This Article 
 Bibliographic References 
 Add to: 
Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers
September 2009 (vol. 58 no. 9)
pp. 1198-1210
Daniel E. Holcomb, University of California Berkeley, Berkeley
Wayne P. Burleson, University of Massachusetts, Amherst
Kevin Fu, University of Massachusetts, Amherst
Intermittently powered applications create a need for low-cost security and privacy in potentially hostile environments, supported by primitives including identification and random number generation. Our measurements show that power-up of SRAM produces a physical fingerprint. We propose a system of Fingerprint Extraction and Random Numbers in SRAM (FERNS) that harvests static identity and randomness from existing volatile CMOS memory without requiring any dedicated circuitry. The identity results from manufacture-time physically random device threshold voltage mismatch, and the random numbers result from runtime physically random noise. We use experimental data from high-performance SRAM chips and the embedded SRAM of the WISP UHF RFID tag to validate the principles behind FERNS. For the SRAM chip, we demonstrate that 8-byte fingerprints can uniquely identify circuits among a population of 5,120 instances and extrapolate that 24-byte fingerprints would uniquely identify all instances ever produced. Using a smaller population, we demonstrate similar identifying ability from the embedded SRAM. In addition to identification, we show that SRAM fingerprints capture noise, enabling true random number generation. We demonstrate that a 512-byte SRAM fingerprint contains sufficient entropy to generate 128-bit true random numbers and that the generated numbers pass the NIST tests for runs, approximate entropy, and block frequency.

[1] I. Goldberg and D. Wagner, “Randomness and the Netscape Browser,” Dr. Dobbs J., pp. 66-70, 1996.
[2] T.S. Heydt-Benjamin, D.V. Bailey, K. Fu, A. Juels, and T. O'Hare, “Vulnerabilities in First-Generation RFID-Enabled Credit Cards,” Proc. 11th Int'l Conf. Financial Cryptography and Data Security (FC'07), RFID-CC-manuscript.pdf, Feb. 2007.
[3] D. Halperin, T.S. Heydt-Benjamin, B. Ransford, S.S. Clark, B. Defend, W. Morgan, K. Fu, T. Kohno, and W.H. Maisel, “Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses,” Proc. 29th Ann. IEEE Symp. Security and Privacy (S&P '08), May 2008.
[4] D.E. Holcomb, W.P. Burleson, and K. Fu, “Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags,” Proc. Conf. Radio Frequency Identification Security (RFID '07), July 2007.
[5] IS61LV25616AL—256K $\times$ 16 High Speed Asynchronous CMOS Static RAM with 3.3 V Supply, Integrated Silicon Solution, http://www., Feb. 2006.
[6] Altera's Development and Education Board, Altera, http://www. boardsunv-de2-board. html, 2007.
[7] J.R. Smith, A. Sample, P. Powledge, S. Roy, and A. Mamishev, “AWirelessly-Powered Platform for Sensing and Computation,” Proc. Eighth Int'l Conf. Ubiquitous Computing (UbiComp '06), pp.495-506, 2006.
[8] A.P. Sample, D.J. Yeager, P.S. Powledge, and J.R. Smith, “Design of a Passively-Powered, Programmable Platform for UHF RFID Systems,” Proc. IEEE Int'l Conf. Radio Frequency Identification (RFID '07), pp. 149-156, Mar. 2007.
[9] A.P. Sample, D.J. Yeager, P.S. Powledge, A.V. Mamishev, and J.R. Smith, “Design of an RFID-Based Battery-Free Programmable Sensing Platform,” IEEE Trans. Instrumentation and Measurement, vol. 57, no. 11, pp. 2608-2615, Nov. 2008.
[10] D.C. Ranasinghe, D. Lim, P.H. Cole, and S. Devadas, “White Paper: A Low Cost Solution to Authentication in Passive RFID Systems,” Technical Report WP-HARDWARE-029, Auto-ID Labs, The Univ. of Adelaide, Sept. 2006.
[11] MSP430x11x2 MSP430x12x2 Mixed Signal Microcontroller, Texas Instruments, pdf , Aug. 2004.
[12] Nonvolatile Semiconductor Memory Technology: A Comprehensive Guide to Understanding and Using NVSM Devices, W.D. Brown and J.E. Brewer, eds., Wiley-IEEE Press, 1997.
