Enhancing the SRAM PUF with an XOR Gate

Featured Application

Protection and encryption of digital files using hardware fingerprinting. Using an XOR Gate, two Static Random-Access Memory (SRAM) PUFs’ challenge–response pairs (CRPs) can be combined into a single larger SRAM PUF.

Abstract

This study focuses on designing enhanced Physically Unclonable Functions (PUFs) based on SRAM devices and improving the security of cryptographic systems. Most SRAM PUFs are limited in their number of CRPs, which makes them vulnerable to enrollment attacks. In this research, we present an SRAM-based PUF design that greatly increases the number of CRPs and the entropy of the generated bits by performing exclusive-or (XOR) on the responses of two SRAM devices. This was implemented using a readily available development board, SRAM devices, and a user-friendly custom circuit board for cryptographic key generation. The cryptographic protocol was implemented using both C++ and python3. The proposed SRAM PUF design was experimentally demonstrated and showed substantial improvements in the security of various cryptographic applications as a hardware authentication device. It also addresses the specific vulnerabilities of legacy designs.

1. Introduction

In modern cryptography, a combination of asymmetric and symmetric encryption protocols, such as Advanced Encryption Standards (AES) and Rivest–Shamir–Adleman (RSA), are commonly used to secure digital communications or hardware authentication devices. Although effective for many applications, these methods have inherent vulnerabilities, such as the need to store private keys in non-volatile memory, which can be non-invasively stolen [1,2]. The security of such systems can be enhanced by using Physically Unclonable Functions (PUFs), which can generate keys for both symmetrical and asymmetrical encryption, thereby eliminating the need to store private keys. The approach offers multiple options, such as key generation on demand, one-time keys, multi-factor authentications, or random number generation.

PUFs leverage the inherent randomness of the manufacturing process to create unique digital ‘fingerprints’ that behave as a one-way function, mapping challenges to responses. These ‘fingerprints’ are stochastic and can be used to generate cryptographic keys or random numbers. PUFs are relatively simple to use and consume little power, making them highly desirable in cryptographic applications.

Among the various PUF technologies, a Static Random-Access Memory (SRAM) PUF is the most prevalent, as electronic devices worldwide already ship with SRAM chips. SRAM is mass-produced, which indicates an existing supply chain and affordable manufacturing costs. Several benefits exist when using SRAM to create a PUF, including simplicity, energy efficiency, and ubiquity. The downside is that SRAM PUFs suffer from a limited number of challenge–response pairs with large bit-error rates [3], vulnerability to cloning [4], and aging problems [5,6].

This study presents a new design for an SRAM PUF that addresses some of the challenges currently faced by SRAM PUF designs. The proposed design incorporates two SRAM devices to enhance the entropy and number of CRPs while retaining the ability to generate reliable bits. To evaluate the effectiveness of this design, we collect several critical PUF metrics, such as inter-chip distance, bit-error rate (BER), latency, and entropy. The data gathered from these metrics provide insights into the reliability and security of the proposed design.

The first section of this paper goes over the background of SRAM and PUFs. It discusses the techniques used to create an SRAM PUF, along with our contributions to the field using the XOR SRAM PUF. The following section will discuss the devices used, along with the actual design of the XOR SRAM PUF and how key generation was performed. Afterward, the characterization section will discuss the benchmarks used to compare the XOR SRAM PUF and how it retains the desirable properties of the SRAM PUF while improving several other aspects. Finally, potential future work will be considered to improve the design further to be more applicable to the current SRAM PUF usage.

2. Background

2.1. SRAM Technology

SRAM is a type of volatile random-access memory that employs latching circuitry to retain information as long as it is powered. A typical CMOS SRAM cell comprises four to six transistors arranged in a specific configuration that forms a flip-flop circuit. The transistors are typically divided into two cross-coupled inverters. The cross-coupled inverters store and amplify the bit of data stored in the SRAM cell, as shown in Figure 1 [7]. When an SRAM cell is powered on, it will wake in an initial state, ‘0’ or ‘1’. The threshold voltage of the cross-coupled transistors determines the initial state of an SRAM cell. Due to small variations during the manufacturing process and asymmetries in the coupled transistors, the exact threshold voltage per device follows a random distribution. As a result, ideal SRAM cells should have an even random split of ‘0’s and ‘1’s when initially powered on, as both inverters have exactly the same threshold voltage.

