1. Technical Field
This disclosure relates generally to trusted computing, and in particular but not exclusively, relates to hardware to protect against subversion by substitution.
2. Background Art
Trustworthy computing (with software) cannot exist without trustworthy hardware to build it on. Even if an integrated circuit is produced using rigorous procedures in a “Trusted Foundry” and certified as “trustworthy,” technology must be developed to ensure against wholesale replacement of the component with a separately manufactured but subverted “look-alike” after the point of certification. Without detection of subversion by wholesale component substitution, today's information processing systems are vulnerable to sophisticated adversaries that can fabricate “look-alike” components that perform the same function as the intended component but which may contain additional subversion artifices that can be later triggered by an adversary to disrupt or compromise operation.
Using physical system protection schemes to prevent subversive attacks in deployed information processing hardware is technically difficult and expensive. An alternative to resisting subversive attack with physical system protection schemes is to employ robustly authenticated and protected hardware architectures to enable tracing of the origin of these components. Physically Unclonable Function (PUF) technology may be leveraged to deter adversaries from attempting subversion by insertion of subversive functionality and also by instantiation of counterfeit components (subversion via substitution). PUFs are derived from the inherently random, physical characteristics of the material, component, or system from which they are sourced, which makes the output of a PUF physically or computationally very difficult to predict. Silicon-based microelectronics appear to be a potentially rich source of PUFs because subtle variations in the production processes result in subtle variations in the physical and operational properties of the fabricated devices. Additionally, each device can have millions of exploitable transistors, circuits, and other active and passive components. Accordingly, PUFs extracted from microelectronics are of keen interest because of their potential applications to cyber security.
When using PUF mechanisms are used to support hardware authentication and/or other security techniques, one goal is for PUF circuitry to produce a consistent response throughout the lifetime of an integrated circuit (IC). However, physical characteristics of ICs tend to change over time. For example, negative bias temperature instability (NBTI) effects tend to degrade threshold voltages by tens of millivolts and circuit speeds by tens of percent in sub-65 nm devices. NBTI aging is influenced by temperature, workload, time, and voltage profiles of devices. Since PUF responses are generated from physical characteristics of ICs that originate from manufacturing variation, and since PUFs typically exploit variations in threshold voltage, drive strength, and propagation delay in an IC, it follows that PUF responses will be impacted by device aging.