A Novel Hardware Security Architecture: PD-CRP(PUF Database & Challenge-Response Pair) Bloom filter on Memristor based PUF

Because the development of the internet of things (IoT) requires technology that transfers information between objects without human intervention, the core of IoT security will be secure authentication between devices or between devices and servers. Software-based authentication may be a security vulnerability in IoT, but hardware-based security technology can provide a strong security environment. A physical unclonable functions (PUFs) are a hardware security element suitable for lightweight applications. PUFs can generate challenge-response pairs(CRPs) that cannot be controlled or predicted by utilizing inherent physical variations that occur in the manufacturing process. In particular, pulse width memristive PUF (PWM-PUF) improves security performance by applying different write pulse widths and bank structures. Bloom filter (BF) is probabilistic data structures that answer membership queries using small memories. Bloom filter can improve search performance and reduce memory usage and are used in areas such as networking, security, big data, and IoT. In this paper, we propose a structure that applies Bloom filters based on the PWM-PUF to reduce PUF data transmission errors. The proposed structure uses two different Bloom filter types that store different information and that are located in front of and behind the PWM-PUF, improving security by removing challenges from attacker access. Simulation results show that the proposed structure decreases the data transmission error rate and reuse rate as the Bloom filter size increases, the simulation results also show that the proposed structure improves PWM-PUF security with a very small Bloom filter memory.


Introduction
The advent of the IoT has led to a web of connections that provides network infrastructure and shares a massive amount of private information among smart devices [1]. The requirements for trustworthy communication have been one of the biggest concerns [2]. In recent years, it has been demonstrated that hardware-based security systems are more secure than software-based security systems due to innate architectural risks in software [3]. Hardware-based security systems typically store digital keys in non-volatile storage and the keys play an important role in encrypting shared information or in processing access authentication. However, it has been shown that the typical method is vulnerable to invasive attacks on physical systems to reveal their secret information [4]- [6]. To defeat such potential threats, physical unclonable functions (PUFs) have been introduced as a promising alternative. PUFs primarily utilize inherent physical variations that naturally occur during hardware device manufacturing [7]. The major advantage of PUF is that they are easy to build but practically impossible to duplicate since the formation of such physical variations is unpredictable and uncontrollable, even under the same conditions. In general, PUFs implement challenge-response protocols rather than extracting stored keys. When a challenge is applied to a PUF, a corresponding response is generated. Each response depends on the unique features of a PUF instance [8]. Therefore, a set of challenge-response pairs (CRPs) is regarded as the fingerprint of a PUF integrated device; with unique CRPs, PUFs can be used in security applications such as authentication and identification as well as key generation [9]. However, a PUF generates and transmits a response to a challenge even if the challenge comes from an attacker [10], so eventually, attackers can obtain CRP information from a hardware PUF. A Bloom filter (BF) is a simple and efficient bit vector structure that represents the membership information of a set of elements [11] - [15]. Bloom filters are used in various lookup systems to improve their performance by avoiding access to unnecessary data [16] [17]. Bloom filters can reduce memory usage according to many studies in the storage field [18] [19] and can remove data duplication [20]. The Bloom filters are also applied to many security fields [21] [22]. A Bloom filter implemented in hardware can accelerate information retrieval and save memory [23] - [25]. Bloom filters are used in a wide variety of applications and will increasingly be the subject various research of the future [26]- [28].
This paper describes a security approach that exchanges only the correct CRPs with the authentication server by removing unnecessary challenge access from attackers. The proposed approach is based on a pulse width memristive PUF (PWM-PUF) [29]. To increase the accuracy of the exchange of CRP information between the PWM-PUF and its authentication server, we propose to add a small-memory Bloom filter. When the CRPs of authentication server are stored in the Bloom filter and applied to the PWM-PUF, its security is improved by removing unnecessary attacker access to CRPs and avoiding duplicate CRP usage.