However, most SRAM cells have substantial threshold differences, leading to a heavily skewed initial state of a strong ‘0’ or ‘1’. Conversely, a low threshold difference leaves a state susceptible to noise, where its initial state can be either a ‘0’ or ‘1’, as illustrated in Figure 2. When the objective is the design of PUFs, SRAM cells that exhibit small differences in threshold voltage are often referred to as flaky or fuzzy. These cells switch easily between the two states on start-up, leading to unpredictable behavior. In addition to the threshold voltage differences, there can be many other small parameters resulting from the fabrication process that can cause the cells to assume a strong ‘0’ or ‘1’ state or exhibit flaky behavior, making each device unique and unclonable.

2.2. Physically Unclonable Functions

A PUF operates as a ’black box’ by mapping inputs (challenges) to outputs (responses) using its inherent randomness derived from the manufacturing process. By mapping every challenge and response to expected CRPs, an enrollment of the PUF can be created for future challenges against the PUF.

Current forms of information security require hardware authentication devices for high-security situations. Current commercial forms of the technology require storing an internal secret that is used to generate a key for the user [8]. Using side-channel attacks, these internal secrets can be leaked without compromising the device. In contrast to this, the PUF generates private keys from measurements of the SRAM rather than storage on the device. This measurement results in PUFs being more resilient to side-channel attacks than devices that operate on a single hidden key. Due to their resilience, PUFs can provide a portable second factor of authentication with a massive possible CRP space compared to many public alternatives.

While the term ’PUF’ was not formally introduced until 2002 by Gassend et al. in [9], using a device’s physical characteristics for security purposes traces back to Simmons’s work in 1984 [10]. Since their introduction, various types of PUFs have been proposed. Gate-delay PUFs were among the first types of PUFs proposed [11,12,13]. These PUFs exploited the manufacturing variability of digital gates to generate their responses. Afterward, memory PUFs were proposed; these PUFs exploited the manufacturing variability of various memory technologies to generate their responses. Among them were SRAM [3,7,14], resistive random-access memory (ReRAM) [15,16,17], and magnetoresistive random-access memory (MRAM) [18,19].

The quality of PUFs is based on certain metrics, such as inter-chip distance (uniqueness), BER (reliability), and entropy (randomness):

• The inter-chip Hamming Distance ($H{D}_{inter}$) is a metric used to measure the uniqueness of PUFs. $H{D}_{inter}$ is the Hamming Distance between the responses generated by two different PUF configurations when presented with the same challenge, divided by the total number of responses. In an ideal scenario, this value should be 0.50, indicating that the two PUF configurations produce completely distinct and different responses.
• The reliability of a PUF can be quantified by measuring its bit-error rate (s) and intra-chip distance. The BER is calculated as the rate of discrepancies between the bits generated by the PUF and those generated from the enrollment database. The intra-chip distance, on the other hand, is calculated by generating two sets of responses on the same PUF, using the same challenges, and then calculating the rate of discrepancies between them.
• Entropy measures the uncertainty or randomness in a sequence. It is a function of input strings and the likelihood of seeing each one. For PUFs, it represents a generalized and unconditional upper bound on the average predictability of an unobserved response [20].

Ideally, a PUF should have an inter-chip distance value of 0.50, a BER or intra-chip distance of 0, and an entropy value of 1 [20]. In reality, no PUF can achieve ideal characteristics due to being physical devices. Therefore, all PUF designs should strive to get as close to the ideal values as possible.

2.3. SRAM PUFs

Guajardo et al. (2007) [3] and Holcomb et al. (2007) [7] were the first to introduce SRAM PUFs. These initial works used the inherent randomness present in the initial state of SRAM cells to generate random bits, which can be used in applications such as true random number generation and key generation [21]. The authors of these works used stable cells for authentication protocols and flaky cells for true random number generation protocols.

Further analysis of SRAM PUFs was carried out in subsequent studies, such as those conducted by Böhm et al. and Wilde et al. [22,23]. Their research involved characterizing SRAM PUFs on microcontrollers and FPGAs, where the intra-distance, inter-distance, and entropy of the SRAM PUFs were quantified.

