近年來各產業界對於積體電路(ICs)的需求日益增加，包含移動通訊、車用晶片、顯示器驅動…等等。與此同時，該如何保護這些裝置能夠免於外部的干擾、非法的侵入、甚至是駭客行為，已經成為一個系統安全層面的議題。因此，所謂的硬體安全逐漸開始受到大家的重視。傳統在處理安全問題的方法上，主要是使用特殊演算法以及編碼技術來確保資料的保護，然而，這些措施在一定程度上仍然有風險會被破解，於是，所謂的物理不可複製函數（Physical Unclonable Function, PUF）就被提出，作為硬體安全實踐的極佳解方。
本論文中，我們將討論一個全新的物理不可複製函數稱作3T-PUF，其架構包含有三個電晶體串聯而成，而其亂數產生的機制，則是透過對中央的電晶體施加高壓，進一步導致閘極下介電質崩潰，其偏左方或是偏右方崩潰的隨機性，就可以用來定義亂數的數位值。此元件在提出後，成功經由高介電閘級邏輯製程(High-k Metal Gate, HKMG) 進行下線，其可靠度與資料保存性，以及抵抗讀取干擾的能力，在多次實驗中被證明是良好的。
進一步，我們把單一元件擴充到更龐大的陣列之中，以產出大量的亂數資料，而這些資料在完整蒐集後，使用美國國家標準暨技術研究院(NIST)提供的測試模組SP800-22來進行亂數度的測試評估，證明其完全通過十五項亂數度測試，可以說是非常優良的物理不可複製函數，能夠在不同系統中提供硬體安全的保護。

The crucial demands for integrated circuits (ICs) now go across many industries, including mobile communication, vehicles, display driver, etc. In the meantime, how to prevent these devices from outside disturbance, unauthorized accessing or even hacking is a critical problem to system security. As a result, strong concerns on the hardware securities of devices rise. Traditional solutions on the security issues mainly promote the algorithms and/or coding techniques to ensure data protection. Nevertheless, there’re still risks of being broken to some degree. As of the hardware security, encryption implemented by physical unclonable function (PUF) has been reported as a good solution. In this work, a new structure of PUF cells, 3T-PUF, consists of three MOS transistors connected in series, and generate a random result by dielectric breakdown on either side of the central transistor. The device has been proposed and tape out by high- metal gate (HKMG) CMOS logic process. Reliability and data retention of the new devices have been evaluated, showing good stability when the entropy is applied. Cells are also arranged in array for larger amount of random results, which successfully passed the standard randomness tests by National Institute of Standards and Technology (NIST). With randomness and uniqueness, the 3T-PUF structure is found to be a potential candidate for the hardware security for various systems.

摘要----------------------------------------------------i
Abstract------------------------------------------------ii
Acknowledgements----------------------------------------iii
Content-------------------------------------------------iv
Figure Caption------------------------------------------vi
Table Caption-------------------------------------------x
Chapter 1. Introduction---------------------------------1
1.1 Definition of Physical Unclonable Function----------1
1.2 Motivation of Physical Unclonable Function----------2
1.3 Outline of the thesis-------------------------------2
Chapter 2. Review of Various Types of PUF---------------4
2.1 Optical PUF-----------------------------------------5
2.2 Coating PUF-----------------------------------------5
2.3 SRAM PUF--------------------------------------------6
2.4 RRAM PUF--------------------------------------------7
2.5 Summary---------------------------------------------8
Chapter 3. 3T PUF Cell and the Characteristics----------18
3.1 Gate Dielectric Breakdown and Its Characteristics---18
3.2 Structure and Operaiton Principle of 3T PUF Cell----20
3.3 Characteristics of 3T PUF Cell----------------------22
3.4 Stability/Reliability Evaluation of 3T PUF Cell-----23
3.5 Summary---------------------------------------------24
Chapter 4. 3T PUF Array and the Characteristics---------43
4.1 Structure of 3T PUF Array---------------------------43
4.2 Operation Principle of 3T PUF Array-----------------44
4.3 Characteristics of 3T PUF Array---------------------45
4.4 Systematic Bias in Array----------------------------46
4.5 Probability Modification Circuit--------------------47
4.6 Randomness Test through NIST------------------------48
4.7 Summary---------------------------------------------50
Chapter 5. Conclusion and Prospect----------------------69
5.1 Conclusion------------------------------------------69
5.2 Prospect--------------------------------------------70
Reference-----------------------------------------------71

[1] U. Rührmair and M. van Dijk, "PUFs in Security Protocols: Attack Models and Security Evaluations," 2013 IEEE Symposium on Security and Privacy, 2013, pp. 286-300, doi: 10.1109/SP.2013.27.
