Extraction of Device Fingerprints Using Built-in Erase-Suspend Operation of Flash Memory Devices

The reliability and efficiency of a physically unclonable function (PUF) considerably depends on that of the random seed number generation process in the target hardware technology. Among the proposed hardware PUF techniques, flash memory-based approaches have several advantages because of the widespread use of flash memories in electronic devices. The operations of the flash memories such as read, program, and erase have been utilized to generate the random number based on their random process variations. In this work, we propose a random number generation method for the flash memory-based hardware PUF applications that utilize the intrinsic erase-suspend operation in modern flash memory devices. Unlike the conventional methods, the proposed method does not require any modification of the device or additional peripheral circuitry to control the operations. We evaluate the proposed method from the perspective of reliability and efficiency. The experimental results show that the proposed method can generate a 16-bit random number in 1 ms approximately while maintaining greater than 95 % reproductivity of the random number.


I. INTRODUCTION
Computing systems are usually constructed with multiple layers, from the transistor to the application software. A higher layer of abstraction, such as an application or operating system, should be built on a stack of abstracted layers that can be trusted. The initial sources of this trust are known as the roots of trust, are typically hardware features [1]. Unfortunately, in reality, such roots of trust cannot be ensured for all systems, as highly sophisticated counterfeit semiconductor devices have infiltrated the market deeply [2], [3].
The potential hazards of these counterfeit devices have become critical with the increase in the economic importance and popularity of electronic and computing devices. Nonfunctioning fake devices are being introduced into the market, and consumers are suffering economic losses. Furthermore, The associate editor coordinating the review of this manuscript and approving it for publication was Cihun-Siyong Gong . such devices can cause serious security problems by stealing private information from devices. Therefore, computing applications with stringent security requirements have been developed, with the ability to identify a particular electronic device uniquely as illustrated in Fig. 1. The security of applications such as personal authentication, personalized services, and digital rights management can be improved significantly using per-device identifiers (fingerprints) that are difficult to clone. Therefore, physically unclonable functions (PUFs) have been proposed as such roots of trust in this context [1], [4]. PUFs usually utilize the uniqueness of each individual device, which originates from the chip-tochip variations generated during the manufacturing process. A PUF taxonomy has been carefully studied in [5] considering the physical mechanisms of different PUFs.
Flash memory devices are widely used for nonvolatile storage in electronic devices, as valuable private information in the storage would be a desirable target for criminals. From the perspective of hardware PUF techniques, attempts have been made to utilize the characteristics of flash memory operations such as read, program, and erase [6]. The chip-tochip variations in the read, program, and erase characteristics can be utilized to generate random seed numbers. Then, security keys can be generated from these random numbers and helper data.
In this work, we propose a random-number generation method for hardware PUF applications that is based on the intrinsic erase-suspend operation of modern flash memory devices and does not require any modification of the chip or peripheral circuitry. The hardware identifier must be small and secure, by design, to perform security-related functions. The proposed technique does not require any additional circuity or modification of the flash memory chip. Rather, it uses only the intrinsic functions, such as the erase-and-suspend function in modern flash memories. Experimental results show that the proposed technique can generate a 16-bit random number in 1 ms with greater than 95 % reproducibility.
The remainder of the paper is organized as follows. We introduce related studies in Section II focusing on the implementation and evaluation of flash memory PUFs. The operating principles of the proposed method are presented in Section III, and the evaluation results are presented in Section IV. Finally, we conclude the paper and suggest future research directions in Section V.

