CEVA Dolphin Weninar SemiWiki 800x100 260419 (1)
Semiconductor Expert Forum

Posted on

Embedded Agility

Embedded Agility
by Bernard Murphy on 11-21-2016 at 12:00 pm
Categories: Automotive, EDA, Synopsys

A familiar refrain in software development, as much as in hardware development, is that the size and complexity of projects continues to grow as schedules shrink and expectations of quality can increase dramatically. A common approach to managing this challenge in software programs is agile development practices and one aspect of that approach is continuous integration (CI). In CI any checkin by any developer triggers in effect a production build and test. Broken builds are immediately flagged to all developers to encourage quick correction to deviations from a working build rather than allowing hidden integration issues to accumulate. CI is primarily an engineering discipline, but naturally it benefits greatly from automation support. Popular open-source tools in this domain include Jenkins for CI automation and Linaro LAVA for test build/automation.

Agile methods in general and CI in particular were developed as software engineering practices assuming a stable hardware platform. But how do you apply these concepts when, as in many embedded applications, that hardware is still in development? Hardware-based prototype models are available too late in product development or are too slow (or both), so software developers depend heavily on (software-based) virtual prototype (VP) models which model hardware behavior with just enough detail to ensure that software running on the VP will behave similarly on the ultimate hardware, yet can still run at near real-time speed.

Synopsys Virtualizer Development Kits (VDKs) provide the kind of VP platform you need to connect to CI frameworks. VDKs can be developed from scratch starting from (high-level) transaction-level models, or you can start from one of several pre-built solutions such as the family of VDKs for ARM processors which you can then customize to match your specific design configuration. The ARM VDKs, for example, provide out-of-the-box support for Linux and Android, plug-n-play with software debuggers from ARM, Lauterbach and GNU and reference virtual prototypes for several DesignWare interface IPs, among many other features. VDKs aim to get you up and running quickly with a full-functioned VP, requiring a minimum of tuning on your part.


Once you have your VDK, you can integrate it into a CI framework. For more technical details, see the link at the end of this blog. Here I want to touch on how VDKs integrate into CI testing frameworks and what that integration enables. Each VDK provides interfaces to connect input stimuli from the framework to the VDK and output information from the VDK back to the framework. Control commands for objectives like run-control can also be communicated between the framework and VDK via a TCP/IP connection to a scripting layer within the model.

VDKs provide support for many types of analysis but a couple are especially interesting here. Let’s start with support safety standards per ISO 26262. It has been said that there are more lines of code in a Ford Fusion that there are in a Boeing 777. You’re not going to develop, maintain and enhance that kind of code-base in a waterfall model; you have to use something like CI. Also safety standards compliance for that code has to be based on in-the-loop testing. Again, software developers don’t have the hardware available to do that testing until late in the development cycle but with VDKs they can do Fault Mode and Effect Analysis (FMEA) using virtual models, which they can instrument through the (scriptable) fault injection capability provided in VDKs. They can inject faults on memory content, registers and signals, or on the loaded embedded software; this is completely non-intrusive, requiring no modification to the embedded software. Additionally, the scripting layer provides full control to define complex scenarios and corner-cases based on complex triggers which may be difficult to easily reproduce in the real hardware. This capability is completely deterministic so fault scenarios are repeatable and can be included in regression testing.

In a similar vein, code coverage is a key metric in the completeness of any software testing. VDKs provide an on-target code coverage measurement solution, not requiring software instrumentation. In both this case and the fault coverage case, coverage can be integrated into CI coverage, using plugins like Cobertura.

You might possibly have missed one rather important point in all of this. Of course software teams are able to develop and continuously integrate software based on VDK platforms long before the hardware is ready. But because the VDK is also software, they can do so in parallel; they don’t need to plug into hardware prototypes for development or CI testing. That’s rather important when you want to implement CI. Imagine having all the CI infrastructure setup then having to stand in line to get your turn on a hardware prototyper; that would rather defeat the object of the exercise. But you can have as many VDKs running simultaneously as you need; VDKs make CI possible when hardware is also under development.

You can read more about how VDKs can support continuous integration HERE.

More articles by Bernard…

Posted on

CEO Interview: Mike Wishart of efabless

CEO Interview: Mike Wishart of efabless
by Daniel Nenni on 11-21-2016 at 7:00 am
Categories: CEO Interviews, Semiconductor Services

This is the 12th in a series of interviews we will do with executives inside the fabless semiconductor ecosystem. Michael Wishart, efabless Chairman and CEO, retired from Goldman Sachs after thirty years covering the technology industry as an investment banker. Michael is currently on the board of Cypress Semiconductor and before that he was on the Spansion board. Mike and I talk about the upcoming eFabless Design Challenge.

