To store or not to store a key that is the question! Pim Tuyls Philips Corporate Technologies, Business Unit Intrinsic-ID 28 May 2008
Corporate Venturing White Box Cryptography ECRYPT 2008 2
Security & Cryptography • Is more and more important in various applications and industries ECRYPT 2008 3
Black-Box Crypto Model Assumption: E(.) Key is stored securely E K (M) M ECRYPT 2008 4
Zoo of Options for Secure Key Storage Poly Fuse Laser Fuse E - Fuse Flash EEPROM EPROM Battery Anti Fuse Backed RAM So what is the problem? ECRYPT 2008 5
The problem: Physical Attacks Physical Attacks Focused Ion Micro Probes Beam Secret Key: 001011101011 ECRYPT 2008 6
Why storing a key? Why not generating a key? 1. Do not store a key in digital form in a device 2. Generate the key only when needed 3. Delete the key ECRYPT 2008 7
Physical Unclonable Function (PUF) Physical Unclonable Function (PUF): Inherently unclonable physical structure (due to process variations) satisfying: • Easy to evaluate: Challenges-Responses • Inherently tamper evident • Inseparably bound to the object • Manufacturer not-reproducible ECRYPT 2008 8
Cryptographic Analogy of PUFs: Hard Problem Making a Random PUF Easy Making/Modeling a Specific PUF Difficult ECRYPT 2008 9
Examples of PUFs Optical PUF On chip demo Coating- Coating -PUF PUF Coating Coating - - PUF PUF passivation passivation passivation passivation IC with Coating PUF M5 M5 M5 M5 M4 M4 M4 M4 M3 M3 M3 M3 M2 M2 M2 M2 M1 M1 M1 M1 transistors transistors transistors transistors Intrinsic Identifier IC with SRAM PUF ECRYPT 2008 10
Industrialisation of S-RAM PUFs E rrors in M RA M startup values over tem perature T=-20 o C T=0 o C T= 20 o C T=40 o C T= 60 o C T=80 o C | | | | | | | 0.12 0.1 Error Fraction 0.08 0.06 0.04 0.02 0 0 5 10 15 20 25 30 Measurement Nr. Ageing test up 15 years, supply voltage variation tests were performed: stable! ECRYPT 2008 11
Key Extraction from a PUF PUF • Helper Data Algorithm Required – Error Correction – Randomness Extraction • Enrollment ECC – Creates Helper Data HD – Creates Key • Key Reconstruction – Uses helper data – Reconstructs key ECRYPT 2008 12
Storage Mechanism 1011010 1011010 1010101 1010101 Key2HD 1010 1010 Interface PUF OTP / HD2Key MTP Secret Key Algorithm ECRYPT 2008 13
Advantages • Very low cost, less area than other technologies • Compatible with semi-conductor processes • Key is not present when the device is not running • No issues with Shelf live • No additional components with life-time issues ECRYPT 2008 14
Other Applications • Prevention of Counterfeiting of Goods – IP Protection (e.g. on FPGA) • Product Metering – Prevention of overbuilding Intrinsic ID Activation OEM IP Owner Service measurement IP Activation code 100% Reporting ECRYPT 2008 15
www.intrinsic-id.com ECRYPT 2008
Recommend
More recommend