Designers can now proactively and inexpensively protect their intellectual property (IP) and products with a solution that is claimed to be immune to invasive physical attacks.
So says US-based Maxim Integrated Products, Inc which has launched the DS28E38 DeepCover® secure authenticator. “Security can be complicated,” says Don Loomis, vice president of Maxim’s Micros, Security & Software Business Unit, “but avoiding it is costly.” Which is a fair start point when assessing security in the Internet of Things, says Jeremy Cowan.
“If you’re doing something valuable you should secure it. And with medical equipment it can be pretty heavy stakes,” Loomis adds.
Cyberattacks continue making headlines and Internet of Things (IoT) devices have been a point of vulnerability — cybercrime damages are projected to cost the world US$6 trillion annually by 2021, according to Cybersecurity Ventures.
Yet, design security remains an afterthought, with many engineers believing that implementing security is expensive, difficult, and time-consuming, while others are leaving it up to software to protect their systems. Additionally, when secure integrated circuits (ICs) are used, some are compromised by sophisticated, direct, silicon-level attacks that are commonly launched in an attempt to obtain cryptographic keys and secured data from these ICs.
The DS28E38 features Maxim’s ChipDNA physical unclonable function (PUF) technology, which the company claims makes it “immune to invasive attacks” because the ChipDNA-based root cryptographic key does not exist in memory or any other static state. Instead, Maxim’s PUF circuit relies on the naturally occurring random analogue characteristics of fundamental MOSFET (Metal-Oxide Semiconductor Field-Effect Transistor) semiconductor devices to produce cryptographic keys.
When needed, the circuit generates the key that is unique to the device, and which instantly disappears when it is no longer in use. If the DS28E38 were to come under an invasive physical attack, the attack would cause the sensitive electrical characteristics of the circuit to change, further impeding the breach.
“With Maxim’s ChipDNA PUF technology, the DS28E38 secure authenticator is highly effective and resistant against physical or black-box reverse engineering attacks,” says Michael Strizich, president of MicroNet Solutions Inc. “Even in a worst-case insider attack, the PUF-generated data is likely to remain protected due to the security features implemented by Maxim.”
In addition to the protection benefits, ChipDNA technology simplifies or eliminates the need for complicated secure IC key management as the key can be used directly for cryptographic operations. The ChipDNA circuit has also demonstrated high reliability over process, voltage, temperature, and ageing.
Additionally, to address cryptographic quality, PUF output evaluation to the NIST-based randomness test suite has been successful with pass results. Using the DS28E38, engineers can, from the start, build into their designs a hacking defence. The IC is said to be low-cost and simple to integrate into a customer’s design via Maxim’s single-contact 1-Wire® interface, combined with a low-complexity fixed-function command set including cryptographic operations.
“Designing in hardware-based security early on doesn’t require a lot of effort, resources, or time,” says Scott Jones, managing director of Embedded Security at Maxim Integrated. “With the ChipDNA technology-based DS28E38, designers can easily fortify their products with the highest level of protection. After all, you can’t steal a key that isn’t there.”
Among the claimed advantages are that it is highly secure, thanks to a ChipDNA-protected set of cryptographic tools including asymmetric (ECC-P256) hardware engine, true random number generator (TRNG), decrement-only counter with authenticated read, 2Kb of secured electrically erasable programmable read-only memory (EEPROM), and unique 64-bit ROM identification number
Maxim calls it easy to implement and cost-effective. It features single-contact operation with 1-Wire, no device-level firmware development, simplified key management, and free host-system software tools. Finally, the solution is said to be reliable, with 5ppb PUF key-error rate (KER) achieved over time, temperature, and voltage.
The DS28E38 is available at Maxim’s website and select authorised distributors for $0.83 (1000-up, FOB USA). An evaluation kit is available for $65.00
For a video on ChipDNA, see Defend Your IoT Designs from Hackers