TruSecSys

Hardware based security and trust.

Technology Overview

Introduction

PUFs derive random but reproducible bitstrings from variations in the printed and implanted features of wires and transistors on an integrated circuit (IC). Each IC is uniquely characterized by random manufacturing variations, and therefore, the bitstrings are unique from one chip to the next. Cloning a PUF, i.e., making an exact copy, is nearly impossible because it would require control over the fabrication process that is well beyond current capabilities.

A PUF maps a set of digital “challenges” to a set of digital “responses” by exploiting these physical variations in the IC. The analog nature of the entropy sources makes PUFs ‘tamper-evident’, whereby invasive attacks by adversaries to probe the PUF damages it.

Secure Cryptographic Operations

The PUF technology solutions presentation not only provide solutions for protection against tampering, but can also be used as a source of random data for key generation. These keys can then be used in cryptographic operations ranging from data protection to device authentication. The output of our PUF solutions can generate both repeatable and non-repeatable bits. Repeatable bits can be used to generate symmetric keys and as a seed for asymmetric keys, all of which are specific to each device but are reproducible at restart. The non-repeatable bits can be similarly used to create symmetric and asymmetric keys, but would find greater purpose in encrypted communications initiated or facilitated by the regular Operating System. The three primary uses of this technology include: Device Association, Device Authentication, and Data protection.

Device Association

Secure communications between computing elements is critical in a number of applications, including: automotives, health care, wireless/cellular communications, and network infrastructure. While it is typically understood that equipment produced for use in this fields is rarely always in a “known secure” environment, they are usually in such an environment at some point, even if for only a very short period of time.

For instance, when an automobile is being constructed and just prior to leaving the assembly line, it can be assumed that the computer network has not been compromised and is still secure. Using our patented software solution, we are able to put all networked devices into a “discovery” mode where each device broadcasts its PUF generated public asymmetric key to all other devices on the network. Each device in turns stores all other public asymmetric keys received, as well as information about the source of the key, such as the MAC address, IP address, etc. All keys and associated information are then stored encrypted in the devices non-volatile memory using the PUF generated symmetric key. Once discovery is completed, the device is switched back into normal operation. From that point forward, all communications between networked devices is completely encrypted without ever needing to perform another key exchange. If any issues crop up at some point, or if replacement of a networked device is needed, the automobile manufacturer can replace the part, put the system back into discovery mode, and then return it to normal operation once the repair is completed.

Device Authentication

The ability to properly authenticate a device is critical to a number of different applications. One of the most prevalent authentication environments is in cellular networks. It is likely not news to anyone that theft of cellular devices is on the rise and is a huge problem for consumers. A number of different solutions have been presented along with a slew of attempted legislation. However, a simple solution is available that can easily address this issue and make unauthorized use virtually impossible.

When a cellular device authenticates to its corresponding network, the authentication that is performed merely validates that a user is authorized to connect to the network. While there may also be an attempt to authenticate the network the user is attempting to join, there is little concern for the device the user is using. This is because the network uses a challenge/response test which is handled by the SIM card on the device and is in no way affected by the device itself.  While the implementation of ECID values was intended to address device identification, its value is often retrieved through the normal Operating System, and is therefore susceptible to alteration and modification.

When a PUF enabled device is first configured by a network provider, the device public key is given to the network provider. This key, along with the SIM card key, can be stored with the user’s account information. Then, during the standard RAND/SRES exchange used to authenticate a user, the SRES can be encrypted using the device private key. This encrypted SRES can then be sent to the network provider, who can then decrypt the SRES using the user’s public key and continue the validation process. In this way, the user on a specific device can be authenticated to the network, rather than only authenticating the user to the network. If a thief attempts to replace the SIM card and connect the device to the same network, the authentication will fail because the SIM card is not associated with the device. If the thief tries to activate the device on a different network, the authentication can simply fail when the ID of the new network does not match the expected ID stored on the device. A solution is available to have the device “forget” its current network in order to support authorized selling or transfer of the device.

Data Protection

Aside from the protection of information presented previously, all data stored on the device can be protected by either the device symmetric key, or by a keychain generated from the device symmetric key. In this way, all data (including firmware files) can be securely and uniquely encrypted on every device. Additionally, all user data can be uniquely protected even from the manufacturer, providing isolation between manufacturer and user information.

This is done using both the repeatable device symmetric key, as well as non-repeatable symmetric keys. When the device first boots, the repeatable symmetric key can be used to start different keychains for manufacturer and user information. As new data/files are generated, a new non-repeatable key can be generated to encrypt the file. The generated key can then be encrypted with the corresponding keychain and stored in the files metadata. This allows every file to be uniquely protected across all devices, as well as providing quick “lock-out” should it be felt that the device has been compromised. Further, because the PUFs we provide generate a large number of bits, even the repeatable device symmetric key can be changed by simply switching to a new set of bits. As a result, “wiping” the device consists of nothing more than switching to a new set of data and rebooting the device. Because all data is encrypted and the keys have changed, the device will no longer be able to boot nor have access to the previously used device symmetric key.

TruSecSys © 2014