Power-Hungry Safety And Security

There is a price to pay for everything. When it comes to adding safety and security into a device, the costs in terms of power and area can be significant, but if the task is taken seriously, those costs can be managed and minimized. New analysis and implementation tools are coming to market that can also help to keep the costs contained. But it also requires the right mindset.

As more industries and segments are mandating requirements in these areas, design teams have to quickly come up to speed with the necessary tradeoffs. “We consider eight verticals,” says Frank Schirrmeister, senior group director, solutions marketing at Cadence. “We define them as consumer, hyperscale, mobile, communications, automotive, air and defense, industrial, and health. For health, industrial, aero, and automotive, safety is table stakes. Security is very important, and without security there is no safety. Awareness is growing rapidly, especially on the data side. For communications, mobile and hyperscale, security is the bigger issue. Consumer depends on the application.”

Often safety and security are entangled. “For the autonomous driving car, if you can break into a car by cracking the key, you have total control of the car,” says Norman Chang, chief technologist for Ansys‘ Semiconductor Business Unit. “A lot of Industrial IoT (IIoT) is operated in fear, because you need to send secure information back and forth. Not too long ago, someone cracked the key on a connected lightbulb. Now, if you consider that light bulb as an item of the IIoT, which may be a city light, once you take control then you control all the light bulbs in the city. You can turn them all off at the same time.”

Making devices safe and secure often costs power. “For safety, there are standards such as ISO 26262 that give precise objectives depending on the application,” says Sergio Marchese, technical marketing manager for OneSpin Solutions. “Power consumption and other target metrics have to bow, to a certain extent, to safety. But for security the situation is far less clear.”

For many domains, power and/or energy are finite. “The electrification of cars makes power even more critical, because there’s only a finite resource in the battery,” says Stewart Williams, senior technical marketing manager at Synopsys. “PPA are the traditional big three when it comes to optimization, and now we’ve added safety and security into the mix. Ultimately, with safety and security, power and area are going to suffer. The question in front of these designers is how to most efficiently optimize a multi-dimensional cost function. If we consider PPA to be like the standard cost function metrics against which to trade off, now we make it more multi-dimensional by adding safety and security.”

The right balances have to be found. “Watching the latest trends in the industry, it seems that an increasing focus will be placed on safety, especially as we are shifting towards self-driving technology,” says Darko Tomusilovic, verification lead at VTool. “The process of defining the chip architecture will predominantly be dictated by the safety aspects, as opposed to low power consumption, which was the hottest industry trend up until recently.”

For the IoT, the optimization problem is also different. “IoT is a system optimization problem, where you’re looking beyond the edge device into the overall system,” says Jeff Miller, a product marketing manager at Mentor, a Siemens Business. “You are trying to decide where to do certain functions, and how to do certain functions in order to maximize the utility of the system and minimize its cost. Then you consider the areas where you are exposed, because edge devices can be very exposed. Communications is often a primary optimization area.”

The power implication for safety and security are not equal. “Safety will typically have only limited influence on the power budget, such as the inclusion of some additional monitoring circuitry,” says Roland Jancke, head of department for design methodology at Fraunhofer IIS’ Engineering of Adaptive Systems Division. “Security, on the contrary, will need a significant amount of power for performing data encryption and decryption. Only the most sensitive data needs to be protected by the strongest encryption algorithms.”

But unless the IoT is vertically integrated, some of these optimizations become more difficult. “By adding additional processing to the edge device, or additional intelligence to the edge device, you actually can gain power improvements and security improvements and safety improvements at the expense of perhaps edge device cost,” adds Mentor’s Miller. “On the other hand, you could end up with some requirements for safety that require you to transmit data more frequently. That would tend to push power against you and have power and safety be opposite each other in some other aspect of the design.”

Security has many aspects to it. “Runtime security of the system needs to ensure that threats like reverse engineering or unwarranted access to the system are thwarted,” says Amit Garg, principal engineer at Synopsys. “Some of the prevalent techniques to ensure this are logic protection, malware detection, provisioning, asset management, and authenticity of the executing system. Each of these techniques has an associated cost in terms of the infrastructure needed and the additional area and power that needs to be factored into the product.”

Other aspects of a system can suffer. “There are industries where security hasn’t had the level of attention that it needed,” says Miller. “I do have sympathy for that because unlike safety, security can often come at the expense of usability. You make it harder for humans to set things up and make it harder for these systems to be as useful and inexpensive in order to add security.”

