Clik here to view.
Internet of Things (IoT) security, one of the biggest challenges for embedded developers, is making way for physical unclonable functions (PUFs) into microcontroller (MCU) and system-on-chip (SoC) designs. And a new design ecosystem is emerging to make PUF implementation simpler and more cost-effective.
PUF, which creates secure, unclonable identities based on manufacturing variations unique to each semiconductor chip, facilitates the essential hardware root-of-trust IP required in security implementations. A cryptographic root-of-trust forms the security foundation of modern hardware infrastructures.
Here, PUF creates random numbers on demand, so there is no need to store cryptographic keys in flash memory. That, in turn, eliminates the danger of side-channel memory attacks revealing the keys. But PUF’s technical merits aside, where does it stand as a cost-effective hardware security solution?
Below are two design case studies relating to PUF’s certification and testing. They provide anecdotal evidence of how this hardware security technology for IoT and embedded systems is gaining traction.
PUF certification
PUFsecurity, a supplier of PUF-based security solutions and a subsidiary of eMemory, has achieved Level 3 Certification from PSA for its PUF security IP, which it calls a crypto coprocessor. PSA Certified is a safety framework that tests and verifies the reliability of secure boot, secure storage, firmware update, secure boundary, and crypto engines.
PUFsecurity has teamed up with Arm to test its crypto coprocessor IP, subsequently passing the PSA Certified Level 3 RoT Component. Its PUFcc crypto coprocessor IP, incorporated into the Arm Corstone-300 IoT reference design platform, was evaluated under the Security Evaluation Standard for IoT Platforms (SESIP) profile.
Image may be NSFW.
Clik here to view.
Figure 1 The PUF security IP has been certified on Arm’s reference platform. Source: PUFsecurity
The PSA Certified framework—a globally recognized safety standard platform to ensure that the security features of IoT devices are secured during the design phase—guarantees that all connected devices are built upon a root-of-trust. “PSA Certified has become the platform of choice for our partners to swiftly meet regional cybersecurity and regulatory requirements,” said Paul Williamson, senior VP and GM for IoT Line of Business at Arm.
The evaluation, carried out by an independent laboratory, used five mandatory and five optional security functional requirements (SFRs). The mandatory requirements verify platform identity, secure platform update, physical attacker resistance, secure communication support, and secure communication enforcement.
On the other hand, the optional requirements include verification of platform instance identity, attestation of platform genuineness, cryptographic operation, cryptographic random number generation, and cryptographic key generation.
PUF testing
PUFs used in semiconductors for secure, regenerable random number generation have unique testing challenges. While PUF’s random number generation provides a basis for unique device identities and cryptographic key generation, unlike traditional random number generators (RNGs), PUFs produce a fixed-length output.
That makes existing tests inadequate for determining randomness, a fundamental requirement for a secure device root-of-trust. Crypto Quantique, a supplier of quantum-driven security solutions for IoT devices, has developed a randomness test suite tailored specifically for PUFs.
Image may be NSFW.
Clik here to view.
Figure 2 Test suite overcomes the limitations of NIST 800-22 in evaluating PUF randomness. Source: Crypto Quantique
The new test suite adapts existing tests from the NIST 800-22 suite and makes them suitable for unique PUF characteristics like spatial dependencies and limited output length. It also introduces a test to ensure the independence of PUF outputs, a vital consideration for maintaining cryptographic security by identifying correlated outputs.
In short, the test suite ensures that PUFs meet randomness requirements without excessive data demands. It does that by running tests in different data orderings to account for potential spatial correlations in PUF outputs. Therefore, by reducing the number of required bits for certain tests, the suite enables more efficient testing. It also minimizes the risk of misrepresenting PUF quality.
The availability of PUF-centric test solutions shows that the design ecosystem around this security technology is steadily taking shape. The certification of PUF IPs further affirms its standing as a reliable root-of-trust subsystem.
Related Content
- PUF up your IoT security
- How PUF Technology is Securing IoT
- Building a path through the IoT security maze
- Microcontroller with ChipDNA PUF Technology for IoT
- Hardware Root of Trust: The Key to IoT Security in Smart Homes
The post PUF security IPs bolstered by test suite, PSA certification appeared first on EDN.