All modern digital security systems need cryptographic algorithms as basic building blocks. There is a wide choice of well-researched algorithms for different purposes. Confidentiality, integrity and authenticity can be achieved with the right combination of these algorithms.
However, the security of these algorithms is fundamentally premised on keeping the underlying keys secret. Furthermore, security is increasingly often needed without user presence in hostile environments for safety critical applications e.g., sensors in autonomous cars or industrial control systems. The only feasible option is to store these keys, or at least a root key securely in hardware. With the rising sophistication of hackers and our increasing reliance on digital systems guaranteeing this secure key storage is a rising challenge. Given that roughly 50bln smart chips will be shipped this year, any solution
also needs to be scalable and cost effective.
Generating keys locally on the device is often not an option as there is usually no good source of entropy available to the host. Centralized key programming systems are complex and costly to maintain and form an ideal target for hackers. Today, keys are usually stored in some form of non-volatile memory like fuses, OTP, EEPROM or NAND FLASH. In each of these cases a physical change is applied to the material e.g., a fuse is blown, a charge is stored. Sophisticated reverse engineering equipment like a SEM or FIB allows hackers to measure these changes and retrieve the key.
A new security approach that avoids these issues is based on Physical Unclonable Functions (PUFs). A PUF is very hard to clone due to unique physical characteristics deep down in the transistors that originate from uncontrollable manufacturing process variations. These variations provide a good source of internal entropy. The PUF structure is unique as-is, it does not need to be programmed or altered to store a key, which means that there is nothing to read out with reverse engineering equipment.
Today, Static Random-Access Memory (SRAM)-based PUFs offer a mature and viable security component that is achieving widespread adoption in commercial products. SRAM-based PUFs use “normal” SRAM as a PUF source and do not need any special circuitry. Using a “fuzzy (key) extractor”, a stable unique key can be derived from the SRAM PUF. This fits very well with most current security architectures.
SRAM cells have been exhaustively characterized under all possible environmental conditions. Optimal Error Correction and privacy amplification algorithms have been developed that make the SRAM PUF extremely reliable under a white range of operating conditions. Companies have been adopting the SRAM PUF and achieved the highest level of certification. The technology is now deployed in many devices, from tiny microcontrollers and sensors to high performance FPGAs and secure elements. These implementations have consistently demonstrated the reliability and security of the technology.
We believe that SRAM-PUFs are a mature and robust technology that provide an unparalleled trade-off between security, cost and flexibility. Please check out our white paper with more information on how the SRAM-PUF works and how it is a reliable and robust option for key management.
<Click here to download the white paper>