New Approaches To Limit Cyberattacks On Hardware

The number and value of cyberattacks on semiconductors is rising, but new approaches to designing and packaging chips could put a significant dent in those figures.

Semiconductor-related cybersecurity attacks have multiplied more than six times since 2022, according to a report by cyber intelligence firm CloudSEK. These attacks have cost the semiconductor industry an estimated $1.05 billion in losses related to ransomware, amid the billions of dollars of strategic investments at risk in the U.S. alone. Researchers also have reported a misconfigured .git repository at a major roadside assistance and insurance vendor in India that exposed more than 20 gigabytes of sensitive data linked to leading automotive brands, including full source code, payment gateway tokens, cloud database credentials, and millions of customer and merchant records.

The list goes on. What’s changed is that hardware has become a prime attack vector, and one of the most effective ways to hack a chip (or a system of chips) is to bring that device into a lab and physically probe it for weaknesses. In the past, this often involved grinding down the package and finding various probe points with a scanning electron microscope (SEM), which made it unattractive for many criminal organizations. But SEMs are now widely available for as little as $50,000, and increased complexity has opened the door to many other avenues for tampering.

“Tampering is any kind of attempt by an adversary to physically access or modify information in the chip, which can include things like fault injection, but it also includes things like trying to get a probe onto parts of the chip or parts of a system to either modify the data that’s present or access secret information that may be available from that access point,” said Mike Borza, principal security technologist at Synopsys.

The result is that security measures need to be implemented in places that in the past were largely ignored. For example, runtime software was typically shielded in the past from tampering. But as demands for increased performance have grown, what was previously managed by a single CPU has been replaced by more specialized control devices, exposing runtime software that was considered inaccessible in the past. So now the runtime software needs to be modified to detect any changes and correct any unusual behavior, or at least to raise a flag to say a program is not what it should be.

“In the semiconductor world, that’s often called ‘a measured boot,’ said Marc Witteman, senior director at Keysight Technologies. “OCP is attempting to measure the boot and measure firmware images, which is one of the answers to getting trust assurance in place. So, in a way, you can tamper-proof software by implementing techniques that can flag it whenever it sees the software image.”

Stacking benefits and weaknesses
Ironically, the unprecedented complexity of a 3D-IC may offer enhanced protection against increasingly sophisticated attacks, especially with good floor planning. In fact, the challenge with 3D-ICs may be more about functionality and yield than security. The reason is that stacking dies adds layers of complexity and physical obfuscation that can help prevent chip tampering and reverse engineering. By vertically stacking multiple chiplets or dies, 3D-IC architectures may introduce new security protections that are not possible with traditional 2D integrated circuits, or even with other multi-die architectures.

“3D-ICs make it significantly harder for attackers to access or probe internal interconnects without detection or mitigation,” said Scott Best, senior technical director for silicon IP at Rambus. “This is true for heterogeneous die stacks, but particularly true for homogeneous die stacks. For example, if a security processor chiplet was 3D stacked with two identical copies of itself, a triple-module redundancy algorithm could be used not only to enhance operational resilience (e.g., radiation tolerance), but to thwart attempts at faulting a critical calculation.”

In a 2.5D or 3.5D design, discrete chiplets are connected through an interposer, which can leave them exposed. But in a full 3D-IC, the chiplets are connected to each other, making it more difficult for hackers to discern what’s going on deep inside the layers of stacked dies.

“3D-IC is, in many cases, more difficult to access than 2.5D technologies, or chiplet-on-interposer or system-in-package technologies, where an interposer is more similar to a small printed circuit board,” said Synopsys’ Borza. “The interposer itself may be silicon, or it may be an organic substrate, like a printed circuit board, or even the ceramic substrate in some cases, but all the interconnects are exposed. This means each of those points is relatively large physically and may be fairly accessible or made accessible to an adversary, so they have the opportunity to read that. Whereas in a 3D stack, some middle layers are going to be very difficult to access, so that gets to be comparable to the accessibility problems you have trying to get access to an on-chip secret. You’re now talking about much smaller lines, and in the case of 3D-IC, you have stacks of things on top of other things, and the middle layers are difficult to get at, so those are relatively more accessible. Tampering can happen at those interfaces just as it can happen if faults are injected into the chip using an optical source, or a laser, and that makes it potentially vulnerable to tampering.”

