in a world increasingly connected to the internet new levels of security are needed to protect our privacy and infrastructure

truly unique chips offer protection that is firmly rooted in hardware

the internet of things needs hardware security

Connected device functions in the Internet of Things (IoT) must be protected against a growing list of exposures to external threats. At the same time sensitive and valuable data must be secured when travelling over public networks.

The value for attackers to break into these systems increases as the popularity of all kinds of connected devices soars. An attacker’s business case becomes more attractive if a single exploit can be used to attack a very large population of devices. This remains true, even if there is a significant upfront investment required in breaking the security, provided that the attack can then easily be reused across a large population of devices.

Designing good security is not easy. In many instances, software is more vulnerable and easier to attack than hardware. On the other hand, software can utilize diversification, which traditional hardware chips cannot. Using a diversified, hardware-secured, root of trust provides the best possible approach to implementing a secure solution.

Truly unique chips

the solution is to make each chip truly unique

By introducing diversification at the deepest chip levels, an attack on one chip cannot be transposed to the population and it comes economically unviable to attack the platform.

We vary individual microscopic features, such as interconnects, gates and metal wires within each chip, rendering the effort of physically attacking the device futile: each chip is fundamentally different at nanotechnology level.


diversified cryptography

Taking full advantage of this capability we also developed a class of cryptographic cyphers that supports a high degree of diversification and implements individualized encryption directly into chip hardware. This can be done either as a separate security chip or as a small module to be included in an existing chip design.

The technology has been developed to be fully-integrable in standard volume chip manufacturing operations with minimal gate count requirements and can therefore be produced at low cost.

breakthrough in chip manufacturing

Existing chip manufacturing depends on mask sets to replicate the designers’ circuits onto wafers. The chips produced in this way are all identical, because the design must be etched into the masks first and these are too costly to be used for just one chip. This is akin to printing newspapers using metal printing plates.



breakthrough in chip manufacturing

Multi e-beam direct writing uses 65,000 parallel electron beams to print patterns directly from a computer memory on the wafer at a very high speed. This is analogous to how inkjet printers work. This process for the first time enables per-chip diversification at the smallest possible physical dimensions for low-cost production of truly unique chips.



compatible with existing chip manufacturing

The maskless multi e-beam process is designed to be fully compatible with existing wafer processing in terms of process, cost and capacity. This allows for a smooth insertion into existing chip factories. Established processes are used for the common functionality of the chips, while the diversified areas are printed directly from a trusted database using fast multi e-beam direct write.

compatible with existing wafer flow processes

benefits of our end-to-end solution

There are many useful applications for this approach in security, traceability and anti-counterfeiting, ranging from consumer products to industrial infrastructure:

  1. Prevent chip cloning and reverse engineering
    • Key and identity material is embedded in the silicon structure itself, resulting in diversification at chip level
    • Optimal defense against attacks like cloning and reverse engineering
  2. Resistance to side-channel attacks
    • The Irdeto Clearbox algorithm combined with the embedded key, significantly minimizes leakage of information from the chip
    • The cryptographic key is in the wiring and never directly used for (leaky) computations
    • This results in excellent resistance to side-channel attacks
  3. Secure single-chip solution
    • The embedded key, unique identity and crypto engine results in a single-chip security solution that minimizes exposure to sensitive data
    • This prevents various attack vectors applicable to multi-chip solutions
  1. High-security low-cost identity management
    • Does not require expensive or specialized silicon production steps
    • Irdeto’s ClearBox algorithm is efficient to implement in silicon with the Mapper lithographic process
    • Embed visual chip ID that is unchangeable and unique for each chip
    • No need for OTP memory cells, support circuitry or fuses and no need for programming in backend processing
    • ClearBox provides strong symmetric-key cryptography with a highly diversifiable cypher
  2. Supports a wide range of use-cases
    • In-field silicon function enablement, without the use of OTP memory or fuse maps
    • Uniquely anchor software to a specific individual chip
    • Secure chip identification and authentication
    • Uniquely encrypt data stored in external memory
    • Pre-assign unique data values to chips without a separate personalization step

© 2016 Irdeto. All rights reserved.