Maxim renews secure-authentication IC line with its own PUF technology
Maxim has a well-established product line of security-oriented devices, including the secure authentication devices it acquited with the purchase of Dallas Semiconductor. Its latest introduction in that family is the DS28E38 secure authenticator with technology Maxim is branding as “ChipDNA”. This will, Maxim asserts, assist designers to inexpensively protect their intellectual property and products with a solution immune to invasive physical attacks.
New in this generation of device is Maxim’s version of the PUF function. A PUF exploits process variations inherent in the semiconductor manufacturing process that render each individual IC unique. In perhaps the best-known such technology to date, the IP developed and licensed by IntrinsicID, an SRAM array is the medium, and the state in which it “wakes” on power-up provides the unique signature. Maxim has taken an alternative approach, and uses fundamental parameters, threshold voltages, of individual transistors – and tolerance therein – to generate the unique fingerprint of each device. That in turn is used to generate a cryptographic key – the critical point being that the key only exists for as long as an authentication-request cycle is in progress; is not stored anywhere; and is not available to be accessed or hacked. Having created a key, the secure authenticator takes its place in a conventional public/private key scheme – but provides that scheme with uniqueness, and repeatability. It may be, for example, used to sign hashed data to verify the authenticity of a transmission.
Maxim makes the point that the majority of security breaches today are attributable to poorly-executed security provision (or none at all): but that where an actual attack or hack has succeeded, the vulnerability has most often been the non-randomness of random number provision. The PUF approach to key generation eliminates such concerns, Maxim concludes.
The company continues, “…design security remains an afterthought, with many engineers believing that implementing security is expensive, difficult, and time-consuming, or leaving it up to software to protect their systems. Additionally, when secure ICs are used, some are compromised by sophisticated, direct, silicon-level attacks that are commonly launched in an attempt to obtain cryptographic keys and secured data from these ICs.”
If the DS28E38 were to come under an invasive physical attack, the attack would cause the sensitive electrical characteristics of the circuit to change, further impeding the breach. In addition to the protection benefits, ChipDNA technology simplifies or eliminates the need for complicated secure IC key management as the key can be used directly for cryptographic operations. The ChipDNA circuit has also demonstrated high reliability over process, voltage, temperature, and aging. Additionally, to address cryptographic quality, PUF output evaluation to the NIST-based randomness test suite was successful with pass results. Using the DS28E38, engineers can, from the start, build into their designs a defence against hacking. The IC is low-cost and simple to integrate into a customer’s design via Maxim’s single-contact 1-Wire interface combined with a low-complexity fixed-function command set including cryptographic operations.
Maxim lists its advantages as;Key Advantages
– security; ChipDNA protected set of cryptographic tools including asymmetric (ECC-P256) hardware engine, true random number generator (TRNG), decrement-only counter with authenticated read, 2 kb of secured electrically erasable programmable read-only memory (EEPROM), and unique 64-bit ROM identification number
– easy to implement and cost-effective: single-contact operation with 1-Wire, no device-level firmware development, simplified key management, and free host-system software tools
– reliable: 5ppb PUF key-error rate (KER) achieved over time, temperature, and voltage
The DS28E38, in a 3 x 3 mm 6-pin TDFN package, costs $0.83 (1000). An evaluation kit is available for $65.00.