TELL US ABOUT EFABLESS AND ITS MODEL?
efabless corporation is building a community of analog and mixed signal engineers and equipping them with tools and an innovative crowdsourcing business model to solve the critical electronic enablement bottleneck to IoT and smart hardware design. IoT brings with it an explosion of consumer and industrial designs, each of which requires a unique combination of sensor, analog and mixed signal electronics to connect their digital “smarts” with the world in which they operate. IoT is therefore a very customized world requiring intensive collaboration between a multitude of visionaries with creative product ideas and a multitude of equally creative experts in electronics. This is a new type of ecosystem that is not easily addressed by conventional methods of electronics design and traditional IC companies. We employ crowdsourcing models proven deliver creative, customized solutions in other aspects of system design and adapt these models to the specific requirements of IP and ICs.

At efabless:

  • Customers will pose requests for unique ICs and IP which are then filled by community members.
  • Community members will design IP and ICs with no upfront cost and sell or license them through our marketplace.

An important element of crowdsourcing is the use of the Design Challenge, which proves the feasibility of the model, solves unique sets of problems and engages and attracts community members. Today we have approximately 600 community members from 30 countries. We look to grow this community as we roll out design challenges for IP and ICs and enable new categories of sensor and mixed signal intensive hardware products in areas like IoT, wearables and eHealth.

Mohamed Kassem, ex of TI, and I had independently pursued the idea of crowd sourcing hardware and IC development and innovation, until introduced by VC Lucio Lanza who saw our complementary experiences and had his own vision of the eBay of analog IP. Jack Hughes has also been a powerful influence on our company and has been intimately involved in the building of our model. Jack, a director and a founding investor in efabless, was the founder and CEO of the extremely successful software crowd sourcing company, Topcoder. The four of us are blessed to lead a great team of successful and experienced open source thought leaders, technologists and executives.

WHY ARE THE EFABLESS DESIGN CHALLENGES INTERESTING?
efabless is dedicated to democratizing the design process and believes that results will speak for themselves. Challenges are powerful, effective, fun ways to solve real problems and they prove the feasibility of crowdsourced design of ICs and IP. We host Design Challenges where community members design and compete against other community members for cash prizes, badges acknowledging capability and ratings of relative performance. The efabless Challenges are “open” to all comers, with only minimum exceptions (Designers must be of minimum age, have no contractual restrictions and not be from one of the limited number of “restricted countries”). The fact is that “open” is commonplace and even essential to a design challenge and have been fundamental to design challenges in other disciplines. Until efabless, though, design challenges have been virtually unheard of in IC design because IC design and manufacture is too expensive and restricted to truly attract any and all comers. We solve this. The efabless design environment provides our community with everything needed to design, verify and deliver analog and mixed signal designs. The design flow is based on foundry supplied design kits and proven open source tools, which allows contestants to design for no upfront cost, and monetize the results of their efforts. We protect the underlying process technology of the foundry which allows us to provide access to tools and IP without foundry NDA. Now a student in university can compete head to head with a 20-year veteran. A famous saying goes as follows: “The race is not always to the swift, nor the battle to the strong; but that is the way to bet.” Our emphasis is on the “not always”! Powerful, effective, fun …. FAIR.

HOW DOES THE EFABLESS DESIGN CHALLENGE WORK?
Here is how the Design Challenges work. We work with the Challenge Sponsor to create a spec for an IP to post as a challenge. Designers register on our site and, after reviewing a detailed description of the Challenge, accept the Challenge. The designer then completes and simulates the design and submits it to efabless. We then re-verify the design to confirm that it meets the overall spec of the Challenge and rate the qualifying designs by the relative success in the specific parameter or parameters of choice in the Challenge. The challenge winner selection is objective according to clearly specified and published criteria. Prizes are typically awarded to multiple designers.

In many cases, the Challenges will be sponsored by customers of efabless. In many cases, we will host our own Design Challenges.

WHAT IF I WIN? WHAT IF I LOSE? WHO OWNS THE DESIGNS?
efabless Design Challenges are design challenges with a twist. There are winners but there are no losers. Power to the designer! If you win, there is a cash prize and public acknowledgment of the achievement. efabless will publish on its websites the results and in many cases, so will the Challenge Sponsor. In certain cases, there may be a transfer of ownership to the Challenge Sponsor but in many cases, ownership will be retained by the designer.

Designs that are not chosen are owned by the designer and may be offered through our marketplace. A design that may not lead in the spec of the challenge may have other attributes that make it attractive to end-customers in the marketplace. We have all heard of the undrafted walk-ons that make it big in professional sports. Well, the “undrafted” designs have a second chance in the real marketplace where designs are licensed, bought and sold.

WHY SHOULD A COMPANY SPONSOR AN IP CHALLENGE?
Challenges are a very powerful means to combine product development with strategic marketing in one package. The Challenge format allows for a complete and compelling description of a unique or non-traditional problem. It maximizes the exposure to the global community, and hence the participation in the problem solving.

