A practical device authentication scheme using SRAM PUFs

The contamination of electronic component supply chains by counterfeit hardware devices is a serious and growing risk in today’s globalized marketplace. Current practice for detecting counterfeit semiconductors includes visual checking, electrical testing, and reliability testing which can require significant investments in expertise, equipment, and time. Additionally, best practices have been developed in industry worldwide to combat counterfeiting in many of its variants. Although the current approaches improve the situation significantly, they do not provide extensive technical means to detect counterfeiting. However, new approaches in this area are beginning to emerge. Suh and Devadas recently proposed a low cost device authentication scheme which relies on physically unclonable functions (PUFs) to implement a challenge–response authentication protocol. There are several constraints in their authentication scheme, e.g., their scheme requires a secure online database and relies on PUF constructions that exhibit a large number of challenge–response pairs. In this paper, we introduce a new device authentication scheme using PUFs for device anti-counterfeiting. Our scheme is simple and practical as it does not require any online databases and is not tied to any PUF implementations. We evaluate our authentication scheme on 96 discrete SRAM PUF devices and show that our scheme works well in practice. For hardware devices which already have SRAM and non-volatile storage embedded, our scheme takes almost no additional cost.