems-on-a-chip typically hold firmware and read-only data, but they are increasingly in-system-programmable, allowing designers to erase and program them during normal operation. The proposed technique leverages partial erase operations of flash memory segments that bring them into the state that exposes physical properties of the flash memory cells through a digital interface. These properties reflect semiconductor process variations and defects that are unique to each microcontroller or a flash memory segment within a microcontroller. The article explores threshold voltage variation in NOR flash memory cells for generating fingerprints and describes an algorithm for extracting fingerprints. The experimental evaluation utilizing a family of commercial microcontrollers demonstrates that the proposed technique is cost-effective, robust, and resilient to changes in voltage and temperature as well as to aging effects.
- Anys Bacha and Radu Teodorescu. 2015. Authenticache: Harnessing cache ECC for system authentication. In Proceedings of the 48th International Symposium on Microarchitecture (MICRO’15). Association for Computing Machinery, 128--140. https://doi.org/10.1145/2830772.2830814Google Scholar
Digital Library
- Lawrence T. Clark, James Adams, and Keith E. Holbert. 2019. Reliable techniques for integrated circuit identification and true random number generation using 1.5-transistor flash memory. Integration 65, (2019), 263--272. DOI:https://doi.org/10.1016/j.vlsi.2017.10.001Google Scholar
- Adam R. Duncan, Matthew J. Gadlage, Austin H. Roach, and Matthew J. Kay. 2016. Characterizing radiation and stress-induced degradation in an embedded split-gate NOR flash memory. IEEE Trans. Nucl. Sci. 63, 2 (2016), 1276--1283. DOI:https://doi.org/10.1109/TNS.2016.2540803Google Scholar
Cross Ref
- Blaise Gassend, Dwaine Clarke, Marten van Dijk, and Srinivas Devadas. 2002. Silicon physical random functions. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02). Association for Computing Machinery, 148--160. DOI:https://doi.org/10.1145/586110.586132Google Scholar
Digital Library
- Jorge Guajardo, Sandeep S. Kumar, Geert-Jan Schrijen, and Pim Tuyls. 2007. FPGA intrinsic PUFs and their use for IP protection. In Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems (CHES’07). Springer-Verlag, 63--80. DOI:https://doi.org/10.1007/978-3-540-74735-2_5Google Scholar
Digital Library
- Maryam S. Hashemian, Bhanu Singh, Francis Wolff, Daniel Weyer, Steve Clay, and Christos Papachristou. 2015. A robust authentication methodology using physically unclonable functions in DRAM arrays. In Proceedings of the Design, Automation Test in Europe Conference Exhibition (DATE’15), 647--652. DOI:https://doi.org/10.7873/DATE.2015.0308Google Scholar
Cross Ref
- Charles Herder, Meng-Day Yu, Farinaz Koushanfar, and Srinivas Devadas. 2014. Physical unclonable functions and applications: A tutorial. Proc. IEEE 102, 8 (2014), 1126--1141. DOI:https://doi.org/10.1109/JPROC.2014.2320516Google Scholar
Cross Ref
- Daniel E. Holcomb, Wayne P. Burleson, and Kevin Fu. 2009. Power-Up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput 58, 9 (2009), 1198--1210. DOI:https://doi.org/10.1109/TC.2008.212Google Scholar
Digital Library
- Texas Instruments. 2008. MSP430 Flash memory characteristics. Retrieved from http://www.ti.com/lit/an/slaa334b/slaa334b.pdf.Google Scholar
- Texas Instruments. 2009. MSP430F543x, MSP430F541x Mixed-Signal Microcontrollers datasheet (Rev. F). Retrieved from http://www.ti.com/lit/ds/symlink/msp430f5438.pdf.Google Scholar
- Shijie Jia, Luning Xia, Zhan Wang, Jingqiang Lin, Guozhu Zhang, and Yafei Ji. 2015. Extracting robust keys from NAND flash physical unclonable functions. In Information Security (Lecture Notes in Computer Science), Springer, Cham, 437--454. DOI:https://doi.org/10.1007/978-3-319-23318524Google Scholar
- Jeremie S. Kim, Minesh Patel, Hasan Hassan, and Onur Mutlu. 2018. The DRAM latency PUF: Quickly evaluating physical unclonable functions by exploiting the latency-reliability tradeoff in modern commodity DRAM devices. In Proceedings of the IEEE International Symposium on High Performance Computer Architecture (HPCA’18), 194--207. DOI:https://doi.org/10.1109/HPCA.2018.00026Google Scholar
Cross Ref
- Donghyuk Lee, Samira Khan, Lavanya Subramanian, Saugata Ghose, Rachata Ausavarungnirun, Gennady Pekhimenko, Vivek Seshadri, and Onur Mutlu. 2017. Design-induced latency variation in modern DRAM chips: Characterization, analysis, and latency reduction mechanisms. In Proceedings of the ACM SIGMETRICS/International Conference on Measurement and Modeling of Computer Systems (SIGMETRICS’17 Abstracts). Association for Computing Machinery, 54. DOI:https://doi.org/10.1145/3078505.3078533Google Scholar
Digital Library
- J. W. Lee, Daihyun Lim, B. Gassend, G. E. Suh, M. van Dijk, and S. Devadas. 2004. A technique to build a secret key in integrated circuits for identification and authentication applications. In Proceedings of the Symposium on VLSI Circuits. 176--179. DOI:https://doi.org/10.1109/VLSIC.2004.1346548Google Scholar