We see initial demand for the Challenge offering as a strategic and tactical solution for foundries in design enablement. Foundries tell us that they are concerned that their significant investments in differentiated process nodes go underutilized because of IP gaps in the associated IP portfolios. Challenges done through efabless will generate multiple IPs for a given spec, each with different and nuanced value propositions. Importantly, the efabless approach to design challenges provides a unique format to articulate the benefits of the node and of the foundry’s service to designers. Once the IP pump is primed with the Challenge process, various IPs will be created by the efabless community filling gaps identified by designers and customers.

TELL US ABOUT YOUR UPCOMING X-FAB DESIGN CHALLENGE
In the week of November 28, we will launch an industry first, a foundry sponsored design challenge for an IP. This will be the first of many for us to engage the community and deliver value to our customers. The X-FAB Design Challenge will feature a low power band gap. It will last for 12 weeks. All successfully verified designs will be entered into our marketplace. We will offer multiple cash prizes and feature the winning designs and designers on our website and in an ad, here on SemiWiki. We imagine that X-FAB will run its own promotion. Importantly, all designers will own the resulting IPs and all designs that pass our verification will be available to X-FAB customers through our marketplace. We and X-FAB see this initial Challenge as a first in what will be a series of Challenges of increasing complexity. Great for X-FAB, great for X-FAB customers, great for our community.

X-FAB is a leading foundry for analog/mixed signal ICs and has been a great supporter of efabless and our mission as we have built out our solution and community. The first process technology that is supported on our platform is X-FAB’s XH035 process on the 350 nm node.

WHAT NEXT?
We invite your readers to approach us with interesting ideas for new Design Challenges for IP. As we go forward, efabless will expand its capability to enable its growing community of analog and mixed signal to fill the custom mixed signal electronics gap in IoT and smart hardware design. Please visit our site and post a request or reach out directly to Mohamed (mkk@efabless.com) or me (mw@efabless.com).

Also Read:

CEO Interview: Chouki Aktouf of Defacto Technologies

Executive Interview: Vic Kulkarni of ANSYS

CEO Interview: Taher Madraswala of Open-Silicon

Posted on

Solido DA is One of Deloitte’s Fastest 50!

Solido DA is One of Deloitte’s Fastest 50!
by Daniel Nenni on 11-20-2016 at 8:00 pm
Categories: EDA, Solido

As a longtime EDA professional this really made my day. At a time where emerging EDA companies struggle for public validation, it warms my heart to see some very public recognition for an EDA job well done.

Deloitte, a leading Canadian professional financial services firm, announced the winners of their Technology Fast 50 program and low and behold #34 with 367.3% revenue growth is our own Solido Design Automation. Solido is known for championing variation aware design which is now a “must have” for competitive FinFET based semiconductor design.

Solido Design Automation makes Variation Designer, the world’s top CAD software for semiconductor variation analysis and debugging. Variation Designer is used to improve chip yield, improve performance, reduce die area, and reduce power consumption. It does this using a suite of technologies designed to provide fast, accurate measurement of variation effects and powerful tools for understanding and solving variation problems.

Our customers include most of the top semiconductor design companies in the world. Our user base currently spans well over 1000 production chip designers, and is growing quickly. Solido’s technology has been used to design chips that are in everything – phones, tablets, cars, TVs, PCs, credit cards – all kinds of products. It is becoming hard to find electronic devices manufactured in the last couple of years that do not include a chip that was designed using Solido’s software. We work with designers on mature and leading edge technologies; much of our production work is being done at sub-28nm processes, and we are now ramping up work on 7nm technologies.

Solido is headquartered in Canada, where our Product Development and Applications Engineering staff work together under one roof at Innovation Place in Saskatoon, Canada. We are expanding quickly to serve our growing customer base.

For the rest of the emerging EDA companies out there let me share with you the key to Solido’s success:

[LIST=1]

  • Strong leadership
  • Scalable Business Model
  • Being in the right place at the right time

    Strong EDA leadership means you can raise money. In his first EDA start-up (Analog Design Automation) Solido CEO Amit Gupta raised more than $20M in venture capital and government funding from funds including RBC Capital Partners, BDC Capital, Intel Capital, Synopsys Venture Fund, High Street Partners, and private investors. After 5 years ADA was acquired by Synopsys. In his second time around (Solido) Amit raised more than $10M in venture capital and government funding from funds including BDC Capital, Golden Opportunities Fund, and private investors. Strong leadership also means a focus on customer relationships. The best EDA CEOs that I have ever worked with spend the majority of their time with customers at all levels collaborating on all aspects of the business.

    A scalable business model in EDA is hyper focused on ROI in every aspect of their business. For example, Solido employs more than 50 people in Saskatoon drawing the best and the brightest from the University of Saskatchewan every year. In 2017 Solido employees will more than double (100+) while the cost per engineer is a fraction of that in the US and turnover is the lowest I have seen in EDA.

    Being in the right place at the right time takes vision and planning but most of all it takes stamina. Solido started the variation aware design mantra eleven years ago and now finds themselves the market leaders in a critical path of modern semiconductor design. Remember, Solido literally wrote the book on Variation-Aware Design of Custom Integrated Circuits.

