Tackling the Challenges of Advanced Silicon Chips: an Innovative Approach to Safe and Reliable SRAM Repair
The Rising Demand for Higher SRAM Density in AI and DPU Applications Along with the rise of the Internet of Things (IoT), mobile devices, and edge computing, the boom of AI-enhanced features has enabled applications to add in even greater functionality, such as intelligent sensing, in-vehicle driver assistance (ADAS), voice recognition, etc., all of which […]
Embracing a More Secure Era with TLS 1.3
TLS 1.3 offers attractive speed and security improvement benefits that are hard to ignore. The handshake phase was sped up by removing one or more roundtrips (back and forth messaging between client and server) in TLS 1.3 – with “or more” meaning that for certain cases, roundtrips can be entirely eliminated (0-RTT). During the round phase, TLS 1.3 has added support for the generally faster Digital Signature Algorithm (DSA) over Edwards curves (EdDSA), as compared to DSA over elliptic curves (ECDSA).
Post-Quantum Cryptography (PQC) – On the Road to Preparedness
As more and more governments and private sectors embark on standardizing quantum cryptography, the era of quantum computing seems imminent. In the face of this new wave, it is imperative to equip ourselves for the forthcoming challenges and opportunities thoroughly. This article will cover some basic concepts of quantum computing, how quantum computing is related […]
The Challenge of Automotive Hardware Security Deployment
A complete reinvention of the automotive industry is currently underway. Autonomous driving, connected vehicles, and the electrification of the powertrain all represent a once-in-a-generation shift in the manufacturing process. Traditional carmakers are repositioning themselves as technology companies, inserting upwards of three thousand chips in a new car today. These changes put tremendous pressure on delivering […]
Securing System-on-Chips: Hardware Protection in the Age of Chiplets
It seems that almost weekly, the semiconductor industry’s all-encompassing barometer, Moore’s Law, is pronounced dead, dying, or actually healthier than ever. As the debate continues to speculate on its health, there is an unequivocal certainty that singular monolithic chip designs are simply becoming unsustainable as FinFET technology replaces a larger slice of the traditional 2D […]
Keeping Digital Assets Safe: PUF-based Security Solutions for Flash Memory
One of the major problems today is the security concerns of digital assets, especially those stored within the non-volatile memory. Flash is a very popular non-volatile memory in consumer electronics, providing highly efficient storage solutions for code, data, etc. However, Flash is still facing threats brought by physical attacks with increasing connectivity. eMemory’s subsidiary, PUFsecurity, […]
PUFrt: Solving Chip Security’s Weakest Link
In the 19th century, Netherland’s cryptographer, Auguste Kerckhoff, created Kerckhoffs’s principle, stating that “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.”
Securing the IC Supply Chain – Integrating PUF-Based hardware security
The semiconductor supply chain is vulnerable to hacks that threaten valuable intellectual property and the operation of electronic devices that we depend on. This article outlines how a combination of Physical Unclonable Function (PUF) + blockchain + smart contract technology can help safeguard the industry. Semiconductors are vulnerable to non-invasive attacks such as side-channel analysis, […]
