Engineering SRAM-PUF on Arduino microcontroller

The emergence of the Internet of Things (IoT) enables both people and devices to access services, data, and actuator control from remote locations, even spanning thousands of miles. Ensuring authentication, communication integrity, and confidentiality for IoT devices is essential for systems security and still an open challenge too. In this context, Physical Unclonable Functions (PUFs) have gained significant attention due to their ability to generate stable, tamper-resistant, and random fingerprints that can be successfully exploited to provide cryptography keys or to implement authentication schemes. However, PUFs necessitate dedicated hardware, making them costly and available only in specific designs, thereby impeding their broader adoption. In this paper, we enable the usage of static random access memory (SRAM)-based PUF on Arduino UNO device, an open-source board implemented upon an ATMega328P, without requiring special hardware. We analyze SRAM PUF quality parameters and how to reconstruct a reliable cryptography key by engineering a fuzzy extractor. Additionally, we design a secure bootloader as root-of-trust and, as a case study, we detail how to authenticate Arduino Sketches and how to implement an authentication scheme.