ioPUF+: A PUF Based on I/O Pull-Up/Down Resistors for Secret Key Generation in IoT Nodes

TL;DR

ioPUF+ introduces a resistor-based PUF that leverages pull-up/pull-down variations on I/O pins to generate device-specific fingerprints without custom circuitry. The 190-bit PUF, derived from 20 voltage readings, is stabilized with BCH ECC and hashed with SHA-256 to produce cryptographic secret keys for AES-based device-to-device communication. Evaluated on a PSoC-5 platform across dozens of devices, ioPUF+ achieves robust reliability and competitive uniqueness, while hashing mitigates bias when using both pull-up and pull-down measurements. The full pipeline fits within a few tens of kilobytes of flash, tens to hundreds of milliseconds of latency, and tens of milliwatts of power, making it well-suited for resource-constrained IoT nodes.

Abstract

In this work, we present ioPUF+, which incorporates a novel Physical Unclonable Function (PUF) that generates unique fingerprints for Integrated Circuits (ICs) and the IoT nodes encompassing them. The proposed PUF generates device-specific responses by measuring the pull-up and pull-down resistor values on the I/O pins of the ICs, which naturally vary across chips due to manufacturing-induced process variations. Since these resistors are already integrated into the I/O structures of most ICs, ioPUF+ requires no custom circuitry, and no new IC fabrication. This makes ioPUF+ suitable for cost-sensitive embedded systems built from Commercial Off-The-Shelf (COTS) components. Beyond introducing a new PUF, ioPUF+ includes a complete datapath for converting raw PUF responses into cryptographically usable secret keys using BCH error correction and SHA-256 hashing. Further ioPUF+ also demonstrate a practical use case of PUF derive secret keys in securing device-to-device communication using AES-encryption. We implemented ioPUF+ on the Infineon PSoC-5 microcontroller and evaluated its performance across 30 devices using standard PUF metrics. The results show excellent reliability (intra-device Hamming distance of 100.00%), strong uniqueness (inter-device Hamming distance of 50.33%), near-ideal uniformity (50.54%), and negligible bit aliasing. Stability tests under temperature and supply-voltage variations show worst-case bit-error rates of only 2.63% and 2.10%, respectively. We also profiled the resource and energy usage of the complete ioPUF+ system, including the PUF primitive, BCH decoding, SHA-256 hashing, and AES encryption. The full implementation requires only 19.8 KB of Flash, exhibits a latency of 600 ms, and consumes 79 mW of power, demonstrating the suitabilitiy of ioPUF+ for resource-constrained IoT nodes.

Figures (8)

• Figure 1: (a) Security threat in IoT applications involving unencrypted data transfers over a wireless medium; eavesdropping attacks by nearby hackers. (b) Conventional approach to safeguard against eavesdropping attacks; encrypted data transfers with the key used for encryption stored in the device’s non-volatile memory. Drawback → the key can be recovered via physical attacks on the device. (c) PUF-based solution, where the keys used for encrypting data transfers are generated during device runtime. Keys are not stored in the device’s non-volatile memory; this resists physical recovery of the key. (d) Existing types of PUFs require specialized circuits. (e) Our proposed ioPUF+, based on I/O pull-up/down resistors.
• Figure 2: a) I/O block of PSoC-5 from Infineon Technologies, highlighting the pull-up resistor $R_{PU}$ and pull-down resistor $R_{PD}$infineon32bitPSoC. b) Method of measuring pull-up resistor of $P1$ using an external pull-down resistor, $R_{PD, EXT}$, connected to $PX$. c) Proposed method of measuring pull-down resistors of $P1$ using an external pull-up resistor, $R_{PU, EXT}$.
• Figure 3: Derivation of the PUF ID and secret key from PUF responses using BCH error-correcting codes (ECC) and SHA-256 hashing, along with an example application of the derived secret key for data encryption.
• Figure 4: a) Schematic of the experimental setup consisting of the PSoC development board, CY8CKIT-059, connected to a PC via a USB port. The ADC measures the voltage across the external resistors $R_{PU,EXT}$ and $R_{PD,EXT}$ for different AMUX select settings, allowing measurement of both pull-up and pull-down resistor values of the GPIOs: $P_1$ to $P_{10}$. Measurements are transferred to the PC in UART format and received using the Tera Term serial terminal. Subsequently, the readings are processed to generate the PUF responses. b) Picture of the experimental setup highlighting the Tera Term serial terminal, PSoC development board, and the external resistor connection.
• Figure 5: Plot of standard PUF metrics for the four ioPUF+ configurations: (1) using only the pull-up resistors, (2) using only the pull-down resistors, (3) using both pull-up and pull-down resistors, and (4) using both pull-up and pull-down resistors with SHA-256 hashing.