Building on an idea once co-conceived by Mapper, Eindhoven-based Sandgrain is developing an integrated solution for trusted authentication of connected systems by combining hard-coded ICs and a cloud platform. DeeptechXL is backing the startup with a seed investment.
A major challenge for the Internet of Things remains the vulnerability of the end nodes. The higher system levels are relatively well protected using public-key certificates, MAC address management, secure elements and the like. Getting into an end node, however, is still rather easy. A case in point is the famous hack of a casino through an internet-connected fish tank in 2017.
There are two main approaches to giving an IoT end node a trusted identity: storing the ID in the node itself, in some form of protected memory, or in a central system. Both are flawed, though. With node-based identity management, the end node can still be hacked, no matter the level of protection. Worse, the stolen ID can be endlessly replicated and all copies will be seen as valid. The central approach is fundamentally more reliable, allowing much better detection and control after detection, but when identities and physical devices aren’t linked, a hacker could steal an ID and insert it into his own clone.
High Tech Campus startup Sandgrain is working on an integrated solution, combining an immutable link between the identity and the physical device with a central identity management system. The brains behind the grains include co-founders Pieter Hooijmans (ex-Philips Semiconductors, ex-NXP), Casper Juffermans (ex-Philips Research, ex-NXP, former director of the Else Kooi Laboratory) and Jeroen Doumen (ex-Irdeto). They’ve received a 1.3-million-euro seed investment from venture capital fund DeeptechXL.
“Trusted authentication is dearly required before valuable data is exchanged or critical operations are commanded,” says CTO Hooijmans. “Due to the lack of proper authentication, today’s connected systems are frequently hacked and modules are either illegally copied or they become untraceable for recycling. This means that these systems suffer from unverified configurations, they risk becoming unreliable and their maintenance is unnecessarily expensive.”
“Our integrated solution enables system owners to verify the integral configuration at any desired moment, which, for instance, could be necessary to perform a secure download of new firmware. Once implemented, it also allows full control over the lifecycle status of all identified modules throughout their entire lifetime up to end-of-life for proper recyclability. Our solution is broadly applicable and infinitely scalable, potentially serving billions of identities. Our initial focus is on the high-tech equipment sector, giving every embedded board one of our authentication tokens. Next on our list are the many ECUs and electronic modules in vehicles and airplanes, followed by consumer applications like lighting and sensor networks.”
“With this investment from DeeptechXL, we’ll quickly make the jump to accelerated product development, ready to start widespread pilot tests with several interested companies and government bodies,” Hooijmans explains. “By the end of this year, we plan to be set for functional introduction in the market. This enables us to grow our network of partners participating in a more in-depth application analysis of our solution. We aim to eliminate the gaps in the current trusted authentication and cybersecurity market, as well as provide a solution promoting greater circularity.”
1043 unique chips
Sandgrain has its roots in UniqIC, a company that started as a joint venture between security specialist Irdeto and Mapper Lithography. To push its maskless e-beam technology as an alternative to ASML’s optical litho, the illustrious semicon Icarus from Delft came up with a fourth application, next to mask fabrication, prototyping and small-series production: printing unique identification codes on chips. UniqIC was spawned to develop security solutions around this idea.
Founded in 2019, successor Sandgrain hard-codes the identification of a chip in such a way that it can never be altered in any way – the IDs are written deterministically on wafer level by breaking specific physical contacts in a truly read-only memory matrix. According to the startup, this makes its solution superior to alternatives based on microcontrollers with programmable memories, the intrinsic flexibility of which renders them fundamentally vulnerable to hacking. After processing, every Sandgrain IC is one of a kind. Using 128-bit codes, 1043 unique chips can theoretically be fabricated – more than there are grains of sand on Earth.
The Sandgrain silicon will become available in several forms, optimized for different applications. The offering will start with a simple miniature 8-pin package, later followed by RFID-compatible alternatives. They can be added to any electronic board and connected to the local microcontroller using the standard SPI interface. For more advanced solutions, the silicon can be integrated into a multi-chip package or ultimately as an IP block in a larger IC.
Basic or full
The identification is controlled by Sandgrain’s Cyberrock data management system. This cloud-based platform is built from three elements: a secure vault containing all keys for generating and evaluating IDs, a database containing all context information for these IDs, including the lifecycle status, and a decision engine that analyzes all available info to assess the authenticity of a received ID request. The system doesn’t directly store the embedded identification codes but instead uses serial numbers as internal references. Only the vault can link the two.
Upon request, Cyberrock will generate new IDs. The vault will take the next available serial numbers, create unique codes from them and notify the database that they’re now in use. Each customer gets a dedicated section within the database, completely shielded from the rest. The generated IDs are sent to the wafer processing facility, where they’re written into the ICs. This is done in a mid-end process step, using one of several techniques with masks, lasers or electron beams, depending on the volumes.
Placed on a printed circuit board in a system in the field, a Sandgrain IC can communicate with Cyberrock through the microcontroller and the system’s wired or wireless internet connection. Upon first contact, the cloud platform will register the associated serial number as active. From that moment on, the ID can be read out and authenticated by the platform. Cyberrock will verify that it’s active, use the available context information to decide whether it’s authentic or not and return the verdict. This can be a basic identity check of the provided ID, but usually, it’s a full symmetrical authentication using a cryptographically secure challenge-response mechanism.
The Sandgrain ICs can be manufactured by standard semicon equipment. “Low-volume production won’t be a problem,” expects Hooijmans. “Because of their small size, roughly 0.3 by 0.3 millimeters, we can put more than 100,000 of our ICs on an 8-inch wafer. Relatively simple mask-based production technology will get us a long way there.”
Higher volumes will require additional mid-end process steps. “But these are also already commonly found in wafer processing facilities. It won’t be necessary to develop new equipment,” Hooijmans asserts. “Some of us are dreaming of having our own Sandgrain factory one day. Whether that’s going to happen will be a purely business discussion based on such factors as volumes, load and cost.”