|
||||||||||
Why Hardware Root of Trust Needs Anti-Tampering DesignBy Dr. Meng-Yi Wu, PUFsecurity Foreword As the development of AIoT advanced in more diversified applications, such as artificial intelligence, image recognition, intelligent sensing, or smart healthcare, endpoint devices are exposed to more information security risks than ever. The technology boom also brings more security needs, so ensuring that devices are secure and trusted is critical. All layers of the system need corresponding security designs, from the application, operating system, and firmware to the hardware, to ensure the entire system’s security level. The most important design in the overall security network is the root of trust in the hardware layer, which is the foundation of trust in the entire chip. The hardware root of trust (HRoT) provides the trust base (root key), hardware identifier (UID), hardware unique key (HUK), and entropy required for the secure operation of the entire chip and therefore is often the focus of hacker attacks. If the design can’t effectively resist attacks, hackers can easily obtain the secrets of the entire chip. Attackers can use the secrets to crack identity authentication and data encryption and steal product design know-how, causing application security problems. Why Hardware Root of Trust Needs Anti-tampering Design Common Methods of Chip Attack There are three main chip attack methods: invasive, semi-invasive, and non-invasive attacks. Invasive and semi-invasive attacks use physical methods to peel off the chip layer by layer. Then, the attack uses TEM, SEM, or nanoprobe to directly obtain and analyze the design and operation information of the physical circuit layer. Non-intrusive attacks usually refer to software and firmware attacks that exploit bugs in the system to understand or obtain secrets of secure operations. For example, Fault Injection uses illegal command or fatal logic control to cause a system crash. The system will reset due to a lack of resources, thus, creating a security window and vulnerability. Power Attacks can lead to unstable chip operations and result in information leaks or missing security checks. For further information on-chip attack techniques, please refer to Tamper Resistance. How to strengthen the HRoT design to resist attacks The HRoT protects the most important confidential information on the chip, such as hardware identification numbers (UIDs), hardware unique keys (HUKs), shared keys for external communication, public keys for related secure service certificates, and so on. However, simply using Non-Volatile Memory (NVM) such as eFuse, OTP and Flash Memory to store confidential data is not secure enough. To fully enhance the defensive power of the HRoT in the chip, the three following aspects must be considered from early design phase:
Therefore, a qualified HRoT requires a comprehensive anti-tampering design and a complete security policy to protect the entire system. For more information on anti-tampering designs, see tamper-proofing. Having a credible third-party certification laboratory to evaluate the anti-tampering design’s effectiveness is also important. The evaluations will determine the anti-tampering design’s ability to reduce hacking risks and enhance the operational security of the chip. These audits are typically conducted using a white-box setup and physical chip to crack and evaluate risks for the overall design and confidential data protection from component, circuit, and functional design perspectives. After passing the security risk assessment, a security certification lab will issue a security report or certificate. For more information on third-party certification laboratories, please see PSA. PUFrt enhances the design protecting HRoT by adopting chip fingerprint PUFrt is PUFsecurity’s new hardware root of trust IP, which integrates native chip fingerprint and true random number generator with secure OTP. PUFrt also combines the static random number from the PUF with the dynamic random number from TRNG to protect the whole design. The digital circuit function (soft macro) and the analog circuit design (hard macro) enable the anti-attack design to perform against invasive, non-invasive, and semi-invasive attacks. PUFrt’s anti-tampering design has passed the white-box analysis conducted by Riscure and is adopted by FPGA, AIOT, Vertical and Military customers. The relevant anti-tampering technology features are categorized according to the three protection aspects mentioned in the previous section. Protective design for secure data storage: Secure storage requires both digital design and analog storage blocks to resist attacks. In addition to the NVM components’ inherited security, a circuit design with cryptographic obfuscation and a circuit layout that resists reverse engineering is required.
Providing a trusted and secure operating environment: The HRoT design requires a separate security circuit design and other designs to build a complete security environment.
Provide secure operation with attack detection and privilege control: Additional auxiliary detection circuits can monitor and protect the normal operation of the entire module.
Figure 1 shows the security design architecture of PUFrt, including the digital (blue block) and the analog (yellow block) anti-tampering design. The table on the right lists each anti-tampering design for different types of attacks ( invasive, semi-invasive and non-invasive). Figure 1: PUFrt architecture and anti-tampering designs for different attack types Conclusions The hardware root of trust is the cornerstone of secure operation for the entire chip. In addition to providing the identity, keys, and entropy source required for secure operation, it must also be designed to resist various invasion attacks to protect the chip’s trust base from theft and ensure the security of chip operation. PUFrt with built-in anti-tampering design effectively meets the protection requirements of an HRoT for secure storage, secure environment, and secure operation and further ensures the security of chip operation and system application services. If you wish to download a copy of this white paper, click here
|
Home | Feedback | Register | Site Map |
All material on this site Copyright © 2017 Design And Reuse S.A. All rights reserved. |