Investigating SRAM PUFs in large CPUs and GPUs

  • Pol Van Aubel
  • Daniel J. Bernstein
  • Ruben Niederhagen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9354)


Physically unclonable functions (PUFs) provide data that can be used for cryptographic purposes: on the one hand randomness for the initialization of random-number generators; on the other hand individual fingerprints for unique identification of specific hardware components. However, today’s off-the-shelf personal computers advertise randomness and individual fingerprints only in the form of additional or dedicated hardware.

This paper introduces a new set of tools to investigate whether intrinsic PUFs can be found in PC components that are not advertised as containing PUFs. In particular, this paper investigates AMD64 CPU registers as potential PUF sources in the operating-system kernel, the bootloader, and the system BIOS; investigates the CPU cache in the early boot stages; and investigates shared memory on Nvidia GPUs. This investigation found non-random non-fingerprinting behavior in several components but revealed usable PUFs in Nvidia GPUs.


Physically unclonable functions SRAM PUFs randomness hardware identification 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    AGMA Urges Manufacturers to Take Steps to Protect Products from Counterfeiters, (October 2007)
  2. 2.
    AMD64 Architecture Programmer’s Manual Volume 2: System Programming. 3.23. AMD (May 2013) Google Scholar
  3. 3.
    BIOS and Kernel Developer’s Guide (BKDG) for AMD Family 14h Models00h-0Fh Processors. 3.13. AMD (February 2012)Google Scholar
  4. 4.
    van den Berg, R., Škorić, B., van der Leest, V.: Bias-based modeling and entropy analysis of PUFs. In: Armknecht, F., Seifert, J.-P. (eds.) Proceedings of Trust-Worthy Embedded Devices — TrustED 2013, pp. 13–20. ACM (2013)Google Scholar
  5. 5.
  6. 6.
    CUDA C Programming Guide: Design Guide. 7.0. Nvidia (March 2015)Google Scholar
  7. 7.
    Chauvet, J.-M., Mahe, E.: Secrets from the GPU. ArXiv e-prints (2013), See also: [17]. arXiv: 1305.3699Google Scholar
  8. 8.
    Di Pietro, R., Lombardi, F., Villani, A.: CUDA Leaks: Information Leakage in GPU Architectures. ArXiv e-prints (2013). arXiv: 1305.7383Google Scholar
  9. 9.
  10. 10.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon physical random functions. In: Atluri, V. (ed.) Proceedings of Computer and Communications Security — CCS 2002, pp. 148–160. ACM (2002)Google Scholar
  11. 11.
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) Workshop on Cryptographic Hardware and Embedded Systems — CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)Google Scholar
  12. 12.
    Heninger, N., Durumeric, Z., Wustrow, E., Alex Halderman, J.: Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices. In: Proceedings of the 21st USENIX Security Symposium, p. 35. USENIX Association (2012)Google Scholar
  13. 13.
  14. 14.
    Lee, J.W., Lim, D., Gassend, B., Edward Suh, G., van Dijk, M., Devadas, S.: A technique to build a secret key in integrated circuits for identification and authentication applications. In: Symposium on VLSI Circuits 2004, pp. 176–179. IEEE (2004)Google Scholar
  15. 15.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public Keys. In: Safavi-Naini, R., Canetti, R. (eds.) Advances in Cryptology — CRYPTO 2012. LNCS, vol. 7417, pp. 626–642. Springer, Heidelberg (2012)Google Scholar
  16. 16.
    Maes, R., Tuyls, P., Verbauwhede, I.: Intrinsic PUFs from Flip-flops on Reconfigurable Devices. In: Workshop on Information and System Security — WISSec 2008 (2008)Google Scholar
  17. 17.
    Mahé, E., Chauvet, J.-M.: Secrets from the GPU. Journal of Computer Virology and Hacking Techniques 10(3), 205–210 (2014)CrossRefGoogle Scholar
  18. 18.
    Owusu, E., Guajardo, J., McCune, J., Newsome, J., Perrig, A., Vasudevan, A.: OASIS: On Achieving a Sanctuary for Integrity and Secrecy on Untrusted Platforms. In: Proceedings of Computer and Communications Security — CCS 2013, pp. 13–24. ACM (2013)Google Scholar
  19. 19.
    Parallel Thread Execution ISA: Application Guide. 4.2. Nvidia (March 2015)Google Scholar
  20. 20.
    Schaller, A., Arul, T., van der Leest, V., Katzenbeisser, S.: Lightweight Anti-counterfeiting Solution for Low-End Commodity Hardware Using Inherent PUFs. In: Holz, T., Ioannidis, S. (eds.) Trust and Trustworthy Computing — TRUST 2014. LNCS, vol. 8564, pp. 83–100. Springer, Heidelberg (2014)Google Scholar
  21. 21.
    Schwabe, P.: Graphics Processing Units. In: Markantonakis, K., Mayes, K. (eds.) Secure Smart Embedded Devices: Platforms and Applications, pp. 179–200. Springer (2014)Google Scholar
  22. 22.
    Su, Y., Holleman, J., Otis, B.P.: A Digital 1.6 pJ/bit Chip Identification Circuit Using Process Variations. Journal of Solid-State Circuits 43(1), 69–77 (2008)CrossRefGoogle Scholar
  23. 23.
    Suzuki, D., Shimizu, K.: The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes. In: Mangard, S., Standaert, F.-X. (eds.) Workshop on Cryptographic Hardware and Embedded Systems — CHES 2010. LNCS, vol. 6225, pp. 366–382. Springer, Heidelberg (2010)Google Scholar
  24. 24.
    Van Herrewege, A., van der Leest, V., Schaller, A., Katzenbeisser, S., Verbauwhede, I.: Secure PRNG Seeding on Commercial Off-the-shelf Microcontrollers. In: Armknecht, F., Seifert, J.-P. (eds.) Proceedings of Trustworthy Embedded Devices — TrustED 2013, pp. 55–64. ACM (2013)Google Scholar
  25. 25.
    Wong, H., Papadopoulou, M.-M., Sadooghi-Alvandi, M., Moshovos, A.: Demystifying GPU microarchitecture through microbenchmarking. In: Performance Analysis of Systems Software (ISPASS), pp. 235–246. IEEE (2010)Google Scholar
  26. 26.

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Pol Van Aubel
    • 1
  • Daniel J. Bernstein
    • 2
    • 3
  • Ruben Niederhagen
    • 3
  1. 1.Digital Security GroupRadboud UniversityNijmegenThe Netherlands
  2. 2.Department of Computer ScienceUniversity of Illinois at ChicagoChicagoUSA
  3. 3.Department of Mathematics and Computer ScienceTechnische Universiteit EindhovenEindhovenThe Netherlands

Personalised recommendations