Vincent van der Leest, Director Product Marketing at Intrinsic ID | Originally published on Elektronik Praxis

From Security Risk to Security Guard: Managed NAND as a Foundation for IoT Security

As the Internet of Things (IoT) continues to expand rapidly, non-volitile memory (NVM) is becoming increasingly important for IoT devices. For this application, NVM contains the valuable data, software, and firmware that need to be stored permanently. Most microcontroller units (MCUs) for IoT have very little or no discrete NVM for storing this data, which is why an additional NVM chip is implemented inside of an IoT device, next to the MCU, the sensors and the connectivity chips.

Managed NAND Flash: A New Risk for IoT Devices?

Along with new opportunities come new needs; for IoT devices – and their components – that new need is increased security. Well-publicized attacks on IoT devices, such as pacemakers, baby monitors, and thermostats, demonstrate why manufacturers need to be security conscious.

security challenges for managed NAND flash

Figure 1. Typical security challenges for managed NAND flash

OEMs will typically equip their products with MCUs that contain a broad range of security capabilities, such as hardware cryptographic accelerators, random number generators and secure embedded memory. However, it is typically the storage media – in this case, a managed NAND flash – that holds most of the OEM’s precious intellectual property (IP). Unfortunately, such storage media have traditionally been more vulnerable than the MCUs. This is because the managed NAND flash is a separate module, with its own interface on the board that can be accessed quite easily by skilled attackers. The availability of a direct interface to the memory (which is not the case with discrete NVM inside the MCU) leads to the possibility for attackers to read or change sensitive data inside the memory. And without proper authentication, the NAND flash can be switched out for a malicious/counterfeit one. Such attacks not only put the IP stored in the device at risk, but also the entire network the device is connected to.

But what if you could overcome NAND’s weakness by adding strong security primitives that transform it into the foundation for system-level security, providing the opportunity to create more value to all stakeholders involved?

Making Managed NAND the Security Guard Using PUFs

There are several established methods for implementing security in flash controllers. A traditional method is deploying a Unique ID (UID), which uses a pairing protocol with the MCU to establish secure communications. Without the correct UID, the MCU will not read data from the flash. However, UIDs have been shown to be easily exposed, even by non-expert attackers. This allows attackers to circumvent the pairing, swap out managed NANDs between devices, and make unauthorized copies of the flash content. So, without the ability to keep the UID secret, there is no root of trust, and no security.

Instead of a UID, using secret cryptographic keys offers better security, but you must equip managed NAND flash with such a cryptographic key and then deal with how to store this key. Keys cannot be stored next to the data they are supposed to be protecting, because attackers will easily be able to read, copy, or alter these keys through the interface of the module. So, storage in the NAND flash isn’t an option. Any key that is physically present in the memory – even if it is shielded – is vulnerable to physical attacks. This means the keys should remain inside the NAND flash controller at all times. However, most controllers do not provide a secure area appropriate for key storage, and for those that do, the level of security offered by the mechanisms used to protect these areas can vary. In addition, the keys must be provisioned into these controllers, which is non-trivial. And again, storing keys in unprotected memory, even inside the controller, means risking hardware attacks.


Figure 2. SRAM PUFs: turning nano-scale process variations into unique cryptographic keys

The alternative approach that alleviates the burden of externally generating and securely storing root keys in a NAND flash controller is to employ an SRAM-based PUF. SRAM PUFs use the behavior of conventional SRAM memory that is typically available in the controller to extract a unique pattern or “silicon fingerprint.” This fingerprint is virtually impossible to clone or predict, and because it is inherent to the silicon, keys based on this fingerprint aren’t externally provisioned, but intrinsically generated from the chip itself.

These silicon fingerprints can be turned into master keys that establish a reliable root of trust. Whenever the root key is needed by the system, it is reconstructed without the need for storing this root key in any form of memory. This means that when the device is powered off, no secret key can be found; in effect, the root key is invisible to attackers. A whole tree of cryptographic keys can be created from this root PUF key, providing a flexible mechanism for key provisioning.

Key storage overview

Intrinsic ID provides its SRAM PUF technology to many of the world’s largest semiconductor companies, including companies like NXP, Silicon Labs, and Intel. They use SRAM PUF technology as the trusted anchor in hardware to build their security architectures upon.

To make SRAM PUF technology available for protecting managed NAND flash, solutions are now available in software that can be installed on the processor of the NAND flash controller, making them easy to add to existing hardware. Typical NAND flash controller processors have access to SRAM, either internally or in the buffer of the controller. This SRAM can be used to create the SRAM PUF fingerprint, enabling the managed NAND to create cryptographic keys simply from its own unique silicon structure.

Resolving NAND Flash security issues

Figure 3. Resolving security issues and adding value by using SRAM PUF in NAND flash controller

The cryptographic keys remain inside the processor, never leaving the boundaries of the controller, and become the basis of security. Having these strong cryptographic keys inside the NAND flash controller protects the flash content and its interfaces, while being able to authenticate the managed NAND to the MCU and even adding the unclonable device identity that is the foundation for cloud services to securely authenticate the IoT device and setup secure communications. Hence, a standard managed NAND flash is turned into the valuable foundation for system-level security of an IoT device.

To learn more about how you can turn your NAND flash controller into a security guard for software and data integrity, device authentication and anti-counterfieting for IoT devices, go to