Experts at the Table, part 2: Where data gets processed, how to secure devices, and questions about whether there can be economies of scale in this sector.
Semiconductor Engineering sat down to discuss IoT chip design issues with Jeff Miller, product marketing manager for electronic design systems in the Deep Submicron Division of Mentor, a Siemens Business; Mike Eftimakis, IoT product manager in Arm‘s Systems and Software Group; and John Tinson, vice president of sales at Sondrel Ltd. What follows are excerpts of that conversation. To view part one, click here.
SE: With safety-critical devices, the key focus is how data can be moved without interruption and at high speed. How do we achieve that?
Eftimakis: We have to analyze the data, so instead of sending a video stream we have to integrate computer vision that would analyze the picture and video stream and detect spaces or movements of elements in the picture. This is an area where reduction of data is important, and it will become more important in the future.
Miller: A big portion of the power in IoT edge devices, which can include safety-critical devices, is the RF transmitter. Anything you can do locally to reduce the size or fequency of the data packet that you’re sending up to the next level can make a big difference in the battery life of these things. They have to last sometimes years on a battery. If you can transmit a packet once every minute or hour instead of once every second, because you’re processing this data locally, that can be a huge win for these systems.
Tinson: Looking slightly further out, the idea that you have energy conservation is very important at the moment. We’re all concerned with how long the battery will last. But at some point designs will incorporate energy harvesting as the way forward. You will have to harvest on the chip itself.
SE: Looking at this from a different angle, how do you design a device that determines whether to process locally, at the edge of the network or up in the cloud, and do that for multiple markets?
Tinson: We’re not designing a chip for multiple customers. We’re designing for a customer. That design has to deal with latency, power consumption, price, and they have to be traded off against each other. The customer has to find the right mix for their market.
Miller: We’re not seeing a whole lot of re-use across different markets. There is a lot of customization there that seems to be inevitable for these individual segments. What you need in a DBMS (database management system) in a car is entirely different than what you need in a device that’s monitoring the strain in a suspension bridge. They’re so different. That’s what really drives customization.
Eftimakis: At Arm we try to develop things that can be used everywhere, but our customers are designing chips that are for specific applications. We see many different cases. For IoT, designs need to be quite flexible and have some margin, because we don’t have the exact view of a market that will require billions of devices. But you also still need to focus on price and power consumption.
SE: Both analog and digital need to work reliably in some of these applications for a very long time. How do we achieve that?
Tinson: You have to pick your design house carefully. They need to be able to deal with issues like electromigration and rapid transient switching and many other things. So you really have to understand how chip design companies have dealt with these issues before. They may have worked in chips designed for satellites, and you need to look at their case studies and speak to their chief designer. They need to be able to think these things through and have experience in designing them, because a small IoT chip will face these kinds of issues in environments you may not know about. It comes down to the experience of the design house and the fab rules for what you’re trying to achieve.
Miller: There’s a lot the EDA industry has done to address some of those needs. That includes everything from the addition of aging models to the compact models used for SPICE simulation. There are electromigration and power analysis tools, which let you get a much better idea of where you’re at. It’s not just simulation. It’s also static analysis. The EDA industry is taking this issue seriously, and we’re trying to address that from a tools and expertise perspective.
SE: Security remains a big challenge. You don’t know what a device will be connected to, how security will evolve over time, or even what pieces will be put into a design. How do we solve this problem?
Eftimakis: The principle to implement security in a device is to have different layers. So you need clean separation between domains. We introduced this technology 10 years ago in the mobile world, and now it’s moving to the advanced nodes for embedded processors. You need to separate the critical elements in a device, and you need software that is well-designed and which has undergone serious review. It takes a lot to build secure software that you can trust. And then you have to separate that from the rest of the software, which may have security holes. That allows you to recover from an attack because you can trust your secure software. Another level involves the use of security elements that you put in your design that manage encryption, secure boot, the lifecyle of your device. This is another way to protect it. You can have different layers around the root of trust in your device. Adding these layers on top of each other allows you to protect better against attacks. This is the approach proposed by security researchers, which we can put in place.
SE: But we’re all still getting notices about personal data that has been compromised.
Eftimakis: Yes, because you secure a system against known attacks. New attacks will happen. That’s why it’s very important not to be able to upgrade your security rather than having something that is frozen. You have to be able to sustain new attacks. Firmware updates are critical because you need to upgrade without access to the device.
Miller: The important thing here is the depth of the defense. These compartmentalization techniques enable that. But we have to keep in mind that this is everyone’s responsibility along the supply chain. There were some surprising attacks recently where MEMS sensors were compromised by using vibrations in the speaker of a phone to overtake the phone. You have non-obvious connections in a device, including going through the mechanical domain. You need resilience and the ability to update a device, but you also have to plan for that at every stage and in every way. It’s easy for someone to say they’re just making an accelerometer and they don’t have to worry about security. That’s not true anymore. Everyone needs to play their part, and systems need to be isolated as much as possible from each other.
Tinson: From a design house point of view, the challenge is proving that a design doesn’t do something it’s not supposed to do. That’s a different challenge than functional verification, which is proving that it does what it should do. Some technique changes will be required because now we’re trying to verify security features, which is different from verifying other features. At another level, you can trust some of the features that are built into an ARM core, for example, but you also should be talking to a system-level consultant. It’s one thing to protect the chip level, but you really have to look at the entire system and how it interacts with systems around it. Someone needs to look at this from a higher level.
SE: How about programmable logic in IoT designs?
Eftimakis: The addition of programmable logic is interesting from a flexibility standpoint. The drawback is that it’s more expensive and uses more power, which is something you care about in IoT devices.
Miller: The power and area costs are not prohibitive. There has been some interesting work in areas where you have an ARM core plus some programmable logic. But in the long run we will evolve to fixed function.
Tinson: If we move to energy harvesting, we might do things differently. So we think about IoT devices at older nodes, but as volumes rise, maybe we move to more advanced nodes and smaller devices. We are just in an early phase, and what we see as key parameters today could change.
Related Stories
How To Build An IoT Chip (Part 1)
Strategies for dealing with conflicting requirements, relying on pre-integrated and pre-verified subsystems, and a growing need for better security and reliability.
What Does An IoT Chip Look Like?
As the definition of IoT evolves, so do architectures.
IoT Startups Rake In Cash
Funding is free-flowing for the field, but hurdles persist.
Leave a Reply