Designing For Security

Stacked die may improve performance and lower power, but the use of through-silicon vias (TSVs) could add new security risks.

As IC structures go, the vertical component of these chip packages is both a boon and a bust. Three-dimensional geometries allow for much less complexity in design by stacking two-dimensional dies and interconnecting them in the third dimension. The theory is that will speed up communication between layers vs. the planar chip approach, allowing interconnections between various flavors of chips that previously couldn’t be integrated in planar packages.

Graphical representation of a stack of individual chips connected by vertical pipelines or through-silicon vias. Source: IBM.

With 2.5D architectures, IP blocks can be designed on separate dies and assembled using an interposer. Such a chip can have a stacked DRAM, a Wi-Fi radio and flash memory, together with the processor in a single package. Benefits of such a design include lower power consumption, faster speed, a smaller footprint – and, it should be cheaper once economies of scale kick in.

New vulnerabilities
However, such devices are made up of a stack of ICs that were separate chips, but are now integrated into a single package. That means a new opportunity to sneak a Trojan IC into the mix has been created. Integrating such a Trojan chip, or interposer into the 3D IC assembly is a very effective means of injecting malicious circuitry. This is even truer if the Trojan lays stealth until activated by particular command, function, or timer.

Other threats can be a passive or active interposer, or a maleficent IP block that can inject malicious capability of one sort or another.

In any event, a new threat vector exists with these next-generation packages, especially with the global supply chain.

And, once that occurs and the circuit is encapsulated, traditional detection via X-ray or thermal imaging, makes it that much more difficult to detect, due to the multiple stacked layers. The only real way to find such exploits is through destructive tear-down. And even that may not ensure that the production run is secure since such compromises can be inserted at a number of steps in the supply chain (up to and including counterfeit chips) after the approval process is complete.

The security blanket
Because we are just at the starting gate with 3D architectures, the industry has the rare opportunity to integrate security at the ground floor and design for security from the outset. That opens up a number of options.

“Stacked dies have some nice benefits from a security perspective, especially on the reverse engineering side, because it makes it physically difficult to drill thought without destroying the chip,” says Paul Kocher, president and chief scientists at Cryptography Research, a division of Rambus. “Currently, the biggest concerns aren’t around the malicious tampering with chips. It is around humans making mistakes during the design process. Going in to maliciously insert bugs isn’t really all that necessary because there are a lot of them, inadvertently, in the design already. Trying to get designs to be bug- and backdoor-free is difficult. So from a resource allocation perspective, the most urgent priorities are around getting solid designs to begin with.”

This problem is compounded as the supply chain diversifies. One of the better ways to keep a tight rein on the chips and know what is going into them is to manufacture on-shore exclusively. However, except for price-is-no-object designs for uses such as in military and aerospace hardware, transportation, power infrastructures, and similar high-value applications, that isn’t likely to happen. The majority of chips will be driven by economies of scale, and go into the extremely competitive devices for the (IoT), and they will continue to be sourced off-shore.

So, what are the realities? The concept of design for security is a platform that shows promise for next-generation hardware. This would include tools such as trusted platforms and silicon-implemented crypto algorithms. There is one program that addresses security in the 3D landscape, a U.S. government, DoD-NSA program that has stringent criteria by which a fab can be rated as a “Trusted Foundry.”

“A hardware solution is more difficult to crack than a software solution,” says Tony Massimini, chief of technology at Semico Research.

For 3D structures, a bit of security comes with the territory. The fact that this is a stacked architecture makes reverse engineering more difficult that with traditional monolithic and planar devices. For example, one method is to produce a chip where the top and bottom layers are total blank, except for I/O. And critical and sensitive data can be scattered among the layers in a seemingly random fashion, making it intelligible to eavesdroppers. The beauty of this approach is that the chip can now be manufactured at any fab with a high probability that there are no surprises in the finished product. The data is diversified among the various layers in such a way that it is simply gibberish without a roadmap, making it virtually impossible to reassemble.

“For example, the stratification concept can spread a key across several layers, especially a device-specific key,” says Kocher. “When it comes to the mechanical types of probing, manipulation, and microscopy of the chip, the extra layers, thickness, number of interconnects, etc., make hacking the chip much more difficult.”

Taking that one step further, it is possible to offset the alignment of the layers, skewing the connections between layers. And there are other methodologies that can be implemented. Layer builds could be diversified among various foundries and assembled at the trusted foundry, for example. All of these methods can be part of a designing for security directive.

Beyond tomorrow0
Most work in 3D ICs today is being done based upon TSV methodology. That seems to be the best practice based upon a number of variables that include manufacturability, design ability, and cost. TSVs offer increased performance and wider pipes for conveying electrical signals.

There are some key challenges to go along with this, as well, such as aligning the layers requires extreme precision, which, in turn demands a very accurate and precise bonding technique, or a large pad. The second somewhat defeats the issues of miniaturization, which is a potential benefit of die stacking. Moreover, some of the cost issues around TSV still need to be optimized.

There is movement in alternative methods, however. BeSang has developed a different 3D IC memory chip. According to Junil Parks, senior vice president, and head of research and development at Besang, “Multiple device layers can be sequentially stacked on the top of existing devices with conventional semiconductor equipment.” http://www.besang.com/news.html

This chip can be realized in conventional CMOS. It’s construction uses a low-temperature process to build multilayer 3D ICs by applying a single, thin crystalline silicon on top of the first substrate. That layer is used to build device layers within. Integrated circuits are built, one layer at a time, using traditional vias, instead of stacking finished die via the TSVs method. By applying additional dielectric layers and a donor wafer, additional DRAM layers can be built on the single logic chip.

BeSang’s TRUE 3D IC – source: BeSang

“Semiconductors can achieve densities of 1 million interconnections per millimeter, compared to 10,000 interconnections per millimeter for stacked die using TSVs, and just 100 interconnects per millimeter for stacked packages,” Parks says. But because this is still in the development and test stages, security isn’t being addressed yet. So far, BeSang has only presented a test scenario.

Missive
3D IC technology is beginning to ramp up. As it does, the industry has an opportunity to create a platform that can have security hard-coded in the chip fabric. As this article discussed, there are some new challenges to integrating security into such chips but there is also some intrinsic security that, when combined with existing hardware solutions has the potential to, radically, secure the hardware from the bottom up.

But Kocher has an interesting perspective. In looking ahead, he comments on current security trends: “We are creating devices that are just increasingly complex, which means more opportunities for bugs. As well, there are more of these devices being deployed, which means more targets for the attackers. And the devices are of greater value, which means greater rewards for attackers.”

The short-term trends are relatively ominous, from a security perspective. Things are likely to get worse before they get better. But Kocher says we can provide strong security foundations at the silicon level for the software stacks that sit on top. And the only path out of the morass we are currently in is to work on better things to do at the chip level so we don’t have such a dependence on software being perfect.

The security of the universe is again in the hands of the chip developers.