Warning: Undefined array key "city" in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 56 Warning: Undefined array key "postal" in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 60 Warning: Undefined array key "country" in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 64 Warning: Undefined variable $org in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 70 Warning: Undefined variable $loc in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 78 Warning: Trying to access array offset on value of type null in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 78 Warning: Undefined variable $loc in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 79 Warning: Trying to access array offset on value of type null in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 79
Internet

Physically Unclonable Functions as a Solid Foundation of Platform Security Architecture

Posted on

Today, there is general agreement amongst most stakeholders that IoT is not going to take off and reach its full potential unless we come up with a solid approach to securing both the “Things” in IoT and the communication between them. An Arm-led initiative which is specifically relevant to device OEMs and silicon manufacturers is the Platform Security Architecture or PSA. PSA is a framework that aims to secure a trillion connected devices by providing a scalable and hardware-backed approach to threat analysis, system architecture and reference implementations for IoT devices.

In this article we will show how SRAM PUF technology is a very good fit to some of the most fundamental PSA objectives. In particular it enables a strong and flexible protection for the heart of the Root of Trust: the immutable Root of Trust – the part that stays unchanged over the lifetime of a device.

PSA Requirements

The following definition is taken from PSA Security Model:

The Root of Trust of a PSA device is a multi-tier Root of Trust made up of immutable and updatable components working together to ensure:

  • The integrity of the device and its updatable components
  • The integrity of trust chains, both within the device and within an ecosystem
  • The privacy and integrity of secrets, and of operations performed using secrets
  • Separation and isolation of more trusted components from less trusted components

The PSA Root of Trust is itself partitioned into an immutable portion and an updatable portion. The immutable PSA Root of Trust is the initial Root of Trust for all PSA Root of Trust services and never changes on a production device. The updatable PSA Root of Trust represents all of the most trusted software components, providing a common trusted platform.

The Immutable Root of Trust consists of fixed and tamper resistant hardware security resources, such as boot ROM and root parameters. This is the true “anchor” on which all subsequent trust necessarily depends. It follows that the security of the complete system can only be as strong as this Immutable Root of Trust itself (weakest link principle).