The accelerating expansion of the Internet of Things brings with it a comparably expanding threat model. The growing number of endpoints require strong identities as the foundation of trust to establish and scale robust security. BroadKey is a secure root key generation and management software solution for IoT security that allows device manufacturers to secure their products with an internally generated, unique identity without the need for adding a costly, security-dedicated silicon. Since BroadKey is a software implementation of SRAM PUF, it is the only hardware entropy source option for securing IoT products that does not need to be loaded at silicon fabrication. It can be installed later in the supply chain, and even remotely retrofitted on deployed devices. This enables a never-before-possible remote “brownfield” installment of a hardware root of trust and paves the way for scaling the IoT to billions of devices.
SRAM PUF has been deployed in Arm, Intel and RISC-V processor environments.
More than 175 million devices are secured with SRAM PUF.
- Low Cost, Flexible & Secure:
- This software-only product is easy to integrate and improves time to market. No need for additional or modified silicon. Wrapped keys can be stored securely in unprotected memory. BroadKey works on all MCUs, CPUs and allows for brownfield deployments of hardware-based security.
- Operating Ranges: SRAM PUF responses have been qualified for use with BroadKey over a wide operating range:
- - Qualified top semiconductor fabs and technology nodes ranging from 350nm down to 7nm
- - Semiconductor processes include low power, high speed and high density
- - Temperature range from -55°C to 150°C [-67°F to 300°F]
- - Voltage supply variation +/- 20%
- - Lifetime > 25 years
- Use standard SRAM
- Unclonable and immutable
- Device-unique high-quality keys
- No secrets when power is off
- No root key programming
- Flexible and scalable
- BroadKey Software IP is delivered as a library compiled for a specific target chip, along with API specifications and user manual.
- BroadKey is available in three configurations:
- BroadKey-Pro: Device-unique key derivation, random number generation, key wrapping and management, elliptic curve-based public key crypto functions and public key infrastructure (PKI) elements required to establish secure device-to-cloud connections, such as certificate signing request (CSR) and self-signed certificates (SSC).
- BroadKey-Plus: Device-unique key derivation, random number generation, application key wrapping and management
- BroadKey-Safe: Low footprint, device-unique key derivation and random number generation
- Secure Key Storage
- Flexible Key Provisioning
- HW-SW Binding
- Supply Chain Protection
Block Diagram of the Hardware Root of Trust Software to Create, Wrap and Manage Keys