Journal of Electronic Testing https://doi.org/10.1007/s10836-019-05808-w Enhanced Authentication Using Hybrid PUF with FSM for Protecting IPs of SoC FPGAs J. Kokila 1 · N. Ramasubramanian 1 Received: 20 February 2019 / Accepted: 27 May 2019 © Springer Science+Business Media, LLC, part of Springer Nature 2019 Abstract A new generation of technology is harder and costlier to deliver because of the physical design limitations of the silicon chip. The minute chip alone is not only compromising the requirements of the user but also creates challenges with respect to security. Architecture for two-factor authentication is designed with low-power, area and with less- human intervention. The proposed model consists of hybrid physical unclonable functions (PUFs) and finite state machine (FSM), which is used to secure the chip and intellectual property (IP) respectively. The PUFs are most often used in recent security applications such as IP protection, IC metering, hardware signature, and obfuscation. This application needs a complex algorithm with a database which consumes more cost and time. In this paper, we have proposed an authentication model consisting of strong and weak PUF with an FSM which can be used for IoT applications. The main focus of this proposal is to authenticate hardware and software IP in circuits. The Experimental evaluation illustrates that the area and power consumed are 5% and 9%, respectively, for authenticating 26 IPs with no false acceptance ratio (FAR) and 1% false rejection ratio (FRR). Keywords System-on-a-chip design · Field - programmable gate array · Arbiter PUF · Butterfly PUF · Finite state machine · Two-factor authentication · Hardware security and IP protection 1 Introduction Everyday activity is completely associated with embedded devices. The design cost and complexity of such a device are increasing day by day with a demand for the light- weight authentication technique that can be implemented on a prevalent device. The technique used for authentication should be aware of the physical attack because the attacker will directly access the device at any time [1]. The existing authentication methods suffer from computational delay and performance reduction because of multifactor involvement, which is not appropriate for any high-speed, hand-held and sensitive applications. Responsible Editor: O. Sinanoglu  J. Kokila 406114002@nitt.edu N. Ramasubramanian nrs@nitt.edu 1 Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli, India System-on-a-chip (SoC) design incorporates the entire modern computer system onto a distinct die. It is embedded with a high-speed processor like ARM along with GPU, dual data rate (DDR) memory, USB controller, WiFi, power management circuits, and wireless radios. The SoC technology serves as a subset of embedded systems, as all the basic features will be available and extra functionality can be added to meet recent advancement [2]. The SoC is the multidisciplinary technology that is used in smartphones and consumer devices and has a vital role in the field of agriculture, medical, academic, research, engineering, and technology. The SoC is the multidisciplinary technology that is used in smartphones and consumer devices and has an important role in the field of agriculture, medical, academic, research, engineering, and technology. Field-programmable gate array (FPGA) is known for its flexibility in design, less time to market and low cost, hence it is more preferred in chip design recently instead of application-specific integrated circuits (ASICs). FPGAs are used as a standard platform for designing hardware and software in consumer electronics and space equipment as referred in [3]. Such FPGAs can be embedded with high- speed processors to form an SoC FPGA platform. Hence, they offer high flexibility, bandwidth communication by