Most widely used embedded key storage methods are based on One-Time Programmable (OTP) memory such as fuses or anti-fuses, or on Non-Volatile Memory (NVM) such as EEPROM or Flash. However, current key storage methods are facing threats including key leakage, manipulation, and deactivation. Key leakage is when the key has been revealed during operation. Manipulation often involves decapsulation and side channel attacks on the memory to change the value inside the memory. Deactivation uses fault injection to shut down the whole system.
The security level of a system highly depends on the strength of its keys and keeping them secret. PUFkeyst provides a key storage method, allowing secret keys to remain invisible when stored. PUFkeyst entangles the keys with an embedded NeoPUF so that while the input data (such as a shared key) may be the same between chips, the actual stored data is unique from chip to chip. This enhances the difficulty for attackers since now a complete key cannot be pieced together from partial keys of different chips. Moreover, PUFkeyst can effectively prevent from key manipulation by entangling with NeoPUF. Hence, the security level for key storage can be enhanced without involving a full-function crypto engine (key encryption key scheme).
Reaching high level secure storage without security algorithms: PUFkeyst
OTP memory is the most commonly used memory for key storage. It uses permanently programmed memory cells to implement small memories with good security properties. However, fuse technology often leaves visible clues to its written state that may be observed under microscope, making them vulnerable to reverse engineering. In order to protect stored keys, sometimes a key encryption key (KEK) scheme is used. KEK uses another key, separate from the key to be written, to encrypt the stored keys using a crypto engine.
PUFkeyst provide another solution for this dilemma. It uses the value of NeoPUF to entangle with the data itself to reach high security level without using KEK. When the secrets are injected into the device, it will be scrambled with NeoPUF to generate the unique stored secret different from the injected one. This will prevent against many physical attacks including decapsulation, microscope imaging, probing, etc. Moreover, due to the uniqueness of NeoPUF, the information stored inside PUFkeyst are different from chip to chip. It would prevent from attackers stealing the shared secret in one device and be able to hack into the whole system.
- Reliable scrambler ensures the key is stored safely and cannot be read out directly.
- Unique scramble value from chip to chip, making the stored information are independent from chip-to-chip
- The value stored inside PUFkeyst cannot be changed and deleted.
- Resistant to many physical attacks, including decapsulation, microscope imaging, probing, reverse engineering, etc.
- One of the most widely used secure storage method is key encryption key (KEK) scheme. However, the question for KEK would be how to protect the key for KEK. This becomes an endless loop for protecting keys by adding new keys. On the other hand, because of the time needed for crypto engine processing, the speed for KEK is rather slow. When encryption is needed, the cryptographic key should be decrypted first, then the encryption process can be started. This is not ideal for real time encryption scenarios.
- PUFkeyst uses the value of NeoPUF to entangle with the data itself to reach a high security level without involving the use of a crypto algorithm and providing resistant to different attacks. It eliminates the concerns of the protection for another key, preventing from the endless keys for KEK loop while still obtain the secure storage. Moreover, since there is no crypto algorithm involved, it would provide a much lower power consumption and faster speeds for certain application (e.g. secure boot code storage).
- PUFkeyst can prevent the keys from being stolen or cloned. Due to the native differences of NeoPUF from chip to chip, the stored secret inside each chip is totally different than stored in other chips, and so it is securely tied to each device. Without knowing the value of NeoPUF, attackers cannot find the real key in use and cannot use any other devices to detangle the PUFkeyst. In addition, the PUFkeyst can resist the rewrite attacks on the memory where key is stored. Even if the attackers rewrite the data inside the memory, after detangling with NeoPUF, the real key is still different from the rewrite one.