Unique device identities are at the core of all computer security systems. Just as important is that each unique identity cannot be copied, because once copied they can be used illegitimately. Unique device IDs are used to ensure that communications are directed to the correct device. And they also provide the ability to encrypt communication – an essential component for security of data in motion. Any device with a programmable ID can be cloned. The only way to limit this is to perform the programming as soon after fabrication as possible. However, programmable IDs still leave open a window of opportunity for misuse and add extra steps to the manufacturing process.
The number of IoT devices is expected to proliferate to nearly 50 billion by 2020. Each one needs security, most likely provided by an on-chip identifier. What if each device could contain a unique ID automatically, right at the point of manufacture, that could be used as the basis of a security system? This is the premise behind a Physical Unclonable Function (PUF).
As we know, there are minute variations in silicon chips due to manufacturing processes. Intrinsic ID, a software and hardware IP provider, has examined the wide range of techniques available to capture a repeatable yet unique ID from ICs. Eschewing methods that required analog circuity, the addition of special layers or the use of special processes, they settled on SRAM bit cell initialization states. Practically every IoT chip has SRAM and an embedded processor. Every SRAM bit cell will initialize to a 1 or a 0 depending on the precise threshold voltages of its transistors. It’s worth noting that some bit cells will fall within a range where the initialization state is not predictable, but there are methods to avoid or correct for these specific cells.
When the chip is powered off there is no trace of the unique ID left by a range of SRAM cells (volatile memory); as well, the unique ID is generated on demand and never stored. To date, analysis by security labs and customers have not been able to reveal any weaknesses in their system. Through a process called enrollment a PUF key is generated. This is used to create a public and private key for data exchange with external systems.
Small blocks of SRAM can be used to create 128-bit or 256-bit keys. Intrinsic ID has performed reliability testing over a wide range of conditions and also has done aging analysis to guarantee a lifespan of 25 years. Intrinsic ID’s PUF has been qualified for automotive, industrial and military uses through their work with customers and partners. Just as importantly, this IP’s unique operational invariance across technology nodes and fabs makes designer’s jobs easier.
The SRAM-based PUF from Intrinsic ID can be implemented with a small uninitialized SRAM block on chip and either an RTL IP block or embedded code that runs on chip; both approaches would need to have a proper security perimeter implemented. Intrinsic ID’s solution has gained excellent traction through a number of their customers and partners. Invensense created their TrustedSensor concept using this PUF. NXP offers SRAM PUF in its LPC and i.MX platforms for secure microcontrollers. Synopsys Designware uses SRAM PUF in their ARC EM Architecture for ultralow power embedded processors. Intel, Microchip, Renesas and Samsung also offer products that utilize SRAM PUF.
Intrinsic ID has written a white paper that is available on their website that goes into greater detail on the technology of their SRAM PUF. Unique unclonable keys are an absolute necessity for the profitable proliferation of the IoT. With this technology, devices used for personal or commercial applications are secure from hacking and data interception. It is easy to implement SRAM PUF without the need for special processes or dependence on analog IP. In closing I’ll say it’s nice to finally write an article about how process variation can serve a beneficial purpose.Share this post via: