中文 English

Security Risks Widen With Commercial Chiplets

Choosing components from a multi-vendor menu holds huge promise for reducing costs and time-to-market, but it’s not as simple as it sounds.

popularity

The commercialization of chiplets is expected to increase the number and breadth of attack surfaces in electronic systems, making it harder to keep track of all the hardened IP jammed into a package and to verify its authenticity and robustness against hackers.

Until now this has been largely a non-issue, because the only companies using chiplets today — AMD, Intel, and Marvell — internally source those chiplets. But as the market for third-party chiplets grows and device scaling becomes too expensive for most applications, advanced packaging using pre-verified and tested parts is a proven viable option. In fact, industry insiders predict that complex designs may include 100 or more chiplets, many of those sourced from different vendors. That could include various types of processors and accelerators, memories, I/Os, as well as chiplets developed for controlling and monitoring different functions such as secure boot.

The chiplet concept is being viewed increasingly as a successor to the SoC. In effect, it relies on a platform with well-defined interconnects to quickly integrate components that had to be shrunk to whatever process node the SoC was being created at. In most cases, that was the digital logic, and analog functions were largely digitized. But as the benefits of Moore’s Law diminish, and as different market slices demand more optimized solutions, the ability to pack in features developed at various process nodes, and choose alternatives from a menu, has put a spotlight on chiplets. They can be developed quickly and relatively cheaply by third-parties, characterized for standardized interconnect schemes, and at least in theory keep costs under control.

This is easier said than done, however. Commercially available chiplets will almost certainly increase the complexity of these designs, at least in the initial implementations. And equally important, they will open the door to a variety of security-related issues.

“The supply chain becomes the primary target,” said Adam Laurie, global security associate partner and lead hacker for IBM’s X-Force Red offensive security services. “If hackers can get into the back end of the supply chain, they can ship chiplets that are pre-hacked. The weakest company in the supply chain becomes the weakest link in a system, and you can adjust your attack to the weakest link.”

Sometimes, those weak links aren’t obvious until they are integrated into a larger system. “There was a 4G communications module that had so much additional processing power that people were using it for processing Java,” said Laurie, in an interview with Semiconductor Engineering at the recent hardwear.io conference. “We found they could flip the USB connection to read all the data stored on the device across all the IP. That affected millions of devices, including planes and trains. This was a 4G modem plug-in, and it was sold as a secure module.”

These problems become more difficult to prevent or even identify as the supply chain extends in all directions with off-the-shelf chiplets. “How do you ensure the authenticity of every piece of microelectronics that’s moving from wafer sort up through final test, where assembly and test are performed in a different country, and then attached to a board in yet another country?” asked Scott Best, senior technical director of product management for security IP at Rambus. “And then it’s imported to put into a system in the U.S. What are the reliable ways of actually tracking those pieces to ensure that the system that you’re building has authentic components? We have a lot more recent interest from customers worried about risk to the supply chain, where someone slips in a counterfeit part. Perhaps that’s done with malicious intent, or it could just be a cheap knockoff of an authentic part with the exact same part numbers and die markings to make it look fully compatible. It looks correct from the outside, but it’s not correct at all. The suppliers’ customers are a lot more worried about that now.”

Fig. 1: A six-chiplet design with 96 cores. Source: Leti

Fig. 1: A six-chiplet design with 96 cores. Source: Leti

Solutions
The chip industry has been working on solutions for the past decade, starting with the rollout of third-party IP. But at least some of that work was pushed back as the IP market consolidated into a handful of big companies, rendering many of those solutions an unnecessary cost. That is changing with the introduction of a commercial chiplet marketplace and the inclusion of chiplets in mission- and safety-critical applications.

“One solution for future devices involves activation of chiplets,” said Maarten Bron, managing director at Riscure. “On the gray market, you may see 20% more chips ending up being used. But if you have to activate those parts, those chips become unusable.”

A similar approach is to use encrypted tests from the manufacturer. “In automotive, you have this validation process for the software, which produces reports that tell you this is real,” said Mitch Mliner, vice president of engineering at Cycuity (formerly Tortuga Logic). “We need to do the same on the hardware side. ‘Here’s a chip. Here’s what goes with it. Here’s the testing that was done. And here’s the outcome. So you can see this is safe. And here are even more tests. You can run these encrypted tests.’ This is similar to logging in to read encrypted stuff, and it will confirm that it’s still working when you insert a chiplet into your design. This is where the industry needs to go. Without that, it’s going to be hard for people to drop chiplets into their design and say, ‘Hey, I’m comfortable with this.’ They need to have traceability.”

