Bronco Webinar 800x100 1
Semiconductor Expert Forum

Posted on

Adversarial Machine Learning

Adversarial Machine Learning
by Bernard Murphy on 01-20-2017 at 7:00 am
Categories: Security

It had to happen. We’ve read about hacking deep learning / machine learning, so now there is a discipline emerging around studying and defending against potential attacks. Of course, the nature of attacks isn’t the same; you can’t really write an algorithmic attack against a non-algorithmic analysis (or at least a non-standard algorithmic analysis). But you don’t have to. These methods can be spoofed using the same types of input used in training or recognition, through small pixel-level modifications.

In the link below an example is shown in which, through such modifications, both a school bus and the face of a dog are recognized as an ostrich, though to us the images have barely changed. That’s a pretty major misidentification based on a little pixel tweaking. A similar example is mentioned in which audio that sounds like white noise to us is interpreted as commands by a voice-recognition system. Yet another and perhaps more disturbing vision recognition hack caused a stop-sign to be recognized as a yield sign.

Researchers assert that one reason neural nets can be fooled is that the piece-wise linear nature of matching at each layer of a deep net can be nudged in a direction which compounds as recognition progresses through layers. I would think, though I don’t see this mentioned in the article, that this risk is further amplified through the inevitably finite nature of the set of objects for which recognition is trained. Recognition systems don’t have an option of “I don’t know” so they’re going to tend to prefer one result with some level of confidence and that tendency is what can be spoofed.

Out of this analysis, they have also devised methods to generate adversarial examples quite easily. And the problem is not limited to deep neural nets of this type. Research along similar lines has shown that other types of machine learning (ML) can also be spoofed and that adversarial examples for these can be generated just as easily. What is even more interesting (or more disturbing) is that adversarial examples generated for one implementation of ML often works across multiple types. One team showed they were able, after a very modest level of probing, to spoof classifiers on Amazon and Google with very high success rates.

This is not all bad news. A big part of the reason for the research is to find ways to harden recognition systems against adversarial attacks. The same teams have found that generating adversarial examples of this kind, then labelling them for correct recognition provides a kind of vaccination against evil-doers. They look at this kind of training as a pro-active approach to security hardening in emerging ML domains, something that is essential to ensure these promising technologies don’t hit (as much of) the security nightmares we see in traditional computing.

You can read a more complete account HERE.

More articles by Bernard…

Posted on

Missteps in Securing Autonomous Vehicles

Missteps in Securing Autonomous Vehicles
by Matthew Rosenquist on 01-19-2017 at 12:00 pm
Categories: Security

Recently an autonomous car company highlighted some plans to keep their vehicles safe from hacking. Yet their plans won’t actually make them secure. Such gaffs highlight issues across many different industries where cybersecurity is not sufficiently understood by manufacturers to deliver products hardened against attack. The result, in the case of autonomous vehicles, could be catastrophic.


In the article Why Some Autonomous Cars Are Going to Avoid the Internet, the CEO of the company told the Financial Times (paywall)Our cars communicate with the outside world only when they need to, so there isn’t a continuous line that’s able to be hacked, going into the car”. They are choosing to operate the cars in a mostly offline manner to protect against cyber threats.

Sounds Effective
At first glance, this would seem to be a worthwhile protection mechanism against hackers. It is not. The ‘control’ is to reduce connectivity to the Internet, which does provide some security value for the time it is not connected. But that is where the logic falls apart and in the end, it does not significantly reduce the chances of being attacked.

It seems logical, that by reducing the overall vulnerability of the system it will improve the security. But that is not always the case. Just because you remove 50% of the vulnerabilities, it does not mean you reduced the chances of being victimized by half. It is more complex as other dependencies are at work. This mistake is even common among entry level security professionals who are taught to think of risk as a pure equation (R=T x V x I). The Risk equals the Threat times the Vulnerability multiplied by the Impact, which is a fine equation when used properly for a specific purpose. Reduce any amount of vulnerability and the resulting risk is also reduced. However, this equation is not applicable to every problem or discussion.

Back to the autonomous vehicle security problem. Intermittent connectivity is a reduced availability tactic. To the attackers, it is simply a network latency problem and can be easily overcome. There is a great deal of precedent and history proving this, which I won’t get into. Instead, let’s think about the problem in a different way by using an analogy.

Building a Wall
Imaging you were tasked with protecting your village from marauders. You employed a security specialist to greatly reduce the risks of bandits getting into your hamlet and causing havoc. A wall is built halfway around your town, visible to all. The security specialist then confidently announces he has reduced the vulnerabilities by half, therefore significantly reduced the chances of a successful attack by 50%. Nope. The marauders simply need walk around the wall to get into the town. It might slow them down, as they are laughing and walking around the defenses, but it will not deter or prevent an attack.

The same is being proposed here, which is why reducing the Internet connectivity of autonomous vehicles, is an ineffective security control. Such tactics have proven futile in the past.

Exploitation
The root of the logic problem is in thinking about security in terms of equal vulnerabilities. Not all weaknesses are the same. There may be a hundred vulnerabilities but only 5 are being used to compromise a system. Only the efforts to close those 5 (the ones being exploited) will be important, while the other 95 are meaningless to the immediate goal of being secure.

Cyberattackers will wait for connectivity to compromise devices, just like thieves will bypass the locked door to enter via the open window, and bandits will walk around a wall to enter a village unimpeded. The chances of attack are not significantly reduced, just the timeliness of when it will occur.


