Protecting Your Company’s Crown Jewels
How IoT device manufacturers, with a lot of value to safeguard, can utilize SRAM PUF technology to protect their IP.
Hi, everyone. I’m Vincent van der Leest, director of product marketing, and welcome back for another Intrinsic ID whiteboard video. Today we will talk about another important use case for SRAM PUF technology, IP protection.
If you are an IoT device manufacturer, you have a lot of value to protect, not the least of which is the software you put on your devices. More and more IoT devices contain proprietary, valuable algorithms, like for machine learning and artificial intelligence. These are the company’s crown jewels that you want to protect. You need to protect your development efforts of these algorithms. You also don’t want hackers to be able to change their functionality or copy the software to make counterfeit devices.
As a device OEM, you need to protect software against three types of attacks:
- The first is reverse engineering, which allows attackers to read the software code and alter it or extract your valuable trade secrets.
- The second attack is cloning, where attackers create working copies of your devices by copying your software IP to a counterfeit product.
- And finally, overproduction, which allows untrusted parties in your supply chain to build more devices than you ordered and sell the extra ones on the gray market.
So what should you, as an OEM, do to prevent these attacks? SRAM PUFs can help you be safe from all of them by extracting an unclonable root key from tiny variations in the silicon of your chips. These keys are never stored and cannot be copied from one device to the next. This makes SRAM PUF complementary to solutions like Secure Boot, and to trusted execution environments like Arm TrustZone, because neither Secure Boot nor TrustZone offer unclonable keys. These keys make SRAM PUF perfect for binding IP to the hardware on which it is supposed to be running and therefore protecting your crown jewels.
So let’s look at each of these attacks again. To prevent reverse engineering, software IP should be encrypted with a key from the SRAM PUF. When attackers extract software from the memory of a device, they will not be able to find the key that has been used to encrypt it. Without this key, which is not stored in memory, the software cannot be reverse engineered, and your IP is safe.
By encrypting the software on your device with a key from the SRAM PUF, you are also safe from cloning. This is because copying the memory of a legitimate device to a blank device will not result in a working clone simply because the decryption keys for the software cannot be copied along.
And finally, SRAM PUFs also prevent overproduction. Creating the device-unique keys requires an enrollment step to set up each SRAM PUF with its own unique activation code. Each activation code works for only one specific SRAM PUF instance. So they can be counted by a server, which prevents a factory from enrolling more devices than you have ordered from them. This way, no device can enter the market without your specific consent. It also gives OEMs flexibility and security when working with a less-than-trusted supply chain, which, in the end, results in lower production cost.
So, as you can see, SRAM PUFs are highly suitable for solving difficult IP protection use cases for IoT device makers. Creating a strong root of trust in hardware protects your valuable IP assets, keeping you safe from hackers while protecting your trade secrets that give you an edge in a highly competitive IoT market.
Thank you all for watching, and look for more videos from Intrinsic ID.