报告预览

20230614_B-102_Hinkel.PDF

编号：136704

PDF 21页 4.83MB 下载积分：VIP专享

下载报告请您先登录！

20230614_B-102_Hinkel.PDF

1、Authenticate Everything Intrinsic ID September 14,2017Authenticate Everything Intrinsic ID Protecting SmartNICs with Physical Unclonable Functions(PUFs)Reed HinkelVP Strategy&Business DevelopmentAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 2SmartNICs are programmable accelerat

2、ors for data centersAllow servers CPUs to offload processing of the following functions:Networking Storage SecurityAll high value applications that require a higher level of trustSetting the SceneAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 3Data Center Hacks are on the RiseAu

3、thenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 4Fundamental building block for security of a device or systemPart of the security one can trust and operates as expectedGuarantees correct execution of fundamental security primitivesRoot of TrustAuthenticate Everything Intrinsic ID

4、September 14,2017 Intrinsic ID 5Open-Source Root of Trust solution driven by OCP and CHIPS AllianceOCP CaliptraFrom:Caliptra Open-Source RoT Project Update at OCP Regional Summit 2023The purple boxes are called out in the Caliptra specification,but are not part of the open-source IPAuthenticate Ever

5、ything Intrinsic ID September 14,2017 Intrinsic ID 6Caliptras root secret is called UDS Within Caliptra framework every device has unique identity called UDS or Unique Device Secret The UDS is:A block of entropy stored in fuses Root secret for the Caliptra root of trust Unique identity for every ind

6、ividual device From:Caliptra-A Datacenter System on a Chip(SOC)Root of Trust(RoT),Revision 1.0“The Caliptra UDS is stored in fuses,and is encrypted at rest by an obfuscation secret”“This obfuscation secret may be a chip-class secret,or a chip-unique PUF,with the latter preferred”UDS Unique Device Se

7、cretAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 7Caliptra architecture recommends using PUF technologyOCP CaliptraFrom:Caliptra Open-Source RoT Project Update at OCP Regional Summit 2023The purple boxes are called out in the Caliptra specification,but are not part of the open

8、-source IPAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 8“A Cryptosystem should be secure even if everything about the system,except the secret key,is public knowledge”Auguste KerckhoffsKerckhoffss PrincipleSecurity depends on the secrecy of the keyAuthenticate Everything Intri

9、nsic ID September 14,2017 Intrinsic ID 9An Unexpected Security Challenge:Secret Keys?Authenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 10The Solution:Never Store the Root KeyAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 11Protecting Strong Root Keys with SRAM

10、PUFsThe start-up values create a highly random and repeatable pattern that is unique to each chipSilicon FingerprintProcess VariationDeep sub-micron variations in the production process give every transistor slightly random electric properties13When the SRAM is powered on this randomness is expresse

11、d in the start-up values(0 or 1)of SRAM cellsSRAM Start-up Values2SRAM PUF KeyThe silicon fingerprint is turned into a secret key that builds the foundation of a security subsystem4Device-unique,unclonable fingerprintLeverages entropy of mfg.processNo key material programmedSRAM PUF BenefitsNo Keys

12、at RestAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 12SRAM PUF Advantages in Secure Key StorageSecurityAffordabilityOther SolutionsKey programmed externallyPermanent physical alteration Key visible in structureFusesROMFlashEEPROMAnti-fuseSRAM PUF TechnologyKey generated by dev

13、ice entropy No traces of sensitive dataNo secrets stored on chipSRAM PUFAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 13Benefits of Using Intrinsic ID PUF TechnologyCertificationsIID PUF-enabled products have been certified by EMVCo,CC EAL6+,Platform Security Architecture,ioXt,

14、GlobalPlatformHighest SecurityRoot key never storedHW source of randomnessMany attack countermeasuresHighest ReliabilityFrom-55C to 150C Lifetime 25 yearsProven500M+ICs with IID PUF implementations shippedG&D,banking,IoTFrom 350nm to 5nmFlexibilityGeneration of root keys anytime,anywhereAny party ca

