RingRAM: A Unified Hardware SecurityPrimitive for IoT Devices that Gets Better with Age

Abstract

As security grows in importance, system designers turn to hardware support for security. Hardware’s unique properties enable functionality and performance levels not available with software alone. One unique property of hardware is non-determinism. Unlike software, which is inherently deterministic (e.g., the same inputs produce the same outputs), hardware encompasses an abundance of non-determinism; non-determinism born out of manufacturing and operational chaos. While hardware designers focus on hiding the effects of such chaos behind voltage and clock frequency guard bands, security practitioners embrace the chaos as a source of randomness. We propose a single hardware security primitive composed of basic circuit elements that harnesses both manufacturing and operational chaos to serve as the foundation for both a true random-number generator and a physical unclonable function suitable for deployment in resource-constrained Internet-of-Things (IoT) devices. Our primitive RingRAM leverages the observation that, while existing hardware security primitives have limitations that prevent deployment, they can be merged to form a hardware security primitive that has all of the benefits, but none of the drawbacks. We show how RingRAM’s reliance on simple circuit elements enables universal implementation using discrete components, on an FPGA, and as an ASIC. We then design RingRAM tuning knobs that allow designers to increase entropy, decrease noise, and eliminate off-chip post-processing. We validate RingRAM, showing that it serves as a superior true random-number generator and physical unclonable function—robust against aging and thermal attacks. Finally, to show how RingRAM increases IoT system security, we provide two Linux-based use cases on top of a RISC-V System-on-Chip.