webinar banner AI 2026 v2

Is IP SoC 2018 Still Alive? Better than Ever!

Is IP SoC 2018 Still Alive? Better than Ever!
by Eric Esteve on 11-27-2018 at 12:00 pm

The 21[SUP]st[/SUP] IP-SoC Days conference will be held in Grenoble, France, on December 5-6, 2018. IP-SoC is now the unique IP centric conference, with presentations reflecting the complete IP ecosystem: IP suppliers and foundries, external IP or internal reuse managers. Look at the program, you will see the hot topics covered during the conference, like Security, AI and Safety, Edge Computing and IoT, new trends in IP (eFPGA, Analog IP reuse), IP tracking or IP management. And like a new mantra, low power and energy efficiency!

When I remember 5 years back, in 2013, IP-SoC was taking place in a large auditorium (for the keynotes and main sessions), plus a few rooms for the other sessions. The problem was that the auditorium was far to be full, and the attendees had the perception of a declining conference. We must insist on the word “perception”, and this perception was coming from the fact that the auditorium was just too large. Pr. Gabriele Saucier, founder of D&R and running IP-SoC, was cleaver enough to get the point and find the right solution. It was to organize IP-SoC in another place and make the conference more focused. Last year, the room was full and the audience very attentive.

It’s even more important for the IP ecosystem to rely on the IP-SoC days for networking when you hear the rumors about the DAC future! Don’t expect me to comment these rumors. Being part of the DAC IP Committee, it wouldn’t be wise, moreover, I don’t know the outcome about the next DAC.

Listing some presentations to be given at IP-SoC, I will start with “Design IP Status & 5 Years Growth”, as the presentation is from IPnest and I will present it. IPnest customers and Semiwiki readers will recognize the first 3 slides, extracted from the Design IP Survey and the Interface IP 2013-2022 Survey. Starting from the next slide, IPnest will propose a new forecasting method, in order to provide an accurate 5 years, or even 10 years total IP market Forecast.

As I have recently read some data from analyst predicting that the IP market will weight $10 billion by 2022, I realized that we (the industry) need to have access to realistic data. Realistic data means that you search for a solid methodology, use the IP market know-how to fine tune the equation. By this means, IPnest comes to $6 billion in 2022 for the IP market (already +50% compared with 2017).

I am sorry if $6B doesn’t sound as amazing as $10B, but that’s the result coming from an innovative method (very similar with the EDA market size evaluation as given by Wally Rhines in Semiwiki in this post). I don’t say much, as I prefer to keep the exclusivity to IP-SoC attendees and IPnest loyal customers… (please note that I will NOT post the presentation on the conference web site, you will have attend to it live!).

If you come to Grenoble, you will have the opportunity to attend to 20 presentation on December 5[SUP]th[/SUP], the first day, enjoy wine testing on the evening (and a banquet!) and the next day to watch another 14 presentations and a panel. This panel will discuss about technology transfer from research center to the industry, taking as an example the FD-SOI success story. If you read Semiwiki since 2013, you know about the numerous articles written about FD-SOI (300 000 views in total).

Most interesting topics, to my opinion, (extracted from the ten sessions):

 

  • Security IP
  • Low Power Challenge and Power Management
  • RISC-V Ecosystem
  • New IP Trends
  • Analog Design

IP-SoC 2018 will be as usual an high level conference, where complexes engineering topics are addressed by industry experts, not just a marketing fest! That’s why the conference is not only still alive, but better than ever!

IP-SoC conference will be located on December 5-6 in Hôtel EUROPOLE, 29 rue Pierre-Sémard, Grenoble France,

And you can register here

See you on Wednesday 5[SUP]th[/SUP] December in Grenoble

From Eric Esteve from IPNEST


The Disconnect Between Semiconductor and Semiconductor Equipment Revenues

The Disconnect Between Semiconductor and Semiconductor Equipment Revenues
by Robert Castellano on 11-27-2018 at 7:00 am

Historically, the semiconductor and semiconductor equipment industry were inextricably linked due to the cyclical nature of the chip industry. An increase in semiconductor revenues was followed within a short period with an increase in equipment revenues, as semiconductor companies purchased equipment to make more chips to increase capacity. In down years, semiconductor companies stopped purchasing unneeded equipment.

Chart 1 illustrates the cyclical nature of the industry between January 1991 and the end of December 2010.


Chart 1

Chart 2 shows that since 2011, this link between semiconductor and equipment revenues has been broken. Semiconductor revenues (red line) have continued to increase unabated, while equipment revenues (blue line) have begun a steep drop since June 2018.


Chart 2

If we compare Chart 1 with Chart 2 and focus on the trendlines, between 1991 and 2010 (Chart 1), semiconductor revenues growth was significantly more positive than equipment revenues. However, between January growth between the two sectors has been nearly identical, despite the cessation of the concurrent peaks and valleys of a cycles. This suggests that the semiconductor and equipment industry, although still cyclical, are independent of each other.

This presents a conundrum for analysts, including myself. The disconnect between semiconductor equipment capex spend by semiconductor companies presents a challenge in forecasting equipment growth based on semiconductor growth – something I’ve been done since I started The Information Network in 1985.

As seen in Chart 2, both semiconductor and equipment revenues rocketed starting in 2017. According to WSTS, the semiconductor consortium, memory chip revenues grew 61.5% in 2017 compared to just 21.6% for the entire semiconductor industry. In 2018, the memory chip revenues are projected to grow 30.5% compared to 15.7% for the entire semiconductor industry. However, memory chip revenues are projected to grow just 4.6% compared to 5.2% for the entire semiconductor industry in 2019.

NAND companies are migrating technology to 96-layer 3D NAND chips. For DRAMs, Samsung Electronics is currently migrating to the 1ynm process, while SK Hynix and Micron are switching to the 1xnm process

These transitions are proving difficult to achieve with high yields. Also, these migrations increase the number of processing steps used to make the chip, resulting in what is termed a “natural decline” in wafer throughput. In general, movement from one node to the next results in a 5-10% decline in capacity.

