PUF update: New IP bypasses the need for ID enrollment

Security is no longer an afterthought in embedded systems, especially the connected devices serving the Internet of Things (IoT), and it’s apparent from traction that new technologies like physically unclonable function (PUF) are getting in chips spanning from microcontrollers to high-performance FPGAs. The PUF technology facilitates root-of-trust in an easy, cost-effective, and flexible manner without needing to store keys.

Figure 1 PUF exploits the variations inherent in the device to produce a unique, unclonable response from the device to a given input. Source: Secure-IC

However, while PUFs have been introduced to generate specific key numbers for a chip, it’s challenging to guarantee a low probability of identical IDs across separate chips. According to Secure-IC, a Cesson-Sévigné, France-based security solutions provider for embedded systems and connected objects, about 90% of PUF technologies cannot function independently due to their subpar performance. As a result, PUFs require an extensive enrollment phase and a rebuilding phase to improve the quality of the ID or key.

Advancements in LED Drivers for Next-Generation Automotive Exterior Lighting09.18.2023

Reducing the Production Cost of Integrated Circuits in the Integration Era09.14.2023

Democratizing Edge AI and ML with a No Code Approach09.12.2023

In short, PUFs can only serve as a reliable security source with enrollment phase for the cryptographic key construction. And enrollment phase is a costly process since each chip must be personalized on its own. It comprises four phases: lengthy measurements, characterization, helper data derivation, and eventually, helper data programming. But that’s not supportive of the efficient personalization steps required at the test stage when producing chips at scale.

Moreover, the need for enrollment leaves the door open to hackers trying to subvert the enrollment, for instance, by forcing all the bits of the key to be the same. To address the challenges related to enrollment and rebuilding phases, high costs, and concerns regarding the system’s vulnerability to attacks, Secure-IC has joined hands with hardware and software security specialist Trasna to introduce a PUF solution that does not require any enrollment phase nor a rebuilding phase.

Figure 2 The new PUF IP eliminates the need for an enrollment phase for cryptographic key construction. Source: Secure-IC

The new PUF IP can generate one or a few unique IDs or keys working straight out of the box. These unique IDs can serve as the foundation for secure booting of the chip, root-of-trust, and lifecycle management.

This development shows how PUFs are overcoming design hurdles and making headway in the IoT security realm despite being a new technology. The new PUF IP from Secure-IC, which complies with the ISO/IEC 20897 cybersecurity standard, has been integrated into Trasna’s system-on-chip (SoC) solution serving narrowband NB-IoT applications.

PUFs are being streamlined for integration into chips aiming to bolster their security credentials. Embedded World 2023 will be a good place to gauge their design progression and their place in future SoCs and chiplets.

Related Content

How PUF Technology is Securing IoTMicrocontroller with ChipDNA PUF Technology for IoTSTMicro allies with AWS, Azure to bolster IoT security offeringsSecure Thingz CEO: Implementing IoT Security Has to Be SimpleFirst PUF-based Root-of-trust IP Overcomes SRAM Stability Challenge