Accountability
In this case, the car company is promoting a security design feature which really is ineffective. Yet, they don’t even realize it. As consumers, we must hold manufacturers accountable for the security, safety, and privacy of the products they produce. This is especially true of devices that hold the potential for life-safety risks. It should draw concern when in marketing and public communications, companies are showing a lack of cybersecurity knowledge and experience, likely as a result of improper skill-sets or executive prioritization, while at the same time exhibiting confidence in the security of their products. It is a dangerous combination.

Getting Security Right
It is important to institute optimal security capabilities as part of the design and core functions (Hardware, Firmware, OS/RTOS, software, endpoints, networks, etc.) to protect passengers and pedestrians from potentially catastrophic accidents resulting from digital compromises. Security must be effective, economical, and not undermine usability.

Understanding cybersecurity can be challenging, but many car companies are investing heavily in autonomous vehicles to make it a reality. As part of that investment, they must employ the right caliber of cybersecurity professionals to develop a proper strategy, architecture, and capabilities. Thankfully, I do know many in the field who are working on more comprehensive solutions, beyond reducing internet connectivity, to manage the broad range of risks that could impact us all. I believe it is time for all the automakers to work together and develop cohesive capabilities that meet the growing expectation of security, privacy, and safety.

Interested in more? Follow me on Twitter (@Matt_Rosenquist), Steemit, and LinkedIn to hear insights and what is going on in cybersecurity.

Posted on

IP development strategy and hockey

IP development strategy and hockey
by Tom Dillinger on 01-19-2017 at 7:00 am
Categories: Analog Bits, FinFET, IP, TSMC

eye diagrams min

One of the greatest hockey players of all time, Wayne Gretzky, provided a quote that has also been applied to the business world — “I skate to where the puck will be, not to where it has been.” It strikes me that this philosophy directly applies to IP development, as well. Engineering firms providing IP must anticipate how customer requirements will evolve, and execute a design and qualification plan well in advance of the demand curve.

I recently had the opportunity to chat with members of the engineering team at Analog Bits, providers of IP for SerDes lanes, PLL’s, memories, on-chip sensors, and I/O’s for memory (and general purpose) interfaces. They impressed upon me characteristics of current development projects that are “critical success factors” to the IP business model:

 

  • multi-protocol SerDes IP extends applicability across markets

Analog Bits has focused on development of SerDes IP to be applied for several serial interface protocols.

  • IP providers must lead in the development of (standards for) next generation high-speed SerDes data rates.

The silicon testsite plan at Analog Bits involves demonstration of 25G data rates (at leading process technology nodes).

  • Testsite silicon requires anticipating customer integration, test, and qualification requirements.

To be successful, testsite development requires a “skate to where the puck will be” strategy. Developing testsite shuttles is costly, both in NRE for silicon wafers and board-level testbench development and in engineering development resources. The IP team must invest wisely, to ensure that the resulting test measurement and qualification data will satisfy future customer requirements.

ESD qualification of I/O’s requires addressing the (evolving) CDM and HBM robustness standards demanded by end markets (e.g., JEDEC and AEC-Q100 tests).

SerDes IP on a testsite shuttle requires a test plan that demonstrates an adequate eye opening, using a topology representative of the losses that are likely to be present in the system design environment. The wrapback test specification used for IP evaluation is key — e.g., “total loss less than 22dB at 8GHz (for 16Gbps) through a loop back including 24″ of FR-4 trace”.

The SerDes physical (hard IP) implementation on the testsite also requires addressing future customer needs. The granularity of SerDes lanes, with the corresponding pad topology for signals and power, needs to satisfy a wide range of applications. The figure below illustrates the modular approach that Analog Bits has pursued.

Another example of engineering development to address customer requirements is the availability of SerDes IP cells for any die side of the customer’s SoC. At advanced process nodes, recall that an increasing number of mask layers must use unidirectional segments — e.g., device gates, lower-level metals. Unique IP cells are required for the different sites of the die. The figure below illustrates the vertical orientation SerDes cell on silicon testsites, and several examples of floorplanning testcases.

High-speed lanes are becoming more prevalent than other I/O types for performance-driven SoC’s. Demonstration of flexible, modular (hard) SerDes IP implementations with many lanes is a must.

The team at Analog Bits is focusing their engineering development and test resources on IP designs and shuttle testsites that anticipate the requirements of new markets for advanced process nodes. They are following the same approach that earned Gretzky the nickname “The Great One”.

For general information on the IP available from Analog Bits, please follow thislink.

-chipguy

Posted on

China moves from manufacturer to full supplier

China moves from manufacturer to full supplier
by Bill Jewell on 01-18-2017 at 12:00 pm
Categories: Events, Semiconductor Intelligence, Semiconductor Services

CES 2017 wrapped up last week in Las Vegas. The show had over 175,000 attendees and over 3,800 exhibiting companies, according to the organizer, the Consumer Technology Association (CTA). The U.S. had the most companies exhibiting at CES with 1,755. China was close behind at 1,575 companies according to Benjamin Joffe’s article in Forbes: “The 4 Kinds Of Chinese Tech Firms That Dominated CES 2017”. Joffe believes many Chinese companies have developed innovative technology which is competitive on a global level.

The CTA’s audited data for CES 2016 showed total attendance of 177,393. The largest international presence was China, with 4,867 attendees. China was ahead of traditional electronics leaders South Korea (4,567) and Japan (2,641). The China attendance was over three times its CES 2012 number of 1,568 while overall attendance was up 14% in 2016 versus 2012.

The strong China showing at CES is a reflection of the transition from Chinese companies from manufacturing electronics which were designed, marketed and sold by non-Chinese companies (i.e. U.S., Europe, Japan, South Korea and Taiwan) to integrated companies which design, manufacture, market and sell their own products. The dominance of China in electronics manufacturing is demonstrated by World Trade Organization (WTO) statistics on exports of office and telecom equipment (the combination of two trade categories which comprise most electronics) for 2015. China accounted for over a third of exports.


