Hiding The Electronic Crumbs

Imagine an old Western movie where the posse tracks the outlaws by following footsteps on a dirt trail or looking for broken branches. Now fast forward to the present, where the trail is electronic, the posse is comprised of bad guys, and the loot is frequently encrypted.

As any security expert will concede, every security system can be compromised, every chip can be reverse engineered and hacked, and even the most complex encryption can be decoded. The question is what’s it worth versus time invested—a basic ROI equation for criminal enterprises—and some of the new techniques being employed are enough to at least deter would-be thieves, hackers, or any other classification of electronic criminal that may arise.

Thanks for the memory imprint
Inside of any SoC these days—or even the majority of electronic devices, for that matter—the majority of available real estate is consumed by memory. That makes it much easier to turn off or power down parts of a chip when they’re not in use. It also improves performance, because signals don’t have to travel as far, and it simplifies integration of third-party IP.

What’s less obvious is how that approach works for security. There are multiple angles to this. First of all, memory itself has a memory—an imprint that is similar to what happens when an image burns into a screen. The longer you leave it in one place, the easier it is to read it.

“Memory is essentially a trapped charge,” said Chris Neil, senior vice president for the industrial and medical solutions group at Maxim Integrated Products. “You can tell if a cell sat with a one or a zero for a long time. We’ve developed memory so it’s both a one and a zero.”

This is still the extreme side of memory design for highly classified or valuable information. But it’s also becoming more mainstream, at least as a discussion point, as companies look for ways to protect themselves from breaches and possible class-action lawsuits.

“You also can take the code you want to protect and transfer it from memory to IC with decryption on the fly,” said Neil. “That way you don’t have to put a mesh around the channel and encrypt everything, and it decreases the cost.”

While experts have been sounding the alarm bells on this kind of hacking for years, awareness of the threat is only beginning to sink in on a broad scale. Driving that recognition are a series of high-profile hacking incidents that affect consumers, such as the breaches at Target, Nieman-Marcus, Twitter, Facebook, Yahoo and AOL. There are many, many more that go unreported.

But far less widely known is just how vulnerable the semiconductors used in those systems can be. In the past, hardware always was considered impenetrable, and attempts to safeguard it were viewed as an unnecessary expense. After all, sources of data theft and data leakage almost always have been ascribed to software or networking equipment, not the chips within those systems. But as thieves become more sophisticated, everything is vulnerable—and often at multiple levels within the same device, the software and even at multiple places within an SoC.

“If the attacker monitors the power, the information they extract will give them a view of the activity of the device,” said Pankaj Rohatgi, director of engineering at Cryptography Research, a subsidiary of Rambus. “So if it’s a zero, they’re doing one operation, if it’s a one, that’s another operation. You can see the sequence, and if you can distinguish whether it’s type A or type B, or shape A or B, then it’s an easy type of attack.”

Making matters much worse, the amount of IP being included in designs is increasing, and aside from the processors, almost none of it is purchased with security in mind. Specs for memory, for example, usually focus on speed, power and cost. And even though they may be isolated from other parts of a chip, they may be connected through a common bus or on-chip network. Building firewalls into those networks is being discussed, but the concept is still at the drawing board stage because end customers are balking at the cost.

Cache coherency is another challenge. It’s impossible, using current technology, to design a single-core processor with relatively good performance beyond 90nm without generating enough heat to ruin a chip. Multiple cores can work in unison, or in series, to split the processing at slower speeds, using a combination of multiprocessing, multithreading and burst modes for extremely compute-intensive tasks. But that also requires sharing memory, which increases the chance for tapping into the functions of a highly complex device because the data can be obtained in multiple directions.

The IP factor
One of the easiest access points for SoC hackers is at the IP level. While memory typically is sold as IP, there are many other types of IP that need to be integrated around it. Some of it is standard, from companies such as ARM, Synopsys, Cadence, Imagination Technologies, and all of those companies have a reputation for delivering bulletproof IP. But some of it comes from smaller vendors, which don’t have as long a history of delivering that IP, or the resources to make sure it can’t be hacked.

So far, no one is saying that IP has been delivered with back-door capabilities. But no can say that it hasn’t been, either. And virtually everyone agrees, at least privately, that the threat is growing.

“If something is alleged to be a USB controller, it could have 100,000 lines of Verilog code in there,” said Serge Leef, general manager of the system-level engineering division at Mentor Graphics. “But you’ve only tested it for its USB function. How do you determine it will not do something else?”

Moreover, if companies are buying on the basis of price, performance and power specs—which is the way most IP is fielded—they’re probably not looking for security compliance. To begin with, there are no standards in this area against which to measure security. Hiring outside companies to confirm that IP is both secure and does what it’s supposed to do—and only what it’s supposed to do—is an additional cost with a potential negative impact on time to market.

“The ecosystem today adds a number of security problems, which is very different from what it used to be,” said Lawrence Loh, vice president of engineering at Jasper Design Automation. “All the security in an SoC is based on the assumption that your hardware is secure. What if the hardware itself has a flaw so information can be obtained? That compromises the whole stack, including the software and the firmware.”

Mind shift required
As more breaches become public—something that will be exacerbated by machine-to-machine connections in the Internet of Things—security inevitably will have to go deeper because the first line of defense will be in the software and firmware. Right now there are far fewer breaches in the hardware because it’s more difficult to crack, but it is happening where the return on investment for criminals is high enough.

“What we see over and over again is that despite our best efforts, security is an afterthought rather than an original part of the design,” said Hal Kurkowski, managing director for embedded security products at Maxim. “You have to have a plan for every part of a design, including whether it’s possible to add in counterfeit parts. That can include anything from battery packs to medical consumables to IP protection, where you want to make sure it only does an authentication sequence. You need secure boot loads and you need to lock down the hardware key so no one else can replicate a design. And you need to know that if a design house is supposed to build 10,000 units that they don’t build 20,000.”

This is a different way of thinking about hardware design. But just as power was an afterthought at 90nm and a key part of the design at 45nm and beyond, security will need to become an architectural-level consideration for anything but standalone devices that don’t interact with anything else. And increasingly, at least in the electronics world, those are becoming very hard to find.