To counteract this “natural decline,” capacity needs to be increased, which is achieved by building new fabs and lines and purchasing equipment. Thus, the 60% increase in equipment purchases exhibited in 2017 did not result in comparable increases in unit shipments (Chart 3) but it did result in an increase in bit growth (Chart 4).


Chart 3


Chart 4

We are now witnessing a slowdown in equipment revenues. One reason for the slowdown in memory revenues is a drop in NAND and DRAM ASPs. This has prompted memory companies Samsung Electronics and SK Hynix to push out and delay further capex spend.

Companies such as Applied Materials and Lam Research, with a large exposure to memory chips through deposition and etch tools utilized in NAND production, should experience long term headwinds that will last until 2020.


Catapult Design Checker Finds Coding Errors Before High Level Synthesis

Catapult Design Checker Finds Coding Errors Before High Level Synthesis
by Camille Kokozaki on 11-26-2018 at 12:00 pm

In a recent whitepaper Gagandeep Singh, Director of Engineering at Mentor, a Siemens Business outlines a flow using Catapult Design Checker that helps in early detection of coding errors as many companies are turning to High-Level Synthesis (HLS) methodology. This requires that high -level C++ models are correct, that ambiguities in the language be detected and addressed during simulation and that sub-optimal coding generates unintended hardware after synthesis. Deficiencies there lead to simulation mismatches between HSL and RTL or even worse failure to detect design problems.

Some of the defects in a C++ model can be pointed out by static software analysis tools but these tools are meant for general purpose software and do not understand the hardware intent of the model. Software checking tools, like linters, on C++ source code, do not understand hardware.

Some hardware-aware issues for software checking tools include the fact that checkers:

  • Only work for C++ code and do not support SystemC
  • Do not understand bit-accurate data types
  • Only employ static analysis that can generate many false positives
  • Do not understand that some code can produce sub-optimal or incorrect hardware
  • Do not produce counter-example test-benches

What design and verification teams really need is a tool to quickly and easily check for coding bugs and suboptimal code before synthesizing to RTL. Teams also need to avoid simulation mismatches between C++ and RTL simulation. Checks need to be performed on C++ or SystemC source code before downstream tools are used.

The Catapult® HLS Platform provides a complete C++ verification solution that interfaces with Questa® for RTL verification as shown in the diagram.

The Catapult verification solution includes:

  • The C++ (or SystemC) source code with Assert and Cover statements is input into the Catapult Design Checker (CDesign Checker) which uses formal analysis and lint techniques to find language and coding bugs.
  • Catapult Code Coverage (CCOV) provides hardware-aware coverage analysis of the C++ code.
  • Catapult synthesizes the source into power-optimized RTL that is verification ready.
  • The flow generates test infrastructure using Catapult SCVerify for RTL simulation using Questa.
  • As a final step, the sequential logic equivalence checking tool SLEC-HLS formally verifies that the C++ exactly matches the generated RTL.

While a design might simulate at the C++ level with no apparent issues, ambiguities in the C++ description can lead to simulation mismatches during RTL simulation. These issues are often hard to debug and can be time-consuming to fix. Design Checker employs both static and state of the art formal verification techniques to find problems, like uninitialized memory reads, before RTL simulation. The tool can check the source code without any simulation framework, such as test-benches, to provide designers with information about coding issues that might cause problems after synthesis and during RTL simulation. The Figure below shows the steps for using Design Checker.
The design checking flow consists of:

1. Optionally, choose which checks to run. By default, all checks run.
2. Run Design Checker on the design.
3. If there are no violations, proceed to run Catapult synthesis to generate the RTL.
4. If there are violations:

  • Interactively make code corrections
  • Optionally waive code
  • Optionally run counter-example test-benches that the tool generates to replicate violations
  • Repeat the flow

Waivers allow designers to alter checking results for specific areas of code. Using a separate file, designers can specify the file and line numbers to filter specific check violations out of the violation report. Design Checker can generate counter-example test-benches that contain stimulus sequences that trigger the violation. The team can use these to independently show that a violation does occur due to the associated issues in the source code.

The whitepaper discusses examples of design checking errors with solutions addressing them.
Two examples are listed below:

1. An incomplete switch or case statement is an error that can create unintended logic during high-level synthesis. This check looks at all possible values in the conditional code within switch and case statements and reports an error if all the values are not covered. These violations typically lead to the design entering an undefined state. During synthesis, the tool uses the specified case/switches as the only legal conditions, meaning that if the missing condition occurs in the design, the results are unpredictable.

2. It is possible to write C++ that does not synthesize to optimal hardware. To prevent this, the designer must understand the ramifications of writing code in a particular way in order to get the expected RTL results. To help with this, Mike Fingeroff at Mentor created the “High-Level Synthesis Blue Book” that explains how to code for hardware. An electronic copy of this book and all its examples are available in the install directories for the tool. Design Checker incorporates checks that support optimized coding, like those found in the book.

Catapult Design Checker is a unique tool within the Catapult High-Level Synthesis Platform that combines state of the art static analysis with patented formal analysis to find coding errors, code that can create unintended hardware, and code that creates sub-optimal hardware during synthesis. Design Checker is part of the complete high-level synthesis platform of tools that provides an ecosystem that enables C++/SystemC level verification signoff.

To learn more about the Catapult verification solution, view this website.


When the Wrong Person Leads Cybersecurity

When the Wrong Person Leads Cybersecurity
by Matthew Rosenquist on 11-26-2018 at 9:00 am

Succeeding at managing cybersecurity risks is tremendously difficult even for seasoned professionals. To make situations worse, poorly suited people are often chosen to lead security organizations, bringing about disastrous results. This has contributed to weaker risk postures for organizations and the rapid turnover in cybersecurity leadership.

