Security Power Requirements Are Growing

Determining how much power to budget for security in a chip design is a complex calculation. It starts with a risk assessment of the cost of a breach and the number of possible attack vectors, and whether security is active or passive.

Different forms of root of trust and cryptography have different power costs. Different systems could require tradeoffs between performance and security, which in turn could affect the overall design of a system. In data centers, for example, the focus is on maximizing performance and minimizing power, which can affect how security is implemented.

Nevertheless, the need for secure systems has never been higher. According to Statista, more than 422 million records were leaked in data breaches globally in Q4 2024. The rise in breaches comes as the vulnerabilities in hardware are increasingly recognized. A recent NIST report identified 98 different weakness points in silicon that are cause for concern.

No company wants to make headlines or take the financial hit for being the victim of a major hack, and this concern has led to an increased focus in implementing security as a core function into a widening array of chips.

“Hardware security measures are critical in all products,” said Michael Lu, director of technology strategy for Arm‘s Client Line of Business. “Hardware security services are the foundations upon which OS and application security guarantees are built. Using the analogy of a house, the more robust the foundation, the stronger the building is on top.”

Security concerns widen
While there always has been a need for security in some hardware, until recently the applications that required it were somewhat limited. FPGAs designed for the defense industry or other parts of the government had to be secure according to the specifications, along with some other highly specific applications.

“Previously, there were very few systems in the world that needed privacy and authenticity of the data that was sitting in the DRAM because it was just scratchpad memory,” said Scott Best, technical director at Rambus. “If you have a laptop and you’re using Microsoft Word, it needs DRAM so it can load your browsers. And maybe you’ve got an MPV player running. It’s good to have lots of capacity at low latency so all these apps can run at the same time and you can have a very productive work environment. Most people don’t focus on the security of the data that’s sitting in the DRAM as it’s getting pulled across and brought into the CPU and used for useful purposes. But aerospace and defense were saying, ‘For any data that’s sitting off-chip outside of the FPGA, I want both data privacy on that and data authenticity of that, and I don’t care about the performance impact. The data is too important, so we need to add security to protect that data.’”

Because protecting the classified algorithms or other valuable data in these systems was paramount, it led to designs that avoided keeping plain text in DRAM. Still, it took years before this approach began bleeding over into commercial designs. “There’s not a lot happening in the DRAM that’s actually a secret, that would give away the value of the system where an adversary wouldn’t be able to recover it again,” said Best.

That’s beginning to change, however, due to the proliferation of AI and the valuable algorithms that enable it. As a result, security is getting much more attention in commercial applications, and that requires a different assessment of how much power needs to be dedicated to it.

Calculating power budget is difficult
But the power budget for security isn’t free, and calculating how much to devote to security is a challenge. The power numbers can depend on several factors, including the type of circuit being designed, what forms of security are being implemented, and how much data is flowing through the system.

“The power implications of security on a device are very design dependent,” said Lee Harrison, director of Tessent automotive IC solutions at Siemens EDA. “Typically, you would expect security to be no more than 1% of your power budget. However, given even small security solutions on a small device you could see up to 5%.”

At the core of almost any security solution is a root of trust, and that can take many forms. And given the array of options for these RoTs, their power consumption, as well as their contribution to the overall price of the product, can be very hard to evaluate.

“Root of trust can be very simple,” said Lang Lin, principal product manager at Ansys. “For example, an IoT power constraint device can have its own IoT-related root of trust implementation that could cost a few cents. Or, a unique signature for a chip could be generated by a PUF (physical unclonable function) circuit, which is a low-cost approach in that it doesn’t need a lot of area. It’s just a small block, and it leverages the manufacturing variation to create a unique signature for your chip that you can take as a root of trust.”

One of the key determining factors in allocating power to security is how that security operates. “In digital systems, power consumption comes down to the number of edges that are flipping,” said Mike Borza, a scientist at Synopsys. “The faster your edges are, the higher the frequency is, the more power you’re consuming. That’s fundamentally the tradeoff that’s being made. How much dynamic power does that take? What it does is randomize all of the data, and it means that you have many more edges flipping than you would have in data that’s representative of our speech, for example. Our speech mode changes moderately compared to the kinds of time frames that a computer is looking at it, so if you’re sampling speech at 8 kilohertz, which is not atypical for speech channels, that gives you a bandwidth of 4 kilohertz on an unencrypted channel. There’s not much change over time between those samples. The number of bits that are changing can be relatively low if you just use the uncompressed data, and a compressed version of it is even lower. If you encrypt that, every bit is changing every time in the worst case, so you’re operating at the maximum bandwidth, or the maximum channel power consumption, all the time.”

Different methods, different costs
The key determination when making security-related decisions is what the possible attack vectors on the device can be. Once those are identified, engineers can get an approximate idea of how much of the power budget needs to be allocated for security. Some measures can be passive, with minimal effect on power, while others may have a higher impact.

