2014-06-05

Intellectual property (IP) has become the major building blocks of complex, highly integrated systems on chips (SoCs), which are found in almost every modern, intelligent electronic device. They have evolved into a one-chip solution that manages many to all of the functions, features, and applications that are found in the ubiquitous sea of today’s electronic products.

And as this evolution of the SoCs gains momentum, many see it becoming its own security system. Security will become more and more integrated at various hardware levels of the IC. Specific IP building blocks will be used to secure sensitive and critical data within the chip, and be as integral to the chip as ADCs/DACs, RAM, UARTS. USB, Ethernet, and many other IP blocks.

“SoCs need a secure foundation to defend them against an evolving list of attacks,” said Pankaj Rohatgi, director of engineering for Rambus’ Cryptography Research unit. “Stopgap solutions often provide a temporary defense that only works on specific devices, and against specific attacks. A slight variation in attacks renders the security useless.”

The key is being proactive in understanding potential threats rather than just reacting to breaches. “Security is like a game of chess between the good guys and the bad,” said Rohatgi. “Trying to secure SoCs without a strong security foundation is like playing chess where your opponent is always five moves ahead of you. A purely reactive defense is not much of a defense.”

As autonomous objects gain traction, SoCs will become even more pervasive. The trend is toward far more smart things – from toasters to airliners to the next generation of weapons. Some will be several-pennies devices that control a simple set of instructions for that toaster. Others will be cost-irrelevant, extremely sophisticated devices charged with high-level intelligence gathering or protecting our infrastructure. And, as Ramesh Karri, professor in the Department of Electrical and Computer Engineering, Polytechnic Institute of New York University, and this year’s chair of the security track at DAC observes, “The need for a solid security platform cannot be an afterthought.”

When that happens, the SoC will add a new dimension and become the embodiment of what is today known as the crypto processor, which is the topic of related article.

Where it all began

The first serious focus on intellectual property goes back to around the mid-1800s, believe it or not. It was inked by the North German Confederation’s constitution that used legislative power to protect intellectual property of various types (ideas, writing, drawings, etc.). More than 100 years later, c1967, intellectual property rights were modernized into the system we know today. At that time, the World Intellectual Property Organization (WIPO) was established as an agency of the United Nations, by treaty to recognize and protect intellectual property worldwide.

Intellectual property didn’t come into its own in the United States until the 1980s, when the computing era gathered steam, and large-scale development in various forms of microprocessors started gaining traction. Chip developers quickly realized just how important proprietary designs would be. The rest is history, and today there exists a plethora of IP cores for just about any function one can imagine.

What it is

Intellectual property is an umbrella term for various legal entitlements that assign to certain intangibles. This is generally information, ideas, and concepts – things in their expressed form. These “things” are defined as creations of the mind, and they are protected by IP laws. IP includes patents, copyrights, design rights, literary/artistic works, inventions, trade secrets, and other non-tangible property. Semiconductor IP is in that court as well.

Semiconductor IP cores are perhaps the most knowledge-intensive link in the object’s value chain. They define the capabilities of billions of electronic devices produced every year. In the semiconductor world, IP is circuits – hardware. Intellectual property is used as the basic building blocks of ASIC or FPGA designs. They are logic blocks integrated into the chip’s core logic (see Figure 1).

These logic blocks are reusable logic or data that describe and implement hardware functionality within FPGAs or ASICs. These IP blocks can be generic and open-source, or proprietary and as closely guarded as the Crown Jewels. Typical open-source functions include UARTs, Ethernet controllers, media access controllers (MACs), processor units, power modules, etc.

Proprietary IP contains specialized functions that were created by the developers to perform a specific task or tasks – security, for example – and may be unlike any other implementation by any other company. Proprietary IP blocks can be security routines, unique wireless designs, variants on USB modules, re-spins on memory (flash or DRAM) and controllers. Even DSPs or DACs/ADCs can have unique redesigns that improve on functionality, footprint, or power, for example.


