For the purpose of generating an identification bit or an identification code composed of a plurality of identification bits within a semiconductor device, various so-called “physical unclonable functions” (PUF) within the semiconductor device have been proposed. PUFs can be circuits, components, processes or other physical systems in a device which make it possible to obtain in a reproducible manner an individual unclonable identification code consisting of a plurality of identification bits. The identification code can always and repeatedly be derived from the inherent properties of the device and does not have to be stored, which constitutes a significant gain in security against external attacks. PUFs are based on fluctuations in the production process, material fluctuations or the like and cannot be set in a targeted manner during production. The bandwidth of the fluctuations and the number of identification bits used ensure that each device in a series acquires an individual identification code.
The identification codes obtained from the PUFs can be used, inter alia, for cryptographic calculations or encryptions or simply just for the identification of devices. The use of PUFs makes it possible, for example, to increase the security for computers, telephones, smart cards, RFID tags or similar devices.
PUFs make it possible, for example, to generate a unique identification identifier, a so-called identification code, for integrated circuits (ICs). This is done, for example, by a process in which existing random differences in MOS transistor threshold voltages or other properties that determine the electronic behavior are compared in a suitable manner. Since the PUFs are based on fluctuations in the production process, they cannot be controlled even by the IC manufacturer.
For methods for the commercially usable utilization of random process variables, typically at least some of the properties explained below are fulfilled.
Firstly, the PUF circuit typically supplies a digital output value present in the form of a binary identification code.
Furthermore, the identification code should be reproducible and stable with regard to variations in supply voltage, temperature, ageing and relative to all types of noise (thermal, shot noise, flicker noise, generation-recombination noise, etc.).
The identification code length and stability are typically chosen such that every IC can be correctly identified with a sufficiently high probability.
The PUF circuit should furthermore consume as little energy as possible and require as far as possible no calibration.
PUF circuits in ICs based on SRAM cell arrays are known in the literature. For example, a PUF circuit based on SRAM cells is described in “FPGA Intrinsic PUFs and Their Use for IP Protection”, in Cryptographic Hardware and Embedded Systems—CHES 2007, J. Guajardo, S. S. Kumar, G.-J. Schrijen, and P. Tuyls, ser. LNCS, P. Paillier and I. Verbauwhede, Eds., vol. 4727, Springer, Sep. 10-13, 2007, pp. 63-80. The fluctuations in the production process here provide for a different doping of the transistors in the channel region, and these in turn provide for different threshold voltages of the transistors within an SRAM cell. When a supply voltage is applied to the IC and thus to the SRAM cells, the latter switch over to a basic setting dependent on the threshold voltage of the transistors. The basic setting of each individual SRAM cell is independent of the basic setting of the other SRAM cells and supplies an identification bit. If various SRAM cells are then combined to form a block, an identification code can be generated from the interconnected SRAM cells and their identification bits.
One disadvantage of this known approach for realizing a PUF is that the PUF and thus the identification code can be generated only during the switch-on operation. The entire IC or at least the entire SRAM therefore first has to be switched to be free of voltage in order subsequently to be able to generate the identification code upon switch-on. If, during the operation of the IC, an identification code then has to be generated, for example for the purpose of authentication, this can lead to problems or to losses of time.