Adopting PUF to Implement Zero Trust Architecture
The Executive Order issued by the US White House on May 12, 2021, requires the federal government to modernize its approach to cybersecurity by advancing toward Zero Trust Architecture (ZTA) [1]. A physically unclonable function (PUF) is a key technology that supports the identity-centric policy model of ZTA. A PUF enables inborn ID and self-generated […]
How PUF-based RoT Can Solve IoT Security Issues
The security issues surrounding the internet of things (IoT) devices range from tiny semiconductors to global supply chains. PUFsecurity, a key provider of intellectual property (IP) that helps strengthen security at the chip level, hosted a forum of IoT experts to discuss the industry’s challenges and outlook. We Need to Build Trust for each IoT […]
Webinar: The Secure Coprocessor for Secure Supply Chain
PUFcc (former PUFiot) is a novel high-security crypto coprocessor. This highly integrated hardware root-of-trust has integrated NIST-certified cryptographic engines, embedded tRNG, PUF, and secure OTP. It also comprises a standard interface, DMA, memory management unit, and API/FW SDK to help and realize SoC implementation secure operation. PUFcc can not only reduces the costly procedure of […]
Webinar: PUFcc, The PUF-based Crypto Coprocessor
PUFcc (former PUFiot) is a novel high-security crypto coprocessor. This highly integrated hardware root-of-trust has integrated NIST-certified cryptographic engines, embedded tRNG, PUF, and secure OTP. It also comprises a standard interface, DMA, memory management unit, and API/FW SDK to help and realize SoC implementation secure operation. PUFcc can not only reduces the costly procedure of […]
Standardized PUF-based Solution for Device eID
1. Introduction Generally speaking IoT/AIoT networks require strong identification /authentication, secure update, secure boot, secure communication, and data encryption for IoT devices [1]. Typically, the IoT device logs in on its own and sends data on its own. Consequently, authenticating the potentially billions of IoT devices to the server and among themselves becomes a big concern. Thus, securing […]
安全加密協处理器: PUFcc
在资讯安全普遍被认同需要重视、予以保护的互联世界中,IoT设备与服务器间的握手协议则须仰赖以非对称式算法为主的公钥加速PKC算法(Public Key cryptography),方能实现安全连线的建立,并因应互联应用的相关硬件密钥更新与线上固件更新保护。在设备或服务器的系统执行开机程序、启动安全检查时(secure boot),亦需仰赖相关的对称式算法(比方AES) 与杂凑摘要(比方Hash)算法方能实现。因此,芯片安全解决方案不仅仅止于信息安全存储,还包括安全程序运行与安全边界的建立,缺一不可。 PUFcc是专门为IoT应用而创建的解决方案。其旨在支持安全连线的建立、系统启动代码的安全开机、与安全线上固件更新。PUFcc由硬件信任根(PUFrt)与完整的加解密引擎所组成,以适配各种不同应用所需的加解密算法支持。除了信息安全的机密性、完整性、真实性和随机性等基础安全需求,更能担任系统的安全领航员为启动程序加载与安全线上固件升级等较进阶的功能提供硬件加速,并完美支持各种芯片级微处理器(比如ARM / RISC-V),是性價比相當高的安全协处理器。 进一步剖析PUFcc,其提供了安全存储、密钥管理与负责加解密算法模块,例如SHA-2完整性检查,AES块密码和PKC的原始功能,以协助系统进行数字签名和密钥管理。针对密钥管理,PUFiot还提供了基于NIST发布的标准密钥包装(KWP)和密钥派生(KDF)功能,专门用于密钥的安全引用与安全导出,增加密钥的安全性与减少密钥暴露于系统总线上的脆弱性。 通过完整灵活的算法模块化设计,可以根据每个用户的特定客制PUFcc的加解密算法模块。例如,使用SM4替换AES作为分组密码的选择,使其俱备高适配性的互联网安全应用。 不仅如此,为了降低的芯片在系统层级的复杂度,PUFiot®支持APB标准协议接口,用于PUFcc寄存器命令处理; 至于高速内置DMA模块的接口,则采用AXI4接口,可快速访问于储存于系统内存中的较大量数据。 除硬件IP外,PUFcc还提供标准的软件内容,包括Linux bare-metal firmware和high-level API,以缩短软件开发部署时程。 总结而言,PUFcc是一种以PUF为安全基底的高安全性加解密协作处理器。与传统的SoC安全设计(具有安全核心或分立加密组件的嵌入式HSM)相比,PUFcc除了提供有效的算法执行功能之外,更采用硬件信任根PUFrt,直接提高使用其系统的安全存储功能,更无需在处理器核心或操作系统上增加额外负担。 透过九大功能模块的协调运作(表一),密钥管理和敏感信息终将受到良好保护;PUFcc内部的密钥定义明确,并提供完整的安全边界,无需担心密钥曝露的风险。基于安全考虑,PUFcc也支持密钥销毁(全零化)功能,可做为系统最后确保安全的后盾。 PUFcc是基于硬件的物理隔离所设计,提供了可靠的安全边界,使其强化有别于纯软体安全设计的弱点。PUF是天生自带保护能力的静态熵源,适合SoC架构师使用密钥生成和管理程序来构建系统的密钥层次结构。
量子穿隧PUF信任根: PUFrt
