Field
Various features generally relate to secure cryptographic key extraction and storage, and more particularly to extracting and storing a secret cryptographic key during a secure boot process based on physically unclonable features of volatile memory.
Background
Many electronic communication devices, such as mobile phones, tablets, and computers include a device-specific cryptographic key (or keys derived from such a key) that can be used for cryptographic security processes at the electronic communication device. For example, a device-specific key known only to the device and possibly to another trusted entity (e.g., a cellular network authentication server providing communication service to the device) is used to derive keys (e.g., a public-private key pair) that are subsequently used to encrypt communication messages transmitted by the device. Securing the device-specific key from unauthorized access by other parties and/or applications is of utmost importance in order to better guarantee the integrity of cryptographic security protocols employed by the device and/or the communication network.
FIG. 1 illustrates a schematic block diagram of a prior art integrated circuit (IC) 100 that may be found in an electronic communication device. The IC 100 includes a boot loader 102, user applications 104, and a non-volatile memory circuit 106, which in turn stores a cryptographic key 108 that may be unique to the device having the IC 100. When the IC 100 is powered ON, the IC 100 retrieves and executes the boot loader that initializes various aspects of the IC 100. After the IC 100 completes its boot up process, user applications 104 (e.g., high level operating systems (HLOS), applications running on such HLOS, etc.) may be executed. The boot loader 102 and the user applications 104 may have direct access to the key 108. For example, a user application may retrieve the key 108 from the non-volatile memory 106 and use it to derive additional keys used for cryptographic processes.
Moreover, since the memory circuit 106 storing the key 108 is non-volatile memory, the key 108 is stored in the IC 100 (and therefore theoretically accessible) regardless of whether the IC 100 is powered OFF or ON. This exposes the key 108 to greater security vulnerability. For example, the top of the integrated circuit 100 package may be physically opened and an electron microscope can be used to analyze the circuitry (e.g., fuses) used for storing the key 108. Doing so may reveal the key 108 and compromise the security of the device.
There exists a need for methods and apparatuses that provide increased security in key extraction/generation and storage to help prevent unauthorized access to such keys. Improved security in key extraction/generation and storage helps increase confidence and reliability in the cryptographic algorithms and processes that rely on such keys.