Generating chip secret with inborn root-of-trust
Unique identity (UID) is an identifier that is generally stored on each chip. With this UID, chips can generate an internal secret as a seed for key generation or root key and an external plaintext number for chip identification or product series number. UID can also be used as the device’s identity for authentication and authorization algorithms, which includes protection of a device or content from unauthorized access or cloning. However, UID through injection runs the risk of leaked secrets and product cloning.
PUFsecurity provides another methodology for chip UID to contain unique secrets. PUFuid will extract a NeoPUF value as the UID, which is all done inside the chip. In comparison with conventional UID generation through the key-injection process, PUFuid significantly reduces cost and eliminates the risk of secret exposure during the injection process.
Generating chip secrets with inborn root-of-trust: PUFuid
The normal process to generate a UID is called key injection, which has three major steps: enrollment, authentication and provisioning. The main goals for a UID is to uniquely identify and reliably authenticate each chip, to track a chip and to create an audit trail that establishes its origin. To keep the secret UID safe, with the key injection method, an expensive security facility and a standard set of operating procedures are required in order to perform this process.
Unlike key injection, PUFuid extracts an embedded NeoPUF value to use as the chip’s unique identity. NeoPUF’s value varies from chip to chip due to the native variations that arise during the manufacturing of chips. NeoPUF is virtually impossible to be cloned or predicted. Therefore, it can be viewed as a chip’s fingerprint. Derived from this unique fingerprint, PUFuid provides each chip with its own unique secret to protect selected data and a plaintext number UID for authentication when passed to the server. Therefore, a conversation between a server and a chip is distinct from every other chip that interacts with the server.
Due to the ideal randomness, robustness and reliability of NeoPUF, the unique identity generated by PUFuid is distinct, robust, and unclonable. Moreover, since NeoPUF is available across worldwide foundries and is compatible with regular logic CMOS processes without the need for any extra mask layers, it is very easy to adopt in a chip design.
PUFuid eliminates the drawbacks of external key injection while protecting the unique identity of each chip. With embedded NeoPUF, a UID will be generated inside each chip and will be unique from chip to chip. There is no risk of revealing the UID during the generation process.
In addition, only when the UID is needed by the system can the value be extracted. Due to the perfect reliability of NeoPUF, a unique secret is reconstructed every time, under many different circumstances. Therefore, memory for secret storage is no longer needed, which also lessens the risk of revealing a unique identity by ensuring that it cannot be stolen and cloned.
Unpredictable randomness and uniqueness for UID with 50% Hamming weight and Hamming distance
On-demand keys for on-chip secret and off-chip ID generation
Reliability of lifetime zero Bit-Error-Rate and robustness of working under different circumstances (Temp: -40~175∘C )
Compatible with a large range of normal CMOS processes (7nm~150nm), available across worldwide foundries