[13] P. Friedberg, W. Cheung, and C. Spanos, “Spatial Variability of Critical Dimensions,” Proc. VLSI/ULSI Multilevel Interconnection Conf. XXII, pp. 539-546, 2005.
[14] X. Tang, V.K. De, and J.D. Meindl, “Intrinsic MOSFET Parameter Fluctuations Due to Random Dopant Placement,” IEEE Trans. Very Large Scale Integration (VLSI) Systems, pp. 369-376, Dec. 1997.
[15] “Design,” Int'l Technology Roadmap for Semiconductors, ITRS, Update, 2006.
[16] K. Lofstrom, W. Daasch, and D. Taylor, “IC Identification Circuit Using Device Mismatch,” Proc. IEEE Int'l Solid-State Circuits Conf. (ISSCC '00), Digest of Technical Papers, pp. 372-373, 2000.
[17] Y. Su, J. Holleman, and B. Otis, “A 1.6 pJ/bit 96% Stable Chip ID Generating Circuit Using Process Variations,” Proc. IEEE Int'l Solid-State Circuits Conf. (ISSCC '07), Digest of Technical Papers, 2007.
[18] P. Layman, S. Chaudhry, J.G. Norman, and J.R. Thomson, Electronic Fingerprinting of Semiconductor Integrated Circuits, Patent6,738,294, Sept. 2002.
[19] R.S. Pappu, B. Recht, J. Taylor, and N. Gershenfeld, “Physical One-Way Functions,” Science, vol. 297, no. 6, pp. 2026-2030, , 2002.
[20] P. Tuyls, G.-J. Schrijen, B. Skoric, J. van Geloven, N. Verhaegh, and R. Wolters, “Read-Proof Hardware from Protective Coatings,” Proc. Eighth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '06), vol. 4249, pp. 369-383, Oct. 2006.
[21] G. DeJean and D. Kirovski, “RF-DNA: Radio-Frequency Certificates of Authenticity,” Proc. Ninth Int'l Workshop Cryptographic Hardware and Embedded Systems (CHES '07), pp. 346-363, 2007.
[22] B. Gassend, D. Clarke, M. van Dijk, and S. Devadas, “Silicon Physical Random Functions,” Proc. Ninth ACM Conf. Computer and Comm. Security (CCS '02), pp. 372-373, 2002.
[23] G. Suh, C. O'Donnell, I. Sachdev, and S. Devadas, “Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions,” Proc. 32nd Int'l Symp. Computer Architecture (ISCA '05), pp. 25-36, 2005.
[24] J. Guajardo, S.S. Kumar, G.-J. Schrijen, and P. Tuyls, “FPGA Intrinsic PUFs and Their Use for IP Protection,” Proc. Workshop Cryptographic Hardware and Embedded Security, pp. 63-80, Sept. 2007.
[25] J. Guajardo, S.S. Kumar, G.-J. Schrijen, and P. Tuyls, “Physical Unclonable Functions and Public-Key Crypto for FPGA IP Protection,” Proc. Int'l Conf. Field Programmable Logic and Applications (FPL '07), pp. 189-195, Aug. 2007.
[26] H. Nyquist, “Thermal Agitation of Electric Charge in Conductors,” Physical Rev., vol. 32, no. 110, 1928.
[27] J. Johnson, “Thermal Agitation of Electricity in Conductors,” Physical Rev., vol. 32, no. 97, 1928.
[28] B. Sunar, W.J. Martin, and D.R. Stinson, “A Provably Secure True Random Number Generator with Built-In Tolerance to Active Attacks,” IEEE Trans. Computers, vol. 58, pp. 109-119, Jan. 2007.
[29] D.J. Kinnimet and E. Chester, “Design of an On-Chip Random Number Generator Using Metastability,” Proc. 28th European Solid-State Circuits Conf. (ESSCIRC '02), pp. 595-598, 2002.
[30] C. Tokunaga, D. Blaauw, and T. Mudge, “A True Random Number Generator with a Metastability-Based Quality Control,” Proc. IEEE Int'l Solid-State Circuits Conf. (ISSCC '07), Digest of Technical Papers, 2007.
[31] J.M. Rabaey, A. Chandrakasan, and B. Nikolic, Digital Integrated Circuits: A Design Perspective, second ed. Prentice Hall, 2003.