I am unhappy to report that the industry has a pervasive problem that few want to discuss: a propensity to enlist inexperienced or unsuitable professionals to lead cybersecurity. It is time to change that caustic and enabling behavior by first recognizing the problem.

As an example, recently in the news, there was criticisms for someone appointed with the responsibility to lead the cybersecurity effort for the 2020 Olympics, but had never used a computer. How does someone who has never used a computer and has difficulty answering basic questions about USB drives, be tasked with building a cybersecurity program to protect the digital security, privacy, and safety for hundreds of thousands of people?

Downward Spirals
Sadly, I have seen similar situations play-out over and over again across academia, business, and government sectors. Far too often, poorly suited people are appointed such roles and it simply does not make sense. Let’s be clear, most are truly knowledgeable and accomplished in their primary field, but a transition to security is a significantly different domain. Engineering and product management executives focus mostly on static problems where there is a solution and desired end-state. Whereas in cybersecurity, we face a highly dynamic set of threat agents, people who are creative, intelligent, motivated, and dynamic, who will adapt to any solution. There is no permanent fix for cybersecurity as it is an ongoing competition to managing risks between defenders and attackers.

Human nature, overconfidence, and a lack of understanding the challenges begins to shape a counterproductive mindset. It is common for a professional from a different discipline, transplanted and put in charge of cybersecurity, to believe their prior expertise is equally applicable to the new challenges. Somehow, magically, they think they are as proficient and insightful at an adjacent domain as their previous profession. To those experienced in adversarial challenges who have seen this unfold, it is an affront to common sense. It is no surprise that such dangerous situations most often result in momentous failure.

For years, the turnover rate in cybersecurity leadership positions across the industry has been very high, with most Chief Information Security Officers (CISO) only lasting 2 to 4 years. When surveyed, CISO’s cite a lack of executive management support or insufficient budgets were the pervasive motivators. But that is only one side of the story as many CISO’s have been let go.

I have always been curious what C-suites and board had to say. When I ask company leaders about a change in cybersecurity leadership, I often hear that an outgoing CISO was ineffective, could not communicate risks well, and demanded significant budget increases every year yet the organization did not show a commensurate benefit. Events culminated when a severe incident occurred and then the C-suite or board chose to find a new security leader.

With the shortage of CISO’s in the industry, those displaced quickly find another company and continue their ‘training’. This musical-chairs routine does not serve the company or overall industry needs very well and simply transplants problems from one organization to another.

Masters of All
This mistake occurs regularly with technical personnel, probably as cybersecurity is generally characterized as a technology problem by the unacquainted. An accomplished engineer or architect is put in charge of security and now with ‘cybersecurity’ in front of their title they truly believe they are a risk expert. They are not. Being savvy in technology vulnerabilities and exploits is far different than understanding the massive breadth involved in managing risk. Most are unwilling to admit their shortsightedness in the breadth and depth of the challenges and their arrogance simply becomes a hinderance to seeking the needed help to be successful.

Ego can be such a major hindrance when the fear, of being perceived as not understanding a problem or knowing an answer, limits your actions. It is typical for a person in such a quandary to retreat back to familiar areas they know, resulting in defining the problem and solution only in the terms of technology. This ignores the behavioral, adversarial, and process aspects that are crucial to managing risk. With blinders on, they continue to push forward regardless, thus the car wreck begins.

Cybersecurity is more than just a ‘tech’ problem and will never be ‘solved’ with technology alone (two pervasive misconceptions from engineers first joining cybersecurity). They are likely doomed. I have seen this happen countless times and can spot it a mile away. It is like an automobile accident happening in slow motion with an overconfident driver continuing to push forward as metal bends and glass shatters.



Enlarged Version of Cybersecurity Domains

Part of the issue is that people, who are experts in one field, assume they understand the entire problem set in another adjacent but ambiguous field. It is not until they are in the new role, that they then experience the unforeseen challenges of a different world.

Imagine a hospital. Would you promote the engineer who developed a defibrillation tool to be an emergency room doctor? No. Although tools and technology play a crucial role in medicine, it is not the same as predicting, preventing, detecting, and responding to health risks for patients across their lifespan. The same applies in cybersecurity.

Technology is the battlefield, not the war. Understanding the terrain is important, but must be combined with a keen assessment of your opponents, and the ability to operationally maneuver in advantageous ways.

This is true in other fields as well. Aeronautical engineers aren’t promoted to fighter pilots and textbook publishers aren’t necessarily good grade school principals, so why do organizations make the mistake of a taking a software engineer or business-line product manager and expect them to be successful in leading cybersecurity?

Two Scenarios: Vastly Different Chances for Success
Now, I did say this is a recipe for failure most of the time. There are some, very rare situations, where an insightful but inexperienced person takes a cybersecurity leadership role and succeeds. It is possible. I have only seen it a handful of times and in every case that person was realistic about their knowledge and checked their ego at the door.

Guaranteed Failure:
An engineer, project manager, or business executive is put in charge of cybersecurity. They are confused or intimidated by security practitioners in their organization and respond by immediately surrounding themselves with like-minded, yet similarly security inexperienced people. They add other engineers, marketing, and legal people to their core echelon, inadvertently creating a self-reinforcing ineffective group-think team. Congratulations, an inexperienced leader has just encircled themselves with a cushion of people who don’t have the knowledge to challenge poor directives or independently deliver sustainable success. If you wonder what conversations with them are like, take a look at the Dilbert cartoon, specifically the ‘manager’ character. That is pretty close. Funny from afar, but frustrating up close.

Ineffectual organizations tend to grow fast, spend a lot of money, make hollow promises, tell a story of difficult times that are turning around, but have no real strategic plan, prioritized goals, or clearly defined scope with organizational roles and responsibilities. They seek non-existent cure-all solutions, and their long-term stratagem is to hope nothing bad happens while they battle daily issues. Even worse, the proficient security personnel, that may have been part of the team, will likely leave such a caustic environment for a better employer. That breaks my heart when I see capable people who want to make a difference, driven away. When quality employees begin jumping-ship en-masse, it is a sure warning sign.

