Isolation Is No Longer the Paradigm: Q&A with Intrinsic-ID CEO Dr. Pim Tuyls
Why all the elements of the security supply chain need to be in place.
Our thanks to Dr. Pim Tuyls, CEO of Intrinsic-ID, which likens its patented physically unclonable functions (PUF) technology to the electronic equivalent of a human fingerprint. Dr. Tuyls recently spoke with EECatalog to catch us up on current and anticipated security concerns.
EECatalog: Why was a new approach to building a complete secure boot process, from silicon to the system level, needed at this time?
Dr. Pim Tuyls, Intrinsic-ID: One reason security measures need a holistic approach is that breaches are becoming much more advanced and more common, and there is more at stake. Hackers are using increasingly sophisticated tools. And those tools are becoming more readily available to them. There is a steady stream of tools coming out that make it possible to attack chips in completely new ways—including extracting the secret root keys, which form the root of trust.
The second reason security must be intrinsic from the silicon to the system level is that in most modern technology nodes, the embedded non-volatile memory isn’t available for storing keys on the chip, and if keys can’t be stored on-chip, then they are certainly not secure. There is a need for secret keys [and along with that] very low cost, flexible ways to generate keys, distribute keys and store keys in the system
Thirdly, the speed with which the IoT is advancing has brought security and trust to a completely new scale. There will be billions of chips out there, and all those chips will need security, because otherwise the system and the data produced by the system of end-points can’t be trusted.
Traditional methods, where they are available, do not scale particularly well to systems with billions of devices and where [using such methods] is much too expensive and much too complicated.
Those are the three main reasons why there is a need for a completely new approach to building not only secure boot, but also the entire trust process in the fully connected world.
EECatalog: If the essential components of a security supply chain are not in place, could that be compared to having a great security guard but no ability to send him where he needed to be to do the actual guarding?
Tuyls, Intrinsic-ID: Exactly. And [even if you can send him somewhere] if that guard can be intercepted on the road, then he cannot be trusted anymore and your security is gone!
[By contrast] we build security up from the silicon, and this also means we derive it from the properties of the silicon. With our technology, physically unclonable functions, we can build chips that don’t have any sensitive material anymore, because all the sensitive material is encrypted with a key extracted from the silicon. The key disappears when the chip is turned off, or even when the circuit for the keys has been turned off.
This is a very disruptive approach to key generation, key storage and key management that not only provides a higher security level, but also makes it low cost and very flexible.
EECatalog: Is the area of cyber security for smart metering solutions of interest to Intrinsic-ID?
Tuyls, Intrinsic-ID: Yes, and beyond that to the critical infrastructure. It will become very important that we monitor our critical systems with all kinds of sensors, And you need to make sure that those sensors are not being tampered with and that they are sending information that cannot be tampered with.
Back to what I was noting earlier, if your supply chain cannot be trusted, you cannot be sure that the right sensors are there or confident the sensors are communicating properly.
Setting up security from the base, from the factory where the chips are produced, up to the full end system will be critical for the success not only of the business models around the interconnected world but even for society itself.
EECatalog: You have to be prepared for the worst.
Tuyls, Intrinsic-ID: Absolutely. What if, for example, sensors in the water to detect pollution give the wrong information? [The result is that] first many victims may suffer before the problem is noticed, secondly the wrong amount of chemicals needed to clean up the bacteria in the water may be used, resulting in too little or too much. And either way can produce a bad result.
EECatalog: What is the best way to get ahead of the curve when it comes to automotive security, especially as automotive evolves to include autonomous and semi-autonomous vehicles and the transportation-as-a-service idea?
Tuyls, Intrinsic-ID: It is important that the automotive OEMs start really driving security much more than they are doing already.
When cars get more and more connected, and with autonomous driving coming, cars will be getting information from the infrastructure, including streetlights, for example, and the cars in front of them. [So] you have to make sure that you can trust all the information. Because if hackers manipulate the system, the outcome may be accidents on a scale that we have never seen before. That is the real risk here.
And we must consider as well communication inside the car, the communication to the infrastructure and communication of the chips themselves that are being used inside the car. Again, protection of the supply chain from the base is very important. You want to show that those chips that have to perform a certain functionality have not been replaced by chips with a lower quality or with chips that have been tampered with.
This is also why smart light bulbs have to be protected. At first glance, one might think, “Who is going to hack my light bulb?” But if the light bulbs are connected, you can hack thousands or ten thousands of light bulbs at the same time, which means if you switch them on or off at the same time, the whole grid goes down, because the grid has not been built [to withstand] that.
EECatalog: Is Intrinsic-ID ready to experience rapid growth?
Tuyls, Intrinsic-ID: I think we are absolutely ready. We have built a solid customer base and the customer base is also growing quickly. Not only have we shown that our technology works in the real world when deployed, but also our team has established a depth of experience on how to integrate this kind of technology in a flexible and efficient way—one that is small enough, fast enough and secure enough. All those trade-offs are well understood by our team.
EECatalog: What should systems integrators and embedded developers take away from this conversation?
Tuyls, Intrinsic-ID: They should be evangelists to ensure security gets built into systems. Systems integrators and embedded developers need to work with their management and convince them that security measures in embedded solutions and in systems in general have to be taken very seriously. To ensure this they should select security solution providers who have expertise in robust security solutions that scale from the hardware- and software-level to the entire system. Security needs to be fully integrated and not implemented in isolation. Isolation is no longer the paradigm.