Bronco Webinar 800x100 1
Semiconductor Expert Forum

Posted on

Where hackers take their money – Casinos, Cryptocurrency, and Virtual Worlds

Where hackers take their money – Casinos, Cryptocurrency, and Virtual Worlds
by Matthew Rosenquist on 11-20-2016 at 7:00 am
Categories: Security

AAEAAQAAAAAAAAgsAAAAJDUxODdlYTRlLTViMDUtNGY0OC05NDY0LTgxNWQ2ZThmMDlmMw

Cybercrime is reaching epidemic levels. Some estimates predict global annual cybercrime costs will reach $6 trillion by 2021. This includes the costs of security as well as the losses from thefts and fraud from successful attacks. Criminals are finding themselves in a position of having gained electronic assets but need to transform ‘dirty’ money into respectable ‘clean’ assets. This is the process of money-laundering. The United Nations Office on Drugs and Crime estimates nearly 2-5% of global GDP (approximately $800 billion-$2 trillion in US dollars) is laundered each year.

In many cases, technology savvy criminals will seek equally sophisticated ways of laundering the proceeds from their activities. Some of the preferred and unusual methods include casinos, the use of cryptocurrencies, and virtual online gaming worlds.

The Casino Gamble
Last week, $15m from a recent hack was tracked back to a casino in the Philippines. This is nothing surprising, as casinos have always been a place criminals have tried to use for laundering money. According to the 2005 U.S. Treasury Money Laundering Threat Assessment, “As high-volume cash businesses, casinos are susceptible to money laundering.” The investigation of an $81 million SWIFT fraud against a Bangladesh Bank, which occurred earlier in the year, was traced to a number of players who deposited the funds in a Philippine casino. By court order, the Solaire Resort & Casino has returned the stolen funds to the rightful owner, the victimized bank.


Cleaning Digital Money
Unfortunately, criminals use a variety of technologies to transform stolen plunder into what appears to be legal money. Various cryptocurrencies and even online games are used. Bitcoin is a favorite by ransomware hackers because of the anonymity of account holders. While at the SecureWorld Bay Area conference, I listened to Kathryn Haun, of the U.S. Department of Justice (DOJ), discuss how criminals have used Bitcoin to hide assets and how her department has out maneuvered them in order to catch and prosecute them. She has a great story to tell. Some of the worst offenders were actual federal agents attempting to steal and commit fraud.

In January, Dutch police arrested 10 men for laundering $22 million by using Bitcoin. Darkmarkets use cryptocurrencies as part of their transactions and the process can clean stolen money into other assets. There are also services offered in the underbelly of the Internet to which are specifically designed to ‘clean’ coins by mixing them together. The operator takes a commission or fee of course. Digital casinos which accept bitcoin are also popular, where money changes hands in the same manner as their brick-and-mortar counterparts.

Law enforcement are constantly having to adapt to changes in the criminals tactics. The U.S. DOJ has successfully prosecutes several cases and recently Europol and Interpol began working together to combat Bitcoin money laundering.


The Next Cryptocurrencies
Bitcoin is famous the world over and offers anonymity to criminals who want to abuse the currency, but does not offer a high level of privacy as all transactions are public. So, everyone can see transactions that move currency from one account to another, but it is almost impossible to know who owns those accounts. Criminals looking to launder money would like both privacy and anonymity. Emerging, but lesser known, cryptocurrencies like ZCash, Monero, and Dash are designed to provide both anonymity and privacy for users. This significantly ups the game between criminals and law enforcement.

Laundry in Virtual Gaming Worlds
The popularity of online games has opened a new venue for criminals. At least as far back as 2013, games like Second Life and World of Warcraft were used to launder money online. By using the dirty money to purchase assets in game then sell them to other players on out-of-game markets, or transfer them externally via prepaid cards, cryptocurrency, or money exchanges, the criminals were able to clean their stolen loot. Crackdowns have occurred by both gaming companies and law enforcement, but the practice continues in different shapes and forms. Some games have very healthy virtual economies which allow for players to buy-in for greater in-game benefits. Purchasing in-game currency with stolen money then selling it at discounted prices on 3rd party markets and websites completes the cycle. This abuse is happening across many virtual games like GTA5, Fifa, and Minecraft as well as other popular titles. Real, virtual, and fantasy economies are all susceptible to misuse. As long as gaming world sustain healthy markets, they will be targeted by money launderers.


