Issue No.09 - September (2009 vol.58)
Daniel E. Holcomb , University of California Berkeley, Berkeley
Wayne P. Burleson , University of Massachusetts, Amherst
Kevin Fu , University of Massachusetts, Amherst
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2008.212
Intermittently powered applications create a need for low-cost security and privacy in potentially hostile environments, supported by primitives including identification and random number generation. Our measurements show that power-up of SRAM produces a physical fingerprint. We propose a system of Fingerprint Extraction and Random Numbers in SRAM (FERNS) that harvests static identity and randomness from existing volatile CMOS memory without requiring any dedicated circuitry. The identity results from manufacture-time physically random device threshold voltage mismatch, and the random numbers result from runtime physically random noise. We use experimental data from high-performance SRAM chips and the embedded SRAM of the WISP UHF RFID tag to validate the principles behind FERNS. For the SRAM chip, we demonstrate that 8-byte fingerprints can uniquely identify circuits among a population of 5,120 instances and extrapolate that 24-byte fingerprints would uniquely identify all instances ever produced. Using a smaller population, we demonstrate similar identifying ability from the embedded SRAM. In addition to identification, we show that SRAM fingerprints capture noise, enabling true random number generation. We demonstrate that a 512-byte SRAM fingerprint contains sufficient entropy to generate 128-bit true random numbers and that the generated numbers pass the NIST tests for runs, approximate entropy, and block frequency.
SRAM, chip ID, TRNG, RFID.
Daniel E. Holcomb, Wayne P. Burleson, Kevin Fu, "Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers", IEEE Transactions on Computers, vol.58, no. 9, pp. 1198-1210, September 2009, doi:10.1109/TC.2008.212