[32] K. Osada, Y. Saitoh, E. Ibe, and K. Ishibashi, “16.7-fA/cell Tunnel-Leakage-Suppressed 16-Mb SRAM for Handling Cosmic-Ray-Induced Multierrors,” IEEE J. Solid-State Circuits, vol. 38, no. 11, pp. 1952-1957, Nov. 2003.
[33] V. Shoup, A Computational Introduction to Number Theory and Algebra. Cambridge Univ. Press, 2005.
[34] L. Carter and M.N. Wegman, “Universal Classes of Hash Functions,” J. Computer and System Sciences, vol. 18, no. 2, pp.143-154, 1979.
[35] N. Nisan and A. Ta-Shma, “Extracting Randomness: A Survey and New Constructions,” J. Computer and System Sciences, vol. 58, no. 1, pp. 148-173, 1999.
[36] K. Yüksel, J.P. Kaps, and B. Sunar, “Universal Hash Functions for Emerging Ultra-Low-Power Networks,” Proc. Comm. Networks and Distributed Systems Modeling and Simulation Conf. (CNDS '04), Jan. 2004.
[37] Rukhin et al., A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications, NIST Special Publication 800-22 (revised May 2002), 2002.
[38] H. Qin, Y. Cao, D. Markovic, A. Vladimirescu, and J. Rabaey, “SRAM Leakage Suppression by Minimizing Standby Supply Voltage,” Proc. Fifth Int'l Symp. Quality Electronic Design (ISQED '04), pp. 55-60, 2004.
[39] E. Seevinck, F. List, and J. Lohstroh, “Static-Noise Margin Analysis of MOS SRAM Cells,” IEEE J. Solid-State Circuits, vol. 22, no. 5, pp.748-754, Oct. 1987.
[40] K. Agarwal and S. Nassif, “Statistical Analysis of SRAM Cell Stability,” Proc. 43rd ACM/IEEE Design Automation Conf. (DAC '06), pp. 57-62, July 2006.
[41] A. Bhavnagarwala, X. Tang, and J. Meindl, “The Impact of Intrinsic Device Fluctuations on CMOS SRAM Cell Stability,” IEEE J. Solid-State Circuits, vol. 36, no. 4, pp. 658-665, Apr. 2001.
[42] S. Selberherr, “MOS Device Modeling at 77 k,” IEEE Trans. Electron Devices, vol. 36, no. 8, pp. 1464-1474, Aug. 1989.
[43] Y. Cao, T. Sato, D. Sylvester, M. Orshansky, and C. Hu, New Paradigm of Predictive MOSFET and Interconnect Modeling for Early Circuit Design, 2001.
[44] R. Anderson and M. Kuhn, “Low Cost Attacks on Tamper Resistant Devices,” Proc. Int'l Workshop Security Protocols (IWSP'97), 02.PapEA.powf.pdf anderson97low.html, 1997.
[45] S. Mahapatra and M. Alam, “A Predictive Reliability Model for PMOS Bias Temperature Degradation,” Proc. Int'l Electron Devices Meeting (IEDM '02), Digest, pp. 505-508, 2002.
[46] S. Rangan, N. Mielke, and E. Yeh, “Universal Recovery Behavior of Negative Bias Temperature Instability,” Proc. IEEE Int'l Electron Devices Meeting (IEDM '03), 8-10, Technical Digest, pp. 14.3.1-14.3.4, Dec. 2003.
[47] M. Denais, V. Huard, C. Parthasarathy, G. Ribes, F. Perrier, N. Revil, and A. Bravaix, “Interface Trap Generation and Hole Trapping under NBTI and PBTI in Advanced CMOS Technology with a 2-nm Gate Oxide,” IEEE Trans. Device and Materials Reliability, vol. 4, no. 4, pp. 715-722, Dec. 2004.
[48] N. Saxena and J. Voris, “We can remember it for you wholesale: Implications of data remanence on the use of {RAM} for true random number generation on {RFID} tags,” Proc. Workshop on Radio Frequency Identification Security (RFID '09), July 2009.

Index Terms:
Daniel E. Holcomb, Wayne P. Burleson, Kevin Fu, "Power-Up SRAM State as an Identifying Fingerprint and Source of True Random Numbers," IEEE Transactions on Computers, vol. 58, no. 9, pp. 1198-1210, Sept. 2009, doi:10.1109/TC.2008.212
Usage of this product signifies your acceptance of the Terms of Use.