The easiest way to detect this situation early on, is to look at their metrics, or lack thereof. If a security organization operates without the benefit of tangible metrics, it is a likely sign they have not defined or are not tracking against goals, roles, objectives, and probably aren’t measuring or tracking risk. What they are doing is responding to issues, self-marketing, rapidly growing the team, consuming significant resources, slowing down the business, and the looking for people to blame when their ineffectiveness becomes apparent. These orgs don’t last. They implode. People quickly leave and executive oversight will soon look past the whitewash to cut budgets, headcount, and eventually replace the leaders.

Potential for Success:
An engineer, project manager, or business executive is put in charge of cybersecurity. They understand they are not a security expert, so they assemble a team who has experience and talent in protecting digital assets, understanding threats, can articulate risks, and are intimate with the technology in use. They build an organization structure that is comprised of operations, engineering, and risk intelligence teams. Then listen and learn. Great leaders bring in the best people and let them excel. They quickly get clarification on the business goals and expectations from executives and customers. They then identify prioritized objectives, define a scope, derive the supporting measurable goals, identify areas in need of immediate attention, and establish the measures & metrics necessary to track progress.

Governance issues are addressed and a strategic process capability is embedded to constantly improve the organizations risk management ability to predict, prevent, detect, and respond to threats. They establish both the tactical plans necessary for immediate survival and day-to-day management, but also define a long-term directional strategy that takes into account the ever-evolving threat landscape, technology changes, and shifting expectations for security, privacy, and safety.

Proficient security workers thrive in such organizations and rarely leave. With a strong plan and capable team in place, leaders can effectively communicate and advocate across the organization. If all of these elements land in place, with the proper support, even an inexperienced security leader can have a chance at success.

Unfortunately, it rarely happens.

Failure is Expensive
Cybersecurity is difficult. It becomes exponentially more problematic when someone who lacks the necessary mentality or skills comes in and makes it profoundly worse. Cleaning up an ineffective legacy security program is painful, expensive, and time consuming. Simultaneously, a poor risk posture opens the door to more attacks and greater impacts until a capable security program is instituted.

We must understand that cybersecurity, like many other highly specialized roles, requires a depth of insight and experience to lead. I will echo Sun Tzu’s “…do what is great while it is small” and recommend putting a good leader in place the first time to build an effective and sustainable cybersecurity organization.

Let’s all break the silence and openly discuss the cycle of poor cybersecurity leadership, for everyone’s benefit.

For more insights on the challenges and required strategic deliverables, read my post Cybersecurity Fails Without Strategy.


Making AI Silicon Smart with PVT Monitoring

Making AI Silicon Smart with PVT Monitoring
by Tom Simon on 11-26-2018 at 7:00 am

PVT – depending on what field you are in those three letters may mean totally different things. In my undergraduate field of study, chemistry, PVT meant Pressure, Volume & Temperature. Many of you probably remember PV=nRT, the dreaded ideal gas law. However, anybody working in semiconductors knows that PVT stands for Process, Voltage and Temperature. Well, at least the T still stands for temperature. One out of three isn’t bad.

Chip operation is completely dependent on these three parameters. It would be hard enough to make some of the most advanced chip produced today if PVT were constant across the chip or across time. However, no such luck for chip designers, because each of these varies from chip to chip and across each chip as well. So, guard-bands, margins and binning were all created to deal with this reality.

All of the above techniques still leave a lot of performance, yield and reliability on the table. With the rapid growth of AI and the demand for dedicated silicon to address this market, the need to manage all three of P, V, T has grown too. AI chips are on leading nodes, very large and often have low power or high reliability requirements – such as ISO 26262 when used in automotive systems. Well, drawing on the chemistry reference above, wouldn’t it be nice if there was a Maxwell’s Daemon for regulating chip performance at a microscopic level?

While Maxwell’s Daemon is an imaginary inspector of molecules that controls an imaginary gate to seemingly impossibly controvert the laws of thermodynamics, there are practical solutions to monitoring and appropriately controlling fine grain circuit operation. Think of it as intelligence for artificial intelligence silicon. This is what Moortec’s PVT monitoring IP does across state of the art AI chips.

With AI chips there are often hundreds or more processing elements working in parallel, needing to be fully synchronized. Processing elements that are running too fast are wasting power. Ones that are running too slow, hold up the entire chip. Moortec PVT monitoring blocks can be dispersed throughout a design to help tune operation to ensure that the timing on all elements is similar.

Another area where PVT monitoring can help ensure reliable chip operation is to detect and compensate for aging. As chips age their performance characteristics change. PVT monitors can assess the actual performance of silicon in real time and permit the adjustment of operating conditions to maintain proper operation.

Lastly, due to the possibility of thermal runaway, PVT monitoring can monitor chip operations, and help detect a hot spot before thermal runaway can begin. The real-time element is important because joule heating is load dependent and can change rapidly and may be localized. In the worst case if adjustment is not adequate, device shutdown might be necessary. PVT monitoring allows silicon operation with the highest performance, with safeguards in place to ensure operation within safe operating range.

Moortec has IP for voltage, process and temperature sensing that are connected to create an on chip network or fabric for monitoring and managing performance. Their sophisticated PVT controller supports multiple monitor instances, statistics gathering as well as other compelling features. Moortec offer these IPs on TSMC 40nm, 28nm, 16nm, 12nm and 7nm and have a webpage dedicated to AI, among their other application areas.


You Cruise You Lose

You Cruise You Lose
by Roger C. Lanctot on 11-25-2018 at 7:00 am

General Motors has two media magnets in CEO Mary Barra and Cruise Automation founder Kyle Vogt. Barra is praised for boosting GM profitability while streamlining operations and making strategic investments. Vogt, the beneficiary of one of those investments – in his autonomous vehicle technology company – embodies GM’s aspirations for tech leadership even as he burns cash at upwards of $200M/quarter.

