Transcript VIA PUF
VIA PUF & PUF
ICTK Co., Ltd.
3/5 fl, Vforum Building, 323 Pangyo-ro, Bundang-gu
Gyunggi-do, Korea 13488
TEL : + 82-31-739-7890
FAX : +82-31-739-7891
www.ictk.com
[email protected]
[email protected]
WinLink Co., Ltd.
Contact : Ricky Kwak / 곽민호
Tel.
: +82-505-324-7620
Fax
: +82-505-324-7621
Mobile : +82-10-5257-0803
E-mail : [email protected]
Executive Summary
The researches of PUF, Physical Unclonable Function, technology have been in the industry for last a decade long, but the most
of studies failed to enter the mass volume production with various reasons. One of the latest known reason is repeatability issue or
testing time issue.
ICTK, a Korean firm, has also researched since 2009 and successfully developed VIA PUF in 2014, that allows to enter volume
production without any barrier at all.
One of the major reason to have researched PUF technology is to replace memory based security system currently in use. Therefore
VIA PUF is going to change the security system to new paradigms. Major basic application areas are Secure ID, Secure Private Key
and Secure memory.
ICTK is on its way to deploy the products to the market and also is ready to accept any specific requirements to work together with
various industry. And yet ICTK is willing to license the VIA PUF technology to those who could be partners.
ICTK should be more than happy to provide you more information upon your request.
Thanks & best regards.
2
ICTK
ICTK is a great smart card testing & security solutions partner for your success
ICTK(ICTK Co., Ltd.) is a global transaction & security solution provider serving more than
200 clients worldwide, including manufacturers, banks and government agencies.
As an international testing laboratory and consultant, ICTK has been working on the
field of the payments, transportation, value-added network and mobile network sectors,
satisfying requirements defined by* EMVCo, Visa, JCB, Discover, Global Platform, NFC
Forum and KOLAS (ISO/IEC 17025) for product stability and interoperability. ICTK has
been dedicated into the development of customized testing solutions such as testing tools
and an validation system.
ICTK is a leader in new generation security solutions for smart devices, cloud
computing, smart grid and intelligent automobiles. By bringing a physical property of
each chip as an ID (Vs. S/W pseudo random number), it provides unclonable functions
to prevent any security breach in the most simple and cost-effective way.
All the work for the security solution brought a number of both registered and pending
patents. Recently, ICTK has founded R&D center at Fusion Technology Center of
Hanyang University to research PUF-based security chip and its system.
3
Situations of Coventional Security
Memory-based Key Management System is the core of security
Keys are generated by PRNG or TRNG
Keys are stored in NVM
Hackers always trying to steal Keys
From NVM or by side channel attack
Impossible to decrypt the encrypted data without the relevant Key
Trend toward to HW security
TPM, TEE, HSM, SE, etc..
Researching replacing technology, PUF
4
Issues of Memory Base Security
Hardware security is vulnerable to physical attacks
Takes months to analyze IC, then few hours to steal KEY
2020?
Black hat 2010
Black hat 2015
Steal KEY from Infineon TPM memory
Reverse engineering by computer power
6 months for chip analysis
3months for new smartcard IC
6 hours to steal KEY
Require stronger countermeasure to physical attacks
2025?
What is PUF?
Physical Unclonable Function
a physical entity in a physical structure
impossible to clone or duplicate
from the same manufacturing process
Requirements of PUF
Unpredictable
Unclonable
Random
Repeatable
6
Root of Trust
PUF generates the KEY from physical
structure
VIA PUF
Variables
Counter
Password
User data
etc…
Once use, demolish the KEY
Regenerate the KEY when need
No requirement of KEY storage
HASH
No place Hackers to steal the KEY
Core of SECURITY
Root of TRUST
The KEY
KEY derivative
Types of PUF?
