Adding hardware-intrinsic security to a secure microcontroller takes time, but will be worth it in the end, according to NXP.
I was not surprised when I heard that physically unclonable function (PUF) security technology from Intrinsic-ID NV was being designed into SmartMX2 secure microcontrollers from NXP Semiconductor NV. Apparently there's going to be a demo of the silicon fingerprinting technology inside a SmartMX2 prototype IC at Mobile World Congress in Barcelona.
After all, both companies are based in Eindhoven and both are spinoffs from Philips Electronics. In fact, what was more surprising was that it hadn't happened before, as Intrinsic-ID has been around since 2008. Then I remembered that Philips was offering to license out what it called Quiddikey technology back in 2008 and NXP and Intrinsic had announced they were getting together back in January 2010.
So what happened?
Steve Owen, senior vice president of sales and marketing for the identification business unit at NXP, explained: "We decided to implement the technology in the C90 [90-nm] process rather than C140 [140-nm]. The technology is better in smaller geometries. And C40 will exploit it even further," he said.
A quick recap will remind readers that Intrinsic-ID exploits manufacturing variability along with metastable circuits, typically SRAM bits, to create a security word that is specific to a particular die and can be used to drive encryption, but has the added benefit of not being present when power is removed.
It is also the case that the original SmartMX line of secure microcontrollers were based on an 8051 8-bit processing core whereas the SmartMX2 has been scaled up to provide up to 32-bit processing while maintaining support for legacy software.
"We made a number of changes moving from SmartMX to SmartMX2; better AES encryption engine, lower power, went from EAL5+ to EAL6," said Owen. It also involved moving the production from 200-mm diameter wafers at Systems on Silicon Manufacturing Co. Pte. Ltd. (Singapore) to 300-mm wafers at Taiwan Semiconductor Manufacturing Co. Ltd. (Hsinchu, Taiwan) Owen said.
Owen confirmed that the SmartMX2 instruction set architecture is a proprietary extension of the 8051 instruction set. But it is well understood and supported by development tools suppliers, he said. He added that even after customers get hold of secure MCUs it can take another 6 to 12 months for them to get their own products' security certified and to need NXP's chips in volume.
OK, but does that mean it will take yet another 12 months or more before PUF-enabled SmartMX2 microcontrollers are in the market place?
That and a bit more probably. Owen said that there are some selected companies that he hopes to get sample chips to towards the end of 2013. So the earliest it will be in the market place will be sometime in mid-to-late 2014.
"The security business is very risk averse and it does make things take time," Owen said. He added that once you get used to the rhythm of the sector and the depth of the pipeline it can feel like things are happening quickly.
My guess is that while design wins can take more time than Owen's boss would like those design wins, once achieved, tend to be nice and "sticky."
Related links and articles:
Hardware Intrinsic Security Initiative
NXP and Intrinsic-ID to raise smart chip security
Dialog signs up to use Intrinsic-ID on-chip security
Philips ready to license Quiddikey chip security