Development of the Unified Security Requirements of PUFs During the Standardization Process

  • Nicolas Bruneau
  • Jean-Luc Danger
  • Adrien Facon
  • Sylvain GuilleyEmail author
  • Soshi Hamaguchi
  • Yohei Hori
  • Yousung Kang
  • Alexander Schaub
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11359)


This paper accounts for some scientific aspects related to the international standardization process about physically unclonable functions (PUFs), through the drafting of ISO/IEC 20897 project. The primary motivation for this standard project is to structure and expand the market of PUFs, as solutions for non-tamperable electronic chips identifiers.

While drafting the documents and discussing with international experts, the topic of PUF also gained much maturity. This article accounts how scientific structuration of the PUF as a field of embedded systems security has been emerging as a byproduct. First, the standardization has allowed to merge two redundant security requirements (namely diffuseness and unpredictability) into one (namely randomness), which in addition better suits all kinds of PUFs. As another contribution, the standardization process made it possible to match unambiguous and consistent tests with the security requirements. Furthermore, the process revealed that tests can be seen as estimators from their theoretic expressions, the so-called stochastic models.



This work was partly supported by both Institute for Information & communications Technology Promotion (IITP) grant funded by the Korea government (MSIT) (No. 2016-0-00399, Study on secure key hiding technology for IoT devices [KeyHAS Project]) and the project commissioned by the Japanese New Energy and Industrial Technology Development Organization (NEDO).


