NXP's silicon fingerprinting promises to annoy the heck out of ID hackers

Updated Thu, Feb 21, 2013, 5:00 AM·6 min read

It's 2013 and white hat hackers like Adam Laurie are still breaking into ID chips that are supposed to be secure. How come? Partly it's the way of the world, because no man-made NFC or RFID security barrier can ever be truly impervious. But in practical terms, a chip's vulnerability often stems from the fact that it can be taken apart and probed at a hacker's leisure. The secure element doesn't necessarily need to have power running through it or to be in the midst of near-field communication in order to yield up its cryptographic key to a clever intruder who has sufficient time and sufficient desire to breach the security of a smartphone, bank card or national border.

Which brings us to the latest device in NXP's SmartMX2 range -- a piece of technology that is claimed to work very differently and that is expected to hit the market next year. Instead of a traditional key stored in the secure element's memory, every single copy of this chip carries a unique fingerprint within the physical structure of its transistors. This fingerprint (aka Physically Unclonable Function, or PUF) is a byproduct of tiny errors in the fabrication process -- something chip makers usually try to minimize. But NXP has found a way to amplify these flaws in a controlled way and use them for identification, and it'd take a mightily well-equipped criminal (or fare dodger, or Scrabble cheater) to reverse engineer that.

Show full PR text

NXP strengthens SmartMX2 security chips with PUF anti-cloning technology

Licensing contract with Intrinsic-ID increases NXP's security leadership

Eindhoven, Netherlands, 21 February 2013 – NXP Semiconductors N.V (NASDAQ: NXPI) today announced that it will be the first company to bring to market smartcard and embedded secure element chips that integrate Intrinsic-ID's industry-leading PUF (Physically Unclonable Function) technology. PUFs are an innovative way of safeguarding individual chips from data theft by using the unique 'fingerprint' inherent in every semiconductor device to protect its encryption key, making it very hard to clone and thus reverse-engineer and compromise security microcontrollers.

Global trends such as urbanization, digitization of governmental documents, improved banking security and growing NFC adoption means that security chips are being adopted more than ever to protect user data, credentials and finances. In parallel, more sophisticated attacks have been developed that attempt to undermine security chip functionality and steal this information. By integrating Intrinsic ID's PUF technology into its secure microcontroller SmartMX2, NXP significantly enhances the chip's security architecture and strengthens applications such as NFC-enabled mobile payment, electronic ticketing, and eGovernment and cyber security services.

"Concerns about smartcard security have increased with the wide availability of sophisticated tools and invasive techniques to discover the secrets and keys that traditionally protect devices from counterfeiting, tampering and theft-of-data," said Pim Tuyls, CEO at Intrinsic-ID. "We believe that our PUF technology is ideally suited to helping to overcome this problem, particularly when combined with NXP's industry-leading secure IC solutions."

"The use of smartcard and smartcard-type functionality in NFC-enabled phones is becoming increasingly popular around the world. But for many users, security doubts still linger - providing the highest level of security for eID cards, banking cards or NFC smart phones is thus essential," said Ruediger Stroh, EVP and general manager, Identification business with NXP Semiconductors. "Adding PUF technology to SmartMX2 chips helps to alleviate user doubts as we bring more security and trust to smart life solutions and provide our customers with a key competitive edge. As such, we're very happy to have entered into this contract with Intrinsic-ID, the undisputed leader in PUF."

SmartMX and PUF technology
Intrinsic-ID's PUF technology is currently being integrated into future generations of SmartMX2 security chips. The SmartMX2 is the world's first security microcontroller with a Common Criteria EAL 6+ certificate issued by the German Federal Office for Information Security (BSI). Its IntegralSecurity™ architecture comes with more than 100 different security features protecting it against reverse engineering, semi-invasive and non-invasive attacks. Adding PUF technology significantly improves the chip's protection from reverse engineering attacks, as it removes the permanent presence of the digital encryption key on the device.