The Core of the Criminal
The one thing which has not changed is the motivation and creativity of the criminals. Greed and a desire for financial gain drives these money laundering activities. This is the weakness which law enforcement presses to exploit. Digital technology is yet another avenue to travel toward their goal. It is a tool which can provide anonymity, privacy, and ultimately used for good or malice. Cybercriminals are working hard to leverage it to serve them and launder stolen assets from their victims. Global law enforcement is working diligently to stem the tide. As we all are potential victims, the security of our digital assets hang in the balance.

Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Read more about security from Mathew…

Posted on

Webinar: Improve Security For IoT Edge Devices With Custom SoCs

Webinar: Improve Security For IoT Edge Devices With Custom SoCs
by Daniel Nenni on 11-19-2016 at 7:00 am
Categories: Arm, IoT, IP, Open-Silicon, Security

The only thing hotter than IoT on SemiWiki.com right now is IoT Security. In 2016 we saw a record amount of reported cyber security breaches with compelling consequences (US Presidential Election) and that trend will continue. The most recent DDoS (distributed denial of service) attacks using botnets on insecure IoT devices however were a big wake-up call to semiconductor professionals around the world, absolutely.

Coincidentally or not, trust and security were the underlying theme at ARM TechCon last month with a keynote by Jeep Hacker Charlie Miller on automotive security. The message from Simon Segars keynote that resonated with me the strongest is that security must start with silicon and must be “baked in at every level into the hardware” which brings us to the upcoming Open Silicon/ARM webinar that I am involved with:

Improve Security For IoT Edge Devices With Custom SoCs


Date: Tue, Dec. 13, 2016
Time: 08:00 AM PST
Duration: 60 mins

This joint Open-Silicon and ARM® webinar, moderated by Daniel Nenni, CEO and founder of SemiWiki.com, will address the security issues associated with IoT edge devices and how to make them secure with custom SoCs. The key focus areas for security in IoT edge devices are secure boot, data security, tamper proofing and device authentication. Efficient security features are implemented with a combination of hardware and software. Features like root of trust with secure boot and tamper proofing with physical security are more efficient when implemented in hardware and IP by a turnkey ASIC vendor. Features like data security and device authentication are more efficiently implemented in software by OEMs leveraging purpose-built hardware.

The advantages of hardware-implemented security features with custom SoCs include a significant improvement in acceleration time (ex: boot-up time), mitigation of potential tampering, and enabling a purpose-built device from a system point of view. The ARM TrustZone® CryptoCell family of security IPs provides hardware-based platform security for cost efficient implementation in custom SoCs, as well as a fast path to market. Open-Silicon’s custom SoC IoT platform, based on ARM’s Cortex-M and TrustZone® CryptoCell, enables OEMs to develop secure IoT edge devices with lower risk and shorter development time. This platform supports root of trust with secure boot and a secure over-the-air firmware/application upgrade.

REGISTER HERE

Here’s what you will learn

  • Why security is critical for IoT edge devices
  • Why edge devices built with custom SoCs improve security
  • About few reference designs for IoT edge device security applications
  • About the role of turnkey ASIC development and IP companies in designing secure IoT edge devices

SPEAKER BIOGRAPHIES

Yossi Weisblum
Product Marketing Manager, System and Software Group
ARM
Yossi manages product marketing for ARM’s CryptoCell subsystem. He has an extensive background in product marketing across several platforms, including connectivity, wireless, multimedia and mobile. Prior to joining ARM in 2016, Yossi worked at Intel for over ten years, where he was instrumental in the development of the company’s wireless connectivity solutions.

Kalpesh Sanghvi
SoC and System Solutions Manager
Open-Silicon
Kalpesh has over a decade of professional experience in the semiconductor and embedded industry. He has in-depth knowledge of software development and bring-up for SoC/ASIC designs, and domain expertise in IoT, storage solutions, security solutions, networking and multimedia reference designs. Kalpesh is also experienced in ASIC design flows, pre-silicon and post-silicon bring-up and validation as well as prototyping solutions.

