Circumventing Cryptography’s Achilles’ Heel
In the wake of the IoT, new approaches to security, including Physically Unclonable Functions, are called for.
All modern digital security systems are based on cryptographic algorithms. Cryptographic algorithms scramble data, turn it into gibberish, then unscramble it later, for instance at the other end of a communication line. Usually, these algorithms use secret keys to determine how the scrambling is done.
Because security does not depend on the secrecy of the algorithm used but on the secret key that controls the algorithm, this approach makes it much easier for researchers and users to scrutinize these algorithms and discover any flaws. As a result, cryptographic algorithms have become very good. However, the secret keys have become the Achilles’ heel of modern cryptography. They form a “Trust Anchor” on which security systems are built, but if/when the keys are compromised, the entire chain of trust breaks down like a house of cards.
Today’s “gold standard” for key management is a centralized system that uses Secure Elements (usually smartcard chips) to provide tamper-resistant key storage. Using this model, manufacturers have programmed billions of payment cards, SIM cards, ID cards and mobile phones with unique keys.
This centralized key management model has been very effective, but it also has some problems that make it less suitable in the IoT world (Figure 1). First, it does not scale well. The original smartcard model was based on single-purpose security modules. There is a different card for each transaction such as paying in a shop, authenticating to the cellular network, proving your identity to the government and decrypting a pay TV channel. This model is not sustainable today, where it is common to subscribe to different providers with different devices.
|Figure 1: Traditional smartcard security lacks the features that would allow it to scale to meet the needs of the mobile and IoT age.|
In addition, the centralized system that generates and programs keys creates an attractive target for hackers, who know that cracking one algorithm will give them access to many users.
The current approach is also expensive because the system requires a dedicated piece of hardware as well as a carefully managed supply and “trust” chain. This “trust” chain is especially difficult to deliver efficiently on a large scale.
Scary Shortcuts and Sophisticated Adversaries
With lack of scalability and higher costs as important issues, it is no surprise that vendors of low-cost equipment such as consumer routers, medical sensors and garage door openers—to name a few—often take shortcuts that can have disastrous consequences. With the explosion of low-cost connected IoT devices, the issues of cost and scalability become ever more pressing, and more and more vendors will be tempted to use improvised solutions.
At the other end of the spectrum, there are companies for which even state-of-the art smartcard-level security is not enough. They need to protect their equipment, which can be in the field for over a decade, against increasingly complex physical attacks devised by sophisticated adversaries. (Figure 2.) Any technology that stores keys on a device is bound to leave traces that can be detected with sufficiently advanced equipment.
|Figure 2: Current “secure” memory can be read out using advanced techniques|
Another problem with the traditional approach is that Secure Element chips were designed mainly to protect the application that runs on the Secure Element such as a payment application. They were never intended to protect an entire device over its full lifetime, a prerequisite for effective supply chain protection.
Chips are designed, manufactured and tested—often by several different parties at different locations. Rogue manufacturing partners can overproduce and/or make counterfeit equipment; wafer-testing facilities can resell rejected devices on the grey market. One common trick is to simply re-label a processor to a device with higher specifications, e.g., increase the nominal clock frequency or re-label a consumer device to enterprise or military-grade. As the Secure Element is on a separate chip, such problems cannot be fully prevented.
New Security Approach
A new security approach, based on Physically Unclonable Functions (PUFs), addresses these shortcomings. A PUF is a physical structure within an integrated circuit (IC) that is very hard to clone due to unique physical characteristics deep down in the transistors that make up the IC. These nano-scale properties originate from uncontrollable random manufacturing process variations.
PUFs can be used as “DNA” for the hardware from which a key can be extracted. By definition, this PUF DNA is extremely difficult to mathematically predict or physically clone. PUFs can be added deliberately to the design of a chip or extracted from the elements that are already there.
Using common sense, the best way to protect a secret is to never share it and never write it down. This can be applied to secure key management and storage for chips. Cryptographic keys used by a device are usually encrypted with a root key that has to be stored somewhere on the device. So-called secure storage is used to hide this root key, but this secure storage always leaves a physical trace that can be detected and used to extract the secret key.
PUF allows for a different approach for protecting keys. In this case the secret key is not “written down” or stored. Instead, the key is regenerated from the PUF response when it is needed. When the device is off, there is no discernable information in the hardware.
The other crucial element of keeping a secret is not sharing it. Well-designed security systems avoid this to a large extent. For example, the root key is only used to wrap other keys and not directly exposed to applications. Cryptographic operations that use keys are usually executed in hardware or in the lower levels of the software, often in a Trusted Execution Environment (TEE). Setting up a secure connection with a server or other device is done using public-key cryptography whereby only the public key is shared and the private key remains hidden.
However, in most current systems the key has to be injected from the outside. Often, a copy is maintained in the centralized system. In contrast, a PUF allows you to directly create a unique and persistent key on the chip. The key does not need to be programmed by an external entity and never has to leave the processor.
It is not enough to have just a secure solution. The solution also needs to scale and be flexible. It should work on different devices built with different technologies with as few changes as possible. Smart devices range from tiny sensors that are active for only a few seconds every month to devices that operate continuously in high temperature conditions. A flexible technology needs to work flawlessly under all of these circumstances.
In terms of scalability, centralized systems are at a disadvantage. They provide a massively attractive target for hackers and need enormous capacity to generate and/or store billions of keys.
Another important aspect to consider is the impact on manufacturing. Some secure memory types such as anti-fuse OTP, for instance, are not available at manufacturing processes below 20nm. Battery backed RAM is not suitable for all environments because of its dependence on a battery, which also complicates the manufacturing process. Contrast this with an SRAM PUF, which leverages existing standard SRAM, a component available in every technology node on every processor.
PUF can be a secure, cost-efficient and scalable solution for secure storage of cryptographic keys and protecting the supply chain. Compared to other secure storage mechanisms, SRAM PUF has a number of distinct advantages. It is inherently secure, as it does not store any keys. Instead of changing the physical structure during key programming it extracts the key from the existing invisible nanostructure. Furthermore, as the key is generated on the device, the key never has to be shared. Because it leverages existing hardware, it is also a scalable and economic solution.
Dr. Pim Tuyls initiated work on Physically Unclonable Functions (PUFs) within Philips Research in 2002 and has been the CEO of Intrinsic-ID since 2010. As a principal scientist he managed the cryptography cluster in Philips Research in which the initial research work on PUFs was carried out. Later he transferred this work to Intrinsic-ID and headed the technology development. His inventions have resulted in numerous patents. He is widely acclaimed for his work in the security field and PUFs in particular. Several of Dr. Tuyls’s papers relating to PUFs have been published at leading security conferences. He co-authored the book “Security with Noisy Data,” which was published by Springer in 2007. In 2006, he was co-recipient of the NXP “Invention of the Year” silver award, for the invention.