Concern is growing that devices of all types, including military hardware, may contain extra circuits or malicious code.
Is it just paranoia, or do devices ranging from industrial controls to military hardware really contain malicious code, Trojan Horses, and remotely triggered back doors? The answer is “maybe not” if you’re an optimist, and “maybe” if you’re a pessimist, but no one really knows for sure. And that’s what really worries security experts, particularly as more devices are connected to other devices.
Over the past few decades, the semiconductor and IP industries have disaggregated into small, highly focused companies to individually target very challenging problems. Specialization has proved to be the most effective way of propelling Moore’s Law, helping to reduce development costs and cut time to market. However, it comes at a price on the security front—being sure that what gets built into semiconductors or electronics containing those chips does what it’s supposed to do and nothing else. Today there simply are too many pieces to the supply chain now to effectively watch them all, meaning no one can say for certain where a particular part came from without removing it, grinding off the package, inserting probes, and examining it under a scanning electron microscope.
“This is a concern for industry and for government,” said Gordon England, former U.S. Deputy Secretary of Defense (and twice former U.S. Secretary of the Navy). “The problem is the unknown unknowns. You don’t know what’s latent and can be activated later, so it’s really important going forward for commercial and military contractors to have high integrity in their supply chains.”
England noted it’s impossible to go back and check everything already in the market.
“You can worry about what’s out there, but there’s not much you can do about it,” he said. “But eventually everything gets a replacement, although the timing is widely divergent. Airplanes are in use 30 to 40 years, but systems are upgraded regularly, usually piecemeal. Communications are upgraded more often. And IT systems are always upgraded. But with government, you have some old, some new, and it makes it very hard.”
Nor is the United States government alone in worrying about these issues. Interviews over the past 12 months with executives in multiple countries, from China to India to Europe and the U.K., echo these concerns—both for their extended supply chains and for components developed in the United States as well as in other countries.
“These chips (SoCs) are gigantic in terms of scope,” said England. “The pieces are standard blocks, but what’s the integrity of those pieces?”
Bigger pieces
The concern for hundreds or even thousands of individual pieces may be one of the biggest drivers of subsystems. There’s an inherent irony here because subsystems were broken apart to pay more attention to improving the quality of components within those systems. But with security concerns on the rise as more things are interconnected into the IoT, along with the need for optimizing power, subsystems are beginning to take on new value. They come from one source, which means there is less likelihood of mistakes being made with IP that has been validated and tested together.
But there are other reasons for implementing security, as well.
“One of the things we heard from partners developing code is they don’t want their code stolen when it’s connected on the IoT,” said Jim Wallace, director of the systems and software group at ARM. “And with the consumer, it’s about what happens when the connect their end device to the cloud. A subsystem decreases risk for partners and decreases time to market. The integration on a single die, made possible by our subsystem, enables partners to hide the code from the outside world.”
ARM’s latest IoT subsystem includes a processor, radio IP, flash memory, a “microvisor,” crypto key and secure boot loader. Coupled with software, it creates a platform that can play across a wide variety of applications. Still, the goal here is to make it hard to hack any edge device, but also to make each device unique from a security standpoint so that if hackers break into one device they can’t break into all of them. This kind of approach is particularly important for stopping widespread attacks of standard products, such as causing fires inside of toasters or shutting down every fighter jet that uses a particular part.
“The advantage here is that you can take a subsystem all the way to trial layout and place and route,” said Wallace. “You also can predict performance, so if other IP is validated together with the subsystem you can be sure it works together.”
One of the keys to this problem is thinking in multiple directions. Can technology be hacked from the outside in, or can enough code or circuitry be embedded into a chip so that it can be triggered to work in the opposite direction? And equally important, can you tell when something is wrong?
This has set off a scramble among a number of players, ranging from IP companies to EDA companies to be able to track circuitry in new designs, which has prompted a number of recent acquisitions in that space by both ARM and Synopsys. And it has prompted a number of other approaches, such as one taken by PFP Cybersecurity to measure real-time power changes so precisely that it can be used to identify when an unexpected action is being taken by hardware.