The aging effect can be used against an SRAM PUF [24]. However, Garg et al. introduced a technique that leverages the aging effect to enhance uniformity and reduce its impact [25]. This approach allows for the modification of responses generated by the SRAM. Similarly, Baek et al. proposed a design for an SRAM PUF that allows the modification of an SRAM cell to produce customizable CRPs [26]. The summarized findings from these studies are presented in

Table 1. PUF metrics of previously implemented SRAM PUFs. n is the number of SRAM cells in the device. Work in [22,26] used fuzzy extractors, a mix of filtering fuzzy cells and error correction codes, to improve reliability.

PUF Metrics	Microcontroller SRAM PUF [22]	FPGA SRAM PUF [23]	Reconfigurable SRAM PUF [26]
Number of CRPs	n	n	n
BER or $H{D}_{intra}$ 1	$6.85\times {10}^{-7}$ *	0.02712	0.009
$H{D}_{inter}$	0.4954	0.4806	0.499
Entropy H(X)	0.9974	0.9979	N/A

¹ Includes both fuzzy extractor and non-fuzzy extractor metrics. * BER at 0.12 when not using fuzzy extractors.

.

Moreover, a review article recently published by Faour S. et al. examined the feasibility of an SRAM PUF, showing that it is still an exceptional memory PUF with enough randomness, reliability, and unpredictability to authenticate devices and generate random numbers on low-power devices [27].

2.4. Our Contributions

Despite their simplicity, ease of use, and high reliability, SRAM PUFs suffer a major drawback due to a limited number of available CRPs. The limited number of linearly scaled CRPs renders them relatively weak PUFs [4,28], as they scale linearly. As a result, they are susceptible to several forms of invasive and non-invasive attacks [29,30]. Even though SRAM PUFs are considered weak, they are still being adopted to secure Internet of Things (IoT) devices because they are incredibly simple and easy to implement [31].

This work proposes a novel method for expanding the number of CRPs available for an SRAM PUF while maintaining a high level of reliability without complicating the simplicity of the SRAM design, thanks to using a single XOR gate. While this design does not counter every method of attack, it makes it more difficult to extract the CRPs through non-invasive measures. Moreover, this design was implemented on low-power client devices using physical SRAM devices.

3. Materials and Methods

3.1. Design

The SRAM PUF design incorporates two separate SRAM devices and a Boolean XOR gate. In this design, each SRAM device generates its response, and these responses are combined using the XOR gate to generate a single bit. This approach substantially increases the number of available CRPs from the original count of $2n$ (representing the number of SRAM cells in each device) to $n^2$. Consequently, this significant increase in the number of CRPs greatly enhances the entropy of the PUF. The SRAM XOR gate was added through software. The responses of both SRAMs are read and then XORed through software to generate the final response. The SRAM PUF XOR design is visually represented in Figure 3.

3.2. Hardware

In our implementation, we utilized ISSI IS64WV6416BLL SRAM chips as the SRAM devices (Integrated Silicon Solution Inc., Milpitas, CA, USA). These chips feature $2^{16}$ words of high-speed CMOS SRAM (Alliance Memory, Kirkland, WA, USA) and operate at 3.3 V logic, with access times as low as 12 ns. They exhibit low power consumption and are available in 44-pin packages. To interface with these devices, we designed custom PCB socket adapters that allow for the easy interchange of different SRAM chips. These SRAM chips were chosen for their ease of interfacing, widespread adoption, and availability, making them suitable for integration into any PUF design. A figure of these devices and adapters can be found in Figure 4.

We implemented the SRAM XOR PUF on a low-power client using a custom-printed circuit board (PCB). The client device we used was the Nucleo-144 H743ZI2 developer kit (STMicroelectronics, Geneva, Switzerland). We used the custom PCB to interface with the SRAM devices, and the PCB included an integrated circuit switch for power cycling the device. A figure of the client device, custom PCB, and SRAM can be found in Figure 5.

4. Results

To perform an electrical characterization of the SRAM XOR design, we examined the behavior of the SRAM devices and SRAM cells, specifically focusing on their responses after each power cycle. We also focused on measuring the key properties that define a PUF, namely, reliability, uniqueness, and randomness. These properties were evaluated using specific metrics: BER for reliability, inter-chip Hamming Distance for uniqueness, and entropy for randomness. By calculating these metrics, we gained quantitative insights into the performance and security aspects of the SRAM XOR design.

