Power/Performance Costs In Chip Security

Implementing security measures isn’t free. It affects everything from latency and battery life to the equipment and processes used to develop a chip.


Hackers ranging from hobbyists to corporate spies and nation states are continually poking and prodding for weaknesses in data centers, cars, personal computers, and every other electronic device, resulting in a growing effort to build security into chips and electronic systems.

The current estimate is that 60% of chips and systems have some type of security built in, and that percentage is on the rise. But depending on the type of security, how and where it is implemented, and the risk factors associated with a cyberattack, security has a very different impact on power, performance, and area/cost. For example, is the security active or passive? Active security may require constant monitoring or continual encryption/decryption of large amounts of data, which uses more power. Moreover, that power budget increases as latency decreases. Passive security, meanwhile, might be as simple as inserting a crypto core into the data flow.

As much as it would be useful to have a simple calculation for when different levels of security would be required, the ideal solution is never that simple. Such decisions are made on a case-by-case basis, weighing a whole host of factors, from the level of performance to the overall cost. But what’s clear is more companies are beginning to design in security, and it’s having an impact on every aspect of PPA/C.

“Everybody’s looking for security IPs,” said Lang Lin, principal product manager at Ansys. “Synopsys just bought a PUF company (Intrinsic-ID), which is building IPs for on-chip unique identification generators. All the big IP companies, like Arm or Cadence, have security IP in their portfolio. There is no doubt that security IP is growing crazily everywhere.”

At this point, there is no consistency about which security measures being implemented, or how to compare the security in one device versus another. That’s both good and bad. On one hand, it means hackers cannot necessarily use the same approach to break into more than one device. But potentially it also can make it more difficult to design in security measures, and harder to secure heterogeneous systems where secure and non-secure components are connected together.

“Security is a complex issue, and there are no hard and fast rules when it comes to the sacrifices that may be necessary to incorporate it into a piece of hardware,” said Dana Neustadter, director of product management for security IP solutions at Synopsys. “Before design can even begin, it’s necessary to understand and set the requirements for a particular chip or network. Security needs are often different from one application to another, from one market to another, and even within a market you might have variations. First, you really need to look at the threat landscape. That needs to be well understood. You need to understand whether there are regulatory or standards compliance requirements. What are the values of the assets in the system, the potential losses if there is a successful attack?”

Others agree. “When designing with security in mind, designers must adopt a threat modeling process to consider the assets, threats, and countermeasures needed,” noted David Maidment, senior director of market development at Arm. “Once you have an appropriate view of this, it allows a developer to choose right-fit IP and products that have the necessary robustness. Choosing solutions that have followed security best practice and have external third-party validation of robustness can help improve time-to-market, without compromising on security.”

Tricky calculations for security and performance
Most security experts say the performance hit with security is generally minimal. That’s not always the case, as witnessed by the 15% to 20% reduction in performance with Meltdown, Spectre, and Foreshadow, which required processor companies to limit the benefits of pre-fetch and speculative execution after the chips were already in use. But in general, hardware security such as crypto cores is more efficient than trying to secure everything in software.

“Most security solutions are relatively passive, which gives them a major leg up over software-based safety precautions,” said Lee Harrison, director of automotive test solutions at Siemens EDA. “They’re not impacting the performance of the actual device they’re on. With regard to hardware-based security — which will be whatever technology you put on chip running independently, such as embedded analytics monitors — they take up space, but hang off the functional elements within the design, so they’re not impacting the performance as such. They’re independent from that perspective, and that’s one of the big benefits of using hardware-based security over software-based security.”

The big challenge with security is understanding what’s at stake, and how that can impact the design of a chip or system. Power, performance, and area/cost can vary greatly when it comes to security. This is especially evident in automotive electronics, where a security breach may result in injury or death, versus an IoT device, where the real cost may be compromised data. While still important, the scale of damage is different, and that influences the degree of security measures that should be implemented and what is an acceptable impact on device performance and on-chip resources.

“Typically for IoT device security, performance may not be such a big factor, but the cost and area, specifically, and the power might have a little bit of prevalence,” Neustadter said. “You cannot disregard all security features because it has to be a $1 device. Once you have these things settled, then you look at the design and make some tradeoffs. In the end, if you need to design for high performance, you also typically need to design for low latency. Those solutions need to be optimal. There, you can consider an efficient pipeline design, where you always look for efficient area. In those cases, the performance and the latency are the primary factors, but it doesn’t mean that you have to just throw as many gates at it as you can.”

Ultimately, the best solution is one that only includes the functionality required for a specific application. Once that’s determined, a range of options opens up.

“When we talk about security and encryption, there are some other fine-tune knobs that you can consider, like area efficiency or high-performance designs,” Neustadter said, adding that different solutions will have different ramifications on the overall chip design, such as critical paths.

