More of us are more 'connected' than ever before. Last year, the International Telecommunication Union announced that there are now as many mobile phones on earth as there are people – around seven billion of each. Add that to Cisco's prediction that by 2020, each person will own on average seven connected devices, and it's clear that ensuring the privacy of personal and sensitive data has become more important than ever.
There are two emerging trends in this area – building security directly into a device, and making a system that can be used across a range of platforms. At the Centre for Secure Information Technologies (CSIT) at Queen's University Belfast, a technology called Physical Unclonable Function (PUF) is being developed that is based on both of these trends.
In its simplest form, PUF technology is a way to detect tampering in electronic devices. It uses the tiny variations inherent in the manufacturing processes of chips to behave as a unique digital fingerprint for that chip. If a PUF circuit is included on two chips, minute differences in their structure results in behaviour that is subtly different, allowing each to be uniquely identified.
What this means in reality is that PUF can bind an identity to a device, which is particularly important where authentication is important, such as in public key infrastructure (PKI). PKI is a widely-used protocol that sets up key exchanges between users, and is often used to "secure" insecure public networks. But if a PUF chip is added to the devices of users, its unique response guarantees that any communication is authentic and has not been tampered with. This effectively adds an extra layer of security to PKI.
The details of PUF
So, how does a PUF circuit work? One approach is to use balanced wire signal paths, and look at how long an electrical signal takes to travel along each defined path – due to the inherent manufacturing variations there will be a small difference in the delay between any two balanced paths. In its simplest form, a single bit PUF is a race between signals along two wires – an arbiter at the end declares the winner with the output being either a 1 or a 0, depending on the 'winning' path.
In a fingerprint, the larger the number of contours you can see, the more sure you can be of its uniqueness. Just like this, PUF circuits can be scaled-up, while remaining compact, so that numerous paths can be used, providing a longer identifier (up to 128-bit) and a more secure system.
PUF circuits have been developed to work with field-programmable gate arrays (FPGAs) – using a memory-based approach, the values in memory at chip startup define its unique response. This is a robust solution, but may be limiting for some applications in the longer term.
A more flexible solution is the ability to check the unique fingerprint at any stage, and this is the approach taken by Queen's University Belfast. The extra security offered by this compact PUF circuitry comes at a minimal area-cost – for example, when used with the ARTIX-7 FPGA, the PUF uses just 0.1% of the resources on this device. And its architecture means that it could also be retrofitted to anything based on FPGAs, or easily added at the design stage of new chips.
PUF circuits have also shown themselves to be very robust under elevated temperatures and voltage spikes. Given the minute manufacturing variations on which the technique is dependent, temperature and voltage changes can have a profound effect, so this physical robustness is important.
The applications of PUF
Research into PUF technology is developing rapidly; in the CSIT at Queen's University Belfast we are working on a number of exciting projects across a wide range of sectors. We're currently licensing PUF architecture to a defence company in the UK, and are working on an EU Framework 7 project called SPARKS, that focuses on tamper-proofing smart meters.
This year, the Royal Academy of Engineering recognised the significance of the programmes I've been leading, with the award of a Silver Medal, reinforcing the importance of digital security in today's society.
I recently returned from South Korea, where we're collaborating with the Electronics and Telecommunications Research Institute (ETRI). We developed a security architecture for the charging infrastructures for electric vehicles, which was licensed by LG-CNS (a subsidiary of the LG Group) who ran a pilot EV charging scheme in Seoul. The next stage is to look at using PUF to detect any tampering or cloning across the entire charging system.
The challenges are manifold – in an EV charging infrastructure some charging points are easily accessible to users, which means attempts can be made to 'hack' the charging platforms in addition to the on-board charger in many vehicles. Given the growing use of electric vehicles, securing all aspects of the EV charging infrastructure is a must.
In general, the major benefit of PUF circuitry is that it can be used as a low-cost security primitive in electronic devices. It's small size and low power consumption means that it can be easily integrated into existing FPGA-based architectures and applications. Development is still ongoing and we'll soon step into a new round of collaborative projects. For PUF technology, the future looks bright.
- Máire O'Neill is Professor of Information Security at Queen's University Belfast