The CCAP: A New Physical Unclonable Function (PUF) for Protecting Internet of Things (IoT) and Other FPGA-based Embedded Systems

The importance of cybersecurity has grown exponentially over the years due to our highly interconnected world and the evolution of computer threats. These threats – once as simple as annoying computer viruses – are now destructive malware, ransomware, and advanced persistent threats (APT) sponsored by nation states used to steal military secrets, wage industrial espionage, and weaponize the Cyberspace into the 5^th domain of future military conflict right behind Land, Sea, Air, and Space. Every device that interfaces with the Internet is a potential target. For instance, the attack surface for Internet of Things (IoT) is expected to expand with an estimated 14.2 billion connected “things” projected to be in use this year alone. These “things” are diverse and include rugged-industrial sensors, personal wearables, in-home appliances, and even some of the vehicles on the road today.

Many IoT devices are beginning to utilize Field Programmable Gate Arrays (FPGAs) for their processing subsystem due to design flexibility and because FPGAs, as a design element, enable product lifecycle support through aftermarket upgradability of both the computer software (CSCI) and firmware/hardware (FWCI) configuration items. This allows manufacturers to enhance product functionality through over-the-Internet (OTI) or over-the-air (OTA) upgrades. Unfortunately, the increasing use of FPGAs has also brought a major concern of intellectual property (IP) theft and product counterfeiting. To help thwart IP theft, FPGA vendors such as Xilinx and Intel PSG (formerly Altera) provide end-users with the ability to encrypt design bitstreams at rest with a cryptographic key. This encryption key is typically stored in EEPROM, Battery-Backed RAM, or within dedicated Anti-Fuses within the device; however, numerous non-invasive, semi-invasive, and invasive attacks exist that can retrieve the encryption key and compromise the design bitstream. Physical (sometimes referred to as physically) unclonable functions (PUFs) have been proposed as a countermeasure to eliminate the need for cryptographic key storage. PUFs have been widely researched for nearly two decades. An efficient implementation for FPGAs has remained elusive and is an area of much needed research focus.

The goal of this research was to deliver a new, innovative PUF design targeted specifically for FPGA implementation. We propose the CCAP which is an efficient, scalable hardware security primitive supporting today’s most advanced FPGAs. It requires no hard macros or interactive design floorplanning and is portable to any UltraScale+-based FPGA. Experimental results on several Avnet Ultra96 boards have shown excellent PUF performance in terms of PUF inter-device uniqueness, acceptable performance for PUF intra-device uniqueness, and good overall PUF output stability at the targeted operating temperatures. Additionally, the randomness of several CCAP “raw” signatures at various FPGA die locations have been tested and deemed random according to the NIST Randomness Test Suite, and chi-square “Goodness of Fit” test calculations. In the un-redacted portions of this dissertation, we discuss the motivation for this work, cover several of the prior PUF architectures in open literature and their shortcomings for FPGA implementation, examine our testing methodologies, provide some test results and analyses, propose a few real-world applications for the CCAP primitive, before ending with conclusion and possible future work. NOTE: The CCAP architecture and details pertaining to it are not publicly disclosed at this time.