MID-028: Hardware-backed Key Storage
Mitigation Level: Intermediate
Description
Using hardware-backed keystores allows a device to benefit from hardware-based protections for preventing key extraction or manipulation, as opposed to relying on weaker software-only protections. Hardware-backed keystores leverage dedicated hardware and hardware abstraction layers to provide security features, such as storing a root-of-trust, keys, certificates or sensitive data. Hardware-backed keystores can take different forms and can be integrated with various functionalities, such as secure elements, TPMs, or cryptographic coprocessors to offer more secure key management. For example, Android has been using hardware-backed keystores for digital signing and verification operations, key generation, and the storage of asymmetric key signing pairs. [1][2][3][4]
Physical Unclonable Functions (PUFs) are a hardware-based approach for deriving authentication credentials, device identifiers, or other cryptographic secrets from the analog characteristics of an physical integrated circuit’s implementation. Under the right conditions, a PUF can form the basis for a hardware-backed key in a fashion that is inherently unique to each device and more difficult to extract than one generated and stored in non-volatile memory during manufacturing or provisioning. PUF implementations are often categorized based on how many unique challenge-response pairs (CRPs) they are capable of generating. Simpler “weak” PUFs have few (or one) CRPs making them more appropriate for generating material like secret keys. “Strong” PUFs can respond to a large number of different challenge inputs enabling more rigorous device authentication schemes. A variety of PUF implementation styles have been proposed (with varying properties) and many can be found in commercially available microprocessors, FPGAs, and cryptographic modules. [5][6][7][8]
Consideration: MID-060 - Dedicated Cryptographic Processors will include key storage mechanisms and will enable secure operation using the keys. It is also a more comprehensive and complicated mitigation.
IEC 62443 4-2 Mappings
CR 1.9 – Strength of public key-based authentication: RE (1) Hardware security for public key-based authentication
CR 1.14 – Strength of symmetric key-based Authentication: RE (1) Hardware security for symmetric key-based authentication
CR 1.5 – Authenticator management: RE (1) Hardware security for authenticators
References
[1] Android. “Hardware-backed Keystore.” android.com. Accessed: Aug. 28, 2024. [Online.] Available: https://source.android.com/docs/security/features/keystore
[2] Rambus. “Hardware Root of Trust: Everything you need to know.” rambus.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.rambus.com/blogs/hardware-root-of-trust/
[3] V. Zimmer and M. Krau. “Establishing the Root of Trust.” uefi.org. Accessed: Aug. 28, 2024. [Online.] Available: https://uefi.org/sites/default/files/resources/UEFI%20RoT%20white%20paper_Final%208%208%2016%20(003).pdf
[4] Analog Devices. “Secure Element.” analog.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.analog.com/en/resources/glossary/secure-element.html
[5] C. Herder, M. -D. Yu, F. Koushanfar and S. Devadas, “Physical Unclonable Functions and Applications: A Tutorial,” in Proceedings of the IEEE, vol. 102, no. 8, pp. 1126-1141, Aug. 2014, doi: 10.1109/JPROC.2014.2320516.
[6] J. Hertz. “An Introduction to Physically Unclonable Functions.” All About Circuits. Accessed: Mar. 31, 2025. [Online.] Available: https://www.allaboutcircuits.com/technical-articles/an-introduction-to-physically-unclonable-functions/
[7] J. Hertz. “Physically Unclonable Functions: Classification, Evaluation, and Tradeoffs in PUFs.” All About Circuits. Accessed: Mar. 31, 2025. [Online.] Available: https://www.allaboutcircuits.com/technical-articles/physically-unclonable-functions-classification-evaluation-and-tradeoffs/
[8] “Types of physical unclonable function.” Wikipedia. Accessed: Mar. 31, 2025. [Online.] Available: https://en.wikipedia.org/wiki/Types_of_physical_unclonable_function