IoT Authentication with SPARTAN: The Linchpin of Security

By Pim Tuyls
– Chief Executive Officer, Intrinsic ID

 

At our semi-annual security summit last month we were fortunate to have a talented slate of speakers, and it was interesting to observe how each brought a somewhat different perspective to the topic of security. Randy Turner of Landis+Gyr described how the security needs of the smart grid differ from traditional security concerns. Mark Schaeffer of Renesas commented on the notion that what we really have is the Internet of Insecure Things, citing industrial and medical sabotage, last year’s massive DDOS attack, and of course WannaCry. Anton Shmagin of Amazon spoke to new frontiers in IoT security and the concept of fine-grained authentication. Finally, GlobalSign’s Lancen LaChance incorporated a number of elements in his discussion of the need for strong device identity as the core for a secure IoT.

But among these different perspectives I observed an element common to all four presenters: the significance of and need for authentication. This happened to align with our announcement that day of SPARTAN, Intrinsic ID’s platform for digital authentication. SPARTAN can be applied to authenticating almost all IoT endpoints, and to enabling anti-counterfeiting and anti-cloning. This latest product from Intrinsic ID is actually an authentication suite, a family of software modules tailored to specific use cases that can run on virtually any microcontroller. As with all Intrinsic ID products, SPARTAN is based on our patented SRAM PUF technology, which creates a foundation for a security subsystem by giving microcontrollers and other semiconductors unique identities.

Unique identities which are based on SRAM PUF – let me expand on those two key points, because they explain how SPARTAN came to be.

First, the concept of unique identities – it’s fundamental to security. Not just identities, but registered identities. In that regard secure IoT endpoints are little different from people – when we are born we get a birth certificate, and later in life we receive other identifiers such as a driver’s license and a passport. Today we can even be recognized based on our biometrics and digital devices. Without appropriate assurances we cannot be certain that the person we’re speaking to – or giving money to, accepting goods from, taking home from the maternity ward, etc. – is who they are supposed to be. With IoT endpoints we require similar assertions. And so we require reliable and unique device identities.

A second key point is the common use of SRAM PUF. The fact SPARTAN utilizes SRAM PUF in the same way as our earlier products is an important point, and one that reflects the deliberately progressive course our company has taken:

  • We began with BROADKEY and QUIDDIKEY – products for key creation, key wrapping and key management. These create the basis for unique device identities, and hence the platform for all our other products and almost all security primitives.
  • Earlier this year we released CITADEL for key provisioning.
  • To these we add SPARTAN for authentication – both entity authentication and data authentication.

So we have followed a logical progression, building on key creation and key provisioning rooted in the transistor level, and working in alignment with the U.S. Department of Homeland Security’s Strategic Principles for Securing the Internet of Things (IoT), Version 1.0, announced in 2016.

Authentication is a higher level problem than key creation and key provisioning – and it’s a problem with high dollars attached to it. Intrinsic ID has in the past enabled authentication for our customers in certain use cases but not on the order of what SPARTAN offers today.

You can read more here about SPARTAN CLOUD, the first member of the SPARTAN family. And in the coming months you will hear more about SPARTAN as we continue to expand our authentication footprint.

___________________

Pim Tuyls is CEO of Intrinsic ID. Before founding Intrinsic ID in 2008 he was at Philips Research, where he was Principal Scientist and managed the cryptography cluster. While there he initiated the work on Physical Unclonable Functions (PUFs), which forms the basis of Intrinsic ID’s silicon fingerprinting technology. Tuyls has a Ph.D. in mathematical physics from Leuven University, holds more than 50 patents and is widely acknowledged for his work in the field of security for embedded applications.

 

Do you have thoughts on authentication or the need for device identities? Let us know in the Comments section below.

Leave a Reply

Your email address will not be published. Required fields are marked *