- Muqing Liu, Chen Zhou, Qianying Tang, Keshab K. Parhi, and Chris H. Kim. 2017. A data remanence-based approach to generate 100% stable keys from an SRAM physical unclonable function. In Proceedings of the IEEE/ACM International Symposium on Low Power Electronics and Design (ISLPED’17), 1--6. DOI:https://doi.org/10.1109/ISLPED.2017.8009192Google Scholar
- Harsha Mandadi. 2017. Remote integrity checking using multiple PUF-based component identifiers. Retrieved from https://vtechworks.lib.vt.edu/handle/10919/78200.Google Scholar
- The-Nghia Nguyen, Sunghyun Park, and Donghwa Shin. 2020. Extraction of device fingerprints using built-in erase-suspend operation of flash memory devices. IEEE Access 8, (2020), 98637--98646. DOI:https://doi.org/10.1109/ACCESS.2020.2995891Google Scholar
Cross Ref
- Ravikanth Pappu, Ben Recht, Jason Taylor, and Neil Gershenfeld. 2002. Physical one-way functions. Science 297, 5589 (2002), 2026--2030. DOI:https://doi.org/10.1126/science.1074376Google Scholar
- Prawar Poudel, Biswajit Ray, and Aleksandar Milenkovic. 2019. Microcontroller TRNGs using perturbed states of NOR flash memory cells. IEEE Trans. Comput. 68, 2 (2019), 307--313. DOI:https://doi.org/10.1109/TC.2018.2866459Google Scholar
Digital Library
- Pravin Prabhu, Ameen Akel, Laura M. Grupp, Wing-Kei S. Yu, G. Edward Suh, Edwin Kan, and Steven Swanson. 2011. Extracting device fingerprints from flash memory by exploiting physical variations. In Trust and Trustworthy Computing (Lecture Notes in Computer Science), Springer, Berlin, 188--201. DOI:https://doi.org/10.1007/978-3-642-21599-5_14Google Scholar
- Sami Rosenblatt, Srivatsan Chellappa, Alberto Cestero, Norman Robson, Toshiaki Kirihata, and Subramanian S. Iyer. 2013. A self-authenticating chip architecture using an intrinsic fingerprint of embedded DRAM. IEEE J. Solid-State Circuits 48, 11 (2013), 2934--2943. DOI:https://doi.org/10.1109/JSSC.2013.2282114Google Scholar
Cross Ref
- Sadman Sakib, Aleksandar Milenković, Md Tauhidur Rahman, and Biswajit Ray. 2020. An aging-resistant NAND flash memory physical unclonable function. IEEE Trans. Electron Devices 67, 3 (2020), 937--943. DOI:https://doi.org/10.1109/TED.2020.2968272Google Scholar
Cross Ref
- André Schaller, Wenjie Xiong, Nikolaos Athanasios Anagnostopoulos, Muhammad Umair Saleem, Sebastian Gabmeyer, Boris Škorić, Stefan Katzenbeisser, and Jakub Szefer. 2019. Decay-based DRAM PUFs in commodity devices. IEEE Trans. Dependable Secure Comput. 16, 3 (2019), 462--475. DOI:https://doi.org/10.1109/TDSC.2018.2822298Google Scholar
Cross Ref
- G. Edward Suh and Srinivas Devadas. 2007. Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th Annual Design Automation Conference (DAC’07). Association for Computing Machinery, 9--14. DOI:https://doi.org/10.1145/1278480.1278484Google Scholar
- Soubhagya Sutar, Arnab Raha, and Vijay Raghunathan. 2016. D-PUF: An intrinsically reconfigurable DRAM PUF for device authentication in embedded systems. In Proceedings of the International Conference on Compilers, Architectures and Synthesis for Embedded Systems (CASES’16). Association for Computing Machinery, 1--10. DOI:https://doi.org/10.1145/2968455.2968519Google Scholar
Digital Library
- B. M. S. Bahar Talukder, Biswajit Ray, Mark Tehranipoor, Domenic Forte, and Md Tauhidur Rahman. 2018. LDPUF: Exploiting DRAM latency variations to generate robust device signatures. Retrieved from http://arxiv.org/abs/1808.02584.Google Scholar
- Fatemeh Tehranipoor, Nima Karimian, Wei Yan, and John A. Chandy. 2017. DRAM-based intrinsic physically unclonable functions for system-level security and authentication. IEEE Trans. Very Large Scale Integr. Syst. 25, 3 (2017), 1085--1097. DOI:https://doi.org/10.1109/TVLSI.2016.2606658Google Scholar
Digital Library
- Yinglei Wang, Wing-kei Yu, Shuo Wu, Greg Malysa, G. Edward Suh, and Edwin C. Kan. 2012. Flash memory for ubiquitous hardware security functions: True random number generation and device fingerprints. In Proceedings of the IEEE Symposium on Security and Privacy. 33--47. DOI:https://doi.org/10.1109/SP.2012.12Google Scholar
Index Terms
Microcontroller Fingerprinting Using Partially Erased NOR Flash Memory Cells
Recommendations
New Fault Detection Algorithm for Multi-level Cell Flash Memroies
ATS '11: Proceedings of the 2011 Asian Test SymposiumWith a development of high-capacity flash memory, a variety of applications have been featured in the current market. Since the density per unit area of multi-level cell flash memory (MLC), is doubled compared with single level cell flash memory (SLC), ...
A Multilevel-Cell 32Mb Flash Memory
ISMVL '00: Proceedings of the 30th IEEE International Symposium on Multiple-Valued LogicA flash memory with multilevel cell significantly reduces the memory per-bit cost. A 32 MB multilevel-cell (MLC) flash memory storing two bits of data per cell achieves 32 MB memory storage capacity using 16 M flash memory cells. This 32 MB flash memory ...
Microcontroller TRNGs Using Perturbed States of NOR Flash Memory Cells
This paper introduces a new technique that perturbs split-gate NOR Flash memory cells and extracts randomness of read noise to generate true random numbers. Flash memory cells exhibit threshold voltage fluctuations during read operations caused by ...






Comments