Guest blog from Christine Young
If you’re been following the actions of Arm, we are marching toward one trillion connected devices in the coming years. Yet, many industry experts have noted that hundreds of millions of internet-connected devices could come under attack. Why are security measures falling behind?
Many designers believe some dangerous myths about implementing security—that it’s expensive, time-consuming, and complicated. But what about the costs stemming from a security breach. Sullied brand reputation, lost consumer trust, a revenue hit or, worse, personal harm, are all on the table.
There are various methodologies that design engineers can employ to protect their products. Software encryption is considered to be cost-effective and relatively easy to implement and update. However, software security is also easy to modify, and malware can infiltrate or penetrate the software. Hardware-based security is really the more effective option. Hardware security makes a system difficult to hack because it’s hard to alter the physical layer, and secure ICs with a root of trust cannot be modified. The root of trust, startup code stored in the secure microcontroller’s ROM, is essentially trusted software that can be used to verify and authenticate an application’s software signature. By implementing a hardware-based root of trust from the bottom up, designers can basically block off more potential entry points into their design.
Physically Unclonable Function: A More Robust Approach
Now, there’s an even more robust hardware security option: sub-$1 secure authenticators with a physically unclonable function (PUF). When hardware attacks are successful, the cause is often a weak level of randomness. A PUF circuit is implemented using the random electrical properties of IC devices. It produces a unique and repeatable root cryptographic key for each IC, and no two chips are alike. Should a cybercriminal attempt to probe a PUF-based device, the attack itself actually changes the electrical characteristics of the PUF circuit, further impeding this type of invasive attack.
Maxim’s first PUF offering is its DS28E38 DeepCover® secure authenticator with ChipDNA™ technology. Making use of deep sub-micron process variations, ChipDNA technology establishes a unique, robust cryptographic key for each IC. The key is generated only when needed, and it is never stored. Designers who want to use the DS28E38 don’t have to have cryptography expertise, nor do they need to employ any programming or special fabrication steps.
“Hardware security—this is really the way to implement security,” says Scott Jones, managing director of embedded security at Maxim. “Our next-generation PUF circuit is the ultimate in terms of a hardware anchor.”
White Paper Details How PUF Circuitry Works
MicroNet Solutions, which specializes in reverse-engineering of complex circuits, recently completely an independent examination of the DS28E38. The company determined that the circuit is “highly effective and resistant against physical reverse-engineering attacks.” In its report, MicroNet described the IC as an “ideal PUF generating circuit” based on the randomness of its key generation. The security analysis firm also noted that the circuit is designed in such a way that makes “physical attacks impossible given the extreme sensitivity of these circuits to leakage currents, or capacitive loading.”
Learn more about how ChipDNA technology protects against invasive attacks by reading Jones’s white paper, “How Unclonable Turnkey Embedded Security Protects Designs from the Ground Up.”
Christine Young is a technology writer at Maxim Integrated, where she covers a variety of technical topics in articles, papers, and on Maxim’s mgineer blog. She began her career as a journalist and has since built an extensive history working in the semiconductor industry.