webinar banner2025 (1)
Semiconductor Expert Forum

Posted on

On-Chip Networks at the Bleeding Edge of ML

On-Chip Networks at the Bleeding Edge of ML
by Bernard Murphy on 11-29-2018 at 7:00 am
Categories: AI, Arteris, IP
3 Comments

I wrote a while back about some of the more exotic architectures for machine learning (ML), especially for neural net (NN) training in the data center but also in some edge applications. In less hairy applications, we’re used to seeing CPU-based NNs at the low end, GPUs most commonly (and most widely known) in data centers as the workhorse for training, and for the early incarnations of some mobile apps (mobile AR/MR for example), FPGAs in applications where architecture/performance becomes more important but power isn’t super-constrained, DSPs in applications pushing performance per watt harder and custom designs such as the Google TPU pushing even harder.


At the high end, there is no pre-agreed set of “best” architectures. Everyone is experimenting to find the best performance per watt for their application. This is tricky. There are some needs in common with conventional computing – you want to quickly read in data, process computations, access and store to memory. However, maximally exploiting the spatially distributed nature of NN algorithms for performance and power pushes architects to distributed compute, most commonly in grids, rings or tori. These also exploit memory hierarchies, also distributed, and high-bandwidth memory (HBM) for bulk memory off-chip (or off-die in 2.5/3D packaging).

These architectures naturally push chip size, in the example above to 400mm[SUP]2[/SUP] and larger sizes are not uncommon. So now you have a hard problem in getting to timing closure across that big die. And if that wasn’t enough, ML typically requires massive amounts of data to be broadcast for image map and weight updates. So bandwidth demand in these systems can be huge, creating potentially massive traffic congestion and power problems.

Arteris IP has been working for many years with customers using ML technology, supporting near real-time inferencing at the edge with the likes of Mobileye, NXP, HiSilicon and others. But now they’re finding multiple companies wanting to support training at the edge, one very active direction for them coming from camera makers. And they’re seeing more activity around ML training acceleration in the datacenters. Of customers Arteris IP has announced, Baidu seems like an obvious fit here. Which in itself is interesting. After all, don’t NVIDIA dominate this space? Again, everyone’s looking for differentiation, not something you’re going to find if you’re just using the same platform everyone else is using. Not that Tegra isn’t a great solution but if you want to be at the bleeding edge, adding your own secret hardware sauce to your ML pipeline can be a way to pull ahead.

So what does all of this take? First, if you have distributed compute, you’re going to need an on-chip network to connect all of those compute nodes and the on-chip memory hierarchy and the off-chip memory. But it’s not quite as push-button as generating the grid in the opening graphic. In a strong NoC solution maybe you can dial in rings and tori, but these architects need more. Performance (and power) depends on very tightly coupled memory, so they want to embed local caches in the configuration. But there’s no fixed formula for where; they want to experiment to understand latencies and PPA implications. Those architects want to be to interact with network generation, to control where they want holes in the grid for memory blocks.


This goes further. High-end ML architects even want to tune the routers in the network they build, for example to add pipeline stages or FIFOs, or change the number of masters or slaves for a router or just one of the corner routers. All of these needs have implications for the architecture of the NoC generator. The standard method is compiler-centric. You dial in a bunch of parameters, interact through an interface to control details and generate. Which works very well in the processor and IP centered world for which this flow has been optimized over many years. But ML architects don’t have a standard recipe. They want to fool with almost everything, but they still want the benefit of automated generation, with all the flexibility of being able to customize the topology and the routers through that interface.

This is the first of 3 advances offered in Arteris IP’s just-announced AI package, available as an option to their recent FlexNoC4 release. They told me they have been working on this (and other features I mention below) for multiple years with their ML-driven customers. Kurt Shuler (VP Marketing) tells me these they’ve been responding to their customer ML needs, polishing and productizing this stuff for quite a while.

So, flexible network architecture (both logical and physical) while preserving the benefits of automating generation? Check. What about the big-die/timing closure problem? In general, timing closure across huge die isn’t a new problem. It’s very difficult to balance a clock tree across the full span of the design, so the standard solution is to use some kind of globally asynchronous, locally synchronous design technique. A popular solution is source-synchronous clocking; you forward the clock along with the data between locally synchronous domains. FlexNoC 4 includes support for a very lightweight approach that achieves this goal while minimizing congestion. The technology also provides support for multiplexing wires over long distances (again to mitigate congestion) using something they call VC-Links. Incidentally this solution is integrated with the Arteris IP PIANO timing closure package, so an architect can see where obstructions are and add virtual channels as needed.

Finally, there’s the bandwidth problem. One aspect is broadcast; how do you distribute lots of data to many destinations without dragging the whole system down? Through intelligent distribution is the Arteris IP answer. Distribute to a limited number of broadcast stations close to the destinations, then have those stations distribute locally. Obvious when you see it, but this requires a solution that supports architecting those broadcast stations into the network.

For traffic jams at HBM, the package provides methods to maintain high utilization of all connections into the memory controller through interleaving between initiators and targets, reorder buffers, traffic aggregation and data width conversions and support for very wide (1024 bits) connections where needed. Arteris IP have also added optimizations for datapaths, supporting up to 2048 bits wide.

All of which reinforces that design for AI/ML is not the same as design for traditional SoC components. The challenges are different and they require significantly enhanced solutions. You can learn more about FlexNoC 4 and the AI package HERE.

Posted on

Designer babies are here ready or not!

Designer babies are here ready or not!
by Vivek Wadhwa on 11-28-2018 at 12:00 pm
Categories: General
3 Comments

A Chinese scientist from a university in Shenzhen claims he has succeeded in creating the world’s first genetically edited babies. He told the Associated Press that twin girls were born earlier this month after he edited their embryos using CRISPR technology to remove the CCR5 gene, which plays a critical role in enabling many forms of the HIV virus to infect cells.

Whether the claims are true or false, one thing is clear: We are entering an era of designer babies. Scientists will soon be able to edit human embryos with the aim of eliminating debilitating disease, selecting physical traits such as skin and eye color, or even adding extra intelligence. Our understanding of the effects of the technology is in its infancy, however.

