Combined HW-SW adaptive clone-resistant functions as physical security anchors

Modern resilient security systems require a hard to clone physical module integrated in core system units as basic security anchors. Physical Unclonable Functions (PUFs) were introduced in the last decade as possible physical unclonable security anchors. So far, PUFs as analog units exhibited relative inconsistency due to variations in the operating conditions such as temperature, supply voltage, aging and other possible environmental effects. This lead to relatively high unit´s implementation complexity. This work introduces a consistent pure-digital PUF concept. The proposed digital PUF is a combined Hardware-Software (HW-SW) module, embedded in a System-on-Chip (SoC) device. The key idea is based on triggering an internal true random process, which creates a hard to predict combined digital HW-SW module. Modern Field Programmable Gate Array (FPGA) SoC-devices often incorporate embedded processors in addition to self-reconfiguring hardware cell-arrays. Such combined self-reconfiguring HW-SW architectures allow practical self-creation of clone-resistant digital PUF modules. As pure-digital units, they exhibit negligible sensitivity to both operation conditions and aging factors. We postulate that self-creation of pure-hardware architectures is highly complex in self-reconfiguring FPGA environment. Therefore a combination of both hardware and software is expected to allow more sophisticated and secure functions with higher robustness against Side Channel Attacks (SCAs). It is assumed that any system is basically clonable, if sufficient financial and technical investments are offered. In the proposed concept, each created digital PUF results with its own unknown and hard to predict individual structure. Therefore, to clone any single digital PUF, an individual attack procedure is needed. In that case, mass-cloning tends to become impractical. As a result, cloning attacks on the proposed system are not economic and hence practically useless. The resulting proposed s- stem, when adequately implemented, offers a practical low-cost security anchor for a large class of modern applications.