July 28,2021

【PUFsecurity News】PUFsecurity’s PUFcc Helps IoT Devices Meet FIDO Device Onboard Specification

(Hsinchu, Taiwan, July 28th, 2021) — The FIDO (Fast Identity Online) Alliance is a global non-profit organization aiming to gather world experts to jointly develop technical standards for authentication of users and connected devices. For the trillions of connected devices worldwide, FIDO Alliance proposed a specification agreement in April of this year—FIDO Device Onboard (FDO), which defines how IoT devices are connected to the cloud simply and securely. This specification protocol uses asymmetric public and private key encryption technology and the ID of devices to achieve fast and secure access to the network.

According to Gartner’s forecast, by 2029, more than 15 billion IoT devices are used worldwide, which has created opportunities for improving efficiency and industrial innovation in all walks of life. The world’s major IC design companies are also actively investing in chip development in this field. However, the security issues of IoT products are still emerging and overlooked. The FIDO Alliance provides a standard that solves this problem, while PUFsecurity is the pioneer to propose a product — PUFcc, which uses PUF (Physical Unclonable Function) as the device ID and enables OEM/ODM to develop IoT devices that meet FDO standards.

PUFcc can assist IoT devices in complying with the security requirements within FDO protocol from Device Initialization to Transfer Ownership, which has been demonstrated and verified on FPGA. For IC to be used in IoT devices that need to comply with the FDO standard specifications, PUFcc will bring three major benefits:

1. The NeoPUF (Quantum-Tunneling PUF) in the PUFcc is used as the foundation of trust for deriving the ID and public/private keys required for device authentication without external key injection. On top of effectively preventing potential manipulation vulnerabilities, it also shortens and simplifies manufacturing flow for cost reduction.

2. PUFcc provides secure OTP for storing device credentials instead of storing device credentials in external non-secure flash memory.

3. PUFcc is built with NIST certified symmetrical and asymmetrical hardware crypto accelerator. Clients could customize the algorithm set to support all the security functions such as authentication, data encryption, integrity check, and other functions required by the FIDO Device Onboarding process and further cloud application service. Moreover, PUFcc is built with physical/digital anti-tampering designs, which can resist non-invasive side-channel attacks and invasive physical attacks (such as focused ion beam FIB attacks).

“A device with built-in chip fingerprints to generate inborn root keys and identities can realize Zero Touch Device Deployment that required by the 5G and AIoT applications, enhance the security of IoT devices, and achieve zero-trust security for cloud applications.“ PUFsecurity EVP Evans Yang mentioned.

PUFsecurity has recently joined the FIDO Alliance is also taking part in the FIDO Taiwan Regional Engagement Forum.