[Design View / Design Solution]
Protect Storage Solutions Against Sophisticated Attacks
Technology-based security solutions that include physical-layer security are needed to ensure the survivability of key standards like HDMI, Blu-ray, and WiMAX.
With the trend toward greater global competition, companies are increasingly setting up manufacturing facilities in countries with historically weak legal protections for intellectual property (IP). Thus, there’s a growing demand among system designers for enhanced physical-layer security to protect sensitive information stored in silicon.
Even the most sophisticated lock in the world offers no protection if its key is easy to find. This principle applies equally to electronic encryption schemes. With this realization, hardware security has become one of the new primary requirements for many, if not most, consumer system-on-a-chip (SoC) architectures. There are many approaches for implementing on-chip security, using various memory technologies. The main challenge, then, is determining the best approach for your application.
To protect sensitive data, encryption is typically used to scramble the information. Many forms of encryption exist, all of which employ passwords and/or encryption keys. These “keys” are then used to scramble the sensitive information on the encryption side and to recover the information on the decryption side.
In ages past, keys to lock-boxes that protected valuables were well hidden in inconspicuous places in a residence or on a person’s body. In our current electronic age, these keys hide in some form of nonvolatile memory (NVM).
These electronic hiding places have historically been devices such as battery-backed SRAM, EPROM, EEPROM, flash, harddisk drives (HDDs), or possibly masked ROM. While solid-state NVM devices increase physical-layer security more than hiding places such as disk drives, they’re still inherently simple for a hardware hacker to reverse-engineer. That’s why flash memory vendors are adding physically secure one-time programmable (OTP) memory technologies to their devices. To protect the integrity of any security system, the keys for that system must be protected in the physical layer—the permanent memory where the keys are, in effect, “hidden.”
Figure 1 shows the three common categories of embedded standard logic CMOS NVM technologies, along with the common methods an attacker might use to identify stored digital information. The most physically secure memories in silicon are the floating- gate and antifuse logic NVM technologies. Of these two, the CMOS antifuse class of NVM IP offers the most comprehensive physical-layer security in the market today. Because of that, security applications within industry standards such as high-definition media interface (HDMI) and digital rights management (DRM) commonly use this technology to store encryption keys.
A designer needs to ask two critical questions when it comes to the protection of sensitive keys used in most, if not all, security schemes. First, how physically secure is the underlying memory technology? Next, is the sensitive encryption key information protected all throughout the manufacturing process?
This stage is particularly critical when items like IP and encryption keys are so vulnerable to theft, which can cost your company millions of dollars. For example, the organization licensing Dynamic Host Configuration Protocol (DHCP) encryption keys fines a company up to $8 million for each compromised encryption key. These two hardware security imperatives are important, because encryption is only as robust as the ability for any encryption-based system to keep the encryption key hidden.
One solution to this security challenge leverages a new embedded permanent memory technology based on a standard logic CMOS antifuse process. The technology provides unprecedented physicallayer security for data-storage applications that use data encryption and authentication, which require unique encryption keys and/or IDs for each hardware device.
For instance, Kilopass developed an embeddable antifuse in conjunction with Certicom Corp. Combined with a robust key distribution, tracking, and management system tailored for the global semiconductor manufacturing supply chain, this OTP memory technology provides end-to-end security for sensitive encryption keys and IDs from the system solution provider through to the end customer.
As digital media formats like those for DVDs and digital music distribution become more popular, the protection of IP and confidential data (CD), including encryption keys and sensitive customer data, has become a hot topic. Different industries have different security requirements and protect their IP and CD in different ways.
When DVDs were initially developed, the industry adopted the Content Scramble System (CSS) to encrypt the data. However, it wasn’t long before the system was compromised. (For a brief look at this landmark case, see “An Example Of Broken Security.”)
Reprints
