A physically unclonable function (PUF) is a physical structure generally within an integrated circuit that provides a number of corresponding outputs (e.g., responses) in response to inputs (e.g., challenges/requests) to the PUF. Each PUF provides one or more sets of request-response pairs. An identity of the integrated circuit may be established by such request-response pairs provided by the PUF.
When a memory cell, e.g. a static random-access memory (SRAM) cell, is used for storing user data and generating PUF, PUF bits (or at least partial PUF bits) may be obtained by lowering the supply voltage powering the cell. A first approach to prevent the cell retention failure attack is to require a separate SRAM block just for building the PUF, which contradicts the idea of using the existing memory of the device for generating PUF and significantly increases the implementation costs. A second approach is to wait until any value stored in the memory has decayed before reading data, once a power tempering is detected. This requires the device to have some notion of time and significantly increases the boot time, which is problematic in many applications. A third approach is to obfuscate the bits used for security purpose by designing the algorithms processing the PUF response such that the device behavior for different start-up states is indistinguishable by the adversary. However, this needs complex cryptographic primitives such as anonymous authentication schemes that typically exceed the capabilities of resource-constrained devices for which a SRAM based PUF is proposed. As such, existing methods and PUF generators are not entirely satisfactory for preventing a cell retention failure attack.