Security is essential for the Internet of Things (IoT). Cryptographic operations for authentication and encryption commonly rely on random input of high entropy and secure, tamper-resistant identities, which are difficult to obtain on constrained embedded devices. In this paper, we design and analyze a generic integration of physically unclonable functions (PUFs) into the IoT operating system RIOT that supports about 250 platforms. Our approach leverages uninitialized SRAM to act as the digital fingerprint for heterogeneous devices. We ground our design on an extensive study of PUF performance in the wild, which involves SRAM measurements on more than 700 IoT nodes that aged naturally in the real-world. We quantify static SRAM bias, as well as the aging effects of devices and incorporate the results in our system. This work closes a previously identified gap of missing statistically significant sample sizes for testing the unpredictability of PUFs. Our experiments on COTS devices of 64 kB SRAM indicate that secure random seeds derived from the SRAM PUF provide 256 Bits-, and device unique keys provide more than 128 Bits of security. In a practical security assessment we show that SRAM PUFs resist moderate attack scenarios, which greatly improves the security of low-end IoT devices.

翻译：物联网的安全性至关重要。用于认证和加密的密码操作通常依赖于高熵随机输入和防篡改的安全身份标识，而这些在受限嵌入式设备上难以获取。本文设计并分析了将物理不可克隆函数通用集成到支持约250个平台的物联网操作系统RIOT中的方案。我们的方法利用未初始化的SRAM作为异构设备的数字指纹。该设计基于对实际环境中PUF性能的广泛研究，涉及对超过700个自然老化物联网节点的SRAM测量。我们量化了静态SRAM偏置及设备老化效应，并将结果整合到系统中。这项工作填补了此前因缺乏统计显著样本量而无法测试PUF不可预测性的空白。对拥有64 kB SRAM的商用现成设备的实验表明，源自SRAM PUF的安全随机种子可提供256比特安全性，设备唯一密钥则提供超过128比特的安全性。实际安全评估显示，SRAM PUF能够抵御中等攻击场景，从而显著提升低端物联网设备的安全性。