The International Test Conference India 2020 (ITC India 2020) commenced virtually today. Ms. Deirdre Hanford, Chief Security Officer, Synopsys, delivered the keynote on ‘Keys to hardware security and test.’
There are three growing markets for semiconductors — AI, automotive and IoT. These increase the need for safety, security and reliability. In security, we are always trying to play defence. Eg., hackers broke into a casino’s high-roller database through a fish tank. Or, a deep flaw in your car can let hackers shut down safety features. The semiconductor industry needs to understand security.
Synopsys discusses power, performance and area with customers, and now, security. We have a new term – PASS – power, area, speed and security. Hacking hardware can be for economic gain, IP theft, sabotage and espionage. Reverse engineering is the realm of the hacker too. Side channel is another area. It could be power, emissions of the device, etc. The RSA sequence needs to be monitored.
Next, there can be malicious hardware or trojans. There can be some malicious content on your device, unknowingly. Trojans can be broken up and create some sabotage. We need to be careful about unintended trojans. Hacking can also be done on the supply chain. Devices are designed globally. There are opportunities to inserting damages to any device.
The semiconductor threat landscape is diverse. In design, there can be IP theft and malware insertion. Being a security target is costly. The average total cost of data breach can be $8.19 million. Companies are now buying cyber insurance.
Zero trust security model :
Zero trust security model is now part of the semiconductor industry. The notion of zero trust is different. You use automation, etc., to decide whether you can trust the device. Synopsys was awarded the DARPA contract for automatic implementation of secure silicon program. The goals are a threat-resistant design, configurable, ease-of-use, comprehensive and impactful.
Basic SoC architecture has the CPU and accelerators, DRAM controller, GPU, etc. You add root-of-trust or secure enclave. You can build on the secure foundation of the SoC. There are access-controlled entities. We can have secure storage with key management. There can be secure debug and test access, and secure update. There can be identification and authentication. You can clamp down on access from unauthorized sources. There are firewalls and access filters to resources and modes. There are policy limits on subsystem connectivity. Memory ranges are protected and encrypted.
There are design-for-security solutions available. There is logic locking, obfuscation, encryption and watermarking. You can decide whether a design is legitimate. Scan access is hacker access. We have combinational logic. DFT fabric also extends to package edge. There must be locking functions that can be added. Opposing forces demand co-ordinated solutions. Obfuscation and locking logic are also important. They can be unlocked only with a secure key.
Certain portions of a design can be locked off. Optimization also needs co-ordination. We can clone for security reasons. These are simple examples. In ATPG, we look at high coverage in test mode, and have 100 percent test coverage. Is that a secure key? Where does the tester come from? You can do identity asset management via the cloud. There needs to be a very secure connection. There should be authentication, authorization, etc.
Synopsys has introduced the silicon lifecycle management platform. Monitors and sensors are intelligently embedded throughout the chip. Rich data set feeds the analytics engine that enables the optimizations at each lifecycle stage. On-chip security is critical to ensuring the authorized access to data.
There are lot of design for security initiatives at Synopsys. We are offering DesignWare security IP solutions with broad portfolio of certified and standards compliant hardware and software solutions. Security verification is very important. There is formal analysis with datapath leakage and data integrity. Fault simulation can be done modelling malicious attacks.
Chief Security Officer, Corporate Staff, Synopsys.