Transcript VIA PUF
VIA PUF & PUF ICTK Co., Ltd. 3/5 fl, Vforum Building, 323 Pangyo-ro, Bundang-gu Gyunggi-do, Korea 13488 TEL : + 82-31-739-7890 FAX : +82-31-739-7891 www.ictk.com [email protected] [email protected] WinLink Co., Ltd. Contact : Ricky Kwak / 곽민호 Tel. : +82-505-324-7620 Fax : +82-505-324-7621 Mobile : +82-10-5257-0803 E-mail : [email protected] Executive Summary The researches of PUF, Physical Unclonable Function, technology have been in the industry for last a decade long, but the most of studies failed to enter the mass volume production with various reasons. One of the latest known reason is repeatability issue or testing time issue. ICTK, a Korean firm, has also researched since 2009 and successfully developed VIA PUF in 2014, that allows to enter volume production without any barrier at all. One of the major reason to have researched PUF technology is to replace memory based security system currently in use. Therefore VIA PUF is going to change the security system to new paradigms. Major basic application areas are Secure ID, Secure Private Key and Secure memory. ICTK is on its way to deploy the products to the market and also is ready to accept any specific requirements to work together with various industry. And yet ICTK is willing to license the VIA PUF technology to those who could be partners. ICTK should be more than happy to provide you more information upon your request. Thanks & best regards. 2 ICTK ICTK is a great smart card testing & security solutions partner for your success ICTK(ICTK Co., Ltd.) is a global transaction & security solution provider serving more than 200 clients worldwide, including manufacturers, banks and government agencies. As an international testing laboratory and consultant, ICTK has been working on the field of the payments, transportation, value-added network and mobile network sectors, satisfying requirements defined by* EMVCo, Visa, JCB, Discover, Global Platform, NFC Forum and KOLAS (ISO/IEC 17025) for product stability and interoperability. ICTK has been dedicated into the development of customized testing solutions such as testing tools and an validation system. ICTK is a leader in new generation security solutions for smart devices, cloud computing, smart grid and intelligent automobiles. By bringing a physical property of each chip as an ID (Vs. S/W pseudo random number), it provides unclonable functions to prevent any security breach in the most simple and cost-effective way. All the work for the security solution brought a number of both registered and pending patents. Recently, ICTK has founded R&D center at Fusion Technology Center of Hanyang University to research PUF-based security chip and its system. 3 Situations of Coventional Security Memory-based Key Management System is the core of security Keys are generated by PRNG or TRNG Keys are stored in NVM Hackers always trying to steal Keys From NVM or by side channel attack Impossible to decrypt the encrypted data without the relevant Key Trend toward to HW security TPM, TEE, HSM, SE, etc.. Researching replacing technology, PUF 4 Issues of Memory Base Security Hardware security is vulnerable to physical attacks Takes months to analyze IC, then few hours to steal KEY 2020? Black hat 2010 Black hat 2015 Steal KEY from Infineon TPM memory Reverse engineering by computer power 6 months for chip analysis 3months for new smartcard IC 6 hours to steal KEY Require stronger countermeasure to physical attacks 2025? What is PUF? Physical Unclonable Function a physical entity in a physical structure impossible to clone or duplicate from the same manufacturing process Requirements of PUF Unpredictable Unclonable Random Repeatable 6 Root of Trust PUF generates the KEY from physical structure VIA PUF Variables Counter Password User data etc… Once use, demolish the KEY Regenerate the KEY when need No requirement of KEY storage HASH No place Hackers to steal the KEY Core of SECURITY Root of TRUST The KEY KEY derivative Types of PUF? Year Method 2000 Random drain voltage 2005 Random difference of two delay path 2007 Random bit from unstable state of SRAM 2009 Random capacitance value due to the coating layer Author Portland State University MIT Philips NXP Circuit Commercialization Siid Tech Hitachi gave up production Verayo Intrinsic ID NXP Issues of Conventional PUF’s Very much sensitive to environmental variations and aging, i.e. temperature, humidity, etc. Poor repeatability Require additional post processing circuits to improve repeatability Normally using ECC (Error Correction Code) Efficiency of ECC is important factor Resulted high cost due to test time and design overhead What is VIA PUF? Utilize VIA holes between two metal layers to create the contact Certain hole size gives “open or short” by semiconductor process itself These “opens and shorts” are created randomly The combination of this “open and short” generates VIA PUF The holes are scattered rather than located in a specific area VIA PUF Hole Formation Select via hole size smaller than design rule Target 50% : 50% of “open and short” Via Hole Size: XM VIA holes Upper Metal Layer Lower Metal Layer Cross-sectional Views of Via Hole Array Via Hole Size: Design Rule Advantage of VIA PUF Excellent repeatability Gives clear “open & short” all the time