REGISTER HERE

It is a privilege to be involved with this type of event because webinars really are the next best thing to being there. Even though thousands of people like myself spent the better part of a week at ARM TechCon it was impossible to catch everything that needed to be caught so these follow-up webinars are important. Space is limited so be sure and register now. If for some reason you register and miss the live version a link to the replay will be sent to you automatically.

We have some very knowledgeable security professionals blogging on SemiWiki now. You can read our security related blogs HERE.

Posted on

eSilicon Demonstrates Potent Memory IP Evaluation Platform

eSilicon Demonstrates Potent Memory IP Evaluation Platform
by Tom Simon on 11-18-2016 at 4:00 pm
Categories: eSilicon, IP, Semiconductor Services

With memories taking up in some cases over 50% of the area of many ASIC designs, their selection and implementation can affect everything from power and timing to the choice of packaging. As a result, the process of deciding among all the options for ASIC memories becomes time and energy intensive. Memory selection even affects first order design parameters such as foundry, node package, and process selection.

With so much at stake, one would hope that the actual selection process would be as smooth and as informative as possible. After all, we live in an age where researching big ticket purchases such as cars and houses can be done right on your computer. Likewise, everything from music, movies, dishwashers, hotel accommodations and more can all be searched and explored online. If only a designer could have the same level of transparency and depth of information available online for the make-or-break memory IP in their ASIC’s.

eSilicon recently hosted a webinar that shows how their STAR Navigator lets designers start with configuration requirements such as memory type and size, single port or dual port, BCAM or TCAM, etc., and compare them in detail. In this case detail means everything you would want to know.

For each specific memory there is a data sheet, but that is just the beginning. For each memory selected (fab, node, flavor, type, size…) the characteristics of each are viewable and can be graphed for comparison. This allows side by side examination at various process corners. Plots are available using area, power, leakage, speed as axes. All selected modules are plotted concurrently. Rolling the mouse over the graph in the web interface shows the particulars of each specific instance. All the plot data can be downloaded for offline manipulation as well.

Users of STAR Navigator also can open the full data sheet for the memory blocks they are interested in to view detailed timing and interface specifications. It’s easy to download the data to look at later offline. If fact, odds are that many different instances and options will need to be compared, so eSilicon STAR Navigator makes it easy to created tabular lists of all the instances you want to track and explore. In my view the usability looks well thought out and is very mature. We all remember the days of early airline, hotel and flight booking software that was hard to use. I was reminded of the best of the current generation of these when I watched the webinar.

So, let’s suppose you find a memory that looks like it will meet project requirement. Naturally the next step would be to include the collaterals into the design flow. For this we need LEF, and Verilog, ATPG and other models. eSilicon enables direct download of these from the same interface. As a result design work moves right on ahead.

We are all familiar with tire kicking and window shopping. In the case of cars, you pretty much still have to go down to the dealer and do lot of paperwork to drive away in your new car. Here is where eSilicon has a very unique idea. Once a company is set up on STAR Navigator, they can buy and download the instances needed. In the case where the cost of the instances exceeds the cost of the compiler for the same, the design team can get the compiler itself.

This webinar is a no fluff view of how their system for configuring, selecting and buying memory IP works. I’d have to say that this system is well thought out and appears as though it would be useful to designers. Imagine spending less time struggling with finding out what memory options are available and instead being able to examine them with fine granularity immediately without back and forth emails and NDA’s. Indeed, there is even a “chat” feature in STAR Navigator to help people get questions answered in real time. If you want to see a replay of the webinar it is available on the eSilicon website.

Read more articles by Tom Simon

Posted on

IoT Worms Could Spread Like Zombies

IoT Worms Could Spread Like Zombies
by Matthew Rosenquist on 11-18-2016 at 12:00 pm
Categories: Arm, IoT, IP, Security

AAEAAQAAAAAAAAlfAAAAJGJjZjlmZGUxLWJlZmYtNDY3ZS04MWRhLTA4YWVmYTg1OTJiNA

Security researchers recently created a proof-of-concept attack against Internet connected lightbulbs, causing breached devices to reach out and infect their neighbors. Propagation continues and spreads itself across the community. This hack highlights the insecurity in one of many IoT network protocols.

Researchers say the worm, which currently targets Phillips Hue lightbulbs, can set off a chain reaction that could compromise devices across entire cities. Right now, the hack only causes the insecure web-connected globes to flick on and off, but this is only a proof-of-concept to show foundational weaknesses. It is likely more advanced impacts and propagation may be able to be developed.

