7.6.1 Description
Physical Unclonable Functions (PUF) use the behavior of standard embedded static RAM (SRAM) to differentiate chips from each other. They are virtually impossible to duplicate, clone or predict. This makes them very suitable for applications such as secure key generation and storage, device authentication, flexible key provisioning and chip asset management.
The start-up values of uninitialized SRAM provide randomness. These values form a unique chip fingerprint, called the SRAM PUF response.
An SRAM PUF response is a noisy fingerprint, and turning it into a high-quality and secure key vault is done with the PUF controller. The PUF controller reliably reconstructs the same cryptographic key under all environmental circumstances.
The PUF generates an activation code during the enroll phase that allows further operations.
The activation code, in combination with the SRAM start-up behavior, is used to reconstruct, on demand, in real time, an intrinsic PUF key which is never stored. When the key is no longer needed, it can be removed from memory. When it is needed later it can be reconstructed.
The intrinsic PUF key can be used as a root key for key derivation and wrapping. A key protected by the PUF controller is integrity protected and can be retrieved only on the same device while it will be meaningless on other devices.
The benefits include device-unique high-quality keys, no secrets when power is off, and no root key programming.