Partner chip adds high-grade security to IoT MCUs

Maxim DS28E38

Called the DS28E38 secure authenticator, it includes security keys created on-die by a ‘physically un-cloneable function’ (PUF), which the firm is branding ChipDNA.

“We looked at existing PUF designs – we would have bought one, but they fell short,” said Maxim v-p of security business Dan Loomis, who warned of continuing poor IoT security at the DS28E38 launch event.

The result is a PUF that instantly creates the same secret key, over temperature, voltage and a 20 year life, said Loomis, with an error rate in the parts-per-billion.

The key is generated from variations in mosfet threshold voltages, due to random process variation, and the same silicon also generates the partner public key, needed for public key encryption, without the secret private key ever leaving the chip.

Intended applications are securing initial microcontroller boot-up, and device authentication, or both.

Only probing at a semiconductor lab has any chance of revealing the key, and cannot yield anything useful for cracking another chip because the key pairs between chips, even chips made on the same wafer, have no relation to one another, said Loomis: “It is almost impossible to probe without corrupting the key. It could be probed, but it is almost impossibly expensive to do it.”

“The root cryptographic key does not exist in memory or any other static state,” said the firm. “When needed, the circuit generates the per-device unique key, which instantly disappears when it is no longer in use. If the DS28E38 were to come under an invasive physical attack, the attack would cause the sensitive electrical characteristics of the circuit to change, further impeding the breach.”

The IC communicates over Maxim’s (was Dallas’) 1-Wire connection and protocol and includes a hardware cryptographic accelerator for ECCP256 (256bit public key elliptic curve cryptography), a true random number generator (TRNG), a decrement-only counter with authenticated read and 2kbit of secured EEPROM. Along side these is a separate per-die unique 64-bit identification number.

Packaging is 3 x 3mm 6pin TDFN, and there is an evaluation kit.

ChipDNA intellectual property will be integrated into further Maxim products.

Source link