Intrinsic-ID, a specialist in physically unclonable function (PUF) cores, has developed software that allows the technology to be used in most systems that contain static memory together with a framework for managing secure keys in practically any supply chain.
The main PUF technology developed by Intrinsic-ID uses the power-up state of an SRAM array to produce identifiers for hardware modules that can be used to generate private keys suitable for encryption. When an SRAM cell is powered, the feedback paths inside it will settle into a stable high or low state based on the balance of natural threshold voltages that the six or so transistors in the cell possess. Manufacturing variations mean that the pattern of ones and zeros in the array is unpredictable but will be consistent over many power cycles. As a result, the pattern is reliable enough to be used to identify each device.
Most deployments of PUF up to now have relied on dedicated hardware to determine the key values. The Broadkey software developed by the company makes it possible to recover suitable identifiers from any SRAM array attached to a microprocessor, just as long as it can be powered up and read out in an uninitialized state.
Intrinsic-ID founder and CEO Pim Tuyls said in many cases it is possible to see from the data sheet whether a particular readymade microcontroller will handle the software. "Sometimes we need some help from the OEM who includes the software in their boot process. But from what we have seen so far, we have access to uninitialized SRAM in a fairly easy manner."
To prevent corruption, a key requirement is that before or while the PUF decoder software is running no other software should have access to the same part of the SRAM. Therefore, the boot software that is packaged with the PUF decoder should be fully tested and trusted for the device to have an effective root of trust.
If the boot software is secure, the PUF provides a way of generating and maintaining keys for systems such as RSA or ECC that avoid the need for secure key injection during manufacturing. This should simplify supply-chain management, particularly where most of the functions are outsourced.
"The private key will never need to leave the chip," said Tuyls. "We refer to the process a being inside-out rather than outside-in. The only thing we have to be able to guarantee is that the private key can't be changed."
Instead, the public key, which can be given to anyone, is the one sent over the network to the manufacturer or service provider and used to help identity and authenticate the device when it is in the field. Digital certificates derived from the public key and the manufacturer's own keys can be inserted into the chip's non-volatile memory for use during provisioning on the network after the device is installed.
"Then they can verify that the device has been legitimately produced and therefore can be trusted," Tuyls added. "The process can be performed at most stages in the supply chain. It could be done at the silicon manufacturer, although we see more interest from customers in moving this process away from silicon production. It can be done at a contractor, the OEM or wherever it fits you."
Intrinsic-ID will provide the software as source code for porting to the target or will take part in the implementation. The Broadkey software that goes into the device can be supplied with modules to perform the necessary key-management functions. The Citadel key-provisioning system used technology provided by GlobalSign to provide the digital certificates and is sold under a subscription model.