Skip navigation
A visitor takes photos of TSMC silicon wafer at the 2020 World Semiconductor Conference in Nanjing, in China's eastern Jiangsu province, on August 26, 2020. STR/AFP via Getty Images
A visitor takes photos of TSMC silicon wafer at the 2020 World Semiconductor Conference in Nanjing, in China's eastern Jiangsu province, on August 26, 2020.

Security Tech Based on Each Chip’s Unique ‘Fingerprint’ Comes to Data Centers

Minute inconsistencies introduced in manufacturing make every chip different from the rest and can be used for authentication.

The composable data center platform Fungible unveiled earlier this year has a number of new approaches to computing infrastructure. Its users can scale compute, storage, and network resources independently, for example. It also relies on Fungible’s own accelerator processor, the Data Processing Unit, or DPU, to offload a lot of the system-management workload from the CPU.

Another aspect of the Fungible Data Center platform that’s relatively new to the data center market (although it’s been widely used in other areas) is its use of the naturally unique fingerprint of each processor, comprised of minute imperfections introduced in manufacturing, to make the system more secure. The approach is referred to as Physical Unclonable Function, or PUF.

Fungible uses hardware fingerprints to help secure against attackers swapping out hardware, either in the data center or along the supply chain and against attacks on the BIOS.

In addition to being a way to identify each piece of hardware, the fingerprints can be used as the basis of a private key and for authentication.

Satish Kikkeri, senior director of Fungible Compute Products, told DCK that he expects most cloud providers and large-scale hyperscalers to move in this direction.

Physical Unclonable Function (PUF) in the Data Center

Fungible's firmware uses hardware fingerprints to check that it's running on the system it's supposed to be running on. That helps protect against attacks on the software supply chain, like in the case of the SolarWinds breach.

Fungible hard-partitions its servers, which removes vectors for side-channel attacks in multi-tenant environments.

"Security at the lowest level is built into the architecture, the DNA of our solution," said Kikkeri.

Its composable architecture and security make the platform a good fit for financial workloads, big data analytics, edge computing, high performance computing, and AI and machine learning, he said.

Intrinsic ID Expands in the Data Center Market

The Physical Unclonable Function technology in Fungible's product is by Intrinsic ID. It is a software-based approach that doesn't require changes to the manufacturing process.

"We selected the Intrinsic ID PUF IP because its SRAM-based approach avoids the complexity of alternatives," said Kikkeri. "In addition, the IP is silicon-proven and benefits from several years of field deployment."

According to Pim Tuyls, Intrinsic ID founder and CEO, the company's technology is already in around 250 million devices and is commonly used for mobile and IoT security.

It started to make its way into the data center market only recently.

Intrinsic ID uses software to pick up unique performance characteristics of the chip and turn this fingerprint into a private security key.

When chips are manufactured, random physical factors are introduced to their microstructure, which creates minute differences in things like response times to particular commands. These characteristics are impossible to fake.

If someone clones a smart card, for example, the fingerprint on the new chip won't match the old one.

Intrinsic ID’s Physical Unclonable Function tech is currently used in 80 chip families from companies like NXP, Xilinx, and Intel, Tuyl told DCK. It's leveraged by a variety of cybersecurity vendors, including Venafi, Device Authority, and Globalsign.

The technology also plays a role in making confidential computing's secure enclaves more secure.

"I cannot comment on which secure enclaves," Tuyls told us. "But yes, it plays a role in enclaves and some of the companies that I mentioned have us in their enclaves."

PUF can be used for Root of Trust, helping ensure that the hardware or firmware hasn't been tampered with.

The technology can also be used to securely isolate workloads and improve network security, said Tuyls.

Intrinsic isn't the only vendor offering PUF technology. Competitors include PUFsecurity, Enthentica, ICTK, Invia, QuantumTrace, and Verayo.

What happens if the chip gets knocked around and the fingerprint changes? Will everything stop working? According to Tuyls, a chip's Intrinsic ID fingerprint doesn't change with time or use.

"Our technology has been built so it can work in a large variety of environmental conditions," he said. That includes extreme temperature and voltage fluctuations.

"We do accelerated aging testing. We put this technology into ovens at high temperature, up to 10 or 120 degrees Celsius, crank up the voltage, and get accelerated aging. So we guarantee a lifetime of more than 25 years."

There are limits, though, he added.

"If an attacker penetrates with some sophisticated tool like with a laser or focused ion beam, then it won’t work anymore," he said.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish