Via-PUF Security Chip for Root of Trust

Overview

The vPUF® IP, powered by Via PUF (Physically Unclonable Function) technology, provides a unique silicon fingerprint for inborn identity function, essential for the Root of Trust in security applications.

Why vPUF?

Secret information, such as device keys and IDs stored in standard non volatile memory (like ROM and eFlash), are vulnerable to attacks like reverse engineering and optical analysis.

vPUF technology generates inborn secret keys on-the-fly only when needed. These self-generated keys are constantly stable under any circumstances.

Technology Background

  • Random Formation: The vPUF® powered by Via PUF technology uses random formation of “Via” during standard CMOS manufacturing process
  • Reverse Thinking Approach: Instead of following design rules, the technology intentionally makes the Via smaller, leading to unpredictable or stochastic “Via” or “Contact” formations in silicon
  • Logical Connections: A vPUF cell is used as either an “open” or a “short” connection, corresponding to the logical values “0” and “1” in silicon
  • Passive Element PUF: A vPUF cell is just a piece of metal with no active transistors involved
  • Robustness: Once formed, vPUF cells are durable and stay intact throughout their life, even under extreme voltage and temperature

vPUF Technology Strength

  • Root of Trust: The unique silicon-fingerprint acts as a secure anchor for trust in cryptographic operations.
  • Digital Secret Key: The fingerprint serves as a secret key for encrypting data and authenticating devices.
  • Crypto Root Key: The secret vPUF key is self-generated within the chip and never leaves it, existing only when the power is ON.
  • Unique Inborn ID: vPUF provides unique silicon “Inborn ID”, so no key injection is needed
  • Key Chain Generation: vPUF allows for the creation of secure keys derived from a single source, enhancing key management
  • No Error Correction Code: vPUF’s reliability means there’s no need for error correction code, simplifying the key process
  • Implementation using standard ASIC flow: vPUF bitcells are standard cells recognized by automatic place-and-route tools
  • Camouflaged among Logic Cells: vPUF cells are randomly distributed on the chip, making it difficult to distinguish them from regular logic cells.
  • ISO/IEC 20897 Compliant: vPUF has been tested in accordance with the ISO/IEC PUF standards for security requirements and test methods

vPUF characteristics in accordance with ISO/IEC 20897-1/2

Features Measures Note
Steadiness No bit errors measured No value changes have been reported for over 90 billion vPUF cells in mass production
Randomness Hamming Weight near ideal value ideal value = 5. Passed the NIST SP 800-22 and NIST SP 800-90B randomness test.
Uniqueness Hamming Distance near ideal value ideal value = 0.5
Tamper-resistance Obfuscation of vPUF bitcells vPUF bitcells are scattered among other logic cells throughout the entire chip.
Physical unclonability Physically unclonable formation vPUF cells are generated under uncontrollable and unclonable physical variation

vPUF architecture

  • Seamless integration into a system via standard system buses
  • Supports random placement of vPUF bitcells
  • PUF Key Generator for 128/256/384 bits of PUF Key outputs
  • APB or AHB system bus for configuration
  • Dedicated secure ports for key outputs
  • Optional Built-In Self Test function
  • Optional OTP (one time programmable memory) support for storing preselection data

Silicon Validation

  • Volume production in 130nm, 100nm, 90nm, 55nm, 28nm
  • Silicon validation completed in 180nm, 110nm, 65nm
  • Silicon validation in progress in 8nm

 

Key Features

  • Entropy source from standard CMOS process
  • Silicon Fingerprint
  • Silicon Inborn Unique ID 
  • Random formation of Vias or Contacts
  • Anchor for a Root of Trust
  • Digital Secret Key
  • Passive element PUF, No active devices involved
  • No helper data needed
  • No bit errors in applications
  • Shows metal properties
  • Strong and Reliable structure
  • Less sensitive in voltage and temperature variations
  • ISO/IEC 20897 compliant
  • Implementation
    • Standard CMOS process: No extra mask layers required
    • Standard ASIC flow friendly 
    • Built using automatic P&R tool
    • Randomly placed bitcells
    • Camouflaged among logic cells
    • Robust against physical attacks

Block Diagram

Via-PUF Security Chip for Root of Trust Block Diagram

Applications

  • User Authentication
  • M2M Device Authentication
  • Secure IoT applications
  • Secure eID applications
  • Device Protection
  • Firmware protection
  • Secure boot support
  • Secure Storage
  • Secure Network
  • Secure supply chain
  • Anti-counterfeiting applications
  • Security Platform Service

Deliverables

  • Front-End Design Kit
    • Datasheet
    • User Guide for simulation, integration, design review and test
    • Bitcell model in verilog RTL for simulation (encrypted)
    • Testbench with testcases
    • Bitcell Liberty
    • Bitcell LEF
    • Synthesis and timing constraints
    • IP controller in verilog RTL (encrypted)
    • Firmware reference code
  • Back-End Design Kit
    • Bitcell CDL for physical verification
    • Bitcell GDS (metal information only) – full GDS merged in Fab
    • Layout guideline
    • DRC rule waiver guideline

Technical Specifications

×
Semiconductor IP