Intrinsic-ID has joined with seven other key players to launch the hardware intrinsic security (HIS) initiative as an educational forum dedicated to promoting the use of HIS solutions. Initial members include representatives of Cisco Systems, imec, Intrinsic-ID, Irdeto, NXP Semiconductors, SiVenture, TSMC and Virage Logic Corporation.
These firms recognized the need for a new level of hardware security to combat semiconductor device counterfeiting and enforce secure content encryption. The initiative will promote this message by means of joint papers, panels, seminars and proof points on reliability and security.
Around 10% of electronics products are counterfeit, according to a report from business intelligence firm KPMG. Large-scale fraud registered by network infrastructures and multi-media providers forms a strong incentive for investigating new hardware security options, and one option that all members of the initiative apparently agree on is hardware intrinsic security.
Standard practice for secure communication is use a combination of public algorithms and secret keys to encrypt and sign data. If the secret key is revealed, the system is broken and cannot guarantee security. A competent attacker can retrieve the key if it is stored off-chip by tapping the bus between external memory and the chip. To avoid this, embedded on-chip storage systems store the key in the device that performs the security operations. However, with on-chip storage a determined attacker can use various tools to gain access to the key. These tools may be sophisticated and expensive, but they gradually become more widespread and affordable, putting secret keys at risk.
HIS solutions derive secret keys from the hardware's intrinsic characteristics instead of storing them. This approach allows a device to generate a secret key only when needed and power down with no key present, so there is no key to be extracted. This approach is based on physically unclonable functions (PUFs), such as deep submicron manufacturing process variations that are unique to each device. Intrinsic-ID uses memory-based PUFs based on reading out a SRAM's unique micro- or nano-scale physical properties to generate the equivalent of an electronic circuit fingerprint.
A commercial HIS implementation called Quiddikey comprises three functional modules: a PUF measurement circuit, an activation code constructor, and a key extractor. During the enrolment phase, the PUF measurement circuit reads out the device-unique characteristics of the PUF, which the activation code constructor module uses together with a user key to compute an activation code.
The key can only be obtained later through a reconstruction phase, whereby the key extractor reconstructs the key based on the PUF measurement and the activation code. After it is used to authenticate or configure a chip, the key is removed from all internal registers and memories.
Image: Intrinsic-ID
Informative articles
Password forgotten?
)