    Congratulations to my friends at Solido Design Automation, this award is well deserved and I know there will be more accolades to come, absolutely.

    • Posted on

    Automobility: The Bot in a Box Boom

    Automobility: The Bot in a Box Boom
    by Roger C. Lanctot on 11-20-2016 at 4:00 pm
    Categories: Automotive

    The Automobility event, which starts today ahead of the Los Angeles Auto Show, will be remembered for introducing the bot in a box. While Ford Motor Company President and CEO Mark Fields will take the stage this morning to tout Ford’s leadership in transforming transportation with new vehicle ownership models and mass produced self-driving vehicles coming by 2021, a little company called PolySync will be announcing its Open Source Car Control – an affordable and open source kit for autonomous vehicle development.

    Coming on the heels of Comma.ai’s NHTSA-aided exit from the autonomous vehicle aftermarket, the PolySync announcement reflects the ever widening opening of the automotive industry to new thinking and rapid prototyping around self-driving technology. Thanks to both Ford and PolySync (and others) no university engineering program worth its credentials can fail to offer a self-driving car program.

    The PolySync development platform, initially tuned for use with particular Kia models, reflects the growing democratization of self-driving vehicle development. Already, around the world, there are 19 self-driving pod/shuttle systems in operation.

    These systems have been fueled by the availability of six development platforms from the likes of Renesas and Nvidia and PolySync. These efforts have further fostered six aftermarket offerings, including the now-defunct Comma.ai Comma One, and contributed to 61 self-driving car announcements from OEMs such as Ford and the emergence of 73 startups and small companies focused on self-driving technology.

    Comma.ai, the George Hotz-founded self-driving car startup that announced a $999 aftermarket device capable of enabling autopilot-like functionality on certain Honda and Acura vehicles, was asked in a letter from the National Highway Traffic Safety Administration to answer a range of questions as to how its system worked. Hotz, who famously told a Techcrunch crowd that his neural network-enabled device ran on 2,000 lines of code and 50M of stored information, knew he really could not “explain” the functioning of his black box to the satisfaction of NHTSA. Ergo: Exit, stage right!

    Observers note that the Comma.ai approach, which required essentially hacking into the safety systems of the cars in question, was unlikely to ever receive a NHTSA endorsement. PolySync is avoiding the NHTSA debate entirely by offering its kit for development purposes only.

    In its press announcement PolySync notes that “Open-source technology proves that democratizing access accelerates innovation, and bringing that same transparency and freedom to the development of autonomous vehicles is essential to its widespread adoption.”

    PolySync says its OSCC enables engineers to build their own self-driving development vehicle using by-wire technologies on the 2014-or-later Kia Soul. Companies seeking to foster this kind of aftermarket development are essentially seeking cars already equipped with self-parking and lane-keeping technology which can be modified to achieve self-driving performance.

    OSCC says it is launching on GitHub and can be integrated into a new or used vehicle for less than $1,000. “By lowering the barrier of entry we’re enabling developers to safely capture data and test models at a scale that just wasn’t possible a year ago,” says PolySync CEO Josh Hartung. “For the cost of a single development vehicle today, engineers can be working on 10 OSCC-enabled vehicles tomorrow.”

    The system allows developers to connect the Arduino-based OSCC modules, along with their own hardware and software, to the vehicle’s internal control systems, including the Controller Area Network (CAN). PolySync says this enables communication to the steering and throttle controls using either the PolySync Core platform or other software. Braking is enabled with the addition of a commonly-available, repurposed automotive brake-by-wire module.

    PolySync expects the OSCC approach to enable a wider range of Kia and non-Kia models to be tapped for autonomous vehicle development. “Theoretically, it should work on almost any modern car with electronic power steering, throttle-by-wire, and standard hydraulic brakes,” says Hartung.

    PolySync is launching a GitHub repo with all supporting materials and algorithms. The company says it will make a limited number of OSCC hardware kits available and pre-orders will be available on GitHub. The kit is intended for R&D and off-road use only. The University of Michigan’s Mobility Transformation Center is the first customer, outfitting two Kia Souls, PolySync says.

    While the PolySync initiative is limited in scope it points the way to a future in which self-driving car kits could become the over-the-counter equivalent of the Heath Kits of the 1970’s and 80’s – NHTSA resistance notwithstanding. Ford has contributed its own hefty leverage to accelerate self-driving car development by investing in Velodyne’s relatively low cost so-call “hybrid” solid state LiDAR technology.

    Velodyne’s solution isn’t competitive with emerging solid state LiDAR systems from companies such as Quanergy, but its lower cost does broaden the development landscape. Meanwhile, at the L.A. Auto Show, Ford’s Fields will explore in his talk the societal impacts of self-driving car technology including its influence on future vehicle ownership use and behavior. Fields may also shed light on what is thought to be more than two dozen mobility experiments the company is conducting around the world.

