By: John Chou
In the 19th century, Netherland’s cryptographer, Auguste Kerckhoff, created Kerckhoffs’s principle, stating that “A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.” The most crucial element in chip security is the Root Key or Hardware Unique Key (HUK). The key is the starting point not only for protecting each chip but also the chain of trust that encompasses the entire system and associated services. Therefore, key generation, along with its storage and usage, must be well considered from the beginning of the design.
With the invention of Physical Unclonable Functions (PUF), we can now create a unique, inborn, unclonable key at the hardware level. The natural follow-up question to this is, “but how do we protect this key?” It is like storing your key to secrets in a drawer, a surefire way to break the secure boundary and create vulnerabilities. Security is only as strong as the weakest link, and in most cases, the weakest link is insecure key storage in eFuse. Insecure storage immediately compromises the whole system’s security, regardless of the sophistication of the key itself.
Furthermore, we know users can update the software after production, but hardware cannot be. Therefore, it is very crucial to deploy appropriate hardware security at the beginning. PUFrt, an integration of PUF and anti-fuse-based secure One-Time Programmable (OTP) memory, provides proper hardware security at the manufacturing stage. It delivers an unclonable key and secure OTP storage with complete anti-tamper designs.
↓↓↓ 5-minute video for a quick digest of this article (English voice-over + Chinese subtitles)↓↓↓