The remainder of this paper is organized as follows. Section 2 describes related works including variant PUFs and Bloom filters. Section 3 introduces our proposed structure. Section 4 describes the simulation data set. Section 5 discusses the performance evaluation results, and Section 6 briefly concludes the paper.

Conventional PUF and Memristor-based PUF
Subsequent to the introduction of PUFs, various PUF structures have been proposed [30]- [33], analyzed, and implemented. Conventional PUFs like arbiter PUFs [30], ring oscillator PUFs [31], SRAM PUFs [32], and latch PUFs [33] seem attractive for their easy construction. However, as manufacturing technology trends toward smaller feature size, those structures are likely to face future physical limitations on scaling down [34]. Thus, emerging nanoelectronic devices such as memristor [35], PCM [36], and STT-MRAM [37] have been suggested. In particular, memristors are expected to be a suitable candidate for PUF implementation owing to their high fabrication process sensitivity and their compatibility with modern CMOS fabrication processes. The two-terminal memristor enables ultra-high integration density at low cost when organized into a cross-point array architecture. Many studies [38]- [40] that take advantage of memristors have been done to build reliable and secure PUFs. In [38] and [39], write-time varies as a result of fabrication, and for a given SET time, each memristor has a 1 or 0 logic state at random. In [40], the PUF sets the operating condition at a switching probability of 50%.Building a novel PUF relies on key extraction from the circuit implementation of the architecture. Applications of memristor-based PUFs have some challenges to resolve. One of challenges is that the number of CRPs increases in proportion to the number of unit cells and ultimately in proportion to the array size. Consequently, several PUF architectures have been introduced and employed to obtain as many CRPs as possible with a limited array size. To construct a practical and secure PUF, methods have been proposed to evaluate PUF performance using performance metrics such as randomness, diffuseness, uniqueness, and steadiness which are defined as follows [41]: • Randomness : Randomness indicates the frequency of 0 and 1 in the responses of a PUF instance. An ideal PUF should have these frequencies in balance; the ideal value of randomness as 1. • Diffuseness : Diffuseness indicates the probability of identical responses from different challenges applied to the same PUF instance. Diffuseness can be calculated from the intra-Hamming distance (intra-HD) of all possible responses from a PUF instance. An ideal value of randomness is 1. • Uniqueness : Uniqueness is the degree of response difference from a same challenge applied to different PUF instances. Uniqueness can be calculated from the inter-Hamming distance (inter-HD) of responses from different PUF instances. The ideal value of uniqueness is 1. • Steadiness : Steadiness indicates whether the PUF operates stably enough to expect the same response over several challenges when subjected to environmental changes.

Bloom filter
A Bloom filter [42] represents the membership information of a set using a simple bit-vector based data structure. Bloom filters have recently been applied in many applications [43]- [46] and proposed in others [47]- [49]. A Bloom filter uses a hash function k on an m bit array that is initialized to 0 to store the elements n of a set into an array. The Bloom filter has two different operations: programming and querying. In programming, the Bloom filter sets the corresponding cell from 0 to 1 using the hash indices of the element n of the set obtained by the hash function k. Querying is performed to determine whether a given input is included in the set. The query results for a standard Bloom filter (SBF) are positive or negative. In querying, if all the cells corresponding to the hash indices are 1, then the Bloom filter produces a positive result which means that the given input is in the elements of the set. If at least one of the cells corresponding to the hash index is 0, the Bloom filter produces a negative result indicating that the input is not an element of the set. However, the Bloom filter can produce a false positive result even if the given input is not an element of the set but never produces a false negative result. The probability of false positives is as follows [50][51]: where p is the probability that a cell in the Bloom filter remains in state 0 after programming the Bloom filter as element n assuming that the hash function k is perfectly random.
