Out in Front

Authentication Flash: Closing the security gap left by conventional NOR Flash ICs

Sponsored content 0

Both 5G cellular network technology and Internet of Things (IoT) provide advancements in performance to enhance and optimize smart applications. The modern computing resources have created and continued to explore new use-cases and scenarios to gain very popular and powerful with the values leveraging by artificial intelligence (AI) and edge computing technologies.

These vast momentums encompass a large market and business opportunities. Therefore use cases are well-suited for things like Augmented Reality (AR), Ultra Low Latency Mission Critical services, Fixed Wired Access networks, Autonomous vehicles and massive IoT applications. All these innovative and smart applications are mainly driven by semiconductor products.

In response to demand from security-conscious OEMs, the manufacturers of modern microcontrollers and systems-on-chip (SoCs) commonly equip their products with a broad range of security capabilities: standard, off-the-shelf 32-bit MCUs for mainstream, non-financial applications will today often feature a hardware cryptographic accelerator, a random number generator (RNG) and secure memory locations.

But serial Flash memory-the location in which much of an OEM's precious intellectual property (IP) is stored-has traditionally been more vulnerable than the SoC or microcontroller. Security weaknesses in the companion Flash memory to an MCU or SoC expose OEMs to the commercially damaging risk of product theft due to the cloning of reverse engineered PCB designs.

For this reason, OEMs today commonly "protect" their code storage hardware with a unique identifier (UID) stored in partitioned memory space in the Flash IC. In truth, however, a UID offers only a trivial barrier to attack. The weakness in this Flash security system is that the UID itself is not secure. It is a permanent, unchanging code number: once read out of memory, it can be used again by a non-authorized host.

The solution: secure, dynamic authentication

The remedy for this problem is easy to design in theory: The UID needs to be different every time the memory is challenged by the host. But the advantage of the fixed UID used today is its ease of implementation: It just needs to be programmed once into the Flash memory, and once into the host controller; then the two values may be simply compared to authenticate the Flash device.

So how can the response to a challenge from the host be different every time, yet still recognized by the host? This is the problem that Winbond has set out to solve with its W74M family of Authentication Flash ICs.

The basic method by which Winbond secures a memory's identity is through symmetric encryption: both host and memory know the same secret, a "root key". The root key is, however, never directly transmitted between host and memory (the "challenger" and "responder"). Instead, an encrypted message (a Hash-based Message Authentication Code, or HMAC) is generated by a combination of the root key and a dynamic element such as a random number.

It shows two other interesting features of the W74M. First, the non-volatile monotonic counter provides a supplementary verification of the memory's authenticity. The counter starts at zero when the root key is established, and a single increment is added in response to a command issued by the host controller, meaning that the counter has a unique value known only to the memory and the host. If the counter value provided by the memory when challenged by the host does not match the host's counter value, the value of the memory's HMAC will not be the same as that computed by the host: This signal to the host processor that the W74M authentication device has been tampered with.

The processor can use this knowledge to protect the host system, for instance by preventing the device which has been tampered with from gaining access to the host system's resources.

This protection capability is relevant to the second feature: there are four instances of the combination of root key/HMAC/monotonic counter in each W74M device. One instance will be used for authentication of the host device's controller. The other three authentication "channels" are intended for use for example in IoT devices which have to verify their identity in order to gain access to networked services. As shown here, a different root key can be securely stored for each authentication channel, and shared with the relevant host device. This means that the root keys of the host device, of the internet gateway and of the cloud service remain secret: one device has no knowledge of another's root key.

The W74M family of authentication Flash devices is available in various densities from 32Mb to 1Gb, in standard packages. This means that secure device designs which today incorporate a NOR/NAND Flash IC for code storage and an external authentication IC can replace these two chips with a single W74M package that fits in a standard Flash socket, offering a bill-of-materials cost and component count reduction while providing the most secure level of authentication.

For providing on-line shopping service to audiences in order to purchase series products in time, Winbond builds On-Line Direct Store and e-commerce platform to handle On-Line orders. Free Shipping for each On-Line order amounts reached US$ 150. If you are the first time to place orders via On-Line Direct Store, the extra 12% OFF discount will be applied to have further saving before the end of 2019. The Winbod's on-line shopping site is,

DIGITIMES' editorial team was not involved in the creation or production of this content. Companies looking to contribute commercial news or press releases are welcome to contact us.