Enlisting Entropy to Generate Secure SoC Root Keys

Most methods of securing SOCs involve storing a root key that provides the basis of all derived keys and encryption of communication. The weakness with these methods is that even if the root key is stored in secure non-volatile memory, there are often methods to read the key. Once a key has been divulged the device can be cloned and its security is compromised. With long and complex supply chains there is a likelihood that physical devices may come within reach of attackers. With physical access, made easy through supply chains or remote deployment, such as is often the case with IoT devices, keys stored in eFuses, Flash EEPROM or even OTP NVM can be detected.

Taking Advantage of Variation

It turns out that designers can enlist the help of silicon physical properties that frequently cause annoyance to help solve this problem. Usually entropy is the enemy of chip designers because it can lead to variations of chip operation affecting performance and yield. However, Intrinsic ID utilizes the unavoidable small variations that occur during manufacturing to create unique and secure root keys. As any chip designer knows before memories are initialized their value is unknown. Small variations among the devices in an SRAM cell can lead to either a 1 or 0 state at power on. These unique variations are consistent enough that they give a cell a high probability of entering the same state consistently. So, like a fingerprint on your hand there is a repeatable but unique pattern that can be read. This behavior can be used to create what is called a Physically Unclonable Function (PUF).

Intrinsic ID uses the initial values of a region of SRAM in combination with algorithms that account for any inconsistencies in the result to generate a root key on the fly for use by the root of trust. Derived keys can be created from this root key as well. To facilitate the generation of the root key, the enrollment process generates helper data that get stored locally. This helper data cannot be used to reverse engineer the root key, so even if it is read out, the root key is still secure.

Flexible Implementation

Intrinsic ID offers three methods to take advantage of PUF-based secure key storage. For SOCs their QuiddiKey hardware IP can be used in conjunction with their software driver. All that is needed is standard SRAM, no new mask layers or special processes. Their hardware and drivers contain attack countermeasures. It is standards compliant and NIST CAVP certified. For reliability they use advanced error correction that guarantees operation from -55˚C to +155˚C. There is even anti-aging to ensure consistency over a long useful life and support for multiple derived keys that are also secure.

For FPGA based designs they offer their Apollo product that includes RTL for the FPGA fabric and software drivers that support all the necessary functionality. If the system is implemented in a MCU based system, the on-chip SRAM can be used with the key generation taking place in software. Their BK software suite is used for this application. Regardless of which implementation is used, the root key is never stored in non-volatile memory. The key never leaves the security sub-system and the only data that is stored is public.

High Security and Convenience

Intrinsic ID’s solution offers many advantages. Along with extremely high security, it is low cost because it can be used on any conventional process. It comes with random number generation (RNG) that is hardware based and is accessible through their certified software driver. The PUF enabled products have been certified by EMVCo, CC, EAL6+, PSA, ioXt and Global Platform. With 300 million ICs already using this technology in areas such as G&D, banking and IoT, they have plenty of experience with meeting customer needs for security. More information is available at www.intrinsic-id.com/products.

Also Read:

Using PUFs for Random Number Generation

Using PUFs for Random Number Generation

Webinar: How to Protect Sensitive Data with Silicon Fingerprints