Comparative Analysis of SRAM PUF Temperature Susceptibility on Embedded Systems

Comparati v e Analysis of SRAM PUF T emperature Susceptibility on Embedded Systems Martina Zeinzinger , Josef Langer , Florian Eibensteiner , Phillip Petz, Lucas Drack Embedded Systems Lab, University of Applied Sciences Upper Austria Hagenberg, Austria { martina.zeinzinger , josef.langer, florian.eibensteiner , phillip.petz, lucas.drack } @fh-hagenberg.at Daniel Dorfmeister , Rudolf Ramler Softwar e Competence Center Hagenber g Hagenberg, Austria { daniel.dorfmeister , rudolf.ramler } @scch.at Abstract —An SRAM Physical Unclonable Function (PUF) can distinguish SRAM modules by analyzing the inherent random- ness of their start-up behavior . Howev er , the effectiveness of this technique varies depending on the design and fabrication of the SRAM module. This study compares two similar microcon- trollers, both equipped with on-chip SRAM, to determine which device produces a better SRAM PUF . Both microcontr ollers are programmed with an identical SRAM PUF authentication r outine and tested under varying ambient temperatures (ranging from 10 °C to 50 °C) to evaluate the impact of temperature on SRAM PUF performance. One embedded SRAM works significantly better than the other , even though the two models are closely related. The presented results can be used early in the design process to compar e arbitrary on-chip SRAM models and see which is best suited for implementing an SRAM PUF . Index T erms —SRAM PUF , embedded systems, hardware au- thentication, fuzzy extractor , chip biometrics, temperature I . I N T RO D U C T I O N Physical Unclonable Functions (PUFs) are means to gen- erate a unique identifier for electronic devices. Due to their resemblance to human biometrics, PUFs are sometimes re- ferred to as digital “fingerprints” of silicon chips [1]–[3]. Indeed, similar to a human fingerprint, they are used to differentiate between large numbers of identical devices based on minuscule physical characteristics. These unique charac- teristics result from manufacturing v ariations, manifested as physical microstructures or parameters that differ from device to device and cannot be modified or replicated. For example, in SRAM memory , these variations affect the transistors in each memory cell. These transistors ha ve minimal threshold voltage differences, which in turn determine the initial state of The research reported in this paper has been funded by the Federal Ministry for Climate Action, Environment, Energy , Mobility , Innovation and T echnol- ogy (BMK), the Federal Ministry for Labour and Economy (BMA W), and the State of Upper Austria in the frame of the COMET Module Dependable Production Environments with Software Security (DEPS) (FFG grant no. 888338) and the SCCH competence center INTEGRA TE (FFG grant no. 892418) within the COMET - Competence Centers for Excellent T echnologies Programme managed by Austrian Research Promotion Agency FFG. © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collectiv e works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. the cell after po wer up. T o date, ov er 40 dif ferent approaches to realize PUFs hav e been proposed [3]. In many real-world scenarios, adding additional hardware components is impractical. Thus, implementing PUFs us- ing hardware components that are readily available, such as DRAM and SRAM chips, is beneficial. In environments where embedded systems are prev alent not ev en these hardware components might be av ailable, requiring a focus on SRAM embedded in the microcontroller . Especially in an industrial context, de vice authentication for a secure boot process [4], [5] is of interest, which is a possible use case of PUFs based on embedded SRAM. Previous works compare different SRAM modules in terms of suitability for SRAM PUFs [6]. This work presents a comparativ e analysis of SRAM PUFs implemented using the embedded SRAM of two similar types of STM32 microcon- trollers. In particular, the STM32 chips F401RE and F446RE are used. Both chips originate from the same family of micro- controllers, namely the F4 family . They offer a wide range of MCU options and have only small differences in functionality and specifications. Both microcontrollers are widely used in a broad range of embedded system applications. W e are interested to see if, despite all the similarities between the two microcontrollers, there is a difference in their suitability for implementing SRAM PUFs. In contrast to dedicated SRAM modules, it is not alw ays easy to gather information about the embedded SRAM inside microcontrollers. This paper serves to sho w that ev en though two microcontrollers might appear to ha ve similar charac- teristics overall, they can differ in terms of suitability for SRAM PUFs. W e describe an automated testing environment in detail, so the presented experiments can be carried out on any standard microcontroller . The methodology shown in this paper can be used early in the design process to compare the suitability of different embedded SRAMs. This paper discusses SRAM PUF implementations on both