PUF-based Hardware Root of Trust

Overview

PUFrt is a Hardware Root of Trust (HRoT) offering the essential features necessary for establishing a trusted foundation from which all security operations, such as secure boot, can be based.

This Riscure certified IP offers the flexibility for users to add only the cryptographic engines that their designs need and comes with a well-designed anti-tamper shell against attacks. PUFrt can be integrated into a wide variety of systems, from a lightweight hardware security key to a full-functioning Security Coprocessor.

PUFrt provides a foundation of trust and security for the chip system. It contains a 1024-bit physical unclonable function (PUF), and a true random number generator (TRNG) that complies with the NIST SP800-90B/SP-800-22 standard specifications. These features aid in the encryption/decryption requirements of sensitive information and data, achieving a higher level of data security protection. Furthermore, an additional 8k-bit secure storage space with PUF is provided for the key or sensitive information injected by the customer, which makes the original security and NeoFuse OTP more resistant to physical attacks.

Key Features

  • Four 256-bits hardware PUF fingerprint that could be used as a unique private key, UID, or root key
  • 8k-bits mass production OTP with built-in instant hardware encryption (customization available)
  • Comprehensive anti-tamper designs in physical and RTL
  • High-quality true random number generator
  • APB control interface with secure/non-secure access privilege
  • Built-in PUF health check

Block Diagram

PUF-based Hardware Root of Trust Block Diagram

Applications

  • PUF-based Unique ID (Static Entropy)
  • UID for manufacturing management
  • Device pairing for anti-counterfeiting (with cryptos)
  • Provide inborn-protected random number pool for key generation and management (with cryptos)
  • Provide on-chip keys for memory protection (with crypto)
  • PUF-based TRNG (Dynamic Entropy)
  • Protect cryptographic engines
  • Ephemeral key generations for security operation (with cryptos)
  • Protect dynamic memory and BUS by using instant ready tRNG (with cryptos)
  • PUF-based Key Storage (Trusted Storage)
  • Provisioning root or shared key directly wrapped
  • Security OTP for debugging, versioning, and revocation 
  • Secure debug for JTAG channel lock
  • Support secure boot for storing boot information (with cryptos)

Deliverables

  • Datasheet
  • Release Notes
  • Integration Guidelines
  • Timing .lib File
  • LEF
  • GDS Phantom File
  • Verilog HDL File (Behavior Model)
  • Verilog HDL File (FPGA)
  • Application Note
  • Reference Scripts
  • Hard Macro Release Note
  • Test Methodology
  • Testbench

Technical Specifications

Foundry, Node
200+ process nodes in 25+ foundries
×
Semiconductor IP