Despite the passive nature of many security options, Ansys’ Lin said when it comes to situations where high performance and speed are essential, like automotive sensor data, designers will not opt for the most secure solution, even for sensitive data. “You could install a 128-bit key, which could take years to crack, but that would render the entire car essentially useless. If you want to encrypt that, guess what? Every millisecond there’s something coming. Can you finish encryption of the entire image within that time? If you don’t have an accelerator, you probably can’t do it. So you’d better choose a crypto algorithm where it can finish the continuous encryption of the data within a very short time.”

While the required performance is a heavy consideration, area also plays a role in designers’ decisions. Here, too, there are ways to mitigate the loss of space in a circuit during the simulation phase. Lin compared keys ranging in size from 128 bits to 256 bits. While the lower bit rate may offer area and power savings, it’s also less secure. The answer is to run simulations to determine the data leakage. “The tool will take this design, simulate the security side channel leakage, and say that since the leakage is pretty much similar, maybe you can choose 128-bit and save some design budget.”

Cost matters
There is a saying that when producing a product, whether it’s a home, a piece of recorded music or a computer chip, that you can have it made with two of three things — low cost, high quality, or speed. If you want it fast and cheap, it won’t be good. If you want it fast and good, it won’t be cheap. If you want it good and cheap, it won’t be done quickly.

“In a way, this applies to incorporating security,” observed Steve Roddy, chief marketing officer at Quadric. “The compromises that need to be considered don’t begin even at the design stage. Rather, they need to be considered at a level that’s even more fundamental — the profitability of the chip. People are always making tradeoffs within their budgets for hitting the level of performance they want.”

For devices like iPhones, budget often can mean sacrificing on things like the number of pixels in the camera. “When people start taking into account the security of a device, or security of the data in the device, that becomes yet another factor of the solution space to consider and to look at how much checking or double-checking you are going to do,” Roddy said. “For things like data integrity, how much are you willing to slow down? That starts to impact the overall design. With our machine learning cores, we’re doing things like running models to make a determination of what’s going on. Is there a face in the picture I’m looking at? Is it a human face and can it identify it?”

He compared companies incorporating security into their designs to Boeing, which recently has come under fire for issues that have put consumers at physical risk. “That’s a failure of their systematic maintenance and design processes. The same is true in designing silicon. If you’re going to try and make something bulletproof, you have to sit down and spend an awful lot of time figuring out all the ways a hacker could try and get into a phone and steal banking codes, under what circumstances, when it’s being powered up or it’s being powered down, when running other applications, when the user is actually at the bank. You have to think through all the possible failure modes.”

The calculations of cost versus functionality versus security are very complex. “You’re trying to build a device, that typically is $10 or $15, so that’s also taken into account,” said Neustadter. “You have to figure out the tradeoffs enough that you can still sell your product and be compliant. I don’t think cost comes at the end, but cost also doesn’t dictate the solution.”

The future
As technology advances, so do the threats. But experts see reasons for optimism, even as technology advances like quantum computing could make it possible to break what once seemed like impenetrable encryption. While tradeoffs will be required, they may be mitigated. A big development in security would be a reduction in fragmentation, and an increase in standardization and guidelines.

“You hear about all sorts of regulations for cybersecurity and this and that — all of those need to converge into clear guidelines for the industry,” Neustadter said. “As technology evolves, so do the means to attack the system. You have to constantly be agile and define solutions that adapt to future threats as they evolve, as well.”

That’s one possibility. Another is the emergence of fully homomorphic encryption, in which data is processed without being decrypted. “It’s scrambled in, scrambled out,” said Ansys’ Lin. “But there’s some algorithm in the middle to still figure it out.”

Alongside of this, the processes used to create and test the data are becoming increasingly secure. Siemens’ Harrison said customers are demanding that test solutions are secure, and his company currently is working on full integration of security within its test solution.

For years, security was seen as an afterthought. That’s no longer the case. Designers and manufacturers are weighing how to implementing various security elements and processes into their designs, and weighing the resulting tradeoffs in performance, power, and area/cost.

“I’ve talked to a lot of customers that tell me that security has no value,” Harrison said. “You’re not going to be able to sell more of one particular chip because it’s got security built in from a commodity perspective, so in terms of features and functionality, it adds no value — until the point where something is hacked. Then it has a huge amount of value.”

Further Reading
Security Is Critical For Commercial Chiplets
Data management, trust, traceability, and provenance tracking are essential to making a chiplet marketplace work.
Securing The World’s Data: A Looming Challenge
An influx of connected devices, more compute options, and the rapid growth of generative AI are making it much harder to prevent attacks.

Leave a Reply

(Note: This name will be displayed publicly)