Last month I was on my way to write a detailed article on important aspects to look at while designing an SoC. This was important in the new context of modern SoCs that go much beyond the traditional power, performance and area (PPA) requirements. I had about 12-13 parameters in my list that I couldn’t cover in one go, so I put the write-up of first six parameters into a blog, “SoCs in New Context Look beyond PPA”. Security is definitely one of the most important parameters in my list, but I couldn’t cover that in the first blog. It was nothing to do with the importance of the parameters, but just a sequencing of those. It’s obvious how intricately our community is looking at the security aspects in SoCs; immediately after that blog was published, the first comment I received is that it missed ‘security aspect’!
Earlier, security was considered to be a software issue that could be patched. But today with the advent of IoT and SoCs encompassing several aspects of the whole system, it’s much more severe extending into hardware and also complicating the software issue with authentication, encryption, traceability, and so on. A hardware security breach stays there; it can’t be patched, so security proofing of hardware has to be considered upfront from SoC design stage. Similarly software architecture has to be considered along with the SoC design.
I’m yet to start writing the second part of my SoC article. But before that, as the DAC 2015 is approaching, I browsed through the DAC agenda. I’m amazed to see that it covers almost every aspect about security beyond what I was contemplating. As always, DAC provides a great indication about the way our semiconductor industry is progressing. I’m convinced that the future of semiconductor world will become fully secure. There are a host of events on security including keynotes, tutorials, SKY talks, special sessions, research paper sessions, and panels. It would be difficult to talk about all of them here, but I will try to highlight some of the important ones that enticed me. While I dive deep into some of those after knowing more about them in the actual DAC presentations, here is a list of items that are worth attending.
Tutorials on June 8, 2015
Building Secure Hardware and Software Systems – 10:30am – 12:00pm, 1:30pm – 3:00pm
Todd Austin from univ. of Michiganand Jin Yang from Intel will talk all about hardware and software breaches that happen today and how to prevent them through pre-emptive and reactive design techniques.
Introduction to Hardware and Embedded Security – 1:30pm – 3:00pm, 4:30pm – 6:00pm
Mark Tehranipoor from univ. of Connecticut, Miodrag Potkonjak from univ. of California, and Ronald Perez from Cryptography Research, Inc. will talk about design and test of powerful security primitives such as Physical Unclonable Functions (PUFs), public PUFs (PPUFs), True Random Number Generators (TRNG), and silicon odometers to meter device usage. Hardware Trojans and Counterfeits detection, prevention and open challenges. Foundations for on-chip security with a novel concept of ‘Root of Trust’ applied to semiconductors and semiconductor IP lifecycle.
There is also a research paper session 39, “Arms and Armor for the FUTURE” on June 10, 1:30pm – 3:00pm that focuses on these concepts and provides an insight into security-enhanced processors mitigating software vulnerabilities, innovative characterization and emulation methods empowering PUFs, hardware verification methods for Trojan detection , and so on.
There is another research paper session 53, “got security?” on June 11, 10:30am – 12:00pm that talks about optical imaging and formal verification methods for hardware Trojan detection, novel watermarking and obfuscation techniques to protect IP at chip and PCB levels respectively, on-chip voltage regulators that suppress side channel information leakage, and a novel TRNG design for FPGAs.
Keynote on June 10, 9:00am – 10:00am
Cyber Threats to Connected Cars: Staying Safe Required More Than Following the Rules of the Road
Moderator: John McElroy from Blue Sky Productions, Inc. John is also the host of Autoline Daily.
These gentlemen, veterans of cyber security in automotive, will talk about how vehicles can continue to evolve and support internet capability via WiFi and cellular data network, connect to mobile computing platforms via Bluetooth, provide GPS navigation, and automatically link to manufacturers to help with diagnostics. Cars need to be much more secure than computers at home!
Then there are great special paper sessions:
Special session 32: The Fourth Industrial Revolution: Security and Privacy Challenges in Industrial IoT on June 10, 10:30am – 12:00pm
Special session 46: Securing Cyber-Physical Systems (CPS): from Surveillance to Transportation and Home on June 10, 4:30pm – 6:00pm. In this session, speakers from government agency, industry and research institutions will join to introduce security challenges in several critical CPS domains. They will also present promising approaches in quantitative modeling, simulation and analysis of security elements, and in automated security-aware optimization and verification.
Special session 61: Validation, Validation, and Validation: The 1-2-3 of Secure SoCon June 11, 1:30pm – 3:00pm. This session will include both pre-silicon and post-silicon validation techniques including SoC security architectures.
Special session 69: The Lifecycle of Secure Chip Design on June 11, 4:00pm – 5:30pm. This deals with the whole design lifecycle of a cryptographic chip.
Do not forget to attend some of the SKY talks, they are like mini keynotes and are really interesting. There is one, “On the Matter of Trust” on June 11, 3:30pm – 4:00pm. This will be presented by Kerry Bernstein from DARPA (Defense Advanced Research Project Agency). He will talk about various kinds of electronic threats around us and the ideas DARPA is developing to mitigate them.
There is a panel discussion too, titled “Design for Hardware Security: Can You Make Cents of It?” on June 9, 1:30pm – 3:00pm. The panellists include industry veterans, academicians and researchers and it’s moderated by Saverio Fazzari from DARPA. This is an interesting discussion which highlights the vulnerability of hardware to security compromise, but still hardware takes a back seat in dealing with security. What should be done? Is there enough incentive in hardware security? Who should pay?
It’s a great opportunity exploring security issues, challenges, solutions, policies, regulatory, and so on in this DAC!