the F401RE and the F446RE chip. T emperature tests show the performance of both chips side by side, demonstrating the SRAM PUF’ s general susceptibility to temperature changes and how both microcontrollers react differently to them. Furthermore, testing both systems with a fuzzy extractor shows the feasibility of de veloping a complete SRAM PUF authentication system on these microcontrollers. In particular , the experiments sho w that the choice of chip, ev en though both options appear similar in functionality , can significantly impact the amount of error tolerance needed in a fuzzy extractor . I I . B A C K G RO U N D Before going into details of PUFs based on embed- ded SRAM, in this section, we want to giv e an overvie w of physical unclonable functions—focusing on SRAM implementations—, and related noise and error correction mechanisms. A. Physical Unclonable Functions Physical Unclonable Functions (PUFs) are a hardware-based security primitiv e [1], [3], [7]. Minor variations in the manu- facturing process of a hardware component cause unintended physical characteristics. Thus, this unique digital fingerprint cannot be cloned easily . A PUF uses the unique hardware characteristics to provide hardware-specific responses to user- defined challenges. PUFs can be based on, e.g., Dynamic Random Access Memory (DRAM), which is in wide use as main memory . DRAM stores bits of information in DRAM cells, which must be refreshed regularly to not lose its charge. DRAM retention PUFs [8]–[10] utilize this behavior , as they are based on whether indi vidual DRAM cells loose their charge within a specific period of time when they are not refreshed, which varies from cell to cell. Another possible implementation is the DRAM Latency PUF [11], which deliberately violates timings for certain DRAM operations, e.g., reading from DRAM, to cause errors that are used for the PUF response. B. SRAM PUFs One specific way of implementing a PUF is the so-called SRAM PUF . It is based on the start-up beha vior of SRAM chips, in particular the preferred start-up values of the individ- ual SRAM cells. Essentially , po wering any giv en SRAM chip causes a random pattern to appear among its individual cells, where some cells power up to a 1 and the others to a 0 [1], [3], [12]–[14]. Except for a small amount of noise, the emerging pattern is the same each time that the chip is powered on. Each SRAM chip shows a different pattern, making individual chips distinct, and allowing for unique authentication. T o show the noise that emerges when powering the same chip multiple times, the start-up pattern of an SRAM chip is illustrated in Figure 1. Specifically , the figure shows the av erage probability over a set of 100 readings of po wering up to 1 for each individual cell. If this probability is 0 % or 100 %, the cell is strong, showing the same value after each power-up. If the probability is somewhere in between, the cell is weak and less useful for the identification of the chip. Rounding all the resulting probability values to 0 or 1 giv es the most likely start-up pattern that can be obtained and thus the kno wn fingerprint of the SRAM [12]. Giv en an SRAM chip, taking a random fingerprint F a and comparing it to its known fingerprint F K results in less noise than comparing it to any other random fingerprint F b . C. Noise and Err or Corr ection As with traditional biometrics, any pattern generated from an SRAM PUF includes some degree of noise. This stems from the fact that a minority of SRAM cells behav e randomly , represented in grey in Figure 1. In other words, no two readings are exactly the same. Correcting this noisy input is necessary in order to use the fingerprint in a cryptographic authentication system. Here, fuzzy extractors [15] based on error-correcting codes (ECC) hav e become established as the preferred software-based approach of dealing with noisy input [1], [6], [16]–[18]. Fuzzy extractors use a two-stage process, where a reference fingerprint is first enrolled with the fuzzy extractor , producing helper data. A new fingerprint can later be authenticated against the reference, using said helper data. This authentica- tion allows for a margin of error to exist in the fingerprint, thus accepting samples that differ from the reference. Most notably , the reference fingerprint is destroyed after enrollment and must therefore not be stored in non-volatile memory (NVM), which is unsafe. Helper data, on the other hand, can be stored safely in NVM as they must not leak any information about the original reference. T aken together , the typical authentication procedure in the field in volves the device going through a regular power-up. During power-up, SRAM forms its characteristic fingerprint in the uninitialized memory . Early in the boot process, firmware reads this fingerprint and passes it to the fuzzy e xtractor . If the fingerprint is reasonably close to the original, a PUF-based identifier is created and sent to an authentication authority , remote or on-site. I I I . S R A M P U F S I N E M B E D D E D M E M O RY In principle, any SRAM chip is