Hardware Based Security
Gabe Moretti, Senior Editor
If there is one thing that is obvious about the IoT market it is that security is essential. IoT applications will be, if they are not already, invasive to the life of their users and the privacy of each individual must be preserved. The European Union has stricter privacy laws than the US, but even in the US privacy is valued and protective.
Intrinsic-ID has published a white paper “SRAM PUF: The Secure Silicon Fingerprint” that you can read in the Whitepapers section of this emag, or you can go to www.intrinsic-id.com and read it under the “Papers” pull down.
For many years, silicon Physical Unclonable Functions (PUFs) have been seen as a promising and innovative security technology that was making steady progress. Today, Static Random-Access Memory (SRAM)-based PUFs offer a mature and viable security component that is achieving widespread adoption in commercial products. They are found in devices ranging from tiny sensors and microcontrollers to high performance Field-Programmable Gate Arrays (FPGAs) and secure elements where they protect financial transactions, user privacy, and military secrets.
Intrinsic-ID goal in publishing this paper is to show that SRAM PUF is a mature technology for embedded authentication. The behavior of an SRAM cell depends on the difference of the threshold voltages of its transistors. Even the smallest differences will be amplified and push the SRAM cell into one of two stable states. Its PUF behavior is therefore much more stable than the underlying threshold voltages, making it the most straightforward and most stable way to use the threshold voltages to build an identifier.
It turns out that every SRAM cell has its own preferred state every time the SRAM is powered resulting from the random differences in the threshold voltages. This preference is independent from the preference of the neighboring cells and independent of the location of the cell on the chip or on the wafer.
Hence an SRAM region yields a unique and random pattern of 0’s and 1’s. This pattern can be called an SRAM fingerprint since it is unique per SRAM and hence per chip. It can be used as a PUF. Keys that are derived from the SRAM PUF are not stored ‘on the chip’ but they are extracted ‘from the chip’, only when they are needed. In that way they are only present in the chip during a very short time window. When the SRAM is not powered there is no key present on the chip making the solution very secure.
Intrinsic-ID has bundled error correction, randomness extraction, security countermeasures and anti-aging techniques into a product called Quiddikey. This product extracts cryptographic keys from the SRAM PUF in a very secure manner and is available as Hardware IP (netlist), firmware (ANSI C Code), or a combination of these.
The hardware IP is small and fast – around 15K gates / 100K cycles – and connects to common interconnects like AMBA AHB, APB as well as proprietary interfaces. A Built-In Self-Test (BIST) and health checks are included in the logic. Since it is pure digital, single clock logic it synthesizes readily to any technology. Software reference implementations start from 10KB of code and are available for major platforms like ARM, ARC, Intel and MIPS. Software implementations can be used to add PUF technology to existing products by a firmware upgrade.
I will deal with security issues in more depth in September. In the mean time the Intrisic-ID white paper is worth your attention