Cloud native EDA tools & pre-optimized hardware platforms
Digital trust is critical for the continued success of the IoT, so security, reliability, and privacy are top concerns. New legislations are driving improved security practices as well as an increased sense of urgency. Developers and service providers tasked with demonstrating the security capability of their products are looking for guidance and standardized solutions. One important industry-led effort that can speed up the process and build confidence is PSA Certified.
Synopsys Hardware-based PUF IP - 300, a physical unclonable function or PUF-based root-of-trust (RoT) security solution, is the world’s first IP solution to be awarded “PSA Certified Level 3 RoT Component.” This certifies that the IP includes substantial protection against both software and hardware attacks. It allows chip designers to fast-track their products for full PSA Level 3 certification and further helps ensure supply chain integrity, chiplet security, and protection against reverse engineering. Certification is essential for security-critical IoT market verticals, such as healthcare, critical infrastructures, and smart consumer products as outlined in the US Cyber Mark Program.
Secure supply chain: Each Synopsys Hardware-based PUF IP user can generate unlimited device-unique keys. None of these keys are ever stored on the device. This means that each user in the supply chain can derive their own device-unique keys and import and protect other secrets without these keys or secrets being known to the manufacturer or other supply-chain users. The wrapping functionality enables supply-chain applications and IP to be securely and reliably protected – for the device's lifetime – before being deployed in the field.
Protection against reverse-engineering, counterfeiting/cloning: Synopsys Hardware-based PUF IP protects firmware IP by encrypting it with a PUF-derived encryption key that is locked to the hardware instance of the device. If the firmware IP tied to a device with Synopsys Hardware-based PUF IP is copied to other device instances, these rogue devices cannot unlock the IP or use it because every device has a different hardware fingerprint.
Other use cases: Secure key storage, flexible key provisioning, HW-SW binding, secure communication, authentication
Synopsys Hardware-based PUF IP - 300 is available in off-the-shelf configurations with sizes ranging between 51k and 81k gates. Configurations differ according to functionality, performance, and compliance.
Synopsys Hardware-based PUF IP - 300 Configurations |
|
---|---|
Generate device-unique keys | ✓ |
Generate random values | ✓ |
Wrap and unwrap secrets | (✓) |
Size (k gates) | 51-81 |
AC size (bytes) | 580 or 852 |
Security strength (bits) | 256 |
Maximum key length (bits) | 4096 |
Time to root key (k cycles) | 45-69 |
SRAM required for PUF (kB) | 4-6 |
Interface | APB / TileLink-UL |
Masked key output | ✓ |
Logic BIST | (✓) |
SRAM health checks | ✓ |
SRAM anti-aging | ✓ |
PUF Monitoring | ✓ |
Driver | ✓ |
Tamper-evident: supports fault detection and reporting | ✓ |
Countermeasures against side-channel and fault-injection attacks | ✓ |
NIST CAVP certification (DRBG, AES, KDF) | (✓) |
NIST SP 800-90 compliant | (✓) |
PSA Certified Level 3 RoT Component | ✓ |
(✓) features are optional
Synopsys Hardware-based PUF IP has been embedded on MCU/SoC/ASICs in a diverse set of foundry/process node combinations. SRAM PUF responses have been qualified for use with Synopsys-Hardware-based PUF IP in a wide range of operational environments.
Synopsys Hardware-based PUF IP - 300 can be integrated easily into any semiconductor design across all foundries and process nodes. Standard deliverables include:
The Synopsys Hardware-based PUF IP - 300 driver eases developers' use of the Hardware IP in an embedded software environment. It is delivered as C source code and comes with a reference manual, integration tests, and the Synopsys Hardware-based PUF - 300 register description.