[2] X. Xi, A. Aysu and M. Orshansky, "Fresh re-keying with strong PUFs: A new approach to side-channel security," 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2018, pp. 118-125, doi: 10.1109/HST.2018.8383899.
[3] E. P. Kukula, M. J. Sutton and S. J. Elliott, "The Human–Biometric-Sensor Interaction Evaluation Method: Biometric Performance and Usability Measurements," in IEEE Transactions on Instrumentation and Measurement, vol. 59, no. 4, pp. 784-791, April 2010, doi: 10.1109/TIM.2009.2037878.
[4] A. Maiti, I. Kim and P. Schaumont, "A Robust Physical Unclonable Function With Enhanced Challenge-Response Set," in IEEE Transactions on Information Forensics and Security, vol. 7, no. 1, pp. 333-345, Feb. 2012, doi: 10.1109/TIFS.2011.2165540.
[5] X. Lu, L. Hong and K. Sengupta, "CMOS Optical PUFs Using Noise-Immune Process-Sensitive Photonic Crystals Incorporating Passive Variations for Robustness," in IEEE Journal of Solid-State Circuits, vol. 53, no. 9, pp. 2709-2721, Sept. 2018, doi: 10.1109/JSSC.2018.2850941.
[6] T. Ignatenko and F. Willems, "Achieving Secure Fuzzy Commitment Scheme for Optical PUFs," 2009 Fifth International Conference on Intelligent Information Hiding and Multimedia Signal Processing, 2009, pp. 1185-1188.
[7] C. Helfmeier, C. Boit, D. Nedospasov and J. Seifert, "Cloning Physically Unclonable Functions," 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2013.
[8] V. Immler, J. Obermaier, M. König, M. Hiller and G. Sig, "B-TREPID: Batteryless tamper-resistant envelope with a PUF and integrity detection," 2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST).
[9] G. E. Suh and S. Devadas, "Physical Unclonable Functions for Device Authentication and Secret Key Generation," 2007 44th ACM/IEEE Design Automation Conference, 2007, pp. 9-14.
[10] Jorge Guajardo, Sandeep S. Kumar, Geert-Jan Schrijen, Pim Tuyls, "FPGA Intrinsic PUFs and Their Use for IP Protection", Workshop on Cryptographic Hardware and Embedded Systems (CHES), Sep 10-13, 2007, Vienne, Austria
[11] Holcomb, Daniel; Wayne Burleson; Kevin Fu (July 2007). "Initial SRAM State as a Fingerprint and Source of True Random Numbers for RFID Tags" (PDF). Proceedings of the Conference on RFID Security. Malaga, Spain.
[12] A. Chen, "Comprehensive assessment of RRAM-based PUF for hardware security applications," 2015 IEEE International Electron Devices Meeting (IEDM), 2015, pp. 10.7.1-10.7.4.
[13] R. Liu, H. Wu, Y. Pang, H. Qian and S. Yu, "A highly reliable and tamper-resistant RRAM PUF: Design and experimental validation," 2016 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2016, pp. 13-18.
[14] Y. Pang et al., "Optimization of RRAM-Based Physical Unclonable Function With a Novel Differential Read-Out Method," in IEEE Electron Device Letters, vol. 38, no. 2, pp. 168-171, Feb. 2017.
