Authentication is an essential cryptographic primitive that confirms the identity of parties during communications. For security, it is important that these identities are complex, in order to make them difficult to clone or guess. In recent years, physically unclonable functions (PUFs) have emerged, in which identities are embodied in structures, rather than stored in memory elements. PUFs provide “digital fingerprints,” where information is usually read from the static entropy of a system, rather than having an identity artificially programmed in, preventing a malicious party from making a copy for nefarious use later on. Many concepts for the physical source of the uniqueness of these PUFs have been developed for multiple different applications. While certain types of PUF have received a great deal of attention, other promising suggestions may be overlooked. To remedy this, we present a review that seeks to exhaustively catalogue and provide a complete organisational scheme towards the suggested concepts for PUFs. Furthermore, by carefully considering the physical mechanisms underpinning the operation of different PUFs, we are able to form relationships between PUF technologies that previously had not been linked and look toward novel forms of PUF using physical principles that have yet to be exploited.

A Physically Unclonable Function (PUF) is a hardware security fundamental that translates an input challenge into an output response through a physical system in a manner that is specific to the exact hardware instance (unique) and cannot be replicated (unclonable). This allows the system, and by extension any object or device it is attached to or embedded within, to be uniquely authenticated. At the point of manufacture, the system is subjected to one or more challenges, and the response to these challenges is taken and recorded. From then on, it is known that if a challenge is repeated at any point and its expected response is verified, the device must be the same as the one characterised previously. The characteristics of a PUF are to be robust (stable over time), unique (so no two PUFs are the same), easy to evaluate (to be feasibly implemented), difficult to replicate (so the PUF cannot be copied), and very difficult or impossible to predict (so the responses cannot be guessed). Many concepts have been put forward as candidates for PUFs. Some, such as the Arbiter PUF, have become very well established with a large number of variations (such as the basic Arbiter PUF,1 N-XOR Arbiter PUF,2 Double Arbiter PUF,3 and so forth). Others, such as the MEMS PUF4 or BoardPUF,5 do not appear to have significant current industry focus. While papers exist that provide information and organisation to a selection of proposed PUFs, no paper sets out to provide a full review and organisation scheme for all suggested PUFs at the concept level and above. This review will attempt to exhaustively catalogue all the different concepts that have been suggested as ways to implement PUFs and to create a coherent taxonomic system to organise them. This is achieved by first introducing preliminary information (Sec. II) to provide context for the review that follows. The section following this information introduces three different systems of classification (Sec. III). Once these classification systems are discussed, a large number of PUF concepts are listed and explained, ordered by an organic classification system that lends itself to this listed format (Sec. IV). An example of a PUF concept arranged in this organic scheme would be the static random access memory (SRAM) PUF.6 The SRAM PUF is ordered within a section on volatile memory (including similar volatile-memory-cell PUFs such as the DRAM PUF7 and the MEmory Cell-based Chip Authentication (MECCA) PUF8), which is in turn within a higher-order section of implicit/intrinsic PUFs (alongside racetrack and direct characterisation PUF sections). Finally, the section of implicit/intrinsic PUFs, along with explicit/extrinsic PUFs, is within the classification of all-electronic PUFs (as opposed to “hybrid” PUFs, which probe the unique characteristic of the physical system in a non-electronic way, such as using light). The final sections of this report (Secs. V and VI) provide a number of observations that became apparent as a result of arranging and cataloguing these PUF concepts.

II. PRELIMINARIES 

A. Weak and strong PUFs