“The way things are tested right now is that distributors take 1% of their chips and send them to a lab for destructive testing, so if there is one counterfeit chip out of 1 million, they reject the lot,” said Steven Chen, PFP’s chairman and CEO. “But if you look at the power consumption of chips or boards, you can determine if there’s a hardware Trojan.”
That doesn’t always work. Even if the chips look real, it’s difficult to tell what else is inside because there are so many power domains in complex SoCs that they can mask what else a chip can do. The trick is to create a baseline power profile for each domain, then report back any aberrations.
Different levels of motivation
This all sounds straightforward enough, except that not everyone in the supply chain shares the same level of motivation for closing up the security holes.
“The concern by the DoD (U.S. Department of Defense) is clearly very high for some kind of regulatory or national security solution,” said Bernard Murphy, chief technology officer at Atrenta. “But there are so many touch points for control in this. The DoD would like to use only U.S. fabs, for example, but that may be impossible. And it’s almost impossible to control IP because it comes from so many different places.”
Murphy said the concern among consumers is mixed. While they are very concerned about their safety, the numbers are far lower when it comes to other data.
“There is a big concern with cars, particularly if the software is flawed that is being used for updates,” he said. “But there may be only a minimum accepted security for other things. There is a question about what the public really wants. The DoD has one set of needs, but consumers have another.”
That doesn’t mean chipmakers and systems houses aren’t demanding the security be built into the IP they buy, however, even for edge devices. Frankwell Lin, president of Andes Technology, said the four key elements for customers are security, battery life, functionality and cost.
“These four elements are of special importance to us, and we spend millions of dollars each year on increasing the performance-efficiency of CPU and MCU cores, peripherals and software tools,” said Lin, pointing to a configurable MCU core that the company has aimed at everything from smart sensors to touch panels. “It has security features that make it resistant to hacking. It has architectural features that enable it to deliver high performance while conserving power.”
Conclusion
Safeguarding the supply chain is just one piece of a multifaceted security problem, where all of the holes have to be plugged in every part of a connected system to ensure data isn’t added or subtracted without permission. But even if the best system was implemented today, it’s uncertain what damage already has been done in preparation for the IoT, or how that technology can be used once the IoT gains a stronger foothold.
It’s possible, for instance, that Trojan Horses that were considered outdated could be put back to work once the IoT really gets going. And it’s possible that all of this is simply people worrying about an eventual catastrophe that will never materialize.
But as Gordon England observed, even government agencies such as the IRS are getting breached, and President Obama’s personal phone list has been stolen.
“At the end of the day, it comes down to whether you think you need some system to ensure the integrity of chips and verify their integrity before they go into a design,” England observed. And at least so far, there seems to be a lot more talk than action.
This issue has been around for a while, but I have yet to hear of any examples of deliberate hardware bugs in shipping chips. However, I do know of one case in an IP supplier. A submission to opencores.org contained bugs that were there to force users to get support from the author. One of our designers discovered this and reported it to the site. By the end of that day they had pulled the design and permanently blackballed the author. Write me if you’d like more info.
This may be an avenue of protection against such attacks. Any commercial supplier would be committing suicide if such a deliberate bug were discovered, and they inevitably would be. All the people involved in such a game would also be stained, and maybe everyone in that country.
Really excellent article, Ed. And then there is the retrofit…
Stealthy Dopant-Level Hardware Trojan – Implanted Below the Gate…FPGAs…
Abstract…Instead of adding additional circuitry to the target
design, we insert our hardware Trojans by changing the dopant polarity of existing transistors. Since the modified circuit appears legitimate on all wiring layers (including all metal and polysilicon), our family of Trojans is resistant to most detection techniques, including fine-grain optical inspection and checking against “golden chips”.