PUFsecurity 熵碼科技 PUFsecurity熵码科技于八月推出市场唯一一个高度整合多项基础安全功能的硬件信任根IP模块–PUFrt,该IP的核心技术主要整合了母公司力旺电子的量子穿隧PUF(NeoPUF)、一次性编码的内存(NeoFuse),以及高效能的真随机数生成器PUFtrng。 在一个安全SoC系统中可以分成应用层、软件层以及硬件层,其中硬件层包含硬件逻辑电路、工作内存、非挥发性内存以及加密算法引擎部分。而根据柯克霍夫原则所言,安全核心的定义是最重要的机密信息或者是密钥部分,而非加密引擎的设计,所以一个安全系统里面真正重要的,就是如何提供一个唯一能相信且绝对安全的秘密信息或密钥,并保护这个秘密信息或密钥的核心区块,就是所谓的硬件信任根。 一个硬件安全信任根必须拥有几个重要的元素,分别是完整的机密数据的读写权限管理、安全储存,真随机数生成器,芯片指纹与完整的抗攻击设计。而PUFrt 可以一次满足这些需求。 PUFrt拥有五大重点模块(如图1所示) 一、PRTC:专一的PRTC控制接口,提供完整的机敏数据读写权限控制,以及抗攻击信道的数字设计。 二、PUFuid:利用每颗芯片独一无二的「数字指纹」(PUF)生成UID,可直接作为身分识别应用于生产管理,或产生密钥来支持更多的芯片安全需求。 三、PUFtrng:透过真随机数生成器来输出密钥生成所需的随机数、来满足整个安全系统对于动态随机数的需求,以及用于保护加密算法引擎。 四、PUFkeyst:以加密OTP储存重要的密钥,保护重要数据免受物理篡改。 五、完善的抗攻击设计,其中包含对于物理性攻击或者是电性攻击等的防御。 以下针对五大模块进行更进一步的说明: 一、PRTC(圖2) 专一的PRTC控制接口,提供完整的机敏数据读写权限控制,以及抗攻击信道的数字设计,可以保护通道以及抵抗恶意读写的攻击。PRTC还提供了系统总线和功能块之间的标准接口APB以及内存映像的指令集,更提供API指令集使软件工程师可以简易使用PUFrt,从而增强了客户使用经验以及提供客户快速导入量产的优势。 二、PUFuid(图3): PUFuid是利用每颗芯片独一无二的「数字指纹」(PUF),产生独一无二的芯片密钥来支持更多的芯片安全需求,其中包括加密、身份辨识、身份验证,安全密钥生成等。PUFrt可以解决芯片设计师面临的关键问题,提供了一种简单又安全的方法,从芯片内自PUF提取随机数串,免除外部注入密钥的风险。 三、PUFtrng(图4): PUFrt透过PUFtrng真随机数产生器来输出密钥生成所需的随机数、来提供整个安全系统对于动态随机数的需求以及保护加密算法引擎。PUFtrng是真正的随机数生成器,优势在于极短的初始准备时间及超低功耗。 四、PUFkeyst(图5): PUFkeyst内含4kbit OTP,其特色是运用PUF和PUFtrng随机数双重强化OTP存储的安全性,用于保护安全功能运作中最重要的密钥或重要数据免受物理篡改。 五、抗攻击设计(图6) 完整的安全性必须要全面考虑在系统上下电期间,对于侵入式、半侵入式与非侵入式攻击的抵御能力。利基于NeoPUF无痕迹的量子穿隧物理特性,以及模块内全面的电路布局设计、访问权限控管、自动销毁/修复等设计,可以大幅提升PUFrt作为硬件信任根的可靠性。 PUFrt的技术核心环绕着NeoPUF,可以满足真正的硬件信任根的根本要求,包括理想的随机性,唯一性、稳定性和不可追溯性。详细数据如图7所示。 重要的是,NeoPUF是一个独特的MOS器件设计架构,其原理是对两个相连的MOS存储器施以高电压,利用电子在栅极氧化层中的悬键间游移产生的量子穿隧电流来运作(图8)。在高电压之下,我们无法预测该电流会随机发生在哪一个MOS存储器中,且另外一个MOS存储器将会受到抑制而不会发生隧穿现象。我们将设定两两一组的MOS各代表1和0的数值,透过多组的操作,就能生成一组随机数。除了600摄氏度以上的高温,一般的环境变化因子,例如干扰、温差和电压,皆无法改变氧化栅极中悬键的状态,因此我们可以说由NeoPUF产生的随机数列是非常可靠的。此外,由于使用NeoPUF的设备上没有储存任何电荷,因此一旦设备断电,就无法物理追踪内部的PUF值。而且发生在氧化物栅极中产生的量子隧穿通道,是没有办法利用任何仪器侦测,如图9所示,不管是SEM或者是TEM都没有办法获得任何信息。这是每片芯片与生俱来的秘密,而且每个芯片都会有完全独立的结果。 考虑芯片设计工程师的需求,PUFrt的设计易于采用及导入芯片设计。这颗新IP已通过验证,可导入28nm制程的半导体设计中。预计于不久的将来推出在55nm和40nm嵌入式闪存制程的PUFrt新版本。PUFsecurity也计划导入FinFET制程,抢攻车用和人工智能应用市场。
PUF Series 5: PUF based Root of Trust PUFrt for High-Security AI Application
Artificial intelligence will play a pivotal role in the future of information security. By combining big data, deep learning, and machine learning, AI give machines life; they can imitate human learning, replicate work behaviors, and bring new ways to operate businesses. However, AI assets are very valuable, making them the target of hackers. Once a […]
PUF Series 4: Why a True Hardware PUF is more Reliable as RooT of Trust
In the digital era, industrial product technologies, commercial know-how, and artificial intelligence (AI) assets are stored in one chip of every electronic device. This essential information has become a target for hackers seeking to violate the rights of individuals and enterprises. Consequently, the issue of chip security has become critical. From the moment a system […]
RoT: The Foundation of Security
The goal of this white paper is to provide a primer introduction to RoT and how to choose a right RoT as the trust anchor for a novel hardware based security architecture.
Build Trust in Silicon: A Myth or a Reality?
Abstract: Currently, there is a strong belief among the cyber security experts that hardware security is imperative since it is more efficient, effective, reliable and tamper-resistant than software security. As a matter of fact, providing trusted execution environment (TEE) and embedding a hardware root of trust (HRoT) as the anchor are necessary to provide a […]