This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

'Fingerprinting' chips are set to fight counterfeiting

04 May 2015

MIT spin-out, Verayo is taking advantage of the random variations in silicon chips and using them as authentication identifiers for consumer products.

The random variations in silicon chips can be used to assign them unique 'fingerprints'. Integrated into RFID tags (shown here), the chips can be scanned to determine if the tag is authentic (image courtesy of Verayo)

As no two human fingerprints are exactly alike, so the same goes for silicon chips: manufacturing processes cause microscopic variations that are unpredictable, permanent, and effectively impossible to clone.

MIT spinout, Verayo is now using these non-clonable variations to 'fingerprint' silicon chips used in consumer product tags, which can then be scanned via mobile device and authenticated, to aid in the fight against worldwide counterfeiting. 

“This is low-cost authentication using silicon biometrics,” says MIT's Professor Srini Devadas, Verayo’s co-founder and chief scientist.

The technology is based on Professor Devadas’ research into these variations within silicon chips, called 'physical unclonable functions' (PUFs), which cause minute speed differences in a chip’s response to electrical signals.

PUFs are created during silicon-chip manufacturing, when wires vary in thickness, and the chemical vapour deposition process — used to produce semiconductor wafers — creates microscopic bumps. Depending on these variations, electrons flow with more or less resistance through different paths of the chip, varying processing speeds.

The Verayo technology assigns manufactured chips sets of 128-bit numbers — based on these speed differences — that are stored in a database in the cloud. Integrated into radio frequency identification (RFID) tags, the chips can be scanned by a mobile device or reader that will query the database to determine if the tag is authentic. A different 128-bit number is used for each authentication.

Verayo is currently targeting the consumer-product market, partnering last year with its largest client, Canon Inc., to incorporate Verayo’s chips into RFID tags of cameras being sold across China. Other Verayo clients include gift- and loyalty-card providers. The technology can also be used to identify fake licenses and passports.

In 2002, Devadas and other MIT researchers introduced silicon PUF technology at a Computer and Communications Security Conference. By 2004, Devadas and his students had developed a few dozen bulky, PUF-enabled circuits, labelling each with a human name, such as “Harold,” “Cameron,” and “Dennis.”

They stored the speed characteristics of each in a database on their computer; when a given circuit was scanned using a custom reader, its name would pop up on the screen.
This project earned Devadas a grant from the MIT Deshpande Center for Technological Innovation, and several government grants, which helped Verayo launch in its current Silicon Valley headquarters.

Although Verayo is focused on the consumer space, the technology has other uses, such as generating 'volatile secret keys', which would only be revealed when activated by a voltage.
Because PUF chips do not store such secrets, they need voltage to reveal their unique numeric identification — which could be stored as cryptographic keys.

“When the chip powers up, there will be this 128-bit number that gets generated, but it doesn’t exist when the chip is powered down,” Devadas says. “If I don’t have a way of pulling [the key] out, I won’t know what it is.”

This technology has advantages over traditional nonvolatile data-storage devices, such as flash or erasable programmable read-only memory chips, which retain hackable data even when switched off. These nonvolatile chips are still difficult to break into, but not as difficult as PUF-enabled chips, which need to be inspected internally when the chip is powered on and the right challenges are applied.

“All of cryptography is based on something remaining secret,” Devadas says. “PUFs are a way of generating those secrets in a more physically secure manner.”


Contact Details and Archive...

Print this page | E-mail this page