Reliable, cost-effective ICs with integrated physically unclonable function (PUF) technology have only recently become available. In this blog post, I’ll demystify PUF technology to help you better understand how and why it could benefit your design.
So, let’s start with some basic explanations. Examining the physical design of a chip, you’ll recognize that every piece of silicon manufactured has minor differences. Even though silicon manufacturing processes are highly accurate, there are still variances in each circuit manufactured. PUF exploits these minute differences in order to generate a binary value, i.e. a unique number on each chip. With enough PUF cells, you can create arbitrary-length numbers with good properties of randomly generated numbers. Where PUF technology provides the most value is when it is used for secret keys.
Secret keys are essential in digital security. To secure anything in the digital world, you’ll need to implement some form of encryption. The right cryptographic tools can help you protect communications from point A to point B (confidentiality), detect whether messages received have been tampered with (integrity), and prove that a device belongs to a particular group or network (authentication). In each of these scenarios, secret keys play an integral role in the security process. With access to the secret key, an attacker could wreak all kinds of havoc—impersonating a valid device, creating fraudulent messages, or listening to sensitive communications, for example.
With PUF technology, cryptographic keys are generated only when needed and are not stored anywhere.
In silicon, the secret keys are typically stored in some kind of memory cell. For example, some systems use non-volatile memories like NOR/NAND flashes or special external memory chips like battery-backed SRAMs. When the main system microcontroller or microprocessor needs to use that secret key, it must read it over a memory bus, where that key is transmitted in the clear. To protect that key, some systems implement extensive and expensive physical security methods to hinder attackers from monitoring those clear-text transmissions. Cost aside, however, these methods, are not completely failsafe.
Storing secret keys in the same place they will be used could be more effective. For embedded systems, this is often the non-volatile memory, so the keys get programmed into flash or EEPROM, or perhaps manufactured into a ROM. However, while the secret keys remain on chip, physical techniques such as microprobing can still uncover those keys. What’s more, when power is removed from the system, the secret key contents remain stored in flash, EEPROM, and ROM. If an attack is detected, there is no power available to erase those memories. Battery-backed SRAM addresses this vulnerability, and is even better when used with tamper-detection sensors. With these technologies, very low-power sensors operate from a small battery to detect various physical attacks, erasing the small battery-backed SRAM that stores the secret keys if an attack is detected. Should an attacker remove the battery to disable the sensors, this act also removes power from the SRAM and the secret key information is lost. The battery in this approach, however, does add to the cost and size of the overall solution, not to mention environmental concerns.
What Makes PUF a More Secure Solution?
With an effective PUF implementation, you can overcome the limitations of conventional key storage:
- Under normal operating conditions, PUF circuitry is inherently non-volatile, so no battery or other permanent power source is required. While the number read from any IC’s PUF circuitry should have good random characteristics, the PUF in the IC will reliably produce the same result every time.
- Attempts to physically probe the PUF implementation will dramatically change the characteristics of that PUF circuit, and result in a different number being produced.
- The key from PUF can be generated only when required for a cryptographic operation and can be instantaneously erased thereafter.
So, what you get from a PUF implementation are the bill-of-materials (BOM) and environmental benefits of non-volatile memory with the security of a tamper-reactive SRAM. While PUF technology alone isn’t sufficient to assure key security, it does help to make sure the embedded device is not the vulnerable spot in a system that draws unwanted attention from attackers.
Technologies used in attacks continue to become more sophisticated and, unfortunately, accessible. PUF technology, one of the more robust security technologies now available, can help protect your devices from threats for the foreseeable future. For a deeper dive into this topic, read my article, “Demystifying the Physically Unclonable Function (PUF),” in Embedded Computing Design.