Year
Method
2000
Random drain
voltage
2005
Random difference
of two delay path
2007
Random bit from
unstable state of
SRAM
2009
Random capacitance
value due to the
coating layer
Author
Portland
State
University
MIT
Philips
NXP
Circuit
Commercialization
Siid Tech Hitachi
gave up production
Verayo
Intrinsic ID
NXP
Issues of Conventional PUF’s
Very much sensitive to environmental variations and aging,
i.e. temperature, humidity, etc.
Poor repeatability
Require additional post processing circuits to improve repeatability
Normally using ECC (Error Correction Code)
Efficiency of ECC is important factor
Resulted high cost due to test time and design overhead
What is VIA PUF?
Utilize VIA holes between two metal layers to create the contact
Certain hole size gives “open or short” by semiconductor process itself
These “opens and shorts” are created randomly
The combination of this “open and short” generates VIA PUF
The holes are scattered rather than located in a specific area
VIA PUF Hole Formation
Select via hole size smaller than design rule
Target 50% : 50% of “open and short”
Via Hole Size: XM
VIA holes
Upper Metal Layer
Lower Metal Layer
Cross-sectional Views of Via Hole Array
Via Hole Size:
Design Rule
Advantage of VIA PUF
Excellent repeatability
Gives clear “open & short” all the time due to its usual “via hole nature”
No change by environment changes or aging
Complies JEDEC standard for reliability test
High Quality of Randomness
Satisfies “ NIST SP800-90B” test suit
No Error Correction Circuit required
Unlike conventional SRAM type PUF(or active circuit), VIA PUF does NOT require ECC
Scalable PUF cells
Easy to control number of PUF cells
Excellent Repeatability
Complies JEDEC Standard for reliability test
Test
Condition
Test Time
Sample #
Test results
(fail #)
HTOL
125 ℃ / Vcc=Max.
1000 hr
231 ea
Pass
HTS
LTS
150 ℃
-55 ℃
Bake 125 ℃ (24 hr)
Soak 35 ℃ / 60% (192 hr)
Reflow 260 ℃ (3 cycle)
130 ℃ / 85%
125 ℃ / -55 ℃
85 ℃ / 85% / Vcc=Max.
HBM (2KV)
1000 hr
168 hr
Pass
Pass
96 hr
1000 cycle
1000 hr
-
75 ea
77 ea
225 ea
(UHAST+
TC+THB)
75 ea
75 ea
75 ea
9 ea
MM (200V)
-
9 ea
Pass
CDM (800V)
-
3 ea
Pass
Latch-up
-
9 ea
Pass
PRECON
UHAST
TC
THB
ESD
216 hr
Pass
Pass
Pass
Pass
Pass
High Quality of Randomness
Satisfies with NIST SP800-90B test suit
• NIST SP800-90b
Sample size : 1280-bit × 160 chips 204,800-bit + TRNG provided from NIST (recommended when test source is not
enough for 1,000,000-bit sampling)
• Test of IID
Test
Result
Comp.
Test
Pass
Shuffling Tests
Specific Statistical Tests
Over/Under Excursion Directional Rens Covariance Collision
Chi Square
Chi Square
Test
Test
Test
Test
test
Independence Test Stability Test
Pass
Pass
Pass
Pass
Pass
Pass
Pass
PUF data pass all tests → The PUF data is IID
• Min-entropy with the IID bins test : 0.971633
Proven Technology
Process
Chip
PUF
Status
2014 TSMC
0.18um
• 2,560-bit PUF Repeatability and
2014 Dongbu HiTek
0.13um
• 2,560-bit PUF Repeatability and
2015 Samsung
65 nm
• 2,560-bit PUF Repeatability and
Fab-processing
Randomness will be checked
(plan to complete May/’16)
Randomness are confirmed
Randomness are confirmed
Process Completed
Process Completed
Patent
Patent Registered : 30 (US, EU, Korea, China, Taiwan)
Patent Pending : 85 (US, EU, Korea, China, Japan, Taiwan)
Finnegan Henderson LLP(DC) as ICTK’s patent prosecution
partner since 2012 for US & EU
Patent portfolio includes PUF designs, processing,
optimization, application, system, etc.
