Intrinsic ID, vendor of authentication technology for Internet of Things security and other embedded applications, announced the availability of Spartan, a line of authentication solutions for IoT devices. Spartan enables device makers for the first time to ensure authentication based on digital identities derived from the silicon fingerprint of a chip that can be created at any point in the supply chain.
The first member of the Spartan product family is Spartan Cloud which is available immediately. Spartan Cloud is embedded security software for IoT devices to establish a secure Transport Layer Security (TLS)-based connection to various cloud platforms, including Amazon Web Services, Microsoft Azure IoT Hub and Google Cloud Platform. It provides seamless integration with cloud-connected applications through a library based on the MQTT messaging protocol. Use cases include cloud-based data collection and processing from trusted IoT sensor nodes; smart home devices controlled from the cloud; smart city infrastructure; and smart health monitoring services.
Spartan Cloud offers several advantages over traditional methods applied to similar use cases. The strong, SRAM PUF-derived chip identity means the chip cannot be cloned by copying non-volatile memory (NVM) information from one chip to another. No sensitive data is stored in NVM so the device’s private key is reconstructed on the fly from SRAM PUF. Since standard SRAM memory is used, the solution can be widely deployed in nearly any digital chip.
The reconstructed private key is used directly by the Transport Layer Security (TLS) stack for client authentication towards the cloud server. The solution integrates seamlessly with the MQTT protocol library that is offered by the cloud provider to connect to its services.
“The integration of Intrinsic ID’s SRAM PUF technology in our eSecure module has resulted in very successful custom security development,” said Thierry Watteyne, chief executive officer of Barco Silex. “I expect the extension of Intrinsic ID expertise which resulted in the SPARTAN authentication product family to benefit both our partnership and service to mutual customers.”
“Authentico and Intrinsic ID have both focused on taking new approaches to longtime security issues, and the development of SPARTAN demonstrates their innovative mindset,” said Philip Lundin, chief executive officer of Authentico. “We at Authentico are focused on bringing traditional password security to a much higher level by implementing state-of-the-art protected password storage schemes based on SRAM PUF. We look forward to working with the Intrinsic ID team to apply SRAM PUF to protect human authentication based on passwords.”
“The need to guarantee the authenticity of IoT devices is bringing intense pressure to device and system manufacturers, and that pressure will only continue to increase,” Tuyls said. “Device authentication must be both certain and cost effective as IoT devices continue to become not only more ubiquitous, but more critical.”
Spartan utilizes Intrinsic ID’s SRAM Physical Unclonable Function — or SRAM PUF — technology that forms the basis for other Intrinsic ID products. SRAM PUF technology extracts a chip’s silicon fingerprint and derives from it a cryptographic root key, which is unique to a particular SRAM and hence a particular chip. Intrinsic ID products utilize the root key to derive additional cryptographic keys that serve as the foundation for ensuring a device’s security.
Forthcoming members of the Spartan line include Spartan Light, a small-footprint embedded authentication solution for securing an identity between a chip and a host. Spartan Light embodies a number of advantages over traditional authentication — it is more secure because it contains no sensitive data in the chip’s NVM, and is unclonable because copying the NVM content does not copy the key. Because it works with standard SRAM, available in nearly any digital chip, it can be deployed widely. Furthermore it imposes only a small footprint on the authenticating device and therefore bears a low cost. Use cases include sensor authentication; microcontroller authentication; engine control unit (ECU) authentication, particularly suitable to automotive applications; and consumable authentication, applicable for batteries.
Other future members of the Spartan product family include Spartan Broadcast, tailored to protection of broadcast data based on asymmetric cryptography, and Spartan Secure Channel, which provides mutual authentication between chips as part of establishing a Secure Authenticated Channel, a method of transferring data which is resistant to overhearing and tampering.
“SPARTAN is the logical next piece in our IoT security portfolio,” said Pim Tuyls, chief executive officer of Intrinsic ID. “SPARTAN builds on the key creation capabilities of our BROADKEY product and the key provisioning of CITADEL to deliver strong, hardware-based authentication instantiated in software, which therefore escapes the availability, scalability and cost limitations that plague traditional security methods such as secure elements. This approach takes into account principles for IoT security issued by the Department of Homeland Security last year.”
In November 2016 the U.S. Department of Homeland Security announced issuance of Strategic Principles for Securing the Internet of Things (IoT), Version 1.0, which highlights approaches and suggested practices to fortify the security of the IoT and equip stakeholders to make responsible and risk-based security decisions as they design, manufacture, and use internet-connected devices and systems.