It’s not just about the hardware, either. As chips remain in the market for longer periods of time — up to 25 years in industrial and mil/aero applications, and 10 to 20 years for automobiles — many of these chiplets will need to be updated through firmware or software in order to stay current with known security issues and current communications protocols.

“Chiplets are put together on a substrate or in a 3D stack that is essentially the same as a small computer network,” said Mike Borza, Synopsys scientist. “So if you can attack any part of it, you have the potential to use that as a launching pad for an attack on the rest of it. We’ve seen this time and again in all kinds of different networks. The idea is to get a toehold in the part. Software authenticity is great. You have secure boot and all those kinds of processes that are used to run cryptographic authentication to prove where the software came from, and that’s really important. But it has to have a basis in the hardware that allows you to really trust that the people who sent you that software are the real thing. It’s not good enough to say, ‘Take my software an install it.’ People have done that in the past and that’s turned into an attack. The software ultimately is what people are trying to defend, and it needs to be tied back to the hardware in a rational way that allows you to at least trust that when you start the system up you’ve got the right software and it’s authorized to be running where you are.”

One such approach is to keep track of all of these components through blockchain ledgers, which is part of the U.S. government’s “zero trust” initiative.

“More standards like UCIe for putting chiplets together will help with adoption,” said Simon Rance, vice president of marketing at ClioSoft. “But now we’re starting to get input from the mil/aero side, where they want blockchain traceability. We’ve been able to layer our HUB tool across that to provide visibility across the chiplets and the blockchain. Now we can look at the design data versus the spec and determine whether it was right or wrong, and even which version of a tool was used. That’s important for automotive and mil/aero.”

Rance noted that a lot of this effort started with the shift from on-premise design to the cloud and the rollout of the U.S. Department of Defense standards for chiplet design. “There was a big push for traceability,” he said. “If you look at the design data and compare that to spec, was it right or wrong? And then, which tool was used, and which version of the tool?”

Another option is to add programmability into a system using eFPGAs to change bitstreams as needed for security reasons. That makes it much harder to attack a device because the bitstreams are never the same.

“We’ve been working with the DoD on one-circuit obfuscation, where there are not a lot of gates,” said Andy Jaros, vice president of sales and marketing at Flex Logix. “With a chiplet, it will either work or not work. We also can encrypt the bitstream with a PUF. So you can have multiple different bitstreams in a design, and change them if one bitstream is compromised. With the DoD, it’s more about obfuscation and programming an eFPGA in a secure environment. But we also expect different encryption algorithms to be modified over time for security reasons.”

The impact of standards
The chiplet approach has seen its greatest success so far in the processor world. Standards such as the Universal Chiplet Interconnect Express (UCIe), the Open Domain-Specific Architecture (ODSA), and Compute Express Link (CXL), as well network-on-chip (NoC) approaches are expected to broaden that market for a variety of fabless companies in many different markets.

“The CXL protocol is really going to enable an ecosystem of solutions with accelerators and expanded memory options,” said Mark Papermaster, CTO of AMD. “Imagine that transported into a chiplet ecosystem. That’s the intent of the UCIe consortium. We believe we can leverage the same elements of the CXL protocol, but also align on the kind of physical specifications you need for chiplet interconnects. Those are certainly different than what you need for socket-to-socket connections. The chiplet approach will be the motherboard of the future. These standards will emerge, and we will align. But it won’t happen overnight. And so in the interim, it will be a few big companies putting these together. But my hope is that as we develop these standards, we will lower the barrier for others.”

There are many ways to ensure chiplets are what they are expected to be. Less obvious is how security requirements will change over time, and how a growing number of chiplet-related standards will need to be adjusted as new vulnerabilities emerge.

“There will be a lot of competition, and the person using a chiplet inherits its security propositions,” said Riscure’s Bron. “We’re seeing this with IP blocks that come from different IP vendors. Is it secure? Maybe. But in an SoC with 200 IP blocks, not all of them are secure. And wherever the weak link is, that will be exploited — most likely through a side-channel attack using fault injection.”

