IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, VOL. 11, NO. 6, JUNE 2016 1291 Design, Evaluation, and Optimization of Physical Unclonable Functions Based on Transient Effect Ring Oscillators Abdelkarim Cherkaoui, Lilian Bossuet, Senior Member, IEEE, and Cédric Marchand Abstract— This paper proposes a theoretical study and a full overview of the design, evaluation, and optimization of a PUF based on transient element ring oscillators (TERO-PUF). We show how, by following some simple design rules and strategies, designers can build and optimize a TERO-PUF with the state-of-the-art PUF characteristics in a standard CMOS technology. To this end, we analyzed the uniqueness, steadiness, and randomness of responses generated from 30 test chips in a CMOS 350-nm process in nominal and corner voltage and temperature conditions. Response generation schemes are proposed and discussed to optimize the PUF performances and reduce its area without noticeable loss in its output quality. In particular, we show that the large area of the basic blocks in the TERO-PUF is balanced by the high level of entropy extracted in each basic block. Guidelines are provided to balance reliability and randomness of the responses and the design area. Index Terms— Information security, cryptography, digital sig- natures, authentication. I. I NTRODUCTION A NOVEL approach for the identification and authenti- cation of electronic devices emerged and has received quite some attention in the last few years. The new paradigm aimed at physically identifying hardware systems, instead of associating them with an explicitely programmed digital identity. The concept of physical unclonable functions (PUFs) was first introduced by Ravikanth in [1]. PUFs can extract unique secret keys from the physical characteristics of the device using a challenge and response procedure based on a physical interaction which is extremely hard or impossible to reproduce. Entropy is derived from a physical random variable such as the mismatch between transistor attributes (length, width, oxide thickness, etc.) caused by manufacturing Manuscript received June 19, 2015; revised October 20, 2015; accepted January 15, 2016. Date of publication February 3, 2016; date of current version March 23, 2016. This work was carried out in the framework of the SALWARE project ANR-13-JS03-0003 supported by the French Agence Nationale de la Recherche and by the French Fondation de Recherche pour l’Aéronautique et l’Espace. The associate editor coordinating the review of this manuscript and approving it for publication was Prof. Mauro Barni. A. Cherkaoui is with the Techniques de l’Informatique et de la Microélec- tronique pour l’Architecture des Systèmes Intégrés Laboratory, Université Grenoble Alpes, Grenoble 38031, France, and also with the Centre National de la Recherche Scientifique, Techniques de l’Informatique et de la Microélectronique pour l’Architecture des Systèmes Intégrés Laboratory, Grenoble 38031, France (e-mail: abdelkarim.cherkaoui@imag.fr). L. Bossuet and C. Marchand are with the Laboratoire Hubert Curien, Centre National de la Recherche Scientifique, University of Lyon, Saint-Etienne 42000, France (e-mail: lilian.bossuet@univ-st-etienne.fr; cedric.marchand@ univ-st-etienne.fr). Color versions of one or more of the figures in this paper are available online at http://ieeexplore.ieee.org. Digital Object Identifier 10.1109/TIFS.2016.2524666 process variability (MPV). The basic principle is that MPV is neither controllable (it is not predictable) nor reproducible, but can be measured. Ideally, when a PUF is challenged, its response is unique (each device has a unique, non reproducible response based on its unique physical characteristics), random (it is uniformely distributed and it cannot be predicted), steady (each device always gives the same response to a given challenge) and in some cases tamper resistant (probing the PUF changes its physical behavior and hence the obtained response). Many silicon based PUF architectures exist, but two main approaches are used to extract entropy from MPV in digital devices: methods based on the measurement or comparison of timing and methods that exploit the resolution of a metastable state. SRAM-PUFs [2] and butterfly PUFs [3] rely on the settling state of cross-coupled elements: at the initialization of a SRAM, most cells’ outputs are biased toward ‘1’ or ‘0’ depending on MPV. The arbiter PUF [4] relies on the race between two events (electrical transitions) in two identical delay lines. The ring oscillator based PUF [5] (RO-PUF) leverages the frequency mismatch between several identically designed ring oscillators (ROs). ROs can easily be imple- mented in both ASICs and FPGAs, and they have been widely used to measure and model MPV [6]. Numerous studies have shown that when correctly implemented, the uniqueness, steadiness and randomness of the RO-PUF are adequate, which is why it is currently considered to be one of the best PUF candidates [7], [8]. However, there are two main constraints in the use of ROs in a security primitive: the ROs must be independent, and their frequencies must be hidden. Recent studies have shown that, in practice, ROs do not meet these requirements. When identical ROs are implemented in the same device, dependencies in their switching times may occur [9]. On rare occasions, two ROs may naturally lock on the same frequency. This state of locking can be caused intentionally either by manipulating the power supply voltage [9] or by harmonic electro-magnetic injection [10]. In the case of the RO-PUF, this latter contactless attack may render a large portion of the PUF responses predictable. On the other hand, RO frequencies and their location on the chip can be retrieved using electro-magnetic analysis [11]. Information leaked via the electro-magnetic channel can therefore help to mathematically clone the PUF. To circumvent these issues, [12] proposes to use tran- sient effect ring oscillators (TEROs) as an alternative to classical ROs. TEROs are supposed to be more robust against 1556-6013 © 2016 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission. See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.