The technology is CRISPR: clustered regularly interspaced short palindromic repeats. Discovered by scientists only a few years ago, CRISPRs are elements of an ancient system that protects bacteria and other single-celled organisms from viruses, acquiring immunity to them by incorporating genetic elements from the virus invaders. CRISPRs evolved over millions of years to trim pieces of genetic information from one genome and insert it into another. And this bacterial antiviral defense serves as an astonishingly cheap, simple, elegant way to quickly edit the DNA of any organism in the lab.

Until recently, experimenting with DNA required sophisticated labs, years of experience, and millions of dollars. The use of CRISPRs has changed all that. CRISPRs work by using an enzyme — Cas9 — that homes in on a specified location in a strand of DNA. The process then edits the DNA to either remove unwanted sequences or insert payload sequences. CRISPRs use an RNA molecule as a guide to the DNA target. To set up a CRISPR editing capability, a lab only needs to order an RNA fragment and purchase off-the-shelf chemicals and enzymes, costing only a few dollars.

Because CRISPR is cheap and easy to use, it has both revolutionized and democratized genetic research. Thousands of labs all over the world are experimenting with CRISPR-based editing projects. There are few regulations worldwide, even in the United States, largely because regulators don’t understand what has become possible. China has taken the lead because it puts scientific progress ahead of all concerns. It has made the most astonishing breakthroughs.

In 2014, Chinese scientists announced they had successfully produced monkeys that had been genetically modified at the embryonic stage. In April 2015, another group of researchers in China published a paper detailing the first ever effort to edit the genes of a human embryo. The attempt failed, but it shocked the world: this wasn’t supposed to happen so soon. And then, in April 2016, yet another group of Chinese researchers reported it had succeeded in modifying the genome of a human embryo in an effort to make it resistant to HIV infection.

The intentions may be good, but this has transgressed a serious boundary. We know too little to predict the broader effects of altering or disabling a gene. In the 1960s, we imagined rather naïvely that as time went by we would understand with increasing precision the role of each gene in making us what we are. The foundation of genetics for decades, once biology’s Central Dogma, was the hypothesis that each gene codes for a single protein. Knowing the correspondences, we would have tools useful not only for research but also for curing and preventing disease with a genetic basis and perhaps for augmenting human evolution.

The one-gene-one-protein Central Dogma, though it continues to pervade our common beliefs about genetics, underwent conversion when scientists realized many proteins comprise several polypeptides, each of which was coded for by a gene. The Dogma therefore became one gene, one polypeptide. But what sounded the entire Dogma’s death knell was the discovery in the early 1970s that a single gene can code for more than one protein. The discovery that the human genome contains only about 30,000 genes to code for some 90,000 proteins brought that home; but what makes our understanding appear spectacularly inadequate is the discovery in 2000 that a single gene can potentially code for tens of thousands of proteins.

In a nutshell, we don’t know the limits of the new technologies, can’t guess what lifetime effects a single gene alteration will have on a single individual, and have no idea what effects alteration of genes in sperm or ova or a fetus will have on future generations. For these reasons, we have no knowledge of whether a particular modification of the human germline will be ultimately catastrophic, and no basis for considering that tampering with heritable genes can be humane or ethical.

With an awareness of our ignorance in this area, the 2015 announcement of genetic modification of a human embryo led to global debate, and a handful of governments temporarily banned gene editing of live human embryos as well as the genetic modifications of the human germline (the DNA that will create future generations) for imparting beneficial traits such as height or intelligence. But in February 2017, an advisory body from the National Academy of Sciences announced its support for using CRISPR to edit the genes of embryos to remove DNA sequences that cause serious heritable diseases. And the Chinese are clearly proceeding with experimentation too, as the announcement by Shenzhen researchers showed.

The reality is that we have arrived at a Rubicon. Humans are on the verge of finally being able to modify their own evolution. The question is, can we use this newfound superpower in a responsible way that will benefit the planet and its people — or will this be a race for scientific glory and profit?

This article is partly derived from my bookThe Driver in the Driverless Car: How Our Technology Choices Will Create the Future.

Posted on

Achronix Assists Academics

Achronix Assists Academics
by Tom Simon on 11-28-2018 at 7:00 am
Categories: Achronix, AI, eFPGA, FPGA

In every semiconductor related field, innovation is the name of the game. Academic, non-profit and government research has been a consistent source of innovation. Look back at the US space program, basic science research and even military programs to see where much of the foundation of our current technological age came from. Indeed, you might not be sitting in front of your computer on the internet now, had it not been for ARPA’s work in developing internet hardware and protocols. Fortunately, there is a long tradition of leading technology companies helping facilitate advanced research.

Achronix, a company with a potentially game changing product for embeddable FPGA fabric, just announced a program to give access for their technology to academic and research entities. Their Research eFPGA Accelerator Program will allow researchers to use preconfigured Speedcore eFPGA IP for their research projects. While a commercial company would probably want a fully configurable and optimized Speedcore block, researchers can work with preconfigured blocks. This helps Achronix by lowering support costs and allowing the process run more quickly.

I recently spoke to Steve Mensor, VP of Marketing at Achronix, about this program to better understand what they want to accomplish. He said that because embeddable FPGA is new, there are lot of interesting problems that it can solve. He sees this program as a win-win. Achronix can learn from new usage scenarios that researchers devise, at the same time researchers benefit from being able to apply new technology. He is hoping that this program leads to many new ideas.

It’s also safe to say that once students and researchers learn how eFPGA and the tools used in the flow work, down the road they may find other new applications, either academic or potentially even commercial. Steve says that this will be a big benefit to users that have low volumes and could not afford the cost of developing new instances. Using preconfigured IP is cost effective for everyone involved, and there is no real penalty in area – due to the low volumes.

Achronix will supply fully qualified and characterized, silicon proven blocks on TSMC 16 FF+. They anticipate that AI/ML will be a big application area. eFPGA offers low latency, programmability and acceleration of parallel processing for AI/ML designs.

In addition to purely academic users, Achronix also has announced a program called the Test-Chip eFPGA Accelerator Program will help startups and small companies, and others, by making it easy to try out new architectures in silicon that use eFPGA fabrics. This program will let companies produce evaluation volumes of SOCs that use their eFPGA fabric. Just like the academic program, it will use pre-verified silicon blocks on TSMC 16 FF+.

