Company News

PUFsecurity Crypto Co-processor PUFiot Passed NIST CAVP Certification

PUFsecurity’s chip security co-processor IP, PUFiot, has passed the CAVP certification. The certified security algorithms include AES, CMAC, DRBG, key wrap, SHA2, HMAC, KDF, and ECDSA.  

This good news means that PUFiot officially qualifies under international security standards to further meet the security needs of various application scenarios; a guarantee for chips and systems that use PUFiot.  

The Cryptographic Algorithm Validation Program (CAVP) is established by the National Institute of Standards and Technology (NIST) for technical verification. Results are published by the verification unit on the NIST official website.   

NIST developed over 1300 standard reference specifications for industry, academia, government, and other institutions. Their purpose is to “Promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.”  

The rapid increase of AI and IoT applications is driving the demand for self-driving technology and 5G networks. Because of this, what companies need to pay attention to when choosing security solutions is whether they comply with international safety standards and regulations for different application scenarios. 

The CAVP-certified PUFiot provides the following features: 

  1. Secure boundary for security operation, secure storage, and anti-tampering protection of confidential information. 
  1. A basis for inborn unique ID or secret keys generated in hardware chips using the high-security PUF  
  1. Anti-tampering secure storage OTP function for keys and sensitive information using PUF 
  1. Analog/digital tamper-proof protection mechanism 
  1. Balanced performance and area ratio 
  1. Flexible cryptographic algorithm configuration 
  1. Correct and valid cryptographic algorithms that have passed CAVP  
  1. Support for APB/AXI4 and any other AMBA interfaces and built-in direct memory access (DMA) unit 

In addition to the security algorithm passing the CAVP certification, current ongoing processes also include the PSA Lv2 and the certifications for the design of anti-physical attack which are established by the new-generation security standard PSA (Platform Security Architecture)  

The PSA certification mainly provides a security framework and a multi-level evaluation scheme. The certification covers the security software of connected device and uses the root of trust as the basis of hardware trust.  

We appointed Riscure to conduct product vulnerability analysis (Vulnerability Analysis) for our tamper proof design. This analysis ensures that the product design can resist physical attacks and help customers protect confidential information. 

By combining the CAVP-certified security algorithm, PSA chip security architecture, and anti-tampering design, PUFsecurity’s solutions will help chips and devices with high-security operation protection in different application scenarios. 


熵碼科技晶片安全處理器PUFiot通過NIST CAVP驗證 

本次熵碼科技晶片安全處理器IP–PUFiot送驗通過CAVP的安全演算法包含:AES、CMAC、DRBG、key wrap、SHA2、HMAC、KDF和ECDSA。 

CAVP驗證通過意味著PUFiot能夠符合國際安全標準進一步滿足各種應用場景下的安全需求,對使用PUFiot矽智財的晶片與系統使用者來說是一大安心保障。 

Cryptographic Algorithm Validation Program (CAVP)是美國國家標準暨技術研究院(NIST)密碼演算法認證計畫與技術驗證,並由審驗單位在NIST官網上公開發布驗證結果。 

NIST為產業界、學術界、政府及其他用戶提供了超過1300種標準參考規範。其宗旨是”Promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.” 

隨著AI與IoT的應用激增,帶動車輛自駕技術與5G高速行動網絡的需求,企業在選擇相應的安全解決方案時,需要留意的是各家解決方案在不同應用場景下的軟硬體安全是否符合安全相關國際標準認證與規範。 

本次通過CAVP的安全演算法驗證的PUFiot提供以下特色與功能: 

  1. 安全邊界(Secure boundary)提供安全運行、安全存儲與機密訊息防篡改保護 
  1. 運用高安全性的PUF(Physical Unclonable Function)提供硬體晶片自生安全識別碼(unique ID)或密鑰的基礎 
  1. 運用PUF達成密鑰/敏感訊息的anti-tampering安全存儲(Secure Storage OTP)功能 
  1. 類比/數位防篡改保護機制 
  1. 均衡的性能與面積比 
  1. 彈性的密碼算法配置 
  1. 密碼算法均通過CAVP驗證算法正確性與有效性 
  1. 支持APB/AXI4等介面並內置記憶體直接存取(DMA) 

除了安全演算法通過CAVP認證之外,目前進行中的認證計劃還包含基於物聯網裝置安全為主的新一代安全標準PSA (platform security architecture)所提供PSA Lv2 的驗證計劃以及抗攻擊設計的認證。 

PSA認證主要提供一個安全框架和多級評估方案,該認證涵蓋由連接設備的安全軟體驅動,並以信任根為硬體信任功能。  

抗攻擊設計認證則委託Riscure進行產品漏洞分析檢測(Vulnerability Analysis),以確保產品抗攻擊設計能抵抗惡意攻擊,幫助客戶保護機密資訊。 

結合CAVP認證過的安全演算法、PSA晶片安全架構、抗物理攻擊設計 (anti-tampering),熵碼科技的安全解決方案將在不同應用場景幫助客戶產品提供高安全性的運作與防護機制。  

Leave a Reply

%d bloggers like this: