PUFcc Datasheet
PUFrt Datasheet
The Challenge of Automotive Hardware Security Deployment
A complete reinvention of the automotive industry is currently underway. Autonomous driving, connected vehicles, and the electrification of the powertrain all represent a once-in-a-generation shift in the manufacturing process. Traditional carmakers are repositioning themselves as technology companies, inserting upwards of three thousand chips in a new car today. These changes put tremendous pressure on delivering […]
Safeguarding the Arm Ecosystem with PSA Certified PUF-based Crypto Coprocessor
Co-authors Lawrence Liu (劉持志) / Dr. Evans Yang (楊青松)/ Stephanie Smith Silicon-to-System Security For the past five years, Arm has reaffirmed its commitment to safeguarding its architecture with their Security Manifesto. It outlines a clear “call to arms” for the semiconductor industry to address the rising threats facing computing today. Software alone can only mitigate […]
Keeping Digital Assets Safe: PUF-based Security Solutions for Flash Memory
One of the major problems today is the security concerns of digital assets, especially those stored within the non-volatile memory. Flash is a very popular non-volatile memory in consumer electronics, providing highly efficient storage solutions for code, data, etc. However, Flash is still facing threats brought by physical attacks with increasing connectivity. eMemory’s subsidiary, PUFsecurity, […]
How PUF-based RoT Can Solve IoT Security Issues
The security issues surrounding the internet of things (IoT) devices range from tiny semiconductors to global supply chains. PUFsecurity, a key provider of intellectual property (IP) that helps strengthen security at the chip level, hosted a forum of IoT experts to discuss the industry’s challenges and outlook. We Need to Build Trust for each IoT […]
Vital Ways to Prevent a Cyberattack
Vital Ways to Prevent a Cyberattack In mid-December last year, SolarWinds, a company specializing in IT management solutions, was at the center of a software supply chain attack. Not only did attackers damage SolarWinds’ software development environment and code signing infrastructure, but they also implanted malicious backdoors around the world. The attackers released fake software […]
Security Innovations That Are Helping Businesses in 2021
More people are now online than ever before. According to Time, internet use is up 35%, and it’s mostly due to how we’re home for longer than usual right now. Organizations, too, have had to adapt and shift their operations online, and now more businesses than ever are operating via a remote setup. This may seem like a […]
2020 Security on Chip Tech Forum Highlights
On Thursday December 3rd, 2020, PUFsecurity and eMemory along with our co-organizers, The Ministry of Science and Technology, IEEE CAS, and the Program Office of Semiconductor Manufacturing and Design for AI Edge, hosted a Security on Chip Tech Forum. The event took place at the Taiwan Semiconductor Research Institute (TSRI) and was a whole day […]
安全加密協处理器: PUFcc
在资讯安全普遍被认同需要重视、予以保护的互联世界中,IoT设备与服务器间的握手协议则须仰赖以非对称式算法为主的公钥加速PKC算法(Public Key cryptography),方能实现安全连线的建立,并因应互联应用的相关硬件密钥更新与线上固件更新保护。在设备或服务器的系统执行开机程序、启动安全检查时(secure boot),亦需仰赖相关的对称式算法(比方AES) 与杂凑摘要(比方Hash)算法方能实现。因此,芯片安全解决方案不仅仅止于信息安全存储,还包括安全程序运行与安全边界的建立,缺一不可。 PUFcc是专门为IoT应用而创建的解决方案。其旨在支持安全连线的建立、系统启动代码的安全开机、与安全线上固件更新。PUFcc由硬件信任根(PUFrt)与完整的加解密引擎所组成,以适配各种不同应用所需的加解密算法支持。除了信息安全的机密性、完整性、真实性和随机性等基础安全需求,更能担任系统的安全领航员为启动程序加载与安全线上固件升级等较进阶的功能提供硬件加速,并完美支持各种芯片级微处理器(比如ARM / RISC-V),是性價比相當高的安全协处理器。 进一步剖析PUFcc,其提供了安全存储、密钥管理与负责加解密算法模块,例如SHA-2完整性检查,AES块密码和PKC的原始功能,以协助系统进行数字签名和密钥管理。针对密钥管理,PUFiot还提供了基于NIST发布的标准密钥包装(KWP)和密钥派生(KDF)功能,专门用于密钥的安全引用与安全导出,增加密钥的安全性与减少密钥暴露于系统总线上的脆弱性。 通过完整灵活的算法模块化设计,可以根据每个用户的特定客制PUFcc的加解密算法模块。例如,使用SM4替换AES作为分组密码的选择,使其俱备高适配性的互联网安全应用。 不仅如此,为了降低的芯片在系统层级的复杂度,PUFiot®支持APB标准协议接口,用于PUFcc寄存器命令处理; 至于高速内置DMA模块的接口,则采用AXI4接口,可快速访问于储存于系统内存中的较大量数据。 除硬件IP外,PUFcc还提供标准的软件内容,包括Linux bare-metal firmware和high-level API,以缩短软件开发部署时程。 总结而言,PUFcc是一种以PUF为安全基底的高安全性加解密协作处理器。与传统的SoC安全设计(具有安全核心或分立加密组件的嵌入式HSM)相比,PUFcc除了提供有效的算法执行功能之外,更采用硬件信任根PUFrt,直接提高使用其系统的安全存储功能,更无需在处理器核心或操作系统上增加额外负担。 透过九大功能模块的协调运作(表一),密钥管理和敏感信息终将受到良好保护;PUFcc内部的密钥定义明确,并提供完整的安全边界,无需担心密钥曝露的风险。基于安全考虑,PUFcc也支持密钥销毁(全零化)功能,可做为系统最后确保安全的后盾。 PUFcc是基于硬件的物理隔离所设计,提供了可靠的安全边界,使其强化有别于纯软体安全设计的弱点。PUF是天生自带保护能力的静态熵源,适合SoC架构师使用密钥生成和管理程序来构建系统的密钥层次结构。