Semiconductor Security and Sleep Loss

One of the semiconductor topics that keeps me up at night is security. We track security related topics on SemiWiki and while the results are encouraging, we still have a very long way to go. Over the last three years we have published 148 security related blogs that have garnered a little more than 400,000 views. Security touches every market we track: IoT, mobile, automotive, AI, and 5G so there should be more, absolutely.

Security breaches are happening at an alarming pace and we are working very hard to keep the cloud and edge devices safe, believe me, but we are just not writing about it. Unfortunately, now that security breaches are commonplace it really is not clickable news anymore.

Frankly, if the masses knew how unsecure our devices really are, everyone would be losing sleep. Just wait until autonomous automobiles are clogging our transportation arteries. Hackers will have a field day. If losing control of your laptop or phone does not scare you, just wait until hackers take control of your car!

It is interesting to note that my grandchildren will not need to learn how to actually “drive” a car. They will just get in and tell the car where they want to go. That is a big change of life. I remember the anticipation of getting my license on my 16th birthday. So much work and responsibility. We even repaired our own cars back then and knew exactly how they worked. Today, not so much, but I digress…

The point is semiconductor security is a big deal and will touch every piece of silicon we manufacture. Thankfully security is now playing a much bigger role in our conferences including the upcoming DVCon:

System-Level Security Verification Starts with the Hardware Root of Trust
Speaker: Jason Oberg – Tortuga Logic
Organizer: Jonathan Valamehr – Tortuga Logic

With the seemingly continuous discovery of security vulnerabilities at the hardware/software boundary, a new awareness has been built around hardware as the basis for system security. An emerging trend to reduce the likelihood of vulnerabilities is the utilization of a Hardware Root of Trust (HRoT) as the foundation for a secure system. HRoTs are responsible for many of the security features on a chip including secure boot, secure debug, key provisioning and management, and memory isolation. While employing an HRoT has now become a necessity, HRoTs have a vast amount of components and verifying that a secure system has been built around them is a daunting task.

Unfortunately, the current manual techniques for HRoT security analysis tend to miss many unobvious system-level security vulnerabilities. A major reason for the unsuccessful identification of security vulnerabilities is the lack of sophisticated tools that specifically target security verification. Without these, engineers are left to manually review state diagrams, manually review design files, and postulate on design and architecture specifications. This ends up being extremely time-consuming, is not automated and thus susceptible to human error, and consequently leaves systems susceptible to costly vulnerabilities that often can compromise a vendor’s customer data.

In order to properly verify the security of a system built around a HRoT, several challenges need to be addressed. In this workshop, we discuss the state of hardware security in general, then discuss how HRoTs are employed in systems today ranging from the datacenter to the IoT edge. We will also discuss common attacks on HRoT implementations, and the damage that can occur without adequate security verification. We then discuss common hardware security verification techniques, as well as their benefits and drawbacks. Next, we will present the best-in-class techniques and methodologies for verifying the security of a HRoT, and how these techniques can be employed across the entire design and verification lifecycle. Lastly, we will present an example security analysis on a real world HRoT using the discussed techniques. The security analysis will showcase the entire process from threat model specification to tangible results.

Jason and Johny are very approachable guys, as am I, so I hope to see you there…

DVCon is the premier conference for discussion of the functional design and verification of electronic systems. DVCon is sponsored by Accellera Systems Initiative, an independent, not-for-profit organization dedicated to creating design and verification standards required by systems, semiconductor, intellectual property (IP) and electronic design automation (EDA) companies. In response to global interest, in addition to DVCon U.S., Accellera also sponsors events in China, Europe and India. For more information about Accellera, please visit www.accellera.org. For more information about DVCon U.S., please visit www.dvcon.org. Follow DVCon on Facebook https://www.facebook.com/DvCon or @dvcon_us on Twitter or to comment, please use #dvcon_us.