IoT Security - Zign X00 Series of Software Products

The number of connected devices, machines, sensors, or simply things are linked with each other over open communication networks on the internet of things (IoT) has exploded. Processes are remotely monitored through networks of smart devices. And every device represents a potential entry point for malicious intrusion – into the device itself, or the network to which it’s connected.

Root-of-trust (RoT) technology is becoming a requirement for securing connected devices, their data, and, by extension, the entire infrastructure with which they communicate. But, RoT technology shouldn’t be limited to hardware design, confining IoT developers to functions programmed at manufacture. The Intrinsic ID Zign® X00 embedded software solutions democratize RoT technology by uncoupling it from silicon fabrication, ensuring it can be accessed, understood, and implemented by IoT application developers at scale.

Instruction Set Architecture (ISA) Support

Security Based on SRAM PUF

The Zign X00 series of products use the inherently random start-up values of SRAM as a PUF from which a device-unique identity and root key is generated. The root key is never stored and is only available (in volatile memory) when needed. This means the key is never present in persistent memory – even when the chip is powered down – which raises the security significantly and eliminates the need for OTP or other secure memory.

A potentially unlimited number of keys can be derived from the root key by using the NIST-compliant key-derivation function. Zign also offers random values, generated by a NIST 800-90A/B-compliant random number generator. All Zign features are accessed by the host software via the API.

Zign 100

The Intrinsic ID Zign 100 API enables IoT developers to generate unique device identities, secure cryptographic keys, and random values. It enables easy and collision-free identification of billions of devices from various vendors. Zign 100 can also be integrated as a hardware-based trust anchor for Mbed TLS, OpenSSL, wolfSSL, and other libraries, extending the chain of trust beyond just a single device.

Zign 200

Zign 200 is a secure key generation, management, and storage solution for any IoT device. Zign 200 offers functions to wrap and manage secret keys and encrypt data which then can be stored in unprotected memory or can be securely transmitted over the network.

Zign 200 also offers random values, generated by a NIST 800-90A/B-compliant random number generator and a collision-free unique device identity.

Zign 300

To solve security problems in IoT systems, such as authentication, product lifecycle management, reverse engineering and cloning, every device needs an unclonable identity. This consists of a secret key, a public key and a certificate.

The biggest challenge is to get these credentials into the device and keep the secret key secret. This can be achieved by using Zign 300. Zign 300 offers the strongest protection of the device secret key and the strongest
authentication via unclonable identities.

Zign 300 offers all the features of Zign 200. In addition, Zign 300 offers asymmetric cryptography: public key crypto functions such as ECDSA sign and verify, and ECDH shared secret. PKI elements, such as ECIES and certificate signing request (CSR) are optional.

Operating Ranges

SRAM PUF responses have been qualified for use with the Zign X00 series in a wide range of operational environments, over years of field operation:

• All major fabs from 0.35 μm to 5 nm
• Temperature range from -55°C to 150°C [-67°F to 300°F]
• Voltage supply variation +/- 20%
• Lifetime > 25 years