Steve is betting that once institutions and companies try out eFPGA and their ACE tool set, they will see significant benefits. In the case of commercial users, this creates a lower cost and safe means to start building products with eFPGA. The Achronix website has full details on how to participate in both of these new programs.

Posted on

Is IP SoC 2018 Still Alive? Better than Ever!

Is IP SoC 2018 Still Alive? Better than Ever!
by Eric Esteve on 11-27-2018 at 12:00 pm
Categories: Events, IP, IPnest, Semiconductor Services

The 21[SUP]st[/SUP] IP-SoC Days conference will be held in Grenoble, France, on December 5-6, 2018. IP-SoC is now the unique IP centric conference, with presentations reflecting the complete IP ecosystem: IP suppliers and foundries, external IP or internal reuse managers. Look at the program, you will see the hot topics covered during the conference, like Security, AI and Safety, Edge Computing and IoT, new trends in IP (eFPGA, Analog IP reuse), IP tracking or IP management. And like a new mantra, low power and energy efficiency!

When I remember 5 years back, in 2013, IP-SoC was taking place in a large auditorium (for the keynotes and main sessions), plus a few rooms for the other sessions. The problem was that the auditorium was far to be full, and the attendees had the perception of a declining conference. We must insist on the word “perception”, and this perception was coming from the fact that the auditorium was just too large. Pr. Gabriele Saucier, founder of D&R and running IP-SoC, was cleaver enough to get the point and find the right solution. It was to organize IP-SoC in another place and make the conference more focused. Last year, the room was full and the audience very attentive.

It’s even more important for the IP ecosystem to rely on the IP-SoC days for networking when you hear the rumors about the DAC future! Don’t expect me to comment these rumors. Being part of the DAC IP Committee, it wouldn’t be wise, moreover, I don’t know the outcome about the next DAC.

Listing some presentations to be given at IP-SoC, I will start with “Design IP Status & 5 Years Growth”, as the presentation is from IPnest and I will present it. IPnest customers and Semiwiki readers will recognize the first 3 slides, extracted from the Design IP Survey and the Interface IP 2013-2022 Survey. Starting from the next slide, IPnest will propose a new forecasting method, in order to provide an accurate 5 years, or even 10 years total IP market Forecast.

As I have recently read some data from analyst predicting that the IP market will weight $10 billion by 2022, I realized that we (the industry) need to have access to realistic data. Realistic data means that you search for a solid methodology, use the IP market know-how to fine tune the equation. By this means, IPnest comes to $6 billion in 2022 for the IP market (already +50% compared with 2017).

I am sorry if $6B doesn’t sound as amazing as $10B, but that’s the result coming from an innovative method (very similar with the EDA market size evaluation as given by Wally Rhines in Semiwiki in this post). I don’t say much, as I prefer to keep the exclusivity to IP-SoC attendees and IPnest loyal customers… (please note that I will NOT post the presentation on the conference web site, you will have attend to it live!).

If you come to Grenoble, you will have the opportunity to attend to 20 presentation on December 5[SUP]th[/SUP], the first day, enjoy wine testing on the evening (and a banquet!) and the next day to watch another 14 presentations and a panel. This panel will discuss about technology transfer from research center to the industry, taking as an example the FD-SOI success story. If you read Semiwiki since 2013, you know about the numerous articles written about FD-SOI (300 000 views in total).

Most interesting topics, to my opinion, (extracted from the ten sessions):

 

  • Security IP
  • Low Power Challenge and Power Management
  • RISC-V Ecosystem
  • New IP Trends
  • Analog Design

IP-SoC 2018 will be as usual an high level conference, where complexes engineering topics are addressed by industry experts, not just a marketing fest! That’s why the conference is not only still alive, but better than ever!

IP-SoC conference will be located on December 5-6 in Hôtel EUROPOLE, 29 rue Pierre-Sémard, Grenoble France,

And you can register here

See you on Wednesday 5[SUP]th[/SUP] December in Grenoble

From Eric Esteve from IPNEST

Posted on

The Disconnect Between Semiconductor and Semiconductor Equipment Revenues

The Disconnect Between Semiconductor and Semiconductor Equipment Revenues
by Robert Castellano on 11-27-2018 at 7:00 am
Categories: Information Network, Semiconductor Services
4 Comments

Historically, the semiconductor and semiconductor equipment industry were inextricably linked due to the cyclical nature of the chip industry. An increase in semiconductor revenues was followed within a short period with an increase in equipment revenues, as semiconductor companies purchased equipment to make more chips to increase capacity. In down years, semiconductor companies stopped purchasing unneeded equipment.

Chart 1 illustrates the cyclical nature of the industry between January 1991 and the end of December 2010.


Chart 1

Chart 2 shows that since 2011, this link between semiconductor and equipment revenues has been broken. Semiconductor revenues (red line) have continued to increase unabated, while equipment revenues (blue line) have begun a steep drop since June 2018.


Chart 2

If we compare Chart 1 with Chart 2 and focus on the trendlines, between 1991 and 2010 (Chart 1), semiconductor revenues growth was significantly more positive than equipment revenues. However, between January growth between the two sectors has been nearly identical, despite the cessation of the concurrent peaks and valleys of a cycles. This suggests that the semiconductor and equipment industry, although still cyclical, are independent of each other.

This presents a conundrum for analysts, including myself. The disconnect between semiconductor equipment capex spend by semiconductor companies presents a challenge in forecasting equipment growth based on semiconductor growth – something I’ve been done since I started The Information Network in 1985.

As seen in Chart 2, both semiconductor and equipment revenues rocketed starting in 2017. According to WSTS, the semiconductor consortium, memory chip revenues grew 61.5% in 2017 compared to just 21.6% for the entire semiconductor industry. In 2018, the memory chip revenues are projected to grow 30.5% compared to 15.7% for the entire semiconductor industry. However, memory chip revenues are projected to grow just 4.6% compared to 5.2% for the entire semiconductor industry in 2019.