Fig. 1: Example of embedded IP block (courtesy of Cadence).

In any event, semiconductor IP is largely responsible for much of today’s complex, yet relatively inexpensive microprocessor/microcontroller devices. It is one of the great enabling technologies of modern IC design and indispensable for the SoC.

Where it is

Today, almost all complex ICs are implemented on SoC packages. And virtually all of them contain some analog and mixed-signal circuitry in the form of these pre-designed IP blocks. Once traditional analog designs now integrate more and more digital logic to increase functionality and allow for creation of virtual devices. This trend is blurring the lines between digital and analog. Cutting-edge designs include digitally assisted analog components such as DACs, ADCs, and PLLs. As well, high analog content circuits such as audio/video interfaces, RF transceivers, and high-speed I/Os are being implemented in the digital domain as well.

Therefore, placing a security IP block on the same fabric as these other blocks makes the SoC inherently more secure and better performing. Figure 2 is an example of a microcontroller reference design of a system on chip (SoC) from Maxim Integrated products. One can see the security block, and how it is interconnected within the controller, as well as a myriad of logic blocks. Some are obviously open-source while other may be proprietary.


Fig. 2: An example of an SoC with IP security blocks (Courtesy of Maxim Integrated Products).

As a result, cutting-edge mixed-signal SoC implementation with security integration has evolved far beyond the earlier practice of importing a few standard black boxes that were designed independently from each other and layering security on top of that. Today, just about any functionality imaginable can be realized in an IP core, including security IP.

How it is done

In the semiconductor world, IP comes in three flavors, soft, firm, and hard. Soft IP cores are generally synthesized logic (RTL) cores written in code (Verilog, VHDL). They are design elements that can be implemented within the FPGA fabric and are, generally, portable. They exist either as a netlist (a list of the logic gates and associated interconnections making up an integrated circuit) or hardware description language (HDL) code.

Firm IP cores have a higher level of optimization and are often targeted for a specific device architecture or device. They are similar to hard cores in that they carry placement data but are configurable to some degree. This is where custom security protocols can be implemented, for example. Firm cores are traditionally less portable than soft cores.

Hard IP cores are implemented at the silicon level, within the FPGA fabric. They are physical manifestations of the IP design, and the least portable and flexible. This is the level were speed and performance are the best. Any IP functions that run at this level run at optimum efficiency. Security implemented at this level provides the best tamper resistance from both hardware and software attacks. It is also the most effective at this level.

These IP cores are implemented within the design, via a process called instantiation. This process creates an instance of an object, in an object-oriented programming (OOP) language. An instantiated object is given a name and created in memory using the structure described within a class declaration. They are redundant, and can be implemented multiple times within a single design and within different design projects. They can be generic or proprietary.

OOP-based security uses common object-oriented design patterns as a mechanism for access control. Such mechanisms are often both easier to use and more effective than traditional security models based on globally accessible resources protected by access control lists.

In an object-oriented security (OOS) archetype, referencing an object implies the right to use it. That sets up a security screen because it prevents objects from obtaining references to other objects to which they should not have access.

In addition, modern common object-oriented design patterns can be set up to prevent clients of an interface from accessing implementation details. This approach is effective in preventing malicious code from accessing sensitive resources.

Threat example

So what exactly can derail all of this? There are a number of different threat models that can be forced on a chip to extract data and IP. One of the most pervasive is reverse engineering (RE). It can use a wide variety of methodologies to extract sensitive data or proprietary IP.

One RE technique that is often used is called delayering. According to Karri, “delayering is when a hacker peels back the chip package and exposes each layer, one by one.” He adds that once a layer is exposed, the perpetrator takes a lot of images of it, using tools such as scanning electron microscopes (SEM), scanning capacitance microscopy (SCM) and multiple modality. This process is repeated for each layer. “Once they have the images, Karri says, “They stitch them together and try to extract gate-level netlists from them.” The process is the reverse of the design, which starts with VHDLC, or Verilog to create the gate-level logic, synthesize it, create the mask, and send it to the foundry for packaging and testing.”

