Semiconductor Engineering editor-in-chief Ed Sperling recently noted that the long-anticipated move to 2.5D and fan-outs raises a number of familiar questions about security.
“Will multiple chips combined in an advanced package be as secure as SoCs where everything is integrated on the same die? The answer isn’t a simple yes or no,” he opined. “Put in perspective, all chips are vulnerable to side channel attacks, hacking of memory—a risk that increases with shared memory—and monitoring of I/O over many different protocols and communications possibilities involving the Internet of Everything (IoE).”
Indeed, as Sperling points out, practically all SoCs feature multiple third-party IP blocks ranging from memory, memory controllers, I/O blocks, as well as processors, accelerators and power management modules.
“What changes with fan-outs is that more of the components that typically would be on a PCB are included inside the package,” he explained. “For a 2.5D chip, it would include multiple chips connected through high-speed interconnects such as interposers or bridges.”
How those pieces are connected, says Spering, as well as how secure the chips themselves are, will determine whether a 2.5D configuration is more or less vulnerable to attack.
Steven Woo, VP of solutions marketing at Rambus, expressed similar sentiments, noting that a number of interconnects in a 2.5D configuration will become less accessible with reduced visibility.
“When that happens, it becomes harder to attach to and monitor individual signals,” he confirmed. “Regarding cache coherency, there’s probably little inherent effect one way or the other. However, there can now be much more capacity available in the 2.5D and 3D stacks, such that caches have to be managed more effectively to account for the higher capacities.”
Perhaps not surprisingly, companies currently developing technology related to 2.5D and fan-outs are quite cognizant of security issues.
“From an external perspective, it’s not about some chip or package or board. If there is a physical attack, it’s more difficult to get access to a fan-out because of the package than a PCB and maybe an SoC,” Linley Gwennap, founder and principal analyst at the Linley Group told Semiconductor Engineering. “The software is likely going to be the same. But there’s more to the security picture than just the physical package, [as] the reduction in power needed to drive signals also makes it more difficult to detect them in the case of a physical attack.”
While such attempts may be difficult, says Sperling, they are certainly not impossible, as scanning electron microscopes, grinders, probes, monitoring of signals in and out of memory, are the new weapons of serious attackers.
“Given the rise in security breaches, and the concern for improved security, the whole semiconductor world may be adopting security much more quickly than anyone would have considered possible five years ago,” Sperling concluded. “But knowledge is growing on both sides of the fence, good and bad, and hardware, firmware and embedded software increasingly will be part of the attack surface, no matter how good a design looks on the drawing board.”
Interested in learning more? The full text of “Security in 2.5D” by Ed Sperling is available on Semiconductor Engineering here.