In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it. The information or data, referred to as plaintext, will be encrypted by a crypto algorithm to generate encrypted information, or so-called ciphertext. Protecting keys is critical to the whole system. Normally, the key encryption key (KEK) is used for protecting a cryptographic key.
PUFenc uses NeoPUF as the key for encryption. It extracts a NeoPUF value to generate the crypto engine key. On the other hand, only when the key is needed by the system can the value be extracted. This provides a more secure key for a crypto engine without using KEK. Moreover, PUFenc allows flexible choice of different key lengths for a crypto engine.
Secure inborn crypto engine keys with key length flexibility: PUFenc
For managing cryptographic keys, the most commonly used methods are storing keys in an external memory or inside an embedded hardware security module (HSM). This can separate keys and memory to reduce the chance of lost keys when a database is hacked. Moreover, this can provide additional flexibility for key management.
PUFenc is an on-chip cryptographic key for different types of security algorithms from NeoPUF. With NeoPUF, the crypto engines in different chips are equipped with unique keys to generate different ciphertext while inputting the same plaintext. Moreover, a cryptographic key is extracted only when the crypto engine requires it. NeoPUF s perfect reliability ensures the exact same key can be generated every single time. This can lower the risk of key exposure, which is common when NVM is used for key storage.
- Embedded NeoPUF prevents man-in-the-middle attacks.
- The technology provides high-quality keys for crypto engines.
- NeoPUF values are used as unique keys, preventing collisions.
- Cryptographic keys will be constructed only when needed, and they cannot be extracted by unauthorized means.
- Traditional methods for managing cryptographic keys provide many ways to protect keys such as integrity checks, access control and confidentiality. A key recovery process is also provided in the event of attacks or key loss. However, this recovery process requires the reconfiguration of internal hardware or system software in a secure status. Unfortunately, these traditional methods increase the possibility of man-in-the-middle attacks when keys are transmitted.
- Unlike conventional cryptographic key management, PUFenc uses NeoPUF as the cryptographic key for engines. It can prevent man-in-the-middle attacks since NeoPUF is embedded inside the chip and cannot be read out. On the other hand, thanks to the uniqueness of NeoPUF, cryptographic keys vary from chip to chip.
- This can effectively prevent reverse engineering by hacking one device to get a cryptographic key that can be used to access all encrypted data in a system. Lastly, with its ideal randomness, PUFenc also provides a high-quality key for crypto engines, increasing the difficulty of brute attacks.