In addition, we conducted the tests across various temperature ranges: 0 °C, 23 °C, and 80 °C. To perform temperature testing, we employed the Associated Environmental Systems SD-501 temperature chamber. This chamber offers a broad temperature range, from −37 °C to 180 °C, allowing us to create diverse temperature conditions. To ensure an accurate assessment of the SRAM devices and eliminate any potential influence from external measurement circuitry, we used General-Purpose Input/Output (GPIO) pin jumper cables during the temperature tests. These measures helped isolate the impact of temperature on the devices under evaluation. A picture of the SRAM devices and jumper cables is found in Figure 6.

4.1. Enrollment

The enrollment process is performed before generating CRPs from the PUF, where every possible CRP is generated and recorded in a database. It is a critical step, as the database is used to authenticate the responses of the physical PUF and locate the stable cells. For SRAM, the process involves reading out the entire contents of the SRAM device and power cycling the device. For a full enrollment and the achievement of a low BER, this process needs to happen approximately 1000 times.

4.1.1. Discharge Timings

One of the challenges encountered when implementing the SRAM PUF is the discharge time of the SRAM. This timing has implications for the enrollment process of SRAM, as it can influence the determination of stable and flaky cells. For instance, if a cell is initially read as a ‘1’ and then flips to a ‘0’ when read consecutively, there is a possibility of erroneously reading it as a ‘1’ before the cell fully discharges to ‘0’. To address this issue, it is necessary to introduce an adequate time gap between power cycles, allowing the energy from previous reads to dissipate and ensuring more accurate readings.

To investigate the impact of discharge on our SRAM devices, we enrolled the same devices using different power cycle times at various testing temperatures. We quantified the discharge time by analyzing the number of stable and flaky cells during each enrollment. It was expected that a shorter time interval between power cycles would result in less discharge time for each cell and for less flaky cells to be detected. The outcomes of these tests are presented in Figure 7.

Upon analyzing Figure 7, we identified a significant pattern concerning SRAM enrollments, the time interval between power cycles, and different temperatures. At each temperature, we observed a sharp increase in the number of stable cells as the time between power cycles increased, reaching a specific threshold point that varies with each temperature. Beyond this threshold point, the number of detected flaky cells marginally decreased.

Enrollments conducted with almost zero seconds between power cycles demonstrated nearly no cell discharge, reducing the number of flaky cells detected. This phenomenon can be attributed to the charges trapped within each cell, where the cells retain information from previous reads, making them less likely to change. As the charges trapped within the cell are assumed to diminish over time, it can be inferred that the number of flaky cells increases as the charge from previous reads dissipates. The objective is to use only stable cells in key generation, which implies that enrollments with a higher number of flaky cells detected will produce low-error-rate keys.

Observations of flaky cells at various temperatures provided valuable insights into the discharge timings of the ISSI SRAM chip. At a temperature of 0 °C, the number of flaky cells peaked after 21 s. At 23 °C, the peak occurred between 2 and 3 s, while at 80 °C, it was observed after just 1 s. These findings indicate that the dispersion of the cell charge takes longer at lower temperatures.

To accommodate these temperature-dependent characteristics, the enrollment process will be adapted to utilize different power cycle times. Specifically, at 0 °C, the power cycle time for enrollment will be set to 21 s. At 23 °C, it will be 3 s, and at 80 °C, it will be 1 s. By adjusting the power cycle times according to the temperature, the enrollment process can effectively address the discharge times and ensure reliable and accurate results.

4.1.2. Read Count

During the enrollment process, multiple measurements are taken to determine the stability of each cell. Stable cells are consistently represented by either ‘0’ or ‘1’, indicating that they contain either exclusively ‘0’s or ‘1’s over the 1000 read collection.

A crucial factor in BER and enrollment is the number of reads conducted. A read refers to a single measurement of each SRAM cell. Increasing the number of reads during enrollment lowers the chance of selecting a flaky cell in a final key, lowering the key’s BER. However, each additional read gives diminishing returns and does not provide significant benefits concerning the time required for enrollment.