Dealing with side channels
One of the added complications with security is that it isn’t just the functioning circuit that needs to be protected. Information can be gleaned by many other methods. “There are different types of side channel attacks,” says Synopsys’ Williams. “One class could be called passive, where the attacker is looking at the thermal imaging or monitoring power, monitoring timing, even looking for information through optical and acoustic means. Then there are active attacks like laser pulses or introducing clockable glitches.”

The most well publicized attacks are key acquisition. “When a security element, such as AES 128-bit encryption, is running you can monitor its power consumption,” says Ansys’ Chang. “That will create all kinds of physical side-channel effects, and that will be reflected in power noise side channel, which can be seen as dynamic voltage drop. That can be seen in the metal grid, and also can be seen as dynamic voltage drop on the substrate of the chip. Another common side channel is electromagnetic emanation. Electromagnetic emission from the package means you don’t need to take apart the system — you can measure the electromagnetic emission on top of the package.”

There are several ways to mitigate this. “You may try to decrease the signal-to-noise ratio of the power that’s being emitted, or ensure multiple things are happening at the same time so that they can’t effectively decode through power differential analysis,” says Williams. “At least it makes it a lot harder to do.”

Another way is to ensure all operations take the same power. “Can I equalize the power profile that is visible to the outside of a chip by counter-balancing it,” asks Cadence’s Schirrmeister. “With things like dynamic power analysis I get an accurate enough power profile and then look at things like balancing the power curve, which would otherwise be a security attack pattern. So now the objective is no longer to be the lowest power, but on the outside to equal it out. So there’s a sacrifice there on the power side.”

How do you know if the power sacrifice is worth it? “If you have two counter-measure designs, which one is better in terms of the measurement to disclosure (MTD), which is the minimum number of cycles or traces to crack a key,” asks Chang. “How do you determine that before you get the physical chip? How do you determine which countermeasure is better than the other one? There is an emergent need, using simulation, to determine which countermeasure design is better before you tape out.”

While that example may have a defined metric, others do not. “There are many challenges that remain unresolved,” says OneSpin’s Marchese. “For example, what is the impact of additional security to protect an asset on the overall system security? And how do you measure the security cost in terms of additional power or area?”

Relying on software
A number of designs lean heavily on software to provide security. “The problem with doing something more in hardware is that while it’s great for power efficiency, you give up so much flexibility,” says Kevin McDermott, vice president of marketing for Imperas Software. “They don’t know exactly the problem you’re facing, and so they strive for the maximum flexibility within the hard power limit that they’re allowed.”

Software relies on a firm foundation. “With the number of connected devices rapidly increasing, there is no denying that IoT is a prime target for hackers,” says David Maidment, director for secure device ecosystem at Arm. “It is paramount that all edge devices have a secure foundation and a Root of Trust to perform secure operations. Independent security schemes are seeing fast adoption, such as PSA (Platform Security Architecture) Certified. That enables device manufacturers to demonstrate their security capabilities, and to offer customers and end markets assurance by using independent lab evaluation methods, which were built specifically for the IoT market.”

Synopsys’ Garg cautions that “today, the state-of-the-art design processes rely on security to be a mostly software add-on, which leverages basic hardware security features like Arm’s trustzone. The loophole in this approach is evident from the prevalence of cyber-attacks, like the recent ransomware attacks.”

Software does provide an important layer of flexibility. “From a silicon design perspective, security can be a lot more dynamic in terms of things changing and new attacks being discovered,” says Miller. “Having some field flexibility added to your product can make a huge difference in your ability to respond. That is leading to IoT edge devices that have upgradable firmware.”

Good designs
The power consumed by security functions is subject to good design and optimization techniques. “Encryption is similar to the tradeoff between data compression and data transmission, where a higher compression rate consumes more compute energy but takes less transmission energy,” says Fraunhofer’s Jancke. “In each case it is required to have sound knowledge of the power consumption of a certain line of code. If this knowledge is available at an early conceptual design stage, it can be taken into account and a justifiable decision for the architecture of edge-node devices can be made.”

