On Thursday December 3rd, 2020, PUFsecurity and eMemory along with our co-organizers, The Ministry of Science and Technology, IEEE CAS, and the Program Office of Semiconductor Manufacturing and Design for AI Edge, hosted a Security on Chip Tech Forum. The event took place at the Taiwan Semiconductor Research Institute (TSRI) and was a whole day event composed of three main talks given by PUFsecurity employees. The talks were divided into three main themes: “PUF-From Circuit Implementation to Security Applications”, “Chip security requirements, functions and mechanism”, and “The composition, function, and security operation of the root-of-trust”. Around 60 guests were in attendance, ranging from engineers to sales, management-level executives, researchers, and those from academia. All were eager to learn more about the hot topic of hardware security: PUF (Physically Unclonable Function) and PUF-based security solutions and applications.
Talk 1: PUF-From Circuit Implementation to Security Application
The first lecture was given by Dr. Kent Chuang, one of PUFsecurity’s talented engineers. In his talk, he introduced several PUFs, such as the SRAM-PUF and the recently released quantum tunneling PUF (NeoPUF). The talk explains in detail the characteristics of PUFs. It also runs through several practical examples to demonstrate how to calculate min-entropy, estimate uniqueness, randomness, etc. For various PUFs CRPs, the speaker conducted an in-depth discussion and explained how PUF serves as an important security foundation in specific application areas.
Q1: When it comes to non-volatile and volatile PUFs, is one more stable and secure than the other when being attacked?
A1: Let’s use the examples of SRAM PUF as a volatile PUF and NeoPUF as a non-volatile PUF to explain. Although an NVM-PUF (NeoPUF) requires additional effort on anti-tampering techniques compared to volatile PUFs (SRAM PUF), the effort is still considered much less than what is required to keep SRAM PUFs fully stable.
Q2: If a Volatile PUF is used as a dynamic entropy, what are the advantages and disadvantages?
A2: If a Volatile PUF is used as a dynamic entropy, you must first determine whether to use the cell as a PUF or as an entropy. The procedure is more complicated and fewer people use it in that way.
Q3: How do you solve the problem of bit flips caused by frequency and voltage variations in the Oscillator PUF circuit?
A3: We usually use an Error Correcting Code (ECC) to solve it
Talk 2: Chip Security Requirements, Functions and Mechanism
The second lecture was given by PUFsecurity’s project manager, Aken Wang. He started off the talk with the importance of security and introduced common usage scenarios. The speaker then used the ten projects released by CAVP to illustrate the four “security purposes”: confidentiality, integrity, authenticity, and non-repudiation. Finally, the talk concluded with an example using the process of iOS updates. Aken’s talk has shown that security certification can be seen everywhere in life!
Q1: Why is RSA verification faster?
A1: Let’s compare it to ECC, another popular asymmetric algorithm.
RSA and ECC have different key lengths, so it is fair to compare at the same security level.
1) For security level, RSA needs longer key length to approach the same security level of ECC. For example, RSA 3072-bit equals to ECC 256-bit.
2) Algorithm Formula complexity
According to the RSA formula, Ø(N)=(p-1)(q-1)；e • d mod Ø(N) = 1；e can be a short number, d is key length (e.g. 1k/2k/3k).
According to the ECC formula, Sign=K•P, Verify= 2K•P
Therefore, RSA verification can be faster. ECC needs to perform K•P in twice.
Talk 3: The Composition, Function, and Security Operation of the Root-of-Trust
The third and last lecture features PUFsecurity’s Director of R&D, Dr. Meng-Yi Wu. Dr. Wu discusses the importance of hardware root of trust. If an end-user uses equipment that is not equipped with a complete security mechanism, it may cause property damage, leak personal information leakage, and even threaten safety. Therefore, it is important to analyze a security chip’s root of trust from the hardware level. Building off the first two lectures, Dr. Wu also introduced products equipped with the perfect security mechanisms (PUFrt, PUFiot, PUFenc). PUFrt should include three elements: UID, TRNG, secure storage. In addition to the quantum tunneling mechanism of NeoPUF (non-volatile PUF), which is not easily discovered by attackers, there is also a safe storage space to address the problems encountered by non-volatile PUFs.
Q1: What’s the difference between over-the-air and secure boot?
A1: They’re two different things. over-the-air is to take care of firmware update procedure and secure boot is to take care of secure booting in the system.
Q2: From PUFenc description, does it need to decrypt the code to system DRAM then execute the code every time?
A2: Yes, it needs to decrypt to system DRAM with the local key then execute in DRAM. We’re also analyzing a good solution to support XiP (Execute in Place) in PUFenc.
Q3: How do you protect memory by using PUF? Is it related to tRNG?
A3: Normally tRNG is nothing related to PUF, but PUFtrng is based on using PUF as a static entropy to refine PUFtrng dynamic engine. PUFtrng’s instant-ready time is around 100us which can instantly protect DRAM in the system
After the event, we were so happy with the feedback we have gotten. According to audience feedback, we received a 4.8/5 rating for the overall event. Most of the attendees found our speakers to be knowledgeable and very clear, allowing them to better their understanding of PUF. Some wanted more concrete examples and demos but overall, we received good feedback. The forum was filled with excitement and we were happy to see such a great turnout. We hope those who attended enjoyed the event and learned a lot! We look forward to hosting another event in the future with all the feedback in mind.