GM has used this one-two punch to boost its stock in the context of an inchoate melodrama pitting GM/Cruise against Waymo in the battle for autonomous vehicle market leadership. Both companies make claims about delivering commercial (driverless) autonomous vehicle services some time in 2019 and each claims to have the advantage over the other.

The Waymo vs. Cruise story plays well in the popular press but is severely misleading. There are literally dozens of organizations around the world working on perfecting autonomous vehicle technology (just ask my colleague, Angelos Lakrintis) and there may be as many as a dozen already offering commercial autonomous vehicle solutions.

Ridecell, for one, acquired Auro last year – an operator of autonomous shuttles operating in fixed environments such as university campuses. Ridecell subsequently upped its game by registering to test autonomous vehicles on roads in California.

Waymo has been testing its technology in vehicles operating in sunny California and Arizona, just like Cruise. A massive delta has opened up between Waymo and Cruise based on reported disengagements – a yawning gap that Cruise attributes to its operating primarily in San Francisco vs. Waymo’s more forgiving suburban operating environment.

The comparisons regarding strategy are more salient as Cruise is targeting urban operation of an autonomous shuttle system, while Waymo appears to be focusing on a solution capable of operating between suburban and urban environments, including highways. This is a critically important distinction between these two operators and definitely under-appreciated.

First of all, to review, Ridecell is already operating autonomous shuttles in various locations and is now seeking to expand to public roads. Navya is already operating autonomous shuttles in Las Vegas. In this context it is hard to get overly excited at the progress of either Cruise or Waymo.

The status of technological development and the progress toward market adoption is even more complicated. All indications are that Waymo has an advantage that extends beyond its far lower disengagement rate relative to Cruise.

By focusing on inter-urban applications for automated driving, Waymo has fixed on the core differentiating factor of its potential future service offering. Organizations that are focused today on delivering people or products from one location to another will tell you that the most numerous and valuable routes are those delivering people and/or products into or out of cities.

Waymo is honing in on these use case scenarios as well as those relating to moving people around suburban areas – currently poorly served by taxis and other ad hoc transportation services. It’s easy to be seduced by the challenges of automating transportation solutions in a city such as San Francisco. Sadly, the reality is that the best revenue opportunities reside elsewhere.

Cruise’s focus on San Francisco highlights the work of other AV pioneers seeking to overcome the formidable challenge of intra-city transport. The only problem with prioritizing this proposition is that the competition – primarily in the form of public transport – is fierce.

Waymo’s advantage lies not only in its massive portfolio of miles driven and miles simulated. The company also has a fundamental business model and strategy advantage that Cruise is ill-equipped to overcome.

But this is why this story is so compelling, like the tortoise and hare parable that preceded it. Each operator has its advantages and each has a compelling story to tell.

Cruise appears to be the hare of this tale, as a startup and even with GM’s and SoftBank’s and Honda’s subsequent investments has doubled-down on its hare status. Oddly, GM has so far kept Cruise walled off from its own autonomous vehicle development activities manifest in Super Cruise – an enhanced cruise control system which integrates advanced vehicle positioning technology and driver monitoring to allow drivers of certain Cadillacs to take their hands off the wheel under appropriate circumstances.

My money is on the tortoise, Waymo. Waymo is boring. But boring is a virtue in this case. The company is publicity averse – certainly relative to Cruise – and its strategy appears to be relatively transparent. As a former journalist it is difficult for me to praise a company that seems to be avoiding the press – but it is an understandable affliction in the autonomous vehicle industry.

In fact, GM’s inclination to communicate Cruise-related developments to the press only makes its organization more suspicious. Is Cruise making legitimate progress or is the entire effort nothing more than a stock manipulation? I leave it to you, dear reader, to correlate Cruise announcements and press “reveals” to stock price movements.

Cruise may be on to something by focusing on urban AV operation, but even successful driverless operation of automated vehicles will require substantial populations of expensive human support personnel for monitoring, servicing, cleaning and retrieving autonomous vehicles. Cruise’s urban-centric battle plan faces serious unacknowledged headwinds.

Waymo, on the other hand, is mastering the art of operating in a range of environments, urban and otherwise. Both companies, though, will have to contend with the regional nature of AV operation and the challenges of variable weather.

The oddest thing of all, though, is the fact that Cruise and GM choose to compete with one arm tied behind their back. GM is the largest Mobileye customer on the planet. This means that GM has the most cars with built-in forward facing cameras connected to telecommunications control devices – called TCUs.

Like Tesla, GM could tune its forward facing cameras to gather data in support of automated driving development. GM does not do that. Where forward facing cameras are available on GM vehicles the company is applying them for recreational or simple safety purposes.

GM lets its customers use the forward facing cameras in Corvettes to record scenic drives or their latest visit to the race track. Forward facing cameras on other GM vehicles are used for surround view applications.

Like its groundbreaking OnStar vehicle connectivity technology, GM is under-leveraging its camera-based investments. OnStar might have been a crowdsourced traffic solution like Waze long before the existence of Waze, but the company chose to avoid the cost of wireless data collection implicated in that use case.

Like Tesla, GM could be collecting vehicle data in support of autonomous vehicle development activities. But the company is still obsessed with cost avoidance (regarding wireless data) – and privacy – which is beginning to look like avoiding value creation.

If GM fails to keep pace with or surpass Waymo it is because the company willfully failed to leverage its technological advantage inherent in its management of the largest connected fleet in the U.S. and the broadest deployment of connected forward facing cameras. It makes one wonder whether the media magnates at GM are more interested in the limelight and the stock price than transforming transportation.

Roger C. Lanctot is Director, Automotive Connected Mobility in the Global Automotive Practice at Strategy Analytics. More details about Strategy Analytics can be found here: https://www.strategyanalytics.com/access-services/automotive


You Can’t Get There From Here

You Can’t Get There From Here
by Bill Montgomery on 11-22-2018 at 12:00 pm

No doubt many who read this article have heard the expression “You can’t get there from here…” It’s most often attributed to New Englanders – primarily residents of Maine – to describe a route to a destination that is so circuitous and complex that one needn’t bother embarking on the journey.

