Modeling arbiter-PUF in NodeMCU ESP8266 using artificial neural network

A hardware fingerprinting primitive known as physical unclonable function (PUF) has a huge potential for secret-key cryptography and identifica-tion/authentication applications. The hardware fingerprint is manifested by the random and unique binary strings extracted from the integrated circuit (IC) which exist due to inherent process variations during its fabrication. PUF technology has a huge potential to be used for device identification and authentication in resource-constrained internet of things (IoT) applications such as wireless sensor networks (WSN). A secret computational model of PUF is suggested to be stored in the verifier’s database as an alternative to challenge and response pairs (CRPs) to reduce area consumption. Therefore, in this paper, the design steps to build a PUF model in NodeMCU ESP8266 using an artificial neural network (ANN) are presented. Arbiter-PUF is used in our study and NodeMCU ESP8266 is chosen because it is suitable to be used as a sensor node or sink in WSN applications. ANN with a resilient back-propagation training algorithm is used as it can model the non-linearity with high accuracy. The results show that ANN can model the arbiter-PUF with approximately 99.5% prediction accuracy and the PUF model only consumes 309,889 bytes of memory space. This is an open access article under the CC BY-SA license.


INTRODUCTION
In recent years, the energy efficiency and security of the resource-constrained internet of things (IoT) systems become a crucial issue and a major challenge. With the evolving security and privacy threats, softwarelevel security provides no guarantee to protect the system [1], [2]. Hence, hardware-level security technology is required to enhance the system protection and ensure only the authenticated device or hardware can proceed to the software or application launch. Nevertheless, providing another layer (i.e., hardware) of security level is challenging especially for resource-constrained IoT systems.
Journal homepage: http://ijres.iaescore.com ❒ ISSN: 2089-4864 The emergence of physical unclonable function (PUF) as hardware fingerprinting technology could provide an intrinsic secret key or unique device-identifier by exploiting the inherent process variations during integrated circuits (ICs) fabrication. The input-output of the PUF is known as challenge and response pairs (CRPs). The unique and random corresponding responses are generated when challenges are applied to a PUF. The PUF response is uniquely different from one challenge to the other challenges. Additionally, when the same challenge is applied to two similar PUFs, each PUF generates a uniquely different response (i.e., device specific response). PUF design shows a few advantages such as low area and energy consumption, low fabrication cost, device-specific response, and non-human key programming which reduce the potential threat from untrusted parties in the interest to compromise the key [3].
Nevertheless, when considering the PUF application for resource-constrained device authentication, one of the primary drawbacks is the establishment of the secret CRPs table in the verifier database [4], [5]. During the authentication, the server is securely communicating with the PUF by sending the challenge and retrieving the PUF response as depicted in Figure 1. The authentication passes if the retrieved response is matched with the stored response. To avoid replay attacks, the used CRPs must be discarded from the verifier database and only unused CRPs are used for the next authentication process. Hence, the server must collect a huge number of CRPs before the field application and store them secretly [6], [7]. For applications with thousands (or could be millions) of PUF clients, this corresponds to an enormous amount of required secret storage.
To overcome the limitation of the huge database in the verifier, the researchers explored the feasibility of using a secret computational model of PUFs. In the early exploration, PUF-based authentication protocols have been proposed in which the underlying PUFs need to be derived during the enrollment phase. The example includes secure re-configurable PUF, time-bounded PUF, Slender PUF, noise bifurcation architecture, and statistical delay-based PUF [8]- [12]. In a study, Kong et al. [13] proposed a PUF-based remote attestation by binding the software-based attestation protocol to intrinsic device characteristics. Arithmetic and logic unit (ALU) PUF is used as a PUF basic building based on the delay difference in two different ALUs caused by the manufacturing variations. Moreover, the emulation-based approach is also proposed to overcome the huge CRPs storage. The ALU PUF is emulated by extracting its gate-level delay and the delay additions. However, during the read-out of the gate-level delays by a trusted party, the protected interface must be used. This protected interface must not be used by the user when the device is deployed in the field. Hence, it is suggested to provide a protected interface that can be permanently disabled by, e.g., using fuses.
In a recent study, Yilmaz et al. [14] proposed a lightweight authentication for resource-constrained IoT devices in which the PUF model is stored in the verifier's database. The proposed authentication scheme has been implemented on Zolertia Zoul devices based on server-client configuration. Elsewhere, Aghaie et al. [15] proposed a fast and novel method to build the PUF model for delay-based PUFs implemented on FPGA with only a few CRPs. The delay sensor is deployed as a readout circuit to characterize the delay of signals traversing through the PUF components. The readout circuit is only present in the FPGA design at the trusted party. The FPGA design shipped to the customer is not included with the readout circuit. Therefore, the design released to the customers is secured as no direct readout mechanism attach to it. All the above studies show that using a computational secret model of PUF for authentication protocol is feasible and it is getting attention in the PUF research community. One of the potential resource-constrained applications that suit the PUF computational model is wireless sensor networks (WSN) [16], [17]. WSN is a technology used within an IoT system to sense and process sensitive data [18]. Figure 2 illustrates the WSN which consists of a sink and sensor nodes. All the collected data at the sensor nodes are forwarded to a sink node. Hence, before the exchange messages occur, the sensor nodes must be authenticated by the sink to ensure their authenticity. WSN can be developed using NodeMCU ESP8266 devices [19], [20]. Therefore, in this study, we design a computational model of PUF in NodeMCU ESP8266 using an artificial neural network (ANN) to enable the lightweight authentication protocol development in WSN. 32-bit arbiter-PUF is used as our case study for PUF computational model development.