Multi-sourcing chiplets can help with security, as well, providing the source of those chiplets is assured. “By intentionally taking advantage of this, users can specifically target each chiplet to a separate fabrication partner,” according to John Ferguson, senior director of product management for Calibre 3D-IC Solutions at Siemens EDA. “This makes it difficult for any one source to know the full intent of the design. This can be further exploited by even breaking down individual chiplets or further breaking down the package into smaller pieces with different fabrication sources.”

It’s also possible to have the front-end-of-line for a chiplet fabricated at one foundry while the back-end-of-line is fabricated elsewhere. “The latter would look something like a passive interposer chiplet with just metal on silicon,” Ferguson said. “These could later be connected through TSVs or even through direct bonding. Similarly, individual package or substrate RDL layers could be disaggregated and sent to separate suppliers.”

But that level of complexity is daunting for design teams as well as hackers, and it can affect time to market and overall design cost, while adding other security risks. “You have to be very careful that the processes and materials used on each side of any given interface can be properly connected,” Ferguson said. “You may also be inadvertently subjecting the design to more reliability concerns due to the increased number of processing steps involved. There’s also a significant delay introduced into the supply chain caused by having to send to so many different suppliers. Even then, this may not be 100% foolproof. For example, we know through the JEDEC standards, it’s possible in DFT to trace through all interconnected chiplets in search of faults. It’s possible this kind of approach may be hacked a bit to still trace the full design functionality if not careful.”

Reducing the attack surface
The key here is identifying and limiting the attack surface, and protecting whatever is left. “If you lay out the chips in a stack, the surface is limited, whereas, if you have everything on the 2D, the attacker can easily touch everything from the bottom or the top of the bottom you see,” said Sylvain Guilley, chief technology officer at Secure-IC. “In terms of accessibility and instrumentation, placing probes and trying to read out with an oscilloscope, or also forcibly disabling a couple of things, etc., is much easier when the system is open, as opposed to when it is folded and extremely compact. When it’s a stack or sandwich, the layers in the middle are almost impossible to reach, and so there is self-protection just by the layout and the virtue of the way it is packaged.”

This is basically security through floor planning. The most important assets are less vulnerable if they are in the middle of the stack. The tradeoff is that logic and data movement generate heat, and that thermal dissipation is more difficult when the heat needs to be moved out from the middle of the stack instead of on the top or sides.

Multiple dies can also add more points of failure, which can make a device more resilient to attack. “Even though you have, let’s say, one central figure for security, you still will have to manage how the other components are authenticated and manage their own layer of security,” noted Yan-Taro Clochard, chief marketing officer at Secure-IC. “This includes assessing the threats that are specific to chiplet systems and overall decomposed die, such that we may require every part of the subsystem to include its own protection against physical attacks. But this also makes the overall security distribution more complex, and you have to protect against those kinds of situations.”

Other protections and best practices
Protecting hardware from tampering can include a wide range of techniques, from physical shields to computational safeguards.

“Hardware-based solutions include circuit-level sensors that assert alarm signals when they detect environmental extremes, clock glitches, or voltage anomalies,” said Rambus’ Best. “Tamper-evident physically unclonable functions (PUFs) are another powerful method. They can be used to derive cryptographic keys from variations in a chip’s shielding structures, such that when the device is under physical attack, the keys that the PUFs were generating can be permanently lost to the adversary. Computational countermeasures, such as random masking, are also critical to defend against non-invasive side-channel attacks like power and EM analysis. Together, these techniques form a defense-in-depth strategy that aligns with many evolving commercial standards.”

