New Security Risks Create Need For Stealthy Chips

Thinner dies and insulation layers add vulnerabilities for better hacker tools. Solutions do exist, but there are tradeoffs and no guarantees.


Semiconductors are becoming more vulnerable to attacks at each new process node due to thinner materials used to make these devices, as well as advances in equipment used to simulate how those chips behave.

Thinner chips are now emitting light, electromagnetic radiation and various other types of noise, which can be observed using infrared and acoustic sensors. In addition, more powerful tools make it possible to crack encrypted security keys faster than in the past. As the  sophistication of hackers grows, these developments represent new threats across a broader attack surface.

Security always has been a game of cat and mouse, where new vulnerabilities are exposed and then patched, so whether these new vulnerabilities and tools change the fundamental threat model isn’t obvious. What is clear is there is much more to worry about, and it’s no longer just about software. Side channel attacks are very real, and that threat will grow as the number of connected devices increases, and as more electronics are used in safety-critical applications such as automobiles, medical, industrial and aerospace.

Good hardware security typically involves the architecture of a chip. This can include compartmentalization of keys and boot sequences, anti-tampering devices, and some increasingly sophisticated obfuscation techniques. All of these must be designed in, and depending up on the level of security, they can impact the operation and efficiency of electronic systems. This is becoming particularly important as the “edge” begins to take shape, in part because data generated by sensors will be scrubbed and partitioned — and therefore more valuable and potentially useful for hackers — and in part because it provides a conduit to other data.

“We’re seeing a free-for-all at the edge,” said Serge Leef, program manager in DARPA’s Microsystems Technology Office. “The current defense strategies assume the edge is not secure. The next line of defense is the gateway, then the Internet switching, and so on all the way up to the cloud.”

In the past, many of the attacks started with software because it could be done remotely and because hardware was more difficult and time consuming to figure out. That has changed as the equipment needed to perpetrate those attacks becomes increasingly more capable and far less expensive, and as the hackers themselves become more sophisticated. For example, fault injection — a method developed to plug weaknesses in designs — instead is being used to exploit those weaknesses.

“We’re seeing IP theft using ion beams and X-rays to detect the state of bits,” said Warren Savage, research scientist in the the University of Maryland’s Laboratory for Intelligence and Security, which works closely with DARPA. “With a working device, you can find out where the keys are stored. You also can do thermal and light sensing if you decap a device. The bottom line is everybody should be a lot more afraid than they are. There are a lot of people out there who want to steal data or IP.”

Physics isn’t helping matters.

“Perhaps one of the most disturbing things that has started to happen is that you’re now seeing things like spontaneous photonic emission from silicon,” said Mike Borza, principal security technologist at Synopsys. “With very thin-back wafers or die you can start to read out keys and registers based on spontaneous emissions. It’s a side channel attack, but it’s a very different kind. It’s an optical emission side channel that nobody thought existed because silicon was thought not to emit light, but spontaneously does. And averaged over enough samples, you can build up knowledge of what the contents of memories are.”

The possibility of attacking chips through side channels has been well documented since at least the mid-1990s. Early attacks involved grinding off the top of a package and inserting probes to monitor electrical signals, often in conjunction with a scanning electron microscope to observe how the chips were operating. Much has changed since then in terms of the ease of tracking activity externally and the ability to process that data much more quickly.

Using photonic emissions to access sensitive data inside of chips was first identified as a potential vulnerability a decade ago by the French Space Agency (Centre National d’Études Spatiales), but it was considered too difficult and time-consuming to be a real threat for most applications. Since then, equipment for simulation and almost unlimited processing in the cloud have greatly increased the ability to track everything from light to thermal changes inside a chip to noise from digital switching. As a result, these kinds of attacks are now easier and faster to carry out, and more difficult to prevent.

The same is true with electromagnetic signals, which have long been one of the main sources of side-channel attacks. “Today, you can point an infrared gun at a chip and read an electromagnetic signal,” said Vic Kulkarni, vice president and chief strategist for ANSYS’ Semiconductor Business Unit. “You can literally watch it. Receiving and transmitting is the classic side-channel attack. As you process data and transmit, the hacker sees the signal change.”

All of this is of particular interest in safety-critical markets, particularly where technology is supposed to last for a couple decades. “There’s a recognition that you can never protect 100% of a design, and that there is no silver bullet,” said Michael Chen, director for IC verification solutions at Mentor, a Siemens Business. “The problem there is how you keep all of this hardware updated over its lifetime. To do a secure firmware update, you need a trusted device. This is why we’re starting to see zero-trust manufacturing. The idea is that you trust no manufacturer, no OSAT, no contract manufacturer.”

Still, it’s impossible to predict what will be vulnerable in the future and why. Car companies discovered this with the first hack of the controller area network (CAN) bus. Prior to that, no one even considered electronic security in cars. After all, why would anyone want to hack into a car? The same was true when branch prediction and speculative execution were added into server chips to improve performance, both of which were considered innovative ways to boost performance. That was before Spectre and Meltdown leveraged those techniques to tap into the system’s cache.

“We certainly can eliminate low-hanging fruit and bugs and do a better job identifying those bugs with security implications,” said Chen. “But you often don’t know what to protect and who to protect it from.”

Solutions and tradeoffs
Still, there are techniques that can help. One of the best ways to deal with hackers is stealth technology. The approach in semiconductors is more like hiding in plain sight than what is used in stealth aircraft, where radar signals are either deflected or absorbed.

“The challenge is whether we can create cryptography that is ‘quiet,'” said DARPA’s Leef. “There are a couple of principal strategies to do that. The first is that you can associate any transistor that is active with one that cancels it out, so basically they are canceling each other’s transmissions. The second is that you generate noise, and you produce so much noise that it’s not clear what you are hearing. But you cannot use just one of those strategies. You need a combination of at least two. So there is not a single solution.”

The tradeoff is that these approaches are considered active security. It requires power to generate noise to effectively mask whatever occurs on a chip during active use. These types of approaches also can have a big impact on performance because it takes time—often measured in nanoseconds—to identify and neutralize various optical and acoustical waves. But those measures are additive, so more security adds more time. And they all require area because extra circuitry is required.

“There are many different techniques that fall into the category of obfuscation or hiding the signal,” said Helena Handschuh, a Rambus fellow. “What you’re trying to do is make it a bit more complicated. Whatever is slightly different or looks more random and has some unpredictability is useful. Randomness is one of the major ingredients that you want to have in your system. So changing materials may help. The bigger cost, though, may be design and debug time, interwoven with a level of uncertainty about how effective these approaches will be over the long term.”

And there are plenty of different options, each with its own tradeoffs.

“There are approaches that use asynchronous logic that is not running at a clock speed to slow those edges down, or to de-correlate them from the processing stream such that you can’t easily recover that information,” said Synopsys’ Borza. “There are a number of means to mitigate side channel attacks — particularly power analysis types of attacks — such as intentionally increasing the noise. Those make the chip bigger and it makes it use more power, which are costs. But what you really need is not just one technique to obfuscate that signal. You need several techniques that are combined together to make it very difficult to recover the signal.”

One of the newer approaches involves what amounts to load balancing across a chip to make that thermal variation more difficult to identify.

“What you’re looking for is a uniform heat signature,” said ANSYS’ Kulkarni. “You don’t want the chip to have hot spots.”

Fig. 1: Side-channel attack on a crypto function. Source: Synopsys

Growing roles and risks with AI
AI adds another dimension to security. It can be used to prevent or identify attacks more quickly, and it can be used to carry out attacks. What’s different, though, is the relationship between the software and hardware. In AI systems, it is expected that the functionality of the hardware will change as it is optimized by training algorithms over time. As a result, software can be used to alter the functionality of the hardware in ways that are difficult to trace back their origins, particularly as machines train other machines.

“Data poisoning can trick the algorithms,” said Jason Oberg, CEO of Tortuga Logic. “So on the silicon side, you can run into the same kinds of trends we saw with speculative execution. When you have training data on an accelerator, you need to protect the IP and make sure it works, but there is generally little emphasis on security.”

Security safety nets
Alongside of all of these threats, there is a growing recognition there needs to be some level of security built into everything. If an attack occurs, a system needs to be able to recover and reboot.

Arm has been particularly active with this approach, rolling out its Platform Security Architecture, which provides a blueprint and framework for securing connected devices.

“The idea is to provide end-to-end security at an architectural level,” said Eric Van Hensbergen, a fellow in Arm’s Research Division. “When you deal with the aggregation of several sensors, none of the infrastructure was built for this. You’ve got to be able to deal with whoever owns the data, whether that’s equipment on a factory floor or the data in the cell tower or the cellular device. Another challenge is how to build in privacy and/or supply mechanisms for anonymity.”

This makes security much more challenging to implement, but it needs to be part of the basic architecture so that no one even has to question whether to add security into a device. From there, the only question is how much security.

DARPA’s Leef compares it to adding fluoride to water. “Everyone knew it was good for dental health, but it wasn’t until it was mixed into the water supply that everyone benefited from it. We need to the same for security at the chip level.”

Fig. 2: DARPA’s proposed architecture. Source: DARPA

Not everything needs to be re-architected, though. Some existing technology can be repurposed. In-circuit monitoring technology is a case in point. The technology is in widespread use today to monitor various parts of a chip for such things as thermal variation and noise. That technology also turns out to be a very good indicator of suspicious activity on a chip. And given the rising liability with assisted and autonomous driving, it’s not surprising that automotive OEMs and their top suppliers are very interested in this technology.

“You want some way of adding adaptability,” said Tortuga Logic’s Oberg. “That may include ways of replacing parts. Or it may include a more modular approach, where you have a smaller attack surface with boundaries around a root of trust. Essentially what you’re creating is walled-off containers.”

There are several takeaways from all of these threats, according to a number of experts. First, the security threat surface and complexity of those threats is growing, and the hacking community is getting more sophisticated about how to attack hardware as well as software. Second, multiple efforts are underway to provide at least some level of security, with other efforts dependent upon risk assessments and architectural tradeoffs. And finally, threats need to be considered throughout the lifetime of a device, not just at the time of manufacturing.

This is a complicated challenge, and many tradeoffs are involved. And even with the best security, attackers will make inroads. The key is how to make it so difficult and time consuming that it isn’t worth the effort. Today, the only thing evident is that hardware is now a very real part of the attack strategy, and in most cases it is far from secure.

Further Reading


Semiconductor Engineering Related Articles
Security Tradeoffs In A Shifting Global Supply Chain
How many simulation cycles are needed to crack an AES key? Plus, the impact of trade wars on semiconductor security and reliability.
Why Data Is So Difficult To Protect In AI Chips
AI systems are designed to move data through at high speed, not limit access. That creates a security risk.
New Approaches For Hardware Security
Waiting for secure designs everywhere isn’t a viable strategy, so security experts are starting to utilize different approaches to identify attacks and limit the damage.
Who’s Responsible For Security Breaches?
How are we dealing with security threats, and what happens when it expands to a much wider network?
Can The Hardware Supply Chain Remain Secure?
The growing number of threats are cause for concern, but is it really possible to slip malicious code into a chip?
IP Security In FPGAs
How to prevent reverse engineering of IP
Semiconductor Security Knowledge Center
Top stories, special reports, videos, blogs and white papers on security issues

Leave a Reply

(Note: This name will be displayed publicly)