NAND companies are migrating technology to 96-layer 3D NAND chips. For DRAMs, Samsung Electronics is currently migrating to the 1ynm process, while SK Hynix and Micron are switching to the 1xnm process

These transitions are proving difficult to achieve with high yields. Also, these migrations increase the number of processing steps used to make the chip, resulting in what is termed a “natural decline” in wafer throughput. In general, movement from one node to the next results in a 5-10% decline in capacity.

To counteract this “natural decline,” capacity needs to be increased, which is achieved by building new fabs and lines and purchasing equipment. Thus, the 60% increase in equipment purchases exhibited in 2017 did not result in comparable increases in unit shipments (Chart 3) but it did result in an increase in bit growth (Chart 4).


Chart 3


Chart 4

We are now witnessing a slowdown in equipment revenues. One reason for the slowdown in memory revenues is a drop in NAND and DRAM ASPs. This has prompted memory companies Samsung Electronics and SK Hynix to push out and delay further capex spend.

Companies such as Applied Materials and Lam Research, with a large exposure to memory chips through deposition and etch tools utilized in NAND production, should experience long term headwinds that will last until 2020.

Posted on

Catapult Design Checker Finds Coding Errors Before High Level Synthesis

Catapult Design Checker Finds Coding Errors Before High Level Synthesis
by Camille Kokozaki on 11-26-2018 at 12:00 pm
Categories: EDA, Siemens EDA

In a recent whitepaper Gagandeep Singh, Director of Engineering at Mentor, a Siemens Business outlines a flow using Catapult Design Checker that helps in early detection of coding errors as many companies are turning to High-Level Synthesis (HLS) methodology. This requires that high -level C++ models are correct, that ambiguities in the language be detected and addressed during simulation and that sub-optimal coding generates unintended hardware after synthesis. Deficiencies there lead to simulation mismatches between HSL and RTL or even worse failure to detect design problems.

Some of the defects in a C++ model can be pointed out by static software analysis tools but these tools are meant for general purpose software and do not understand the hardware intent of the model. Software checking tools, like linters, on C++ source code, do not understand hardware.

Some hardware-aware issues for software checking tools include the fact that checkers:

  • Only work for C++ code and do not support SystemC
  • Do not understand bit-accurate data types
  • Only employ static analysis that can generate many false positives
  • Do not understand that some code can produce sub-optimal or incorrect hardware
  • Do not produce counter-example test-benches

What design and verification teams really need is a tool to quickly and easily check for coding bugs and suboptimal code before synthesizing to RTL. Teams also need to avoid simulation mismatches between C++ and RTL simulation. Checks need to be performed on C++ or SystemC source code before downstream tools are used.

The Catapult® HLS Platform provides a complete C++ verification solution that interfaces with Questa® for RTL verification as shown in the diagram.

The Catapult verification solution includes:

  • The C++ (or SystemC) source code with Assert and Cover statements is input into the Catapult Design Checker (CDesign Checker) which uses formal analysis and lint techniques to find language and coding bugs.
  • Catapult Code Coverage (CCOV) provides hardware-aware coverage analysis of the C++ code.
  • Catapult synthesizes the source into power-optimized RTL that is verification ready.
  • The flow generates test infrastructure using Catapult SCVerify for RTL simulation using Questa.
  • As a final step, the sequential logic equivalence checking tool SLEC-HLS formally verifies that the C++ exactly matches the generated RTL.

While a design might simulate at the C++ level with no apparent issues, ambiguities in the C++ description can lead to simulation mismatches during RTL simulation. These issues are often hard to debug and can be time-consuming to fix. Design Checker employs both static and state of the art formal verification techniques to find problems, like uninitialized memory reads, before RTL simulation. The tool can check the source code without any simulation framework, such as test-benches, to provide designers with information about coding issues that might cause problems after synthesis and during RTL simulation. The Figure below shows the steps for using Design Checker.
The design checking flow consists of:

1. Optionally, choose which checks to run. By default, all checks run.
2. Run Design Checker on the design.
3. If there are no violations, proceed to run Catapult synthesis to generate the RTL.
4. If there are violations:

  • Interactively make code corrections
  • Optionally waive code
  • Optionally run counter-example test-benches that the tool generates to replicate violations
  • Repeat the flow

Waivers allow designers to alter checking results for specific areas of code. Using a separate file, designers can specify the file and line numbers to filter specific check violations out of the violation report. Design Checker can generate counter-example test-benches that contain stimulus sequences that trigger the violation. The team can use these to independently show that a violation does occur due to the associated issues in the source code.

The whitepaper discusses examples of design checking errors with solutions addressing them.
Two examples are listed below:

1. An incomplete switch or case statement is an error that can create unintended logic during high-level synthesis. This check looks at all possible values in the conditional code within switch and case statements and reports an error if all the values are not covered. These violations typically lead to the design entering an undefined state. During synthesis, the tool uses the specified case/switches as the only legal conditions, meaning that if the missing condition occurs in the design, the results are unpredictable.

2. It is possible to write C++ that does not synthesize to optimal hardware. To prevent this, the designer must understand the ramifications of writing code in a particular way in order to get the expected RTL results. To help with this, Mike Fingeroff at Mentor created the “High-Level Synthesis Blue Book” that explains how to code for hardware. An electronic copy of this book and all its examples are available in the install directories for the tool. Design Checker incorporates checks that support optimized coding, like those found in the book.

Catapult Design Checker is a unique tool within the Catapult High-Level Synthesis Platform that combines state of the art static analysis with patented formal analysis to find coding errors, code that can create unintended hardware, and code that creates sub-optimal hardware during synthesis. Design Checker is part of the complete high-level synthesis platform of tools that provides an ecosystem that enables C++/SystemC level verification signoff.

To learn more about the Catapult verification solution, view this website.

Posted on

When the Wrong Person Leads Cybersecurity

When the Wrong Person Leads Cybersecurity
by Matthew Rosenquist on 11-26-2018 at 9:00 am
Categories: Security
3 Comments

Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.

I am unhappy to report that the industry has a pervasive problem that few want to discuss: a propensity to enlist inexperienced or unsuitable professionals to lead cybersecurity. It is time to change that caustic and enabling behavior by first recognizing the problem.

As an example, recently in the news, there was criticisms for someone appointed with the responsibility to lead the cybersecurity effort for the 2020 Olympics, but had never used a computer. How does someone who has never used a computer and has difficulty answering basic questions about USB drives, be tasked with building a cybersecurity program to protect the digital security, privacy, and safety for hundreds of thousands of people?

