Writing for Semiconductor Engineering, Ernest Worthman describes the challenge of securing chips as a “foot race” between the good and bad guys.
“Going forward, expect heavily funded, grouped efforts to place tremendous pressure on security envelopes,” Worthman explains.
“This includes everything from simple home devices, such as routers, to the most critical infrastructures, such as power, telecom, transportation, and soon, the IoT.”
As Worthman notes, the number one challenge is convincing the entire industry supply chain to acknowledge the value of security. According to Paul Kocher, president and chief scientist at the Rambus Cryptography Research Division, revisiting chip speed and cost is just one paradigm that will have to be re-examined in this context.
“We have solved the first, elementary problem of making chips acceptably fast and acceptably cheap to manufacture. We have gotten really good at exercising that optimization muscle,” Kocher told Semiconductor Engineering.
“[Nevertheless], there are some issues that we need to look at, around security that will require sacrificing some of the gains we have made, in terms of speed and cost. This will certainly present some new engineering challenges as well as cultural challenges.”
One specific area identified by the Rambus chief scientist is one where mature devices work well with minimal innate security – with function and cost having been optimized at the expense of security.
“Such devices function reasonably well, but the failure modes are uncertain or complicated, especially when it involves design or human errors,” he continued. “One way to address this is to take a calculation and, rather than one piece of circuitry do it, have two pieces of circuitry do it. Each circuit can use separate approaches. If they don’t yield the same answer, then something is wrong.”
Another area of IC security flagged by Kocher is the manufacturing process, which faces the challenge of developing viable solutions to make factory environments with untrusted elements more secure.
“For networks that are tightly monitored, you don’t really want the [security] keys to be part of monitoring data, or having the test tractions being sent over to whomever is managing the secrets for the process,” he said.
“[However], there are solutions that can be implemented, such as applying a Diffie-Hellman key exchange scenario. The fact that such solutions can be done, mathematically, has been known for a long time, but the engineering to bring such capabilities into mainstream manufacturing hasn’t, for the most part, actually been implemented in chip factories.”
As Kocher emphasizes, successfully making the case for robust security remains a significant hurdle all along the supply line.
“The [primary] challenge is how to make the security technology help everyone from the chip manufacturer to the end user,” he added.