able to host an SRAM PUF . This paper specifically covers embedded SRAM chips, such as those found in most microcontrollers. Here, some specific aspects should be considered when designing an authentication system. A. Start-Up Behavior SRAM PUFs produce their unique response only when they are turned on, i.e., when a voltage is applied to the previ- ously unpowered chip. This constrains the area of application for SRAM PUFs when they are implemented on embedded SRAM, since the chip cannot be turned of f and on at will. Performing a reset for the sake of authentication would be counterproductiv e. In contrast to other PUF types, the SRAM PUF can only produce a response when the SRAM is fully disconnected from voltage, so that its cells can lose their charge, and subsequently be repowered. Importantly , SRAM PUFs can be implemented with mem- ory that is later re-used by the user program, gi ven some precautions. Whether the memory area is re-used by the user p 1.0 0.8 0.6 0.4 0.2 0.0 Fig. 1. The start-up pattern of an SRAM chip, averaged ov er a 100 readings. The shading of each cell represents the cell’ s probability of powering up to 1. White and black cells ha ve a strong probability of 100 % and 0 %, respectiv ely . Gray cells can be considered unreliable, making them so-called weak cells. program or not, the PUF response must be ov erwritten after authentication. Otherwise, one could simply read the PUF response from memory , compromising the unique fingerprint. Overwriting the PUF response also serves to accomplish anti- aging, a technique used to improv e long-term stability of the SRAM PUF , as presented by Maes and van der Leest [19]. B. Embedded SRAM Reset Behavior While it is typically recommended to dedicate a separate memory area to the SRAM PUF only , this area can also be re-used by the user program if the need arises. In this case, howe ver , the aging of the SRAM and the reset behavior of the device must be taken into account. Generally , while performing a system reset, ARM microcontrollers do not cut of f the voltage powering the embedded SRAM [20], [21]. The respective devices might perform a reboot of the microcontroller , but the values stored in the SRAM are not erased. Consequently , the PUF would not be able to recover its response and fail the authentication. It is therefore crucial that the device is fully reset in any possible situation, e.g., by physically disconnecting the battery upon reset. In the same vein, voltage dips must be considered. A dip in voltage could trigger a system reset, e.g., through brown-out detection. This is another case when the system might enter the undesired state where the microcontroller resets while the SRAM keeps its old v alues. C. Sensitivity to Envir onmental F actors Along with the effects of supply voltage ramp-up time [22] and so-called aging caused by negati ve bias temperature instability [19], temperature changes can have a substantial impact on the performance of SRAM PUFs [6], [12], [14], [23]. Most notably , changes in temperature cause individual cells to change their behavior . Some cells might be stable at room temperature while becoming unreliable when temperatures rise or fall. What is most important is that the absolute temperature of operation is irrelev ant to the authentication of the device. What matters is solely the temperature difference between the time of enrollment and the time of authentication. Since enroll- ment happens in the factory where the device is programmed, the fingerprint emerging at the current temperature at that time is the baseline of comparison. In the following experimental results, we discuss both the absolute noise present at the different temperature points as well as the relativ e noise to the reference temperature. I V . E X P E R I M E N T S W e designed the follo wing experiments to be as repro- ducible as possible. The y can be reproduced with any embed- ded microcontroller capable of hosting an SRAM PUF . The experimental data presented here serves to show the tempera- ture susceptibility of SRAM PUFs by comparing two dif ferent, yet very similar, models of embedded microcontrollers. A. Used Micr ocontr ollers W e chose two related board types from the STM Nucleo dev elopment board range for conducting the experiment: the STM32F401RE boards with 96 KiB embedded SRAM [20] and the STM32F446RE boards with 128 KiB embedded SRAM [21] (see Figure 3), both fabricated using a 90 nm pro- cess [24], [25]. Further features of each board are summarized in T able I. The selection comprised of 14 devices of each type. Both device types belong to the same microprocessor family , equipped with ARM Cortex-M4 cores. T o put both devices into perspecti ve, the F401RE is an entry level device running at 84 MHz core speed, while the F446RE is positioned as a high-performance option operating at 180 MHz. B. Experimental Setup The temperature experiments were conducted in a compact temperature chamber , capable of reaching temperatures from 10 °C to 50 °C. This chamber is custom-b uilt for small device testing and is able to hold temperatures stable, even