EETimes on PUF: Security features for non-security experts

By Jim Turley, EE Times


When you feel sick, do you immediately enroll in a university course in medicine and wait until you’ve graduated to treat yourself? When your car breaks down, do you change careers and devote yourself to years of automotive engineering?
And when we need to learn about cryptography, security, hacking, and intrusion prevention, do we embark on a decades long struggle of one-upsmanship to keep up with the bad guys?

Nah… we hire an expert and call it done.

Just like we’d get an operating system or a microprocessor from an expert vendor in those areas, so too, we can get security technology from firms that do nothing else.

The best example of this is Altera’s brand new Stratix 10 family of FPGA chips. Apart from being big and fast, Stratix 10 FPGAs also include a whole array of security features that we don’t normally see in mainstream devices.

There’s a PUF (physically unclonable function) inside each Stratix 10 chip that is, by definition, specific to that chip and that chip only. It’s essentially a random “birthmark” or serial number that allows you to bind software, hardware, or configuration bitstreams to a single FPGA device. The code or configuration that works on one chip won’t work on another. So even if the bad guys hack one of your designs, they haven’t hacked them all. Clever.

You can also use the PUF to make keys invisible. Normally, key data is stored in fuses, like anything else on an FPGA. That means they are subject to X-rays, which can reveal the keys. But if you combine the key data with the PUF data, you get an original and unique result that doesn’t look like a key, and which works with only one device. Voila! Instant key security. All of these features, plus many others we haven’t mentioned, all add up to a “reduced attack surface.”

Continue reading in EE times magazine