The shift of Chinese companies to integrated suppliers is evident from the market share rankings for major electronic devices as shown below. Chinese companies are highlighted in red. IDC’s preliminary 2016 PC market share numbers rank Chinese company Lenovo number one at 21.3%, edging out HP at 20.9%. Lenovo became a major player when it acquired IBM’s PC business in 2005. IDC’s 3[SUP]rd[/SUP] quarter 2016 data shows the tablet market is dominated by Apple and Samsung, but two Chinese companies, Lenovo and Huawei, are in the top five. Korean companies Samsung and LG are the major suppliers of LCD TVs with over a third of the market between them. WitsView, a division of TrendForce, estimated Chinese company LeEco moved into third place in 2016 with the acquisition of U.S. TV company Vizio in July. The fourth and fifth companies, Hisense and TCL, are also Chinese.


The emergence of Chinese suppliers is most apparent in the smartphone market. Third quarter 2016 market share numbers from Counterpoint Research show the continuing dominance of Samsung (20%) and Apple (12%). Seven of the next eight smartphone brands are Chinese companies (in red). If parent companies are considered, a different picture emerges. BKK Electronics of China is the parent company of number four Oppo and number five vivo. BKK also owns small but growing smartphone supplier OnePlus. The combined market shares of Oppo and Vivo is 12.6%, giving BKK the number two ranking ahead of Apple.


As with PCs and TVs, some of the growth in Chinese smartphone market share was driven by acquisitions. Lenovo acquired the Motorola smartphone business in 2014. However, Lenovo has not had as much success with the Motorola acquisition as it did with the IBM PC business acquisition, according to a recent Wall Street Journal article.

The advancement of Chinese electronics companies from mere manufacturers to integrated companies is a continuation of trends over the last 50 years. Japan, South Korea and Taiwan all moved from being primarily sources of low cost manufacturing to being major players in driving innovation in the electronics industry. As these three countries became more prosperous, wages increased and much of the manufacturing went to China. China, with over 1.3 billion people, has a large enough labor force to continue as a low cost manufacturing county while its electronics companies compete on a global level as full service suppliers.

Posted on

Where the Emerging Tech Jobs Are

Where the Emerging Tech Jobs Are
by Bernard Murphy on 01-18-2017 at 7:00 am
Categories: General

There’s an article published in InfoWorld on jobs trends in several emerging tech areas. The trends are based on analysis of job postings and job-seeker searches from the beginning of 2014, sourced by Indeed.com. I would have liked to dig deeper into Inded.com, to get more info on jobs in our industry but unfortunately it seems you need a magic key to get anything beyond the sample trends (at least for job postings), so I’ll have to stick to what is covered in the InfoWorld article.

This article tracked job trends in 3D printing, Bitcoin/Blockchain/crypto-currency, VR/AR and mixed reality, AI and machine learning, IoT and wearable tech. These aren’t broken down into hardware versus software versus system, so we must take what we can from the gross metrics.

In job postings, AI/ML is climbing fast and is well ahead of all other domains, ending the year a factor of at least 6 over everything except IoT. IoT has also been climbing rapidly (until recently) but even so, AI/ML postings were about 50% ahead. The other four groups are down in the weeds in job postings, led by VR/AR/MR, then 3D printing, then Bitcoin and similar technologies, with wearable tech bumping along the bottom.

The upward slope in AI/ML has been significant since July of last year, easily outpacing IoT which is still rising, but not especially fast. What’s even more interesting is a comparison of job postings versus job searches for AI/ML, which shows postings 50% ahead of searches by the end of last year. There are a lot more jobs being offered in this area than there are people looking for them, even though searches in this area are also on a rapid rise. Seems this is a good area to invest learning/credit time for anyone still in college or planning a career change.

Again, these are gross trends. What these trends mean for a hardware or embedded software design in any of these domains remains a mystery, but I would have to assume that overall demand is something of a pointer for trends in sub-domains. Also, trends change. Maybe AI/ML will hit a speed-bump (it’s happened before). But I’m guessing that won’t happen for a while – AI/ML success in speech and image recognition, also in online advertising and preference detection will likely continue to stimulate growth in those domains.

Here’s the InfoWorld article. I’ll promise a blog on a topic of your choice to the first person who can show me how to get trend data in multiple domains from Indeed.com (without having to pay for something).

More articles by Bernard…

Posted on

The Year of the eFPGA

The Year of the eFPGA
by Tom Dillinger on 01-17-2017 at 12:00 pm
Categories: eFPGA, Flex Logix, FPGA, IP

EFLX controller example

The start of the new year is typically a time for annual predictions. Prognostications are especially difficult in our industry, due to the increasing difficulty in Moore’s Law technology scaling and greater design complexity challenges. There is one sure prediction, however — this year will see the emergence of embedded FPGA (eFPGA) IP integration into a diverse set of SoC products.

I recently had the opportunity to chat with Geoff Tate, CEO of Flex Logix Technologies, Inc., a start-up IP development company, whose innovative eFPGA IP is helping lead this adoption. Geoff educated me on the markets where eFPGA IP is being integrated, as well as the unique characteristics and customer requirements for eFPGA design enablement.

The market opportunities for eFPGA integration are vast. A data encryption accelerator IP core may utilize different (and evolving) security algorithms, depending upon the target application. Digital signal processing (DSP) algorithms can be implemented in programmable eFPGA hardware, executing more efficiently than utilizing software running on a core processor. Data bus communication protocols, both on-chip and off-chip, are also varied and evolving — the availability of a programmable controller would accelerate the release availability of a new SoC design.