when the contained devices are under load. For each test run, we brought the de vices inside the chamber to the desired temperature and kept them there for several minutes before we recorded the experiment data, i.e., the SRAM PUF responses. W e did not mix the two de vice types during test runs. This means that for each run, we populated the chamber with 14 boards of the same type. For recording of the SRAM PUF responses, we used a single development PC to which all 14 boards were simultaneously connected via USB hubs. W e simultaneously switched on and off the boards by physically interrupting the USB connection. C. Metrics and Notation T o quantify SRAM PUF performance, a variety of metrics exist in the literature. Among the most important of them is the fractional Hamming distance ( FHD ). Gi ven two fingerprints of the same size, FHD describes how many bits dif fer between them as a percentage. Generally , it is used as an indication of how much av erage noise an SRAM PUF produces. While noise stays well under 10 % for most SRAM modules, higher values are certainly plausible when temperature conditions Fig. 2. Low-cost climate chamber for tests in a temperature-stable environ- ment. The styrofoam chamber can accommodate de vices up to the size of A TX mainboards. Heat is transferred from the inner fan and the inner aluminum plate to the outer CPU fan by two Peltier elements on each side. Depending on the waste heat from the electronic devices inside, precise control of the target temperature from 0 °C to 55 °C is possible. Fig. 3. The two tested versions of STM Nucleo boards: STM32F446RE on the left side and STM32F401RE on the right side. vary [6]. This is the noise that the error correction methods we mentioned in subsection II-C hav e to correct. Among other metrics, the fractional Hamming distance fur- ther serves to calculate the reliability and uniqueness of SRAM PUFs [26]. Reliability indicates how reliably a single chip reproduces the exact same response with each power -up. T o calculate the reliability of one SRAM model, many instances of that SRAM must be tested multiple times. Therefore, reliability is also referred to as intra-class Hamming distance, or HD intra [1], [27]. FHD is also needed to calculate SRAM PUF uniqueness, which quantifies how much two fingerprints differ from each other [26]. A uniqueness value of 0 % would mean that a fingerprint was compared to an exact copy of itself. When comparing SRAM instances, this metric ideally ev aluates to 50 %, since this is what would be expected when comparing two truly random strings [26]. Uniqueness is also referred to as inter-class Hamming distance, or HD inter [1], [27]. Reliability and uniqueness are the key metrics of compar- ison for the following experimental results. For a rigorous definition and classification of the used PUF performance metrics, refer to Maiti et al. [26]. V . R E S U LT S A N D D I S C U S S I O N In this section, we present the results of the experiments described in section IV and discuss their implications. A. Measurement Series and T emperatur es W e carried out multiple test runs with the boards inside the climate chamber (see Figure 2). In total, we conducted 150 measurement runs for each board type. Figure 4 sho ws the temperatures measured by the internal temperature sensors of the boards for each individual reading. Evidently , the internal temperature sensors do not provide an accurate assessment of the actual temperatures as they vary substantially from one reading to the next. Howe ver , what matters in this context is not the actual temperature that the measurements were taken at but the difference between the three temperature settings. The graphs in Figure 4 show that the measured temperatures match the goal temperatures of 10 °C, 25 °C and 50 °C adequately . B. Comparison with a Reference F ingerprint In an authentication scenario, the SRAM PUF is enrolled at a certain temperature, e.g., room temperature, and authenti- cated later at a different temperature. It is therefore reasonable to first derive a reference fingerprint for each board at a specified temperature. This is the baseline of comparison for the fingerprints gathered at all other temperatures. This is im- portant as the PUF must be guaranteed to work securely even T ABLE I M A IN F E A T U RE S O F T H E T WO E V A L UATE D N U C LE O - 6 4 B O AR D S B Y S T M I C RO E L EC T RO N I CS . STM32F401RET6 STM32F446RET6 Processor Arm ® Cortex ® -M4 core Arm ® Cortex ® -M4 core Clock Speed 84 MHz 180 MHz Flash 512 KiB 512 KiB RAM 96 KiB SRAM 128 KiB SRAM Product Line Access Line Foundation Line T emperature Range -40 °C to +105 °C -40 °C to +105 °C T ABLE II A V E RA G E N O I S E A CR O SS T E M P ER ATU R E S . S E E F IG U R E 5 F OR T H E A S SO C I A T E D D I AG RA M S . FHD avg10 FHD avg25 FHD avg50 [%] [%] [%] F401RE 5.29 3.87 5.35 F446RE 6.79 4.24 7.72 0 50 100 150 Sample # 0 10 20 30 40 50 60 Temperature [°C] F401 CPU temperature at the time of measurement 10 °C 25 °C 50 °C 0 50 100 150 Sample # 0 10 20 30 40 50 60 Temperature [°C] F446 CPU temperature at the time of measurement 10 °C 25 °C 50 °C Fig. 4. T emperature for each collected sample as measured by the internal temperature sensor of each board. Each line and color stands for a particular board, resulting in 14 lines in total for each graph. The left graph shows the values for the F401RE, while the right graph shows values for the F446RE. As indicated by the x-axis, 50 samples were taken at each temperature point. 0 50 100 150 Sample # 0 0.02 0.04 0.06 0.08 0.1 0.12 F401 HD-intra [%] 10 °C 25 °C 50 °C 0 50 100 150 Sample # 0 0.02 0.04 0.06 0.08 0.1 0.12 F446 HD-intra [%] 10 °C 25 °C 50 °C Fig. 5. HD intra of both SRAM types in comparison. Each data point stands for the FHD between the corresponding fingerprint and the reference fingerprint we took at 25 °C. The data points correspond to those in Figure 4. Again, there are 14 lines per measurement series. A veraging all 14 lines gives the values found in T able II. The left graph shows the results for the F401RE, while the right graph shows results for the F446RE. under adverse conditions, i.e., when temperatures approach the upper or lower bound of what the SRAM is specified for . The following experiment shows this scenario for tempera- ture points at 10 °C, 25 °C and 50 °C. In all test cases, 25 °C is the baseline against which we compare all fingerprints. T o achiev e this, we aggregated a reference fingerprint at 25 °C by taking 50 measurements and averaging them, resulting in the kno wn fingerprint F K . W e repeated these measure- ments for each de velopment board. W e ended up with 28 known fingerprints in total, 14 from the F401RE and 14 from the F446RE, one for each device. Then, we read 150 new fingerprints from each device at the temperatures displayed in Figure 4. W e compared these new fingerprints to the known fingerprints by calculating their FHD . As a final result, Figure 5 shows the HD intra for each single board, grouped by board type. A veraging the noise values of all the tested chips giv es the values listed in T able II, separated by board type and temperature. As we can gather from these results, the two chip types dif- fer substantially from each other in terms of their a verage noise lev el. The F446RE exhibits higher le vels of noise across the board. With the F446RE, the standard de viation at 50 °C also seems to be much greater than that of the F401RE, suggesting that its in-class v ariance increases with temperature. Still at 50 °C, the F446RE’ s highest recorded HD intra is 11.4 %, while noise levels on the F401RE rarely exceed 6.5 %. The F401RE performs more consistently ov erall. Comparing the values from T able II, the noise present at 25 °C in the F401RE is 8.7 % lo wer than that of the F446RE. At 10 °C, the values are 22.1 % lower , while at 50 °C, they are 30.7 % lower . This is a substantial dif ference. Additionally , it can be assumed that this pattern will continue as temperatures are further increased or decreased. Looking at these results, we can conclude that the F401RE is better suited as basis for an SRAM PUF on account of the reduced noise lev el of around 8.7 % at room temperature. This reduction alleviates the demand for error correction. When considering that the difference between noise levels becomes ev en more se vere when temperatures deviate further from the reference temperature, the F401RE is clearly the better choice. Nev ertheless, both chips show the same general behavior , namely that noise rises with the relativ e temperature difference between the device’ s current temperature and its temperature at enrollment. These results go in line with those from larger studies [6], [23]. Compared with the results from the men- tioned studies, the F401RE performs well. The performance of the F446RE is mediocre, but nonetheless viable. C. Reliability In the pre vious section, we analyzed the PUF beha vior when fingerprints taken at high or low temperatures are compared to a reference that was taken at 25 °C. Besides, what is also of interest is the absolute reliability at said temperature points. Figure 6 and Figure 7 display how temperature affects the reliability metrics. The diagrams for both chip types show a similar behavior , as the reliability of both variants is highest when temperatures are low . When temperatures rise, reliability declines—which means that more bits become unreliable by showing unpredictable behavior . F401 HD-intra Distribution [%] 0.05 0.1 0 2 4 6 8 10 12 # of Samples 10 °C 25 °C 0.05 0.1 0 2 4 6 8 10 12 50 °C 0.05 0.1 0 2 4 6 8 10 12 F446 HD-intra Distribution [%] 0.05 0.1 0 2 4 6 8 10 12 # of Samples 10 °C 25 °C 0.05 0.1 0 2 4 6 8 10 12 50 °C 0.05 0.1 0 2 4 6 8 10 12 Fig. 6. Noise distribution of the two chip types at fixed temperatures. The collection of graphs at the top shows the F401RE, while the F446RE is at the bottom. For each chip type, 14 boards were used. From each board, 50 samples were taken per temperature.   