IMPROVE SYMMETRY OF ARBITER IN APUF

. Arbiter-based physical unclonable function (APUF) is a classical kind of physical unclonable function (PUF). In APUF-based device authen- tication, the fairness of traditional APUF is insuﬃcient due to setup time of arbiter. To solve this problem, in this paper we design an arbiter and con- duct Monte Carlo simulations to test the performance of the new arbiter. In addition, we present some new evaluation metrics to evaluate the new arbiter quantitatively. Finally, we certify that the new arbiter can work continuously with both one stage racing paths and eight stages racing paths. The new ar- biter has good performance in correct rate, stability and fairness. Particularly, it mitigates the setup time problem by reducing the Asymmetry.


1.
Introduction. In 2000, Lofstrom et al. got the idea of identification using device mismatch [10]. In 2002, Pappu et al. defined physical one-way function and proposed optical PUF [12]. Gassend et al. implemented PUF in silicon circuit, presented the definition of PUF, and designed an original delay-based PUF [5] [2]. In 2003, he improved the definition of PUF. Those works laid the foundation of PUF area [3]. In [3], the definition of PUF is a function that maps challenges to responses. It is embodied by a physical device, easy to evaluate and hard to predict. Silicon PUF uses manufacturing process variations in integrated circuits (IC) with identical masks to uniquely characterize each IC.
In 2004, J. Lee, D. Lim, B. Gassend et al. proposed a new type of PUF called Arbiter-PUF to enhance the robustness as well as reduce the operation time and power dissipation [4] [7]. From then on, may kinds of PUFs have been invented. Most PUFs come in two flavors: silicon PUF and non-silicon PUF [16]. Non-silicon PUF includes Optical PUF, paper PUF, CD PUF, acoustical PUF, magnetic PUF, RF-DNA, etc. Silicon PUF, like memory-based PUF, delay-based PUF, refers to PUF that implement in a silicon circuit. And as a security primitive, PUF can work together with other security policy like fingerprint and face identification [6]. In this paper, we study only APUF which is a kind of delay-based PUF.
A 64 stages APUF was designed in [4] [7] to improve the original delay-based PUF in [2] [3]. The 64 bits of a challenge correspond to 64 switches (also called stage). There are two lines that go through the 64 switches. Every bit in the challenge decides whether the two lines go parallelly or crosswise in the corresponding switch. Even if we feed a rising edge to the two lines simultaneously, the delay time of the two lines will be different, as the delay of switches and lines are affected by uncontrollable intrinsic variation. The line is called delay line, and the two lines together are called a pair of racing paths. All those components that cause the delay difference (∆t) between the two delay lines is the first part of APUF circuit. The second part of APUF is an arbiter that tests which delay line outputs the rising edge first. If the upper delay line is faster, the arbiter should output a 1, and vice versa. That is, the arbiter transforms the ∆t to a 1 bit response. Obviously, for different challenges, the switch selects different paths, the ∆t is different, finally the response is different. A challenge and the corresponding response are termed challenge response pair (CRP). For a 64 stages APUF, each challenge is 64 bits, the corresponding response is 1 bit, and there must be 2 64 CRPs.
There are many kinds of arbiter. In [9], a D latch is used as arbiter (D latch arbiter). Unfortunately, this conventional approach suffers from a couple of shortcomings. An imbalance of 0 and 1 response is caused by setup time of D latch. Further, there is a high possibility of meta stability in D latch. Instead of D latch, D flip-flop (D ff arbiter) is used in [15] to solve the two problems. The arbiter circuit based on a sense amplifier (amplifier arbiter) can also avoid both problems [11]. Another problem is the asymmetry of circuit when an APUF is implemented in a FPGA. This problem leads to a deviation of ∆t. Programmable delay lines were added to arbiter (compensation arbiter) in [11] to compensate the ∆t deviation. Delay lines can solve the setup time problem of arbiter as well. [11][1] [8].
The rest of this paper is organized as follows. Section 2 introduces the methods, the softwares and experimental environment. Section 3 describes the proposed arbiter and presents simulation results. Section 4 concludes the paper.

2.
Methods. All the Monte Carlo simulations in this paper is conducted using HSPICE. All the statistical analysis work in this paper is conducted using MAT-LAB. The theory of Monte Carlo simulations in CAD area is as follow. On the premise that we know the distributions of all the model parameters in circuit, we get the parameter samples by generating random numbers that are in concordance with the distributions. We conduct simulation based on these parameters. This simulation focuses on the generation of random number. A traditional way to generation random numbers that are uniformly distributed is mixing congruential method [13]. For given positive integers A,C and X 1 , we can get an integer sequence {X i } using recursion formulae Equ.1. And {U i } is the random number sequence in which U i =X i /m, m is another positive integer. In fact, {U i } are pseudo-random numbers. We need to adjust A,C,X 1 and m to maximize the period of {U i }.
The width of transistors in circuit are generated by function gauss(220n,0.1,3). The length of transistors in the circuit are generated by function gauss(180n,0.1,3). Other mismatch parameters of transistors are in concordance with the default distributions in model. The temperature is 25 degrees Celsius.

