Anti-Tamper (AT) and Physically Unclonable Functions (PUFs)

Learn how to detect physical compromise to a device's enclosure and protect sensitive data and/or intellectual property with Anti-Tamper (AT) and Physically Unclonable Functions (PUFs).

Training as low as


with one of our subscriptions



Although, not mandatory students are encouraged to complete Introduction to Field Programmable Gate Arrays (FPGAs) first. Students that register for the 2-Day Introduction course will receive a discount that can be applied to this course.

Topics Covered during this Course

  • Definitions of electronic tamper systems

    • Prevention
    • Detection
    • Evidence
    • Response
  • Xilinx 7-Series active and passive tamper protection systems
  • Physically Unclonable functions (PUFs)

    • Memory-based PUFs
    • Timing-based PUFs
  • Xilinx 7-Series bitstream encryption mechanisms

Day 1

Theory: Introduction to Anti Tamper (1 hour)
  • Definitions of Anti Tamper

    • Tamper Prevention
    • Tamper Evidence
    • Tamper Detection
    • Tamper Response
  • Examples of the above
  • Two parts to digital system tamper:

    • Digital mesh
    • Analog sensors
Assignment 1: Device Unique Identifiers
  • Students will instantiate the device DNA in the FPGA with verilog
  • Students will instantiate the efuse macro in the FPGA with verilog
  • Next, students will create an AXI4LITE wrapper on the unique identifiers
  • Finally, students will implement a driver to read the unique id’s from a processor.
Assignment 2: XADC Alarms
  • Students will instatatie the XADC macro in the Programmable Logic
  • Next students will create a Microblaze Microntroller to monitor the parameters
  • Finally students will create a project to drive tamper signals from the XADC and the microblaze
Assignment 3: Digital Mesh
  • Students will instantiate a pattern to run through a mesh on the device
  • Once the mesh is broken a tamper event will be detected by the logic
  • Finally students will create a project to drive tamper signals from the XADC and the microblaze
Theory: Physically Unclonable Functions (1 hour)
  • Classes of PUFs

    • Analog PUFs
    • Memory PUFs
    • Timing-based PUFs
  • Examples of the above
  • Characteristics of PUFs

    • PUF Challenge
    • PUF Response
  • Overview of PUF analysis techniques
Assignment 4: Memory-Based PUFs
  • Students will instatatie the a Block RAM (BRAM) and connect it to the microblaze on the AXI bus
  • Students will access the PUF response by reading the memory contents from the dedicated memory
  • Students will observe the behavior of the RAM over multiple power cycles of the device
Assignment 5: Timing-Based PUFs
  • Students will implement a standard Arbiter-based PUF on the FPGA
  • Students will use a microblaze to challenge the PUF
  • Students will use the microblaze to measure the PUF response

Day 2

Theory: FPGA SoC Debug Interfaces (30 mins)
  • JTAG Overview
  • DIfferent JTAG TAPs on a FPGA SoC
  • FPGA Bitstream configuration
Assignment 6: JTAG and PROG Detection
  • Students create a circuit to detect JTAG signals post configuration
  • Students will create a circuit to detect FPGA configuration signals
  • Lastly, they will combine the detection circuits to drive a tamper signal
Assignment 7: Encrypting Arty Bitstreams
  • Students will create a bitstream encryption key and load it
  • Students will use Xilinx Bootgen to encrypt their bitstream
  • They will then flash their bitstream and boot an encrypted bitstream
Assignment 8: Single Use Encrypted Image
  • Students will create flash a BBRAM key and create an image that immediately clears the BBRAM key
  • The image will perform its function until reset
  • This process simulates a high security single use (or reprogrammable) device or a consumable.
Assignment 9: Discharging BBRAM key externally
  • Instructors will show example circuits for depleting the BBRAM key battery
  • Using an oscilloscope, instructors will demonstrate the tamper effect
  • Instructors will demonstrate the system response to a externally cleared BBRAM key

Class Requirements

  • A laptop/desktop capable of running VMware Workstation, VMware Fusion or the free VMware player (or another virtualization) and at least 60GB of available storage
  • To perform all parts of the hands-on assignments students will need to purchase a Digilent Arty A7-35T FPGA Development Board.
Training by Josh Datko and Dmitry Nedospasov

Josh Datko is an embedded systems engineer, security researcher and former submarine officer. Josh is best known for his part in the NSA Playset, as well as his research into cryptocurrency wallets.

Dmitry is a hardware hacker, hardware design engineer, security researcher, speaker, and reverse-engineerer. Dmitry did his PhD in the field of IC security and PUFs.

Can't attend? All of our trainings are also available as a private classes for your company.

Access all of our classes and profesionally edited recordings.
All of our courses are also available as private trainings.
Courses are offered multiple times in different timezones.