Q&A with Pim Tuyls, Chief Executive Officer, Intrinsic ID |
Upon his return from the recent ARM Partners Summit, Intrinsic ID CEO Pim Tuyls discussed one of the questions that came up, and why he really enjoys answering it.
Q: Pim, Intrinsic ID’s SRAM PUF IP has been ported on various ARM cores and so you attended the ARM Partners Summit in England last week. What topics came up?
Pim: It was a great opportunity to catch up with people from ARM and their partners. During one conversation on Internet of Things security I was asked about the reliability of different approaches to securing IoT devices, and of course the conversation turned to the reliability of SRAM PUF-based security.
Q: You say “of course” as if that wasn’t a surprise.
Pim: It definitely was not the first time I’ve been asked the question. It’s an important topic – understandably – and one I am always happy to discuss for a very simple reason: SRAM PUF is proven reliable.
Q: Let’s back up a second. Why are you even asked about SRAM PUF reliability?
Pim: For a few reasons. First, the main prompt stems from the fact that PUF in general is, in some ways, still a new technology. It uses silicon in a way that was not originally envisioned. So this raises questions among some of the technologists in semiconductor companies who aren’t familiar with it. It’s really a matter of education.
Second, what is not well known is that anti-aging mechanisms exist for SRAM PUF – unlike other forms of PUF. And extensive testing has shown SRAM PUF to be reliable, much more reliable than the SRAM itself.
Third, our SRAM PUF in some ways suffers from guilt by association. Other PUF techniques have been shown to be flawed. And since the other PUFs are not reliable, the knee-jerk perception is that PUF in general is an unreliable technology. For instance, with SRAM PUF the “noise” can be controlled, which is critical to assessing reliability. So while some specific PUFs may be unreliable, SRAM PUF is reliable. And the data bears that out.
Q: What do you mean by SRAM PUF “noise”?
Pim: An SRAM PUF is a noisy fingerprint of the silicon, SRAM in this case, of an IC. Just like your human fingerprint, it will be slightly different every time it’s measured. But error-correction mechanisms make it possible to link a human fingerprint to a specific person – and, even more so in the case of SRAM PUF, to link a “silicon fingerprint” to a specific device.
Q: For a human fingerprint this makes sense to me. But what mechanisms affect the noise in the “silicon fingerprint” and how do you control them?
Pim: The main mechanism that increases the noise in the SRAM PUF is the silicon aging phenomenon. You have the degradation effects that occur in every silicon component, and if you do nothing the noise in the PUF might increase above levels where it can be corrected for.
But as I mentioned before, for SRAM PUF we developed a very efficient anti-aging mechanism that corrects for most of these degradation effects, giving the SRAM PUF a longer lifetime than the underlying SRAM itself. Our customers are really impressed by the graphs we show them on our burn-in tests.
Apart from that you have the environment. For example, changes in temperature will influence the noise in the SRAM PUF. The influence of changing operating conditions has been tested extensively. Our SRAM PUF system is tested for temperatures ranging from -50°C to 150°C [-58°F to 300°F]. It needs to work in airplanes, in a data center or in Death Valley.
Q: What about reliability of other, non-PUF-based, security? A secure element or OTP, for instance?
Pim: Any security that relies solely on silicon will be only as reliable as the silicon is – that is, it will be reliable as long as the silicon resists degradation. Because an operational IC gradually changes over time – in other words, it ages – eventually the physical changes affect the circuit’s operation, typically in a degrading manner. At some point this can lead to circuit failures. But because of the anti-aging and error correction techniques in SRAM PUF it is not subject to the same risk of failure as those security approaches. In fact the risk of failure of the SRAM PUF is much lower than that of any other component on the chip.
Q: And Intrinsic ID continually tests for reliability.
Pim: We absolutely do. You might have heard the saying, “In God we trust – all others bring data.” A few minutes ago I mentioned that data bears out the reliability of SRAM PUF. We have a reliability report that is available under NDA – it is detailed but lengthy, on the order of 150 pages and growing every month. So it might be easier to digest our recent white paper on reliability, which is available for download from our website and includes the results of our testing.
One very easy-to-digest set of test results, which anyone can see any time, appears on our website’s home page. You can see a digital display which continually updates how many times we have powered up devices to read the silicon fingerprint and confirm the devices’ identities. We conduct this testing 24/7 and have been doing it for well over a year. So far we have conducted about 76 million power-ups. With zero failures.
Q: So it’s not as if SRAM PUF technology has failed and been remedied so as not to fail again. It’s actually NEVER failed.
Pim: Absolutely. Intrinsic ID technology has been deployed in almost 50 million chips in the field, and billions of keys have been generated. And not one key has ever failed. In any IoT device, SRAM PUF is not the technology to worry about.
Q: Still, with more and more devices connected by the IoT, and some in particularly critical roles, it’s not hard to see why security’s reliability gets such scrutiny in certain use cases.
Pim: Of course. We play a vital role in a chip, and in some use cases it’s REALLY vital. For instance, chips going into airplanes. Those guys need to be 200 percent sure that in adding SRAM PUF technology to their chip they do not introduce anything that would hamper a chip’s operation. And think of pacemakers that are connected to the cloud so doctors can monitor their patients. I know that if I were relying on a medical device critical to my survival I would want it to be secure – who wouldn’t? And I would feel better knowing it was secured with SRAM PUF.
Pim Tuyls is CEO of Intrinsic ID. Before founding Intrinsic ID in 2008 he was at Philips Research, where he was Principal Scientist and managed the cryptography cluster. While there he initiated the work on Physical Unclonable Functions (PUFs), which forms the basis of Intrinsic ID’s silicon fingerprinting technology. Tuyls has a Ph.D. in mathematical physics from Leuven University, holds more than 50 patents and is widely acknowledged for his work in the field of security for embedded applications.
Do you have thoughts on reliability in IoT security? Let us know in the Comments section below.