The optimal number of hash functions k that minimizes the false positive probability is as follows: A counting Bloom filter (CBF) [52] stores multiple bits in one cell; the number of cells indicates the number of mapped elements. The CBF structure improves on the SBF disadvantage that its elements are impossible to delete. However, CBFs consume a massive amount of memory and can produce false negative results. The quaternary Bloom filter (QBF) [53] is a proposed structure that can eliminate false negative CBF results. A QBF has 2 bits per cell and allows the elements of a set to be inserted and deleted. When more than two elements are mapped to a cell, corresponding cell is represented with an X. In querying, if all mapped cells of a given input are X, the QBF result is indeterminable, so the given input cannot be identified as positive or negative. In deleting, if all cells mapped to an element are X, the element cannot be deleted.

Proposed Structure
PUFs are widely used to protect sensitive information in a data transmission environment. However, if attackers access a PUF in an untrusted environment, they will eventually obtain CRP information from the PUF. Our proposed architecture improves the security of a PWM-PUF by removing the PUF access of the attacker with Bloom filter querying. In this paper, we propose a structure to improve security between authentication servers and devices by applying two different types of Bloom filters to a PUF. The proposed structure applies the Bloom filter to a PWM-PUF. The PWM-PUF is based on a memristive PUF with its wide resistance variation under various pulses. The proposed structure reduces unnecessary CRP transmission between the device and the authentication server by applying a Bloom filter and avoids reuse by verifying the duplicates of the CRP. Figure  1 shows the proposed PUF database Bloom filter (PDBF) and challenge-response pair Bloom filter (CRPBF). The PDBF, located in front of the PWM-PUF, stores all the challenge information in the CRP table of the authentication server to prevent an challenge access of the attacker to the PWM-PUF. Also, the PDBF improves the security of PWM-PUF by removing the challenge information of the CRP used. The CPRBF behind the PWM-PUF stores all CRP information in the CRP table of the authentication server to prevent transmission of responses that do not exist in the authentication server.

PUF Database Bloom filter (PDBF)
The role of the PDBF is to store all the challenge information and challenge length held on the authentication server to improve the security of the PWM-PUF. The PDBF is the structure referred to in [49], [53], and [54] in which one cell stores 2 bits, and the false negative of the CBF is removed. Also, the cell positions are shifted from the hash indices by the challenge length. Figure 2 shows the PDBF programming procedure. As an example of the programming procedure, let S crp = {C 1 , C 2 , C 3 } represent a challenge in the authentication server. Assume that the challenge length is 4 bits and the number of hash indices k is 3. Program it in the cell positions shifted by 4 bits of challenge length from the hash indices. The hash indices of C 1 are 0, 5, and 13, and the challenge length is 4, so C 1 is programmed in the cell positions 4, 9, and 1 shifted by 4 as in Figure 2(a). If two challenges are mapped to cells 4 and 11 as in Figure 2(b), the cells are represented by 2. If more than two challenges are mapped as shown for cell 9 in Figure 2(b), the corresponding cell is represented by X.
The purpose of the querying the PDBF is to determine whether the input challenge exists in the authentication server. Figure 3 shows the PDBF querying procedure. If all of the cells contain 1, 2, or X, the result of PDBF is termed a positive. If any one of the cells contains 0, the result of PDBF is termed a negative. For example, in Figure 3(a), the challenge C 3 of input is queried. The hash indices of C 3 are 5, 7, and 9, and the challenge length of C 3 is 4, so C 3 is queried to the cell positions 9, 11, and (a) (b) Figure 2. Programming procedure for a PDBF 13 shifted by 4. Since the values of the corresponding cells are X, 2, and 1, it is termed positive and challenge C 3 is transmitted to the PWM-PUF. The PDBF querying for an attack challenge A is shown in Figure 3(b). Assuming the hash indices of A are 1, 6, and 9, and the challenge length of A is 3. A is queried to the cell positions 4, 9, and 12 shifted by 3. The value in cell 12 of the PDBF is 0, so the result is termed a negative. When the PDBF produces a negative result, the input challenge is dropped and is not transmitted to the PWM-PUF.  Figure 3. Querying procedure for a PDBF Another role of the PDBF is to avoid the reuse of CRPs. The PDBF deletes a used challenge and produces a negative result when the same challenge is presented again. The deletion procedure for the PDBF is performed after the response is transmitted to the authentication server as a positive result of CRPBF in Section 3.2 and the transmitted response is successfully authenticated. If the cell values are 1 and 2, they are reduced to 0 and 1, respectively. If the cell contains X, it is not deleted. For example, assume that CRPBF produces a positive result for challenge C 3 and transmitted response succeeds in authentication. The hash indices of C 3 are 5, 7, and 9, and the cell positions shifted by the challenge length are 9, 11, and 13. Since the values of cells 11 and 13 are 2 and 1, respectively, they are changed to 1 and 0. However, since the value of the cell 9 is X, it is not deleted. The PDBF procedure is shown in Algorithm 1.

