Stop Malicious Attacks on Your Designs with PUF Technology

By Christine Young, Blogger, Maxim Integrated

Large-scale attacks often start small. Such was the case with the Mirai malware attack in 2016—hacked video surveillance cameras and other network-connected consumer devices opened the doors to larger networks.

“Almost everything is connected these days. With that connectivity, these products really do face a lot of threats,” said Scott Jones, managing director of embedded security at Maxim, at the Embedded Security Conference (ESC) in San Jose late last year.

Research by Forrester noted that some 500,000 internet of things (IoT) devices were expected to be comprised in 2017. During his talk, Jones argued that secure authenticators could prevent these attacks by delivering strong hardware-based cryptography and secure storage of keys and data.

Without the protection of secure authenticators, devices such as pacemakers, security cameras, and ink cartridges can all be attacked

Secure authenticators offer features such as:

  • Symmetric and asymmetric algorithms
  • Bi-directional authentication
  • Secure use counting
  • System session key generation
  • Secure memory settings
  • Secure general-purpose IO (GPIO)
  • Random number source

These secure ICs can be used in a variety of applications, such as IP protection, device and message authentication, secure communication, data/firmware integrity, and device safety/quality assurance. “You could store keys in these devices that would be used by a microcontroller operating these parts,” Jones said. Take a medical device, for instance. In this application, a secure authenticator can be used to prevent, say, a surgical tool from being used beyond a prescribed number of times and also to safeguard it against modification. While secure authenticators provide fixed-function cryptography, they do have a rich feature set that provides a lot of opportunity for different uses, Jones pointed out.

Can Security Technologies Outsmart Cybercriminals?

Even though security solutions are getting more sophisticated, they are also under relentless and sophisticated attack by cunning cybercriminals. Fault injection, side-channel attacks, and invasive measures like probing and reverse-engineering are all cause for action. This action, in turn, has become stronger thanks to newer security technologies such as physically unclonable function (PUF) circuitry integrated into secure authenticators. Based on the random electrical properties of IC devices, PUF technology produces a unique and repeatable root cryptographic key for each IC. No two such ICs are the same. Plus, the key is generated only when needed, and it is never stored on the chip. Maxim’s PUF circuitry is called ChipDNA™ technology and can be found in its DS28E38 DeepCover® secure authenticator.

“PUF really is the decisive countermeasure against these invasive attacks,” Jones told his ESC audience. “This PUF solution can also simplify key management within a security IC.”

Maxim has been developing ChipDNA technology for a few years now, and is beginning to integrate it into new secure ICs. “We’re really good at analog at Maxim. This PUF implementation is based on an analog structure and the random characteristics of that analog structure,” Jones noted.

In an independent reverse-engineering examination of the DS28E38, MicroNet Solutions validated the robust level of security that the IC can provide. “In particular, the…PUF design and implementation of the circuit make it very robust against both physical and electrical attacks, and in MSI’s experience, this is one of the most effective PUF designs,” the company said in its report. The circuit has also demonstrated high reliability over process, temperature, aging, and voltage. Its key error rate (KER) reliability is at ≤5ppb, and PUF output evaluation to the NIST-based randomness test suite is successful with pass results.

ChipDNA Technology Use Cases

According to Jones, ChipDNA technology can be used in a variety of ways:

  • Internal memory encryption, with ChipDNA output used as the symmetric key and AES encrypting everything stored on device
  • ECDSA private key for signatures, where the PUF output is used directly as a private key for ECDSA signing
  • External memory encryption to encrypt externally stored data, such as from flash or EEPROM
  • Hardware anchor of trust, where the PUF secret is used by hardware-based cryptography to enable different layers of cryptography that a product would support

To learn more about how ChipDNA technology works, read Jones’s white paper, “How Unclonable, Turnkey Embedded Security Protects Designs from the Ground Up.”