    For Ford, self-driving vehicles are likely to be a networked phenomenon serving both public and private transportation needs. But the groundswell of development support at the grassroots from companies like PolySync and Ford are not only helping to reduce costs and attract engineering talent, they are contributing to growing enthusiasm for the transportation sector as a source of employment and an economic engine.

    Will there be a bot in a box under your Christmas tree this year? Not likely. But the onset of the self-driving car is a gift to the industry and society. It might even revive the moribund automotive aftermarket.

    Posted on

    LRCX AMAT KLAC Update

    LRCX AMAT KLAC Update
    by Robert Maire on 11-20-2016 at 12:00 pm
    Categories: Semiconductor Advisors, Semiconductor Services

    Applied & Lam will be talking over the next 2 days, investors should/will focus on future growth, AMAT after display uptick & LRCX post the KLAM fail.

    It’s no secret that most of the upside surprise in Applied’s recent reports were due to unusually large display orders from an industry even more cyclical than the semi industry- The question is how long will display last and what replaces display when it inevitably slows down?
     Continue reading “LRCX AMAT KLAC Update”

    Posted on

    Where hackers take their money – Casinos, Cryptocurrency, and Virtual Worlds

    Where hackers take their money – Casinos, Cryptocurrency, and Virtual Worlds
    by Matthew Rosenquist on 11-20-2016 at 7:00 am
    Categories: Security

    AAEAAQAAAAAAAAgsAAAAJDUxODdlYTRlLTViMDUtNGY0OC05NDY0LTgxNWQ2ZThmMDlmMw

    Cybercrime is reaching epidemic levels. Some estimates predict global annual cybercrime costs will reach $6 trillion by 2021. This includes the costs of security as well as the losses from thefts and fraud from successful attacks. Criminals are finding themselves in a position of having gained electronic assets but need to transform ‘dirty’ money into respectable ‘clean’ assets. This is the process of money-laundering. The United Nations Office on Drugs and Crime estimates nearly 2-5% of global GDP (approximately $800 billion-$2 trillion in US dollars) is laundered each year.

    In many cases, technology savvy criminals will seek equally sophisticated ways of laundering the proceeds from their activities. Some of the preferred and unusual methods include casinos, the use of cryptocurrencies, and virtual online gaming worlds.

    The Casino Gamble
    Last week, $15m from a recent hack was tracked back to a casino in the Philippines. This is nothing surprising, as casinos have always been a place criminals have tried to use for laundering money. According to the 2005 U.S. Treasury Money Laundering Threat Assessment, “As high-volume cash businesses, casinos are susceptible to money laundering.” The investigation of an $81 million SWIFT fraud against a Bangladesh Bank, which occurred earlier in the year, was traced to a number of players who deposited the funds in a Philippine casino. By court order, the Solaire Resort & Casino has returned the stolen funds to the rightful owner, the victimized bank.


    Cleaning Digital Money
    Unfortunately, criminals use a variety of technologies to transform stolen plunder into what appears to be legal money. Various cryptocurrencies and even online games are used. Bitcoin is a favorite by ransomware hackers because of the anonymity of account holders. While at the SecureWorld Bay Area conference, I listened to Kathryn Haun, of the U.S. Department of Justice (DOJ), discuss how criminals have used Bitcoin to hide assets and how her department has out maneuvered them in order to catch and prosecute them. She has a great story to tell. Some of the worst offenders were actual federal agents attempting to steal and commit fraud.

    In January, Dutch police arrested 10 men for laundering $22 million by using Bitcoin. Darkmarkets use cryptocurrencies as part of their transactions and the process can clean stolen money into other assets. There are also services offered in the underbelly of the Internet to which are specifically designed to ‘clean’ coins by mixing them together. The operator takes a commission or fee of course. Digital casinos which accept bitcoin are also popular, where money changes hands in the same manner as their brick-and-mortar counterparts.

    Law enforcement are constantly having to adapt to changes in the criminals tactics. The U.S. DOJ has successfully prosecutes several cases and recently Europol and Interpol began working together to combat Bitcoin money laundering.


    The Next Cryptocurrencies
    Bitcoin is famous the world over and offers anonymity to criminals who want to abuse the currency, but does not offer a high level of privacy as all transactions are public. So, everyone can see transactions that move currency from one account to another, but it is almost impossible to know who owns those accounts. Criminals looking to launder money would like both privacy and anonymity. Emerging, but lesser known, cryptocurrencies like ZCash, Monero, and Dash are designed to provide both anonymity and privacy for users. This significantly ups the game between criminals and law enforcement.

