Secure microcontroller builds on PUF technology

Maxim Integrated introduced the MAX32520 ChipDNA Secure ARM Cortex-M4 Microcontroller, a device that integrates physically unclonable function (PUF) technology for multiple levels of protection in IoT, healthcare, industrial, and IT systems.

IoT applications are continuously proliferating. On the bright side, we are able to do things never imagined before and improve our lives. But like any good thing, there is a downside to IoT: it is becoming an increasingly attractive target for cybercriminals, with far too many IoT devices vulnerable to cyber attacks.

Designers need solutions to ensure data protection for critical applications where exposure to secret keys could destroy networks, ruin businesses, and negatively affect people’s lives. The new solution offered by Maxim integrates ChipDNA PUF technology, which allows all devices to be immune to invasive attacks because the primary cryptographic key produced by it is not stored in memory or by static values.

PUF ChipDNA Technology

Maxim’s PUF circuitry produces cryptographic keys using the natural randomness of the analog characteristics of MOSFET semiconductor devices. When needed, the circuit generates a unique key for the individual device, which immediately disappears when it is no longer in use. Attempts to probe or observe the operation of the ChipDNA change the characteristics of the underlying circuit, preventing discovery of the unique value used by the chip’s cryptographic functions.

“ChipDNA PUF technology is built to last, and enable products to achieve a high level of security even in the face of 10+ year product lifetimes,” said Kris Ardis, Executive Director of the Micros, Security & Software business unit at Maxim Integrated. “The real challenge we see is in educating customers about the need for physical protection for the IoT: we tend to focus on cybersecurity or cryptographic algorithms and protecting data in flight, but the IoT will enable many smart devices that aren’t under our control and are instead widely deployed.

Kris Ardis at Embedded World [Source: Maxim Integrated]

“For these kinds of devices, we need to start worrying about how we protect the cryptographic secret keys and understand the capabilities of attackers if they have physical access to the device. The strongest front door with the most expensive door lock is useless if it is easy for someone to steal your physical keys. Similarly, the strongest encryption algorithms are useless if someone can extract secret key information,” Ardis said.

The microcontroller with PUF technology

The MAX32520 uses a tamper-proof PUF key for flash encryption, secure boot for root-of-trust, and serial flash emulation. In addition, the physical security of the PUF key means you don’t need a battery to monitor sensors and actively destroy a key when under attack. Flash encryption via PUF protects sensitive information with encryption keys that also resist advanced and indiscreet physical analysis, as well as providing the strongest IP security available on the market.

“We see many more applications looking for this level of security for IoT products, especially devices that will be deployed in more accessible environments and therefore are more easily accessible to physical inspection. For some examples, we see strong interest in telematics boxes for trucking, data logging and communications equipments for vending machines, industrial sensors, and medical devices. We also see interest in high volume networking equipment for anti-counterfeit purposes,” said Ardis.

Figure 1: MAX32520’s block diagram

The microcontroller protects all user data, equipped with TRNG hardware accelerators compliant with SP 800-90A and SP 800-90B for AES-256, ECDSA P-521, and SHA-512. The MAX32520 integrates 2MB Flash, 136KB system RAM + 34KB ECC, 8KB one-time programmable memory (OTP) and 128KB boot ROM. The MAX32520 provides a FIPS/NIST compliant TRNG circuit to generate quality session keys and blinding data. Environmental and tamper detection sensors are still available to facilitate system-wide security (Figure 1).

“There are alternate approaches to solving the IoT’s security challenges, but there isn’t really a good comparison chip to the MAX32520. There’s nothing else on the market with the level of security that the ChipDNA PUF implementation provides. It’s built to be a pretty flexible and powerful embedded device (with 2MB flash and a 120 MHz Cortex M4F), but on an advanced process node to keep the cost reasonable for high scale deployments,” said Ardis.

To evaluate the performance of the new microcontroller, Maxim presented three boards at Embedded World: a feather-board with the MAX32520 microcontroller, a second feather-board with sensors, and a LoRa plug-in board to send encrypted data to a gateway.

MAX32520-KIT# Development Kit

Security is a significant issue due to increasingly determined attackers. Sophisticated algorithms and keys of considerable length can now be in danger due to the incredible amount of computing power available at low cost. It is, therefore, necessary to impose more and more efficient cryptographic barriers. A PUF-derived key provides an unprecedented level of protection against invasive attacks because the key does not exist in memory or another static state.

The integration of PUF technology into a microcontroller provides the core of any IoT system with the ability to protect itself against any attack. Software protection does not ensure an adequate level of protection. Hardware security is complicated, but it is enough to exploit the nature of microelectronics to obtain secure algorithms. ChipDNA technology can be used to simplify key management of secure ICs, because the keys themselves can be used directly for cryptographic operations.

>> This article was originally published on our sister site, EE Times.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.