New IP bypasses the need for ID enrollment
Article By : Majeed Ahmad
The new physically unclonable function (PUF) doesn't need extensive enrollment and rebuilding phases to improve quality of ID or key.
Security is no longer an afterthought in embedded systems, especially the connected devices serving the Internet of Things (IoT), and it’s apparent from traction that new technologies like physically unclonable function (PUF) are getting in chips spanning from microcontrollers to high-performance FPGAs. The PUF technology facilitates root-of-trust in an easy, cost-effective, and flexible manner without needing to store keys.
Figure 1 PUF exploits the variations inherent in the device to produce a unique, unclonable response from the device to a given input. Source: Secure-IC
However, while PUFs have been introduced to generate specific key numbers for a chip, it’s challenging to guarantee a low probability of identical IDs across separate chips. According to Secure-IC, a Cesson-Sévigné, France-based security solutions provider for embedded systems and connected objects, about 90% of PUF technologies cannot function independently due to their subpar performance. As a result, PUFs require an extensive enrollment phase and a rebuilding phase to improve the quality of the ID or key.
In short, PUFs can only serve as a reliable security source with enrollment phase for the cryptographic key construction. And enrollment phase is a costly process since each chip must be personalized on its own. It comprises four phases: lengthy measurements, characterization, helper data derivation, and eventually, helper data programming. But that’s not supportive of the efficient personalization steps required at the test stage when producing chips at scale.
Moreover, the need for enrollment leaves the door open to hackers trying to subvert the enrollment, for instance, by forcing all the bits of the key to be the same. To address the challenges related to enrollment and rebuilding phases, high costs, and concerns regarding the system’s vulnerability to attacks, Secure-IC has joined hands with hardware and software security specialist Trasna to introduce a PUF solution that does not require any enrollment phase nor a rebuilding phase.
Figure 2 The new PUF IP eliminates the need for an enrollment phase for cryptographic key construction. Source: Secure-IC
The new PUF IP can generate one or a few unique IDs or keys working straight out of the box. These unique IDs can serve as the foundation for secure booting of the chip, root-of-trust, and lifecycle management.
This development shows how PUFs are overcoming design hurdles and making headway in the IoT security realm despite being a new technology. The new PUF IP from Secure-IC, which complies with the ISO/IEC 20897 cybersecurity standard, has been integrated into Trasna’s system-on-chip (SoC) solution serving narrowband NB-IoT applications.
PUFs are being streamlined for integration into chips aiming to bolster their security credentials. Embedded World 2023 will be a good place to gauge their design progression and their place in future SoCs and chiplets.
This article was originally published on EDN.
Majeed Ahmad, Editor in Chief of EDN and Planet Analog, has covered electronics design industry for longer than two decades. During this period, he has worked in various editorial positions, including assignments for EE Times Asia and Electronic Products. He holds a Masters’ degree in telecommunication engineering from Eindhoven University of Technology.
