PUF the Magic (IoT) Dragon

PUF the Magic (IoT) Dragon
by Bill Montgomery on 12-31-2015 at 7:00 am

 Most people are familiar with Biometrics, the measurement of unique physical characteristics, such as fingerprints, and facial features, for the purpose of verifying human identity with a high level of certainty. The iris and even a person’s electrocardiogram (ECG) can be used as a secure biometric identifier.

Biometric is a key ingredient in what is commonly called three-factor authentication – something you have, something you know and something you are. For example, you have a mobile device, you know a password and biometrics is what you are.

Biometrics on its own doesn’t always ensure strong security, as Matthew Green (a very well respected and a key player in cryptography circles) discovered when his then seven-year-old son unlocked Matthew’s iPhone while he was asleep, by using his Dad’s thumb. Smart kid. I guess the apple doesn’t fall that far from the tree.

In the Internet of Things world, how will tens of billions of “things” trust each other?
In the emerging IoT world, the identity of each thing will have to be authenticated by many other things. That’s a massive challenge, but fortunately there is a way to take full advantage of each thing’s unique identifier – through the Physically Unclonable Function (PUF) technology used on microchips. PUF generates a unique identifier by exploiting random physical factors introduced in the semiconductor manufacturing process – achieving what the technology was designed to do – making it impossible to clone.

And while not originally designed to play a role in IoT, PUF technology is now positioned to become a critical component in the battle to identify and authenticate things.

In simple terms, PUF is like biometrics for chips.
PUF by itself doesn’t provide security. Rather, it makes the content stored on chips secure. To achieve ironclad security, an application layer is required – one which would allow for access and utilization of the data stored on a given chip. With the application layer in place, PUF could be used for creating and storing cryptographic keys for each thing, which could be secretly and securely exchanged with keys for other things, in a way that would eliminate the threat posed by outside hackers.

Semiconductor companies are using PUF technology and I believe that with our IBE 3.0, they hold the keys to rapid IoT growth (and they might not even know it…)

IBE 3.0 is the ideal security ingredient to harness the power of PUF.
IBE 3.0 (patented technology branded as Certificate-less Authenticated Encryption or CLAE) can capitalize on PUF’s ability to render each chip unique, by pairing said chip’s unique identifier with another controlled parameter such as time (PUF + Time) or function etc.

And, as CLAE generates a new key for each session, this can be achieved with no more certificates to trust and to manage. Think about the implications – no more key management nightmares.

With CLAE embedded at the microprocessor level, IoT product makers would be able to purchase CLAE-protected chips, allowing them to develop products that are able to securely communicate with other CLAE-enabled IoT devices, sensors and routers. They could grow their IoT presence without worrying about their offerings being compromised from a security or privacy perspective.

In my Future Shock story, I described a few different scenarios for deploying IBE 3.0/CLAE on microchips.

1. CLAE in offline mode
A light/tight version of CLAE can be configured in an ASIC designed with a tamper-resistant memory, which will allow running the Trust Centre (TC) functions at high performance levels. ASIC’s can be re-programmed after fabrication, allowing for needed upgrades post-deployment. This could be implemented using a single or multiple TCs, depending on the level of security given to a group of chips (different trust level within the same ‘thing’ – a car, for example).

2. CLAE in online mode
A master chip serves as a gateway to route, to secure and to authenticate all communication with the external TC. In this case, CLAE is implemented in standard mode (as described in our technical documentation).

3. CLAE in Hybrid mode
In this instance the TC is deployed on the master chip, allowing it to function as the internal TC which communicates with the external TC. The external TC has administrative privilege over the internal one, and CLAE is applied to securely authenticate the communication between other external and internal TC’s.

I hope this helps you to better understand the game-changing potential of IBE 3.0/CLAE when combined with PUF technology.

IBE 3.0 is patented as Certificate-less Authenticated Encryption (CLAE) by Connect in Private. While positioned as ideal for IoT, IBE 3.0 is a security ingredient that can be baked into any existing connected solution, replacing dated, broken technology.

For more information on IBE 3.0/CLAE, please connect with me.


0 Replies to “PUF the Magic (IoT) Dragon”

You must register or log in to view/post comments.