Probability Density   Probability Density /PSNBM%JTUSJCVUJPO'     /PSNBM%JTUSJCVUJPO'       Fig. 7. These graphs show the approximated distributions of all three temperature points side by side. Graph a) on the left shows the normal distributions for the tested temperatures on the F401RE, while b) at the right giv es this information for the F446RE. Comparing the two graphs, it is clearly visible that the F446RE shows higher levels of noise by a substantial margin. It shows almost twice as much noise at 50 °C compared to the F401RE. Generally , and most notably on the F446RE, standard deviation of noise distribution also increases with temperature. In contrast, both models seem to behave remarkably stable when chilled to 10 °C. D. Uniqueness Uniqueness describes ho w different the individual finger- prints are between different specimens of the same SRAM models. Figure 8 shows that the F446RE actually scores slightly better in this regard, staying close to the ideal 50 %. Howe ver , it shows an increase in standard deviation when temperature rises, whereas the F401RE stays largely constant throughout. This increased standard deviation can be attributed            Probability Density Uniqueness (F401)               Probability Density Uniqueness (F446)    Fig. 8. Normal distributions of uniqueness for the F401RE and F446RE side by side. Scores for the F401RE do not vary substantially with temperature, therefore the lines largely overlap. to the behavior shown in Figure 6 and Figure 7, since the F446RE in general shows elev ated levels of noise at 50 °C. E. Implications for Err or Corr ection Error correction for PUFs is usually achiev ed by the use of fuzzy extractors [1], [6], [12], [17], [18]. T o date, no real alternativ e to fuzzy extractors has emerged. This begs the question which implementation is the best for embed- ded systems and their strictly limited resources. T aking into account the presented temperature behavior of the SRAM fingerprints, any fuzzy extractor design must be prepared for the w orst case in terms of environmental conditions. They must provide suf ficient tolerance in order to be able to correct bit errors in the SRAM PUF response, ev en when temperatures reach the limits of specification. As the presented experiments show , conclusions about the worst case conditions can only be determined empirically for each individual SRAM model and can differ considerably , ev en in SRAM architectures that seem to be closely related in design. T emperature tests, such as those described in this paper , are therefore a necessary step in SRAM PUF de velopment and must also include the fuzzy extractor design. T o study the impact of temperature dependence on a fuzzy extractor empirically , we implemented a fuzzy extractor in C based on a construction of Canetti et al. [28]. This construc- tion is not based on traditional ECC, but rather on digital lockers [29], using a sample-then-lock mechanism. It relies on obscuring the secret, in this case the reference fingerprint, with a large number of random nonces. The construction has adjustable parameters with values for the desired Hamming distance, reproduction error and cipher security . Adjusting the parameters allows the fuzzy extractor to be more or less tolerant in terms of bit errors, i.e., allowing a larger Hamming distance between the reference and any new fingerprint. W ith more tolerance comes a larger number of random nonces needed. So, the trade of f of a more tolerant fuzzy extractor is an increase in the size of the helper data. Deploying a fuzzy extractor on an embedded system implies that its tolerance is kept to the necessary minimum due to the limited memory size. It is of interest to note once again that the size of helper data increases with the required error tolerance. Even though the construction of Canetti et al. does not score at this point, it is sufficiently suitable for our purposes. Resulting from the performed tests, which inv olved fingerprints of 16 bytes and a fixed reproduction error of 10 − 3 , the size of the helper data for a Hamming error of 4 bits amounted to 30 KiB of data. In order to correct 5 faulty bits, the size of the helper data increases to 81 KiB. Finally , adjusting the Hamming error to 8 bits results in a substantial increase in needed memory , with 1600 KiB of helper data. So, with the construction of Canetti et al., increasing the desired Hamming distance by one bit, while keeping the other parameters the same, results in an increase in helper data size of 265 %. Real world implementations of SRAM PUFs require fingerprints with a size of hundreds of bytes. Larger fingerprints naturally require a higher error tolerance in terms of Hamming distance, so this exponential gro wth makes the construction largely impractical. This suggests that the traditional ECC-based methods are better suited to this task because of the amount of memory required in a final product. Clearly , the amount of helper data that this implementation requires is beyond the capabilities of modern embedded systems. Ho we ver , as already men- tioned, for our purposes - the demonstration of the different temperature sensitivity in very similar microcontrollers - the chosen fuzzy exractor is sufficient. Since no memory has to be reserved for an application, we