PUFsecurity’s PUFcc Helps IoT Devices Meet FIDO Device Onboard Specification

(Hsinchu Taiwan, July 28th, 2021) The FIDO (Fast Identity Online) Alliance is a global non-profit organization aiming to gather world experts to jointly develop technical standards for authentication of users and connected devices. For the trillions of connected devices worldwide, FIDO Alliance proposed a specification agreement in April of this year—FIDO Device Onboard (FDO), which defines how IoT devices are connected to the cloud simply and securely. This specification protocol uses asymmetric public and private key encryption technology and the ID of devices to achieve fast and secure access to the network.

According to Gartner’s forecast, by 2029, more than 15 billion IoT devices are used worldwide, which has created opportunities for improving efficiency and industrial innovation in all walks of life. The world’s major IC design companies are also actively investing in chip development in this field. However, the security issues of IoT products are still emerging and overlooked. The FIDO Alliance provides a standard that solves this problem, while PUFsecurity is the pioneer to propose a product — PUFcc, which uses PUF (Physical Unclonable Function) as the device ID and enables OEM/ODM to develop IoT devices that meet FDO standards.

PUFcc can assist IoT devices in complying with the security requirements within FDO protocol from Device Initialization to Transfer Ownership, which has been demonstrated and verified on FPGA.  For IC to be used in IoT devices that need to comply with the FDO standard specifications, PUFcc will bring three major benefits:

  1. The NeoPUF (Quantum-Tunneling PUF) in the PUFcc is used as the foundation of trust for deriving the ID and public/private keys required for device authentication without external key injection. On top of effectively preventing potential manipulation vulnerabilities, it also shortens and simplifies manufacturing flow for cost reduction.
  2. PUFcc provides secure OTP for storing device credentials instead of storing device credentials in external non-secure flash memory.
  3. PUFcc is built with NIST certified symmetrical and asymmetrical hardware crypto accelerator. Clients could customize the algorithm set to support all the security functions such as authentication, data encryption, integrity check, and other functions required by the FIDO Device Onboarding process and further cloud application service. Moreover, PUFcc is built with physical/digital anti-tampering designs, which can resist non-invasive side-channel attacks and invasive physical attacks (such as focused ion beam FIB attacks).

“A device with built-in chip fingerprints to generate inborn root keys and identities can realize Zero Touch Device Deployment that required by the 5G and AIoT applications, enhance the security of IoT devices, and achieve zero-trust security for cloud applications.“ PUFsecurity EVP Evans Yang mentioned.

PUFsecurity has recently joined the FIDO Alliance is also taking part in the FIDO Taiwan Regional Engagement Forum.

熵碼科技PUFcc滿足資安需求,幫助聯網裝置符合最新 FIDO標準規範

(台灣新竹, 7月28日, 2021) FIDO (Fast Identity Online) Alliance為全球指標性的非營利組織,旨在匯集全球專家共同制定開放、可擴展、可互通的技術規範,從而減少以密碼來驗證用戶身分的依賴。針對全球數以兆計的物聯網設備,FIDO聯盟於今(2021)年4月發佈FIDO Device Onboard (FDO),聚焦於物聯網設備如何簡單且安全的登錄到雲端或內部管理平台之新規格。藉由此新規格,FIDO標準將更能應對物聯網設備大規模部署的安全性、成本,以及複雜之挑戰。

根據Gartner預測,到2029年全球將有超過150億個物聯網設備(IoT Device)投入使用,這為各行各業提高效率以及產業創新增加了莫大的機會。全球各大IC設計公司也都積極投入此領域的晶片開發。然而,IoT產品上網之安全性問題卻仍層出不窮。FIDO Alliance (線上快速身分識別聯盟)提出的FDO架構(FIDO Device Onboard Specification)正是為了解決連網安全問題,而熵碼科技率先提出滿足FDO標準的產品PUFcc,以PUF (Physical Unclonable Function)作為裝置識別 (PUF-based Device ID), 是幫助物聯網設備開發製造商(OEM/ODM)打造符合FDO標準之物聯網產品的極佳方案。

PUFcc能支持FDO規範中完整連網流程所需的所有安全功能,包括從物聯網裝置的初始化 (Device Initialization)到最終裝置連網的使用權移轉 (Transfer Ownership) ,且上述功能已透過FPGA完成驗證。針對期望符合FDO標準規範的物聯網裝置,若能在晶片上導入熵碼科技所開發的PUFcc,將能帶來三大好處:

一、熵碼科技的PUFcc,結合母公司力旺電子所研發的NeoPUF (Quantum-Tunneling PUF) 晶片指紋做為晶片識別信任根基,能應用於產生裝置認證需要的 ID 與公私鑰。免去從外部注入密鑰的步驟,不僅能有效減少潛在安全漏洞、防止惡意人為操作,同時也縮短了生產流程、降低生產成本。

二、利用PUFcc內的安全OTP儲存產品機密訊息 (Device Credential),避免把機密訊息存放在晶片外較不安全的閃存記憶體(Flash)上。

三、PUFcc內建經NIST認證的對稱/非對稱式的硬體加密引擎,客戶可以依需求挑選客製化的演算法組合,以協助執行FDO和進階雲端應用服務所需的所有安全功能,例如身分驗證、數據加密、完整性檢查等功能。且PUFcc具備多項物理/數位抗攻擊設計,能抵抗旁路攻擊 (Side-Channel Attack),對於物理侵入式攻擊 (譬如聚焦離子束 FIB 攻擊),也有很好的防禦效果。

「利用晶片指紋產生原生密鑰以及ID可以實現5G、AIoT應用所需的大量零接觸元件部署 (Zero Touch Device Deployment),滿足IoT裝置安全連網,並協助雲端應用,達成零信任 (Zero Trust) 的雲端應用安全架構。」熵碼科技執行副總楊青松表示。

因應台灣市場日益成長,FIDO聯盟於今年5月宣佈成立[FIDO台灣分會],會長張心玲(神盾公司副總經理)表示:很高興熵碼科技成為FIDO國際聯盟的一份子,同時加入FIDO台灣分會團隊。因應未來大量物聯網裝置的安全需求,熵碼迅速推出符合 FIDO FDO規範的解決方案,此首發技術將有效助益FIDO與熵碼雙方,並為業者帶來更多可預見的國際商機,期許未來有更多的廠商加入FIDO台灣友善生態系。


Related Posts

Actions Technology Partners with PUFsecurity to Secure Wireless Bluetooth and IoT Applications
PUFsecurity’s Crypto Coprocessor PUFcc is PSA Certified Level 2 Ready
PUFsecurity gains Riscure accreditation for its Anti-Tamper solution, PUFrt