The key is to be able to defend against attacks wherever possible and to recover from attacks whenever one is successful, and this can vary significantly by the value of what’s being protected. The automotive industry is a case in point.

“The automotive industry is doing a hero’s work in driving the importance of security standards for anybody delivering microelectronics that will end up in automotive subsystems,” Best said. “There are the ISO standards for ASIL B and ASIL D, the ISO standards for cybersecurity, and the CSIP specifications, all of which start getting into tamper-resistant security ideas. Almost every market is way behind compared to the automobile industry, which is driving the advancement of these standards. If you’re building an IP block or an SoC that will touch automotive, you must take security seriously. It is a non-starter to ignore it.”

What complicates vehicle security is that they are systems of systems, so it’s no longer just the chip that the design team must contend with. They must consider what they are trying to accomplish. And if they’ve done an update, does that change things? In extreme ambient temperature, does that start changing things from a security perspective as the circuits start changing due to high temperatures?

Here, analog security is being done not so much to fortify the “analog-ness” of the PHYs and the SerDes and to prevent them or to cause them to behave more reliably, because they already have reliability concerns. “But one thing [the automotive ecosystem] is doing is adding a lot of sensors in those technologies,” Best said. “There are sensors all over the chip that are looking to say, for example, ‘Exactly what process corner was I manufactured in? Did I come up exactly on the nose, typical, or am I a little bit faster, a little bit slower?’ I’m going to adjust my performance based on fast or slow. There are aging counters that know that this chip’s getting a little bit older in the tooth, so I need to dial down what the clock performance was, because I know that offsets have accumulated over the last 5 to 10 years of operation. There are sensors for temperature to be able to know what you need to set things at. There are sensors for the voltage coming in from the system. Is it too low? Is it too high? Is there something weird going on with voltage? And in some security chips, there are light sensors to tell, ‘Does somebody have me upside down, decapped on top of a lab bench underneath a microscope, because that’s the only way that light is actually hitting this substrate, and I am not going to behave correctly when you’re shining a flashlight on me.’”

This means a lot of analog circuitries must be protected by a lot of analog sensor technology, which raises the question of who’s watching the watchman? “How are you protecting the sensor circuitry that’s protecting the more expensive circuitry? There’s a strong, healthy market out there in the world, and some of the automotive specifications specifically say, ‘You can throw as much digital security at this as you want. We also require analog sensor technology all over this SoC.’ You’re going to be looking at temperature, voltage, aging, and light in some of the higher levels of security for these systems. So you’re using analog to protect other analog, and that’s important,” Best said. “All the while, the passenger safety is at risk, and they are targets for a university lab to say, ‘We did a very straightforward break into this ECU system, then we installed some malicious keys. Once the keys were installed, we could get malware running in the car all the time. And here, we’re going to turn off auto drive, and we’re going to crash a car,’” he said.

All this will come to bear for every OEM, both within the automotive sector and otherwise. Safety and brand reputation are critical for OEMs, especially in the automotive industry, where safety issues can severely impact a brand. Security at the microelectronic level is given high importance because it directly affects passenger safety and the company’s image. “One of the most important distinctions between different brands of automobiles is the brand,” he said. “The brand distinction for these vendors is remarkable compared to other industries, and what safety issues can do to a brand is lethal. Consequently, anything that reads as safety, which gets down to microelectronic security, is taken incredibly seriously in this industry, because it does trace back to passenger safety. Equally important is the company associated with their brand and reputation.”

Conclusion
In an era where semiconductor devices underpin everything from automobiles to personal electronics and industrial infrastructure, the need for robust security is unquestionable. As systems become more interconnected and complex, safeguarding them demands an evolving, multi-layered approach that encompasses physical, analog, computational, and organizational defenses.

Packaging approaches, layout, chiplets, as well as some traditional and new anti-tampering approaches can have a big impact on how well a design can repel attacks in the first place, and how it can deal with them if those attacks are successful. But all of it needs to be addressed very early in the design cycle, with the ability to modify the defenses over time.