Scalable Security for IoT

Geert-Jan Schrijen

VP Engineering

Intrinsic-ID

Outline

Short intro to Intrinsic-ID

The challenge of building a scalable IoT security solution

Leveraging Physically Unclonable Functions for IoT

Conclusions

2

Intrinsic-ID introduction

Company Overview

• Spin-out of Philips Research in 2008

• HQ in Eindhoven, office in San Jose, sales reps in Seoul and Tokyo

• Independent company with venture capital funding

3

World leader in Cyber Physical Security based on PUF(Physically Unclonable Function)

• Most scalable, robust and secure PUF technology

• Deployed in secure systems for secure elements, smart cards, FPGAs and Government applications

• Extensive and solid patent portfolio

• Very experienced engineering team

Intrinsic-ID’s PUF technology

4

SRAM startup (PUF)

values

establish a unique and

robust fingerprint

The fingerprint is

turned into a secure

secret key which is

the foundation of

enhanced security

Due to deep

sub-micron

process variations ICs

are intrinsically unique

5 10 15 20 25 30

5

10

15

20

25

30

-0.8

-0.6

-0.4

-0.2

0

0.2

0.4

0.6

0.8

5 10 15 20 25 30

5

10

15

20

25

30

-0.8

-0.6

-0.4

-0.2

0

0.2

0.4

0.6

0.8

Intrinsic-ID main products

• Quiddikey®

– Secure key storage “without storing the key”

– Reconstructs device unique key from SRAM PUF

– Activation Code generated during on-time enrollment step

5

SRAM Quiddi-key

iRNG

987a29875f086e84

6513ab9849d...

ActivationCode (AC)

• iRNG®

– Random number generation– Seeded from SRAM-PUF noise– Deterministic Rancom Bit

Generator (DRBG)– FIPS 140-3 compliant– Short setup time

IoT / Internet of Threats

Users have an

incentive to hack

their own meters

Physical access to

remote and distributed

infrastructure cannot be

prevented

Errors in sensor inputs can

trigger major

consequences in hubsIndustry needs

reliable supply

UAV relies on

sensors to keep

flying

(semi)

autonomous

vehicles rely on

sensors for safety

Medical

sensors drive

automated

devices

(pacemaker,

insulin pump)

6

IoT hacks

7

A complex security challenge

8

Challenging environment:• Physical access• No human users• Direct internet

connection

Nee

d fo

r secu

rity

Diversity of hardware:• Size• Resources (power,

memory, processing)

• Mobility

Reso

urce co

nstrain

ed

Scale and complexity:• Multiple devices

per home• Different

manufacturers• Different service

providers

Co

mp

lexity and

scale

A wide variety of microprocessors used, often lacking security

9

Continuous operation vs. 1 data

packet per month

-40°C to 125°C (automotive)

-40°C to 100°C (industrial)

Grid power source vs.

irreplaceable battery

From disposable sensor to 20+

years in industrial applications

Operational Requirements

Guarded building vs.

remote outdoor location

Physically, locally or cloud

connected

From 0.5 kbyte of

RAM to >1 Mbyte

From few MHz to over

1 GHZ

< €50ct to > €100

Chip Properties

Often no keystore,

TEE or HW crypto

Often no NVM in small

embedded controllers

Hardware solution,

firmware, FPGA

IoT Security Solution

Secure Root of Trust:• Combination of hardware components with trusted

software• Manages security protocols • Protects firmware and memory• Involved in the secure boot process of the IoT device• Protects the Root Identity: securely store UID and

private device keys• Performs integrity checking of the system• Protects authenticity, confidentiality and integrity of

data

10

Efficient and flexible Root of Trust

• PUF based secure key storage• PUF based random number generation• Keys reconstructed on the fly and only accessible by crypto module• Optional (*): asymmetric crypto block

11

Embedded security module

Controller

I/O

SRAM Quiddikey SymmetricCrypto IP

AsymmetricCrypto IP (*)

iRNG

Main Advantages

• Availability: uninitialized SRAM memory is present in almost every device

• Flexibility: – Implementation in hardware, software or

combination

– Allows for secure operation without requiring embedded NVM

• Security: Strong protection against physical attacks, no keys permanently stored

12

Key Storage Security

13

Fuses

Anti-fuseOTP

Secu

rity

FLASHEEPROM

ROM

Traditional solutions:• Physical change applied,

key visible in structure• Key programmed

externally

IID PUF

Cost

PUF based key storage:• No physical traces of any sensitive data• Key generated from internal entropy in

nano-structure

Implementation Flexibility

14

BUS

On

Chip

SRAM

Processor

I/O

Crypto

Engine

On Chip

Sensors

Peripherals

Network

PUF

source

Secure or advanced uP

FLASH

/

EEPROM

Existing

engine

used

Secure

Zone*

PUF and IoT

security

protocols

* In smartcard chip, entire processor is secured

AC

Implementation Flexibility

15

On

Chip

SRAM

Proces-

sorI/O

PUF

IP

On Chip

Sensors

Peripherals

Network

PUF

source

Small embedded uP

Control /

IoT Security

Protocols

BUS

AC

Crypto

Engine

Further

enhancements

Easy integration into various IoT devices

16

Security Stack Small

embedded uP

Secure

embedded uP

Advanced

Embedded uP

Advanced uP

Control Logic

(optional)

Integrated with

firmware Integrated with

firmware

SW library on

top of OS

Software

library

PUF key. mgt.

logicHardware IP

(preferred) or

firmware

Hardware IP

(preferred)

Firmware in

TEE

Crypto

Protocols Available via

hardware

accelerators

Available via

OS or

hardware

Available OS

APIs

Crypto

Algorithms

Available

accelerators

PUF source Available SRAM on device (from ~200 bytes)

Volatile operation (example)

Key setup• Generate private/public key pair on chip• Enroll PUF and output AC• Reconstruct PUF key and use it to wrap the private key (W_Kpriv)• Store externally: AC, W, public key (e.g. in certificate)

17

Embedded security module

Controller

I/O

SRAM Quiddikey SymmetricCrypto IP

AsymmetricCrypto IP

iRNG

Kpriv

W_Kpriv

Kpub

AC

Volatile operation (example)

Authentication• Retrieve AC and W_Kpriv• Reconstruct PUF key from AC• Unwrap W_Kpriv to retrieve private key• Use private key in challenge/response authentication protocol

18

Embedded security module

Controller

I/O

SRAM Quiddikey SymmetricCrypto IP

AsymmetricCrypto IP

iRNG

Kpub

AC

W_Kpriv

Kpriv

Conclusions

• The IoT poses many security challenges

• An efficient and scalable security solution is needed

• A secure root of trust is an essential component

• PUF based key management provides high security, scalability and flexibility

19