Downward Spirals
Sadly, I have seen similar situations play-out over and over again across academia, business, and government sectors. Far too often, poorly suited people are appointed such roles and it simply does not make sense. Let’s be clear, most are truly knowledgeable and accomplished in their primary field, but a transition to security is a significantly different domain. Engineering and product management executives focus mostly on static problems where there is a solution and desired end-state. Whereas in cybersecurity, we face a highly dynamic set of threat agents, people who are creative, intelligent, motivated, and dynamic, who will adapt to any solution. There is no permanent fix for cybersecurity as it is an ongoing competition to managing risks between defenders and attackers.

Human nature, overconfidence, and a lack of understanding the challenges begins to shape a counterproductive mindset. It is common for a professional from a different discipline, transplanted and put in charge of cybersecurity, to believe their prior expertise is equally applicable to the new challenges. Somehow, magically, they think they are as proficient and insightful at an adjacent domain as their previous profession. To those experienced in adversarial challenges who have seen this unfold, it is an affront to common sense. It is no surprise that such dangerous situations most often result in momentous failure.

For years, the turnover rate in cybersecurity leadership positions across the industry has been very high, with most Chief Information Security Officers (CISO) only lasting 2 to 4 years. When surveyed, CISO’s cite a lack of executive management support or insufficient budgets were the pervasive motivators. But that is only one side of the story as many CISO’s have been let go.

I have always been curious what C-suites and board had to say. When I ask company leaders about a change in cybersecurity leadership, I often hear that an outgoing CISO was ineffective, could not communicate risks well, and demanded significant budget increases every year yet the organization did not show a commensurate benefit. Events culminated when a severe incident occurred and then the C-suite or board chose to find a new security leader.

With the shortage of CISO’s in the industry, those displaced quickly find another company and continue their ‘training’. This musical-chairs routine does not serve the company or overall industry needs very well and simply transplants problems from one organization to another.

Masters of All
This mistake occurs regularly with technical personnel, probably as cybersecurity is generally characterized as a technology problem by the unacquainted. An accomplished engineer or architect is put in charge of security and now with ‘cybersecurity’ in front of their title they truly believe they are a risk expert. They are not. Being savvy in technology vulnerabilities and exploits is far different than understanding the massive breadth involved in managing risk. Most are unwilling to admit their shortsightedness in the breadth and depth of the challenges and their arrogance simply becomes a hinderance to seeking the needed help to be successful.

Ego can be such a major hindrance when the fear, of being perceived as not understanding a problem or knowing an answer, limits your actions. It is typical for a person in such a quandary to retreat back to familiar areas they know, resulting in defining the problem and solution only in the terms of technology. This ignores the behavioral, adversarial, and process aspects that are crucial to managing risk. With blinders on, they continue to push forward regardless, thus the car wreck begins.

Cybersecurity is more than just a ‘tech’ problem and will never be ‘solved’ with technology alone (two pervasive misconceptions from engineers first joining cybersecurity). They are likely doomed. I have seen this happen countless times and can spot it a mile away. It is like an automobile accident happening in slow motion with an overconfident driver continuing to push forward as metal bends and glass shatters.



Enlarged Version of Cybersecurity Domains

Part of the issue is that people, who are experts in one field, assume they understand the entire problem set in another adjacent but ambiguous field. It is not until they are in the new role, that they then experience the unforeseen challenges of a different world.

Imagine a hospital. Would you promote the engineer who developed a defibrillation tool to be an emergency room doctor? No. Although tools and technology play a crucial role in medicine, it is not the same as predicting, preventing, detecting, and responding to health risks for patients across their lifespan. The same applies in cybersecurity.

Technology is the battlefield, not the war. Understanding the terrain is important, but must be combined with a keen assessment of your opponents, and the ability to operationally maneuver in advantageous ways.

This is true in other fields as well. Aeronautical engineers aren’t promoted to fighter pilots and textbook publishers aren’t necessarily good grade school principals, so why do organizations make the mistake of a taking a software engineer or business-line product manager and expect them to be successful in leading cybersecurity?

Two Scenarios: Vastly Different Chances for Success
Now, I did say this is a recipe for failure most of the time. There are some, very rare situations, where an insightful but inexperienced person takes a cybersecurity leadership role and succeeds. It is possible. I have only seen it a handful of times and in every case that person was realistic about their knowledge and checked their ego at the door.

Guaranteed Failure:
An engineer, project manager, or business executive is put in charge of cybersecurity. They are confused or intimidated by security practitioners in their organization and respond by immediately surrounding themselves with like-minded, yet similarly security inexperienced people. They add other engineers, marketing, and legal people to their core echelon, inadvertently creating a self-reinforcing ineffective group-think team. Congratulations, an inexperienced leader has just encircled themselves with a cushion of people who don’t have the knowledge to challenge poor directives or independently deliver sustainable success. If you wonder what conversations with them are like, take a look at the Dilbert cartoon, specifically the ‘manager’ character. That is pretty close. Funny from afar, but frustrating up close.

Ineffectual organizations tend to grow fast, spend a lot of money, make hollow promises, tell a story of difficult times that are turning around, but have no real strategic plan, prioritized goals, or clearly defined scope with organizational roles and responsibilities. They seek non-existent cure-all solutions, and their long-term stratagem is to hope nothing bad happens while they battle daily issues. Even worse, the proficient security personnel, that may have been part of the team, will likely leave such a caustic environment for a better employer. That breaks my heart when I see capable people who want to make a difference, driven away. When quality employees begin jumping-ship en-masse, it is a sure warning sign.

The easiest way to detect this situation early on, is to look at their metrics, or lack thereof. If a security organization operates without the benefit of tangible metrics, it is a likely sign they have not defined or are not tracking against goals, roles, objectives, and probably aren’t measuring or tracking risk. What they are doing is responding to issues, self-marketing, rapidly growing the team, consuming significant resources, slowing down the business, and the looking for people to blame when their ineffectiveness becomes apparent. These orgs don’t last. They implode. People quickly leave and executive oversight will soon look past the whitewash to cut budgets, headcount, and eventually replace the leaders.