can use it sufficiently well to show our results. Therefore, we tested it with data from the temperature experiments, using fixed size fingerprints of 16 bytes. W e set the allo wed reproduction error to 10 − 3 and allowed 5 bits of Hamming error . This corresponds to 3.9 % of allo wed Hamming error . First, we enrolled the fuzzy extractor with a reference fingerprint aggregated at 25 °C. Then, we attempted replication with random fingerprints we also took at 25 °C. The construction could easily reconstruct the fingerprints. Howe ver , when attempting the same with fingerprints that were recorded at 10 °C or 50 °C, the fuzzy extractor failed to reconstruct the fingerprint. This is due to the elev ated noise lev els which are demonstrated in Figure 5. Readings from both the F401RE and the F446RE behav ed the same. Using the same reference fingerprint, but with an increased tolerance of 8 bits of Hamming distance, leads to a dif ferent behavior . It was now able to reconstruct its reference finger- print, ev en when the reproduction material used was recorded at 10 °C or 50 °C. Noticeably , processing time increased greatly , which is another drawback of having to store a large amount of helper data. For these tests, we used fingerprints of 16 bytes. Compara- tiv ely , this is a tiny size for SRAM PUF systems, where byte sizes usually lie in the hundreds. The tiny size of 16 bytes was necessary due to constrains in processing po wer . Using a size of 32 bytes, as an example, would increase the processing time from minutes to hours, which was impractical to test. A different solution is therefore needed in order to bring the construction of Canetti et al. onto embedded systems. For now , traditional ECC-based solutions hav e the edge. V I . C O N C L U S I O N W e found both chips, F401RE and F446RE, to be viable for implementation of SRAM PUFs using their embedded SRAM. Important remarks about the implementation of SRAM PUFs on the embedded SRAM are presented especially in terms of their start-up and reset behavior . The susceptibility of SRAM PUFs to environmental factors is demonstrated through tem- perature experiments, showing that PUF performance changes with the ambient temperature. In particular, we carried out temperature tests at 10 °C, 25 °C and 50 °C. Fundamentally , we confirmed the findings of previous re- search [6], [12], [23] by the presented results. Most impor - tantly , the results summarized in Figure 5 show the expected behavior when fingerprints from different temperatures are compared with a reference taken at a fixed temperature. What is most surprising is that the two chips, closely related and stemming from the same product family , performed so differently when utilized for SRAM PUFs. One would expect them to be much closer in terms of average noise, howe ver we found the F401RE to be significantly better in this critical as- pect compared to the F446RE. No statement can be made here about the causes for these deviations. A closer in vestigation of the reasons for the dif ferent behavior is reserved for future work. The same applies to the comparison between specimens of the same microcontroller from different production batches or also to the comparison with other microcontrollers from the same series. In addition to the tests done on the SRAM chips themselves, we presented and discussed an implementation of a fuzzy extractor based on a construction by Canetti et al. [28]. W e found the design to be working, but inadequate for use in embedded systems in terms of needed helper data size and processing time. For now , traditional ECC-based algorithms hav e the edge ov er Canetti et al. ’ s digital lockers [29] in this regard. Given a suf ficient reduction of the size of needed helper data, this might change in the future. R E F E R E N C E S [1] C. Herder, M.-D. M. Y u, F . Koushanfar , and S. Devadas, “Physical unclonable functions and applications: A tutorial, ” Pr oceedings of the IEEE , vol. 102, pp. 1126–1141, 8 2014. [2] Y . Gao, S. F . Al-Sarawi, and D. Abbott, “Physical unclonable functions, ” Natur e Electronics , vol. 3, no. 2, pp. 81–91, 2020. [3] T . McGrath, I. E. Bagci, Z. M. W ang, U. Roedig, and R. J. Y oung, “ A PUF taxonomy , ” Applied Physics Reviews , vol. 6, no. 1, 2019. [4] A. V an Herrewege, A. Schaller, S. Katzenbeisser, and I. V erbauwhede, “Demo: Inherent PUFs and secure PRNGs on commercial off-the-shelf microcontrollers, ” in Pr oceedings of the 2013 ACM SIGSAC confer ence on Computer & communications security , ser . CCS ’13. Association for Computing Machinery , 2013, pp. 1333–1336. [5] A. Schaller, T . Arul, V . Leest, and S. Katzenbeisser, “Lightweight anti- counterfeiting solution for low-end commodity hardware using inherent pufs, ” in Pr oceedings of the 7th International Conference on T rust and T rustworthy Computing - V olume 8564 . Springer , 2014, pp. 83–100. [6] G.