See If You Can Steal These Keys
September 03, 2019
September 03, 2019
|By: Ben Smith
Principal Member of the Technical Staff, Applications, Maxim Integrated
When Maxim’s Embedded Security group asked me to create a 30-second video explaining their new ChipDNA™ physically unclonable function (PUF) technology, I have to admit, I was caught on my back foot just a little. Not because ChipDNA isn’t important – it is, and will become increasingly important as security becomes more critical in the coming years.
No, the problem was this: how do you tell a story that deserves a long, detailed, lean-back-in-your-chair-with-your-favorite-beverage explainer in just 30 seconds? Here’s why the job was such a challenge.
Most cyber attacks don’t attack the underlying cryptographic algorithms – they’re just too strong. The brightest minds in cryptography haven’t been able to make more than the lightest dents in, for example, the Advanced Encryption System (AES), a widely used encryption technique. It’s extremely unlikely that your average script kiddie working from Mom’s basement is going to actually break AES.
No, it’s much more fruitful to go after the keys. The keys are the secret elements that protect your data. Apply your data and the secret key to an algorithm like AES and the result is a scrambled version of your data that can only be recovered using that same secret key. It’s easy to see why protecting that key is critical.
But protecting the key turns out to be a hard problem. Think about it: if you use a secret key to protect software updates for a million IoT devices out on the public internet, every device has to have a copy of that secret key. That’s a million attack points where an adversary can attempt to extract your secret key. And that adversary only has to succeed once: break one device, and your entire software update system is compromised.
That’s where ChipDNA comes in. With ChipDNA you can create something like a key locker in every device where you can safely store your secret keys. The key to the key locker never exists outside the chip – it’s created on the chip from physical characteristics of the chip itself. Since no two chips have exactly the same physical characteristics, no two chips have the same key to the key locker.
Now here’s the cool part: the key to the key locker is only created when it’s needed, it’s never readable by software, and as soon as the system is finished with it, it’s destroyed. An attacker trying to find the key by probing the die or trying to debug the code won’t find it because it’s not there! It takes just microseconds to create the key, open the key locker, decrypt the necessary secret keys, use them, then destroy the keys. Figuring out exactly when and where to look is virtually impossible.
Worse, once an attacker begins physically probing the die, they change the physical characteristics of the chip. That means the chip can no longer unlock the key locker. The mechanism that creates the key to the key locker has been compromised, so the contents of the key locker can no longer be decrypted. The secrets are safe.
How do you tell that story in 30 seconds?