Potential for Success:
An engineer, project manager, or business executive is put in charge of cybersecurity. They understand they are not a security expert, so they assemble a team who has experience and talent in protecting digital assets, understanding threats, can articulate risks, and are intimate with the technology in use. They build an organization structure that is comprised of operations, engineering, and risk intelligence teams. Then listen and learn. Great leaders bring in the best people and let them excel. They quickly get clarification on the business goals and expectations from executives and customers. They then identify prioritized objectives, define a scope, derive the supporting measurable goals, identify areas in need of immediate attention, and establish the measures & metrics necessary to track progress.

Governance issues are addressed and a strategic process capability is embedded to constantly improve the organizations risk management ability to predict, prevent, detect, and respond to threats. They establish both the tactical plans necessary for immediate survival and day-to-day management, but also define a long-term directional strategy that takes into account the ever-evolving threat landscape, technology changes, and shifting expectations for security, privacy, and safety.

Proficient security workers thrive in such organizations and rarely leave. With a strong plan and capable team in place, leaders can effectively communicate and advocate across the organization. If all of these elements land in place, with the proper support, even an inexperienced security leader can have a chance at success.

Unfortunately, it rarely happens.

Failure is Expensive
Cybersecurity is difficult. It becomes exponentially more problematic when someone who lacks the necessary mentality or skills comes in and makes it profoundly worse. Cleaning up an ineffective legacy security program is painful, expensive, and time consuming. Simultaneously, a poor risk posture opens the door to more attacks and greater impacts until a capable security program is instituted.

We must understand that cybersecurity, like many other highly specialized roles, requires a depth of insight and experience to lead. I will echo Sun Tzu’s “…do what is great while it is small” and recommend putting a good leader in place the first time to build an effective and sustainable cybersecurity organization.

Let’s all break the silence and openly discuss the cycle of poor cybersecurity leadership, for everyone’s benefit.

For more insights on the challenges and required strategic deliverables, read my post Cybersecurity Fails Without Strategy.

Posted on

Making AI Silicon Smart with PVT Monitoring

Making AI Silicon Smart with PVT Monitoring
by Tom Simon on 11-26-2018 at 7:00 am
Categories: AI, IP, Moortec

PVT – depending on what field you are in those three letters may mean totally different things. In my undergraduate field of study, chemistry, PVT meant Pressure, Volume & Temperature. Many of you probably remember PV=nRT, the dreaded ideal gas law. However, anybody working in semiconductors knows that PVT stands for Process, Voltage and Temperature. Well, at least the T still stands for temperature. One out of three isn’t bad.

Chip operation is completely dependent on these three parameters. It would be hard enough to make some of the most advanced chip produced today if PVT were constant across the chip or across time. However, no such luck for chip designers, because each of these varies from chip to chip and across each chip as well. So, guard-bands, margins and binning were all created to deal with this reality.

All of the above techniques still leave a lot of performance, yield and reliability on the table. With the rapid growth of AI and the demand for dedicated silicon to address this market, the need to manage all three of P, V, T has grown too. AI chips are on leading nodes, very large and often have low power or high reliability requirements – such as ISO 26262 when used in automotive systems. Well, drawing on the chemistry reference above, wouldn’t it be nice if there was a Maxwell’s Daemon for regulating chip performance at a microscopic level?

While Maxwell’s Daemon is an imaginary inspector of molecules that controls an imaginary gate to seemingly impossibly controvert the laws of thermodynamics, there are practical solutions to monitoring and appropriately controlling fine grain circuit operation. Think of it as intelligence for artificial intelligence silicon. This is what Moortec’s PVT monitoring IP does across state of the art AI chips.

With AI chips there are often hundreds or more processing elements working in parallel, needing to be fully synchronized. Processing elements that are running too fast are wasting power. Ones that are running too slow, hold up the entire chip. Moortec PVT monitoring blocks can be dispersed throughout a design to help tune operation to ensure that the timing on all elements is similar.

Another area where PVT monitoring can help ensure reliable chip operation is to detect and compensate for aging. As chips age their performance characteristics change. PVT monitors can assess the actual performance of silicon in real time and permit the adjustment of operating conditions to maintain proper operation.

Lastly, due to the possibility of thermal runaway, PVT monitoring can monitor chip operations, and help detect a hot spot before thermal runaway can begin. The real-time element is important because joule heating is load dependent and can change rapidly and may be localized. In the worst case if adjustment is not adequate, device shutdown might be necessary. PVT monitoring allows silicon operation with the highest performance, with safeguards in place to ensure operation within safe operating range.

Moortec has IP for voltage, process and temperature sensing that are connected to create an on chip network or fabric for monitoring and managing performance. Their sophisticated PVT controller supports multiple monitor instances, statistics gathering as well as other compelling features. Moortec offer these IPs on TSMC 40nm, 28nm, 16nm, 12nm and 7nm and have a webpage dedicated to AI, among their other application areas.

Posted on

You Cruise You Lose

You Cruise You Lose
by Roger C. Lanctot on 11-25-2018 at 7:00 am
Categories: Automotive
1 Comment

General Motors has two media magnets in CEO Mary Barra and Cruise Automation founder Kyle Vogt. Barra is praised for boosting GM profitability while streamlining operations and making strategic investments. Vogt, the beneficiary of one of those investments – in his autonomous vehicle technology company – embodies GM’s aspirations for tech leadership even as he burns cash at upwards of $200M/quarter.

GM has used this one-two punch to boost its stock in the context of an inchoate melodrama pitting GM/Cruise against Waymo in the battle for autonomous vehicle market leadership. Both companies make claims about delivering commercial (driverless) autonomous vehicle services some time in 2019 and each claims to have the advantage over the other.

The Waymo vs. Cruise story plays well in the popular press but is severely misleading. There are literally dozens of organizations around the world working on perfecting autonomous vehicle technology (just ask my colleague, Angelos Lakrintis) and there may be as many as a dozen already offering commercial autonomous vehicle solutions.

Ridecell, for one, acquired Auro last year – an operator of autonomous shuttles operating in fixed environments such as university campuses. Ridecell subsequently upped its game by registering to test autonomous vehicles on roads in California.

