For the first time, we use a unique feature of S/D variation of FinFET to realize PUF (Physical unclonable function) and TRNG (True random number generator). With the scaling of transistors, S/D variation becomes significant. This provides an opportunity to use the mismatch of the S/D resistances for the design of PUF. Method has been developed to first rule out those less significant factors of variation. Then, a PUF is developed based on the dominant S/D variation. In terms of the security, this PUF exhibits ideal un-biased normal distribution of hamming distance, and narrow distribution of hamming weight in the range of 45%~55%. The unstable bit rates are also very low (1.17%) under room temperature and 3.12% under 150°C, benchmarked on a 256 bits array. Meanwhile, as a result of the defect (in the form of traps) at the drain/substrate junction, RTN behavior was observed from the current measured between drain/source and substrate, named Ib-RTN. It provides us a way to implement a TRNG This TRNG passed NIST test up to 9 items. Overall, the S/D mismatch PUF and Ib-RTN TRNG demonstrated great potential to meet the requirements of the IoT security application.