Challenge -Response Pair Bloom filter (CRPBF)
The role of CRPBF is to verify if the output response from PWM-PUF exists in the authentication server; CRPBF is a Bloom filter that stores the CRPs contained in an authentication server. The hash index programmed into the CRPBF is obtained by concatenating the challenges and responses in the CRP table of authentication server. Figure 4 shows a CRPBF programming example. If a challenge C 1 is 1100 and its response R 1 is 110 in the authentication server, their concatenation is 1100110. The hash indices of 1100110 are 3, 6, and 8, and the corresponding cells of the CRPBF are set to 1.  Figure 5 shows a CRPBF query example. In querying the CRPBF, the hash indices are a concatenation of the input challenge and the output response from the PWM-PUF. In Figure 5(a), it is assumed that the output response R (110) obtained by the PWM-PUF from the challenge C 1 (1100) of input produces a positive result from the PDBF. The hash indices of 1100110, the concatenation of challenge C 1 (1100), and response R (110) are 3, 6, and 10. In Figure 5(a), since the corresponding cells of the CRPBF all contain 1, the CRPBF produces a positive result, and the output response R from PWM-PUF is transmitted to the authentication server for comparison with the CRP table. If any one of the cells contains 0, the CRPBF produces a negative result and the output response is dropped because the output response from the PWM-PUF does not exist in the authentication server. In another query example shown in Figure 5(b), it is assumed that the output response R a from an challenge A of attacker results in a false positive from the PDBF. The hash indices of CRP a are 1, 5, and 9. The values in the cells are 0, so the result is negative, and the output response is dropped and is not transmitted to the authentication server. The CRPBF procedure is shown in Algorithm 2.  Figure 1 illustrates the operating procedure of the proposed architecture. For example, the challenge C (1100) has hash indices of 0, 5, and 13, and a challenge length of 4, so the PDBF cell shifted by 4 is queried. Since all the values in the cell are not 0, the PDBF produces a positive result, and the corresponding challenge C (1100) is transmitted to the PWM-PUF, resulting in the output response R (110). To query the CRPBF, a hash index is obtained with the CRP (1100110), the concatenation of the input challenge C (1100) and the output response R (110) of the PWM-PUF. The hash indices of CRP (1100110) are 3, 6, and 10, each CPRBF cell accessed contains a 1, and the CPRBF produces a positive result. The output response R from the PWM-PUF is transmitted to the authentication server for comparison with its CRP table. When the server indicates successful authentication, since the CRP has been used, the challenge C of input is deleted in the PDBF. The hash indices of challenge C (1100) are 0, 5, and 13, and the challenge length is 4. In the PDBF, the cells shifted by 4 are 4, 9, and 1, and since the contents of cells 1 and 4 are not X, their values are each decreased by 1. However, since the value of cell 9 is X, it is not deleted. Algorithm 3 describes the operation procedure in detail. To summarize these operations, the security of the PWM-PUF is improved because the proposed structure transmits the challenge identified by the PDBF to the PWM-PUF and passes the PWM-PUF response to the CRPBF, transmitting only the response that exists in the authentication server. Besides, to prevent the reuse of CRPs, the challenge of an authenticated CRP is deleted from PDBF.

Data set analysis for simulation
In this paper, we utilized a data set obtained from a PWM-PUF circuit for simulation [29]. As shown in Figure 6(a), the PWM-PUF circuit consists of a 64 x 64 memristor crossbar array with row and column control blocks made up of multiplexers, random pulse generators, row and column decoder blocks, and voltage sense amplifiers. The line resistance is 1.2Ω and each memristor in the array follows the electrical characteristics of a Ta 2 O 5 device. The characteristics were modeled in [55] and coded in Verilog-A for HSPICE circuit simulation. The PWM-PUF applies a bank design in which several unit blocks are integrated to form a large structure and therefore can generate a multi-bit response in a single cycle. The PWM-PUF bank design is described in Figure 6(b).
The entire PUF is composed of N small PUF blocks. Each small block receives a corresponding challenge bit string and generates a response bit string. In the simulated circuit, a 64 x 64 array consists of 8 blocks of 8 x 64 cells. We maximized resistance variation by applying various pulses with varied pulse-widths and used this random variation as an entropy source. The pulse amplitude was set to 1.5V which is higher than the positive threshold voltage (1V). The read voltage was set to 0.75V which is lower than the threshold voltage. The entire challenge consisted of 30 bits with 6 bits used as row select bits and 24 bits used as column select bits, allowing one memristor cell to be selected in each block. Two bits of the state of selected cell are output as its response. A total of 8 blocks generates a 16-bit response. Therefore, the CRP dataset consisted of 30-bit challenge and 16-bit response pairs.
We evaluated the CRP dataset in terms of randomness, diffuseness, uniqueness, and steadiness. Mathematical expressions of these performance metrics are described in detail in [41].
• Randomness : We randomly applied 5500 different challenges and investigated 5500 sets of 16-bit length responses. The randomness of the PUF is 0.9828 (98.28%), which is slightly lower than the ideal value of 1. The probability for a 0 response is 50.6% and for a 1 is 49.4% as shown in Figure 7(a).
• Diffuseness : We randomly applied 5500 different challenges and investigated 5500 sets of 16-bit length responses. The diffuseness of the PUF is 0.9871, which is close to the ideal value of 1. The distribution of the intra-HD among the obtained responses is shown in Figure 7(b); it is mean is 49.29%.
• Uniqueness : The distribution of the number of different bits among the responses is shown in Figure 7(c) for 100 different PUF instances. The uniqueness of the PUF is 0.9507 which is close to the ideal value of 1. The mean of the inter-HD is 47.93%.
• Steadiness : To evaluate steadiness, we obtained 256-bit length responses at temperatures of 0°C, 25°C, 50°C, and 85°C and compared them to see if they were identical. A reference response was obtained at room temperature (25°C). The results are shown in Figure 7(d). The worst steadiness of the PUF is 0.9102 for a temperature of 85°C.

