It's 2013 and white hat hackers like Adam Laurie are still breaking into ID chips that are supposed to be secure. How come? Partly it's the way of the world, because no man-made NFC or RFID security barrier can ever be truly impervious. But in practical terms, a chip's vulnerability often stems from the fact that it can be taken apart and probed at a hacker's leisure. The secure element doesn't necessarily need to have power running through it or to be in the midst of near-field communication in order to yield up its cryptographic key to a clever intruder who has sufficient time and sufficient desire to breach the security of a smartphone, bank card or national border.
Which brings us to the latest device in NXP's SmartMX2 range -- a piece of technology that is claimed to work very differently and that is expected to hit the market next year. Instead of a traditional key stored in the secure element's memory, every single copy of this chip carries a unique fingerprint within the physical structure of its transistors. This fingerprint (aka Physically Unclonable Function, or PUF) is a byproduct of tiny errors in the fabrication process -- something chip makers usually try to minimize. But NXP has found a way to amplify these flaws in a controlled way and use them for identification, and it'd take a mightily well-equipped criminal (or fare dodger, or Scrabble cheater) to reverse engineer that.
NXP strengthens SmartMX2 security chips with PUF anti-cloning technology
Licensing contract with Intrinsic-ID increases NXP's security leadership
Eindhoven, Netherlands, 21 February 2013 – NXP Semiconductors N.V (NASDAQ: NXPI) today announced that it will be the first company to bring to market smartcard and embedded secure element chips that integrate Intrinsic-ID's industry-leading PUF (Physically Unclonable Function) technology. PUFs are an innovative way of safeguarding individual chips from data theft by using the unique 'fingerprint' inherent in every semiconductor device to protect its encryption key, making it very hard to clone and thus reverse-engineer and compromise security microcontrollers.
Global trends such as urbanization, digitization of governmental documents, improved banking security and growing NFC adoption means that security chips are being adopted more than ever to protect user data, credentials and finances. In parallel, more sophisticated attacks have been developed that attempt to undermine security chip functionality and steal this information. By integrating Intrinsic ID's PUF technology into its secure microcontroller SmartMX2, NXP significantly enhances the chip's security architecture and strengthens applications such as NFC-enabled mobile payment, electronic ticketing, and eGovernment and cyber security services.
"Concerns about smartcard security have increased with the wide availability of sophisticated tools and invasive techniques to discover the secrets and keys that traditionally protect devices from counterfeiting, tampering and theft-of-data," said Pim Tuyls, CEO at Intrinsic-ID. "We believe that our PUF technology is ideally suited to helping to overcome this problem, particularly when combined with NXP's industry-leading secure IC solutions."
"The use of smartcard and smartcard-type functionality in NFC-enabled phones is becoming increasingly popular around the world. But for many users, security doubts still linger - providing the highest level of security for eID cards, banking cards or NFC smart phones is thus essential," said Ruediger Stroh, EVP and general manager, Identification business with NXP Semiconductors. "Adding PUF technology to SmartMX2 chips helps to alleviate user doubts as we bring more security and trust to smart life solutions and provide our customers with a key competitive edge. As such, we're very happy to have entered into this contract with Intrinsic-ID, the undisputed leader in PUF."
SmartMX and PUF technology
Intrinsic-ID's PUF technology is currently being integrated into future generations of SmartMX2 security chips. The SmartMX2 is the world's first security microcontroller with a Common Criteria EAL 6+ certificate issued by the German Federal Office for Information Security (BSI). Its IntegralSecurity™ architecture comes with more than 100 different security features protecting it against reverse engineering, semi-invasive and non-invasive attacks. Adding PUF technology significantly improves the chip's protection from reverse engineering attacks, as it removes the permanent presence of the digital encryption key on the device.
PUFs rely on the physical characteristics of SRAM (static random-access memory) technology. After powering up a secure element, the used cells are initialized randomly. This start-up behavior – bits toggling between zero or one – is different for every individual chip. As such, this content after start-up can serve as a unique fingerprint, which can then be used as a key to protect an encryption key or to protect a memory.
NXP is the No. 1 supplier to the Identification market globally, and leverages its leadership in contactless and security technologies to provide complete Identification solutions. Its trusted smart life solutions bring security and contactless performance to a wide range of applications such as eGovernment, banking, mobile transactions, transport ticketing, access management, infrastructure, device authentication, RFID tagging and gaming. NXP has shipped almost two billion SmartMX chips to its customers including 86 out of 102 countries with ePassport projects.
Visitors to Mobile World Congress in Barcelona (Feb 25 - 28) can experience NXP's Trusted Mobile Smart Life Solutions at Hall 7 A111. Together with Intrinsic-ID, NXP will demonstrate PUF technology on a SmartMX2 test chip with Intrinsic ID's SESAMES-award winning SATURNUS secure cloud application.
• About SmartMX technology
• PUF Whitepaper by NXP (include link once it's online)
Intrinsic-ID is the world-wide leader in security IP cores and applications based on patented Hardware Intrinsic Security'™ technology (HIS), also referred to as 'Physical Unclonable Function'. In HIS secret keys are extracted from the properties of chips like an 'electronic fingerprint' and used to offer a total protection of sensitive private and corporate data on mobile devices, embedded systems and in the cloud. Intrinsic-ID is headquartered in Eindhoven, The Netherlands and has sales offices in San Jose, Tokyo and Seoul. www.intrinsic-id.com
About NXP Semiconductors
NXP Semiconductors N.V. (NASDAQ: NXPI) provides High Performance Mixed Signal and Standard Product solutions that leverage its leading RF, Analog, Power Management, Interface, Security and Digital Processing expertise. These innovations are used in a wide range of automotive, identification, wireless infrastructure, lighting, industrial, mobile, consumer and computing applications. A global semiconductor company with operations in more than 25 countries, NXP posted unaudited revenue of $4.36 billion in 2012. Additional information can be found by visiting www.nxp.com.