Conferences and supporting programme
Physically Unclonable Functions to the Rescue: A New Way to Establish Trust in Silicon
Trust is a key part of information security. But what happens in the embedded computing world? In this presentation you'll find out why PUF (Physically Unclonable Functions) is the emerging answer. It's based around recognizing the unique differences created in each fragment of silicon during the manufacturing process to extract the DNA of each individual chip - in a way impossible to clone or duplicate. In the IoT world, how can we be sure a device firmware hasen't been maliciously altered by hackers? How can we establish two-way secure communications? How can we scale inexpensively to billions of devices? That's where PUF comes in. Attendees will hear first-hand how the productization of this technology could be a major turning point in our quest for a safer Internet of Things. Industry veteran Cesare Garlati, Chief Security Strategist at the non-profit prpl Foundation will begin by setting the scene. In many ways establishing a chain of trust is more important in the IoT world than any other part of IT. Here, cyber-attacks which erode that trust could have life-threatening repercussions. Th industry needs a better way to trust that IoT devices haven't been tampered with. Garlati will then go on to describe why 'inserting' secrets into computing systems is a bad idea which never works in the long run, because once that secret is outed, the whole system comes crashing down. That's what happened with DVD encryption in the late 90s, enabling anyone subsequently to remove copy protection and more recently with a whole pletora of - supposedly - smart devices. So instead of injecting secrets into IoT devices, why don't we discuss a roboust way to simply extract them? One effective way of doing PUF is based on SRAM. Here each memory cell will always come up in a mostly random state but with a predominance of either zeros or ones depending on how it was manufactured. Unique keys can then be derived from SRAM PUF. For added security, they're not stored on the chip but are extracted only when needed, and there's effectively no secret to steal, as the DNA in question is specific to each piece of silicon and completely useless if 'transplanted' to a different device. In this seminar Garlati will show attendees how the open source PUF API developed by the prpl Foundation can be used to enhance security in a variety of use cases. As he will demonstrate, the potential applications for this exclusive, repeatable identification technology are endless.
--- Date: 01.03.2018 Time: 3:30 PM - 4:00 PM Location: Conference Counter NCC Ost