Flex Logix EFLX eFPGA IP as an Advanced Peripheral Bus controller

And, perhaps most importantly, an eFPGA core enables a single SoC part number to reach multiple markets, saving development, qualification, and production costs over a comparable SoC implementation.

In many respects, embedded FPGA IP is similar to the standalone, commercial FPGA module. The logic functionality is reconfigurable — parts can be updated at production test, at system test, or in the field. The eFPGA implementation flow utilizes an RTL synthesis algorithm optimized for mapping to the programmable logic capabilities of individual Look-Up Table (LUT) cells — the Flex Logix flow incorporates the familiar Synopsys Synplify synthesis tool. Subsequent placement and routing algorithms define how the existing switch and interconnect segment resources will be assigned. The EFLX compiler is provided for physical implementation and bit file configuration. The compiler provides delay models for subsequent static timing analysis.

Commercial FPGA technology is well-established. Given the market potential described above, why hasn’t eFPGA IP been more readily integrated by now? Why will 2017 finally be the year of the eFPGA?

Geoff shared some insights into the challenges of developing eFPGA technology, and the unique approaches that Flex Logix has pursued. “The customer requirements for reconfigurable functionality are extremely diverse, from high-performance networking to low-power, cost-sensitive applications. Flex Logix has silicon testsite data in process technologies ranging from 40nm (e.g., TSMC’s 40LP/ULP)to 16nm(e.g., TSMC’s 16FF+ and 16FFC). The low-power customers have access to the full sleep-mode power domain implementation available in the eFPGA IP core.”

In addition to the breadth of technology support, Geoff impressed upon me the key characteristics of the Flex Logix eFPGA strategy. The LUT logic resources available in each eFPGA are available in two variants:

 

  • a more conventional programmable function (e.g., 2 X 4-input logic input functions plus two available flop inputs in each LUT, expanding to more logic inputs in newer process technologies)
  • a unique “DSP-centric” LUT, with functionality that accelerates multiply/add/accumulate (MAC) computation

These different LUT types can be readily intermixed, when implementing the embedded IP core.


EFLX logic and DSP LUT building blocks can be freely intermixed

In addition to the variability in LUT cells, Flex Logix has implemented a unique “hierarchical” switch network.


Illustration of FPGA conventional and hierarchical switch array. Source: Wang, et al., “A 1.1 GOPS/mW FPGA Chip with Hierarchical Interconnect Fabric”, VLSI Technology Symposium 2011.

Commercial FPGA parts utilize large switch transistor crossbar arrays to connect to interconnect resources — for example, 80% of the transistors used on an FPGA are often utilized for interconnect. Conversely, Flex Logix has pursued a more modular architecture, where small groups of LUT’s share a local switch matrix and local route segments, with additional stages of switches utilized for global routes. The fabricated switches and connections are designed to minimize routing congestion, and maximize the percentage utilization of the available LUT logic resources (e.g., 90% utilization).

A modular building block is developed, comprised of sets of (hierarchical) LUT’s. Flex Logix offers two blocks, one with 120 LUT’s and one with 2500 LUT’s.

These characteristics of the Flex Logix eFPGA enable the main feature required to accelerate adoption — namely, the embedded IP is available in a very wide range of LUT capacity, intermixing base and DSP functionality.

In Flex Logix terms, the EFLX building blocks are designed to be “tiled together”, with support for a wide range of vertical and horizontal aspect ratios for floorplanning flexibility. Designers can readily build eFPGA IP cores as small as 120 LUT’s to greater than 100K LUT’s. (To simplify the eFPGA tiling implementation, a single clock domain per IP core assumption is made.) SRAM arrays can be compiled, and integrated within the EFLX building block tiles. The number of available building block input and output signals is generous, as well, enabling wide datapath functions to be realized.


EFLX building blocks can be tiled in a wide range of sizes and aspect ratios.

The emergence of eFPGA IP on future SoC’s requires supporting diverse customer requirements for performance, power, computational complexity, and size/cost of the resulting programmable logic core. The architecture of the Flex Logix EFLX offering addresses these requirements, offering both logic and DSP functionality, and a modular “tiled” approach for optimal core area for the target application (with high logic/interconnect resource utilization).

Look for additional articles in the near future describing additional, unique features of the EFLX IP.

For more information on the Flex Logix EFLX product set, please refer to: www.flex-logix.com . There is an excellent introduction to eFPGA technology at: http://www.flex-logix.com/fpga-tutorial/ .

-chipguy

Posted on

Why 2017 is the Year of the Bot

Why 2017 is the Year of the Bot
by Vivek Wadhwa on 01-17-2017 at 12:00 pm
Categories: AI, General

In the 2013 movie “Her,” Theodore Twombly, a lonely writer, falls in love with a digital assistant designed to meet his every need. She sorts emails, helps get a book published, provides personal advice and ultimately becomes his girlfriend. The assistant, Samantha, is A.I. software capable of learning at an astonishing pace.


Samantha will remain in the realm of science fiction for at least another decade, but less-functional digital assistants, called bots, are already here. These will be the most amazing technology advances we see in our homes in 2017.

Among the bestsellers of the holiday season were Amazon.com’s Echo and Google Home. These bots talk to their users through speakers, and their built-in microphones hear from across a room. When Echo hears the name “Alexa,” its LED ring lights up in the direction of the user to acknowledge that it is listening. It answers questions, plays music, orders Amazon products and tells jokes. Google’s Home can also manage Google accounts, read and write emails, and keep track of calendars and notes.

Google and Amazon have both opened up their devices to third-party developers — who in turn have added the abilities to order pizza, book tickets, turn on lights and make phone calls. We will soon see these bots connected to health and fitness devices so that they can help people devise better exercise regimens and remember to take their medicine. And they will control the dishwasher and the microwave, track what is left in the refrigerator and order an ambulance in a case of emergency.

