# Static RAM PUF --- [TOC] Notes: Kerchoff's Principle, CIA Triangle, Certificate Authority, Registration Authority, Remote Attestation, Intel SGX, AMD TrustZone, eFUSE, SRAM PUF, Instrinsic-ID, NXP, G+D, SecureFPGA, Trussed, openTitan ### Introduction --- **Traditional Security Measures taken by SemiConductor Manufacturers.** Semiconductor Manufacturers offer hardware based, step-up SKUs, implemented via : BBRAM/eFuse Options/One Time Password Solutions/Wire Bond-out/Die-specifc. - This approach is not only time-consuming but it also introduces a plethora of manufacturing and Inventory Management Challenges. - Manufacturers could greatly benefit from a software-based mechanism that would reduce complexity (the trade-off however to the software-only approach is the weak security primitives and the fact that they attract relatively easy reverse engineering attacks eg.) BreakOnce,RepeatEverywhere Attacks) - Further trade-off's of implementing complex hardwired SKU implementations extends from excess inventory write-offs to 'missing out' on sudden market demands. ### Static RAM PUF (SRAM PUF) --- - The behavior of an SRAM cell depends on the difference of the threshold voltages of its transistors. - Even the smallest differences will be amplified and push the SRAM cell into one of two stable states. - Its PUF behavior is therefore much more stable than the underlying threshold voltages, making it the most straightforward and most stable way to use transistor threshold voltages to build an identifier. ### SRAM PUF Soft-SKU **SRAM PUF** (Static RAM PUF) was developed by intrinsic-id and NXP back in 2016 in order to deliver a secure, hardware-based IP enablement capability with a software-like Flexibility mechanism. This approach allows a specific chip embedded with Soft SKU to offer protection, accountability, simpler logistics and supply chain assurances. - The Approach Can Power a Hardware-as-a-Service business model to upsell the feature set even when the device is in the field. - Hardware Level Activation With the Convenience of Software. - One variation of the Chip offers Several different personalized variations of the Soft SKU model. > The Keys to install or activate the device are protected with a secret device-unique key that is never stored but regenerated when needed. - Firmware IP is encrypted with device-bound key preventing disclosure and cloning. - Firmware IP installations on the Device are Limited in order to protect against reuse/overbuilding/over-issuing ### Protecting Secrets --- Device Makers and Manufacturers need a way to implement, deploy and make use of Cryptographic Primitives and Functions in order to securely protect their devices. This includes but is not limited to: - Protection of the Root Key - Protection of Secret Keys - Wrapping or Encrypting Keys with other Keys and Certificates. #### **Solution**: - SRAM PUF-based Key Vault makes use of Intrinsic-ID's Silicon in order to encrypt secrets stored within the Chip itself. (No unencrypted secrets are stored within the chip). - Secret Data and Keys are protected and wrapped with a root key that is not stored. - SRAM PUF does not leak information about the root key - When a Root Key is Needed, it is generated from the SRAM PUF and turned into a device-unique PUF-Root-KEY. - From the Generated Root key, other keys such as AES Encryptions keys can be created when needed. - When secrets need to be unwrapped the unwrapping key is regenerated from the SRAM PUF and Intrinsic ID's IP (all of which are kept within the same silicon) > In the enrollment phase (a one-time process) the PUF response is mapped onto a codeword of an error-correcting code. Information about the mapping is stored in the activation code (AC) or “helper data.” The AC is constructed such that it does not reveal any information about the key > It should be stored in memory that is accessible by the PUF algorithms, but it can be stored off-chip as it is not sensitive. Any change to the AC, malicious or not, will prevent key reconstruction. The AC is only valid for the chip on which it was created. > Each Time the device needs the secret PUF key a new noisy PUF measurement is carried out and the PUF key is extracted from the Activation Code. ##### Regarding CBDCs --- - CBDC's a redefining the payment ecosystem as the global trend shifts towards digital and cashless solutions. - 1/3 of the world's population(1.7Billion people) do not have a bank account and are entirely dependent on Cash. - 74% Of Global Consumers Believe that their countries will be shifting into a cashless system. - 90% of Central Banks across the World are working on some form of CBDC-related implementation - 64% of global consumers would like to use a CBDC at launch - More than 250 million Chinese have already used the digital Yuan. - Jerome Powell has been quoted saying that he "Does not want to become a Dinosaur" after having noticed that over 56% of global institutional investors believe CBDC's will replace physical/fiat currencies worldwide. - Types of CBDC's Retail CBDC's (General Public) & Wholesale CBDC (Central Bank Reservers & Financial Institutions.) - Motivations for issuing a Retail CBDC include: Financial Stability, Monetary Policy Implementation, Financial Inclusion, Domestic Payment Efficiency, Cross-Border Payment Efficiency, Payment Safety and Robustness - Sand dollar - Digital Yuan ### Further Considerations --- - **Quantum Key Encryption** - **Point of Sale/Payment Terminal interoperability** - **White Label Association** - **Fingerprint Enabled(Biometric) Cards. w/ F.Code Technology** - **Mobility as a Service** (MaaS) - **UrbanGo**: multiService Card : UrbanGo is a combo all-in-one solution Card that enables users to make payments, use public transport, identity management, piv, Student Identities, ACL's & Welfare/Pension/Food-stamps. (idemia) - Quantum-Safe 5G SIM Card Technology (Closed Source) - #### Addendum --- > REFERENCES - https://www.bis.org/publ/bppdf/bispapl125.pdf - Brink, Technology's role in Financial inclusion : Hype or Hope? - The Economist intelligence Unit, Digimentality 2021 - Bis Paper 113, Ready, Steady, go? - EMV WhitePaper - SRAM PUF: The secure Silicon FingerPrint: https://www.intrinsic-id.com/resources/white-papers/white-paper-sram-puf-secure-silicon-fingerprint/ - Intrinsic-id - https://hoover.org/research/digital-currencies-us-china-and-world-crossroads - https://investopedia.org/countriers-developing-central-bank-digital-currency-cbdc-5221005 - https://paymentsjournal.com/keeping-pace-with-the-latest-in-cbdcs/ - https://m.guardtime.com/files/CBDC_research.pdf - https://wla-payment.org/
Last changed by  
Rake
183

Read more

index

Intro to About Rake: The Outer Edge of Technology

6/21/2023
macOS Security Guide

macOS: Commandline & Basic Security Guidelines :::spoiler if you're looking for true security, forget macos and windows altogether - You should be looking at OpenBSD, Whonix and/or Qubes for desktop use || GrapheneOS for mobile. ::: Table of Contents This is a really really really high-level starter guide whose aim is merely to ensure minimal security standards for users of macOS. ==Regarding the CLI Commands: Probably the most important part of this entire document is this yellow warning== :arrow_down:

5/2/2023
Untitled

_ _ __ /_\ _ __ __ _| |_ ___ _ __ ___ _ _ ___ / _| __ _ //_\\| '_ \ / _` | __/ _ \| '_ ` _ \| | | | / _ \| |_ / _` | / _ \ | | | (_| | || (_) | | | | | | |_| | | (_) | _| | (_| | \_/ \_/_| |_|\__,_|\__\___/|_| |_| |_|\__, | \___/|_| \__,_| |___/ ___ _ _____ _ _ / _ \ |__ ___ _ __ ___ _ __ /__ \_ __ __ _ _ __ ___ __ _ ___| |_(_) ___ _ __ / /_)/ '_ \ / _ \| '_ \ / _ \| '_ \ / /\/ '__/ _` | '_ \/ __|/ _` |/ __| __| |/ _ \| '_ \ / ___/| | | | (_) | | | | (_) | | | | / / | | | (_| | | | \__ \ (_| | (__| |_| | (_) | | | |

10/28/2022
Untitled

CypherPunk Manifesto Back to activism.net/cypherpunk/ A Cypherpunk's Manifesto by Eric Hughes Privacy is necessary for an open society in the electronic age. Privacy is not secrecy. A private matter is something one doesn't want the whole world to know, but a secret matter is something one doesn't want anybody to know. Privacy is the power to selectively reveal oneself to the world. If two parties have some sort of dealings, then each has a memory of their interaction. Each party can speak about their own memory of this; how could anyone prevent it? One could pass laws against it, but the freedom of speech, even more than privacy, is fundamental to an open society; we seek not to restrict any speech at all. If many parties speak together in the same forum, each can speak to all the others and aggregate together knowledge about individuals and other parties. The power of electronic communications has enabled such group speech, and it will not go away merely because we might want it to. Since we desire privacy, we must ensure that each party to a transaction have knowledge only of that which is directly necessary for that transaction. Since any information can be spoken of, we must ensure that we reveal as little as possible. In most cases personal identity is not salient. When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am. When I ask my electronic mail provider to send and receive messages, my provider need not know to whom I am speaking or what I am saying or what others are saying to me; my provider only need know how to get the message there and how much I owe them in fees. When my identity is revealed by the underlying mechanism of the transaction, I have no privacy. I cannot here selectively reveal myself; I must always reveal myself.

10/8/2022
Read more from Rake
Published on HackMD