Quantum-tunneling PUF based hardware root-of-trust IP integrates unique ID, random number generation and key storage...
The use of physically unclonable function (PUF) technology for Internet of things (IoT) device security is not new — there are plenty of companies offering-PUF-based security to overcome the limitation of conventional secure key storage. But many of the current solutions are based on SRAM PUF, which produces results that can vary with changes in environmental conditions.
Looking for a PUF technique that renders more consistent results, Taiwanese-based PUFsecurity (a subsidiary of eMemory Technology) introduced what it said is the first quantum-tunneling PUF-based root-of-trust IP (intellectual property). The year-old company calls it PUFrt.
The company said PUFrt helps improve product-identity management by creating unique IDs. For key generation, which is crucial for coding and decoding sensitive data, PUFrt does this by outputting true random numbers. Furthermore, PUFrt also securely protects keys from physical tampering in the embedded secure OTP.
Speaking to EE Times, president of PUFsecurity, Charles Hsu, said, “We are first in the market to use the quantum tunneling mechanism to create this PUF. The benefit of using quantum tunneling is to create a very stable PUF and untraceable. The IP creates secret numbers, so you don’t want it to be visible or be traceable, and it has to be very unique, and also very stable. By using quantum tunneling, it makes the PUF very stable and untraceable.”
We asked what makes this different to other PUF-based security available from some of the other chip players. He responded, “Of course before this PUF there were other PUFs, in fact it’s been around for 10 years. The problem is that the SRAM PUF [that they typically utilize] has a vulnerability every time you turn on and turn off the power; the number on the SRAM PUF will change, so they have to do a lot of pre-processing and post-processing to take care of the stability and reliability of this PUF.”
SRAM PUF can be affected by factors like the degree of mismatch between MOSFET pairs on constant power up and power down, and in variations in ambient conditions such as temperature, noise, voltage and interference, the company said.
“So, the new thing in this PUF root-of-trust is that we use the quantum tunneling PUF, and integrate this with the OTP (one-time-programmable) and then we also build the circuit design to use this as a seed to create random number generation. So the PUFrt’s function is to provide the ID, provide the key storage in the OTP, and also provide the true random number generation. This is a ‘three in one’, which is quite unique in the market.”
“Most companies today use a random number generator and store the key in the eFuse or the OTP, and they may not use PUF. Or some companies just inject the key into their chip, and then they store in the eFuse or OTP. But if you store it in the eFuse, it’s not safe. Because if you do the reverse engineering, you will see the mark on the eFuse. If they use an OTP, although OTP is invisible, the key is injected by the operator, so you need to ensure the operator is working in a secure environment, that’s not safe also.”
“But if you have PUF, you can use the PUF to generate a key, and the PUF can entangle the injected key in the storage. By doing this the operator doesn’t know the key or the PUF numbers.”
He added, “PUFsecurity has extended and advanced the strength of eMemory’s NeoPUF and OTP. The new PUFrt IP is a product that chip designers can easily incorporate into their design. PUFsecurity and its parent company eMemory will provide complete service to clients by leveraging the technology and design strengths of both parties. “
A physical unclonable function (PUF) provides a “digital fingerprint” that can serve as a unique identifier for a chip, as well as other security purposes, including encryption, identification, authentication, security key generation.
At the heart of NeoPUF is inherent feature enabled by the random variations of gate oxide quality. The micro-difference of the gate oxide can be amplified by applying a high field to cause the defect (dangling bond) generation and resulting in the difference of the quantum tunneling currents. The set of random numbers generated by this technology is very reliable since the dangling bonds cannot be annealed except at temperatures exceeding 600 degrees Celsius. In other words, environmental variations such as noise, temperature and voltage will not affect NeoPUF. It can also be widely applied to different technology platforms. Furthermore, since no charges are stored on a device using NeoPUF, once the power is off, the PUF derived from this technique cannot be physically traced.
The new IP is validated for design in semiconductors made with a 28nm process technology. New versions of PUFrt in 55nm and 40nm embedded flash processes are expected in the near future. PUFsecurity also plans to implement PUFrt in a FinFET process for automotive and artificial intelligence (AI) applications.
PUFSecurity said it already has two customers using PUFrt in products, and another 10 are evaluating the IP through its IPGO program. The evaluations are from companies based in the U.S., China and Taiwan, in areas such as AI, IoT, microcontrollers and FPGAs.