By increasing the number of reads, the likelihood of identifying a cell as flaky increases, resulting in a reduction in the number of stable cells available. To assess the impact of the read count, we conducted enrollments with progressively higher read counts. These enrollments were then used to generate a key, and the corresponding BER was measured. The results of this analysis are presented in Figure 8.

At a read count of 1000, the BER decreased to less than 1%. Given that error-correcting techniques such as error-correcting codes [32] and Response-Based Cryptography (RBC) [33] are capable of correcting such a low percentage of errors, a read count of 1000 was chosen for this research.

4.1.3. Quantifying Flakiness

The term ‘flaky’ is used to describe cells that do not exhibit exclusively a ‘0’ or ‘1’ state during the enrollment process. However, relying solely on this categorization does not provide an accurate measure of their flakiness. To quantify the flakiness of an SRAM device, we calculate the expected value for each cell. An expected value of 0 represents the most stable state, while an expected value of 0.50 represents the highest level of flakiness. This approach allows us to obtain a more comprehensive understanding of the flakiness of the SRAM device.

4.2. SRAM Device Characteristics

After enrolling ten SRAM devices, we examined their properties, particularly their flakiness and likelihood to represent either a ‘0’ or a ‘1’. To illustrate the characteristics of SRAM cells, we categorized all cells, regardless of their flakiness or stability, into five groups: strong/weak ‘1’s, strong/weak ’0’s, and super-flaky cells. Strong ’1’s are SRAM cells that exhibit a higher likelihood of being a ‘1’ when queried, only appearing as ‘1’ during enrollment. Strong ’0’s, on the other hand, are more inclined to represent a ‘0’ when queried and during enrollment, never appearing as a ‘1’. Super-flaky cells do not prefer either state and have an equal chance of being a ‘0’ or a ‘1’, indicated by showing up in the 4% range centered around the median count. Lastly, a cell is a weak ‘0’ or ‘1’ if it is not categorized into the other three categories and falls into its respective biasing. This categorization scheme helps visualize and differentiate the behavior and tendencies of SRAM cells.

In this study, we analyzed ten SRAM devices at each temperature and recorded their device characteristics in

Table 2. SRAM cell population number of occurring ones over 1000 reads at 3 different temperatures. Characteristics include noise from the SRAM devices and the additional circuitry to access the cell and, as a result, are not characteristic of the devices themselves.

1’s Count	0 °C	23 °C	80 °C
0	37.015%	35.490%	34.164%
1–480	11.553%	13.027%	14.985%
481–520	0.405%	0.457%	0.530%
521–999	12.551%	14.194%	16.159%
1000	38.476%	36.832%	34.162%

. Based on the information provided in the table, it can be inferred that the devices display a slight preference for one state over the other, reducing their overall entropy. According to the classifications used in this study, approximately one-third of the SRAM cells are categorized as ‘flaky’. Moreover, it is observed that the number of flaky cells tends to increase as the temperature rises.

4.2.1. Temperature Effects

Temperature testing is essential for the comprehensive electrical characterization of SRAMs. Given that temperature variations can significantly affect the performance and reliability of electronic devices, it is crucial to evaluate the behavior of PUFs under varying thermal conditions.

To assess the robustness and reliability of the SRAM devices, we conducted thorough tests and characterizations at three distinct temperatures: 0 °C, 23 °C, and 80 °C. To isolate the impact of temperature on the SRAM devices and minimize the influence of external measurement circuitry, we employed flat flex cables and adapters during the temperature tests. This approach enabled us to focus solely on the thermal effects on the SRAM, providing a clear understanding of its isolated thermal behavior.

We utilized the Associated Environmental Systems SD-501 temperature chamber to create a wide range of temperature conditions, spanning from −37 °C to 180 °C. By examining the behavior of the PUFs across this temperature range, we aimed to gain insights into the effects of temperature variations on their reliability. This knowledge will facilitate informed decisions.

