PUF Technology Protects Against Invasive Attacks
January 11, 2018
|By: Christine Young
Blogger, Maxim Integrated
Disastrous, large-scale network attacks often start on a much smaller scale. A connected camera gets hacked, for example, allowing cybercriminals an entry into the larger network. This is what happened when the Mirai malware struck in 2016. Mirai turned connected devices into remotely controlled bots that were used in distributed denial of service (DDoS) attacks that brought down a number of popular websites.
It’s clear that there are vulnerabilities in internet of things (IoT) devices. Industry experts point out that hundreds of millions of internet-connected devices could come under attack. At the same time, security measures are lagging. Why?
Many designers believe that security is expensive, time-consuming, and complicated to implement. These are dangerous myths that can lead to lasting damage should an inadequately protected device lead to a breach that mars brand reputation or consumer trust, or causes revenue loss or personal harm.
Designers can select from various approaches to safeguard their products. Software encryption is deemed to be cost-effective and relatively easy to implement and update. However, software security is also easy to modify, and malware can infiltrate or penetrate the software. Hardware-based security is considered to be a more effective option. Hardware security makes a system difficult to hack because it’s hard to alter the physical layer, and secure ICs with a root of trust cannot be modified. Startup code stored in the secure microcontroller’s ROM, the root of trust provides trusted software that can be used to verify and authenticate an application’s software signature. By implementing a hardware-based root of trust from the bottom up, designers can basically close off more potential entry points into their design.
How PUF Circuitry Impedes Attacks
Now, there's an even more robust hardware security option: sub-$1 secure authenticators with a physically unclonable function (PUF). Often, when hardware attacks are successful, it's because of a weak level of randomness. A PUF circuit is implemented using the random electrical properties of IC devices. It produces a unique and repeatable root cryptographic key for each IC. No two chips are the same. If someone tries to probe a PUF-based device, the attack itself actually causes the electrical characteristics of the PUF circuit to change, which further impedes this type of invasive attack.
Maxim's first PUF offering is its DS28E38 DeepCover® secure authenticator with ChipDNA™ technology. Taking advantage of deep sub-micron process variations, ChipDNA technology establishes a unique, robust cryptographic key for each IC. The key is generated only when needed, and it is not stored. Designing with the DS28E38 requires no cryptography expertise, programming, or special fabrication steps.
"Hardware security—this is really the way to implement security," says Scott Jones, managing director of embedded security at Maxim. "Our next-generation PUF circuit is the ultimate in terms of a hardware anchor."
New White Paper for a Deeper Dive Into PUF
An independently conducted reverse-engineering examination of the DS28E38 by MicroNet Solutions determined that the circuit is "highly effective and resistant against physical reverse-engineering attacks." In its report, MicroNet described the IC as an "ideal PUF generating circuit" based on the randomness of its key generation. The security analysis firm also noted that the circuit is designed in such a way that makes "physical attacks impossible given the extreme sensitivity of these circuits to leakage currents, or capacitive loading."
Get a closer look at how ChipDNA technology protects against invasive attacks by reading Jones’s white paper, "How Unclonable Turnkey Embedded Security Protects Designs from the Ground Up."
The DS28E38 secure authenticator features crypto-strong authentication secured with a physically unclonable function.