Mentor’s Miller provides a similar example. “The fewer places that the most sensitive data exists, the fewer places that it can be attacked and misused. Consider a video sensor that has built-in processing to detect interesting events. The RF transmitter can often be a big part of the power budget of these systems. If it’s sleeping most of the time, as opposed to transmitting full-frame video, that could be an enormous power savings. So you get better functionality because you’re detecting and responding to events more quickly, and you’re sending less data which means less cost and less power.”

The impact can be large. “Automotive chips have to incorporate a lot of dedicated safety features, such as ECC check on memories, on-the-fly Logic BIST/ Memory BIST testing,” says VTool’s Tomusilovic. “One design had all processors running in dual-core lockstep configuration (DCLS), where each processor is executing the same instructions, with comparators placed on processor outputs checking for any difference in execution between the two instances. All of these techniques have a significant impact on the power consumption, putting more emphasis on safety considerations rather than power savings. On-the-fly Logic BIST/Memory BIST testing also had a significant impact on the performance of the device, limiting the maximum throughput by almost 30%, in order to perform safety checks between two consecutive frames.”

System-level considerations are important. “While security and power are orthogonal to one another, there are other dimensions to the problem that enable companies to achieve both,” says Ted Miracco, chief executive officer at SmartFlow Compliance Solutions. “It’s important for software and hardware developers to understand the consequences of their decisions and user a comprehensive design approach that utilizes security-conscious decision making on behalf of both. Operations that consume power should be called upon infrequently if they can conserve power without risking security. Better time multiplexing of power-hungry operations is one of the dimensions that can be utilized to improve efficiency and concurrently enhance security.”

At the other end of the scale, even small changes can make a difference. “Consider the design of an HMAC-SHA2-256,” says Tomasz Cwienk, public relations and marketing manager for Digital Core Design. “It is possible to precompute the key once and store it in secure memory, while in some of the other solutions, the key is computed twice and is stored in data memory. Such an approach makes it two times faster when computing, for example, an HMAC-based One-time Password and becomes more secure. By extension we can assume that we can save 50% power consumption.”

Tools improving
Better designs come through analysis and implementation. Both are required in the tool chain. “Today, the state-of-the-art design tools from specification to architecture to RTL to back-end implementation rely on a lot of paper specifications,” says Synopsys’ Garg. “The challenge with these informal specifications is that they introduce a substantial validation and verification overhead. A significant improvement in design automation and a method to capture security intent is needed to cater to these evolving requirements.”

There are attempts to provide EDA solutions that model specific security requirements. “Any solution that relies on functional verification stimuli is bound to be flawed, because many of the scenarios that are not relevant to the intended use cases inevitably remain unexplored,” says OneSpin’s Marchese. “At the IP level, it is possible, using formal and other static design analysis technologies, to do exhaustive verification of security requirements, detect weaknesses, and systematically find vulnerabilities such as functional side channels, data paths violating information confidentiality, and even hardware Trojans.”

It impacts tools that have been the backbone of implementation. “Consider an RTL IP block,” says Chang. “When you insert countermeasure circuits, sometimes those circuits add redundancy that could be removed by synthesis. Sometimes you need to insert additional circuits after you have a gate-level netlist, or even later in the implementation process. There are many counter-measure designs to protect the circuit exhibiting physical side channel information leakage, and good analysis tools are needed for this.”

Progress is being made on this front. “There are built-in tool features and functionality that understand what those safety or security requirements are, or at least what the constraints are around the implementation of those safety and security requirements,” says Williams. “Once the tool can understand those constraints internally, it leads to a much better optimization process of PPA versus safety and security. If the synthesis tool understands a priori that there is redundant logic or redundant registers, it will not optimize it away. But what if there are also special hardware implementation techniques for safety, like routing considerations? That could even affect security. So now we’re talking even further downstream impacting the place-and-route. How do those special requirements need to be interpreted by the tool natively, and integrated with this optimization?”

Security as a process
Security is not an afterthought. “It is important that security considerations are factored early into the design process,” says Garg. “This way its impact in terms of performance, power and overall area of the design can be systematically factored in. Security has many dimensions to it, and the level of security needed has a direct impact on the cost of the system. Security considerations need to be captured as system requirements and as a key performance indicator.”

But security is more than that. “You need to build your product to support the process of security,” says Miller. “Security is everyone’s responsibility in the design chain. If you find anyone saying, ‘I’m not the security guy,’ that’s a path toward destruction.”