METHOD
Arbiter-PUF was proposed in [21], [22] which consists of k switching component and one arbiter block as illustrated in Figure 3. The development of the arbiter-PUF computational model in NodeMCU ESP8266 is divided into three major design steps. First, 32-bit arbiter-PUF architecture was constructed in Cadence using 65-nm of CMOS technology node. Subsequently, the arbiter-PUF is simulated at 25°C (room temperature) and supply voltage of 1. The second design step is the characterization of collected CRPs using the ANN technique in a MAT-LAB environment. The architecture of ANN used in our study is made-up of one input layer, one hidden layer, and one output layer. 32 neurons are placed in the hidden layer and tan-sigmoid is used as the activation function which is given as f (x) = 2 1+e −2x − 1. Whereas the linear activation function is used at the output layer. Figure 4 depicts the ANN architecture as described above. Following [23], [24], the training algorithm which has the optimum prediction accuracy, fast convergence time, and consistency is chosen, known as the resilient back-propagation algorithm. 30,000 CRPs are chosen randomly to be used as a training data set and the remaining 2,000 CRPs are used as the test data set. The weights and biases are extracted during the CRPs characterization to be used in the third design step.  For the third design step, an exact ANN architecture as simulated in MATLAB is designed in Node-MCU ESP8266 and the extracted weights and biases are stored in the memory. Subsequently, the predictability of the built ANN architecture is tested by using a similar 2,000 CRPs test data set. Its prediction result is compared against simulated predictability in the MATLAB environment, and it is expected to be similar.

RESULTS AND DISCUSSION 3.1. Arbiter-PUF characterization
As mentioned in section 1, PUF generates the random responses by exploiting the inherent process variations. The process variations are manifested in random delays in the IC. In our study, the random delay is modeled using Monte Carlo simulation. As a result, each switching component in Figure 3 has its own unique and random delay, which is also experienced by all the routing. When a rising pulse is applied at the input and propagates to the final output, it is subjected to all these random delays. For c i =0, the paths for a rising pulse is straight, while for c i =1 they are crossed. The accumulated delays at top 32 and bot 32 are evaluated using SR-latch (i.e., an arbiter). Figure 5 represents the random delays of top and bottom paths generated by two arbiter-PUFs in which both instances were applied with the same challenge. If top 32 < bot 32 , a binary response '1' is generated. Otherwise, a binary response '0' is generated. Based on delays in Figure 4, the corresponding random response of '1' and '0' is generated respectively for PUF instances A and B. The results indicate that the process variations are successfully modeled in arbiter-PUF using Monte Carlo simulation.

Modeling accuracy
Based on the arbiter-PUF which was designed in section 3.1, 32,000 CRPs are collected for building its computational model. An ANN technique is deployed for model-building as it can solve non-linear problems [25]. Figure 6 depicts the prediction accuracy of the 32-bit arbiter-PUF computational model. When a training set is small (i.e., 1,000 and below), the prediction accuracy is ≈90%. As the training set starts to increase larger than 1,000 CRPs, the prediction accuracy improves and achieved ≈99.5% accuracy. The result shows that a computational model of 32-bit arbiter-PUF is successfully built using the ANN technique. Subsequently, the weights and biases are extracted for the computational model development in the NodeMCU ESP8266.

Estimation of memory usage
The usage of memory for 32-bit arbiter-PUF model implementation in the NodeMCU ESP8266 device has been analyzed and summarized in Table 1. 7.1% of flash memory was occupied which consists of 5,200 bytes and 277,681 bytes, respectively for data and code. Whereas for SRAM, 50.3% was occupied which represents about 32,208 bytes. Note that in this study, only a set of weights and biases assuming for one sensor node has been stored in the memory. The NodeMCU ESP8266 device which has a database, DB to store the weights and biases represents a sink or verifier used to authenticate the nodes. In practice, the DB should consist of several sets of weights and biases for the identification and authentication process of sensor nodes in the WSN application.

CONCLUSION
PUF is a promising technology in the applications of identification/authentication and secret key generation. Although the PUF itself is a low-cost architecture, the deployment of the PUF in the authentication application requires a huge database of CRPs. An increase in the area consumption could deter the prevalent adoption of PUF, especially in resource-constrained systems. In this study, a computational model of Arbiter PUF is developed by using the ANN technique. Our findings show that 32-bit arbiter-PUF can be modeled with a very high accuracy of approximately 99.5%. Moreover, the computational model can be programmed in the NodeMCU ESP8266 device. The programmed device can be used as a verifier or sink in the WSN application for the sensor nodes authentication. Above all, this study gives insight into the design steps to build the PUF model in any microcontroller by using available machine learning techniques to enable lightweight authentication protocol development.