Long ago, our home appliances became electrified. Soon, they will be “cognified”: integrated into artificially intelligent systems that are accessed through voice commands. We will be able to talk to our machines in a way that seems natural. Microsoft has developed a voice-recognition technology that can transcribe speech as well as a human and translate it into multiple languages. Google has demonstrated a voice-synthesis capability that is hard to differentiate from human. Our bots will tell our ovens how we want our food to be cooked and ask us questions on its behalf.

This has become possible because of advances in artificial intelligence, or A.I. In particular, a field called deep learning allows machines to learn through neural networks — in which information is processed in layers and the connections between these layers are strengthened based on experience. In short, they learn much like a human brain. As a child learns to recognize objects such as its parents, toys and animals, neural networks too learn by looking at examples and forming associations. Google’s A.I. software learned to recognize a cat, a furry blob with two eyes and whiskers, after looking at 10 million examples of cats.

It is all about data and example; that is how machines — and humans — learn. This is why the tech industry is rushing to get its bots into the marketplace and are pricing them at a meager $150 or less: The more devices that are in use, the more they will learn collectively, and the smarter the technology gets. Every time you search YouTube for a cute cat video and pick one to watch, Google learns what you consider to be cute. Every time you ask Alexa a question and accept the answer, it learns what your interests are and the best way of responding to your questions.

By listening to everything that is happening in your house, as these bots do, they learn how we think, live, work and play. They are gathering massive amounts of data about us. And that raises a dark side of this technology: the privacy risks and possible misuse by technology companies. Neither Amazon nor Google is forthcoming about what it is doing with all of the data it gathers and how it will protect us from hackers who exploit weaknesses in the infrastructure leading to its servers.

Of even greater concern is the dependency we are building on these technologies: We are beginning to depend on them for knowledge and advice and even emotional support.

The relationship between Theodore Twombly and Samantha doesn’t turn out very well. She outgrows him in intelligence and maturity. And she confesses to having relationships with thousands of others before she abandons Twombly for a superior, digital life form.

We surely don’t need to worry yet about our bots becoming smarter than we are. But we already have cause for worry over one-sided relationships. For years, people have been confessing to having feelings for their Roomba vacuum cleaners — which don’t create even an illusion of conversation. A 2007 study documented that some people had formed a bond with their Roombas that “manifested itself through happiness experienced with cleaning, ascriptions of human properties to it, and engagement with it in promotion and protection.” And according to a recent report in New Scientist, hundreds of thousands of people say ‘Good morning’ to Alexa every day, half a million people have professed their love for it, and more than 250,000 have proposed marriage to it.

I expect that we are all going to be suckers for our digital friends. Don’t you feel obliged to thank Siri on your iPhone after it answers your questions? I’ll make a confession: I do, and have done so.

For more, visit my website: www.wadhwa.com and follow me on Twitter: @wadhwa

Posted on

IoT and Blockchain Convergence

IoT and Blockchain Convergence
by Ahmed Banafa on 01-17-2017 at 12:00 pm
Categories: IoT, Security

AAEAAQAAAAAAAAkGAAAAJDAyYzJjYjFhLWY3NGItNDNjOS05YmNkLWQ1YjUxODlhNTc1MQ

The Internet of Things (IoT) as a concept is fascinating and exciting, but one of the major challenging aspects of IoT is having a secure ecosystem encompassing all building blocks of IoT-architecture. Understanding the different building blocks of IoT, identifying the areas of vulnerability in each block and exploring technologies needed to counter each of the weaknesses are essential in dealing with the security issue of IoT.

Figure 1: IoT Architecture
IoT architecture can be represented by four building blocks:

  • Things: These are defined as uniquely identifiable nodes, primarily sensors that communicate without human interaction using different connectivity methods.
  • Gateways: These act as intermediaries between things and the cloud to provide the needed connectivity, security, and manageability.
  • Network infrastructure: This is comprised of routers, aggregators, gateways, repeaters and other devices that control and secure data flow.
  • Cloud infrastructure: Cloud infrastructure contains large pools of virtualized servers and storage that are networked together with computing and analytical capabilities.

Challenges to secure IoT deployments
Existing security technologies will play a role in mitigating IoT risks but they are not enough. The goal is to get data securely to the right place, at the right time, in the right format. It’s easier said than done for many reasons, and here is a list of some of the challenges:

  • Many IoT Systems are poorly designed and implemented, using diverse protocols and technologies that create complex and sometimes conflicting configurations.
  • Limited guidance for life cycle maintenance and management of IoT devices
  • IoT privacy concerns are complex and not always readily evident.
  • There is a lack of standards for authentication and authorization of IoT edge devices.
  • Security standards, for platform configurations, involving virtualized IoT platforms supporting multi-tenancy is immature.
  • The uses for Internet of Things technology are expanding and changing—often in uncharted waters.

In addition to the above list, new security technologies will be required to protect IoT devices and platforms from both information attacks and physical tampering, to encrypt their communications, and to address new challenges such as impersonating “things” or denial-of-sleep attacks that drain batteries, to denial-of-service attacks (DoS). But IoT security will be complicated by the fact that many “things” use simple processors and operating systems that may not support sophisticated security approaches.

A prime example of the urgent need for such new security technologies is the recent massive distributed denial of service attack (DDoS) that crippled the servers of popular services like Twitter, Netflix, NYTimes, and PayPal across the U.S. on October 21st, 2016. It was the result of an immense assault that involved millions of internet addresses and malicious software. One source of the traffic for the attacks was devices infected by the Mirai malware. The attack comes amid heightened cybersecurity fears and a rising number of internet security breaches. All indications suggest that countless IoT devices that power everyday technology like closed-circuit cameras and smart-home devices were hijacked by the malware, and used against the servers.

