In some recent posts, we have touched on the subject of cryptography; in particular the inclusion of cryptographic engines in SoC (System on Chip) designs for smart metering. (See: SoC Is Hot for Smart Metering and Smart Grid Needs Smart Meter SoC, Part 2.) In those contexts, the focus was on integrating analog sections like analog front ends, ADCs, and signal conditioning with digital sections, including the cryptographic engine and microprocessors. The convergence of ubiquitous communication technologies with demand for industrial sensing and analysis has heightened awareness of security issues. Security now permeates discussions in traditional industrial monitoring as well as new areas like smart energy and the Internet of Things.
For example, this site's parent, UBM, devotes significant coverage to information security under the Light Reading brand, as well as the entire focus of Dark Reading. The parent company also operates conferences like the International Fire and Security Exhibition and Conference (IFSEC), which includes such far ranging categories as access control and biometrics, IP security, and intelligent buildings.
For additional background on growing needs in security for smart grid and industrial applications, see this white paper from Maxim Integrated. (Maxim is a Planet Analog site sponsor.) To quote the paper, “Cyber attacks, theft of IP, disruption to productivity — all these threats are rising in both smart grid and industrial-control systems.”
Many electronics designers are aware of security needs and encryption methods. Most designers probably view encryption as a digital problem in that it requires manipulation of numbers via the running of algorithms, and thus processing power. In most of our Internet-enabled society that is a fair view. However, there are many interesting applications that don't have a lot of computing power or memory available, such as smart credit cards.
These needs, as well as the broader need for information security, have led to some interesting concepts using analog devices as the heart of encryption/authentication systems. Some designs for analog cryptographic devices use the inherent randomness of certain attributes of a circuit array to create a Physical Unclonable Function (PUF). In an early paper in the field, scientists at MIT described various approaches to realize PUFs, which they called Physical Random Functions.
An important concept in cryptography is that of one-way random functions (see this paper by Holenstein). A one-way function is one that is easy to calculate but hard to invert. A one-way random function generates random outputs from inputs (but is reproducible). Without reviewing the plentiful literature on cryptographic primitives (see, for example, papers by Calloway, Gupta, and many others), we can appreciate that such a function might be useful to create encrypted information that was indistinguishable from random bits. In 2009, Csaba, et al. discussed using so-called Cellular Non-Linear Networks (CNNs) as PUFs.
The basic unit of the CNNs they described comprised 3 op-amps and passives. By suitable combination of these units, non-linear behavior producing pseudo-random output could be observed. This approach is also the subject of a patent application; Figure 1 is reproduced from the application showing the unit of the CNN.
(Source: patent application EP2230793 A8)
Analog cryptographic primitives are not foolproof, and as with code-based cryptography, it is essential that any implementation be designed to resist known attack methods. An interesting topic in cryptography has to do with side-channel attacks; a simple example is that a process that takes in a cipher-text (encrypted plain-text information of some sort) and checks if it has the proper authentication can be hacked if it always returns false faster than it returns true.
This slight non-random bias can be used to mount an attack in a feasible amount of time with finite resources. Another side-channel attack can be mounted by measuring the power consumed by a circuit used in encryption/decryption. Again, if there is any bias (i.e., if it uses more power to decrypt a valid message than to reject an invalid one), it can be hacked. It is evident that an analog chip being used as a PUF could be susceptible to some side-channel attacks. From this limited discussion you can imagine that an implementation must be done with care to avoid exposing any non-random bias.
There are other approaches to use analog circuits as PUFs. If you consider any large collection of devices in an IC, there may be certain measurable values, given a known input, which are unique to a given IC because the values of passives (resistance, capacitance, and inductance) as well as interconnect properties (effective resistances, etc.) vary randomly from chip to chip. So what might be unwanted variation in one application could be used to generate unique random functions using analog ICs.
Have you worked on any crypto-projects and made use of these properties?