With the trend toward greater global competition,
companies are increasingly setting
up manufacturing facilities in countries
with historically weak legal protections for
intellectual property (IP). Thus, there’s a growing demand among
system designers for enhanced physical-layer security to protect
sensitive information stored in silicon.
Even the most sophisticated lock in the world offers no protection
if its key is easy to find. This principle applies equally to electronic
encryption schemes. With this realization, hardware security
has become one of the new primary requirements for many, if
not most, consumer system-on-a-chip (SoC) architectures. There
are many approaches for implementing on-chip security, using
various memory technologies. The main challenge, then, is determining
the best approach for your application.
To protect sensitive data, encryption is typically used to scramble
the information. Many forms of encryption exist, all of which
employ passwords and/or encryption keys. These “keys” are then
used to scramble the sensitive information on the encryption side
and to recover the information on the decryption side.
In ages past, keys to lock-boxes that protected valuables were
well hidden in inconspicuous places in a residence or on a person’s
body. In our current electronic age, these keys hide in some form of
nonvolatile memory (NVM).
These electronic hiding places have historically been devices
such as battery-backed SRAM, EPROM, EEPROM, flash, harddisk
drives (HDDs), or possibly masked ROM. While solid-state
NVM devices increase physical-layer security more than hiding
places such as disk drives, they’re still inherently simple for a hardware
hacker to reverse-engineer. That’s why flash memory vendors
are adding physically secure one-time programmable (OTP)
memory technologies to their devices. To protect the integrity of
any security system, the keys for that system must be protected in
the physical layer—the permanent memory where the keys are, in
effect, “hidden.”
Figure 1 shows the three common categories of embedded standard
logic CMOS NVM technologies, along with the common
methods an attacker might use to identify stored digital information.
The most physically secure memories in silicon are the floating-
gate and antifuse logic NVM technologies. Of these two, the
CMOS antifuse class of NVM IP offers the most comprehensive
physical-layer security in the market today. Because of that, security
applications within industry standards such as high-definition
media interface (HDMI) and digital rights management (DRM)
commonly use this technology to store encryption keys.
A designer needs to ask two critical questions when it comes
to the protection of sensitive keys used in most, if not all, security
schemes. First, how physically secure is the underlying memory
technology? Next, is the sensitive
encryption key information protected
all throughout the manufacturing
process?
This stage is particularly critical
when items like IP and encryption
keys are so vulnerable to theft,
which can cost your company millions of dollars. For example, the organization
licensing Dynamic Host Configuration
Protocol (DHCP) encryption keys fines
a company up to $8 million for each compromised
encryption key. These two hardware
security imperatives are important,
because encryption is only as robust as the
ability for any encryption-based system to
keep the encryption key hidden.
One solution to this security challenge
leverages a new embedded permanent
memory technology based on a standard
logic CMOS antifuse process. The technology
provides unprecedented physicallayer
security for data-storage applications
that use data encryption and authentication,
which require unique encryption keys
and/or IDs for each hardware device.
For instance, Kilopass developed an
embeddable antifuse in conjunction with
Certicom Corp. Combined with a robust
key distribution, tracking, and management
system tailored for the global semiconductor
manufacturing supply chain,
this OTP memory technology provides
end-to-end security for sensitive encryption
keys and IDs from the system solution
provider through to the end customer.
As digital media formats like those
for DVDs and digital music distribution
become more popular, the protection of
IP and confidential data (CD), including
encryption keys and sensitive customer
data, has become a hot topic. Different
industries have different security requirements
and protect their IP and CD in different
ways.
When DVDs were initially developed,
the industry adopted the Content Scramble
System (CSS) to encrypt the data.
However, it wasn’t long before the system
was compromised. (For a brief look at this
landmark case, see “An Example Of Broken
Security.”)
Continue on Page 2