The temperature significantly affects the classification of SRAM cells, determining whether they are classified as strong/weak ‘1’s, ‘0’s, or ‘flaky’. On average, there was a 10.09% difference in SRAM cell classification between enrollments conducted at 0 °C and enrollments conducted at 23 °C. Similarly, the difference in classification between enrollments conducted at 23 °C and enrollments conducted at 80 °C was 18.66%. Notably, the difference in classification between enrollments conducted at 0 °C and enrollments conducted at 80 °C was 34.10%. However, even stable cells exhibited a relatively small but still significant change in cell type (strong ‘0’, ‘1’, or super-flaky). On average, there was a 0.26% difference in SRAM cell type between enrollments conducted at 0 °C and enrollments conducted at 23 °C. Similarly, the difference in cell type between enrollments conducted at 23 °C and enrollments conducted at 80 °C was 2.91%. Notably, the difference between enrollments conducted at 0 °C and enrollments conducted at 80 °C was 13.52%. These results correlate with increased thermal noise, affecting the stability of each cell.

A heatmap illustrating the change between temperatures in a subsection of an SRAM device’s enrollment can be seen in Figure 9.

4.2.2. Patterns

In an SRAM device, even if the responses have an equal number of ‘1’s and ‘0’s, there may still be unexpected patterns present in the SRAM cells that can impact the security and randomness of the PUF. The SRAM chips used in this study, specifically the ISSI IS64WV6416BLL SRAM chips, are organized into 65,536 words, each containing 16 bits. To ensure the absence of repeating patterns, a heatmap was generated to visualize the state of each SRAM cell for each SRAM device.

Upon examining the heatmaps, patterns can be seen occurring with temperature; as such, each SRAM needs to be independently verified to avoid any temperature-dependent patterns. A heatmap of several SRAM chips can be seen in Figure 10. A likely cause of the vertical striations is internal cell read-out circuity that causes biasing at different temperatures.

4.2.3. Uniformity

Ensuring consistency in a PUF involves generating responses with an equal distribution of ‘1’s and ‘0’s. However, there is no dedicated universal function specifically designed to assess uniformity in a PUF. Instead, uniformity serves as a general metric that describes the ratio of ‘1’s to ‘0’s in the PUF system’s responses. Although individual SRAM devices may exhibit a slight preference toward ‘1’s in their responses, the overall responses from the entire system can vary.

In the case of a binary PUF, an ideal occurrence of ‘1’s would be 50%. To evaluate and quantify the level of uniformity, a key comprising one million bits was generated at different temperatures, with flaky bits being filtered out. The percentage of ‘1’s in the generated key was then calculated. At each temperature, the percentage of ‘1’s ranged from 49.85% to 50.00%, indicating that the responses’ uniformity is very close to the ideal target. However, there is a slight bias toward ‘0’s, which leads to a reduction in the entropy of the responses.

4.3. PUF Metrics

To assess the randomness, uniqueness, and reliability of the PUF design, we calculated three key metrics: entropy, inter-chip distance, and BER. These metrics were used as quantitative measures to evaluate the performance and characteristics of the PUF design.

4.3.1. Entropy

To assess the entropy of our PUF design, we employed the Shannon entropy formula, which can be referenced as Equation (1) as is used in [34]. This formula allows us to quantify the correlation among the bits in the responses obtained from our PUF design. In the given equation, the variable $P\left(x\right)$ represents the probability of a random variable X having the value x. The logarithm, typically taken to the base-2 $\left({log}_2\right)$, is used to quantify entropy in terms of bits.

The Shannon entropy has a minimum value of zero, indicating that the input lacks randomness or variability, while its maximum value is ${log}_2\left(n\right)$, where n represents the number of possible inputs. In this case, since the input is a binary sequence (with two possible inputs, 0 and 1), n equals 2, and thus, the upper bound of the entropy per bit is 1. This signifies that the input demonstrates maximum randomness or unpredictability.

$$H\left(X\right)=-\sum _{i=1}^n{p}_i{log}_2\left(p_i\right)$$

(1)

The client device generated 1000 keys consisting of 500 bits at different temperatures. Subsequently, the entropy of each key was determined and averaged together. Specifically, at temperatures of 0 °C, 23 °C, and 80 °C, the entropy was found to be 0.9999 per bit.

These results indicate that the entropy remains consistently high across different temperatures. Therefore, the temperature variations have minimal influence on the entropy.