In the context of the business world, the expression takes on different meaning. It defines a situation where the leaders of a business can see what needs to be done, but can’t in any way define an easy, clear, financially-viable path to achieve what’s required. For example, in the late 1990’s when one of the largest, most successful companies serving the telecom sector – Northern Telecom (aka Nortel) – realized that the TCP/IP Protocol was viable for business networking applications, and that young upstarts like Cisco were aggressively staking their claim to this space, it was too late. Nortel’s entire business was based on selling clunky digital switches and networks, and it couldn’t abandon its core offerings and income streams to embrace the change that its executive team knew was needed. It tried, by acquiring Cisco competitor, Bay Networks, but reality quickly set in. The market finished the Nortel story by figuratively stating, “You can’t get there from here.”

I believe that expression captures the current state of IoT, and while it’s not exactly comforting, it’s nice to know that I’m not alone in my view. Renowned security expert and best-selling author, Bruce Schneier, appears to be on the same page.

Click Here to Kill EverybodyI just finished reading Mr. Schneier’s new book, Click Here to Kill Everybody, and I thoroughly enjoyed it. Though I suppose enjoyed it is not exactly accurate. It’s more like I enjoyed Bruce’s writing style which makes for easy reading, and I found myself fully aligned with his insightful views on the incredible risks that our world is facing due to the massive vulnerabilities inherent in the Internet. And worse, those vulnerabilities and the danger that they create are increasing at a staggering rate due to the widespread deployment of non-secure IoT devices.

And unfortunately, I also agree with Bruce’s conclusion that nothing is going to happen in the near term to fix our broken connected world. He writes, “As a society, we haven’t even agreed on any of the big ideas. We understand the symptoms of insecurity better than the actual problems, which makes it hard do discuss solutions. We can’t figure out what the policies should be, because we don’t know where we want to go. Even worse, we’re not having any of those big conversations…Internet+ security isn’t an issue that most policy makers are concerned about. It’s not debated in the media. It’s not a campaign issue in any country I can think of…”

Put another way, the Internet is so pervasive, so unmanageable and IoT deployment is so out of control, that rendering all of it secure today is….well…“You can’t get there from here.”

Mr. Schneier doesn’t only paint a picture of gloom and doom. He has some practical suggestions on how to solve our current dangerous dilemma, and he remains confident that in the long term the security problem will be solved. I agree, and while technological advancements, business leaders and governments will surely be involved in crafting this long-term solution, I believe that there are things we can do in the near term that can immediately close big IoT security holes for the greater good.

Start with the Things
It all starts with the things or devices. The State of California is the first US government to recognize this and to that end, recently passed a cybersecurity law that states that any manufacturer of a device that connects “directly or indirectly” to the Internet must equip it with “reasonable” security features designed to prevent unauthorized access, modification, or information disclosure. If it can be accessed outside a local area network with a password, it needs to either come with a unique password for each device, or force users to set their own password the first time they connect. That means no more generic default credentials for a hacker to discover. The law comes into effect on January 1st, 2020, giving manufacturers plenty of time to comply.

And while this law appears to be a positive step, security blogger Robert Graham has slammed the bill as bad, stating it is “based on a superficial understanding of cybersecurity/hacking that will do little to improve security, while doing a lot to impose costs and harm innovation.”

If you read Mr. Graham’s entire blog (accessed via the above link), he makes some very good points. One that resonates with me is the complexity and vulnerability inherent in current approaches to authentication. Graham notes that “A typical IoT device has one system for creating accounts on the web management interface, a wholly separate authentication system for services…” He goes on to write, “That was the problem with devices infected by Mirai [author’s note: the IoT attack that almost brought down the Internet]. The description that these were hardcoded passwords is only a superficial understanding of the problem. The real problem was that there were different authentication systems in the web interface and in other services like Telnet.”

The authentication issue is also addressed in Click Here to Kill Anybody.Mr. Schneier concludes, “as bad as software vulnerabilities are, the most common way hackers break into networks is by abusing the authentication process. They steal passwords, set up man-in-the-middle attacks to piggyback on legitimate log-ins, or masquerade as authorized users.” His conclusion: “Authentication is getting harder and credential stealing is getting easier.”

A New World Approach to Authentication
I agree with Bruce Schneier. Authentication – the process of identifying a person or device – is getting harder. And given that the IoT world continues to rely on broken vulnerable protocols and technologies, it’s no wonder. What’s needed is an innovative, standards-based new approach to authentication that can completely eliminate the risks posed by stolen credentials.

Now, before you continue reading this article (and thanks for getting this far into it), I need to post a disclaimer.

In the many years that I have been writing IT Security related articles, I’ve made a conscious effort to avoid promoting my company, in favour of publishing articles that I hope bring attention to the serious IoT security issues our world faces, and to do so in an informative, perhaps entertaining manner.

However, from this point forward in this article, I’m deviating from my personal publishing policy, because I think what I’m about to write is important as it introduces a dramatically more effective, secure and economical way of handling IoT authentication (and key management).

So, if you’re not a fan of the “advertorial” writing style, I suggest you stop here and we’ll catch up the next time I post a neutrally-written article. But if you’re curious, and want to learn more about how our technology is being deployed by others to protect their IoT services, solutions and products, please keep reading.

VIBE is an acronym for Verifiable Identity-Based Encryption. VIBE is patented technology that improves upon the market-proven IBE standard in 15 different ways, most notably by adding authentication at the application layer, and eliminating the need to protect the public parameters. The VIBE key management and authentication schema can be easily embedded in others IoT products, services or solutions.