Theory.
3.1. Working area of arbiter. We divide APUF into two parts: racing paths and arbiter. The delay difference (∆t) of racing paths is transmitted to arbiter as the input. So, only when we know what kind of ∆t does certain racing paths generate, can we decide if our arbiter can work well with this racing paths. Fig.1 shows the racing paths. The first waveform shows the rising edge that arrives at the beginning. The second and third waveforms show the rising edge propagates in the racing paths. ∆T(upper) is the propagation delay of upper delay line. ∆T(lower) is the propagation delay of lower delay line. And ∆t=∆T(upper)-∆T(lower). We need to analyze the ∆t of different racing paths.
First, we think about the racing paths with only one stage. We conduct 1000 Monte Carlo simulations on a 120nm stage circuit shown in Fig.2 under challenge 0. We feed the same rising edge to top i and bot i simultaneously. The top i+1 and bot i+1 are the output pins.
Second, we go to the racing paths with 8 stages. We connect 8 stage circuits one by one. We feed the same rising edge to top0 and bot0 simultaneously. The top i+1 and bot i+1 of the last stage are the output. The 8 stages circuit has 8 bits challenge. we scan all the 256 possible challenges. For each challenge, we conduct 100 Monte Carlo simulations and calculate a fitting curve.
The statistics and fitting result of the 1 stage circuit simulation are shown in Fig.3. The fitting curve is y = f (x) = 69.587 * exp(−((x − 2.247)/0.003) 2 ). In the 8 stages circuit simulation, we get 256 fitting curves as the blue lines shown in Fig.4. Also, we add all these blue lines together and get the red line shown in Fig.3. It is y = g(x) = 1.6135 * exp(−((x + 0.00026609)/0.0197) 2 ). From Equ.2, we can assert that in most situations, a one stage circuit will generate a ∆t in [-0.007ns, +0.007ns]. So, the corresponding arbiter must work accurately when fed by a ∆t in [-0.007ns, +0.007ns]. The scope [-0.007ns, +0.007ns] is workspace of the arbiter. We can jump to a similar conclusion from Equ.3. And obviously, if an arbiter work well under [-0.04ns, 0.04ns] but has bad performance under [-0.005ns, 0.005ns], this arbiter can collaborate with only 8 stages racing paths.   In ideal condition, response is 1 when ∆t < 0, and is 0 when ∆t > 0. However, as a matter of fact, the level variation needs time to take effect. On D pin, this time is called Setup Time (t setup ). That is, only when ∆t < −t setup , can the response turn to 1. This leads to a smaller probability of response 1. So the arbiter is 0-likely. Of course, level variation at clk pin also need Hold Time to take effect. But this hold time will not result in an imbalance of responses, because the initial level of response is 0.  We design a symmetrical arbiter circuit which is shown in Fig.6 to solve the setup time problem. This arbiter consists of two Not-gates (cross coupling inverter) and a reset function. So it is named 2N arbiter. Upper delay line is connected to Upper pin of 2N latch, lower delay line is connected to Lower pin of 2N latch. The arbitration strategy of 2N arbiter is as same as the strategy of D latch arbiter. After arbitration, the Reset pin turns to a low level to activate the reset function. Reset function connects GND to Out and Out. Before next arbitration, Reset goes to a high level which will disable the reset function. During arbitration, if the rising edge in upper delay line arrives first, the edge enables the corresponding inverter. This inverter gives Out a high level. And then the rising edge in lower delay line arrives and enables another inverter. This inverter gives Out a low level. Out is the response. Usually, the response depends on the positive or negative of ∆t. But when |∆t| is very small, the arbiter becomes a SRAM PUF. Fig.7 shows the time series of 2N arbiter. The first rising edge in upper delay line arrives at 6.1ns, the second one arrives at 26ns. The first rising edge in lower delay line arrives at 6ns, the second one arrives at 26.1ns. During the first arbitration, the edge in lower delay line arrives first. ∆t > 0. Out signal turn to low level as the result. During the second arbitration, the edge in Upper delay line arrives first. Out signal turn to logic high as the result. Between two arbitrations, Reset  Fig.7 shows that 2N arbiter is able to work continuously. Residual charges from last arbitration have few effect on current arbitration.
We conduct 100 Monte Carlo simulations of 2N arbiter under different ∆t. In each simulation, Upper pin and Lower pin are excited by two rising edges with delay difference ∆t. Out pin is printed as the output. ∆t scans from -0.050ns to 0.050ns with an interval of 0.001ns. Also, the same simulation is conducted on D latch arbiter as a contrast.

