A layered defense model ensures data remains protected even if physical access is gained.
As semiconductor designs advance into cutting-edge nodes, the complexity of integrated IP blocks from diverse sources is expanding the attack surface. Traditional software-only security measures are increasingly inadequate, as attackers exploit vulnerabilities beneath the software layer.
To counter these risks, designers of AI accelerators, automotive domain controllers, aerospace systems, and next-generation IoT devices need security anchored in hardware. Without this foundation, even the most sophisticated systems remain exposed.
This article explores the Synopsys Secure Storage Solution for OTP IP—a pre-integrated subsystem combining antifuse OTP, SRAM PUF technology, and a cryptographic engine to protect critical secrets at the silicon level. Building on Synopsys’ leadership in antifuse OTP and Security IP, this solution enables secure, device-unique key storage while reducing architectural complexity.
Modern SoCs face increasing exposure to sophisticated invasive and side-channel attacks. Purely software-based security is no longer enough because vulnerabilities at the silicon level can be exploited before software ever loads. Attackers equipped with tools such as voltage manipulation or FIB (Focused Ion Beam) probing can bypass traditional fuse-based protections, putting stored keys and configuration data at risk.
To close this gap, chipmakers are shifting toward hardware-anchored trust, where device-unique keys, secure identities, and sensitive code are protected by the physical properties of the chip itself.
Antifuse OTP has become a popular method for securely storing keys, boot code, and sensitive configuration information. However, as threats evolve, implementations that rely solely on strong secrets in antifuse OTP without additional safeguards are proving insufficient. Attackers with physical access—even when the chip is powered off—can still extract or reverse-engineer stored content.
What’s needed is a next-generation OTP approach—one that ensures data remains protected even if physical access is gained.
Synopsys’ Secure Storage Solution for OTP IP introduces a multi-layer security architecture that pairs antifuse OTP technology with SRAM PUF-derived cryptographic keys and an encryption/decryption engine to address vulnerabilities in static-key implementations (Figure 1). This layered approach delivers hardware-rooted protection that includes:
SRAM PUF: Generates a unique, device specific cryptographic root key derived from the silicon’s physical characteristics, which is never stored in memory.
Encryption: Uses the SRAM PUF key to encrypt OTP contents, ensuring that even if the OTP data is physically accessed in a powered-off state, it remains unusable without the decryption key.
This layered defense ensures OTP contents are protected even if attackers gain physical access. The main advantage is that the root key used to derive the keys needed for encryption is never stored—it is dynamically regenerated from the silicon itself using SRAM PUF technology.
Fig. 1: Synopsys Secure Storage Solution for OTP multi-layer security architecture.
Addressing the need for secure storage in embedded NVM, Synopsys Secure Storage Solution for OTP integrates advanced SRAM PUF technology, a robust crypto engine, and antifuse OTP. Each time the device powers up, the SRAM PUF reconstructs the same chip-unique root key from the physical characteristics of the chip. This key is never stored on the device; instead, it is regenerated upon every power cycle, making it resistant to cloning attempts and intrusive attacks such as those using Focused Ion Beam (FIB) techniques. This root key is then used to derive on-chip keys, which the integrated crypto engine uses to encrypt and protect information stored in the OTP.
The crypto engine supports AES encryption and decryption with 256-bit keys for data stored in the OTP and is designed to be quantum-safe. The solution also incorporates a secure controller that manages communication between the OTP, PUF, crypto engine, and the rest of the chip (Figure 2).
Fig. 2: Synopsys Secure Storage Solution for OTP block diagram.
Delivered as a pre-assembled sub-system, it integrates seamlessly into customer designs via a standard AMBA Peripheral Bus (APB) interface, offering hardware-level security while accelerating time-to-market. This integrated solution is now available in advanced process nodes, and Synopsys plans to expand support to additional process nodes—including FinFET and planar technologies—in response to market demand.
The Secure Storage Solution for OTP IP enables SoC teams to strengthen silicon-level protection across various architectures while reducing integration effort.
Key advantages include:
Designers can license the underlying OTP IP and then add the Secure Storage Solution in two flexible configurations: one focused on protecting OTP contents in the current release, and another extending protection across the entire chip, including optional system-level security features such as chip-wide ID and advanced key hierarchies in the next release.
The Secure Storage Solution for OTP IP is designed for applications where confidentiality, authenticity, and integrity are paramount, including:
By anchoring security in the physical characteristics of each chip, designers can strengthen system resilience against cloning, reverse engineering, and tampering.
Synopsys has a long-standing commitment to delivering security IP, embedded memories, interface IP, and subsystems that help customers reduce integration risk and accelerate design cycles. The Secure Storage Solution for OTP IP builds on this foundation by offering SoC teams a practical and scalable way to implement hardware-rooted security without adding architectural complexity.
By anchoring protection in the physical properties of the chip, this solution ensures sensitive data remains secure throughout the device lifecycle. Available now for advanced process nodes, Synopsys plans to extend support to additional technologies to meet evolving market needs.
Learn more: Brochure | Datasheet | Video | Web Page
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
Leave a Reply