The Hardware Embedded delay PUF HELP KG is a dynamic bitstring generation engine designed to supply applications with unique, device-specific identifiers for authentication and keys for encryption. HELP KG can be configured on-the-fly to accommodate these different modes of operation and is directly synthesizable into existing Xilinx FPGAs.

The strong PUF characteristic of HELP makes it possible to generate a virtually unlimited number of bitstrings while the complex nature of the entropy source makes it resilient to model-building attacks.

Key Differentiators and Attributes

•  Implemented using a cryptographic primitive as a source of entropy for bitstring generation.

•  Small footprint and low power consumption resulting in reduced overhead and cost savings.

•  Physical security improvement by eliminating storage or “burn-in” of the device’s secret key in the Non Volatile Memory NVM.

•  Reduces susceptibility to machine learning or power probing by an adversary  attempting to clone or steal secret identifiers (keys) 

•  Ability to change the secret identifiers (keys) frequently

•  Customized authentication protocol leverages the benefits of PUF-derived bitstring identifiers

•  Proof of Identity (Authentication) in device to device or Internet of Things. environments defends against physical tamper, cloning and spoofing attacks while maintaining data integrity.  

•  Enrollment during (chip) manufacturing enables traceable authentication and iron-clad supply chain authentication.

•  Easy to install and update remotely.

•  Impossible to copy or duplicate.

•  Can be implemented on any device with a Xilinx FPGA.

Different Configurations of HELP KG

• Raw-Bitstring Mode : For customers that incorporate their own error correction and/or entropy enhancing functions, HELP KG can be configured to generate raw bitstrings.

• Token Authentication : Forward authentication process where server verifies the identity of the token.

• Verifier Authentication : Reverse authentication process where token verifies the identity of the server.

•  Session Encryption Key : This mode refers to applications that need to setup an encrypted communication session using a temporary (short-lived) key. Unlike Key-Encryption-Key mentioned below, the key does NOT need to be regenerated at some later point in time.

• Key-Encryption-Key : KEK mode is used for applications that require the same key to be regenerated overand-over again after power cycles.