Silicon chip 'fingerprint' for stronger hardware security
Researchers from the National University of Singapore’s (NUS) Green IC group have developed a novel technique that allows physically unclonable functions (PUFs) to produce secure, unique ‘fingerprint’ outputs at a very low cost — an achievement that should elevate the level of hardware security even in low-end systems on chips.
Traditionally, PUFs are embedded in several commercial chips to uniquely distinguish one silicon chip from another by generating a secret key, similar to an individual fingerprint. Such a technology prevents hardware piracy, chip counterfeiting and physical attacks. Now, the NUS team has taken silicon chip fingerprinting to the next level with two significant improvements: enabling PUFs to be self-healing and self-concealing.
In spite of their remarkable evolution in the last decade, existing PUFs still suffer from limited stability and periodically incorrect fingerprint identification. Often designed as standalone circuits, they provide hackers with obvious points of physical attacks on the chip.
The instability is conventionally counteracted through overdesign, such as designing error-correcting codes margined for the very worst case, which substantially increases both chip cost and consumption. In addition, before proceeding to commercialisation, chips with unstable PUFs must first be identified and discarded through extensive testing on a very wide set of environmental conditions, further increasing cost.
To address the gaps, NUS engineers introduced a novel adaptation technique that uses on-chip sensors and machine learning algorithms to predict and detect PUF instability. This technique intelligently adjusts the tuneable level of correction to the minimum necessary, and produces a more secure, stable PUF output. In turn, the novel approach brings consumption back to the minimum possible, and is able to detect anomalous environmental conditions such as temperature, voltage or noise that are routinely exploited by hackers in physical attacks.
An added benefit is that the traditional testing burden and cost are dramatically reduced by narrowing down the test cases required. This eliminates overdesign and unnecessary design costs, as most of the testing effort can be delegated to the available on-chip sensing and intelligence throughout the device’s lifetime.
“Our approach utilises on-chip sensing and machine learning to enable accurate prediction, detection and adaptive suppression of PUF instability events,” said Professor Massimo Alioto, who leads the Green IC group. “The ability to self-heal without stability degradation over the entire chip’s lifetime assures reliable generation of secret keys at the highest level of security while avoiding the burden of designing and testing for the very worst case, even if the latter is actually infrequent and unlikely. This reduces the overall cost, shortens the time to market, and cuts down on system power to extend the battery lifetime.”
The reduction in the cost of chip design and testing is key in enhancing hardware security even in very low-cost and low-power silicon systems, such as sensor nodes for the Internet of Things (IoT), wearable devices and implantable biomedical systems.
“On-chip sensing, as well as machine learning and adaptation, allow us to raise the bar in chip security at significantly lower cost,” Prof Alioto added. “As a result, PUFs can be deployed in every silicon system on earth, democratising hardware security even under tight cost constraints.”
The PUFs invented by the researchers also exhibit the ability to be fully immersed and hidden within the digital logic that they actually protect, believed to be a world first. This is enabled by the mostly digital nature of the PUF architecture, which allows the placement, routing and integration of digital standard cells, similar to conventional digital circuits. This reduces the design cost as conventional digital automated design methodologies supported by commercial software design tools can be applied to design the PUF.
In addition, the PUF digital design allows the generation of secret keys to be interspersed within the very logic that uses such keys, such as cryptographic units protecting data and the microprocessors handling the data to be encrypted. The immersed-in-logic approach scatters the PUF standard cells among the cells used for the digital logic, thereby ‘hiding’ or concealing any explicit points of attack for hackers trying to probe specific chip signals to physically reconstruct the keys.
This self-concealing ability increases the attack effort by approximately 100 times. It also raises the cost of attacking typical chips to millions of dollars with state-of-the-art tools, as opposed to tens of thousands in conventional standalone PUFs.
The NUS research team will continue to look into the convergence of computer architecture, physical security and machine learning to develop next-generation secure systems on chips, driven by the growing need for privacy and information security. The team is also pursuing ubiquitous and ultralow-cost enablement of hardware security through tight physical co-integration of architectures and security primitives with circuitry that is generally available in any system on a chip, ranging from logic to memory, intra-chip data communication and accelerators. Ultimately, the team’s work is expected to enable hardware security at the granularity of every silicon chip, even within individual subsystems on a chip.
The world is one step closer to having a totally secure internet and a solution to the growing...
A new design for light-emitting diodes (LEDs) may hold the key to overcoming a longstanding...
An international research team claims to have broken the spectral efficiency world record for...