4.3.2. Uniqueness

To assess the uniqueness of the PUF, the $H{D}_{inter}$ (see Section 2.2) was calculated using five different configurations of the SRAM XOR PUF. Both filtered and unfiltered CRPs were used to compute the $H{D}_{inter}$ for each of the five configurations. The final $H{D}_{inter}$ value was obtained by averaging the results. Filtered CRPs were obtained by excluding flaky cells, while unfiltered CRPs included all cells. The testing was conducted at various temperatures, and the results are shown in

Table 3. The average $H{D}_{inter}$ over 5 different SRAM XOR PUF pairings. With very little variation with temperature and filtering, the $H{D}_{inter}$ is not heavily affected by temperature or filtering.

${\mathit{HD}}_{\mathit{inter}}$	0 °C	23 °C	80 °C
Filtered	0.4966	0.4987	0.4971
Unfiltered	0.4982	0.4980	0.4986

.

These findings demonstrate the impressive uniqueness metrics of the SRAM PUF design and devices. The $H{D}_{inter}$ values are consistently close to the ideal value of 50%, indicating high uniqueness. Importantly, these metrics remain consistent and are not significantly affected by temperature variations or filtering.

4.3.3. Bit-Error Rate

The BER is a metric used to assess the reliability of a PUF. It involves generating a sequence of responses on the client device by applying a set of challenges and comparing it to the one generated on the server side using the same set of challenges. The server utilizes enrollment data to generate responses, while the client generates real-time responses using the PUF. The BER is determined by calculating the number of discrepancies between the two response sequences and dividing it by the size of the response sequence.

In essence, the BER is analogous to the intra-chip Hamming Distance ($H{D}_{intra}$) in that they both measure the reliability of a PUF. The BER compares the response of a PUF to the response generated from the enrollment data. However, the $H{D}_{intra}$ describes the average expected difference between two PUF responses obtained using the same PUF and the same challenge.

To evaluate the BER of the proposed design, enrollments were conducted at three different temperatures: 0 °C, 23 °C, and 80 °C. The SRAM XOR PUF was subsequently tested at each temperature using the enrollments obtained at all three temperature settings.

In each test, a key consisting of one million bits was generated by utilizing the physical SRAM devices on the client side and the enrollment information on the server side. To assess the quality of the generated keys, the Hamming Distance between the two keys was calculated. This distance measurement was then divided by the total size of the key to determine the BER. The results of the BER tests can be found in

Table 4. The BER of a 1-million-bit-long key at different temperatures when using enrollments taken at varying temperatures. Each key used for BER measurement was 1 million bits long.

BER	0 °C	23 °C	80 °C
0 °C Enrollments	0.0037	0.0079	0.1043
23 °C Enrollments	0.0043	0.0025	0.0430
80 °C Enrollments	0.0753	0.0325	0.0020

.

The BER results show low error when using the appropriate enrollment, maintaining a BER below 1% when using the ideal enrollments. The BER does get worse when non-matching enrollments are used, reaching as high as 10%.

5. Discussion

This research presents a novel SRAM-based PUF design that addresses several limitations of previous designs while maintaining the simplicity and accessibility of SRAM devices. The proposed PUF utilizes two SRAM devices in conjunction with an XOR gate. To evaluate its performance, ten ISSI IS64WV6416BLL SRAM chips were tested at three different temperatures: 0 °C, 23 °C, and 80 °C. To ensure accurate measurements, GPIO jumper cables were employed to isolate the SRAM devices from external circuitry and mitigate any thermal influences.

A notable limitation of this study is the small sample size of SRAM devices tested. With only ten SRAM devices included, the sample size may not provide sufficient statistical significance for the results. Future research should involve a larger number of SRAM devices to enhance the robustness of the findings.

The PUF was evaluated based on three metrics: bit-error rate (BER), inter-bit Hamming Distance ($H{D}_{inter}$), and entropy. The results demonstrated impressive BER performance, with an average BER of 0.2% at the temperature at which it was initially enrolled. However, the average BER increased to approximately 10% where the temperature was furthest from the temperature during enrollment. The increase in BER likely comes from cells that become flaky at different temperatures. When the wrong temperature enrollment is used, some flaky cells may not be detected and may therefore be masked. If temperature is not properly accounted for, the BER is still low enough to allow for correction by ECC or RBC. However, at more extreme values of enrollment and challenge, the BER may become large enough to cause false rejections during authentication, rejecting a valid user. This downside can be mitigated by using multi-temperature enrollment, where a flaky cell at any temperature is masked away during selection. On top of a low BER, the design exhibited a high $H{D}_{inter}$ value of 0.4966 and a substantial entropy of 0.9982.