VIBE’s “coming out” party is at the NIST’s Feb 2019 Global City Teams Challenge event as part of a Government of Singapore initiative called Project GRACE. GRACE (Graceful Remediation with Authenticated Certificateless Encryption) implements a security architecture using an advanced form of pairing-based cryptography called Verifiable Identity-based Encryption (VIBE) to provide simple, scalable and secure key management for Cloud services, the IoT and the Critical Information Infrastructure (CII) which are otherwise vulnerable to existing and new cyber-physical attacks.

Project GRACE implements an alternative set of cipher suites, containing VIBE in TLS 1.2, and maintaining forward compatibility. This standards-based approach ensures a smooth transition to the new scheme with minimal updates to the existing ecosystem of web servers and web browsers. Most importantly, the security gaps in the TLS layer are filled in the process. TLS with VIBE embedded is certifiable to ISO 27001-2013.

TLS with VIBE accommodates deployments on a very large scale – the Internet scale – as it eliminates the complexity of using PKI-based SSL/TLS certificates in web servers/browsers, and does so economically.[

Once configured the Control Server can run offline from the Trust Centre (TC), and any device can be authorized to communicate with another without key management intervention.

When the system is setup, the TC can be taken offline, and easily and temporarily reinstated when there is a requirement to reconfigure existing devices and/or add new devices.

As our Asian and EU partners have discovered, VIBE-inside products, services and solutions solve the authentication issue permanently.

If you’re interested in learning more about VIBE, please send me a note and I’ll pass along a copy of our FAQ. Also, as the work required to embed VIBE in our Partner’s HSMs and Chips is near completion, we are welcoming dialogue with companies interested in participating in a IoT Pilot Projects.

#AuthenticateEverything


Dover Microsystems Spins New Approach to Security

Dover Microsystems Spins New Approach to Security
by Bernard Murphy on 11-22-2018 at 7:00 am

One of the companies I met at ARM TechCon was Dover Microsystems who offer a product in embedded security. You might ask why we need yet another security solution. Surely we’re overloaded with security options from ARM and many others in the forms of TEEs, secure boots, secure enclaves and so on? Why do we need more? Because defending against security breaches is a never-ending battle; no-one is ever going to have the ultimate answer. This is particularly true in software, which is only guarded in the most secure of these systems to the extent that software designers comprehensively consider potential attacks and correctly use whatever memory protection strategies are provided. Given the complexity of modern software stacks, that is not a trivial task.

So how are you going to defend against vulnerabilities you don’t even know exist – the unknown unknowns? Dover have come up with an interesting idea that I like to think of as rather like runtime assertion-based verification (ABV). Think about why we use ABV in hardware design verification. We can’t anticipate everything that might possibly go wrong in a complex system, but we do know that there are certain statements we can make about behavior that should always be true or conversely always false. We have a language in which we can write these assertions (most commonly SVA) enabling us to write our own arbitrarily complex checks. When an assertion triggers in simulation, we trace back in debug and typically find some unexpected combination of conditions we never considered. Even though we hadn’t thought of it, the ABV approach caught it anyway.

I’ve long been a believer that ABV in some form could have value beyond design verification, catching problems at runtime. This could trap potential error conditions, for immediate defensive response and for later diagnosis, leading to software revs to defend against whatever unusual state triggered the problem.

From my perspective, Dover takes an approach along these lines, but instead of assertions being embedded in the mission hardware, they run in a separate IP they call a “policy enforcer” and Dover uses “rules” rather than “assertions” to describe what they check. A collection of rules to check for a class of attacks they call a “micropolicy”. Also they’re not looking at microarchitecture behavior; they’re watching the processor instruction trace and attempted writes to memory, (along with some additional data) which makes sense since they are looking at software-based attacks. They do this in a dedicated processor, sitting to the side of the main processor, so performance impact is limited and attacks on the main processor don’t affect this processor. Nothing is immune from attacks of course but separating this function should make attacks on this monitor more difficult.

In my assertion analogy, the assertions are bit more complex than just direct checks on instructions and addresses. You might build a state table to track where you are in significant aspects of operation flow, also you may choose to label (color) data in different regions. Dover call this information built for and used by the policies “metadata”, which they store in a secured region of the main memory. So when a rule is checking the validity of an operation (say a store), it can check not only the current instruction and target address, but also the metadata. Not too different from the fancy assertions IP verification experts build for protocol checking.

When a policy is violated, the current instruction will not be allowed to complete, and an exception is triggered in the main processor. How this is handled is then up to the kernel/OS. In a package delivery drone for example, an exception might cause the drone to disable network connections, switch into safe mode, load a home GPS location from an encrypted store and fly there.

Dover includes a base set of four micropolicies with product. The read-write-execute (RWX) micropolicy is designed to label regions or even words in memory as readable, writable and/or executable so that operations in violation of this labelling will be caught. The Heap micropolicy is designed is designed particularly to catch buffer-overflow exploits. A pointer to a buffer and the buffer itself (created on a malloc) are colored the same. Attempting to write beyond the upper boundary of the malloc, into a differently-colored region, will trigger a violation. In the Stack micropolicy, stack-smashing attacks which attempt to modify the return address through (compile-time sized) buffer overwrites are prevented. This is conceptually similar to the heap approach but must preserve the integrity of the whole stack.

The fourth base micropolicy is called CFI, for control flow integrity, and is designed to trap code-reuse attacks. These are a variant on return-oriented programming (ROP), where instead of trying to return to an injected malware routine, the code returns to a libc function, such as “system” which can then execute externally-provided malware. The CFI micropolicy profiles locations that contain instructions rather than data and targets/destinations of jumps. This profile cannot be altered during runtime. If a non-tagged location attempts a jump, or a jump is attempted outside the profiled set, the policy will trigger an error.

Dover’s CoreGuard IP integrates with RISC architectures (ARM and RISC-V). The technology originated as part of the DARPA CRASH program in 2010, was incubated by Draper in 2015, and was spun out through Dover as a commercial entity in 2017. The company has now grown to over 20 people and has closed an initial $6 million round of seed funding. Even more impressive, they are working with NXP towards embedding their solution in NXP controllers. You can learn more about the company HERE.