PUFs rely on the physical characteristics of SRAM (static random-access memory) technology. After powering up a secure element, the used cells are initialized randomly. This start-up behavior – bits toggling between zero or one – is different for every individual chip. As such, this content after start-up can serve as a unique fingerprint, which can then be used as a key to protect an encryption key or to protect a memory.

NXP is the No. 1 supplier to the Identification market globally, and leverages its leadership in contactless and security technologies to provide complete Identification solutions. Its trusted smart life solutions bring security and contactless performance to a wide range of applications such as eGovernment, banking, mobile transactions, transport ticketing, access management, infrastructure, device authentication, RFID tagging and gaming. NXP has shipped almost two billion SmartMX chips to its customers including 86 out of 102 countries with ePassport projects.

Visitors to Mobile World Congress in Barcelona (Feb 25 - 28) can experience NXP's Trusted Mobile Smart Life Solutions at Hall 7 A111. Together with Intrinsic-ID, NXP will demonstrate PUF technology on a SmartMX2 test chip with Intrinsic ID's SESAMES-award winning SATURNUS secure cloud application.

Links
• About SmartMX technology
• PUF Whitepaper by NXP (include link once it's online)

About Intrinsic-ID
Intrinsic-ID is the world-wide leader in security IP cores and applications based on patented Hardware Intrinsic Security'™ technology (HIS), also referred to as 'Physical Unclonable Function'. In HIS secret keys are extracted from the properties of chips like an 'electronic fingerprint' and used to offer a total protection of sensitive private and corporate data on mobile devices, embedded systems and in the cloud. Intrinsic-ID is headquartered in Eindhoven, The Netherlands and has sales offices in San Jose, Tokyo and Seoul. www.intrinsic-id.com

About NXP Semiconductors
NXP Semiconductors N.V. (NASDAQ: NXPI) provides High Performance Mixed Signal and Standard Product solutions that leverage its leading RF, Analog, Power Management, Interface, Security and Digital Processing expertise. These innovations are used in a wide range of automotive, identification, wireless infrastructure, lighting, industrial, mobile, consumer and computing applications. A global semiconductor company with operations in more than 25 countries, NXP posted unaudited revenue of $4.36 billion in 2012. Additional information can be found by visiting www.nxp.com.

