Host Authentication When the Counterfeits Come Marching In
An important use case for SRAM PUF technology is Device-to-Host Authentication, a way to combat sales of aftermarket and gray-market counterfeits of components or consumables.
Hi, everyone. I’m Vincent van der Leest, Director Product Marketing, and welcome back for another Intrinsic ID whiteboard video. Today’s topic is “When Counterfeits Come Marching In,” and it discusses an important use case for SRAM PUF technology: device-to-host authentication.
The reason this is an important use case is that many companies suffer when aftermarket and gray market suppliers sell compatible components or consumables at a lower price. Imagine you are a drone manufacturer that also makes the batteries for these devices. When other companies sell compatible counterfeit batteries at a lower price, you lose revenue. But you might also face increased liability and reputation risk. You cannot guarantee counterfeit batteries will work properly with your drones. So when these gray market batteries overheat, or even catch fire, you might have to defend against liability claims of bodily injury. In the end, liability and reputation damage may be a much greater problem than the original lost revenue.
And of course, this risk does not only apply to drone manufacturers. Just imagine the damage counterfeit consumables can do for medical equipment, power tools, and other consumer devices.
This is why IoT OEMs need a scalable method for creating a trust link between their device and its companion product. In this case, the trust link should reject any unauthorized battery that tries to connect. But given the cost-sensitive market of consumables like batteries, the solution should be BOM [bill of materials]-cost friendly and not require an additional security chip.
SRAM PUF is a low-cost and scalable solution for creating this trust link. SRAM PUFs create an unclonable identity by extracting a device-unique cryptographic root key from tiny variations in the silicon of a chip. This key is never stored, cannot be copied from one device to the next, and cannot be read or changed by attackers. So this key is exactly what you need to trust that a device or battery is genuine.
With SRAM PUFs, the tiny microcontroller typically found on a battery can be used to deploy a scheme for preventing counterfeit batteries from working. It turns the tiny microcontroller into a secure one with a digital identity. This authentication protocol, as well as the SRAM PUF, are very lightweight, so this greatly eases adoption of this revenue recovery solution.
This authentication scheme consists of a few simple steps:
- First, the drone MCU verifies whether the identity certificate of the battery has been issued by the drone OEM.
- Then, the battery MCU generates its secret key from the SRAM PUF.
- And finally, the battery MCU proves its identity, through a challenge-response protocol with the drone MCU.
Counterfeit batteries will not be able to prove a legitimate identity, even if they copy the certificate from a real battery, because they won’t have the corresponding SRAM PUF. This means they cannot reproduce the required secret key, thus breaking the challenge response protocol. This low-cost and low-footprint solution to prevent counterfeit products not only helps with revenue protection, but, perhaps more vitally, it better protects IoT device makers from liability and reputation risk.
Thank you all for watching, and look for more videos from Intrinsic ID.