3.3.
Results and discussion. The result table is too large to be shown here. To show the result intuitively and to evaluate the arbiters quantitatively, some evaluation metrics are defined based on this result table.
Arbitration probability of an arbiter under a certain ∆t, which is represented symbolically by PA(∆t), is the possibility of an arbiter circuit outputting a 1 under a certain ∆t. Ideally, a traditional arbiter outputs a 1 when ∆t < 0 or a 0 when ∆t > 0. This is an analog-digital conversion strategy that converts the analog value ∆t to the digital value 0 or 1. The arbitration probability of an ideal arbiter, which is represented symbolically by PS(∆t), can show the arbitration strategy of this kind of arbiter. In this view, if a circuit is designed to implement an arbitration strategy, this circuit is an instance object of this strategy.
A graph (PA or PS versus ∆t) can show PA or PS under each ∆t. For example, PA of an imaginary arbiter and PS of the corresponding arbitration strategy are shown as the blue line and red line in Fig.8. The red line should have only discrete values. And the blue line should try to fit the red line.
In the results table, one ∆t corresponds to 100 voltage values of Out pin. Some values are logic 0, and others are logic 1. PA under this ∆t is the number of logic 1 divided by 100. In the same way, we can calculate PA under all the ∆t and further make the graph. The PA graphs of D latch arbiter and 2N arbiter are shown in Fig.9, Fig.10. Obviously, the blue line in Fig.10 fits the red line better. We will analyze the two graphs quantitatively. CRA represents the ability of an arbiter giving a right arbitration response. CRA gives an answer of how well does an instance object of an arbiter implement its arbitration strategy. For example, CRA of an imaginary arbiter is shown as the shadow area in Fig.11. And CRA([ -0.05ns, 0.05ns])=1-0.0107/0.1=0.8925.
The shadows in Fig.12 and Fig.13 show the CRA of D latch arbiter and 2N arbiter respectively. Obviously, the shadow in Fig.12 is much bigger than the shadow in Fig.13. That means 2N arbiter can implement its arbitration strategy better than D latch arbiter. CRA([-0.007ns, 0.007ns]) and CRA([-0.040ns, 0.040ns]) of D latch arbiter are 0.5000 and 0.6260 respectively which means D latch arbiter can't work well with both 1 stage racing paths and 8 stages racing paths. On the contrary, 2N arbiter has a much better performance at least in correct rate.

Instability over time.
Ideally, under the same ∆t, in the same environment, an arbiter outputs the same response every time. So, the CRA should be 0 or 1, instead of a number between them. However, in Fig.15 and Fig.16, the CRA(∆t) falls gradually from 1 to 0. That means the arbiter is instable. Instability under [∆t1, ∆t2], which is represented symbolically by Instability ([ ∆t1, ∆t2]), can evaluate it quantitatively. Instability of the arbiter will affect the stability of APUF. The more CRA close to 1 or 0 (all right or all wrong), the more stable APUF will be. Notice that a stable arbiter doesn't mean a 100 The shadows in Fig.15 and Fig.16 show the instability over time of D latch arbiter and 2N arbiter respectively. The small size of both shadows means that the two arbiters have little inherent instability without regard to environmental changes.  Asymmetry. In Fig.12, D latch arbiter gives a right response when ∆t > 0ns or ∆t < −0.33ns. And when −0.33ns < ∆t < 0ns, instead of the right response 1, the arbiter gives a 0. Obviously, D latch arbiter responses 0 with a higher possibility than 1. D latch arbiter is asymmetric due to setup time. Asymmetry(|∆t|) which means the difference between P A(+|∆t|) and 1 − P A(−|∆t|), can evaluate it quantitatively. In experiment, asymmetry can be calculated by Equ.7. An ideal condition is that one line overlaps with another perfectly. Asymmetry represents the ability of an arbiter balancing the probability of response 1 and response 0. Asymmetry of an arbiter will affect the fairness of APUF. For example, Asymmetry of an imaginary arbiter is shown as the shadow area in Fig.17. And Asymmetry([0ns, 0.05ns]) = 0.0016/0.05 = 0.0313.
The shadows in Fig.18 and Fig.19 show the Asymmetry of D latch arbiter and 2N arbiter respectively. The area between the two curves in Fig.18 means that setup time problem leads to the imbalance of responses in D latch arbiter. Asymmetry([0ns, 0.007ns]) and Asymmetry([0ns, 0.040ns]) of D latch arbiter are 1.0000 and 0.7480 respectively. Particularly, D latch arbiter always responses a 0 under ∆t from -0.007ns to 0.007ns, whatever the challenge is. Obviously, the shadow in Fig.19 is much smaller than the shadow in Fig.18. Also, the Asymmetry([0ns, 0.040ns]) declines from 0.7480 to 0.0039 in 2N arbiter. We can draw the conclusion that the setup time problem is mitigated in 2N arbiter. 4. Conclusion. In this paper, we design a new 2N arbiter and conduct Monte Carlo Simulations to prove its usability. A series of new evaluation metrics are defined to evaluate arbiters quantitatively. These metrics show that traditional D latch arbiter has setup time problem and the new 2N arbiter has better performance in correct rate and stability when work with both 1 stage racing paths and 8 stages racing paths. Particularly, 2N arbiter mitigates the setup time problem by reduces the Asymmetry([0ns, 0.040ns]) from 0.7480 to 0.0039.
In this paper, we study the instability over time only. We will concentrate on the instability over temperature and age in the future work. In this paper, our work is all based on software simulation. We will conduct some FPGA experiments in the future work.