It Takes An Army

The quest for more secure designs requires buy in at all levels of the semiconductor and software ecosystem.

popularity

Security has always been a two-way educational process. The bad guys figure out where the weaknesses are, and the good guys figure out how they got in and ways to prevent it.

This worked fine for antivirus software in the early days of the PC era, because viruses typically were generalized and the damage they did was rather crude and frequently reversible. Increasingly, however, a deep understanding of technology on a very granular level—all the way down to how ones and zeroes are used on specific IP blocks and when those blocks are turned on to communicate with other parts of a chip or system—has opened up much bigger doors for access to specific data. And coupled with much broader access and connectivity, it has created a panic in industries ranging from motion pictures to banking to retail transactions.

“Most of the security patches we see in software are retroactive,” said Lawrence Loh, vice president of engineering at Jasper Design Automation. “They know how to patch it because it already has happened.”

The solution, he said, is a new wrinkle in hardware-software co-design. Secure firmware in ROM is the primary way to access the secure features in a chip, but thieves have figured out that if you intercept the output of the ROM you can achieve the same goal as accessing that secure firmware. The trick is to make sure that the only way through the system is secured, basically narrowing the attack field to something that is manageable even if the secure code has been compromised.

“It’s pretty clear what you’re doing in software. Hardware is one of those areas that companies have kept quiet,” said Loh. “But if you don’t have to decode anything, you want to make sure the software does not have an unfair advantage.”

That seems to be a common thread in thinking about security these days. It’s not just one thing that needs to be addressed. There are many points of failure, and threats can come from any angle—application software, firmware, on-off power management—to reach deep inside the secure embedded code within a chip. Attackers are now sophisticated enough to utilize signals that move through the hardware, adding many more vulnerable points within a design. Data path architecture, which used to be a measure of signal integrity, is also now directly equated to the overall security of a chip, and frequently even an entire end-user device.

“Security is a very important subject and we’re doing a lot with it,” said Hossein Yassaie, CEO of Imagination Technologies. “The amount of argument going on around security in Europe is enormous. There’s clearly a regulation element, and that will be left to governments and politicians. But as far as we’re concerned, the underlying technology and capability needs to deliver what is required. The fundamental thing is that we believe you must have multiple secure zones, and they must be secure from each other. You really need to have containers or jackets or sandboxes for each data path. What we’ve done is that we’ve taken a very generic approach, using virtualization. Virtualization is usually done in software. We’ve done it in hardware in the MIPS cores. Even tiny IoT cores can be completely secure. That is the foundation.”

This is a rather unique twist on what previously was a software function. Virtualization from companies such as VMware and Citrix allows software to be isolated and processed in batches on virtual machines, regardless of the underlying operating system. It has proved to be an effective way of improving utilization of hardware resources, but a hardware approach to this technology can dramatically improve its security, as well.

“The people who understand it are the banks or companies like Google,” Yassaie said. “They have to deal with it. And when you explain to the consumer that the data they have is not secure from the providers they’re surprised. A bank can get access to your medical data. That’s not acceptable. You have to combine the security with something physical.”

ARM’s approach is somewhat different, but the goal is the same. The company has created TrustZone, which uses virtual processors to switch between different states that are isolated from each other. In effect, it keeps hackers from being able to access secure data while running other operations—no matter how many access points a device may have to the outside world.

“TrustZone does extend into that—signals in the interface to be enabled when you’re secure space versus not when you’re in the untrusted space,” said Simon Segars, CEO of ARM. “So you can use that to have peripherals on chip or off chip that are only enabled when you’re in the trusted mode.”

Those peripherals, and access to them can be controlled by another step, as well, within an on-chip network. That network can control security, as well as power—a distinct advantage because the power delivery system is tied into many of the core functions of an SoC.

“If you’re wearing a sensor that can predict you’re about to have a heart attack, who do you want to know about that,” asked Grant Pierce, CEO of Sonics. “And who do you want to make sure gets that message securely with the guarantee that they got it? Those are hugely important factors, and they have nothing to do with the old metrics by which lots of companies interacted with us in the past. That know-how for applying our technology is where our future customers begin to put new kinds of demands on us. We’re not going to be in a market where we build the interconnect and they will come. We need to help them use it.”

None of this means that breaches won’t happen. They will. But enough breaches have taken place—prominent ones that have garnered headlines around the globe—that technology companies are taking this issue very seriously. This isn’t a fixed threat, though. As the technology gets more sophisticated, so do the thieves, and then the technology needs to become even more sophisticated, and so on. But at least the war is being waged on two sides and across an ecosystem, with the hope that the cost of perpetrating a breach may someday exceed the value of that breach.