    Laundry in Virtual Gaming Worlds
    The popularity of online games has opened a new venue for criminals. At least as far back as 2013, games like Second Life and World of Warcraft were used to launder money online. By using the dirty money to purchase assets in game then sell them to other players on out-of-game markets, or transfer them externally via prepaid cards, cryptocurrency, or money exchanges, the criminals were able to clean their stolen loot. Crackdowns have occurred by both gaming companies and law enforcement, but the practice continues in different shapes and forms. Some games have very healthy virtual economies which allow for players to buy-in for greater in-game benefits. Purchasing in-game currency with stolen money then selling it at discounted prices on 3rd party markets and websites completes the cycle. This abuse is happening across many virtual games like GTA5, Fifa, and Minecraft as well as other popular titles. Real, virtual, and fantasy economies are all susceptible to misuse. As long as gaming world sustain healthy markets, they will be targeted by money launderers.


    The Core of the Criminal
    The one thing which has not changed is the motivation and creativity of the criminals. Greed and a desire for financial gain drives these money laundering activities. This is the weakness which law enforcement presses to exploit. Digital technology is yet another avenue to travel toward their goal. It is a tool which can provide anonymity, privacy, and ultimately used for good or malice. Cybercriminals are working hard to leverage it to serve them and launder stolen assets from their victims. Global law enforcement is working diligently to stem the tide. As we all are potential victims, the security of our digital assets hang in the balance.

    Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

    Read more about security from Mathew…

    Posted on

    Webinar: Improve Security For IoT Edge Devices With Custom SoCs

    Webinar: Improve Security For IoT Edge Devices With Custom SoCs
    by Daniel Nenni on 11-19-2016 at 7:00 am
    Categories: Arm, IoT, IP, Open-Silicon, Security

    The only thing hotter than IoT on SemiWiki.com right now is IoT Security. In 2016 we saw a record amount of reported cyber security breaches with compelling consequences (US Presidential Election) and that trend will continue. The most recent DDoS (distributed denial of service) attacks using botnets on insecure IoT devices however were a big wake-up call to semiconductor professionals around the world, absolutely.

    Coincidentally or not, trust and security were the underlying theme at ARM TechCon last month with a keynote by Jeep Hacker Charlie Miller on automotive security. The message from Simon Segars keynote that resonated with me the strongest is that security must start with silicon and must be “baked in at every level into the hardware” which brings us to the upcoming Open Silicon/ARM webinar that I am involved with:

    Improve Security For IoT Edge Devices With Custom SoCs


    Date: Tue, Dec. 13, 2016
    Time: 08:00 AM PST
    Duration: 60 mins

    This joint Open-Silicon and ARM® webinar, moderated by Daniel Nenni, CEO and founder of SemiWiki.com, will address the security issues associated with IoT edge devices and how to make them secure with custom SoCs. The key focus areas for security in IoT edge devices are secure boot, data security, tamper proofing and device authentication. Efficient security features are implemented with a combination of hardware and software. Features like root of trust with secure boot and tamper proofing with physical security are more efficient when implemented in hardware and IP by a turnkey ASIC vendor. Features like data security and device authentication are more efficiently implemented in software by OEMs leveraging purpose-built hardware.

    The advantages of hardware-implemented security features with custom SoCs include a significant improvement in acceleration time (ex: boot-up time), mitigation of potential tampering, and enabling a purpose-built device from a system point of view. The ARM TrustZone® CryptoCell family of security IPs provides hardware-based platform security for cost efficient implementation in custom SoCs, as well as a fast path to market. Open-Silicon’s custom SoC IoT platform, based on ARM’s Cortex-M and TrustZone® CryptoCell, enables OEMs to develop secure IoT edge devices with lower risk and shorter development time. This platform supports root of trust with secure boot and a secure over-the-air firmware/application upgrade.

    REGISTER HERE

    Here’s what you will learn

    • Why security is critical for IoT edge devices
    • Why edge devices built with custom SoCs improve security
    • About few reference designs for IoT edge device security applications
    • About the role of turnkey ASIC development and IP companies in designing secure IoT edge devices

    SPEAKER BIOGRAPHIES

    Yossi Weisblum
    Product Marketing Manager, System and Software Group
    ARM
    Yossi manages product marketing for ARM’s CryptoCell subsystem. He has an extensive background in product marketing across several platforms, including connectivity, wireless, multimedia and mobile. Prior to joining ARM in 2016, Yossi worked at Intel for over ten years, where he was instrumental in the development of the company’s wireless connectivity solutions.

    Kalpesh Sanghvi
    SoC and System Solutions Manager
    Open-Silicon
    Kalpesh has over a decade of professional experience in the semiconductor and embedded industry. He has in-depth knowledge of software development and bring-up for SoC/ASIC designs, and domain expertise in IoT, storage solutions, security solutions, networking and multimedia reference designs. Kalpesh is also experienced in ASIC design flows, pre-silicon and post-silicon bring-up and validation as well as prototyping solutions.

    REGISTER HERE

    It is a privilege to be involved with this type of event because webinars really are the next best thing to being there. Even though thousands of people like myself spent the better part of a week at ARM TechCon it was impossible to catch everything that needed to be caught so these follow-up webinars are important. Space is limited so be sure and register now. If for some reason you register and miss the live version a link to the replay will be sent to you automatically.

