Locking Down The Chip

Second of two parts: Securing the interconnect fabric is the next big challenge in security.


The push toward securing chips is complicated by the amount of third-party IP that is being used inside of today’s complex SoCs. This has cast new light on the potential for on-chip networks to also function in securing signals that flow through those networks.

This becomes particularly important with the Internet of Things, because the source of those signals isn’t always obvious to the user of a device. The good and bad of the IoT is that parts of it are automated, requiring less interaction of the user.

“It will very much be about power and security,” said Grant Pierce, president and CEO of Sonics. “If you’re wearing a sensor that can predict you’re about to have a heart attack, who do you want to know about that? And who do you want to make sure gets that message securely with the guarantee that they got it? Those are hugely important factors, and they have nothing to do with the old metrics by which lots of companies interacted with us in the past. That know-how for applying our technology is where our future customers begin to put new kinds of demands on us. We’re not going to be in a market where we build the interconnect and they will come. We need to help them use it.”

This is one of the more complex management points—the point where software, hardware and I/O converge, and it’s made all the more complicated by the fact that no single company produces all of the parts.

“Our job is not to get involved with the customer’s IP,” says Kurt Shuler, vice president of marketing at Arteris. “Within our NoC fabric, we have found that a common customer requirement is firewalls. Within these firewalls, and it is a fairly simple concept, is an input, a test and an optional output.” Such firewalls are one way to keep data where it belongs, and route it effectively and efficiently, as well as act as a security notification function if rules are breached.

Shuler says the NoC firewall links to the customer’s RTL so they can send the test to the firewall. If the test passes, then it is business as usual, and the data is routed accordingly. If, however, the test sent to the firewall fails, then there is a security issue and appropriate action is taken by the circuits. Failed tests can indicate any number of issues. It may be that the data is corrupt, a malicious IP code has been activated, or it is being probed, for example.

Firewalls can also be programmed to send or receive information based on the state of the chip. In some cases, alerting a hacker that you’re onto them isn’t the best approach. For one thing, they might just find another way in. But it also can show a company where the weaknesses are in a design, which can be closed up without data loss at the appropriate time.

What’s next?
This is only part of the picture, though. Crypto processors likely will gain traction in the next few years. With the anticipated explosion of autonomous interconnected objects, software layer security faces some major challenges. Mainly, it is just clumsy and code-intensive. And, it has to be fine-tuned to the application.

And considering that eventually the will be billions of objects, with millions of potential applications and variants, out-of-the-box security software just can’t be everything to every object. Because it has to run on top of the OS, many objects, especially the simpler ones, just won’t have the bandwidth or sophistication to do that. Therefore, some sort of embedded security in hardware is the best option. Crypto processors are an ideal solution because the place security at the fabric level, and run it as a core function. And once the demand for crypto processors ramps up, economies of scale will bring them down in cost and new configurations for all types of objects will be developed.

On-chip network proliferation
Traditional SoC Cores communicate over the on-chip interconnect via either point-to-point, cross-bar or bus-based signaling – much like the conventional parallel communication buses that connect board-level components. However, on-chip bus allows only one communication transaction at a time according to the arbitration result. As a result, the average communication bandwidth of each processing element is in inverse proportion to the total number of IP cores in a system. One can readily see how this can become an issue with 100+ core chips.

There is the option of implementing multiple on-chip buses in a hierarchical architecture. While this raise the scalability constraint ceiling, it adds the overhead of application-specific grouping of processing elements, and different communication protocols to meet the application requirements.
On-chip networks change that paradigm, radically, by routing packets over a network, within a chip, between chips, or both, much like the Internet. With hundred+ core SoCs, interconnect will become a self-immolating, routing congested monster, generating heat, eating up power and skewing high-frequency signals. Figure 2 is a drawing of a traditional wired SoC and an on-chip network. One can easily see how the NoC solves the traditional spaghetti wiring conundrum.

Metaphorically speaking, NoCs resemble a grid of city blocks with streets on all sides. The streets are the grid that surrounds the cores on which data flows. The squares are the IP and other logic blocks. The interconnect is a network interface (NI) module that takes the data packets from the core and routes it thought the chip along the “streets.”

Wired SoC vs. Network SoC

Wired SoC vs. Network SoC

NoCs are virtually, infinitely scalable (within the physical limits of the die, of course). They are seen as the likely architecture for the next order of magnitude – billion-gate chips.

This is why new startup money is going toward the on-chip network market, and why Intel has created its own interconnect fabric as part of its SoC foundry offering. To that end, a couple of edge-of-the-envelope NoC concepts have been proposed. There is work being done on a crypto core, for example. The approach uses a cryptographic hardware solution designed to protect intra-SoC core communication from compromise. Essentially, this addresses the potential vulnerabilities of third party IP implemented in SoCs.

This approach secures the transport layer by overlaying some cryptographic mechanisms on the layer over existing on-chip interconnects. These mechanisms provide secure integer and authenticated communications via secure channels between cores. It is set up as a virtual channel that provides a secure tunnel between cores and prevents any other cores from “eavesdropping” on the connection.

Secure data is encapsulated in packets. The packets are then encrypted and appended with a message authentication code (another term for which MAC is an acronym). On the receiving end, if the MAC code is verified, the packet is decrypted and data is retrieved.

For this approach, transport layer security (TLS) is embedded in the NoC’s interconnect transport layer. Implementation the cryptographic interconnect security mechanism in this layer yields end-to-end security transparent to the application layer. It also is independent of the underlying interconnect, essentially isolating each interconnect channel, which sounds solid in theory.

However, while the overall concept has merit, there is a major speed bump on the horizon. It is the algorithms. Complex crypto algorithms that run on heavy horsepower hardware systems won’t work here. To keep the SoC from choking on algorithm manipulation, the cryptography codes have to be small and lightweight, yet bulletproof. Progress is being made, but again, much of it is on the drawing board.

Still, this, and some other lofty concepts, such as hybrid NoCs using wireless interconnect within chips (http://www.drexel.edu/now/news-media/releases/archive/2012/August/Wireless-Network-on-Chip/) for data routing are starting to bubble to the surface.

NoCs for crypto processors are an interesting concept. There is promise but the matrix from points A to B is very convoluted. Since there is no clear vision for the IoT/E and there are so many drivers, making prognostications as to what crypto processors for the IoT/E will look like is risky. However, somehow, someway, they will ultimately happen.

For crypto processors, NoCs, IoT/E, and things that are out there, security becomes the big sticking point for market success. What’s clear, though, is that security cannot be an afterthought. All industries—software, hardware, applications, etc., must adopt the mindset that security gets built in at the get-go. Until that happens, progress will come in fits and starts, with lots of setbacks. Patches are just not going to work with the complexity, diversity, and ubiquity – whatever this metamorphosis will finally end up as.