Technology Transformation for 2019

Technology Transformation for 2019
by Matthew Rosenquist on 11-21-2018 at 12:00 pm

Digital technology continues to connect and enrich the lives of people all over the globe and is transforming the tools of everyday life, but there are risks accompanying the tremendous benefits. Entire markets are committed and reliant on digital tools. The entertainment, communications, socialization, and many others sectors are heavily intertwined with digital services and devices that society is readily consuming and embracing. More importantly, the normal downstream model for information has transformed into a bi-directional channel as individuals now represent a vast source of data, both in content as well as telemetry. These and many other factors align to accelerate our adoption and mold our expectations of how technology can make a better world.

This year’s Activate Tech & Media’s Outlook 2019 presentation provides a tremendous depth of insights in their slide deck (153 slides) with a great amount of supporting data. It highlights many of the growth sectors and emerging use-cases that will have profound impacts on our daily lives.

Transforming Tech Intelligence
We are moving from the first epoch of digitally connecting people, to the second epoch of making intelligent decisions through technology. Artificial Intelligence research is advancing and with it the infrastructure necessary to make it scalable across a multitude of applications. Solutions are just beginning to emerge and yet showing great promise to make sense and use the massive amounts of data being generated.

Overall, devices and services continue to evolve with more awareness and functionality. We are in the ramp of adding ‘smart’ to everything. Smart: cars, cities, homes, currency, cameras, social media, advertising, online-commerce, manufacturing, logistics, education, entertainment, government, weapons, etc. It will be the buzzword for 2019-2020.

Such transformation opens the door where tools can begin to anticipate and interweave with how people want to be helped. Better interaction, more services, and tailored use-cases will all fuel a richer experience and foster a deeper embrace into our lives. Technology will be indispensable.

Risks and Opportunities
Reliance in our everyday activities means we have the luxury of forgetting how to accomplish menial tasks. Who needs to remember phone numbers, read a map, operate a car, or know how to use a complex remote control. Soon, our technology will listen, guide, watch, autonomously operate, and anticipate our needs. Life will seem easier, but there will be exceptions.

All these smart use-cases will require massive data collection, aggregation, and processing which will drive a new computing infrastructure market. Such reliance, intimate knowledge, and automation will also create new risks.

The more we value and rely on something, the more indebted we are when it fails. We must never forget that technology is just a tool. It can be used for good or for malice. There will be threats, drawn to such value and opportunity, that will exploit our dependence and misuse these tools for their gain and to our detriment. At the point people are helpless without their intelligent devices, they become easy victims for attackers. As we have seen with data breaches over the past several years, when people are victimized, their outlook changes.

In this journey of innovation and usage, public sentiment is also changing across many different domains. The desire for Security, Privacy, and Safety (the hallmarks of Cybersecurity) continues to increase but may initially be in direct conflict for our desire to rapidly embrace new innovations. This creates tension. We all want new tech toys (it is okay to admit it)! Innovation can drive prosperity and more enjoyment in our lives. But there are trade offs. Having a device listen, record and analyze every word you say in your bedroom may be convenient in turning on the lights when you ask, but it may also inadvertently share all the personal activities going-on without your knowledge. A smart car effortlessly transporting you to work while you nap or surf the internet sounds downright dreamy but what if that same car is overtaken by a malicious attacker who wants to play out their Dukes of Hazzard fantasies. Not so much fun to think about.

In the end, we all want to embrace the wonderful benefits of new technology, but will demand the right levels of security, privacy, and safety.

Trust in Technology
Unfortunately, trust in digital technology is only now becoming truly important. In the past, if our primary computing device (PC or phone) crashed, we breathed a small curse, rebooted and went on our way. We might have a dropped call or lost part of a work document, but not much more harm than that. That is all changing.

In the future, we will heavily rely on technology for transportation, healthcare, and critical infrastructure services. That autonomous car we expect not to crash, the implanted pacemaker or defibrillator we expect to keep us alive, or the clean water and electricity we expect to flow unhindered to our homes may be at risk of failure, causing unacceptable impacts. We want tech, but very soon people will realize they also need security, privacy, and safety to go along with it.

But how will that work? We don’t typically think of trust in terms of high granularity. We naturally generalize for such abstract thoughts. We don’t contemplate how trustworthy a tire, bumper, or airbag is, as those are too piecemeal, rather we trust the manufacturer of the car to do what is right for all the components that make up the vehicle we purchase. We want the final product, tied to a brand, to be trustworthy. For those companies that we trust, we tend to believe, whether correct or not, in all their products and services. This reinforces tremendous loyalty. The reverse is true as well. One misstep can become a reputational blight affecting sentiment across all a company’s offerings.

The saying “We earn trust in drips and lose it in buckets” perfectly exemplifies the necessary level of commitment.

Trust may become the new differentiator for companies that can deliver secure and safe products in a timely fashion. Those who are not trustworthy may quickly fall out of favor with consumers. Privacy is the first in many problems. Consumers, government regulators, and businesses are struggling to find a balance that must be struck between gathering data necessary for better experiences, but not too much that it becomes a detriment to the user. A difficult conundrum to overcome. Security and safety aspects will follow, where the potential risks grow even higher. The challenges are great, but so will the rewards for all those who succeed. I believe those companies which master these disciplines will earn long-term loyalty from their customers and enjoy a premium for their products.

2019 might be the first year where we witness this delineation as consumers may gravitate to more responsible companies and begin to shun those who have misplaced their trust. The big story for next year may in fact be how purchasing decisions for technology are changing, thus driving greater commitment to making products and services more security, private, and safe.

#cybersecurity #informationsecurity #technology #risk #LinkedInTopVoices

Interested in more insights, rants, industry news and experiences? Follow me on Steemitand LinkedIn for insights and what is going on in cybersecurity.