PUF IP for Automotive Market: Where Security and Safety Meet

Functional safety only takes you so far when adding automated driving functionalities to vehicles. Each safety mechanism/system can be compromised by a security attack if not properly protected. Many attacks in the past years have led to new legislation, such as the UN regulation 155. The automotive industry now needs to ensure that its vehicle fleet is secure by design and each vehicle is safely maintained through its life cycle. Components in autonomous vehicles need to adhere to the industry standard ISO/SAE 21434 “Road vehicles – Cybersecurity Engineering.”

On top of functional safety, automotive components require a proven, hardened level of security that provides resistance to invasive and non-invasive attacks and securely and reliably protects those assets for their entire life. PUF-based IP from Synopsys has been protecting millions of ASIC/SoC/MCU and FPGA-based devices for more than a decade with no known breach or failure. Our leading-edge IP enables us to customize hardware security to deny adversaries access to any key material or data, even on autonomous assets. PUF IP from Synopsys is agnostic to the foundry and process nodes.

Benefits

  • Scalable across all foundries and process nodes:
    • Proven on i.e. GF, IFS, Samsung, UMC, TSMC
    • From 350 nm to 3 nm
  • No sensitive key material present on device
  • High protection against tampering and invasive attacks
  • Resistant to post-quantum attacks
  • Empirically proven to be secure and reliable for entire product life

Hardware-based Security with PUF Technology

The security IP from Synopsys uses inherently random elements on the device as a physical unclonable function (PUF), which generates the entropy needed for a strong hardware root of trust (RoT). It enables designers to secure their products with internally generated, device-unique cryptographic keys.

The Synopsys PUF technology is widely used to protect MCU, ASIC, SoC and FPGA devices. It is frequently updated with countermeasures to secure PUF key material and sensitive data from invasive and non-invasive attacks.

 

Synopsys AP PUF IP – SRAM PUF for Automotive Market

Synopsys AP PUF is the world-leading IP that uses standard SRAM as a PUF for hardware-based security. It offers key provisioning, wrapping, and unwrapping to enable secure key storage across the supply chain and for the lifetime of the device. The PUF root key is never stored but re-created from the PUF each time it is needed, offering the highest level of security. A key protected by Synopsys AP PUF IP is integrity protected and can be decrypted solely on the same device where it was created. Synopsys AP PUF IP has been developed following an ISO 26262 functional safety compliant flow and meets the ISO 26262 Automotive Safety Integrity Level (ASIL) B fault metric.

 

Synopsys PUF FPGA-X – Butterfly PUF

For FPGA architectures for which standard uninitialized SRAM is not available, e.g. AMD/Xilinx FPGAs, a butterfly PUF enables designers to extract a PUF from standard FPGA fabric. This PUF is used to create a high-quality device-unique PUF key. The intrinsic PUF key can be used as a root key for key derivation and key wrapping. It enables designers to create and store an unlimited number of keys and data securely in unprotected NVM on/off chip.

Synopsys PUF FPGA-X is verified on many AMD/Xilinx platforms:

  • AMD/Xilinx 6 series: Virtex
  • AMD/Xilinx 7 series: Artix, Virtex, Kintex, Zynq
  • AMD/Xilinx UltraScale+:  Virtex, Kintex, Zynq

 

Use Cases

  • Trusted Supply Chain: device is locked from moment of fabrication. Each owner can lock their IP using their device-unique keys throughout the device life cycle.
  • Flexible Key Provisioning: enables generation of an almost unlimited number of keys for multiple uses and applications.
  • Anti-Cloning: binding of proprietary IP to unique device prevents cloning.
  • Secure Communication: communications between all parts of the system can be securely authenticated to protect from eavesdropping and  alteration.

Certifications

  • Meets ISO 26262 ASIL B fault metric
  • ASIL D for systematic failures
  • SESIP Level 3
  • PSA Certified Level 3 RoT Component
  • NIST CAVP
  • ISO/IEC 20897-compliant PUF
  • FIPS 140-3 support
  • SRAM PUF-enabled products have been certified by EMVCo, Visa, CC EAL6+, PSA, and ioXt
  • DoD and EU governments qualified

Applications

  • Authentication
  • Secure key storage
  • Trusted supply chain
  • Flexible key provisioning
  • Anti-counterfeiting
  • Anti-reverse engineering
  • Chiplet security

Security Standards

  • Cryptographic algorithms are NIST CAVP certified and support a FIPS 140-3 system.
  • PUF – ISO/IEC 20897
  • HMAC – FIPS 198-1
  • HMAC-DRBG – NIST SP 800-90Ar1
  • KDF – NIST SP 800-56C, NIST SP 800-108
  • AES – FIPS PUB 197, NIST SP 800-38A
  • SHA – FIPS PUB 180-4
  • NIST elliptic curves – NIST SP 800-186
  • ECC-CDH – NIST SP 800-56Ar3
  • DRBG/RNG – NIST SP 800-90A/B

Resources