Performance evaluation
We evaluated the performance of proposed architecture by implementing its structure in C++ using the original CRPs obtained from the PWM-PUF. The hash function used for our proposed structure is a 64-bit cycle redundancy check (64-CRC). We assumed that the tables of authentication server held 2 9 , 2 10 , 2 11 , and 2 12 CRPs. Table 1 shows the PDBF, CRPBF, and total Bloom filter memory requirements when the sizing factor α of the Bloom filter is increased to 2, 4, and 8 in the proposed structure. The total memory requirement for the Bloom filter is M PDBF + M CRPBF . The memory requirement for the PDBF is equal to 2 · α · 2 log 2 n c where n c is the number of challenges in the authentication server. The memory requirement for the CRPBF is α · 2 log 2 n crp where n crp is the number of CRPs in the authentication server. Table 2 shows the simulation result for the input set which is the sum of the authentication challenges and attacker challenges. To evaluate the performance of the proposed structure, we created input challenge sets with three times the challenges of authentication servers. It is assumed that one-third of the input challenges are authentic challenges, and the remaining two-thirds are attacker challenges. If authentication succeeded, the challenge is deleted from the PDBF. In Table 2, the CRBPF false positives are equal to the number of data transmission errors in the proposed structure. When the sizing factor of the Bloom filter is increased to 4, the CRPBF false positives from all sets are reduced to zero. In other words, the proposed structure only transmitted data that existed on the authentication server. Table 3 shows the simulation results for an input set consisting only of attacker challenges. We created the input challenge sets with two times the challenges of authentication servers. In this simulation, since the challenge of the authentication server is not included in the input set, deletion of the PDBF did not occur. In the proposed structure, when the sizing factor of the Bloom filter is increased to 8, the CRPBF false positives of all sets are reduced to a range of 0 to 3. It means that the data transmission error rate is 0-0.098%. Figure 8 is the false positive probability of the proposed structure using the input from Table 3. Figure 8 can be compared with the false positive of theoretical analysis. The theoretical analysis is referenced to in [54]. If n c is the number of challenges in the authentication server, n crp is the number of CRPs in the authentication server, k is the number of hash functions, and m is the number of cells, and p pd is the probability that a particular cell is set at least once by n c elements in the PDBF, p pd is defined in Equation (3): If p crp represents the probability that a particular cell is set at least once by n crp elements in CRPBF, p crp is defined as in Equation (4): In querying, for the input y not included in the set S, false positives occur if the PDBF produces false positives from input y and the CRPBF also produces false positives from input y. Hence, the false positive probability P(F) is defined as follows:  Figure 8 shows that the data transmission error rate decreases for all data sets with increasing the sizing factor of the Bloom filter. Also, the simulation results for all data sets are close to the theoretical results. If a PUF is implemented without a Bloom filter, responses corresponding to all challenges by an attacker are transmitted, and CRP table information or the PUF model in the server may eventually be exposed. Figure 9 shows the delete performance of the PDBF of the proposed structure. To evaluate the deletion performance of the proposed structure, all CRPs from the authentication server are used once and then again used as inputs. The PDBF should produce negative results for reused CRPs. If the CRPBF produces a positive result, our proposed structure incurs a data transmission error. When the size factor of the Bloom filter is 8, most of the sets do not transmit the response to the server, confirming the successful removal of the reused CRP.
The proposed structure applies small Bloom filters to the PUF. The Bloom filters identify an attacker challenge and remove its access to the PUF. Also, the Bloom filters verify the response generated by the PUF and transmit only the data that exists in the authentication server. The performance of the proposed structure is confirmed by simulation.

Conclusions
In this paper, we propose a new hardware security architecture consisting of a memristor-based PUF and Bloom filters to improve security. In our proposed structure, two different types of Bloom filters are used, the PDBF and CRPBF, that store information about the challenge and response of the authentication server; the structure detects arbitrary challenge attacks and reduces error rates originating from the instability of the PUF. At the front of the configuration, the PDBF identifies whether an input challenge is valid by satisfying two conditions before applying it to PWM-PUF directly; one condition is that the challenge is to be included in the CRP table shared by the authentication server, and the other condition is that it should not have been previously used for authentication. When an input challenge turns out to be appropriate, the PWM-PUF generates the response corresponding to the input challenge. Next, the result from the PUF is checked by the CRPBF to prevent sending the wrong response to the authentication server. The proposed structure presents a practical solution to remove unnecessary access to PUF by the attack and prevent the reuse of a CRP and detect the wrong PUF response with the error. Moreover, because the data set used to verify the performance of Bloom filter is circuit simulated data from the PWM-PUF that we proposed in previous work, it is more reasonable and realistic than using arbitrary data from all the theoretical data possibilities. The simulation results of the proposed architecture with Bloom filter show that using a small memory, the possible access from attackers decreases, and the used CRPs are mostly deleted. Therefore, the PD-CRP Bloom filter structure proposed in this study can contribute to improving the performance of a hardware-based security system.