feature article
Subscribe Now

Verayo Leaves Tiny Fingerprints on Chips

How do penguins tell each other apart? For that matter, how to barnacles, or pigeons, or orangutans recognize each other (we know how dogs do it)? To our eyes, they all look pretty much the same.

The same could be said of FPGAs. Mass production is one of the hallmarks of the semiconductor industry, as identical chips stream off the production lines. Intel’s enormously successful manufacturing prowess revolves around the mantra, “copy exact.” Every Intel fab is just like every other Intel fab, and every chip is identical to every other chip. That’s a good thing.

But what if you needed to tell your chips apart? How would you identify one out of a batch of otherwise identical FPGAs or microprocessors? Small startup company Verayo thinks it has the answer.

Verayo (pronounced “ver-AYE-oh”) has come up with a way to embed a unique software-readable “fingerprint” in individual chips. What’s interesting about Verayo’s technique is that it doesn’t require atomic-level manufacturing skills, it’s available to anyone, and it works on totally standard FPGAs, including the ones you probably already have. How is that possible?

Verayo is understandably coy about some of the details, but the process works something like this. Every chip, no matter how carefully it’s manufactured, has some subtle differences in its internal structure or characteristics. Even though a million Xilinx Virtex-5 FPGAs may all perform identically, they’re nevertheless slightly different inside. A little extra capacitance here; a little less resistance there; you get the idea. Verayo, through means it doesn’t discuss, can detect and capitalize on these slight variations. More surprising, they can make the differences visible to software. Thus, with no modification of the chip whatsoever, Verayo is able to tell one Virtex-5 apart from all of its twins. It even works on existing components; you can apply Verayo’s fingerprinting technique to your existing FPGAs already in the field.

Why would you want to? Well, if you’re working in the security, encryption, IP-licensing, or high-availability field that’s a dumb question. For the rest of us, consider the scenario where you supply “soft” IP to a customer who then burns it into his production FPGAs. He’s licensed to produce a certain number of these chips, for which you’ve been paid. But you have no way to verify that he hasn’t produced any extra, unlicensed copies – until now.

Or perhaps you’ve configured and verified a complete system and delivered it to a customer. As part of your warranty coverage you require that none of the hardware be changed, updated, or swapped out without your permission. But how can you tell whether the customer has substituted one board with a replacement? Verayo thinks they have the answer.

Verayo’s mysterious fingerprinting technology is sold as “soft” IP that you combine with the rest of your FPGA design, just as you would with any IP (e.g., USB interface, processor core, etc.). There are no special EDA tools required and, as mentioned earlier, no special FPGA silicon. Verayo protects its IP the way most IP suppliers do: by providing an encrypted netlist rather than RTL source or schematics. Again, nothing remarkable about the process.

To identify a chip, you “challenge” it with a binary number. The chip provides a response in the same format as the challenge. For instance, a 64-bit challenge produces a 64-bit response. Both the challenge and the response can be transmitted serially (in which case, it’s a square wave) or in parallel, or via any other method that’s convenient for you. It works as fast or as slowly as you like. The only necessity is that you be able to get a binary value into and out of the chip, a pretty trivial requirement.

Every chip produces a unique response to the same key. So, for example, you can challenge all the Verayo-equipped chips in your system with a single key and you’ll get a different response from each one. Even identical chips programmed with the same bitstream will produce different responses, according to Verayo. No two chips anywhere in the world, no matter how similar or how different, will produce the same response to the same challenge.

For the truly paranoid (or the government-funded), you can “double up” by challenging the chip more than once. Just as different chips will produce different responses to the same challenge, a single chip will produce different responses to different challenges – and these will be different from every other chip’s responses.

The Weather in Moscow Is Unseasonably Warm This Year

A moment’s reflection reveals a chicken-and-egg problem: if you don’t know what response a chip will provide, how do you know that it’s correct? How do you, as the developer, tell the difference between an authentic response and a bogus one? The answer is, you ask the chip.

Since neither you, nor Verayo, nor anyone else in this world can predict how a given chip will respond to a given challenge, you have to find out empirically. It’s necessary to challenge each chip in a private, secure environment before it’s shipped into the field. Only by recording these responses can you later compare them to the chip’s “live” responses in the field and determine whether they’re genuine or not. Thus, it’s important to store the correct challenge/response pairs in a secure and encrypted area of nonvolatile system memory. Lose the codes and you’ve permanently lost the ability to tell whether Chip A is really Chip A.

It’s a good idea to challenge each infant chip several times, store all the responses, and then change-up your challenges in the field. Otherwise, a crafty system hacker could simply monitor your lone challenge/response pair and “spoof” the response the next time. But with multiple challenge/response pairs, knowing the correct response to one challenge is no predictor of the responses to the other challenges. In the best case, you’d use each challenge only once and never repeat it.

Verayo’s technology is certainly fascinating, and it’s remarkable that the company has found a way to implement it purely in soft IP with no changes to the silicon. The company is as coy about its licensing model as it is about its technology, but it’s reasonable to assume that there’s an up-front fee for access to the technology, perhaps combined with a royalty for production units. As long as Verayo keeps its fees reasonable, it will probably find a ready audience among security-conscious FPGA users.

Leave a Reply

featured blogs
Feb 22, 2024
The new Cadence training website is online! This newly redesigned website provides an overview of our well-respected training methods and courses, plus offerings that might be new to you. Modern design and top-of-the-page navigation make it easy to find just what you need'”q...
Feb 15, 2024
This artist can paint not just with both hands, but also with both feet, and all at the same time!...

featured video

Tackling Challenges in 3DHI Microelectronics for Aerospace, Government, and Defense

Sponsored by Synopsys

Aerospace, Government, and Defense industry experts discuss the complexities of 3DHI for technological, manufacturing, & economic intricacies, as well as security, reliability, and safety challenges & solutions. Explore DARPA’s NGMM plan for the 3DHI R&D ecosystem.

Learn more about Synopsys Aerospace and Government Solutions

featured paper

Reduce 3D IC design complexity with early package assembly verification

Sponsored by Siemens Digital Industries Software

Uncover the unique challenges, along with the latest Calibre verification solutions, for 3D IC design in this new technical paper. As 2.5D and 3D ICs redefine the possibilities of semiconductor design, discover how Siemens is leading the way in verifying complex multi-dimensional systems, while shifting verification left to do so earlier in the design process.

Click here to read more

featured chalk talk

Maximizing High Power Density and Efficiency in EV-Charging Applications
Sponsored by Mouser Electronics and Infineon
In this episode of Chalk Talk, Amelia Dalton and Daniel Dalpiaz from Infineon talk about trends in the greater electrical vehicle charging landscape, typical block diagram components, and tradeoffs between discrete devices versus power modules. They also discuss choices between IGBT’s and Silicon Carbide, the advantages of advanced packaging techniques in both power discrete and power module solutions, and how reliability is increasingly important due to demands for more charging cycles per day.
Dec 18, 2023
9,629 views