LONDON – A European collaborative research project is proposing that die-specific variations within processors and other hardware be used to protect computer games players' and phone users' identities and data.
The Physically unclonable functions found in standard PC components project, known as Puffin, has been set up to develop use cases and technologies for intrinsic security as an alternative or complement to computationally-intensive cryptographic engines. [Get a 10% discount on ARM TechCon 2012 conference passes by using promo code EDIT. Click here to learn about the show and register.]
One type of physically unclonable function (PUF) works on the basis of the metastability of the cross-coupling inside SRAM cells. An SRAM cell will power up as either a 1 or 0 due to the metastable nature of the circuit, but variations in the silicon manufacture create an inherent primary stability. A line of such cells effectively provides a multibit word that is unique to that silicon implementation.
Over three years the Puffin project, led by security startup Intrinsic-ID BV (Eindhoven, The Netherlands), will receive 1 million euro (about $1.3 million) from the European Union and is intended to show how SRAM-based physically unclonable functions (PUFs) and other types of PUF in components in computers, mobile phones and consumer electronics can be used for security.
The project – which includes researchers from Katholieke Universiteit Leuven, Technische Universität Darmstadt, and Eindhoven University of Technology – has already found that software can detect the die-specific differences in graphics processors, the researchers claim. These differences could be used to securely link a particular GPU and/or graphics card to a specific user account, preventing theft of a users' identity, the research team has stated.
The Puffin research team is now searching for PUF properties in other commodity hardware such as mobile phones. PUFs could be used to provide keys for disk encryption, without requiring users to remember long passwords.
The project is divided into three work packages. The first two cover exploration, analysis and qualification. The third work package is devoted to use case for applications investigated in the first two work packages.
The project runs till February 2015 and has a total budget of 1.3 million euro (about $1.7 million). Related links and articles:
News articles: Dialog signs up to use Intrinsic-ID on-chip security
Security startup appoints mobile-savvy CEO
Dutch VC helps Philips spin off chip-security startup