  1. 1.
    Halak, B.: Physically Unclonable Functions—From Basic Design Principles to Advanced Hardware Security Applications. Springer, Cham (2018). Scholar
  2. 2.
    Böhm, C., Hofer, M.: Physical Unclonable Functions in Theory and Practice. Springer, New York (2012). Scholar
  3. 3.
    Cai, Y., Ghose, S., Luo, Y., Mai, K., Mutlu, O., Haratsch, E.F.: Vulnerabilities in MLC NAND flash memory programming: experimental analysis, exploits, and mitigation techniques. In: 2017 IEEE International Symposium on High Performance Computer Architecture, HPCA 2017, Austin, TX, USA, 4–8 February 2017, pp. 49–60. IEEE Computer Society (2017)Google Scholar
  4. 4.
    Cherif, Z., Danger, J.-L., Guilley, S., Bossuet, L.: An easy-to-design PUF based on a single oscillator: the loop PUF. In: DSD,Çeşme, Izmir, Turkey, 5–8 September 2012 (2012). (Online PDF)
  5. 5.
    Altera Corporation: White paper: FPGA architecture, July 2006. ver. 1.0. Accessed 19 Apr 2018
  6. 6.
    Gassend, B., Clarke, D.E., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, 18–22 November 2002, pp. 148–160. ACM (2002)Google Scholar
  7. 7.
    Guilley, S., El Housni, Y.: Random numbers generation: tests and attacks. In: 2018 Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2018, Amsterdam, Netherlands, 13 September 2018. IEEE Computer Society (2018)Google Scholar
  8. 8.
    Güneysu, T.: Using data contention in dual-ported memories for security applications. Signal Process. Syst. 67(1), 15–29 (2012)CrossRefGoogle Scholar
  9. 9.
    Holcomb, D.E., Burleson, W.P., Fu, K.: Power-up SRAM state as an identifying fingerprint and source of true random numbers. IEEE Trans. Comput. 58(9), 1198–1210 (2009)MathSciNetCrossRefGoogle Scholar
  10. 10.
    ISO/IEC JTC 1/SC27/WG2. ISO/IEC 18031:2011 - Information technology - Security techniques - Random bit generationGoogle Scholar
  11. 11.
    ISO/IEC JTC 1/SC27/WG3. ISO/IEC DIS 20543 - Information technology - Security techniques - Test and analysis methods for random bit generators within ISO/IEC 19790 and ISO/IEC 15408Google Scholar
  12. 12.
    ISO/IEC NP 20897. Information technology - Security techniques - Security requirements, test and evaluation methods for physically unclonable functions for generating nonstored security parameters.
  13. 13.
    Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Heidelberg (2012). ISBN 978-3-642-29655-0CrossRefzbMATHGoogle Scholar
  14. 14.
  15. 15.
    Kim, Y., et al.: Flipping bits in memory without accessing them: an experimental study of DRAM disturbance errors. In: ACM/IEEE 41st International Symposium on Computer Architecture, ISCA 2014, Minneapolis, MN, USA, 14–18 June 2014, pp. 361–372. IEEE Computer Society (2014)Google Scholar
  16. 16.
    Marsaglia, G.: The Marsaglia random number CDROM including the diehard battery of tests of randomness. Web site at the Department of Statistics, Florida State University, Tallahassee, FL, USA (1995)Google Scholar
  17. 17.
    Mutlu, O.: The RowHammer problem and other issues we may face as memory becomes denser. In: Atienza, D., Di Natale, G. (eds.) Design, Automation and Test in Europe Conference and Exhibition, DATE 2017, Lausanne, Switzerland, 27–31 March 2017, pp. 1116–1121. IEEE (2017)Google Scholar
  18. 18.
    NIST. Recommendation for the entropy sources used for random bit generation (2012).
  19. 19.
    Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002). Scholar
  20. 20.
    Pappu, R.S.: Physical one-way functions. Ph.D. thesis, Massachusetts Institute of Technology, March 2001Google Scholar
  21. 21.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling attacks on physical unclonable functions. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, Chicago, Illinois, USA, 4–8 October 2010, pp. 237–249. ACM (2010)Google Scholar
  22. 22.
    Rukhin, A., et al.: A statistical test suite for the validation of random number generators and pseudo random number generators for cryptographic applications, April 2010.
  23. 23.
    Schaub, A., Danger, J.-L., Guilley, S., Rioul, O.: An improved analysis of reliability and entropy for delay PUFs. In: Novotný, M., Konofaos, N., Skavhaug, A. (eds.) 21st Euromicro Conference on Digital System Design, DSD 2018, Prague, Czech Republic, 29–31 August 2018, pp. 553–560. IEEE Computer Society (2018)Google Scholar
  24. 24.
    Schaub, A., Rioul, O., Boutros, J.J., Danger, J.-L., Guilley, S.: Challenge codes for physically unclonable functions with Gaussian delays: a maximum entropy problem. In: Latin American Week on Coding and Information, UNICAMP - Campinas, Brazil, 22–27 July 2018 (2018). LAWCI
  25. 25.
    NIST FIPS (Federal Information Processing Standards). Security Requirements for Cryptographic Modules publication 140-2, 25 May 2001.
  26. 26.
    Su, Y., Holleman, J., Otis, B.P.: A digital 1.6 pJ/bit chip identification circuit using process variations. IEEE J. Solid-State Circuits 43(1), 69–77 (2008)CrossRefGoogle Scholar
  27. 27.
    Suzuki, D., Shimizu, K.: The glitch PUF: a new delay-PUF architecture exploiting glitch shapes. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 366–382. Springer, Heidelberg (2010). Scholar
  28. 28.
    Tuyls, P., Škoric, B., Kevenaar, T.: Security with Noisy Data: On Private Biometrics, Secure Key Storage and Anti-Counterfeiting, 1st edn. Springer, New York (2007). ISBN 978-1-84628-983-5CrossRefzbMATHGoogle Scholar
  29. 29.
    Wu, M.-Y., et al.: A PUF scheme using competing oxide rupture with bit error rate approaching zero. In: 2018 IEEE International Solid-State Circuits Conference, ISSCC 2018, San Francisco, CA, USA, 11–15 February 2018, pp. 130–132. IEEE (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Nicolas Bruneau
    • 1
  • Jean-Luc Danger
    • 2
  • Adrien Facon
    • 1
    • 3
  • Sylvain Guilley
    • 1
    • 2
    • 3
    Email author
  • Soshi Hamaguchi
    • 4
  • Yohei Hori
    • 5
  • Yousung Kang
    • 6
  • Alexander Schaub
    • 2
  1. 1.Secure-IC S.A.S.Cesson-SévignéFrance
  2. 2.LTCI, Télécom ParisTechUniversité Paris-SaclayParisFrance
  3. 3.École Normale SupérieureParisFrance
  4. 4.Cosmos CorporationMieJapan
  5. 5.National Institute of Advanced Industrial Science and Technology (AIST)IbarakiJapan
  6. 6.ETRIDaejeonKorea

Personalised recommendations