Researchers Create a Graphene-Based Physically Unclonable Function

Recently, researchers have created a physically unclonable function using graphene transistors which may help the semiconductor industry deploy graphene into future products. What is a physically unclonable function, what did the researchers create, and how could it help security of the future?

What is a physically unclonable function?

A Physically Unclonable Function, or PUF for short, is a piece of hardware that produces a unique output in a predictable manner but whose construction cannot be replicated. For example, a manufacturer could create 10 identical PUF units, but each one would produce a different output. Furthermore, no matter how hard an attacker tries to recreate a PUF, even if they had access to the original drawings and designs, they would never be able to recreate the output of a specific PUF.

PUFs are highly ideal for security applications as they make each devices containing a PUF unique, and this uniqueness is an excellent source for generating keys and encrypting data. Since the key is not reliant on a random number generator whose seed is a function of time or some other environmental factor that could be manipulated, the only way for an attacker to get the key is to physically attack the device. This also means that hardware PUFs cannot be attacked by reverse-engineering code as they do not rely on algorithms to generate the initial output.

Creating a functional PUF, however, is a very challenging task. A semiconductor foundry can program devices with unique keys, but this is an involved process, and each unique key would have to be generated using a true random number generator otherwise all pre-programmed chips would still be vulnerable. A true PUF would require no programming from the foundry nor would it require the use of unique photomasks to create unique metal routing and transistor positioning.

One method for creating PUFs is by taking advantage of the randomness of defects and doping in semiconductor wafers. No matter how hard a foundry tries, no two transistors will be identical, and as such will have each unique threshold voltages, channel resistance, and gate capacitance. Therefore, a PUF can be theoretically constructed from a series of transistor pairs configured as back-to-back inverters. Since it is not clear which transistor will turn on first, each inverter pair will take on unrelated states. Furthermore, the nature of the design will produce the exact same result whenever the device is powered off and on again (as the more conductive transistor will always turn on first).

However, the transistors' differences are minuscule, which introduces several challenges to creating PUFs in silicon. The first is that such minuscule differences between transistors require circuitry with a high degree of measuring accuracy otherwise the output from each transistor can be easily misread. 

The second challenge is that the distribution of properties in transistors results in many falling in the centre. These are often the hardest to determine (remember, transistors whose properties fall at the extremes will produce a clearer result than those whose properties fall at the median).

The third challenge is that silicon devices are prone to ageing, and as time progresses, the properties of each transistor change. Therefore, the output of a silicon PUF will change over time, but this is not entirely a problem with PUFs that are designed for seeding random key generation.

Researchers Create Graphene PUF

Recently, researchers announced the development of a graphene-based PUF whose output was not predictable even with the use of enhanced AI tools. The researchers fabricated 2,000 graphene transistors intending to make them identical, but the small variations in production resulted in each transistor behaving differently (this difference, however, is slight). The differences exhibited by the transistors include their Dirac voltage, Dirac conductance, and carrier mobility, and while such qualities are often avoided in traditional components, are highly desirable for use in PUFs.

Once fabricated, the researchers create a PUF and then put the system to the test using an AI algorithm specially designed to look for patterns. After analysing the graphene-based PUF, the researchers created a virtual model of their PUF, and then generated 64 million variations. However, despite the many variations, the AI could not create an algorithm to guess the generated keys from the PUFs.

However, the brilliance of a graphene-based PUF goes further; the researchers also stated that the graphene-based system can be reprogrammed to produce a different output without making any alterations to the hardware. Thus, an attacker who is lucky enough to determine the PUF output would be foiled when the PUF reconfigures itself. This method also provides the possibility of creating a tamper-proof mechanism whereby an attacker de-capping an IC would destroy the PUF output, thereby preventing reverse engineering. 

Future PUFs and hardware security

PUFs provide devices with a powerful security measure as they cannot be recreated or copied. Furthermore, they do not require a manufacturer to alter their production process, and there is no database of stored keys or a software system deciding what each key in each device should be.

However, what is not clear is the stability of a graphene-based PUF. Does such a device suffer against ageing? Is it affected by temperature? If graphene-transistors prove to be equally random but reliable compared to standard silicon transistors, the next generation of security devices could look towards graphene as a viable solution.

Read More

• IoT Security Law Closer to Completion

• Medical IoT and Security

• AI Cybersecurity Arms Race and Jobs

• Bluetooth and IoT security platform claimed as a world first