Basic Applications of PUF ?
Secure ID
Secure Private KEY in PKI system
Secure Memory
Data encryption by VIA PUF key
Secure ID
Direct & indirect ID
Direct ID : use VIA PUF itself as unique ID
Indirect ID : Inject ID & store by “Secure Memory” concept
More common to use
No risk of cloning
ID card, passport, Driver license, Drone ID etc..
Secure Private Key
Provides secure Private Key in PKI system
VIA PUF works with various crypto engines
Secure FINTECH
IoT
Sensor/
Gateway
Certificate
OTP
U2F
Wearable
Device
2nd factor authentication
SmartCard
2nd Factor
Authentication
Secure Memory
Store the data in NVM with encryption by VIA PUF Key.
Then the VIA PUF Key is demolished, not store in NVM
Re-generate the VIA PUF Key for decryption
Free from hacking
Giant
NVM
Plain data
Crypto Keys
Control Logic
Serial Number
Cipher data
User Data
Crypto engine
Counter
VIA PUF Key
VIA PUF
20
KDF
etc..
ICTK Technology
PUF
Crypto Engines
AES
RSA
ECC
SHA
All tested in silicon as hardware format
LEA or others available upon request
Any configurations open to discuss
Product Planning
HAWK
???
VIA PUF+AES+ECC
Q4 ‘16
Giant II
???
VIA PUF+SHA+NFC
Q3 ‘16
Giant
VIA PUF+SHA
Q2 ‘16
2015
2016
2017
Applications of Giant series
Giant
Authentication IC based on VIA PUF
Key features
VIA PUF based key generation
HASH based MAC(Message Authentication Code)
SHA 256
Security countermeasure
Anti-counterfeit
SHA2
Fault injection & Side channel Attack
Applications
Giant
Smartphone Accessories, Smartphone battery
Printer cartridge
E-Cigarett cartridge
M2M authentication
Secure boot / Firmware protection
IP protection
IoT end node authentication
Drone ID
Sample May/’16
VIA PUF
Control Logic
E2PROM
(PUF-encrypted
Memory)
I2C/SWI
Anti-Counterfeit
Off-Line
Utilize “Secure Memory” concept
Install Giant in the “Target Product” to authenticate & “Master”
Enroll “Target Product” before ship out
In the field, “Master and Target Products” authenticate each other
Example : Smartphone Accessary, Smartphone Battery, Printer Ink Cartridge, E-Cig Cartridge, Drone, etc..
Giant
Giant
SHA2
SHA2
PUF
PUF
MCU
PUF-encrypted Memory
PUF-encrypted Memory
KeyMaster
KeyTarget
User Data
User Data
Master
Target
Product
Target product to authenticate
Anti-Counterfeit
On-Line
Utilize “Secure Memory” concept
Install Giant & NFC tag chip in the “Target Product” to authenticate
Enroll “Target Product” before ship out
In the field, “Target Product” authenticate through smartphone by linking server.
Example : Luxury products(Handbag/Clothes/Liquor/Watch), E-Cig e-liquid, Cosmetics, Medicine, etc..
Additional advantages
Distribution channel & logistics management
Big data collection from users
Giant II
SHA2
Authenticate
Authenticate
NFC
PUF
PUF-encrypted Memory
KeyTarget
User Data
Server
Smartphone
Target product to authenticate
Target
Product
Simplified IoT Network Security
Standard to use X.509
No standard specified
Requires security in reality
Giant
PUF based security chip
Secured M2M authentication
Economical engineering
Link to Win…. With you!
WinLink Co., Ltd.
Contact : Ricky Kwak / 곽민호
Tel.
: +82-505-324-7620
Fax
: +82-505-324-7621
Mobile : +82-10-5257-0803
E-mail : [email protected]