PUF for the Commons: Enhancing Embedded Security on the OS Level

Publikation: Beitrag in FachzeitschriftForschungsartikelBeigetragenBegutachtung



Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.


Fachzeitschrift IEEE Transactions on Dependable and Secure Computing
PublikationsstatusElektronische Veröffentlichung vor Drucklegung - Aug. 2023

Externe IDs

Mendeley 20894405-a24a-3d75-9470-b89107060654
Scopus 85166768350
ORCID /0000-0002-3825-2807/work/142241907


Fächergruppen, Lehr- und Forschungsbereiche, Fachgebiete nach Destatis


  • Aging, Embedded security, Entropy, Internet of Things, Operating systems, Physical unclonable function, Random access memory, Security, large -scale SRAM analysis, operating systems, physically unclonable functions