Defense and communications chip supplier Microsemi Corp. (Aliso Viejo, Calif.) has added security technology licensed from Intrinsic-ID BV (Eindhoven, The Netherlands) to its SmartFusion2 SoC FPGAs and Igloo2 FPGAs.
Microsemi has licensed physically unclonable function (PUF) technology implemented in SRAM from Intrinsic-ID and claims that the two product families are industry’s first and only FPGAs to integrate hardened PUF technology and therefore support the devices for Internet of Things applications.
The PUF technology works on the basis of the metastability of the cross-coupling inside an SRAM bit cell. This metastability means that an SRAM bit cell could power up as either a 1 or a 0 but due to the variability of the silicon manufacturing it will have an inherent primary state. A line of such cells effectively provides a multibit word that is unique to that silicon implementation. This can be used as a key for subsequent cryptography and other security measures.
By defining a hardened design with dedicated SRAM and additional countermeasures such as an anti-tamper mesh and dedicated PUF power control, Microsemi has achieved a much higher level of resistance to tampering than can be obtained using FPGA soft IP or software-based solutions. When the power is switched off to the PUF, the PUF secret key effectively disappears from the chip. There is no known technology that can read the PUF while its power is off.
Although Microsemi claims these are the first FPGAs to use a hardend PUF the company has been a long-time licensee of Intrinsic-ID's technology. In August 2011 the company announced the availability of Intrinsic-ID's security IP on its Flash-based SoCs, FPGAs and development boards. This was based on Intrinsic-ID's "Quiddikey" technology and is described in similar terms to the current technology.
A key aspect of security as it relates to IoT is that during operation legitimate machines need to be able to identify themselves and authenticate each other so they can perform secure machine-to-machine (M2M) communication. Clearly they need to be able to reject data from unreliable or malicious sources.
The integrated SRAM-PUF technology can now be used with an integrated elliptic curve cryptography (ECC) engine, designed to be resistant to differential power analysis (DPA) attacks using DPA countermeasures licensed from Cryptography Research Inc. The PUF/ECC security features integrated on the FPGAs can be used to generate a public-private key pair where only the SmartFusion2 or Igloo2 device knows the private portion of the key pair.
"This becomes the seed for a Public Key Infrastructure (PKI) where only the chip knows the unique private key and the verifiable public key is certified," said Russ Garcia, executive vice president of worldwide marketing at Microsemi, in a statement. "This technology allows our customers to trust the SmartFusion2 and Igloo2 devices they receive from us, and then easily extend the root-of-trust in those devices to other components in the system or network, greatly simplifying system security."
"Microsemi has brought a very tamper-resistant, hardened implementation of PUF technology to the FPGA market for the first time in its SmartFusion2 and Igloo2 products, making top-grade security available for the numerous and diverse data security applications that security architects and engineers are implementing using FPGAs," commented Pim Tuyls, CEO of Intrinsic-ID, in the same statement.
The SmartFusion2 SoC FPGAs include flash-based FPGA fabric, a 166MHz Cortex-M3 processor, cryptography accelerators, DSP blocks, SRAM, embedded NVM and communication interfaces on a single chip. Igloo2 FPGAs provided a flash-implemented look-up table based FPGA fabric together with 5Gbps transceivers, high speed GPIO, block RAM, and DSP blocks.
Members of the SmartFusion2 and Igloo2 product families with PUF and ECC technology are immediately available.
Questions or comments on this story? Contact firstname.lastname@example.org
Related links and articles: