Using Data Contention in Dual-Ported Memories for Security Applications

Tim Güneysu

Journal of Signal Processing Systems, Springer, 2010, Online-first DOI: 10.1007/s11265-010-0560-z


Field Programmable Gate Arrays (FPGA) provide the invaluable feature of dynamic hardware reconfiguration by loading configuration bit files. However, this flexibility also opens up the threat of theft of Intellectual Property (IP) since these configuration files can be easily extracted and cloned. In this context, the ability to bind an application configuration to a specific device is an important step to prevent product counterfeiting. Furthermore, such a technology can also enable advanced business models such as device-specific feature activation. In this work, we present a new technique to generate entropy on FPGA device—based on data contention in the hardware circuitry. For this entropy, we use the output of intentionally generated write collisions in synchronous dual-ported block RAMs (BRAM). We show that the parts of this output generated by such write collisions can be either probabilistic but also deterministic and device-specific. The characteristics of such an entropy source can be used for a large variety of security applications, such as chip identification and device authentication. In addition to that, we also propose a solution to efficiently create cryptographic keys on-chip at runtime. As a last contribution, we eventually present a strategy how to transform this entropy source into a circuit for True Random Number Generation (TRNG).