Cloud native EDA tools & pre-optimized hardware platforms
Root-of-trust (RoT) technology is a requirement for securing connected devices, their data, and, by extension, the entire infrastructure with which they communicate. But, RoT technology shouldn’t be limited to hardware design, confining Internet of Things (IoT) developers to functions programmed at manufacture. The Synopsys Software-based PUF IP - 300 solution democratizes RoT technology by uncoupling it from silicon fabrication, ensuring IoT application developers can access, understand, and implement it at scale.
Synopsys Software-based PUF IP - 300 is a secure key generation and management solution for any IoT device. Synopsys Software-based PUF solution is the only hardware entropy source currently available that doesn’t have to be loaded at silicon fabrication. It streamlines IoT OEM and ODM security efforts by creating unique, internally generated device keys and identities derived from the inherent randomness of SRAM PUFs.
The Synopsys Software-based PUF - 300 API enables IoT developers to generate cryptographic keys securely and to perform other symmetric key and elliptic curve cryptographic functions. It can also be integrated as a trust anchor for Mbed TLS, OpenSSL, wolfSSL, and other libraries, extending the chain of trust beyond just a single device.
Every device needs an unclonable identity to solve security problems in IoT systems, such as authentication, product lifecycle management, reverse engineering, and cloning. This consists of a secret key, a public key, and a certificate. The biggest challenge is to get these credentials into the device and keep the secret key secret. This can be achieved by using Synopsys Software-based PUF IP - 300. Synopsys Software-based PUF - 300 offers the strongest protection of the device secret key and the strongest authentication via unclonable identities.
Using SRAM PUF technology, keys are regenerated when needed and never present in persistent memory – not even when the chip is powered down – which significantly raises the security and eliminates the need for OTP or secure memory.
Synopsys Software-based PUF IP - 300 offers random values generated by a NIST 800-90A/B-compliant random number generator and a collision-free unique device identity (UID). It also offers functions to wrap and manage secret keys and data, which can be stored in unprotected memory or securely transmitted over the network. In addition, Synopsys Software-based PUF IP - 300 offers public key crypto functions such as ECDSA sign and verify and ECDH shared secret. PKI elements such as certificate signing requests (CSR) are optional. All Synopsys Software-based PUF features are accessed by the host software via the API.
SRAM PUF responses have been qualified for use with the Synopsys Software-based PUF IP products in a wide range of operational environments over years of field operation:
The Synopsys Software-based PUF IP - 300 product is available in off-the-shelf configurations with sizes ranging between 16 kB and 29 kB. Configurations differ according to functionality, performance, and compliance.
Specifications | Synopsys Software-based PUF - 300 |
---|---|
Security strength (bits) | 128 / 256 |
SRAM PUF (kB) | 0.7 / 1.0 |
Code size (kB) | 16 - 29 |
SRAM anti-aging | ✓ |
Generate device-unique keys | ✓ |
Generate UID and random values | ✓ |
Wrap and unwrap application keys | ✓ |
Streaming AES, Hash, MAC | ✓ |
Public key crypto functions* | ✓ |
PKI elements** | (✓) |
NIST CAVP certification (DRBG, AES, KDF, HMAC, SHA-2, ECC) | ✓ |
NIST SP 800-90A compliant DRBG | ✓ |
NIST SP 800-90B compliant entropy source for RNG (adds about 3kB of SRAM) | (✓) |
FIPS 140-3 ready | (✓) |
* Includes ECDSA sign and verify, ECDH shared secret, standard elliptic-curve support set: P256, P384, P521
** Elliptic curve integrated encryption scheme (ECIES), certificate signing request (CSR), self-signed certificates (SSC)
Markets | Applications |
Certifications |
|
|
|