Rambus

At Rambus, we create cutting-edge semiconductor and IP products, spanning memory and interfaces to security, smart sensors and lighting.

Home > Blogs > Root of Trust > Ask the Experts: PUF-based Security
 Back to Blog

Ask the Experts: PUF-based Security

by Leave a Comment

On this episode of Ask the Experts, we had the opportunity to chat with BongHo Kang, Chief Technology Officer at ICTK, about the state of electronic security and the importance of hardware-level protection to counter increasingly sophisticated threats. Specifically, he discussed how a PUF and Root of Trust solution provides excellent protection against cryptographic and side-channel attacks.

What is a PUF?

A PUF, or physically unclonable function, is a hardware-based security feature that uses unique physical characteristics of a semiconductor to create a kind of fingerprint for the chip. These characteristics come from tiny variants in the manufacturing process that can almost not be copied even if the same design is used. This makes PUF technology extremely secure because they are nearly impossible to clone or tampered with.

The main job of a PUF is to generate secure, unique cryptographic keys without needing to store them permanently. Instead, the keys are created on the spot when needed, which makes it much harder for attackers to access or steal them. This is why PUF technology is widely used in applications like device authentication, data encryption, and secure communication.

PUF plus Root of Trust

PUF technology can be the foundation for a Root of Trust. A Root of Trust is a core building block of security. It is a trusted component that ensures all other parts of the system operate securely. By embedding PUF technology into chips, one can ensure that cryptographic keys and the authentication processes are both unique and resistant to cloning or hacking. For example, ICTK’s Via PUF technology directly integrates with a Root of Trust instantiated in hardware. This enables secure device authentication, encryption, and even protection against both today’s threats and emerging ones like cryptographically-capable quantum computers.

What is a Via PUF?

A Via PUF uses passive via structures instantiated in the chip. These passive components are highly resistant to external factors such as noise, aging, and environmental changes which makes Via PUF far more stable and reliable compared to other PUF technologies.

In contrast to PUF technologies that rely on complex error correction mechanisms to ensure stable outputs, a Via PUF minimizes the need for such processes thanks to its robust architecture. ICTK applies advanced techniques to optimize performance further while significantly reducing unnecessary complexity.

Another major strength of Via PUF is that it has been proven in real-world applications. ICTK has manufactured and distributed over 15 million Via PUF based chips, showcasing not only the technological excellence of the solution, but also its reliability in diverse environments.

Via PUF Design Considerations

From an engineering perspective, implementing a Via PUF involves several key considerations that makes the implementation practical and secure. Via PUF offers unique advantages and requires some additional attention:

Process node selection and validation. Via PUF has been successfully implemented and validated on specific process nodes. For these validated nodes, no additional testing is required, making it easy and faster to integrate into products.

Post-processing for enhanced security. Although Via PUF is stable itself, applying additional post-processing mechanisms can help further strengthen security techniques to ensure the PUF outputs meet the highest entropy and the security for cryptographic applications.

Cryptographic design considerations. When implementing Via PUF, it is essential to consider how it will be used in the final applications. For example, determining how the PUF will support cryptographic functions like encryption and the authentication or how many key derivation functions will be needed. It should be planned during the design phase. This ensures the implementation aligns with the security needs of application.

Protection against non-invasive attacks. As cryptographic systems face increasing threats from non-invasive attacks like differential power analysis (DPA), engineers must implement additional countermeasures. While Via PUF itself is highly resistant to invasive attacks, cryptographic algorithms that use the PUF generated key require extra layers of protection.

Why It Matters

The modern threat environment is increasingly alarming, especially with the sheer number of connected devices that play a role in our daily lives. These connected devices, while convenient, can also pose significant risks. For instance, there have been cases where a simple walkie-talkie was turned into a bomb, illustrating that even IoT devices could potentially be weaponized against us. This highlights the critical importance of device authentication and the component verification to ensure every part of a device is trustworthy.

Watch the full video interview below or skip down the page to read the key takeaways.

Expert

BongHo Kang, Chief Technology Officer, ICTK

Key Takeaways

    1. PUF Enhances Security
      PUF technology leverages unique physical variations in semiconductor manufacturing to create cryptographic fingerprints, making it nearly impossible to clone or tamper with. It enables the generation of secure cryptographic keys without the need for permanent storage, strengthening device authentication, data encryption, and secure communication.
    2. ICTK Via PUF Stands Out for Stability and Reliability
      Unlike other PUF solutions, the ICTK Via PUF uses passive Via structures, which are highly resistant to noise, aging, and environmental changes. This reduces the need for complex error correction, making it more stable and easier to integrate into various applications, including IoT, cloud security, and mobile networks.
    3. Key Design Considerations for Implementing Via PUF
      Engineers must consider four critical aspects when designing with Via PUF:

      • Process Node Selection: Via PUF is already validated on many specific nodes, simplifying integration.
      • Post-Processing for Security: Techniques like pre-selection and entropy enhancement improve security.
      • Cryptographic Design: Proper planning ensures alignment with encryption and authentication needs.
      • Protection Against Non-Invasive Attacks: Additional countermeasures like power balancing and masking help defend against differential power analysis and other attack vectors.
    4. The Growing Need for Hardware-Based Security
      The increasing threat landscape, including IoT vulnerabilities and supply chain risks, has driven a shift from software-based to hardware-based security. A strong Root of Trust, building on PUF technology, ensures the authenticity and integrity of devices, making them resistant to emerging cyber threats, including quantum computing.
    5. PUF is a Critical Component in the Future of Secure Electronics
      With the rise of connected devices and evolving cyber threats, PUF technology plays a crucial role in securing supply chains, preventing counterfeits, and enabling trusted device authentication. It provides a robust foundation for encryption, authentication, and secure operations in modern digital systems.

Key Quote

“Companies like Rambus have developed some of the most respected silicon IP for Root of Trust globally, setting the standard in the field. Enhancing and maintaining the strengths of this Root of Trust relies on advanced technologies like PUF. PUF technology plays a critical role in creating a chain of trust, allowing a connected device to defend against hacking attempts by securing and storing cryptographic keys or generating keys for secure communication. In this way, PUF technology helps build the strongest possible security architecture.”

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Rambus logo