Performance and Security Evaluation of AES S-Box-Based Glitch PUFs on FPGAs

  • Dai Yamamoto
  • Gabriel Hospodar
  • Roel Maes
  • Ingrid Verbauwhede
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7644)


Physical(ly) Unclonable Functions (PUFs) are expected to represent a solution for secure ID generation, authentication, and other important security applications. Researchers have developed several kinds of PUFs and self-evaluated them to demonstrate their advantages. However, both performance and security aspects of some proposals have not been thoroughly and independently evaluated. Third-party evaluation is important to discuss whether a proposal performs according to what the developers claim, regardless of any accidental bias. In this paper, we focus on Glitch PUFs (GPUFs) that use an AES S-Box implementation as a glitch generator, as proposed by Suzuki et al. [1]. They claim that this GPUF is one of the most practically feasible and secure delay-based PUFs. However, it has not been evaluated by other researchers yet. We evaluate GPUFs implemented on FPGAs and present three novel results. First, we clarify that the total number of challenge-response pairs of GPUFs is 219, instead of 211. Second, we show that a GPUF implementation has low robustness against voltage variation. Third, we point out that the GPUF has “weak” challenges leading to responses that can be more easily predictable than others by an adversary. Our results indicate that GPUFs that use the AES S-Box as the glitch generator present almost no PUF-behavior as both reliability and uniqueness are relatively low. In conclusion, our case study on FPGAs suggests that GPUFs should not use the AES S-Box as a glitch generator due to performance and security reasons.


Glitch PUF FPGA Security Performance Key Generation Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Suzuki, D., Shimizu, K.: The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 366–382. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Pappu, R.S.: Physical One-Way Functions. PhD thesis, Massachusetts Institute of Technology (2001)Google Scholar
  3. 3.
    Gassend, B., Clarke, D., van Dijk, M., Devadas, S.: Silicon Physical Random Functions. In: Proceedings of CCS 2002, pp. 148–160 (2002)Google Scholar
  4. 4.
    Gassend, B., Clarke, D., Lim, D., van Dijk, M., Devadas, S.: Identification and Authentication of Integrated Circuits. In: Concurrency and Computation: Practice and Experiences, pp. 1077–1098 (2004)Google Scholar
  5. 5.
    Maes, R., Verbauwhede, I.: Physically unclonable Functions: A Study on the State of the Art and Future Research Directions. In: Towards Hardware Intrinsic Security: Foundation and Practice. Information Security and Cryptography, pp. 3–37. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Guajardo, J., Kumar, S.S., Schrijen, G.-J., Tuyls, P.: FPGA Intrinsic PUFs and Their Use for IP Protection. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 63–80. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Holcomb, D.E., Burleson, W.P., Fu, K.: Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags. In: Proceedings of the Conference on RFID Security (2007)Google Scholar
  8. 8.
    Kumar, S.S., Guajardo, J., Maes, R., Schrijen, G.J., Tuyls, P.: Extended Abstract: The Butterfly PUF: Protecting IP on every FPGA. In: Proceedings of HOST 2008, pp. 67–70 (2008)Google Scholar
  9. 9.
    Maes, R., Tuyls, P., Verbauwhede, I.: Intrinsic PUFs from Flip-flops on Reconfigurable Devices. In: 3rd Benelux Workshop on Information and System Security (WISSec 2008), Eindhoven, NL, p. 17 (2008)Google Scholar
  10. 10.
    Krishna, A.R., Narasimhan, S., Wang, X., Bhunia, S.: MECCA: A Robust Low-Overhead PUF Using Embedded Memory Array. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 407–420. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Su, Y., Holleman, J., Otis, B.: A 1.6pJ/bit 96% Stable Chip-ID Generating Circuit using Process Variations. In: IEEE International on Solid-State Circuits Conference, ISSCC 2007. Digest of Technical Papers, pp. 406–611 (2007)Google Scholar
  12. 12.
    Su, Y., Holleman, J., Otis, B.P.: A Digital 1.6 pJ/bit Chip Identification Circuit Using Process Variations. IEEE Journal of Solid-State Circuits 43(1), 69–77 (2008)CrossRefGoogle Scholar
  13. 13.
    Suh, G.E., Devadas, S.: Physical Unclonable Functions for Device Authentication and Secret Key Generation. In: Proceedings of DAC 2007, pp. 9–14 (2007)Google Scholar
  14. 14.
    Lee, J.W., Lim, D., Gassend, B., Suh, G.E., van Dijk, M., Devadas, S.: A Technique to Build a Secret Key in Integrated Circuits for Identification and Authentication Applications. In: Proceedings of the IEEE VLSI Circuits Symposium, pp. 176–179 (2004)Google Scholar
  15. 15.
    Rührmair, U., Sehnke, F., Sölter, J., Dror, G., Devadas, S., Schmidhuber, J.: Modeling Attacks on Physical Unclonable Functions. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 237–249. ACM, New York (2010)Google Scholar
  16. 16.
    Shimizu, K., Suzuki, D., Kasuya, T.: Glitch PUF: Extracting Information from Usually Unwanted Glitches. IEICE Transactions 95-A(1), 223–233 (2012)CrossRefGoogle Scholar
  17. 17.
    Crouch, J.W., Patel, H.J., Kim, Y.C., Bennington, R.W.: Creating unique identifiers on field programmable gate arrays using natural processing variations. In: Proceedings of FPL 2008, pp. 579–582 (2008)Google Scholar
  18. 18.
    Patel, H.J., Crouch, J.W., Kim, Y.C., Kim, T.C.: Creating a unique digital fingerprint using existing combinational logic. In: Proceeding of ISCAS 2009, pp. 2693–2696 (2009)Google Scholar
  19. 19.
    Anderson, J.H.: A PUF Design for Secure FPGA-Based Embedded Systems. In: Proceedings of the 2010 Asia and South Pacific Design Automation Conference, ASPDAC 2010, pp. 1–6. IEEE Press, Piscataway (2010)Google Scholar
  20. 20.
  21. 21.
    AIST (Agency of Industrial Science, Technology), and Tohoku University in Japan. HDL code used for an AES S-Box implementation,
  22. 22.
    Maiti, A., Gunreddy, V., Schaumont, P.: A Systematic Method to Evaluate and Compare the Performance of Physical Unclonable Functions. Cryptology ePrint Archive, Report 2011/657 (2011)Google Scholar
  23. 23.
    Maes, R., Tuyls, P., Verbauwhede, I.: Low-Overhead Implementation of a Soft Decision Helper Data Algorithm for SRAM PUFs. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 332–347. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Sasao, T.: AND-EXOR Expressions and Their Optimization. In: Logic Synthesis and Optimization, pp. 287–312. Kluwer Academic Publishers (1993)Google Scholar
  25. 25.
    Morioka, S., Satoh, A.: An Optimized S-Box Circuit Architecture for Low Power AES Design. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 172–186. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Dai Yamamoto
    • 1
    • 2
  • Gabriel Hospodar
    • 1
  • Roel Maes
    • 1
  • Ingrid Verbauwhede
    • 1
  1. 1.KU Leuven ESAT/SCD-COSIC and IBBTLeuvenBelgium

Personalised recommendations