Home Automation Networks
The primary weakness is in the network by which the devices are connected. ZigBee, Thread, WeMo, and Z-wave were developed as home automation standards to allow IoT devices to communicate and be controlled. They have been around for years and complement more familiar WiFi and Bluetooth standards. In many cases these require a hub, which can connect a mix of different products communicating on two or more of these standards. These are popular in homes settings but have expanded over the years and can now be found in business environments.

ZigBee and Z-Wave are the most widely used of the ZigBee/Thread/WeMo/Z-wave automation protocols. Z-Wave has more than 1500 products, totaling over 50 million devices in customer’s hands, and ZigBee has over 1000 products. Thread is the newest and unlike ZigBee/Z-Wave, is IP based, which has both plusses and minuses from a security perspective. The Thread protocol was driven by the needs of Google’s Nest Labs, Samsung Electronics, ARM, and others who wanted a smart-home networking protocol compatible with IPv6.



Theoretical Attack
The vulnerability research highlights the insecurity of such systems, especially in peer-to-peer or mesh mode. Such configurations can open the door to chain style attacks, like zombie infestations you see in movies. The worm that was created, spreads by jumping direction from one infected lamp to physically nearby neighbors using their ZigBee connectivity. As there is no validation between Philips hue globes, the attack is allowed to spread.

Based upon percolation theory simulations to infect an entire city, researchers believe there is a tipping point where it would take at least 15,000 vulnerable devices to sustain the contagion to spread everywhere. Any less, they suspect the infection would remain compartmentalized to just certain areas and not infect the entire city. Estimates vary, but the total number of global IoT devices may exceed 30 billion by 2020. Many of these will be connected to home automation networks.

Key Points:

  • This is a proof-of-concept attack, not yet seen in the wild. It does highlight the risks that entire networks of devices may be compromised and even worse, configured to infect each other.
  • A real-world attack could range from amusing flashing lights to moderately inconvenient and costly incidents where devices must be recovered and safety may be put at risk. Impacts will be based upon the types of devices deployed and how they are used. Household convenience devices are less important than those in an emergency room or illuminating a busy intersection.
  • The vulnerability research is a motivator for standards bodies to take action in hardening these standards. Future versions, with improved security, may not be backwards compatible in all cases and residual devices would remain susceptible to attack.
  • These standards do use some encryption and authentication controls is in place, but as the research has proven, these can be undermined.
  • Such attacks are a fear of SmartCity developers, most of which have known this could happen but the long-term security is still uncertain.

The importance of IoT security is currently a hotly debated topic and these additional weaknesses adds to the overall concerns. I expect additional vulnerability research and eventually attacks in the real-world to pursue these aspects of insecure IoT network protocols. Discussions will fuel more scrutiny and the development of better design and security practices as the future of devices will be in control of more facets of our personal lives and business functions.

Also Read: New IoT Botnets Emerge

Interested in more? Follow me on Twitter (@Matt_Rosenquist), Steemit, and LinkedIn to hear insights and what is going on in cybersecurity.

Read more about security from Mathew…

Posted on

#IoT: Internet of Tomatoes

#IoT: Internet of Tomatoes
by Diya Soubra on 11-18-2016 at 7:00 am
Categories: IoT

In a previous post we looked at how we are going to scale #IoT deployments. The conclusion was that we needed the notions of trust and privacy to be in place for that to happen. In a follow up post, we looked at using a middle man to provider a broker platform that would mediate transactions between server side service applications and nodes in the field. While this seems to be a standard approach that has worked in the past for many markets, it does not seem to be catching on in #IoT for unknown reasons so far. Hence the need to look at fresh ideas to drive this horizontal exponential growth in #IoT deployment.

Looking at movement in the market, we see that there has been a huge growth in the acceptance of blockchain technology in the financial community. Regardless of which digital currency is used for the transactions, be it bitcoin or IoTcoin, the underlying technology seems to be perfectly suited for private and trusted #IoT transactions.

Privacy
Nodes conducting transactions using blockchain can choose to expose only specific information regarding the node and the owner of the node. It is not necessary as in the broker model to perform full disclosure during the registration phase before being allowed to transact. Nodes can even expose different information for different transactions.

