On many occasions, Intrinsic ID has described how Physical Unclonable Functions (PUFs) are used to create and protect a strong cryptographic root key, such as in its white paper “SRAM PUF: The Secure Silicon Fingerprint.” However, a PUF as such only gets you so far. To actually secure the billions of devices that are being connected to the Internet of Things (IoT), every device needs to have the capability to protect sensitive data and secure communications. This is where the Intrinsic ID hardware IP product QuiddiKey® comes in.
Creating a Strong Root Key
The fundamental first step that QuiddiKey takes is to create a high-quality and secure cryptographic root key from tiny variations in the silicon of chips, which are device-unique and remain stable at every device startup and under all environmental circumstances. Deriving a root key with QuiddiKey has great security advantages compared to traditional key storage in non-volatile memory. Because the key is never permanently stored, it is not present when the device is not active (no key at rest), and hence cannot be found by an attacker who opens up the device and compromises the memory contents.
Deriving Multiple Keys
However, having a strong root key alone is not enough. Any security system typically requires more than a single cryptographic key. This is because:
- different algorithms expect keys with different lengths or different structures.
- different applications require secrets with different lifetimes.
- different users of a system typically need their own keys for authentication.
- if one key gets compromised, this should not affect the security of other secrets.
For these and other reasons, it is a well-established best practice in security design to use a single key only for a single purpose and/or a single application. To meet the single-key/single-use requirement, a key management component with the ability to generate multiple application keys from the previously described, strong root key should be used.
Click here to read more ...