Trustworthy computing (with software) cannot exist without trustworthy hardware to build it on. Even if an integrated circuit is produced using rigorous procedures in a “Trusted Foundry” and certified as “trustworthy,” technology must be developed to ensure against wholesale replacement of the component with a separately manufactured but subverted “look-alike” after the point of certification. Without detection of subversion by wholesale component substitution, today's information processing systems are vulnerable to sophisticated adversaries that can fabricate “look-alike” components that perform the same function as the intended component but which may contain additional subversion artifices that can be later triggered by an adversary to disrupt or compromise operation.
Using physical system protection schemes to prevent subversive attacks in deployed information processing hardware is technically difficult and expensive. All alternative to resisting subversive attack with physical system protection schemes is to employ robustly authenticated and protected hardware architectures to enable tracing of the origin of these components. Physically Unclonable Function (PUF) technology may be leveraged to deter adversaries from attempting subversion by insertion of subversive functionality and by instantiation of counterfeit components (subversion via substitution). PUFs are derived from the inherently random, physical characteristics of the material, component, or system from which they are sourced, which makes the output of a PUF physically or computationally very difficult to predict. Silicon-based microelectronics appear to be a potentially rich source of PUFs because subtle variations in the production processes result in subtle variations in the physical and operational properties of the fabricated devices. Additionally, each device can have millions of exploitable transistors, circuits, and other active and passive components. Accordingly, PUFs extracted from microelectronics are of keen interest because of their potential applications to cyber security. Alternatively, other hardware identifiers (e.g., globally unique identifier (GUID)) may be used in place of the binding PUF values as would be appreciated by one of ordinary skill in the art having the benefit of this disclosure. It should be noted, however, that using other hardware identifiers may lose the benefit of detecting tampering, which would reduce the security of the system. Binding with other type of hardware identifiers, instead of binding PUF values, may still provide some additional security to systems.
Trusted foundry processing of silicon-based microelectronics requires enormous investments to protect against subversion; however, this investment imparts trust only during the fabrication phase of a component's life cycle. Without the equivalent of rigorous two-person control of the component during the deployment phase of its life cycle, it can be difficult to demonstrate authenticity even for components from today's trusted foundries.