Engadget
Finally, someone used Pareto’s economic theories to find the best Mario Kart 8 racer
Who hasn’t spent sleepless nights pondering what would happen if we applied the theories of Vilfredo Pareto, the early 20th-century Italian economist, to Mario, the Mushroom Kingdom’s Italian high-jump champion and part-time elephant cosplayer? Data scientist Antoine Mayerowitz, PhD, tackled that age-old question.
1h ago
Engadget
Rebel Moon Part 2 review: A slow-mo sci-fi slog
Rebel Moon: Part 2 - The Scargiver is an empty feast, a relentless onslaught of explosions, sci-fi tropes and meaningless exposition that amounts to nothing.
3h ago
Engadget
Prison Architect 2 is denied release until September 3
Double Eleven and publisher Paradox Interactive have delayed Prison Architect 2 by four moths to work on technical issues.
4h ago
Engadget
Ryan Gosling and Miller/Lord’s Project Hail Mary could be the sci-fi event of 2026
Amazon MGM just set a March 20, 2026 release date for Project Hail Mary, an adaptation of the Andy Weir novel. The film stars Ryan Gosling and is directed by Phil Lord and Christopher Miller.
5h ago
Engadget
Some of our favorite Anker power banks are up to 30 percent off, plus the rest of this week's best tech deals
Engadget's weekly deals roundup includes sales on Sonos, Apple, iRobot, Google Nest and more.
6h ago
Engadget
Automate your vacuuming and mopping with $400 off the Roomba Combo J9+
If you’re looking to automate more of your home cleaning setup, iRobot’s flagship Roomba Combo J9+ is on sale for $400 off. The vacuum-mop hybrid robot, which only arrived last fall, has a redesigned dock that automatically empties debris and refills the device’s mopping liquid.
10h ago
Engadget
Tesla is recalling Cybertrucks because their accelerator pedals could get stuck
Tesla has issued a recall for around 3,878 Cybertruck vehicles, a National Highway Traffic Safety Administration notice has revealed.
10h ago
Engadget
Engadget Podcast: PlayStation 5 Pro rumors and a look back at the Playdate
This week, Engadget Senior Editor Jessica Conditt joins Cherlynn and Devindra to chat about the PS5 Pro, as well as her piece on the PlayDate two years after its release.
11h ago
Engadget
The Morning After: The bill to ban TikTok is barreling ahead.
The biggest news stories this morning include US vs China in the form of TikTok vs WhatsApp, and did you know Taylor Swift has a new album out?
11h ago
Engadget
Fallout has already scored a green light for a second season
Amazon has renewed the hit show for a second season.
12h ago
Engadget
Baldur's Gate 3 developer confirms it won't make the sequel
The developer behind the popular, award-winning and slightly bawdy Baldur's Gate 3 may not be doing a sequel, but it does have other irons in the fire.
13h ago
Engadget
The best PS5 games for 2024: Top PlayStation titles to play right now
Here are the best games you can get for the PlayStation 5 right now, as chosen by Engadget editors.
7 months ago
Engadget
The 6 best Mint alternatives to replace the budgeting app that shut down
Intuit has shut down the popular budgeting app Mint. Engadget tested a bunch of popular alternatives. Here are our favorites.
4 months ago
Engadget
Apple says it was ordered to remove WhatsApp and Threads from China App Store
China's Cyberspace Administration ordered Apple to pull Threads and WhatsApp from its App Store in the country, the company said.
16h ago
Engadget
Surprise: Taylor Swift is joining Threads at the exact same time as her new album drop
Taylor's Threads account, and her first post, are going live around midnight.
19h ago
Engadget
The bill that could ban TikTok is barreling ahead
The bill that could lead to a ban of TikTok in the United States appears to be much closer to becoming law.
23h ago
Engadget
Netflix is done telling us how many people use Netflix
Although subscriber metrics are an important signal to Wall Street that show how quickly a company is growing, Netflix isn't the first company to do this.
1d ago
Engadget
Blizzard takes aim at Overwatch 2 console cheaters
Blizzard is targeting Overwatch 2 cheaters who use a keyboard and mouse on consoles to gain an advantage over controller users.
1d ago
Engadget
It took 20 years for Children of the Sun to become an overnight success
Though it feels like Children of the Sun popped into existence over the span of two months, it took Rother a lifetime to get here.
1d ago
Engadget
Quicken Simplifi subscriptions are half off through April 21
Quicken Simplifi subscriptions are half off through April 21. This brings the price down to $2 per month, which is billed annually at $24.
1d ago

NXP's silicon fingerprinting promises to annoy the heck out of ID hackers

Latest Stories

Finally, someone used Pareto’s economic theories to find the best Mario Kart 8 racer

Rebel Moon Part 2 review: A slow-mo sci-fi slog

Prison Architect 2 is denied release until September 3

Ryan Gosling and Miller/Lord’s Project Hail Mary could be the sci-fi event of 2026

Some of our favorite Anker power banks are up to 30 percent off, plus the rest of this week's best tech deals

Automate your vacuuming and mopping with $400 off the Roomba Combo J9+

Tesla is recalling Cybertrucks because their accelerator pedals could get stuck

Engadget Podcast: PlayStation 5 Pro rumors and a look back at the Playdate

The Morning After: The bill to ban TikTok is barreling ahead.

Fallout has already scored a green light for a second season

Baldur's Gate 3 developer confirms it won't make the sequel

The best PS5 games for 2024: Top PlayStation titles to play right now

The 6 best Mint alternatives to replace the budgeting app that shut down

Apple says it was ordered to remove WhatsApp and Threads from China App Store

Surprise: Taylor Swift is joining Threads at the exact same time as her new album drop

The bill that could ban TikTok is barreling ahead

Netflix is done telling us how many people use Netflix

Blizzard takes aim at Overwatch 2 console cheaters

It took 20 years for Children of the Sun to become an overnight success

Quicken Simplifi subscriptions are half off through April 21

About

Sections

Contribute

Buying Guides