On top of that, there is a value proposition for security, and this is particularly evident with IoT devices. “In the IoT world, security has two different aspects,” said Thomas Rosteck, Connected Secure Systems Division president at Infineon. “One is whether you care if a device is hacked or not. Is it going to cost you? Yes. The second one is, does the society care? About four or five years ago there was a botnet attack, which was the first time they didn’t use a PC. They used IP cameras and AV receivers. That means these devices also have a lot of computation power, and many of them are built on Android, so they have to be be protected, as well. And that’s the critical thing. Without security, IoT is not going to work, because it’s just a matter of time until you have a big problem.”

The challenge with chiplets is that approach adds more pieces to the puzzle. It makes minimizing the possible attack surface that much more difficult.

Weeding out problems
One clear objective objective is to get a tighter rein on counterfeiting, which is hardly a new problem in the chip industry. But as chips are used for more critical functions, concerns about counterfeiting are growing.

Industry insiders say there are thousands of chips available today on the gray market that purport to be the same chips causing the ongoing shortages, but they are either counterfeit or remarketed chips from dead or discarded products. In some cases, the counterfeiters have etched legitimate part numbers into the chips or included an authentication code that matches the “golden” code provided by the manufacturer.

“There are some schemes that are highly sophisticated, and it’s not until you go through the authenticity testing that you discover an anomaly that you didn’t see on the surface,” said Art Figueroa, vice president of global operations at distributor Smith & Associates. “But the biggest issues occur on those parts that have no markings, like passive components or capacitors. That’s where you have to have the other elements in your process, whether it’s decapsulation or electrical testing of some sort to authenticate the component.”

Decapsulation is done selectively, using nitric acid or some solvent to remove the outside cover in order to examine the hidden markings and compare them against golden samples. “The golden samples are sourced either direct from the manufacturer, or though an authorized distributor for that manufacturer, where you know the traceability is direct,” Figueroa said. “Having a golden sample database is of utmost value to being able to authenticate a component, especially if you’re sourcing in the open market where you may not have direct manufacturer support. When components are in demand, we grab a few, run them through our process, capturing dimensions, performing tests including X-ray, and formulating a complete test report, which we file away for future use. That information is critical.”

Also critical is the sharing of information when something goes wrong. “If something happens in the future, especially for automotive where traceability is hugely important, you can show what was tested and whether a chiplet was in compliance,” said Cycuity’s Mliner. “That allows you to look for your problem elsewhere. Or maybe you found a flaw no one knew about and which was never tested for, and you’re upfront that no one was trying to hide anything. That’s going to be the trend going forward.”

Conclusion
Chiplets are coming, and a commercial marketplace will be part of that effort. But managing all of these different elements securely will be a continuous process that will require diligence for years to come.

“In a perfect world, we would make a catalog of chiplets, test all of them, and give them a rating for security,” said Riscure CEO Marc Witteman. “And then, once you start building your chip, you compile these chiplets. You take the best one, and you’re good to go. That’s an ideal world. We’re very far from that for a couple of reasons. One is that there’s so much development and redevelopment that a chiplet may be obsolete after a couple of years. It would need to be redesigned and updated, and new vulnerabilities will be introduced. But in addition to that, the security landscape is continuously evolving because new attacks are being discovered. At every conference we hear about 10 new attacks that weren’t known a year before. What is secure today can be very insecure tomorrow. So security is not a state. It’s a process. You need to address it everyday, or someday you’re going to have a problem.”

Further Reading:
Securing Heterogeneous Integration At The Chiplet, Interposer, And System-In-Package Levels (FICS-University Of Florida)
New research paper titled “ToSHI – Towards Secure Heterogeneous Integration: Security Risks, Threat Assessment, and Assurance” was published by researchers at the Florida Institute for Cybersecurity (FICS) Research.
Chip Substitutions Raising Security Concerns
Lots of unknowns will persist for decades across multiple market segments.
Building Security Into ICs From The Ground Up
No-click and blockchain attacks point to increasing hacker sophistication, requiring much earlier focus on potential security risks and solutions.
Hiding Security Keys Using ReRAM PUFs
How two different technologies are being combined to create a unique and inexpensive security solution.
Verifying Side-Channel Security Pre-Silicon
Complexity and new applications are pushing security much further to the left in the design flow.
Technical papers on Security



Leave a Reply


(Note: This name will be displayed publicly)