Selecting a Root of Trust with an Unclonable Identity
Tobias Adryan covers how chip makers or IoT OEMs can select a root of trust with an SRAM PUF-based unclonable identity.
Hi, and welcome to another whiteboard video from Intrinsic ID. I am Tobias Adryan, Field Applications Engineer. In this video, we’ll go over selecting a root of trust with an unclonable identity using SRAM PUF.
So let’s say I’m a semiconductor chip manufacturer making MCUs, sensors, memory devices, or connectivity chips. What are my options available to me to realize IoT security with SRAM PUF? I can license QuiddiKey hardware. It’s a hardware RTL implementation which can be integrated into crypto modules. QuiddiKey can be incorporated at the very beginning of a chip’s design life cycle. It’s a clean-slate approach. This results in a compact, fast, low-power implementation with an improved isolation from many common attack factors.
On the other hand, I need to secure an existing chip. I can license BroadKey software, a software library which offers an unclonable identity and runs on any processor. BroadKey gives flexibility to my design, so I can incorporate SRAM PUF at any point in the chip’s development. BroadKey supports any vendor and processor architecture, which, since we are integrating software rather than hardware, this approach results in a more flexible time to market.
Now, let’s say that I am an OEM manufacturer, and I manufacture and sell the edge devices to IoT network operators. How do I implement a strong, unclonable identity? The most straightforward option for an OEM is to buy an off-the-shelf MCU which has QuiddiKey and BroadKey already implemented. With over a decade of product shipments, there are many chips and modules with SRAM PUF already built in. You can contact us to learn more.
Now, you might wonder what I would do if my favorite chip or module doesn’t come with SRAM PUF? Well, I can take my destiny in my own hands and license BroadKey directly from us and integrate it into any device.
So what’s common between QuiddiKey and BroadKey approaches? Both use a hardware entropy source, namely uninitialized SRAM. Once the root key is generated with either QuiddiKey or BroadKey, it is never stored. It gives a much higher resistance to physical attacks compared to legacy approaches like OTP. The fab technology node and clock speed independence dramatically simplify development by minimizing porting and revalidation efforts.
Thank you for watching, and look for more videos from Intrinsic ID.