Rice University Researchers Developed an “Unclonable” Security Key for IoT

By their very nature, IoT (Internet of Things) ecosystems are designed to network together numerous individual, connected devices. That introduces many potentially insecure points-of-entry. We’re not talking about privacy issues here, though that is a issue in its own right, but rather the overall security of network full of IoT devices. In order to increase that security, researchers from Rice University have created a new “physically unclonable function” based on the imperfections of transistors within a chip.

Currently, “secure” chips, like what you might use to add hardware encryption to an IoT device, generally rely on alphanumeric security keys stored within the hardware. When a device with one of those chips connects to a service, that security key is used to authenticate the connection. The security key acts like a unique fingerprint to identify the device, and theoretically stops other devices from posing as the trusted device.

But, that key has to be stored somewhere, which is a vulnerability. The method developed by the Rice University researchers gets around that by generating unique keys from imperfections in the transistors within a chip. Even the simplest modern IC chips have thousands of transistors — and often billions — and there are always going to be slight inconsistencies between them.

By generating a key from those inconsistencies, the researchers have found a way to create completely unique device “fingerprints.” And, because those are derived from unpredictable imperfections in the hardware, they can’t simply be cloned by an imposter device — making them very secure. At least, that’s the idea. But hackers are clever, and so we’re hesitant to echo the researchers’ claims that this method results in unclonable encryption keys. That said, it’s definitely an improvement.