[15] R. Liu, H. Wu, Y. Pang, H. Qian and S. Yu, "Experimental Characterization of Physical Unclonable Function Based on 1 kb Resistive Random Access Memory Arrays," in IEEE Electron Device Letters, vol. 36, no. 12, pp. 1380-1383, Dec. 2015.
[16] D. Saha, D. Varghese and S. Mahapatra, "Role of anode hole injection and valence band hole tunneling on interface trap generation during hot carrier injection stress," in IEEE Electron Device Letters, vol. 27, no. 7, pp. 585-587, July 2006, doi: 10.1109/LED.2006.876310.
[17] K. Okada et al., “Model for dielectric breakdown mechanism of HfAlO/sub x//SiO/sub 2/ stacked gate dielectrics dominated by the generated subordinate carrier injection,” IEDM Technical Digest. IEEE International Electron Device Meeting. 2004., 2004, pp. 721-724.
[18] H. Satake and A. Toriumi, "Dielectric Breakdown Mechanism of Thin-SiO2 Studied by the Post-Breakdown Resistance Statistics, " in IEEE Transactions on Electron Devices, vol. 47, no. 4, pp. 741-745, April 2000.
[19] T. Tanzawa and T. Tanaka, "A stable programming pulse generator for single power supply flash memories," in IEEE Journal of Solid-State Circuits, vol. 32, no. 6, pp. 845-851, June 1997, doi: 10.1109/4.585286.
[20] Kang-Deog Suh et al., "A 3.3 V 32 Mb NAND flash memory with incremental step pulse programming scheme," Proceedings ISSCC '95 - International Solid-State Circuits Conference, 1995, pp. 128-129, doi: 10.1109/ISSCC.1995.535460.
[21] H. Nobukata et al., "A 144 Mb 8-level NAND flash memory with optimized pulse width programming," 1999 Symposium on VLSI Circuits. Digest of Papers (IEEE Cat. No.99CH36326), 1999, pp. 39-40, doi: 10.1109/VLSIC.1999.797228.
[22] T. Tanzawa and T. Tanaka, "A stable programming pulse generator for high-speed programming single power supply voltage flash memories," Digest of Technical Papers., Symposium on VLSI Circuits., 1995, pp. 73-74, doi: 10.1109/VLSIC.1995.520691.
[23] S. Holland, I. C. Chen, T. P. Ma and C. Hu, "On physical models for gate oxide breakdown," in IEEE Electron Device Letters, vol. 5, no. 8, pp. 302-305, Aug. 1984.
[24] Ih-Chin Chen, S. E. Holland and Chenming Hu, "Electrical Breakdown in Thin Gate and Tunneling Oxides," in IEEE Journal of Solid-State Circuits, vol. 20, no. 1, pp. 333-342, Feb. 1985.
[25] R. Degraeve, N. Pangon, B. Kaczer, T. Nigam, G. Groeseneken and A. Naem, "Temperature acceleration of oxide breakdown and its impact on ultra-thin gate oxide reliability," 1999 Symposium on VLSI Technology. Digest of Technical Papers (IEEE Cat. No.99CH36325), 1999, pp. 59-60.
[26] W. -Y. Lee, C. -P. Yeh, Y. -C. King and C. J. Lin, "Self-Inhibit Complementary Cells by High-κ Metal Gate Transistors for Physical Unclonable Function," 2022 International Symposium on VLSI Technology, Systems and Applications (VLSI-TSA), 2022, pp. 1-2, doi: 10.1109/VLSI-TSA54299.2022.9770983.
[27] A. Rukhin, J. Soto, J. Nechvatal, M. Smid, E. Barker, S. Leigh, M. Levenson, M. Vangel, D. Banks, A. Heckert, J. Dray, S. Vo, "A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications," National Institute of Standards and Technology (NIST) Special Publication 800-22, Rev. 1a, Apr. 2010.