Unique IDs*1 created from the "fingerprints" of LSI protect the safety and security of network devices.
The era of the Internet of Things (IoT), when not only information and communication devices like computers and smartphones but all devices will be connected via the Internet, is almost here. While being connected will greatly increase our convenience, it will also demand responses to security risks such as spoofing and infiltration by malicious programs. Previously, risks manifested in the virtual realm, such as in the form of unauthorized transfers from banks, for example; however, with the advent of the IoT, a diverse range of systems—including automobiles—will be connected, and if risks manifest they will directly affect people's lives.
Generally, the operation of electronic devices is controlled by programs incorporated in large-scale integrations (LSI). If these programs are tampered with, every device connected in the network can be at risk.
Mitsubishi Electric has taken the initiative from an early stage in conducting research on a security technology looking towards the advent of the IoT, which generates a unique ID (an "LSI fingerprint") using the differences between individual LSI that occur at the manufacturing stage. We have now succeeded in developing prototype LSI in a joint project with Ritsumeikan University. In addition to realizing robust security, this technology is able to reduce the circuit area to approximately one-third the area needed if individual circuits were used for each function, because some components of the ID generation, encryption, and decryption circuits are shared. We are moving steadily towards the application of the technology in IoT devices—the scope of which is constantly expanding—from social infrastructure to household products.
Despite the fact that LSI might be the same, they display individual differences, and so while their output will be the same, there will be differences between individual LSI in the voltage increase patterns ("glitches") produced in transient states. What the new technology does is utilize these differences to generate a unique ID which is like an LSI fingerprint.
There are two conditions for the protection of secret data in an LSI. One of these is to ensure that data cannot be accessed even if the LSI is opened and analyzed. Up to the present, ID data has normally been encrypted and stored in nonvolatile memory (memory that can retain data even when powered off). However, this makes it possible to steal the data in the memory by opening and analyzing the LSI. Using the newly developed technology, the unique ID can only be seen when the LSI is in operation, and there is no secret information to be accessed even if the LSI is opened.
The other condition is that it should not be possible to reproduce secret information even if the circuit is reproduced. The difference in glitches is a product of irregular individual differences. This means that even if a circuit is reproduced, it will not produce the same ID. The newly developed technology fulfills the paired requirements—to be both an invisible and an unclonable ID—that guarantee the safety of a device.
Using a unique ID makes it possible to prevent incidents such as infection of the device by malicious programs. For example, when a program is sent to a device via the Internet, the program can be encrypted in such a way as to be authenticated by the unique LSI ID. If a program cannot be authenticated by the unique ID, it will be judged to be an unauthorized program and will be prevented from running, thus protecting the device from malicious attacks.
Another use for the technology is in relation to authentication keys for partner authentication. The setting of a unique authentication key by the manufacturer or others guarantees the reliability of a device.
The encryption and decryption of random numbers by the authentication keys of the mutually connected devices enables the partner's authentication key to be verified. If the devices have the same authentication keys, connection between the devices can be allowed.
What is important in this method is the authentication key. If the authentication key is obtained by a third party, it will be possible to illicitly connect to the device. Because of this, rather than being stored as is, the authentication key is encrypted using a unique ID before being stored.
Information Technology R&D Center
Fully-fledged efforts towards the development of the new technology commenced in 2007-2008. At that time, the application of encryption technology had been spreading to general-use products for several years. This is because encryption technology was necessary to provide an authentication function, verifying the identity of partners. However, a fundamental problem was encountered in using encryption technologies in products for business and domestic use. This was how to incorporate the secret data used in encryption in the device. Placing the data somewhere where it could be viewed and stolen if the device was analyzed would make encryption unsafe.
This was a problem that had to be solved to realize the further diffusion of encryption technologies. At the time, physical unclonable functions (PUF)—in this case the use of individual differences in the semiconductors used in products—were attracting global attention as a means of resolving this issue. We therefore began to focus on LSI, which are used in almost all products.
The issue of how to measure and use the individual differences between LSI remained. However, we had already had obtained one clue. Evaluation tests to identify secret data and encryption circuits via changes in factors such as power consumption and electromagnetic waves in LSI (known as a "side-channel attack") provided us with a huge hint. We had been conducting tests to determine how LSI would react to various increases in load as part of an R&D to protect secret information in LSI, and in one of these tests we changed the LSI clock (its operating frequency).
The change in the clock caused the LSI to behave strangely, and we realized that the type of malfunctioning differed for each individual LSI. This was the first time that we had discovered this phenomenon, which was previously unknown to us. This experience was the starting point for the technology we have just developed.
The most important thing in getting this technology off the ground, and the thing that caused us the most trouble, was the question of how to generate an ID that would constantly remain stable. The usage environments for LSI vary at different times. For example, their behavior can change due to temperature, and changes can also occur as a result of deterioration over long-term use. A variety of technologies such as error correction would be necessary in order to ensure that an ID could continue to be used stably, with no deviations. We would have to clear various detailed individual requirements one by one, necessitating a considerable amount of time before we reached the level at which we could declare the technology ready for use.
We conducted countless evaluation tests over the course of the development process, and it was people from departments involved in production technologies that kept us going. For example, accelerated tests—in which we produce phenomena associated with years of aging of the product—are a type of deterioration test. We had to start by learning large numbers of test methods and evaluation methods. Having been engaged for years in the design field, learning about the tests and evaluations that were necessary to creating a finished product was new to me, and was an extremely meaningful experience.
We also worked with researchers from Ritsumeikan University in creating a prototype LSI. Bringing this new technology to its current stage has involved cooperation between a lot of people.
Naturally, safety will be the most important factor for safety technologies in the IoT era, when all devices will be connected in networks, but universal applicability to a range of devices and practicality will also be extremely important. This is where our new technology excels.
The majority of PUF technologies up to the present have necessitated ultra-fine machining of LSI, which is only possible for the semiconductor vendor. By contrast, our technology can be incorporated in the LSI at the design stage, and can be evaluated using simulations. It can therefore be easily adapted to the specific requirements of different devices. Considering that it will be necessary to respond to an increasingly diverse range of IoT devices in the future, we think this is a very great merit of the technology. In addition, there is no necessity to develop new embedded programs for devices. All that needs to be done is to add a program with the new function to an existing program, such as an air conditioner program, for example. The technology possesses a very high level of universality and practicality.
One more noteworthy point is the technology's ability to adapt to the next generation of devices. This technology uses individual differences between LSI. Even when LSI production technologies advance in the future, it is difficult to imagine that individual differences between them will decline. In fact, the more detailed the processes become, the more differences will tend to increase. This means that this is a technology that has great potential for the future, and will still have applications even as technologies advance.
I believe that there are two approaches to research and development. There is technological development towards the development of a specific product, and there is technological development undertaken for the sake of the future, even if it involves a certain amount of risk. The development that I have been discussing was of the second kind. Mitsubishi Electric has been at the forefront of the research field in cryptology for many years. I believe that the spirit of challenge that we have cultivated over those years gave us the power to stride ahead in this research. I myself felt some anxiety when we started out, thinking, "Can we really do this?" But we continued in our efforts towards the future, and as the research advanced, my misgivings changed to confidence in the viability of the project.
Having brought the basic technology to a specific level of completion, in the future the issue will be deciding what types of products to apply the technology to and adapting it to individual devices. The rigors that the technology has to face differ depending on the application. For example, temperature conditions are severe in devices fitted in automobiles. It will be necessary to resolve these individual issues one by one. I believe that our efforts from this point onwards will be the key to our ability to realize the application of this technology to a greater range of devices in a greater range of areas. Our aim at first is to apply it in Mitsubishi Electric products, but our dream is that the use of LSI provided with this technology will spread, and it will become a core technology for security in the IoT era.