-J. Schrijen and V . van der Leest, “Comparative analysis of SRAM memories used as PUF primitives, ” in 2012 Design, Automation & T est in Europe Confer ence & Exhibition , 2012, pp. 1319–1324. [7] B. Gassend, D. Clarke, M. V an Dijk, and S. Dev adas, “Silicon physical random functions, ” in Proceedings of the 9th ACM Confer ence on Computer and Communications Security , 2002, pp. 148–160. [8] C. Keller , F . G ¨ urkaynak, H. Kaeslin, and N. Felber, “Dynamic memory- based physically unclonable function for the generation of unique identi- fiers and true random numbers, ” in 2014 IEEE International Symposium on Circuits and Systems (ISCAS) , 2014, pp. 2740–2743. [9] S. Sutar, A. Raha, and V . Raghunathan, “D-PUF: An intrinsically reconfigurable DRAM PUF for device authentication in embedded systems, ” in 2016 International Conference on Compliers, Ar chitectur es, and Sythesis of Embedded Systems (CASES) , 2016, pp. 1–10. [10] W . Xiong, A. Schaller , N. A. Anagnostopoulos, M. U. Saleem, S. Gab- meyer , S. Katzenbeisser , and J. Szefer , “Run-time accessible DRAM PUFs in commodity devices, ” in Cryptographic Har dwar e and Embed- ded Systems – CHES 2016 , B. Gierlichs and A. Y . Poschmann, Eds. Berlin, Heidelberg: Springer Berlin Heidelberg, 2016, pp. 432–453. [11] J. S. Kim, M. Patel, H. Hassan, and O. Mutlu, “The DRAM latency PUF: Quickly ev aluating physical unclonable functions by exploiting the latency-reliability tradeoff in modern commodity dram devices, ” in 2018 IEEE International Symposium on High P erformance Computer Ar chitectur e (HPCA) , vol. 2018-Febru. IEEE, 2018, pp. 194–207. [12] D. Holcomb, W . Burleson, and K. Fu, “Power -up SRAM state as an identifying fingerprint and source of true random numbers, ” IEEE T ransactions on Computers , vol. 58, no. 9, 2009. [13] J. Guajardo, S. Kumar, G. Schrijen, and P . Tuyls, “FPGA intrinsic PUFs and their use for IP protection, ” Proc W orkshop on Cryptographic Har dwar e and Embedded Systems , vol. 4727, pp. 63–80, 09 2007. [14] D. Holcomb, W . Burleson, and K. Fu, “Initial SRAM State as a Fingerprint and Source of T rue Random Numbers for RFID T ags, ” in In Proceedings of the Conference on RFID Security , 2007. [15] Y . Dodis, L. Reyzin, and A. Smith, “Fuzzy extractors: How to generate strong keys from biometrics and other noisy data, ” Computing Researc h Repository - CORR , vol. 38, 2004. [16] U. R ¨ uhrmair and D. E. Holcomb, “PUFs at a glance, ” in 2014 Design, Automation and T est in Eur ope Conference and Exhibition (DA TE) , 3 2014. [17] H. Kang, Y . Hori, T . Katashita, M. Hagiwara, and K. Iwamura, “Crypto- graphic key generation from PUF data using efficient fuzzy extractors, ” in 16th International Conference on Advanced Communication T echnol- ogy , 2014, pp. 23–26. [18] H. Kang, Y . Hori, T . Katashita, and M. Hagiwara, “The implementation of fuzzy extractor is not hard to do: An approach using PUF data, ” in Pr oceedings of the 30th Symposium on Cryptography and Information Security , Kyoto, Japan , 2013, pp. 22–25. [19] R. Maes and V . van der Leest, “Countering the effects of silicon aging on SRAM PUFs, ” 2014 IEEE International Symposium on Har dware- Oriented Security and T rust , pp. 148–153, 2014. [20] STMicroelectronics, STM32F401xB/C and STM32F401xD/E advanced Arm®-based 32-bit MCUs , 2018. [Online]. A vailable: h ttps: //www.st .com/resou rce/en/reference manual /dm00096844- stm32f 401xb- c- and- s tm32f401xd- e- advanced- arm- based- 32- bit- mcus- stmicroelectronics.pdf [21] ——, STM32F446xx advanced Arm®-based 32-bit MCUs , 2021. [Online]. A vailable: ht tps://www .st.c om/resourc e/en/refer ence ma nual/ rm039 0- stm32f 446xx- ad vanced- ar mbased- 32 bit- mcus- stmic roelectr on ics.pdf [22] A. Elshafiey , P . Zarkesh-Ha, and J. Trujillo, “The effect of power supply ramp time on SRAM PUFs, ” in 2017 IEEE 60th International Midwest Symposium on Circuits and Systems , 08 2017, pp. 946–949. [23] Intrinsic ID. (2017, 8) The reliability of SRAM PUF. [Online]. A vailable: https://w ww .int rinsic- id.com/wp- c ontent/uploads/201 7/08/W hite- Paper- The- reliability- of- SRAM- PUF.pdf [24] STMicroelectronics. (2016, 5) STM32F401. [Online]. A vailable: https: //www .st.com/en/microcontrollers- microprocessors/stm32f401.html [25] ——. (2016, 5) STM32F446. [Online]. A vailable: https://www .st.com/e n/microcontrollers- microprocessors/stm32f446.html [26] A. Maiti, V . Gunreddy , and P . Schaumont, “ A systematic method to ev aluate and compare the performance of physical unclonable functions, ” IACR Cryptol. ePrint Arc h. , no. 657, 2011. [27] M. Deutschmann, L. Iriskic, S.-L. Lattacher, M. M ¨ unzer , and O. T omashchuk, “ A PUF based hardware authentication scheme for embedded devices, ” T echnikon Forschungs- und Planungsgesellschaft mbH, T ech. Rep., 8 2018. [Online]. A vailable: https: //techn ikon.com / wp- conte nt/uploads/2019/1 2/White- Paper- on- PUF- Base d- HW - A uthent ication.pdf [28] R. Canetti, B. Fuller, O. Paneth, L. Reyzin, and A. Smith, “Reusable fuzzy extractors for low-entropy distributions, ” J ournal of Cryptology , vol. 34, 9 2020. [29] R. Canetti and R. R. Dakdouk, “Obfuscating point functions with multibit output, ” in Advances in Cryptology – EUR OCRYPT 2008 , N. Smart, Ed. Berlin, Heidelberg: Springer Berlin Heidelberg, 2008, vol. 4965, pp. 489–508.