due to its usual “via hole nature” No change by environment changes or aging Complies JEDEC standard for reliability test High Quality of Randomness Satisfies “ NIST SP800-90B” test suit No Error Correction Circuit required Unlike conventional SRAM type PUF(or active circuit), VIA PUF does NOT require ECC Scalable PUF cells Easy to control number of PUF cells Excellent Repeatability Complies JEDEC Standard for reliability test Test Condition Test Time Sample # Test results (fail #) HTOL 125 ℃ / Vcc=Max. 1000 hr 231 ea Pass HTS LTS 150 ℃ -55 ℃ Bake 125 ℃ (24 hr) Soak 35 ℃ / 60% (192 hr) Reflow 260 ℃ (3 cycle) 130 ℃ / 85% 125 ℃ / -55 ℃ 85 ℃ / 85% / Vcc=Max. HBM (2KV) 1000 hr 168 hr Pass Pass 96 hr 1000 cycle 1000 hr - 75 ea 77 ea 225 ea (UHAST+ TC+THB) 75 ea 75 ea 75 ea 9 ea MM (200V) - 9 ea Pass CDM (800V) - 3 ea Pass Latch-up - 9 ea Pass PRECON UHAST TC THB ESD 216 hr Pass Pass Pass Pass Pass High Quality of Randomness Satisfies with NIST SP800-90B test suit • NIST SP800-90b Sample size : 1280-bit × 160 chips 204,800-bit + TRNG provided from NIST (recommended when test source is not enough for 1,000,000-bit sampling) • Test of IID Test Result Comp. Test Pass Shuffling Tests Specific Statistical Tests Over/Under Excursion Directional Rens Covariance Collision Chi Square Chi Square Test Test Test Test test Independence Test Stability Test Pass Pass Pass Pass Pass Pass Pass PUF data pass all tests → The PUF data is IID • Min-entropy with the IID bins test : 0.971633 Proven Technology Process Chip PUF Status 2014 TSMC 0.18um • 2,560-bit PUF Repeatability and 2014 Dongbu HiTek 0.13um • 2,560-bit PUF Repeatability and 2015 Samsung 65 nm • 2,560-bit PUF Repeatability and Fab-processing Randomness will be checked (plan to complete May/’16) Randomness are confirmed Randomness are confirmed Process Completed Process Completed Patent Patent Registered : 30 (US, EU, Korea, China, Taiwan) Patent Pending : 85 (US, EU, Korea, China, Japan, Taiwan) Finnegan Henderson LLP(DC) as ICTK’s patent prosecution partner since 2012 for US & EU Patent portfolio includes PUF designs, processing, optimization, application, system, etc. Basic Applications of PUF ? Secure ID Secure Private KEY in PKI system Secure Memory Data encryption by VIA PUF key Secure ID Direct & indirect ID Direct ID : use VIA PUF itself as unique ID Indirect ID : Inject ID & store by “Secure Memory” concept More common to use No risk of cloning ID card, passport, Driver license, Drone ID etc.. Secure Private Key Provides secure Private Key in PKI system VIA PUF works with various crypto engines Secure FINTECH IoT Sensor/ Gateway Certificate OTP U2F Wearable Device 2nd factor authentication SmartCard 2nd Factor Authentication Secure Memory Store the data in NVM with encryption by VIA PUF Key. Then the VIA PUF Key is demolished, not store in NVM Re-generate the VIA PUF Key for decryption Free from hacking Giant NVM Plain data Crypto Keys Control Logic Serial Number Cipher data User Data Crypto engine Counter VIA PUF Key VIA PUF 20 KDF etc.. ICTK Technology PUF Crypto Engines AES RSA ECC SHA All tested in silicon as hardware format LEA or others available upon request Any configurations open to discuss Product Planning HAWK ??? VIA PUF+AES+ECC Q4 ‘16 Giant II ??? VIA PUF+SHA+NFC Q3 ‘16 Giant VIA PUF+SHA Q2 ‘16 2015 2016 2017 Applications of Giant series Giant Authentication IC based on VIA PUF Key features VIA PUF based key generation HASH based MAC(Message Authentication Code) SHA 256 Security countermeasure Anti-counterfeit SHA2 Fault injection & Side channel Attack Applications Giant Smartphone Accessories, Smartphone battery Printer cartridge E-Cigarett cartridge M2M authentication Secure boot / Firmware protection IP protection IoT end node authentication Drone ID Sample May/’16 VIA PUF Control Logic E2PROM (PUF-encrypted Memory) I2C/SWI Anti-Counterfeit Off-Line Utilize “Secure Memory” concept Install Giant in the “Target Product” to authenticate & “Master” Enroll “Target Product” before ship out In the field, “Master and Target Products” authenticate each other Example : Smartphone Accessary, Smartphone Battery, Printer Ink Cartridge, E-Cig Cartridge, Drone, etc.. Giant Giant SHA2 SHA2 PUF PUF MCU PUF-encrypted Memory PUF-encrypted Memory KeyMaster KeyTarget User Data User Data Master Target Product Target product to authenticate Anti-Counterfeit On-Line Utilize “Secure Memory” concept Install Giant & NFC tag chip in the “Target Product” to authenticate Enroll “Target Product” before ship out In the field, “Target Product” authenticate through smartphone by linking server. Example : Luxury products(Handbag/Clothes/Liquor/Watch), E-Cig e-liquid, Cosmetics, Medicine, etc.. Additional advantages Distribution channel & logistics management Big data collection from users Giant II SHA2 Authenticate Authenticate NFC PUF PUF-encrypted Memory KeyTarget User Data Server Smartphone Target product to authenticate Target Product Simplified IoT Network Security Standard to use X.509 No standard specified Requires security in reality Giant PUF based security chip Secured M2M authentication Economical engineering Link to Win…. With you! WinLink Co., Ltd. Contact : Ricky Kwak / 곽민호 Tel. : +82-505-324-7620 Fax : +82-505-324-7621 Mobile : +82-10-5257-0803 E-mail : [email protected]