feature article
Subscribe Now

Verayo Leaves Tiny Fingerprints on Chips

How do penguins tell each other apart? For that matter, how to barnacles, or pigeons, or orangutans recognize each other (we know how dogs do it)? To our eyes, they all look pretty much the same.

The same could be said of FPGAs. Mass production is one of the hallmarks of the semiconductor industry, as identical chips stream off the production lines. Intel’s enormously successful manufacturing prowess revolves around the mantra, “copy exact.” Every Intel fab is just like every other Intel fab, and every chip is identical to every other chip. That’s a good thing.

But what if you needed to tell your chips apart? How would you identify one out of a batch of otherwise identical FPGAs or microprocessors? Small startup company Verayo thinks it has the answer.

Verayo (pronounced “ver-AYE-oh”) has come up with a way to embed a unique software-readable “fingerprint” in individual chips. What’s interesting about Verayo’s technique is that it doesn’t require atomic-level manufacturing skills, it’s available to anyone, and it works on totally standard FPGAs, including the ones you probably already have. How is that possible?

Verayo is understandably coy about some of the details, but the process works something like this. Every chip, no matter how carefully it’s manufactured, has some subtle differences in its internal structure or characteristics. Even though a million Xilinx Virtex-5 FPGAs may all perform identically, they’re nevertheless slightly different inside. A little extra capacitance here; a little less resistance there; you get the idea. Verayo, through means it doesn’t discuss, can detect and capitalize on these slight variations. More surprising, they can make the differences visible to software. Thus, with no modification of the chip whatsoever, Verayo is able to tell one Virtex-5 apart from all of its twins. It even works on existing components; you can apply Verayo’s fingerprinting technique to your existing FPGAs already in the field.

Why would you want to? Well, if you’re working in the security, encryption, IP-licensing, or high-availability field that’s a dumb question. For the rest of us, consider the scenario where you supply “soft” IP to a customer who then burns it into his production FPGAs. He’s licensed to produce a certain number of these chips, for which you’ve been paid. But you have no way to verify that he hasn’t produced any extra, unlicensed copies – until now.

Or perhaps you’ve configured and verified a complete system and delivered it to a customer. As part of your warranty coverage you require that none of the hardware be changed, updated, or swapped out without your permission. But how can you tell whether the customer has substituted one board with a replacement? Verayo thinks they have the answer.

Verayo’s mysterious fingerprinting technology is sold as “soft” IP that you combine with the rest of your FPGA design, just as you would with any IP (e.g., USB interface, processor core, etc.). There are no special EDA tools required and, as mentioned earlier, no special FPGA silicon. Verayo protects its IP the way most IP suppliers do: by providing an encrypted netlist rather than RTL source or schematics. Again, nothing remarkable about the process.

To identify a chip, you “challenge” it with a binary number. The chip provides a response in the same format as the challenge. For instance, a 64-bit challenge produces a 64-bit response. Both the challenge and the response can be transmitted serially (in which case, it’s a square wave) or in parallel, or via any other method that’s convenient for you. It works as fast or as slowly as you like. The only necessity is that you be able to get a binary value into and out of the chip, a pretty trivial requirement.

Every chip produces a unique response to the same key. So, for example, you can challenge all the Verayo-equipped chips in your system with a single key and you’ll get a different response from each one. Even identical chips programmed with the same bitstream will produce different responses, according to Verayo. No two chips anywhere in the world, no matter how similar or how different, will produce the same response to the same challenge.

For the truly paranoid (or the government-funded), you can “double up” by challenging the chip more than once. Just as different chips will produce different responses to the same challenge, a single chip will produce different responses to different challenges – and these will be different from every other chip’s responses.

The Weather in Moscow Is Unseasonably Warm This Year

A moment’s reflection reveals a chicken-and-egg problem: if you don’t know what response a chip will provide, how do you know that it’s correct? How do you, as the developer, tell the difference between an authentic response and a bogus one? The answer is, you ask the chip.

Since neither you, nor Verayo, nor anyone else in this world can predict how a given chip will respond to a given challenge, you have to find out empirically. It’s necessary to challenge each chip in a private, secure environment before it’s shipped into the field. Only by recording these responses can you later compare them to the chip’s “live” responses in the field and determine whether they’re genuine or not. Thus, it’s important to store the correct challenge/response pairs in a secure and encrypted area of nonvolatile system memory. Lose the codes and you’ve permanently lost the ability to tell whether Chip A is really Chip A.

It’s a good idea to challenge each infant chip several times, store all the responses, and then change-up your challenges in the field. Otherwise, a crafty system hacker could simply monitor your lone challenge/response pair and “spoof” the response the next time. But with multiple challenge/response pairs, knowing the correct response to one challenge is no predictor of the responses to the other challenges. In the best case, you’d use each challenge only once and never repeat it.

Verayo’s technology is certainly fascinating, and it’s remarkable that the company has found a way to implement it purely in soft IP with no changes to the silicon. The company is as coy about its licensing model as it is about its technology, but it’s reasonable to assume that there’s an up-front fee for access to the technology, perhaps combined with a royalty for production units. As long as Verayo keeps its fees reasonable, it will probably find a ready audience among security-conscious FPGA users.

Leave a Reply

featured blogs
Oct 27, 2021
ASIC hardware verification is a complex process; explore key challenges and bug hunting, debug, and SoC verification solutions to satisfy sign-off requirements. The post The Quest for Bugs: The Key Challenges appeared first on From Silicon To Software....
Oct 27, 2021
Cadence was recently ranked #7 on Newsweek's Most Loved Workplaces list for 2021 and #17 on Fortune's World's Best Workplaces list. Cadence received top recognition among thousands of other companies... [[ Click on the title to access the full blog on the Cadence Community s...
Oct 20, 2021
I've seen a lot of things in my time, but I don't think I was ready to see a robot that can walk, fly, ride a skateboard, and balance on a slackline....
Oct 4, 2021
The latest version of Intel® Quartus® Prime software version 21.3 has been released. It introduces many new intuitive features and improvements that make it easier to design with Intel® FPGAs, including the new Intel® Agilex'„¢ FPGAs. These new features and improvements...

featured video

Imagination Uses Cadence Digital Full Flow for GPU Development

Sponsored by Cadence Design Systems

Learn how Imagination Technologies uses the latest Cadence digital design and simulation solutions to deliver leading-edge GPU technology for automotive, mobile, and data center products.

Click here to learn more about Cadence’s digital design and signoff solutions

featured paper

Is your application protected from glitches?

Sponsored by Maxim Integrated (now part of Analog Devices)

Medical, industrial, and consumer devices require reliable operation, free from startup glitches. With the glitch-free operation available in the MAX16162, Maxim’s nanoPower supervisor IC, designers now have the means to prevent system startup glitches.

Click to read more

featured chalk talk

Benefits and Applications of Immersion Cooling

Sponsored by Samtec

For truly high-performance systems, liquid immersion cooling is often the best solution. But, jumping into immersion cooling requires careful consideration of elements such as connectors. In this episode of Chalk Talk, Amelia Dalton chats with Brian Niehoff of Samtec about connector solutions for immersion-cooled applications.

Click here for more information about Samtec immersion cooling solutions