Who would have imagined that a 13-year-old kid could compromise an industry standard overnight?

But that's what happened in 1999 when Norwegian teen Jon Johansen and two hacker "colleagues" unlocked the secret of the Content Scramble System (CSS) designed to protect DVDs from piracy. DeCSS, the program they created, quickly found its way onto the Internet and into DVD-copying tools sold through legitimate retailers. Despite litigation by Hollywood studios and a legal ruling enjoining one manufacturer from further sales, the genie was out of the bottle.

With global competition growing in ferocity, standards of conduct getting looser and the manufacturing supply chain operating in countries with weak intellectual-property protection, what's the best way to safeguard the security keys integral to standards-based security schemes for everything from HDTV to iPods?

Clearly, no matter how elegant an encryption scheme may be, if it's insufficiently protected and if encryption keys can be reverse-engineered or otherwise hacked, a standard--and an industry--is in jeopardy. There's a great need for effective physical-layer security for the sensitive information residing in consumer system-on-chip architectures.

If you accept that statement, the first question to ask is, how physically secure is the technology in question? Most keys are hidden in the nonvolatile memory (NVM) of DVDs, hard drives, EPROM, E²PROM and flash. Solid-state NVM is certainly more secure than a hard drive, for example, but it's still relatively easy to crack. The real challenge is to protect keys so well that they are invulnerable.

Analyzing three categories of embedded standard logic, CMOS NVM indicates that the CMOS antifuse implementation of one-time-programmable memory ar-rays offers the best protection. Whether you cross-section a chip, deprocess it or observe it with a focused-ion beam, no visible physical or electrical evidence shows which cell has been programmed.

The second question is, how can the manufacturing process be secured? The method of choice is to protect keys by encryption before embedding them into the silicon. Only the target device--a set-top box, for example--would have the built-in decryption key required. This scheme protects keys or other sensitive information at all points along the manufacturing supply chain.

These technical capabilities underlie a new and powerful trend in IP protection: the use of a unique key for each target device. After all, it doesn't take very deep pockets or a great deal of determination to hit a few electronics stores, buy up product and start hacking.

It's only necessary to identify a small number of keys to be able to reverse engineer a broad digital media standard. If that happens, the scramble to develop another standard begins yet again--and that's an outcome no one wants.

Craig Rawlings (crawlings@kilopass.com) is director of marketing at Kilopass Technology. He holds a BSEE and an MBA from Brigham Young University.