II. RELATED WORK
Many hardware-based security systems have been investigated to secure sensitive information against attackers. The most important goal of these systems is to find a new source of unclonable randomness originating from the manufacturing process variations of an integrated circuit (IC). These variations or inherent fluctuations of semiconductor devices, which are considered unexpected effects that decrease their effective field, can be exploited by PUF devices as valuable resources to generate uncontrollability, unpredictability, and unclonability. Moreover, silicon PUF embodies its unique physical and intrinsic features into a physical structure that cannot be replicated, even if the manufacturing process used for its fabrication is known.
The very first PUF generation approach was introduced by Pappu et al. in [7]. Their work proposed using the light scattering patterns of a three-dimensional microstructure as a physical one-way function. The research of Pappu et al. was the baseline for several PUF circuit designs based on the features of hidden timing and delay information of ICs [8]- [10]. Silicon PUFs were implemented either as customized circuits or reconfigurable logic components on field-programmable gate arrays (FPGAs) [11]- [13]. In these approaches, the power-up state of the SRAM memory in FPGAs was used as a source for generating the PUF, to protect the intellectual property core. To enhance the reliability of generated secret keys on FPGA-based PUFs, external helper data such as repetition code and ECC are essentially required [14]. In our proposed method, we leverage the nonvolatile characteristic of commercial flash memory devices to mitigate the requirement of the power cycle as well as the requirement of external assisted data.
In [15], Kim et. al exploited the intrinsic variations in programming operations, arising from the statistical fluctuations in the threshold voltages (V TH ) of fabricated flash memory devices, to create PUF devices. In this work, a unique programming efficiency of the flash memory was investigated at the unit-cell level. V READ was replaced by V PUF , which was the statistical median V TH of programmed state. V PUF was designed to distinguish the programmed logic states of ''0'' and ''1''. Although the memory cells were fabricated using the same processes and equipment, each memory cell had a different program/erase efficiency, which inevitably induced V TH variations. An inhibited region was defined to avoid the errors arising from small V TH values, within the intermediate regions between the ''0'' and ''1'' states. The inhibited region is determined by detecting the current level. In our proposed PUF, we only use the intrinsic operations of the modern flash memory devices in order to avoid hardware modification as much as possible.
The PUF circuits were also used as hardware random number generators in [16]. Instances of PUFs were considered as digital signatures in [17], for IC authentication and hardware-based cryptographic key generation. The concept of flash-based PUFs has been attracting considerable attention in the recent years. In [18], Prabhu et al. suggested seven techniques to extract unique device fingerprints from NAND flash devices. Among these techniques, the program disturb produced good result in generating unique signatures for different chips according to authors' conclusion. The Pearson correlation was used to measure the robustness of the signatures and identify the individual flash devices uniquely. Although this approach was feasible for distinguishing between different chips with informative signatures, the desired unique signature was obtained only after several thousand programming and reading operations. Moreover, the lifetime of the flash memory was affected significantly by the repeated access operations during the prolonged extraction. In our approach, the intrinsic erase-suspend operation of the modern flash memory devices does not affect much to the lifetime of hardware. Therefore, the digital signature of hardware device can be used for longer time.
In the research of Wang et al. [19], the analog characteristic of flash memories, i.e., the program time of each individual bit, was exploited to hide private data. The information could be hidden in the data stored in the memory, without using any additional components. In [20], the authors proposed a method to generate true random numbers by extracting the program disturb and read noise properties of flash memory bits, which were considered fundamental properties of all NAND flash memory arrays. They claimed that their design was cost-effective and tolerant to aging and temperature effects. In addition, their method could be deployed through software updates which can be considered to employ in our further work.

III. DEVICE FINGERPRINT GENERATION BY ERASE-SUSPEND OPERATION A. ASYMMETRIC ERASE-SUSPEND CHARACTERISTICS OF FLASH MEMORY DEVICES
Different from the volatile memory or delay-based PUFs that have been implemented on FPGAs, the flash-based PUFs generally attempt to utilize the variance in non-volatile cell characteristics. The flash memory changes its cell values by injecting (programming) or releasing (erasing) the charges in the floating gates. All the cells in a block are set to 1 by the erase operation, and the individual cells can be reset to 0 by the program operation. Usually, data in the flash memory can be read and programmed in pages, but they can be erased only at the block level, with multiple pages. The size of a page is typically approximately 4 to 16 kB, and the size of a block is approximately several MB.
Modern flash devices are equipped with a suspend function for the program and erase functionalities, to enhance the chiplevel performance [21]. The time required for performing an erase operation in flash devices is generally several orders of magnitude longer than that required for the read or program operations. Therefore, the sector (or block) erase operation can be suspended, on occasion, to enable timing interception by operations with higher priority. Fig. 2 shows a portion of the erased bits in a sector, over time. The portion of erased bits (P erased ) over different durations of suspension is measured using the following equation: number of erased bits number of bits in a sector (1) The gradient of P erased (dotted plot in Fig. 2 exhibits a positively skewed aspect over time. The number of erased cells starts increasing rapidly at a certain time. This phenomenon is followed by a long tail of unerased cells. The long tail parts of the operation provide much higher reproducibility than the peak points, as only a small difference in the peak points may cause a substantial change in the result. It is expected that we can obtain the fingerprint more effectively at the stable tail part.  Without loss of generality, a small intra-sector Hamming distance provides better reproducibility among the generated results, as we use the positions of the bits as random fingerprints. We will use the intra-sector Hamming distance (HD intra−sector ) as a proxy for reproducibility, in this context, as follows: where R i is a reference response of challenge i, R i,t is the n-bit response of the same challenge i extracted at a different operating condition, and m is the number of responses collected to calculate the HD intra−sector . Note that a smaller HD intra−sector represents better reproducibility. Fig. 3 shows the averaged Hamming distance for the trials, over time. We can see that the averaged Hamming distance decreases significantly, to lower than 0.01%, after 960 µs at 288 K whereas the value is much higher and highly unpredictable in the earlier phases of the erasure process.
From the perspective of effectiveness and reliability, it can be observed that the later part of the erasure process would be more suitable to extract a device fingerprint. Of course, P erased will change according to the operating conditions but HD intra−sector must be as much small as possible; therefore, it is necessary to handle the variability, even if we find a proper target to generate the fingerprint. We will present the VOLUME 8, 2020 method that was applied to handle the operating-conditioninduced variability to enhance the reliability of the proposed method.
During erase and program, the variations in the thickness of the tunneling oxide, charge-trapping layer, and blocking oxide affect the time taken to complete the operation. According to the experimental data, the variation in the tunneling oxide thickness is less than 1%. However, the variations in the thickness of the charge-trapping layer and blocking oxide are approximately 2% [15]. This causes variations in the erase and program times of the device. A minimum operation time is suggested to guarantee completion of the operations for a given set of operating conditions.