Waymo has been testing its technology in vehicles operating in sunny California and Arizona, just like Cruise. A massive delta has opened up between Waymo and Cruise based on reported disengagements – a yawning gap that Cruise attributes to its operating primarily in San Francisco vs. Waymo’s more forgiving suburban operating environment.

The comparisons regarding strategy are more salient as Cruise is targeting urban operation of an autonomous shuttle system, while Waymo appears to be focusing on a solution capable of operating between suburban and urban environments, including highways. This is a critically important distinction between these two operators and definitely under-appreciated.

First of all, to review, Ridecell is already operating autonomous shuttles in various locations and is now seeking to expand to public roads. Navya is already operating autonomous shuttles in Las Vegas. In this context it is hard to get overly excited at the progress of either Cruise or Waymo.

The status of technological development and the progress toward market adoption is even more complicated. All indications are that Waymo has an advantage that extends beyond its far lower disengagement rate relative to Cruise.

By focusing on inter-urban applications for automated driving, Waymo has fixed on the core differentiating factor of its potential future service offering. Organizations that are focused today on delivering people or products from one location to another will tell you that the most numerous and valuable routes are those delivering people and/or products into or out of cities.

Waymo is honing in on these use case scenarios as well as those relating to moving people around suburban areas – currently poorly served by taxis and other ad hoc transportation services. It’s easy to be seduced by the challenges of automating transportation solutions in a city such as San Francisco. Sadly, the reality is that the best revenue opportunities reside elsewhere.

Cruise’s focus on San Francisco highlights the work of other AV pioneers seeking to overcome the formidable challenge of intra-city transport. The only problem with prioritizing this proposition is that the competition – primarily in the form of public transport – is fierce.

Waymo’s advantage lies not only in its massive portfolio of miles driven and miles simulated. The company also has a fundamental business model and strategy advantage that Cruise is ill-equipped to overcome.

But this is why this story is so compelling, like the tortoise and hare parable that preceded it. Each operator has its advantages and each has a compelling story to tell.

Cruise appears to be the hare of this tale, as a startup and even with GM’s and SoftBank’s and Honda’s subsequent investments has doubled-down on its hare status. Oddly, GM has so far kept Cruise walled off from its own autonomous vehicle development activities manifest in Super Cruise – an enhanced cruise control system which integrates advanced vehicle positioning technology and driver monitoring to allow drivers of certain Cadillacs to take their hands off the wheel under appropriate circumstances.

My money is on the tortoise, Waymo. Waymo is boring. But boring is a virtue in this case. The company is publicity averse – certainly relative to Cruise – and its strategy appears to be relatively transparent. As a former journalist it is difficult for me to praise a company that seems to be avoiding the press – but it is an understandable affliction in the autonomous vehicle industry.

In fact, GM’s inclination to communicate Cruise-related developments to the press only makes its organization more suspicious. Is Cruise making legitimate progress or is the entire effort nothing more than a stock manipulation? I leave it to you, dear reader, to correlate Cruise announcements and press “reveals” to stock price movements.

Cruise may be on to something by focusing on urban AV operation, but even successful driverless operation of automated vehicles will require substantial populations of expensive human support personnel for monitoring, servicing, cleaning and retrieving autonomous vehicles. Cruise’s urban-centric battle plan faces serious unacknowledged headwinds.

Waymo, on the other hand, is mastering the art of operating in a range of environments, urban and otherwise. Both companies, though, will have to contend with the regional nature of AV operation and the challenges of variable weather.

The oddest thing of all, though, is the fact that Cruise and GM choose to compete with one arm tied behind their back. GM is the largest Mobileye customer on the planet. This means that GM has the most cars with built-in forward facing cameras connected to telecommunications control devices – called TCUs.

Like Tesla, GM could tune its forward facing cameras to gather data in support of automated driving development. GM does not do that. Where forward facing cameras are available on GM vehicles the company is applying them for recreational or simple safety purposes.

GM lets its customers use the forward facing cameras in Corvettes to record scenic drives or their latest visit to the race track. Forward facing cameras on other GM vehicles are used for surround view applications.

Like its groundbreaking OnStar vehicle connectivity technology, GM is under-leveraging its camera-based investments. OnStar might have been a crowdsourced traffic solution like Waze long before the existence of Waze, but the company chose to avoid the cost of wireless data collection implicated in that use case.

Like Tesla, GM could be collecting vehicle data in support of autonomous vehicle development activities. But the company is still obsessed with cost avoidance (regarding wireless data) – and privacy – which is beginning to look like avoiding value creation.

If GM fails to keep pace with or surpass Waymo it is because the company willfully failed to leverage its technological advantage inherent in its management of the largest connected fleet in the U.S. and the broadest deployment of connected forward facing cameras. It makes one wonder whether the media magnates at GM are more interested in the limelight and the stock price than transforming transportation.

Roger C. Lanctot is Director, Automotive Connected Mobility in the Global Automotive Practice at Strategy Analytics. More details about Strategy Analytics can be found here: https://www.strategyanalytics.com/access-services/automotive

Posted on

You Can’t Get There From Here

You Can’t Get There From Here
by Bill Montgomery on 11-22-2018 at 12:00 pm
Categories: IoT, Security
1 Comment

No doubt many who read this article have heard the expression “You can’t get there from here…” It’s most often attributed to New Englanders – primarily residents of Maine – to describe a route to a destination that is so circuitous and complex that one needn’t bother embarking on the journey.

In the context of the business world, the expression takes on different meaning. It defines a situation where the leaders of a business can see what needs to be done, but can’t in any way define an easy, clear, financially-viable path to achieve what’s required. For example, in the late 1990’s when one of the largest, most successful companies serving the telecom sector – Northern Telecom (aka Nortel) – realized that the TCP/IP Protocol was viable for business networking applications, and that young upstarts like Cisco were aggressively staking their claim to this space, it was too late. Nortel’s entire business was based on selling clunky digital switches and networks, and it couldn’t abandon its core offerings and income streams to embrace the change that its executive team knew was needed. It tried, by acquiring Cisco competitor, Bay Networks, but reality quickly set in. The market finished the Nortel story by figuratively stating, “You can’t get there from here.”

