Protecting advanced computing infrastructure and the electronic devices that underpin our global economies, businesses and personal lives is essential in the face of growing cybersecurity threats. Cybersecurity protections have traditionally been focused on safeguarding software running on an existing electronic system that can be exploited by malware, trojans, or other malicious code. These threats can be hidden deep within an application, operating system, or BIOS.
However, we can no longer give short shrift to the possibility that security threats can infiltrate chip design. Malicious logic can lurk in the design, waiting to be triggered after the chip is manufactured and inside an electronic system. Recent headlines point to the vulnerability of hardware and how cyber threats now target the very building blocks of our digital infrastructure [1,2,3,4].
Hardware design threats can be introduced at various stages of the design flow including specification, architecture, RTL, gate, circuit, or layout. Addressing these threats during semiconductor design will require the industry to acknowledge the issues and re-think how designs are conceptualized and developed so that vulnerabilities can be mitigated as early as possible.
The Pre-Silicon Duo – Hardware Design Threats and Where They Can Be Introduced
Two general categories of threats can be introduced during chip design. The first are unintentional design flaws that can be created by synthesis and optimization processes. Unlike software bugs that can be patched, these flaws are buried in the device’s circuitry and are a permanent part of the IC.
A second general category of threats are called hardware trojans – intentional malicious modifications introduced during the design phase. They often lay dormant and undetectable until a specific condition or trigger activates them.
At the architectural level, flaws can compromise the entire system's security or performance. For example, a poor choice of encryption algorithms or a weak random number generator can expose the system to attacks.
At the register transfer level (RTL) level, trojans can be inserted to manipulate the logic, diverting the intended data flow or leaking sensitive information. Similarly at the gate-level netlist, malicious logic gates can be introduced, or existing gates tampered with, that affect overall functionality.
Security vulnerabilities introduced in the physical layout of circuits and transistors are very challenging and difficult to detect. At the transistor level, the physical characteristics of selected transistors can be modified to introduce unexpected behaviors or even damage the hardware. At the layout level, trojans can be embedded within the physical layout layers of the chip, making them almost impossible to detect prior to manufacturing.
Gaps and Challenges in Chip Design Process
The enormity of the security threats that can arise during the chip design process is a bit overwhelming. Solutions today can be deployed to address the threats at specific points during the design flow. However, since these solutions don’t span the entire design flow, gaps can be exploited at any abstraction layer. The chip design industry needs a comprehensive solution that secures the design flow from hardware threats, end-to-end. Addressing security concerns once the design has been handed off to the manufacturer is not only impractical but can be extremely expensive and cause delays or even lead to the cancellation of a chip project.
The idea of shift-left, now widely accepted within the general topic of chip design and verification, is to move up decision-making and verification as early in the design process as possible to streamline subsequent steps in the flow. A similar approach is needed for catching security flaws during the design process. By shifting left, chip designers can identify vulnerabilities early in the design process so that they don’t become more significant security issues that are harder to detect later in the flow.
Addressing these threats and developing an approach to securing the design process will require input, collaboration, and consensus building across the industry. With hardware integrity the bedrock of a secure and efficient connected world, design and verification tool providers, chip designers and industry leaders all need to participate in the discussion.
What Do You Think?
Industry input will be vital for us to better understand today’s cyberthreats to the chip design flow and how we move forward. We invite you to participate in a survey so you can weigh in with your concerns, experiences, and insights into hardware security during the design process.
On Thursday, March 14, industry experts will dissect the challenges, propose solutions, and chart the path forward during a webinar panel discussion presented by the ESD Alliance and Silicon Assurance. The webinar will include an audience Q&A session. Registration is open for this free event.
References:
[1] Newsroom, Apple Rolls Out Security Patches for Actively Exploited iOS Zero-Day Flaw, the hacker news, Oct 5, 2023
[2] Lakshmanan, Ravie, China Bans U.S. Chip Giant Micron, Citing Serious Cybersecurity Problems, the hacker news, May 23, 2023
[3] Mutschler, Ann, The Threat of Supply Chain Insecurity, Semiconductor Engineering, Sep 7, 2023
[4] Venables, Phil, Google researchers discover 'Reptar,’ a new CPU vulnerability, Nov 14, 2023
Pavani Jella is Vice President of Hardware Security EDA Solutions at Silicon Assurance. Robert (Bob) Smith is Executive Director of the ESD Alliance, a SEMI Technology Community.