The problem with the current centralized model
Current IoT ecosystems rely on centralized, brokered communication models, otherwise known as the server/client paradigm. All devices are identified, authenticated and connected through cloud servers that sport huge processing and storage capacities. Connections between devices have to exclusively go through the internet, even if they happen to be a few feet apart.

While this model has connected generic computing devices for decades and will continue to support small-scale IoT networks as we see them today, it will not be able to respond to the growing needs of the huge IoT ecosystems of tomorrow.

Existing IoT solutions are expensive because of the high infrastructure and maintenance cost associated with centralized clouds, large server farms, and networking equipment. The sheer amount of communications that will have to be handled when there are tens of billions of IoT devices will increase those costs substantially.

Even if the unprecedented economic and engineering challenges are overcome, cloud servers will remain a bottleneck and point of failure that can disrupt the entire network.

Decentralizing IoT networks
A decentralized approach to IoT networking would solve many of the issues above. Adopting a standardized peer-to-peer communication model to process the hundreds of billions of transactions between devices will significantly reduce the costs associated with installing and maintaining large centralized data centers and will distribute computation and storage needs across the billions of devices that form IoT networks. This will prevent failure in any single node in a network from bringing the entire network to a halting collapse.

However, establishing peer-to-peer communications will present its own set of challenges, chief among them the issue of security. And as we all know, IoT security is much more than just about protecting sensitive data. The proposed solution will have to maintain privacy and security in huge IoT networks and offer some form of validation and consensus for transactions to prevent spoofing and theft.

To perform the functions of traditional IoT solutions without a centralized control, any decentralized approach must support three foundational functions:

  • Peer-to-peer messaging;
  • Distributed file sharing;
  • Autonomous device coordination.

The Blockchain Approach
Blockchain, the “distributed ledger” technology, has emerged as an object of intense interest in the tech industry and beyond. Blockchain technology offers a way of recording transactions or any digital interaction in a way that is designed to be secure, transparent, highly resistant to outages, auditable, and efficient; as such, it carries the possibility of disrupting industries and enabling new business models. The technology is young and changing very rapidly; widespread commercialization is still a few years off. Nonetheless, to avoid disruptive surprises or missed opportunities, strategists, planners, and decision makers across industries and business functions should pay heed now and begin to investigate applications of the technology.

What is Blockchain?
Blockchain is a database that maintains a continuously growing set of data records. It is distributed in nature, meaning that there is no master computer holding the entire chain. Rather, the participating nodes have a copy of the chain. It’s also ever-growing — data records are only added to the chain.
A blockchain consists of two types of elements:

  • Transactions are the actions created by the participants in the system.
  • Blocks record these transactions and make sure they are in the correct sequence and have not been tampered with.

What are some advantages of blockchain?
The big advantage of blockchain is that it’s public. Everyone participating can see the blocks and the transactions stored in them. This doesn’t mean everyone can see the actual content of your transaction, however; that’s protected by your private key.

A blockchain is decentralized, so there is no single authority that can approve the transactions or set specific rules to have transactions accepted. That means there’s a huge amount of trust involved since all the participants in the network have to reach a consensus to accept transactions.

Most importantly, it’s secure. The database can only be extended and previous records cannot be changed (at least, there’s a very high cost if someone wants to alter previous records).

How does it work?
When someone wants to add a transaction to the chain, all the participants in the network will validate it. They do this by applying an algorithm to the transaction to verify its validity. What exactly is understood by “valid” is defined by the blockchain system and can differ between systems. Then it is up to a majority of the participants to agree that the transaction is valid.
A set of approved transactions is then bundled in a block, which gets sent to all the nodes in the network. They, in turn, validate the new block. Each successive block contains a hash, which is a unique fingerprint, of the previous block.

The blockchain and IoT

Figure 2: Key Benefits of Using Blockchain for IoT

Blockchain technology is the missing link to settle privacy and reliability concerns in the Internet of Things. Blockchain technology could perhaps be the silver bullet needed by the IoT industry. It can be used in tracking billions of connected devices, enabling the processing of transactions and coordination between devices; this allows for significant savings for IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains would make consumer data more private.

The ledger is tamper-proof and cannot be manipulated by malicious actors because it doesn’t exist in any single location, and man-in-the-middle attacks cannot be staged because there is no single thread of communication that can be intercepted. Blockchain makes trustless, peer-to-peer messaging possible and has already proven its worth in the world of financial services through cryptocurrencies such as bitcoin, providing guaranteed peer-to-peer payment services without the need for third-party brokers.

The decentralized, autonomous, and trustless capabilities of the blockchain make it an ideal component to become a foundational element of IoT solutions. It is no surprise that enterprise IoT technologies have quickly become one of the early adopters of blockchain technology.

In an IoT network, the blockchain can keep an immutable record of the history of smart devices. This feature enables the autonomous functioning of smart devices without the need for centralized authority. As a result, the blockchain opens the door to a series of IoT scenarios that were remarkably difficult, or even impossible to implement without it.

For example, by leveraging the blockchain, IoT solutions can enable secure, trustless messaging between devices in an IoT network. In this model, the blockchain will treat message exchanges between devices similar to financial transactions in a bitcoin network. To enable message exchanges, devices will leverage smart contracts which then model the agreement between the two parties.

One of the most exciting capabilities of the blockchain is the ability to maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliances and regulatory requirements of industrial IoT (IIoT) applications without the need to rely on a centralized model.

What are the challenges?

