PUF security for the smallest Internet connected devices

PUF security for the smallest Internet connected devices

New Products |
By Nick Flaherty

Intrinsic ID has developed Physical Unclonable Function (PUF) security IP for resource-constrained internet connected devices

The QuiddiKey 100 PUF enables all semiconductors – even the smallest microcontrollers with limited resources – to create a hardware-based root of trust, without the need for dedicated silicon.

The IP is the first product released in the QuiddiKey X00 series. With the smallest area footprint of the series, it is specifically designed to protect internet connected devices that have limited resources against current and future threats, including supporting post-quantum security. 

This addresses IoT security by enabling every device to use standard SRAM startup values as a PUF to create a hardware root of trust. This provides a higher level of security than traditional key storage in non-volatile memory (NVM) such as secure flash, OTP or e-fuses, while eliminating the need for centralized key management and programming.

QuiddiKey 100 is quantum-secure and in accordance with post-quantum guidelines since it is based on information-theoretically secure components and established symmetric cryptographic algorithms. It can also be integrated as a trust anchor for other crypto libraries, such as Mbed TLS, wolfSSL, and OpenSSL, extending the chain of trust beyond a single device.

As the number of connected devices, machines, and sensors fuelling the Internet of Things (IoT) expands, each one represents a potential entry point for malicious intrusion. In such an environment, root-of-trust (RoT) technology is an essential requirement for every connected device.

QuiddiKey uses the inherently random start-up values of SRAM as a PUF to create a hardware root of trust without the need for costly, security-dedicated silicon. SRAM PUFs significantly reduce the chance of physical attacks because the root key is never stored, but re-created from the PUF each time it is needed.

In addition, QuiddiKey generates the entropy required for a strong hardware root of trust and offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device. A key feature of QuiddiKey is that it binds keys and data to the device so they can only be recreated and accessed on the device to which they belong.

QuiddiKey IP is NIST CAVP certified, ready for FIPS 140-3, and has been deployed and proven in more than 500 million devices, which have been certified by EMVCo, Visa, CC EAL6+, PSA, ioXt, and governments across the globe.

The US government’s recently-launched Cybersecurity labeling program to protect consumers against the wide range of security risks associated with internet connected devices underscores the urgent and growing need for device-level security. 

In addition to making internet connected devices more secure, QuiddiKey 100 also supports use cases such as increasing supply chain protection, enhancing chiplet security, and guarding chip designs against reverse engineering.

Following QuiddiKey 100, Intrinsic ID will release additional customized solutions in the QuiddiKey X00 series for key target markets such as: automotive, datacentre, and government and defence.

“The need for digital trust has never been greater,” said Pim Tuyls, CEO of Intrinsic ID. “New government legislation, safety regulations and higher security requirements are driving the need for customized solutions. Specialized applications in datacentres, high-performance computing and artificial intelligence all require security but in very different ways. Recognizing this, we are now offering application-specific versions of QuiddiKey. QuiddiKey 100 targets resource-constrained internet connected devices, while other QuiddiKey products address other markets such as datacenter, automotive, government and defense, and more.”

QuiddiKey 100 is available now and can be flexibly integrated across all foundries and technology nodes. For licensing details contact Intrinsic ID via  

QuiddiKey 100 includes a NIST-compliant (SP 800-90A/B) random number generator (RNG) which can also be licensed separately as QuiddiKey RNG.


Linked Articles