《20230614_B-102_Hinkel.PDF》由会员分享,可在线阅读,更多相关《20230614_B-102_Hinkel.PDF(21页珍藏版)》请在三个皮匠报告上搜索。
1、Authenticate Everything Intrinsic ID September 14,2017Authenticate Everything Intrinsic ID Protecting SmartNICs with Physical Unclonable Functions(PUFs)Reed HinkelVP Strategy&Business DevelopmentAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 2SmartNICs are programmable accelerat
2、ors for data centersAllow servers CPUs to offload processing of the following functions:Networking Storage SecurityAll high value applications that require a higher level of trustSetting the SceneAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 3Data Center Hacks are on the RiseAu
3、thenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 4Fundamental building block for security of a device or systemPart of the security one can trust and operates as expectedGuarantees correct execution of fundamental security primitivesRoot of TrustAuthenticate Everything Intrinsic ID
4、September 14,2017 Intrinsic ID 5Open-Source Root of Trust solution driven by OCP and CHIPS AllianceOCP CaliptraFrom:Caliptra Open-Source RoT Project Update at OCP Regional Summit 2023The purple boxes are called out in the Caliptra specification,but are not part of the open-source IPAuthenticate Ever
5、ything Intrinsic ID September 14,2017 Intrinsic ID 6Caliptras root secret is called UDS Within Caliptra framework every device has unique identity called UDS or Unique Device Secret The UDS is:A block of entropy stored in fuses Root secret for the Caliptra root of trust Unique identity for every ind
6、ividual device From:Caliptra-A Datacenter System on a Chip(SOC)Root of Trust(RoT),Revision 1.0“The Caliptra UDS is stored in fuses,and is encrypted at rest by an obfuscation secret”“This obfuscation secret may be a chip-class secret,or a chip-unique PUF,with the latter preferred”UDS Unique Device Se
7、cretAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 7Caliptra architecture recommends using PUF technologyOCP CaliptraFrom:Caliptra Open-Source RoT Project Update at OCP Regional Summit 2023The purple boxes are called out in the Caliptra specification,but are not part of the open
8、-source IPAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 8“A Cryptosystem should be secure even if everything about the system,except the secret key,is public knowledge”Auguste KerckhoffsKerckhoffss PrincipleSecurity depends on the secrecy of the keyAuthenticate Everything Intri
9、nsic ID September 14,2017 Intrinsic ID 9An Unexpected Security Challenge:Secret Keys?Authenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 10The Solution:Never Store the Root KeyAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 11Protecting Strong Root Keys with SRAM
10、PUFsThe start-up values create a highly random and repeatable pattern that is unique to each chipSilicon FingerprintProcess VariationDeep sub-micron variations in the production process give every transistor slightly random electric properties13When the SRAM is powered on this randomness is expresse
11、d in the start-up values(0 or 1)of SRAM cellsSRAM Start-up Values2SRAM PUF KeyThe silicon fingerprint is turned into a secret key that builds the foundation of a security subsystem4Device-unique,unclonable fingerprintLeverages entropy of mfg.processNo key material programmedSRAM PUF BenefitsNo Keys
12、at RestAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 12SRAM PUF Advantages in Secure Key StorageSecurityAffordabilityOther SolutionsKey programmed externallyPermanent physical alteration Key visible in structureFusesROMFlashEEPROMAnti-fuseSRAM PUF TechnologyKey generated by dev
13、ice entropy No traces of sensitive dataNo secrets stored on chipSRAM PUFAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 13Benefits of Using Intrinsic ID PUF TechnologyCertificationsIID PUF-enabled products have been certified by EMVCo,CC EAL6+,Platform Security Architecture,ioXt,
14、GlobalPlatformHighest SecurityRoot key never storedHW source of randomnessMany attack countermeasuresHighest ReliabilityFrom-55C to 150C Lifetime 25 yearsProven500M+ICs with IID PUF implementations shippedG&D,banking,IoTFrom 350nm to 5nmFlexibilityGeneration of root keys anytime,anywhereAny party ca
15、n store their own keys securely on chipLow CostNo secure storage on chip required Authenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 14Intrinsic ID Addresses the Security Needs of Top Tech Companies Higher SecurityFlexibleEconomicsTop Tech Company NEEDSKeys visible in memoriesTrust
16、in other parties neededLimited choice of foundry/processMultiple vulnerabilitiesLimited choice of programmingAdditional silicon costsHigh implementation costNo keys at restWithout Intrinsic IDWith Intrinsic IDSupports a Zero Trust supply chainWorks for all foundries/processesChoice where to program
17、the keysStandard siliconNo special steps neededHighest security in the IndustryMany touch pointsZero Touch approachReliabilityReliability issues in advanced nodesHigh reliability in all nodesLiability costNo liability costDe/re-commissioning issuesDevice lifecycle flexibilityAuthenticate Everything
18、Intrinsic ID September 14,2017 Intrinsic ID 15PUF-based ProductsMCUHardwareSoftwareOSAppAppZign X00PUF SRAMSoCHardwareSoftwareOSAppAppQK DriverPUFSRAMQuiddiKeyFPGAHardwareSoftwareApolloOSAppAppApollo DriverUser AppFPGA FabricAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 16500M+
19、Deployments in the FieldIndustry Leaders Rely on Intrinsic ID4 of Top 5MCU Vendors as a Customer10+Global certifications and Government programsTop 4FPGA Platforms125+Design WinsDefense ContractorsAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 17The UDS is the root secret for th
20、e Caliptra Root of Trust With PUF a Secure Vault is created by encrypting UDS No key stored=no way to decrypt UDS Encrypted UDS can be stored anywhere and remain secureUse Case:Obfuscating UDSUDSAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 18Intrinsic ID SRAM PUF technology co
21、mes with NIST-compliant RNGUse Case:Random Number GenerationFeatures Uses standard SRAM start-up values as a true random source NIST CAVP certified for DRBG and AES Compliant with NIST SP 800-90 Compliant with BSI AIS 20/31 Supports FIPS 140-3 certificationZign RNGSRAMHarvests noise in standard SRAM
22、 to extract a true random seedDRBG uses seed to generate random bit streamEntropy Source ProcessingDRBGBenefits No need for additional or modified silicon Can be added at any point in the supply chain Fits in resource-constrained embedded devices Portable across different technologiesAuthenticate Ev
23、erything Intrinsic ID September 14,2017 Intrinsic ID 19Intrinsic ID PUFs provide both the PUF and TRNG for OCP CaliptraIntrinsic ID PUFs for OCP CaliptraFrom:Caliptra Open-Source RoT Project Update at OCP Regional Summit 2023The purple boxes are called out in the Caliptra specification,but are not p
24、art of the open-source IPAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 20SmartNICs allow offloading of security functionalityThe new standard for datacenter secure authentication is CaliptraCritical components of Caliptra:PUF&TRNGIntrinsic ID PUF solutions provide both these functions and are integrated directly with OCP CaliptraConclusionsAuthenticate Everything Intrinsic ID September 14,2017www.Intrinsic-ID.comThank You!