Hardware-based Device Identification for Systems with Commercially Off-the-shelf Components
Abstract
The Identity of an electronic device is a fundamental property, that bootstraps several applications such as authentication and traceability. For the purpose of device identification, conventional methods generate a unique number using techniques such as the chip’s wafer-ID and the XY location, or through a random number generator. More recently, Physically unclonable functions (PUFs) are emerging as an alternative to the conventional methods. PUFs exploit the inherent variations in the device characteristics occurring due to tolerances in the manufacturing processes.
Our work has focussed on developing PUF-based identification methodologies for systems with Commercially-off-the-shelf (COTS) components. The inherent tolerances in the parameters available in these components have been exploited and mapped to perform their identification. The benefits of our mechanism are: (a) No custom PUF circuits have been used, (b) No requirement for manual hardware reconfiguration and power-cycling, (c) identification has
been performed in real-time using simple software Application Programming Interfaces (APIs).
In our first work, we have constructed an identifier that we call IoT-ID. This identifier is based on the variations in clock oscillators and Analog to digital converters (ADCs) that are commonly present in SoCs. We have demonstrated that IoT-ID is repeatable and unique. We have also shown the scalability of our approach through numerical simulations.
In our second work, we have developed an Acoustic PUF that combines the Uniqueness signature of a device with its Position signature. The Uniqueness signature has exploited the clock tolerances in the devices, making the signature unclonable. The Position signature has been derived using Acoustic fingerprinting, giving a sticky identity to the device. Our evaluation has demonstrated the Uniqueness and Repeatability and further shows the use of temperature coefficients for device identification.
In our third work, we have constructed a digital identifier by exploiting the inter-channel variance in errors for a multi-channel simultaneous sampling sigma-delta ADC. Such a device is common in power instrumentation such as Intelligent Electronic Devices (IEDs), and thus our methodology can be used to determine their identity. The suggested approach for identifier generation is resilient by construction, and is thus minimally impacted due to external factors such as voltage and temperature variations. We have also evaluated the randomness of the identifier to explore its suitability as a random key.
General purpose input outputs (GPIOs) are the most common interfaces present in almost all microcontrollers, including low-end systems. By performing identification based on GPIOs in our fourth work, we have demonstrated the generic nature of our approach and its adaptability to a wide variety of microcontrollers. Since a large number of GPIOs are used for the construction of GPIO PUF, in this work, we have evaluated the redundancy among different components and presented a step-by-step method to identify the significant contributors.
Different devices may map to the same identifier, causing a ‘collision.’ Our final work presents a framework that computes the collision probabilities based on inter-device and intradevice variations. In particular, we have derived the probability of none of the devices in collision and upper bound on the probability of there being L distinguishable devices. We have also computed the expectation of number of collision-free devices. The framework can be utilized to tune PUF attributes and compare various PUF implementations.
Our research has established the feasibility of PUF-based device identification for systems with COTS components, paving the way for its wider adoption in deployments.