Compared to previous SRAM PUF implementations, the SRAM XOR PUF showed superior performance. While the Microcontroller SRAM PUF achieved a lower BER, the SRAM XOR PUF performed equally or even better in other metrics. A detailed comparison of the PUF metrics between the SRAM XOR design and previous designs can be found in

Table 5. PUF metrics of previously implemented SRAM PUFs compared to the new design. The term n denotes the number of SRAM cells on the device. Moreover, work in [22,26] used fuzzy extractors, a mix of filtering fuzzy cells and error correction code, to improve reliability. The SRAM XOR PUF used fuzzy extractors by just filtering out fuzzy cells.

PUF Metrics	SRAM XOR PUF	Microcontroller SRAM PUF [22]	FPGA SRAM PUF [23]	Reconfigurable SRAM PUF [26]
Number of CRPs	$n^2$	n	n	n
BER or $H{D}_{intra}$ 1	0.0020	$6.85\times {10}^{-7}$ *	0.0271	0.009
$H{D}_{inter}$	0.4966	0.4954	0.4806	0.499
Entropy H(X)	0.9999	0.9974	0.9979	N/A

¹ Includes both fuzzy extractor and non-fuzzy extractor metrics. * The BER at 0.12 when not using fuzzy extractors.

.

Moreover, the number of CRPs for our PUF was significantly higher than that for other PUFs. This increased number enhances security by making it more difficult for an attacker to reliably clone the PUF within a short time frame if they have limited-time access to the PUF’s challenges and responses. Additionally, a higher number of CRPs provides improved protection against eavesdropping attacks, in which an attacker may attempt to exploit previously known CRPs to reconstruct parts of the authentication key [4]. However, the increase in CRPs comes at the cost of response reliability, which is decreased by approximately 50%. This decline occurs because if just one of the SRAM bits is unreliable, it can render the entire response unreliable.

However, a notable drawback was observed in the SRAM devices, specifically the non-uniform distribution of ‘1’s and patterns unique to individual SRAM devices. This device vulnerability poses a potential security risk to the overall PUF design. These observed patterns may stem from the manufacturing process, prolonged device usage, or influences from the measurement circuitry, such as the adapter, GPIO jumper cables, or testing equipment. Therefore, these factors could affect the practicality of using the SRAM device as a PUF in certain applications, as different circuits in the field may access the SRAM cells differently. However, due to two different die being XORed together, the patterning is greatly diminished with the interaction between the unique patterns in each SRAM. As a matter of precaution, SRAM pairs need to be validated to not have an existing pattern before being used as an SRAM XOR PUF.

Future Work

Further research is essential to investigate the effects of aging on this design and to develop potential mitigation strategies. Although our design enhances the uniqueness, randomness, and security of the SRAM PUF by employing multiple challenge–response pairs (CRPs), a critical challenge remains: the susceptibility of SRAM PUFs to aging. This phenomenon can significantly impact the stability and reproducibility of PUF outputs. Therefore, a comprehensive examination of the aging effects on this dual-SRAM architecture is necessary, as the integration of responses from two SRAM components may intensify the reliability issues typically associated with aging. Potential avenues for future research include employing accelerated aging methods [35,36] to assess their impact on the responses generated by our design.

Additionally, the inclusion of two SRAM components within the same architecture presents a drawback. A more effective design could involve utilizing a single SRAM that captures multiple samples per challenge. By XORing these samples together, a single-bit response can be generated that emulates the results of two SRAM reads followed by XORing, as demonstrated in this paper. While a sample size of two effectively represents the findings of this study, this approach can be scaled to accommodate any number of samples, provided that care is taken to avoid repeating challenge addresses, as repetition would negate their contribution in the XOR operation. Additionally, this design can be implemented entirely in software, facilitating an exponential increase in the potential challenges derived from the existing SRAM. Consequently, this method could enable any currently utilized SRAM PUF hardware to adapt to a framework similar to the XOR SRAM PUF, significantly enhancing the randomness and the number of possible CRPs generated.