Trustworthy Electronics

Global supplier networks are a key feature of the development of integrated electronic components today. Even in times of ever more complex trade relationships, supply chains must still function effectively. At the same time, it is necessary to achieve the technological advances required for the development of new products and maintain technological sovereignty.

In view of the increasing digitalization of all areas of social life, the security and integrity of the transported information must be safeguarded through a mastery of the fundamental technologies. The security of transmitted data (cybersecurity) so far has been approached largely through the development of encryption algorithms and authentication procedures. However, the use of these solutions also requires secure hardware to ensure end-to-end trustworthiness. Otherwise, new attack vectors are created.

As powerful processors are being developed for handling large volumes of data, measures to increase data security are making progress, including address checks for memory access, access restrictions for certain functions, one-time programmable memory, etc.

It is also important to prevent the insertion of unauthorized elements into the electronic product during the development process. Such parts could compromise the hardware by permitting the interception of data or disruption of the intended function. Another way that trust can be undermined is the copying of components. This can cause financial harm by bypassing IP licensing costs. It also could permit the creation of low-quality copies that appear to offer the same functionality, but which may not work properly over the entire range of specified operating conditions.

It is necessary to remain vigilant in two directions to establish comprehensive trust in the electronics.

On one hand, the entire process from design to manufacturing to operation must be watched carefully. The question of the trustworthiness of sources must be answered at every step of the product life cycle. In the future, methods such as digital fingerprints for identification and traceability will be employed much more heavily for this purpose. With respect to manufacturing, dividing up the work among multiple independent sources is one approach under discussion. This could be a horizontal measure, such as with split manufacturing, or a vertical separation of functionality among multiple chiplets. In subsequent operation, monitoring methods are also required to prevent unauthorized access. One particular challenge on the hardware side is that an update to remedy newly discovered security flaws is no longer possible in the field. Fundamental security measures must therefore be cleanly and carefully implemented already during the design phase.

On the other hand, the entire chain from the EDA tool provider through the IP suppliers, IC and PCB manufacturers and system integrator must be taken into consideration. Clear, unforgeable identification of the supplier, such as via PUFs (physically unclonable functions) and other process-specific functions, naturally represents a key basis for ensuring trust. Another approach lies in the use of open source code, although the public availability of source code does not automatically protect against potential attacks from the outside. One prominent example of open source code in the IC sector is the open RISC-V architecture. Google’s OpenTitan project also puts a heavy focus on the issue of security. Even when integrating such open source IP into commercial projects, the questions of trustworthiness over the entire chain must still be answered.

Comprehensive safeguarding of the trustworthiness of electronics is only possible when all of the described concepts act in concert, thanks to seamless planning and implementation. The standardization of the associated processes and interfaces in the tools and fundamental data sources will be important for enabling such consistency in the future. The certification of sources and providers is also a potential option.

Today, we can see increasing awareness of the topic of trustworthiness in electronics at a variety of levels. The consolidation and standardization of the approaches will be a key factor in achieving the relevant goals and obtaining the acceptance of the community.