Countermeasures to frequency alteration attacks on ring oscillator based physical unclonable functions

What is claimed is: 1. A system for providing security in a computer system, the system being implemented in an integrated circuit and comprising a physical unclonable function (PUF) device and one or more logic circuits that at startup of the computer system are configured to at least: call the PUF device a preset plurality of times with an identical input value to generate a plurality of PUF values that are used as candidate identifiers of the integrated circuit; apply a hash function to the candidate identifiers to produce respective hash values; access a reference hash value from a non-volatile memory, the reference hash value being from application of the hash function to an accepted identifier of the integrated circuit; verify all of the respective hash values using the reference hash value; and enable the computer system to boot up in a first mode when a respective hash value of the respective hash values is verified, or otherwise enable the computer system to boot up in a second mode when none of the respective hash values is verified, the respective hash value being for a candidate identifier of the candidate identifiers that matches and is thereby construed as the accepted identifier; wherein the first mode is a normal operation mode in which the computer system is caused to at least: load firmware and data into memory of the computer system; perform data authentication on the firmware and data using the accepted identifier; and perform a decryption operation on the firmware and data with a key, and wherein the second mode is a fake operation mode that mimics the normal operation mode in which the computer system is caused to at least: load the firmware and data into the memory of the computer system; perform the data authentication on the firmware and data without the accepted identifier, and ignore any errors in the data authentication; and perform the decryption operation on the firmware and data with a preset invalid key. 2. The system of claim 1 , wherein the PUF device includes a plurality of ring oscillators, and the input value of the PUF device includes a sequence of pairs of identifiers of ring oscillators of the plurality of ring oscillators. 3. The system of claim 2 , wherein the one or more logic circuits being configured to call the PUF device includes for each of the preset plurality of times, the one or more logic circuits being configured to apply the identical input value in which each pair of identifiers in the sequence causes the PUF device to compare oscillation frequencies of a respective pair of the ring oscillators and output a bit value indicating which is larger, the bit value being one of a sequence of bit values output over the sequence of pairs of identifiers. 4. The system of claim 3 , wherein the sequence of bit values is one of the plurality of PUF values corresponding to the input value. 5. The system of claim 2 , wherein the PUF device further includes two multiplexers, wherein each multiplexer is configured to select one ring oscillator from the plurality of ring oscillators to thereby form a pair of ring oscillators. 6. The system of claim 5 , wherein the PUF device further includes two counters configured to measure the oscillation frequencies of the pair of ring oscillators. 7. The system of claim 6 , wherein the PUF device further includes a comparator configured to compare the oscillation frequencies of the pair of ring oscillators. 8. The system of claim 1 , wherein the one or more logic circuits being configured to verify all of the respective hash values includes for each hash value of the respective hash values, the one or more logic circuits being configured to compare the hash value to the reference hash value to determine whether the hash value matches the reference hash value and the hash value is thereby verified. 9. The system of claim 1 , wherein the accepted identifier is used as a component of a root cryptographic key of the computer system. 10. The system of claim 1 , wherein the one or more logic circuits being configured to enable the computer system to operate in the second mode includes being configured to cause the computer system to boot up in the second mode in which the computer system is caused to report a security error to a user of the computer system after a preset delay. 11. A method implemented by a system for providing security in a computer system, the system being implemented in an integrated circuit and comprising a physical unclonable function (PUF) device, at startup of the computer system: calling the PUF device a preset plurality of times with an identical input value to generate a plurality of PUF values that are used as candidate identifiers of the integrated circuit; applying a hash function to the candidate identifiers to produce respective hash values; accessing a reference hash value from a non-volatile memory, the reference hash value being from application of the hash function to an accepted identifier of the integrated circuit; verifying all of the respective hash values using the reference hash value; and enabling the computer system to boot up in a first mode when a respective hash value of the respective hash values is verified, or otherwise enabling the computer system to boot up in a second mode when none of the respective hash values is verified, the respective hash value being for a candidate identifier of the candidate identifiers that matches and is thereby construed as the accepted identifier; wherein the first mode is a normal operation mode in which the computer system is caused to at least: load firmware and data into memory of the computer system; perform data authentication on the firmware and data using the accepted identifier; and perform a decrypt operation on the firmware and data with a key, and wherein the second mode is a fake operation mode that mimics the normal operation mode in which the computer system is caused to at least: load the firmware and data into the memory of the computer system; perform the data authentication on the firmware and data without the accepted identifier, and ignore any errors in the data authentication; and perform the decryption operation on the firmware and data with a preset invalid key. 12. The method of claim 11 , wherein the PUF device includes a plurality of ring oscillators, and the input value of the PUF device includes a sequence of pairs of identifiers of ring oscillators of the plurality of ring oscillators. 13. The method of claim 11 , wherein calling the PUF device includes for each of the preset plurality of times, applying the identical input value in which each pair of identifiers in the sequence causes the PUF device to compare oscillation frequencies of a respective pair of the ring oscillators and output a bit value indicating which is larger, the bit value being one of a sequence of bit values output over the sequence of pairs of identifiers. 14. The method of claim 13 , wherein the sequence of bit values is one of the plurality of PUF values corresponding to the input value. 15. The method of claim 12 , wherein the PUF device further includes two multiplexers, wherein each multiplexer is configured to select one ring oscillator from the plurality of ring oscillators to thereby form a pair of ring oscillators. 16. The method of claim 15 , wherein the PUF device further includes two counters configured to measure the oscillation frequencies of the pair of ring oscillators. 17. The method of claim 16 , wherein the PUF device further includes comparator configured to comp