A Hacker’s Nightmare: Programmable Chips Secured by Chaos


Not all chaos is bad. In the case of programmable chips, chaos can be harnessed to create a unique digital identifier. Think of it as a fingerprint—only, instead of distinctive loops and whorls on human skin, this is about the unique physical variations present in silicon chips.

These minute differences, often at an atomic level, vary from chip to chip, even if they are manufactured together. The physical variations can be amplified using a technology called physically unclonable functions (PUFs) to create a signature that is unique to a specific chip. 

By putting many PUF cells together, it is possible to create a random number of an arbitrary length. Even though it is random, it still unique for a particular instance of the chip. More importantly, the identifier does not need to be saved on the chip as it can be generated only when required for authentication and immediately erased. Therefore, PUFs can potentially be used in smart cards and secure IDs, to track goods in supply chains, and for applications where it is vital to know that you are not communicating with an impostor.

Recently, a team of scientists from Ohio State University demonstrated a way to use PUFs in a way that would frustrate even the most patient of hackers.

“What we did in what are called strong physically unclonable functions,” says Noeloikeau Charlot, the study’s lead author, “is that because there’s so many possible fingerprints, even if [hackers] have access to your device, it would still take longer than the lifetime of the universe for them to actually record all possible combinations.”

Current PUFs contain only a limited number of secrets, says Daniel Gauthier, one of the co-authors, in the press release. When this number is in the tens or hundreds of thousands, or even a million, “a hacker with the right technology and enough time can learn all the secrets on the chip.”  The challenge, therefore, was to find a way to produce an insanely large number of secrets, making it almost impossible for hackers to figure them out, even if they had direct access to the system. 

With backgrounds in physics and chaos theory, Gauthier, Charlot and the others approached the problem from a different angle than earlier researchers: “Instead of working with the traditional type of circuit design, we went directly toward what is the most chaotic random thing that you could possibly make,” Charlot says. To do so, they constructed a complex network in their PUFs of randomly interconnected logic gates in order to create “deterministic chaos.”

In physics, chaos refers to a complex system whose behavior is so unpredictable—because of its great sensitivity to small changes—that it seems random. In this case, the super-sensitivity owed to the tiny variations found in chips. All of the little differences at the atomic level amplify the behavior of the circuit, says Charlot, exponentially increasing the number of secrets, making them all the more difficult to predict. In their study, the researchers tested their system with machine learning attacks, including deep learning-based methods and model-based attacks, which failed to breach the system. 

PUFs, however, can be unstable over time and also vulnerable to temperature. Therefore, the key to the process is letting the chaos run just long enough on the chip. “If you let it run too long,” Charlot says, “it’s completely inconsistent…essentially random.” So the researchers found a “sweet spot” in the system. “This is something we had to just measure,” he adds, “but we find that it’s very consistent and reproducible… This is a point in time, where system is simultaneously most unique and most reliable…[which] is right before it becomes completely chaotic.” All of this happens on a time scale of nanoseconds.

Charlot also admits that their system is more sensitive to temperature than other PUFs because it is chaotic, but they have a couple of solutions to mask that. The simplest way, he says, is that you can measure the responses at different temperatures and store them in a database. “It works identically and equally well at every temperature…so one protocol would be you just say what temperature your system is at and then you match it to the database.” This method is in use by several other PUFs. “A more complex [solution] is you can actually identify…some of the logic nodes [that] are more sensitive to temperature…isolate those, and remove them.”

Commercial contracts for the tech are already out. â€œIt’s basically at the industrial stage,” Charlot says. “We know that it works, but there are still a lot of academic questions.” The biggest one being how to calculate the amount of information in systems like this. “No one’s really calculated entropies this large.” Also, further environmental testing and better error-mitigation strategies are on the anvil.