B. GENERATION AND DISCRIMINATION OF FINGERPRINTS CONSIDERING VARIABILITY 1) OFFLINE CHARACTERIZATION AND ONLINE DISCRIMINATION
To generate a random fingerprint, we must know the change in the sector content at each specific time after sending the erase operation. Power failures during flash memory operation can lead to several non-intuitive behaviors, such as data corruption or unreliability in future programming operations [22]. Instead of programming and then suddenly cutting off the power supply to the flash chip to interrupt the erase operation repeatedly, we use the erase-suspend operation of SST39VF1601.
We use the positions of the unerased bits in a sector as random fingerprints. This is done in two separate steps: an offline step and an online step, as presented in Fig. 4. The long tail part of the erase process is characterized in the offline step. In other words, different lengths of erase periods are applied by the erase-suspend operation on target sectors to capture the unerased bits. Once we have the raw data by sampling, we analyze the effect of the erase-suspend operation on entire selected sectors of the flash memory using the Hamming distance. We choose the most desirable bits to make a stable key based on this analysis result. Next, in the online step, we reproduce this key using predetermined suspension timings in the erase-suspend operations, called time of suspension (TOS).
When users want to obtain random fingerprints, the checker runs a program to analyze the flash memory for the target sectors, period of erase-suspend operations, and position of unerased bits. First, the selected sector is completely erased (Fig. 4 1 ) and programmed (Fig. 4 2 ). Another erase operation is initiated (Fig. 4 3 ), and suspended after the predetermined period of an erasesuspend operation (Fig. 4 4 ). The checker will record the positions of unerased bits and erase-suspend timings in a table (Fig. 4 5 ). The recorded positions of the bits are compared with the challenge-response results in the online step.

2) EFFECT OF VARIATIONS IN TEMPERATURE
The bit sequences in the sector, created by the erase-suspend operations at the same time of suspension, would ideally be identical. However, in reality, variations will exist because the operating conditions and internal characteristics of the chip and cell result in digital noise (e.g., telegraph noise). The sources of variability in the erase timing include temperature, supply voltage, and aging [20].
For instance, the erase time is known to be inversely proportional to the temperature, in general. Fig. 5 shows the relationship between the process of erasure and the temperature measured in the experimental platform. It is observed that the entire curve is shifted by a temperature change. The ambient temperature has a strong effect on the erase operation. At 263 K, the sector is fully erased after 41 µs (i.e., from 890 µs 98640 VOLUME 8, 2020 to 930 µs). However, if we change the ambient temperature to 273 K, that sector needs only 29 µs (i.e., from 920 µs to 948 µs) to be fully erased.
In this work, we experimentally assess the effects of temperature variations, and attempt to find a way to achieve a stable result, irrespective of such variations. We do not deal with voltage variations in this work. However, as long as the change in P erased follows a trend similar to the shift in temperature, we can apply the same method to handle other variability sources, without loss of generality.