Derailing such threats

Knowing that there are so many threat vectors being used to try to compromise sensitive code and data, the security industry has developed a wide array of tools to combat such attacks. One such tool is camouflage of one sort or another. While camouflage has a wide girth of options, one example that Karri presented is that security designers can place layers over each cell that makes the cells look the same. “For example, the NAND cell may look exactly like a NOR cell, which looks exactly like a XOR cell, and so on. They all have the same image when extracted,” Karri said. “What this does is force the perpetrator to peel additional layers, which means the chances of making mistakes increases. But there is a cost to that. Camouflaging cells adds cost and complexity. So the designer is tasked with balancing which cells need the camouflage the most against the added overhead.”

There are other methods of camouflage that can be implemented to protect IP as well. There can be dummy layers and cells. There also can be dummy IP and masks. These approaches also have a number of options within them.

The above discussion has peeled back the layers of IP mystery to some degree. It has also touched on the dark side of chip design – compromise, and one way to thwart it. There are, of course, many other attach vectors as well as methodologies to deflect them, which will be dissected in future articles.

Where it goes from here

Today’s design houses have acquired a deep well of IP for virtually every level of devices and functionality. In fact, in many cases, proprietary IP is the most valuable asset a company may own. Therefore, protecting that IP is at the top of short list of priorities for every organization.

As such, this deep well of IP is setting the stage for the next generation of complex SoCs that will become the core enabling devices of the Internet of Things/Everything (IoT/E).

But just because we can do it, doesn’t mean it will be painless. Objects of the IoT/E will have a wide-ranging arc of complexity, functionality, and footprint. Simple objects, such as a toothbrush that keeps track of how many minutes one brushes and how much toothpaste is used per brushing, and autonomously reorders the consumables will, likely, not have the economic bandwidth to integrate a costly high-security SoC.

For devices at this lower end of the cost cycle, Rohatgi said “the key to successful integration and cost containment, including security, is to reduce the integration requirements of the IPs. That means using standard hardware interfaces, simple clocking, and self-contained IP, to the extent possible, on the hardware side. It also means having easy software interfaces, portable and simple programming APIs, and providing reference drivers and stacks on the software side.” While this is a sensible approach, some of the very low-end devices still may not be candidates for even the cheapest SoCs.

Still, low-end devices have the same general security issues as more complex devices, such as entertainment centers, home security systems, or vehicles. So exactly how this will shake out and what inexpensive, tight and simple, yet effective designs will be developed to keep them secure, is yet to be determined.

Some companies already are addressing that segment. Infineon, for example, has a line of trust-based microcontroller solutions that are applicable to low-cost object such as printer cartridges, earphones, game controller, adapters, etc. This series does authentication and provides a minimal level of security for objects that are cost-sensitive. Infineon also has high-end devices that stratify across a multiple applications. But, in the end, whether a hacker can gain access to sensitive data via a toothbrush or a smart vehicle, is immaterial. The issue is that security is a consideration for each of them and the best way is with a platform-independent SoC that embeds security, economies of scale permitting.

Conclusion

Today’s cutting-edge production methods are capable of manufacturing dense, highly integrated, and complex multifunction SoCs. This is possible because of a deep and pervasive intellectual property library and a wealth of IP code that can embed just about any device or function to the SoC.

On the flip side, threats to such IP present a significant challenge that has to be addressed. As Karri noted, the mindset the industry must develop so that the future security must be thought of at the beginning, and not as a patch or on-the-fly. As one anonymous saying goes, “If you think education is expensive, wait until you see how much ignorance costs.” The same parallel can be drawn about securing IP and the chips it lives in. The cost of adding security pales next to the cost of what leaving it out will be.

Show more