It’s time to get much more serious about security at every level.
In his keynote speech at the Synopsys User Group last month, company chairman and co-CEO Aart de Geus defined IoT as the Internet of Threats. As interviews across the semiconductor industry have revealed over the past 12 months, his comment was very much on target.
As more things are connected—and that includes everything from watches to toasters to cars to buildings within a city—security has emerged as a fundamental concern. At the recent Consumer Electronics Show, entire teams of insurance executives and lawyers showed up to gain insights about how liability will shift, and in the case of lawyers, where the next class-action opportunities will be.
The Internet of Things/Everything/Anything is arguably the most disruptive change since the invention of movable type printing press some 566 years ago, which ended the Dark Ages and ushered forth the Information Age we’re still living in today. The next rendition could well be the Big Data phase, where everything can be tracked, analyzed, and used for both good and bad purposes.
The message that is coming through loud and clear on all sides is this data needs to be secured, and the only way to do that is to secure the machinery that processes, stores and moves that data. That sounds logical enough, until you consider just how complex the data path has become and how many factors play a role in getting that data securely from point A to point B.
In an autonomous vehicle, for example, that data must determine distance to the car in front, when a car is swerving out of its lane nearby, or whether the bridge ahead has been washed out by a flood. And if tire pressure or engine malfunction sensors detect a problem, that information must be relayed to the vehicle’s owner quickly enough to do something about the problem.
But that flow of information also can be commandeered by someone outside the vehicle, and that risk will only get worse as complexity of vehicles increases with the introduction of complex SoCs and a wireless support infrastructure, and as more of the driving is left up to the car. There is no single solution for a connected car, washing machine or insulin pump. And it no longer can be left just to the operating system or the network firewall.
Put simply, security is now a system-level design issue with no system-level solution. It needs to be part of every facet of every design, and if chipmakers and embedded software developers are waiting for standards to appear, they’re missing the revolution. Standards will never be able to keep up with the threats, which will continue to escalate, becoming increasingly sophisticated as more brainpower is applied to breaking these systems.
This means every component—IP, software, memory, I/O, packaging, interconnects—all the way through to and including manufacturing processes need to be thought of from a security standpoint, beginning with the architecture and ending at the signoff for shipped parts and even the storage of those parts. This will add cost everywhere, increase the amount of power being used, and it will add multiple layers of complexity to designs that already are far more complex than the human brain can comprehend. Moreover, this scheme will have to be continually updated as hackers find new ways to compromise systems and steal or misuse data.
This is a huge opportunity for hardware and software engineers, and it is a huge opportunity for EDA and IP companies. But it also is an enormous challenge—one that could have dire consequences when something goes wrong with much more public awareness if it does.