3) STABLE GENERATION OF FINGERPRINT FROM LONG TAILS OF CDF AT DIFFERENT TEMPERATURE
In Section III-A, we mentioned that the latter part of the erasure process showed much higher stability in terms of the positions of unerased bits and, accordingly, the fingerprints. The controller is set to change the number of erase operations with the unit timing of suspension to achieve the predetermined number of unerased bits, which depends on the expected lengths of the fingerprints. Fig. 6 shows the results of the proposed incremental erasesuspend method, when the controller is set to stop at the last four unerased bits. We implemented the proposed method on a selected sector under different constant temperatures that ranged from 258 K to 313 K. Fifty runs were performed for each temperature.
For statistical purposes, we collected all outcomes of these four bits and organized them in subtables. The numbers in the right green column of each subtable represent the number of times that a specific sequence of four unerased bits occurred. We also extracted their positions in those outcomes and listed them in the blue row on the top of each subtable. These positions are denoted using capital letters from A to K. The real values of the positions can be found at the bottom of table. In addition, the numbers of occurrences of each unerased bit in the entire 50 runs are summarized in the yellow row at the bottom of each subtable. Through this presentation, we can obtain an overview of the experimental results. From the table, we can see that as the length of the sequence decreases, the probability of regeneration increases. Moreover, the sequences of unerased bits differ for different temperatures. However, among the 4 kB bits in a sector, the 30459th bit is always in the unerased state as the temperature changes from 258 to 313 K. With a stable bit, we can obtain 16-bit binary numbers, as a fingerprint, from the position of the unerased bit, as the size of the sector is 4 kB in the target flash device in the experiments.

4) INCREMENTAL ERASURE FOR RELIABILITY ENHANCEMENT OF FINGERPRINTS
Common ways to improve the reliability of fingerprints in the literature include circuit-level approaches, fuzzy extraction with error-correcting codes, and voting mechanisms [1]. The proposed erase-suspend method is designed not to require additional circuitry, and we do not focus on post processing in this work. Instead, we will adopt an incremental erasesuspend method to enhance the stability.
The proposed incremental erase-suspend operation deals with shifts in the P erased curves in an adaptive manner. As the actual effect of each source of variability is unpredictable, it is not practical to characterize the effect variability in advance. Instead, we proceed with the erase-suspend operation incrementally, where the commercial flash memory devices with erase-suspend feature generally support a ''resume'' operation as well [21].
As the resumed erase operation can also be suspended, we can handle the temperature-induced timing variations with sequences of intrinsic functions in the flash devices alone. Algorithm 1 shows a flowchart that describes the proposed incremental erase-suspend method. Starting from the predetermined earliest point of the sample, the cycle of {program -erase -suspend -reset -read} is repeated until the number of unerased bits reaches the required value.

A. EXPERIMENTAL SETUP
We used the SST39VF1601 flash memory from Microchip in our experiments. Each sector of this flash chip consists of 4 kB, equivalent to 32,768 bits. The SST39VF1601 device provides a typical word-program time of 7 µs and sectorerase time of 18 ms. We applied different duration from the start of erase operation to suspension and then counted the number of unerased bits using a read operation after the softreset operation.
We implemented a custom PCB as a piggyback board on an MCU (Arduino Due) board, as shown in Fig. 7 (b), to provide the presented control features. The custom PCB board was designed for a flash memory (Microchip SST39VF1601) to enable the control of the individual signals of the flash memory chip. It consisted of a memory chip and sockets for power (Vdd), flash memory control, and buses. We performed the experiments in a temperature-controlled environment using the temperature chamber shown in Fig. 7 (a).

B. STABILITY OF THE PROPOSED INCREMENTAL ERASE-SUSPEND METHOD AT DIFFERENT TEMPERATURES
We performed the experiments under temperatures ranging from 258 to 308 K to evaluate the stability of the proposed incremental erase-suspend method. Based on the observations presented in Section III-B3,we focused on bits at positions 8617, 19545, 28595, and 30459 because of their frequency of appearance in the experimental results. In this part, we implemented 1000 additional runs, which could provide practical proof of the stability of the fingerprint. Fig. 8 shows the positions of the unerased bits in the last tail of the erase operation for each trial. We can see that some of the unerased bits show more stable results than the other cells, suggesting that they can be utilized as fingerprints. Table in the bottom of Fig. 8 shows the summarized results of the target cells after 1000 runs. Even with the disturbance in different temperatures, the 30459th bit showed stable results in the last tail of erase operation.
Another important factor to be considered in the proposed method is the effect of aging. The experimental results presented in Fig. 8 show phenomena that can be regarded as effects of aging. As we proceed with further trials, some cells change their states. The aging effect caused by repetitive program/erase cycles can affect the raw data extracted from the flash memory and the stability of the device signature [23].
The relationships among cells have been confirmed to be relatively stable during the lifetime of the flash memory chips [24]. Thus, for the proposed method, the aging factor is expected to stretch the intervals among the unerased bits in the tail part. In Fig. 8, we locate the fixed number of cells in the last tail and observe that the required suspension time is shifted from 1045 to 1060 µs during the 1000 trials.
The exact cause of these unstable result is difficult to confirm through these device-level experiments. In reality, we have to choose only some of the sectors, carefully, in a flash memory, which fluctuate less in the tail part, for fingerprint generation. We can also regenerate the fingerprint considering the aging effect. Every fingerprint should have a limited lifetime, and the users should be advised to change their secret key after a certain time, similar to an online password.