Figure 3: IoT and Blockchain Challenges
In spite of all its benefits, the blockchain model is not without its flaws and shortcomings:

  • Scalability issues pertaining to the blockchain that might lead to centralization, which is casting a shadow over the future of the cryptocurrency.
  • Processing power and time required to perform encryption for all the objects involved in a blockchain-based ecosystem. IoT ecosystems are very diverse. In contrast to generic computing networks, IoT networks are comprised of devices that have very different computing capabilities, and not all of them will be capable of running the same encryption algorithms at the desired speed.
  • Storage too will be a hurdle. Blockchain eliminates the need for a central server to store transactions and device IDs, but the ledger has to be stored on the nodes themselves. And the ledger will increase in size as time passes. That is beyond the capabilities of a wide range of smart devices such as sensors, which have very low storage capacity.
  • Lack of skills: few people understand how blockchain technology really works and when you add IoT to the mix that number will shrink drastically.
  • Legal and compliance issues: It’s a new territory in all aspects without any legal or compliance code to follow, which is a serious problem for manufacturers and service providers. This challenge alone will scare off many businesses from using blockchain technology.

The Optimum Platform
Developing solutions for the Internet of Things requires unprecedented collaboration, coordination, and connectivity for each piece in the ecosystem, and throughout the ecosystem as a whole. All devices must work together and be integrated with all other devices, and all devices must communicate and interact seamlessly with connected systems and infrastructures. It’s possible, but it can be expensive, time-consuming, and difficult.
The optimum platform for IoT can:

  • Acquire and manage data to create a standards-based, scalable, and secure platform.
  • Integrate and secure data to reduce cost and complexity while protecting your investment.
  • Analyze data and act by extracting business value from data, and then acting on it.

Security needs to be built in as a foundation of IoT systems, with rigorous validity checks, authentication, data verification, and all the data needs to be encrypted. At the application level, software development organizations need to be better at writing code that is stable, resilient and trustworthy, with better code development standards, training, threat analysis and testing. As systems interact with each other, it’s essential to have an agreed interoperability standard, which is safe and valid. Without a solid bottom-top structure we will create more threats with every device added to the IoT. What we need is a secure and safe IoT with privacy protected. That’s a tough trade off but not impossible and blockchain technology is an attractive option if we can overcome its drawbacks.

Ahmed Banafa Named No. 1 Top VoiceTo Follow in Tech by LinkedIn in 2016
This article was published on IEEE-IoT : http://iot.ieee.org/newsletter/january-2017/iot-and-blockchain-convergence-benefits-and-challenges.html

Further reading
http://tech.economictimes.indiatimes.com/news/internet/5-challenges-to-internet-of-things/52700940
http://www.mindanalytics.es/2016/03/01/gartners-top-10-internet-of-things-technologies-for-2017-2018/?lang=en
http://www.cnbc.com/2016/10/22/ddos-attack-sophisticated-highly-distributed-involved-millions-of-ip-addresses-dyn.html
https://www.spiceworks.com/marketing/reports/iot-trends/
http://www.cio.com/article/3027522/internet-of-things/beyond-bitcoin-can-the-blockchain-power-industrial-iot.html
https://techcrunch.com/2016/06/28/decentralizing-iot-networks-through-blockchain/
http://www.blockchaintechnologies.com/blockchain-internet-of-things-iot
https://postscapes.com/blockchains-and-the-internet-of-things/
https://bdtechtalks.com/2016/06/09/the-benefits-and-challenges-of-using-blockchain-in-iot-development/
https://blogs.thomsonreuters.com/answerson/blockchain-technology/
http://www.i-scoop.eu/internet-of-things/blockchain-internet-things-big-benefits-expectations-challenges/
https://www.linkedin.com/pulse/20140403055037-246665791-bitcoin-accepted-here?trk=mp-author-card
https://www.linkedin.com/pulse/securing-internet-things-iot-ahmed-banafa?trk=mp-author-card
https://www.linkedin.com/pulse/industrial-internet-things-iiot-challenges-benefits-ahmed-banafa?trk=mp-author-ca

Posted on

DesignCon 2017 and Mentor Graphics

DesignCon 2017 and Mentor Graphics
by Daniel Nenni on 01-17-2017 at 7:00 am
Categories: EDA, Events, Siemens EDA

It’s hard to believe but this is DesignCon #22 and being a Silicon Valley conference I have attended my fair share of them. This year it seems like high speed communications will take the lead followed by the latest on PCB design tools, power and signal integrity, jitter and crosstalk, test and measurement tools, parallel and memory interface design, ICs, semiconductor components, etc…

About DesignCon
DesignCon is the world’s premier conference for chip, board, and systems design engineers in the high-speed communications and semiconductor communities.DesignCon, created by engineers for engineers, takes place annually in Silicon Valley and remains the largest gathering of chip, board, and systems designers in the country. This three-day technical conference and expo combines technical paper sessions, tutorials, industry panels, product demos and exhibits from the industry’s leading experts and solutions providers. More information is available at: designcon.com. DesignCon is organized by UBM Americas, a part of UBM plc (UBM.L), an Events First marketing and communications services business. For more information, visit ubmamericas.com.

The conference theme this year lands squarely inside Mentor’s wheelhouse so they will be hard to miss. The Mentor HyperLynx product family will be front and center in the Mentor booth. If you are interested in any of the following technologies you will definitely want to stop by booth #1043 for demos and chats with experts:

HyperLynx Signal Integrity
Quickly identify and resolve Signal Integrity issues. Includes advanced tools for optimizing DDRx design, SERDES design projects, FastEye diagram analysis, S-parameter simulation, and BER prediction.

HyperLynx Power Integrity
Accurately model power distribution networks and noise propagation mechanisms throughout the PCB design process.

