CrossBar Inc. is setting its sights on security with its resistive RAM (ReRAM).
The company will apply its technology for use in hardware security applications in the form of ReRAM-based cryptographic physical unclonable function (PUF) keys that can be generated in secure computing applications. This is a departure from its usual use as non-volatile semiconductor memory, said CEO Mark Davis in a telephone interview with EE Times, and opens new markets for CrossBar’s technology.
A PUF is a physical object that for a given input and conditions, otherwise known as a “challenge,” provides a physically defined “digital fingerprint” output that acts as a unique identifier, most often for a semiconductor device such as a microprocessor. PUF keys aren’t new, but online banking and the emergence of the Internet of the things (IoT) have created opportunities beyond digital security for dedicated electronic devices such as banking cards or payment terminals. The increased need for encryption or a digital signature means an increasing number of ASICs, microcontrollers, and SoCs are embedding hardware cryptographic accelerators or software cryptographic libraries.
CrossBar ReRAM PUF keys can be implemented using either a single ReRAM cell or a dual ReRAM cell, each representing a single PUF bit. (Courtesy: CrossBar)
Traditionally, PUF keys have employed SRAM, but in comparison, ReRAM offers many advantages, including a higher level of randomness and much lower bit error rate, said Davis. It’s also more resistant to invasive attacks and can handle a wide range of environmental variations without needing fuzzy extractors, helper data, or heavy error correction code. Overall, he said, it’s more cost effective than SRAM, he said. “With our approach, it’s very error free.”
In addition to addressing the limitations of PUF implementations, said Davis, a ReRAM PUF is also ideal for semiconductor applications that require both high security and embedded non-volatile memory (NVM), especially for foundry nodes smaller than 28nm where embedded NVM is not readily available.
Depending on the specific implementation, these PUF keys can be implemented using either a single ReRAM cell or a dual ReRAM cell, each representing a single PUF bit. When the ReRAM PUF bit is sensed, it’s observed as randomly either a “1” or “0” for each PUF bit on each semiconductor. If an IoT chip has fabricated 256 ReRAM PUF bits, each individual manufactured part will contain a 256-bit key, unique to that specific semiconductor chip.
Davis sees there being strong market for ReRAM PUF keys given there are so many connected, autonomous devices today. “The attack surface is so much larger and hardware security is the most robust way of doing things.” The ReRAM will be used for identification, encryption/decryption and authentication, and each one is unique to each individual semiconductor integrated circuit (IC), leveraging the inherent randomness characteristics of the ReRAM technology, he said. “It’s important to have completely random keys that meet industry standard tests for randomness.” The other critical characteristic is that the PUF is unclonable.
There has been an uptick in demand for memory-specific security that’s embedded into the hardware because hackers need only a single vulnerability to access a complex system. It’s not only IoT that’s driving the need for device security, but also connected vehicles, where security is a contributor to reliability and functional safety.
Infineon’s Semper Secure NOR flash serves as a hardware root-of-trust while also performing diagnostics and data correction for functional safety. (Courtesy: Infineon)
Despite this trend, the PUF market isn’t going to be a huge one. Jim Handy, principal analyst with Objective Analysis, said it will make CrossBar some money, but physically a PUF is usually a relatively small element of something bigger, such as an SoC. “It might be worth a nickel on a chip that’s worth $30.” In the near term, ReRAM PUFs will find themselves in higher end applications, he said, but eventually there could be a market for using them in chips for credit cards. “That’s going to take a decade or longer to fall into place if that happens. For now, it’s just going to go into more high-end chips where they’ve got a need to do fancy security between chips.”
There are other memory technologies out there that might be able to offer similar security features, Handy added, such as EEPROM. There is EEPROM available today that can easily encrypt sensitive data such as passwords, cloning hashes, fingerprint data, and other biometric data.
Microchip Technology’s recently announced family of I2C Serial EEPROMs, starting with the 24CS512, includes the legacy feature of only allowing locking or unlocking the entire memory array via an external pin, but also divides the memory array into 8 different zones and provides the ability to individually write protect any combination of zones via software. A smaller section of critical code such as factory calibration settings, manufacturing data, MAC addresses or other identifying information programmed and then set to read-only with a new Lockable ID page feature, a 128-byte memory space separate from the main array.
Other technologies include IP from companies such as Spansion and Cypress, now a part of Infineon. Infineon’s Semper Secure is a NOR Flash option that serves as a hardware root-of-trust while also performing diagnostics and data correction for functional safety. It provides up to eight memory regions that can be provisioned for secured or non-secured access, with one configurable to have different sizes, its own access level, and associated keys with multiple access.
PUFs do have challenges, too, noted Handy, including stability, which can be temperature and power supply dependent. “It’s got to be very stable, but it has to be different from chip to chip.”