C. TIMING OVERHEAD
The time required for the fingerprint generation using the proposed incremental erase-suspend method (T overhead ) can be described using the following equation: In the offline step, we do not have any information on where the fingerprint is in the P erased curve; therefore, T se0 for any sector can be selected by averaging the starting time of erase from general P erased table. T ses changes according to the function PredictNextTOS() in Algorithm 1, while T r and T srs are constant. N iter is the number of iterations required for adjusting the TOS to pick up the last unerased bit accurately. It depends on the practical characteristics of each sector and the ambient temperature. Finding the fingerprint becomes difficult if a sector has too many bits that have the same charge level in the floating gate at the tail part or if the experiment is executed under low-temperature conditions.
In the online step, T se0 is given as a part of a challenge from checker (Fig. 4). N iter will be reduced because of focusing exactly on the tail part (by executing PredictNextTOS()) where the fingerprint can be found. In other words, many steps are not required to examine and observe the entire erasing process.
According to the experimental results, we need, on an average, 35 iterations over approximately 36.4 ms to generate the entire P erased characteristic curve for each sector under a specific ambient temperature. In the offline step, an average of 10 ms is required to generate a 16-bit fingerprint and an average of 50 ms is required to confirm that fingerprint is stable to use. However, an average of only 1 ms is required to regenerate the fingerprint with the given TOS in the online step.

D. UNIQUENESS AND RANDOMNESS IN EXTRACTED FINGERPRINTS
Although we focus our attention on how to achieve the stability (or reliability) of the proposed method with the intrinsic device functions, we have to make sure that the device VOLUME 8, 2020 fingerprints are able to satisfy the requirements of high security applications. Therefore, the uniqueness and randomness criteria of generated device fingerprints should be considered thoroughly. The definitions of uniqueness and randomness measurement was introduced in the research of Maiti et al. [25]. In this section, we evaluate those criteria with experimental data obtained from our proposed method.

1) UNIQUENESS MEASUREMENT
Uniqueness is defined as the ability of PUFs in generating unique responses from a specific challenge. The uniqueness value of responses among k devices can be estimated by average inter-chip Hamming distance, in this context, as the following equation [25]: where R i and R j are n-bit responses for a specific challenge from different devices i and j. Our experimental results showed the average HD inter−chip is 48.57%. It is quite close to 50% to indicate the distinguishing feature of device fingerprints.

2) RANDOMNESS MEASUREMENT
Randomness (or uniformity) of device fingerprints can be measured by evaluating the distribution of the number of 0's and 1's in the response bits. The randomness of PUF's responses can be described as follows [25]: where R i,l is the l-th binary bit of n-bit response i. Our experimental results showed that the randomness of device fingerprints generated by our proposed method is average 47.87% under temperature variation condition. It is quite close to 50% in order to make sure that the device fingerprints are truly random.

V. CONCLUSIONS
The reliability and efficiency of security applications such as the PUF depend greatly on the random seed number (i.e., device fingerprint) generation process in the target hardware device. The operations of flash memories, such as read, program, and erase, have been utilized to generate random numbers based on their random process variation. However, the conventional flash-based fingerprint generation methods require chip or circuit-level modification, which is not easy in real-life applications.
In this work, we proposed a method for generating random device fingerprints based on the intrinsic erase-suspend operation of modern flash memory devices, without modifying the chip or circuits. It was based solely on the intrinsic functions, including erase-and-suspend and soft reset, in modern flash memories. We observed that the long tail part of the erase operation in the flash device could provide a much more stable result and that the effect of environmental variability could be diminished by adopting the incremental erasure using an erase-suspend-reset sequence. The experimental results showed that the proposed method could generate a random fingerprint successfully from the location of the last unerased bit, over a wide range of operating temperatures.