Mini-Block-Based Cipher Class for Physically Clone-Resistant Devices

Abstract

Physical Unclonable Functions PUFs were proposed about two decades ago for creating physically unclonable VLSI units. PUFs as analog structures, are inherently rather costly in implementation and less consistent in the re-identification process. The novel technique proposed in this work, converts (mutates) a non-volatile SoC FPGA device at low cost into a consistent clone-resistant unit. A true random generator triggers an internal smart program which creates/mutates internally (in a post-production single-event process) a permanent physical Secret Unknown Cipher (SUC) module. This is seen as an electronic “mutation” in a self-reconfiguring non-volatile-FPGA SoC environment. The created entity results with some unknown, however operational Cipher SUC. As the SUC structure is non-volatile, the unit becomes permanently clone-resistant if any later changes are irreversibly prohibited. A large cipher class based on mini-blocks of 4-bit mappings and bundle permutations making use of the FPGA 4-input LUT structures is created. To create an SUC within a device, a single cipher is randomly selected from the large class. As nobody knows the internally selected cipher, the resulting cipher-module is unknown and could serve as a hard to clone physical identity. A perfect secret is the one which nobody knows. Once it is possible to know, it becomes clonable. A sample use case protocol challenging the particular created cipher is shown how to securely identify the device. A sample prototype implementation scenario for the proposed cipher is presented using Microsemi SmartFusion2 SoC FPGA technology. Complexity, performance and security aspects of the resulting new system are discussed and evaluated.