From Silicon To Software

 

5 Strategies for Protecting Your Advanced SoC Designs from Security Breaches

chip design security

By Ian Land, Senior Product Marketing Director,  Synopsys Aerospace & Government Group

Automobiles drive themselves. Drones deliver packages. Robots clear minefields. AI advises your doctor. That future is not far away, but what if a bad actor takes over your car, the delivery drone, or the autonomous robot? What if the AI used for human safety or health turns deadly? While software has long been the focus in the security space, today’s more complex devices and increased attack surface extend the security conversation not only to hardware, but also through software, the silicon lifecycle, and the entire supply chain. As a result, a fourth dimension has been added to the traditional power, performance, and area (PPA) trifecta of semiconductor design concerns—security.

Everything is Complex and Connected, Manage Device Security Accordingly

Today, advanced semiconductors are single packages comprised of disparate components, multiple dies that enable new levels of systemic PPA efficiency. But it’s precisely that complexity that provides greater opportunity for security threats to do damage.

In addition to attacks on the software stack, attacks on hardware can not only do damage, but also assist the software damage. This includes hardware trojans, temperature or laser-generated faults, RF and power side-channel attacks, and much more. Although it’s been used for decades, code coverage at signoff isn’t enough for quantifiable assurance. This is because weaknesses or vulnerabilities can be buried in the data of the hundreds (or more) waivers needed when an error or issue is identified. While code coverage at signoff can be helpful to check for rare or no-toggle coverage (indicators of a trojan), you’ll never have 100% code coverage, and it won’t cover the enormous attack surface through the lifecycle.

Microelectronics Supply Chain Threats and Defenses
Defending an Enormous Attack Surface Through the Lifecycle

microelectronics supply chain
While attacks exploit weaknesses and vulnerabilities, the adage, “the devil is in the details,” holds true here. Each of these threat buckets has a significant number of sub-buckets that provide opportunity for breaches. Synopsys is working to address each area in addition to methodologies for secure design in the cloud. (Partial Reference: CAD for Assurance – CAD for Assurance of Electronic Systems.)

Securing your devices is an ongoing cat-and-mouse game where you will need to predict, prevent, detect, withstand, respond, and adapt to threats in an everchanging security environment. A key challenge is that there are more opportunities through time to breach the system.

Future Proof Your Chip Designs from Security Threats

Constant learning and agility and choosing the right security strategies can help you manage your risks. Here are five strategies to help you stay ahead of nefarious players:

  • Strategy 1: Follow Standards-Based Principles—Although security standards for microelectronics are only recently developing, it is good to follow standards practices, such as process, security mechanisms, and testing, and a third-party certification or review.
  • Strategy 2: Minimize Attack Surfaces—With security, we concern ourselves with systemic and targeted faults. Systemic faults can be avoided by having good design and verification practices with a full-featured EDA flow and verified IP. Eliminating weaknesses and vulnerabilities (MITRE Common Weakness Enumeration, CWE) using design, verification, and analysis tools that are designed with security in mind, such as the efforts being forged through the Rapid Assured Microelectronics Prototypes (RAMP) program.
  • Strategy 3: Use Model-Based Engineering and Silicon Lifecycle Management—Find safety and security issues prior to taping out by using virtual models of your system, including software and hardware called digital twins. Then, use silicon lifecycle management sensors and analysis to detect, prevent, and respond to attacks throughout the supply chain and system lifecycle.
  • Strategy 4: Prepare to Protect Your System Against Quantum Computers—Using larger keys (for example, 256-bit) at a lower security level (128-bit) can make symmetric cryptographic algorithms post-quantum-computer (PQC) resistant. Asymmetric cryptographic algorithms (public key algorithms) are a little more challenging because quantum computers will be able to break most Rivest-Shamir-Addelman (RSA) or Elliptic-Curve-Cryptography (ECC) based schemes.
  • Strategy 5: Choose the Right Partners to Help Secure Your Supply Chain—Vet your partners for strong experience, capabilities, and compatibility in the security space. Many companies will talk about security, but deeper conversations will reveal solution maturity and level of investment. A good place to start might be with the Hack@Event partners.

Use the Leading Tools, Solutions, and Silicon Lifecycle Management Methodologies to Foil Bad Actors

When there are so many points of entry, it’s important to not only plug in the security misses, but also to look at the security landscape holistically to create a systemic, reinforced security fabric. Synopsys is unique in the industry because we not only have the leading portfolio of software, tools, and solutions to fortify you against attacks, but our comprehensive approach reduces risk from silicon to software and beyond. While nothing is 100% secure, Synopsys system and software security solutions help you keep your security risks as low as possible, including:

A Deep Bench of Experience and Dedication to Solving Security Challenges

Synopsys safety and security credibility comes from our longstanding work with partners such as the U.S. Government in programs like the Defense Advanced Research Projects Agency Automated Implementation of Secure Silicon (DARPA AISS) to ensure that security is at the forefront of design parameters along with PPA. We also are part of the Department of Defense Rapid Assured Microelectronics Prototypes (DoD RAMP) programs for secure design on Microsoft Azure cloud. We additionally work with partners such as Texas A&M University and University of Florida to embed security knowledge directly into our tool flow. This embedded knowledge can be added through the design process for baseline security. The production solutions coming from AISS and RAMP are intended to democratize security to enable the IC developer while enabling security experts to focus on security reviews instead of security design.

Beyond our technology, we are also building technical sales and services, marketing, and a strong information security (infosec) capability to support secure development, whether on-prem in your enterprise or in the cloud. As the fourth dimension of semiconductor design, we make security a priority in all that we do, from our system-level software SoC and FPGA technologies to silicon lifecycle management and manufacturing test solutions. If you would like to learn more about how you can keep your designs secure sign up for our Aerospace and Government newsletter or contact us.

In Case You Missed It