The Hardware Embedded delay PUF HELP KG is a dynamic bitstring generation engine designed to supply applications with unique, device-specific identifiers for authentication and keys for encryption. HELP KG can be configured on-the-fly to accommodate these different modes of operation and is directly synthesizable into existing Xilinx FPGAs.
The strong PUF characteristic of HELP makes it possible to generate a virtually unlimited number of bitstrings while the complex nature of the entropy source makes it resilient to model-building attacks.
Key Differentiators and Attributes
• Implemented using a cryptographic primitive as a source of entropy for bitstring generation.
• Small footprint and low power consumption resulting in reduced overhead and cost savings.
• Physical security improvement by eliminating storage or “burn-in” of the device’s secret key in the Non Volatile Memory NVM.
• Reduces susceptibility to machine learning or power probing by an adversary attempting to clone or steal secret identifiers (keys)
• Ability to change the secret identifiers (keys) frequently
• Customized authentication protocol leverages the benefits of PUF-derived bitstring identifiers
• Proof of Identity (Authentication) in device to device or Internet of Things. environments defends against physical tamper, cloning and spoofing attacks while maintaining data integrity.
• Enrollment during (chip) manufacturing enables traceable authentication and iron-clad supply chain authentication.
• Easy to install and update remotely.
• Impossible to copy or duplicate.
• Can be implemented on any device with a Xilinx FPGA.
Different Configurations of HELP KG
• Raw-Bitstring Mode : For customers that incorporate their own error correction and/or entropy enhancing functions, HELP KG can be configured to generate raw bitstrings.
• Token Authentication : Forward authentication process where server verifies the identity of the token.
• Verifier Authentication : Reverse authentication process where token verifies the identity of the server.
• Session Encryption Key : This mode refers to applications that need to setup an encrypted communication session using a temporary (short-lived) key. Unlike Key-Encryption-Key mentioned below, the key does NOT need to be regenerated at some later point in time.
• Key-Encryption-Key : KEK mode is used for applications that require the same key to be regenerated overand-over again after power cycles.