I believe that expression captures the current state of IoT, and while it’s not exactly comforting, it’s nice to know that I’m not alone in my view. Renowned security expert and best-selling author, Bruce Schneier, appears to be on the same page.

Click Here to Kill EverybodyI just finished reading Mr. Schneier’s new book, Click Here to Kill Everybody, and I thoroughly enjoyed it. Though I suppose enjoyed it is not exactly accurate. It’s more like I enjoyed Bruce’s writing style which makes for easy reading, and I found myself fully aligned with his insightful views on the incredible risks that our world is facing due to the massive vulnerabilities inherent in the Internet. And worse, those vulnerabilities and the danger that they create are increasing at a staggering rate due to the widespread deployment of non-secure IoT devices.

And unfortunately, I also agree with Bruce’s conclusion that nothing is going to happen in the near term to fix our broken connected world. He writes, “As a society, we haven’t even agreed on any of the big ideas. We understand the symptoms of insecurity better than the actual problems, which makes it hard do discuss solutions. We can’t figure out what the policies should be, because we don’t know where we want to go. Even worse, we’re not having any of those big conversations…Internet+ security isn’t an issue that most policy makers are concerned about. It’s not debated in the media. It’s not a campaign issue in any country I can think of…”

Put another way, the Internet is so pervasive, so unmanageable and IoT deployment is so out of control, that rendering all of it secure today is….well…“You can’t get there from here.”

Mr. Schneier doesn’t only paint a picture of gloom and doom. He has some practical suggestions on how to solve our current dangerous dilemma, and he remains confident that in the long term the security problem will be solved. I agree, and while technological advancements, business leaders and governments will surely be involved in crafting this long-term solution, I believe that there are things we can do in the near term that can immediately close big IoT security holes for the greater good.

Start with the Things
It all starts with the things or devices. The State of California is the first US government to recognize this and to that end, recently passed a cybersecurity law that states that any manufacturer of a device that connects “directly or indirectly” to the Internet must equip it with “reasonable” security features designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to discover. The law comes into effect on January 1st, 2020, giving manufacturers plenty of time to comply.

And while this law appears to be a positive step, security blogger Robert Graham has slammed the bill as bad, stating it is “based on a superficial understanding of cybersecurity/hacking that will do little to improve security, while doing a lot to impose costs and harm innovation.”

If you read Mr. Graham’s entire blog (accessed via the above link), he makes some very good points. One that resonates with me is the complexity and vulnerability inherent in current approaches to authentication. Graham notes that “A typical IoT device has one system for creating accounts on the web management interface, a wholly separate authentication system for services…” He goes on to write, “That was the problem with devices infected by Mirai [author’s note: the IoT attack that almost brought down the Internet]. The description that these were hardcoded passwords is only a superficial understanding of the problem. The real problem was that there were different authentication systems in the web interface and in other services like Telnet.”

The authentication issue is also addressed in Click Here to Kill Anybody.Mr. Schneier concludes, “as bad as software vulnerabilities are, the most common way hackers break into networks is by abusing the authentication process. They steal passwords, set up man-in-the-middle attacks to piggyback on legitimate log-ins, or masquerade as authorized users.” His conclusion: “Authentication is getting harder and credential stealing is getting easier.”

A New World Approach to Authentication
I agree with Bruce Schneier. Authentication – the process of identifying a person or device – is getting harder. And given that the IoT world continues to rely on broken vulnerable protocols and technologies, it’s no wonder. What’s needed is an innovative, standards-based new approach to authentication that can completely eliminate the risks posed by stolen credentials.

Now, before you continue reading this article (and thanks for getting this far into it), I need to post a disclaimer.

In the many years that I have been writing IT Security related articles, I’ve made a conscious effort to avoid promoting my company, in favour of publishing articles that I hope bring attention to the serious IoT security issues our world faces, and to do so in an informative, perhaps entertaining manner.

However, from this point forward in this article, I’m deviating from my personal publishing policy, because I think what I’m about to write is important as it introduces a dramatically more effective, secure and economical way of handling IoT authentication (and key management).

So, if you’re not a fan of the “advertorial” writing style, I suggest you stop here and we’ll catch up the next time I post a neutrally-written article. But if you’re curious, and want to learn more about how our technology is being deployed by others to protect their IoT services, solutions and products, please keep reading.

VIBE is an acronym for Verifiable Identity-Based Encryption. VIBE is patented technology that improves upon the market-proven IBE standard in 15 different ways, most notably by adding authentication at the application layer, and eliminating the need to protect the public parameters. The VIBE key management and authentication schema can be easily embedded in others IoT products, services or solutions.

VIBE’s “coming out” party is at the NIST’s Feb 2019 Global City Teams Challenge event as part of a Government of Singapore initiative called Project GRACE. GRACE (Graceful Remediation with Authenticated Certificateless Encryption) implements a security architecture using an advanced form of pairing-based cryptography called Verifiable Identity-based Encryption (VIBE) to provide simple, scalable and secure key management for Cloud services, the IoT and the Critical Information Infrastructure (CII) which are otherwise vulnerable to existing and new cyber-physical attacks.

Project GRACE implements an alternative set of cipher suites, containing VIBE in TLS 1.2, and maintaining forward compatibility. This standards-based approach ensures a smooth transition to the new scheme with minimal updates to the existing ecosystem of web servers and web browsers. Most importantly, the security gaps in the TLS layer are filled in the process. TLS with VIBE embedded is certifiable to ISO 27001-2013.

TLS with VIBE accommodates deployments on a very large scale – the Internet scale – as it eliminates the complexity of using PKI-based SSL/TLS certificates in web servers/browsers, and does so economically.[

Once configured the Control Server can run offline from the Trust Centre (TC), and any device can be authorized to communicate with another without key management intervention.

When the system is setup, the TC can be taken offline, and easily and temporarily reinstated when there is a requirement to reconfigure existing devices and/or add new devices.

As our Asian and EU partners have discovered, VIBE-inside products, services and solutions solve the authentication issue permanently.

If you’re interested in learning more about VIBE, please send me a note and I’ll pass along a copy of our FAQ. Also, as the work required to embed VIBE in our Partner’s HSMs and Chips is near completion, we are welcoming dialogue with companies interested in participating in a IoT Pilot Projects.

#AuthenticateEverything