    We have some very knowledgeable security professionals blogging on SemiWiki now. You can read our security related blogs HERE.

    Posted on

    eSilicon Demonstrates Potent Memory IP Evaluation Platform

    eSilicon Demonstrates Potent Memory IP Evaluation Platform
    by Tom Simon on 11-18-2016 at 4:00 pm
    Categories: eSilicon, IP, Semiconductor Services

    With memories taking up in some cases over 50% of the area of many ASIC designs, their selection and implementation can affect everything from power and timing to the choice of packaging. As a result, the process of deciding among all the options for ASIC memories becomes time and energy intensive. Memory selection even affects first order design parameters such as foundry, node package, and process selection.

    With so much at stake, one would hope that the actual selection process would be as smooth and as informative as possible. After all, we live in an age where researching big ticket purchases such as cars and houses can be done right on your computer. Likewise, everything from music, movies, dishwashers, hotel accommodations and more can all be searched and explored online. If only a designer could have the same level of transparency and depth of information available online for the make-or-break memory IP in their ASIC’s.

    eSilicon recently hosted a webinar that shows how their STAR Navigator lets designers start with configuration requirements such as memory type and size, single port or dual port, BCAM or TCAM, etc., and compare them in detail. In this case detail means everything you would want to know.

    For each specific memory there is a data sheet, but that is just the beginning. For each memory selected (fab, node, flavor, type, size…) the characteristics of each are viewable and can be graphed for comparison. This allows side by side examination at various process corners. Plots are available using area, power, leakage, speed as axes. All selected modules are plotted concurrently. Rolling the mouse over the graph in the web interface shows the particulars of each specific instance. All the plot data can be downloaded for offline manipulation as well.

    Users of STAR Navigator also can open the full data sheet for the memory blocks they are interested in to view detailed timing and interface specifications. It’s easy to download the data to look at later offline. If fact, odds are that many different instances and options will need to be compared, so eSilicon STAR Navigator makes it easy to created tabular lists of all the instances you want to track and explore. In my view the usability looks well thought out and is very mature. We all remember the days of early airline, hotel and flight booking software that was hard to use. I was reminded of the best of the current generation of these when I watched the webinar.

    So, let’s suppose you find a memory that looks like it will meet project requirement. Naturally the next step would be to include the collaterals into the design flow. For this we need LEF, and Verilog, ATPG and other models. eSilicon enables direct download of these from the same interface. As a result design work moves right on ahead.

    We are all familiar with tire kicking and window shopping. In the case of cars, you pretty much still have to go down to the dealer and do lot of paperwork to drive away in your new car. Here is where eSilicon has a very unique idea. Once a company is set up on STAR Navigator, they can buy and download the instances needed. In the case where the cost of the instances exceeds the cost of the compiler for the same, the design team can get the compiler itself.

    This webinar is a no fluff view of how their system for configuring, selecting and buying memory IP works. I’d have to say that this system is well thought out and appears as though it would be useful to designers. Imagine spending less time struggling with finding out what memory options are available and instead being able to examine them with fine granularity immediately without back and forth emails and NDA’s. Indeed, there is even a “chat” feature in STAR Navigator to help people get questions answered in real time. If you want to see a replay of the webinar it is available on the eSilicon website.

    Read more articles by Tom Simon

    Posted on

    IoT Worms Could Spread Like Zombies

    IoT Worms Could Spread Like Zombies
    by Matthew Rosenquist on 11-18-2016 at 12:00 pm
    Categories: Arm, IoT, IP, Security

    AAEAAQAAAAAAAAlfAAAAJGJjZjlmZGUxLWJlZmYtNDY3ZS04MWRhLTA4YWVmYTg1OTJiNA

    Security researchers recently created a proof-of-concept attack against Internet connected lightbulbs, causing breached devices to reach out and infect their neighbors. Propagation continues and spreads itself across the community. This hack highlights the insecurity in one of many IoT network protocols.

    Researchers say the worm, which currently targets Phillips Hue lightbulbs, can set off a chain reaction that could compromise devices across entire cities. Right now, the hack only causes the insecure web-connected globes to flick on and off, but this is only a proof-of-concept to show foundational weaknesses. It is likely more advanced impacts and propagation may be able to be developed.

    Home Automation Networks
    The primary weakness is in the network by which the devices are connected. ZigBee, Thread, WeMo, and Z-wave were developed as home automation standards to allow IoT devices to communicate and be controlled. They have been around for years and complement more familiar WiFi and Bluetooth standards. In many cases these require a hub, which can connect a mix of different products communicating on two or more of these standards. These are popular in homes settings but have expanded over the years and can now be found in business environments.

