Most widely used embedded key storage methods are based on One-Time Programmable (OTP) memory such as fuses or anti-fuses, or on Non-Volatile Memory (NVM) such as EEPROM or Flash. However, current key storage methods are facing threats including key leakage, manipulation, and deactivation. Key leakage is when the key has been revealed during operation. Manipulation often involves decapsulation and side channel attacks on the memory to change the value inside the memory. Deactivation uses fault injection to shut down the whole system.
The security level of a system highly depends on the strength of its keys and keeping them secret. PUFkeyst provides a key storage method, allowing secret keys to remain invisible when stored. PUFkeyst entangles the keys with an embedded NeoPUF so that while the input data (such as a shared key) may be the same between chips, the actual stored data is unique from chip to chip. This enhances the difficulty for attackers since now a complete key cannot be pieced together from partial keys of different chips. Moreover, PUFkeyst can effectively prevent from key manipulation by entangling with NeoPUF. Hence, the security level for key storage can be enhanced without involving a full-function crypto engine (key encryption key scheme).
Reaching high level secure storage without security algorithms: PUFkeyst
OTP memory is the most commonly used memory for key storage. It uses permanently programmed memory cells to implement small memories with good security properties. However, fuse technology often leaves visible clues to its written state that may be observed under microscope, making them vulnerable to reverse engineering. In order to protect stored keys, sometimes a key encryption key (KEK) scheme is used. KEK uses another key, separate from the key to be written, to encrypt the stored keys using a crypto engine.
PUFkeyst provide another solution for this dilemma. It uses the value of NeoPUF to entangle with the data itself to reach high security level without using KEK. When the secrets are injected into the device, it will be scrambled with NeoPUF to generate the unique stored secret different from the injected one. This will prevent against many physical attacks including decapsulation, microscope imaging, probing, etc. Moreover, due to the uniqueness of NeoPUF, the information stored inside PUFkeyst are different from chip to chip. It would prevent from attackers stealing the shared secret in one device and be able to hack into the whole system.