“One of the approaches to security in a computing environment is a separation of things from each other, and the cost of that in terms of power can be relatively light, because what you’re talking about is enforcing the separation of address spaces,” Borza explained. “This includes things like access controls on the base address registers, or the registers that control the segmentation or separation of memory spaces from each other.”

That cost can change when more active measures are implemented, such as encrypting communication channels, which can add both latency and a power penalty. While an ideal version of this would have data encrypted at the same bandwidth of the channel in question, negating that penalty, Borza noted that doing this is essentially impossible. “In practice, you design the encryption system so that you control what the latency is, and you design it to have sufficient bandwidth so that it’s tolerable and not too large a penalty,” he said. “A lot of times you’ll make that tradeoff of absolute full theoretical bandwidth of the channel, and zero latency against a finite latency and a bandwidth that is some significant fraction, but not necessarily the entire bandwidth of the channel. Then, the power consumption gets to be fairly large.”

One solution is to only activate security features when they are needed, which not only reduces the power needed to run them, but also helps to reduce vulnerabilities.

“In many applications, security features are only used when there are communication channels created between the device and other channels in the system,” Siemens’ Harrison said. “Once trust has been established, secure authentication between the end points is common for only a small part of the security logic to maintain a secure link. This type of implementation helps keep functional power to a minimum and removes some of the risk of side-channel attacks. For example, hardware cryptography engines can be kept in standby until needed.”

Additionally, becase different devices can require different levels of performance, power often can be conserved by making sacrifices on speed, which can produce the same security levels by making that tradeoff.

“Let’s say you’re designing an ECC public key, which is a crypto standard,” said Ansys’ Lin. “If you design that, then you can say, ‘I have a supercomputer for which I need high performance.’ I can just design, let’s say, 200 cycles to complete one transaction of encryption, and I don’t have a power budget limit, so I would do that for your data center. However, if you’re doing that for a microcontroller, which has, say, a 32-bit data bus, it’s a much simpler system with power constraints. How are you going to do that? These are some tradeoffs. You’re trying to tune your security system with the same standard to low-power devices, consumer products, and data centers, but they’re different. They have different ways to accommodate the power supply requirement, as well.”

The presence of active security can have some secondary effects, too. When more power is being used, it generates more heat. That requires mitigation efforts to ensure a system continues optimal operation.

“Increased power needs can lead to increased thermal output, which can have adverse effects on the consumer experience,” Lu explained. “To address this, techniques including the use of thermal sensors can enable granular management by operating systems and applications to adjust performance and power, ensuring that temperatures remain within safe limits. This holistic approach ensures that security measures do not compromise the overall efficiency and functionality of the system.”

AI makes security a requirement
While hardware security has its roots in defense applications, it’s increasingly being found in everyday devices, from routers to smart refrigerators. But perhaps no sector, outside the military and government, is taking security more seriously than data centers. The increasing vitality of such data centers to modern computing has led to a massive increase in security needs, said Rambus’ Best.

“Personal data must be safeguarded, but so must the increasingly valuable models – often multiple gigabytes in size – that are deployed on these mobile devices,” said Arm’s Lu. “Essentially, power consumption is a function of workload and time. With larger workloads demanded for extended periods, this represents an industry-wide issue that requires attention.”

Still, the increased compute necessary to train models, as well as to execute them, leads to greater power demands for securing those models.

“I need to deliver the data as fast as possible to keep the performance moving, and I need to save enough power to perform that useful compute,” explained Best. “AI is straining both of those. It’s straining the size and the bandwidth of the memory footprint sitting off-chip, and now that needs to be secured in its movement into the processor. Now cryptography is in line with that critical performance path, and that is putting a strain on security. Suddenly, security is eating up a non-trivial proportion of the budget.”

There are significant requirements for performance in those data centers, not to mention the incredible levels of power necessary to make them run. “Accounting for the power needs of security significantly affects the design process,” Lu said. “Various techniques are employed to optimize power efficiency, such as enabling granular controls for different subsystems. This allows power to be dialed up for heavy workloads and coupled with thermal sensors to throttle performance and power when temperatures reach a certain threshold. Different subsystems, like multimedia, modem, graphics, and display, can be managed separately through their own power domains. Additionally, preventing side-channel attacks, such as differential power analysis (DPA), is a key consideration in security system design.”

Conclusion
While hardware cybersecurity may have its roots in defense and governmental systems, it has been quickly broadening toward inclusion in all manner of consumer devices, data centers, and other systems. The impact of security on power budgets tends to be fairly small, but calculating exactly how much power to allocate can be difficult to determine.

A number of solutions exist, and there are a variety of ways to implement a root of trust into systems. Some systems require minimal or passive security, but others, including AI data centers, require active security measures that scale up in power demands as the amount of data they process goes up. There is a multi-physics price to pay for that, and all of this needs to be considered early in the design flow.