    ZigBee and Z-Wave are the most widely used of the ZigBee/Thread/WeMo/Z-wave automation protocols. Z-Wave has more than 1500 products, totaling over 50 million devices in customer’s hands, and ZigBee has over 1000 products. Thread is the newest and unlike ZigBee/Z-Wave, is IP based, which has both plusses and minuses from a security perspective. The Thread protocol was driven by the needs of Google’s Nest Labs, Samsung Electronics, ARM, and others who wanted a smart-home networking protocol compatible with IPv6.



    Theoretical Attack
    The vulnerability research highlights the insecurity of such systems, especially in peer-to-peer or mesh mode. Such configurations can open the door to chain style attacks, like zombie infestations you see in movies. The worm that was created, spreads by jumping direction from one infected lamp to physically nearby neighbors using their ZigBee connectivity. As there is no validation between Philips hue globes, the attack is allowed to spread.

    Based upon percolation theory simulations to infect an entire city, researchers believe there is a tipping point where it would take at least 15,000 vulnerable devices to sustain the contagion to spread everywhere. Any less, they suspect the infection would remain compartmentalized to just certain areas and not infect the entire city. Estimates vary, but the total number of global IoT devices may exceed 30 billion by 2020. Many of these will be connected to home automation networks.

    Key Points:

    • This is a proof-of-concept attack, not yet seen in the wild. It does highlight the risks that entire networks of devices may be compromised and even worse, configured to infect each other.
    • A real-world attack could range from amusing flashing lights to moderately inconvenient and costly incidents where devices must be recovered and safety may be put at risk. Impacts will be based upon the types of devices deployed and how they are used. Household convenience devices are less important than those in an emergency room or illuminating a busy intersection.
    • The vulnerability research is a motivator for standards bodies to take action in hardening these standards. Future versions, with improved security, may not be backwards compatible in all cases and residual devices would remain susceptible to attack.
    • These standards do use some encryption and authentication controls is in place, but as the research has proven, these can be undermined.
    • Such attacks are a fear of SmartCity developers, most of which have known this could happen but the long-term security is still uncertain.

    The importance of IoT security is currently a hotly debated topic and these additional weaknesses adds to the overall concerns. I expect additional vulnerability research and eventually attacks in the real-world to pursue these aspects of insecure IoT network protocols. Discussions will fuel more scrutiny and the development of better design and security practices as the future of devices will be in control of more facets of our personal lives and business functions.

    Also Read: New IoT Botnets Emerge

    Interested in more? Follow me on Twitter (@Matt_Rosenquist), Steemit, and LinkedIn to hear insights and what is going on in cybersecurity.

    Read more about security from Mathew…

    Posted on

    #IoT: Internet of Tomatoes

    #IoT: Internet of Tomatoes
    by Diya Soubra on 11-18-2016 at 7:00 am
    Categories: IoT

    In a previous post we looked at how we are going to scale #IoT deployments. The conclusion was that we needed the notions of trust and privacy to be in place for that to happen. In a follow up post, we looked at using a middle man to provider a broker platform that would mediate transactions between server side service applications and nodes in the field. While this seems to be a standard approach that has worked in the past for many markets, it does not seem to be catching on in #IoT for unknown reasons so far. Hence the need to look at fresh ideas to drive this horizontal exponential growth in #IoT deployment.

    Looking at movement in the market, we see that there has been a huge growth in the acceptance of blockchain technology in the financial community. Regardless of which digital currency is used for the transactions, be it bitcoin or IoTcoin, the underlying technology seems to be perfectly suited for private and trusted #IoT transactions.

    Privacy
    Nodes conducting transactions using blockchain can choose to expose only specific information regarding the node and the owner of the node. It is not necessary as in the broker model to perform full disclosure during the registration phase before being allowed to transact. Nodes can even expose different information for different transactions.

    Security
    By design, security is one of the main factors on which blockchains are built using strong encryption, chains of transaction blocks and temporal transaction tracking. The details of how this works are exciting and are to be found in many postings on the web these days.

    Trust
    Any write up of blockchain will include a big section on how the technology enables trusted transactions between untrusted parties. How digital contracts are secured and enforced online in the electronic ledger to remove friction from doing business.

    Micro-payments
    In the case of bitcoin, the coin is divisible to eight decimal places which is ideal for doing micro-payments to nodes where it is expected that a sensor reading to be sold for a thousands of a cent. If a new IoTcoin is introduced then for sure it will also use the same scheme to allow such small payments. Such a transaction is now possible since we are talking about a digital, peer to peer secure transaction with no broker, no fees, and no friction. Such payments open the door for giving people back the ownership of their data since there would be a means to charge for it before releasing it to multiple entities.

    I strongly recommend that you read this book or for that matter any other book on blockchain technology while keeping in mind how it applies to #IoT.

    So there we have it! No broker, no fees, no friction. A beautiful way to proceed with secure micro-payment transactions in a private and trusted fashion directly with any smart and connected node. Best of all, the scheme is based on an industry standard which is what everyone has been asking for.

    Always interested to hear your comments about the subject but please do not try to convince me that #IoT is still hype.

    Also Read: #IoT Big Data is worthless!