HyperLynx DRC
Accelerates electrical signoff with built-in comprehensive rule-sets or customized rule checks for issues affecting EMI/EMC, signal integrity, and power integrity.

HyperLynx Full-Wave Solver
A powerful 3D, broadband, full-wave electromagnetic solver providing unprecedented speed and capacity, while preserving gold-standard Maxwell accuracy.

Frontline InStack Design
An automatic stackup design solution to find the best possible stackup for your board, optimizing and balancing between quality, manufacturability and price.

Special live presentations include:

  • Modeling and simulating DDR transactions involving buffer transitions between receive and transmit states
  • Channel Operating Margin (COM) for PAM-4 links with support for Tx non-linearity and time skew
  • Optimization methods for high speed SerDes channels using COM metric

Mentor has a copy of the DesignCon 2016 Best Paper Award winner available HERE. This paper analyzes the computational procedure specified for Channel Operating Margin and compares it to the traditional eye/BER analysis.

In concert, Mentor also has “A Practical, Hands-on Essential Principles of SI Boot Camp” featuring Eric Bogatin on January 31[SUP]st[/SUP] at their Fremont campus. From what I am told Eric is an SI guru so you are not going to want to miss this. In case you do miss it we will have a SemiWiki blogger there so stay tuned to SemiWiki.com for complete coverage.

Abstract:
If you are confused about signal integrity and want to get a jump start understanding the most important essential principles in signal integrity, this is the workshop for you. We will explore the principles and best design practices using simulation exercises in HyperLynx.

Using short lectures and demos, we introduce more than 50 important design examples everyone will work through as virtual prototypes.

Eric Bogatin received his BS in physics from MIT and MS and PhD in physics from the University of Arizona in Tucson. He has held senior engineering and management positions at Bell Labs, Raychem, Sun Microsystems, Ansoft and Interconnect Devices. He has written six technical books in the field and presented classes and lectures on signal integrity world wide.

Posted on

Intel Conveys Compute Card Capabilities at CES

Intel Conveys Compute Card Capabilities at CES
by Tom Simon on 01-16-2017 at 12:00 pm
Categories: Intel Foundry, IoT

Intel is once again adding a new computing form factor to the mix. At CES Intel announced its new Intel Compute Card. It combines CPU, GPU, DRAM, storage, WiFi, and communications inside a small modular housing slightly larger than a credit card and about 5mm thick. Intel already offers its Compute Stick, but it is limited in its interface options. The compute Stick only supports HDMI along with USB and WiFi, making it a bit limited. Unlike the Compute Stick which seemed to be promoted as a highly portable computer that can turn and HDMI monitor into a useful PC, the Compute Card is intended to provide the brains for a number of applications, such as smart TV’s, appliances, IoT devices, etc.

The question is, what does it offer in these applications that ‘hardwired’ processing does not allow?

The Compute Card has a proprietary connector set on its end that allows it to plug into its host. Intel describes the interface as a modified USB-C. This enables it to connect to a wide range of devices, such as hdmi, storage, PCIe, potential future interfaces, etc. Because standard interfaces are not brought out to connectors, it will not operate as a standalone device.

The Compute Stick was said to have low performance, although it was improved in the second generation. The Compute Card is planned to offer a wide range of CPU’s not just the low-end Atom cores. The upper end of the power dissipation is said to be around 6W. One nice difference from its predecessor is that the Compute Card has no cooling fan, which could have been a potential reliability issue. Apparently the dock (or socket) provides some cooling in addition to a ‘locking mechanism’ to prevent removal where security is a factor.

So, is the Compute Card an embedded processor or is it a portable compute device? In the embedded processor space there is a wide range of options, from both Intel and through ARM based processor providers. It seems that major appliances that need would be built around a specific processor and chipset. While the Compute Card touts upgradability and future proofing for its hosts, it’s not clear that upgrading the processor, if it proves practical, will extend the life of appliances. Indeed, smart appliances may not actually outlive their processing units.

Nevertheless, it is conceivable that repairs could be made easier by a plug in compute unit. But this could be offset by connector or thermal issues with the Compute Card packaging/dock.

If the goal is to provide a portable computing resource, it needs to be compared to alternatives offered through virtual machines. A thumb drive or SD card can easily contain a complete virtual machine environment that can run on a wide range of hardware. Why not just use this to offer a portable environment? Alternatively, the cloud has become a given in terms of user environment. With Google Drive or DropBox, you can easily pull up your personal documents or environment just about anywhere on any compute resource.

To be fair, I was skeptical of virtual machines, but as technology improved they became practical. This took a few decades in actuality. And, they never be as efficient as bare metal, rather they offer flexibility and convenience without a severe penalty. In fact I know of several websites that solved their server bandwidth issues by reverting to bare metal. But that is another story.

Intel has signed up partners to help develop Compute Card enabled products. These partners include Dell, Lenovo, HP, Sharp, as well as InFocus, Seneca and others. The rest of us will need to wait until June of 2017 to get pricing and detailed specifications. Likewise, they will be available for purchase in the middle of the year.

A lot of the utility depends on the actual specifications, price/performance ratio, and the details of the necessary ancillary hardware, such as the dock. Presumably the Compute Card will run Windows and likely Linux too. The OS will also play heavily into potential applications and market acceptance.

It is too early to tell if this will be part of a significant shift in the development of smart products or for the Internet of Things. I plan on watching it with guarded expectations. Much of what we have seen recently points to the extremely high utility of products based on custom SOC’s and advanced packaging such as TSMC’s CoWoS and InFO technology. For instance, ARM cores are available for silicon integration through a large number of SOC and Virtual ASIC vendors. However, just as with virtual machines, only time will tell if there will be significant market acceptance for the Intel Compute Card.