15、n store their own keys securely on chipLow CostNo secure storage on chip required Authenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 14Intrinsic ID Addresses the Security Needs of Top Tech Companies Higher SecurityFlexibleEconomicsTop Tech Company NEEDSKeys visible in memoriesTrust

16、in other parties neededLimited choice of foundry/processMultiple vulnerabilitiesLimited choice of programmingAdditional silicon costsHigh implementation costNo keys at restWithout Intrinsic IDWith Intrinsic IDSupports a Zero Trust supply chainWorks for all foundries/processesChoice where to program

17、the keysStandard siliconNo special steps neededHighest security in the IndustryMany touch pointsZero Touch approachReliabilityReliability issues in advanced nodesHigh reliability in all nodesLiability costNo liability costDe/re-commissioning issuesDevice lifecycle flexibilityAuthenticate Everything

18、Intrinsic ID September 14,2017 Intrinsic ID 15PUF-based ProductsMCUHardwareSoftwareOSAppAppZign X00PUF SRAMSoCHardwareSoftwareOSAppAppQK DriverPUFSRAMQuiddiKeyFPGAHardwareSoftwareApolloOSAppAppApollo DriverUser AppFPGA FabricAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 16500M+

19、Deployments in the FieldIndustry Leaders Rely on Intrinsic ID4 of Top 5MCU Vendors as a Customer10+Global certifications and Government programsTop 4FPGA Platforms125+Design WinsDefense ContractorsAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 17The UDS is the root secret for th

20、e Caliptra Root of Trust With PUF a Secure Vault is created by encrypting UDS No key stored=no way to decrypt UDS Encrypted UDS can be stored anywhere and remain secureUse Case:Obfuscating UDSUDSAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 18Intrinsic ID SRAM PUF technology co

21、mes with NIST-compliant RNGUse Case:Random Number GenerationFeatures Uses standard SRAM start-up values as a true random source NIST CAVP certified for DRBG and AES Compliant with NIST SP 800-90 Compliant with BSI AIS 20/31 Supports FIPS 140-3 certificationZign RNGSRAMHarvests noise in standard SRAM

22、 to extract a true random seedDRBG uses seed to generate random bit streamEntropy Source ProcessingDRBGBenefits No need for additional or modified silicon Can be added at any point in the supply chain Fits in resource-constrained embedded devices Portable across different technologiesAuthenticate Ev

23、erything Intrinsic ID September 14,2017 Intrinsic ID 19Intrinsic ID PUFs provide both the PUF and TRNG for OCP CaliptraIntrinsic ID PUFs for OCP CaliptraFrom:Caliptra Open-Source RoT Project Update at OCP Regional Summit 2023The purple boxes are called out in the Caliptra specification,but are not p

24、art of the open-source IPAuthenticate Everything Intrinsic ID September 14,2017 Intrinsic ID 20SmartNICs allow offloading of security functionalityThe new standard for datacenter secure authentication is CaliptraCritical components of Caliptra:PUF&TRNGIntrinsic ID PUF solutions provide both these functions and are integrated directly with OCP CaliptraConclusionsAuthenticate Everything Intrinsic ID September 14,2017www.Intrinsic-ID.comThank You!

友情提示

1、下载报告失败解决办法
2、PDF文件下载后，可能会被浏览器默认打开，此种情况可以点击浏览器菜单，保存网页到桌面，就可以正常下载了。
3、本站不支持迅雷下载，请使用电脑自带的IE浏览器，或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩，下载后原文更清晰。

本文（20230614_B-102_Hinkel.PDF）为本站（2200）主动上传，三个皮匠报告文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若此文所含内容侵犯了您的版权或隐私，请立即通知三个皮匠报告文库（点击联系客服），我们立即给予删除！

温馨提示：如果因为网速或其他原因下载失败请重新下载，重复下载不扣分。

上海品茶

20230614_B-102_Hinkel.PDF

20230614_B-102_Hinkel.PDF