Security
By design, security is one of the main factors on which blockchains are built using strong encryption, chains of transaction blocks and temporal transaction tracking. The details of how this works are exciting and are to be found in many postings on the web these days.

Trust
Any write up of blockchain will include a big section on how the technology enables trusted transactions between untrusted parties. How digital contracts are secured and enforced online in the electronic ledger to remove friction from doing business.

Micro-payments
In the case of bitcoin, the coin is divisible to eight decimal places which is ideal for doing micro-payments to nodes where it is expected that a sensor reading to be sold for a thousands of a cent. If a new IoTcoin is introduced then for sure it will also use the same scheme to allow such small payments. Such a transaction is now possible since we are talking about a digital, peer to peer secure transaction with no broker, no fees, and no friction. Such payments open the door for giving people back the ownership of their data since there would be a means to charge for it before releasing it to multiple entities.

I strongly recommend that you read this book or for that matter any other book on blockchain technology while keeping in mind how it applies to #IoT.

So there we have it! No broker, no fees, no friction. A beautiful way to proceed with secure micro-payment transactions in a private and trusted fashion directly with any smart and connected node. Best of all, the scheme is based on an industry standard which is what everyone has been asking for.

Always interested to hear your comments about the subject but please do not try to convince me that #IoT is still hype.

Also Read: #IoT Big Data is worthless!

Posted on

Ford Motors Discusses Future Mobility Trends at Synopsys Seminar

Ford Motors Discusses Future Mobility Trends at Synopsys Seminar
by Tom Simon on 11-17-2016 at 4:00 pm
Categories: Automotive, EDA, Synopsys

Five or ten years ago it would have been hard to imagine someone from Ford Motors giving the keynote at a technology summit at a major EDA company like Synopsys. However, on November 2[SUP]nd[/SUP], Synopsys hosted a seminar on the topic of Automotive Architecture Design and System Testing, and Ford Technical Fellow Jim Buczkowski delivered the keynote. The other somewhat ironic side of this is that I did not drive my car to the event, preferring instead to ride light rail. Yes, traffic is that bad. We are all waiting for our autonomous cars.

What Jim had to talk about was pretty interesting. Actually the entire daylong event was captivating. Starting off with Ford first, he talked about how the Ford office in Palo Alto helps to create a culture of innovation that drives development in Dearborn. The areas he identified as relevant to the day’s topic were ADAS, powertrain, chassis and safety. Ford has created an internal initiative called One Ford to focus on their future success. The thrust of this initiative may surprise you.

Ford see four big changes in society as things that define how they need to respond as a business. The first one is urbanization. Today there are 28 mega cities with populations of over 10 million people. By 2030 it is projected that there will be 41 mega cities. These cities suffer from gridlock, which will only grow worse. It is estimated that in Paris 20% of the cars driving on the streets are looking for parking. The number of cars on the roads will overwhelm the infrastructure to support them. What’s more is that 22% of greenhouse gases come from transport, with 75% of that due to cars.

The second trend Ford sees is the growth of the global middle class. Of course the age old goal of the middle class is to own a car and their own home. We can update that goal now to include a smartphone. The phone may actually come first on the list. As we already know the phone will play a major role in transportation services.

The third big change almost goes without saying – air quality. This is an issue of increasing concern around the world. The last change is shifting consumer attitudes. Ford sees the importance of fitting into these new attitudes – and this goes beyond just providing transportation vehicles.

Generations of Americans and others around the world have seen the car as a symbol of much sought after freedom. However, due to the trends cited above, Ford now sees freedom as manifesting in the broader moniker of mobility. This is where silicon comes in – it is the enabler for giving people mobility. It is used in all forms of mobility and it is used in the information systems that will improve its efficiency and access.

So what is Ford doing to implement this strategy? If mobility is not just cars, then what is it? I was surprised to see that Ford has invested in a dynamic shuttle service called Chariot in San Francisco. It happens that Chariot was using Ford vehicles, but the main point is that Ford sees this kind of business as key to fulfilling the mobility initiative. Add to this the surprising investments in Ford GoBike and GoDrive.

Jim was quite frank during in keynote in stating that buying a car is a compromise. There are times when you want to carry cargo, and other times when you just want to transport yourself. Sometimes you want to go on the highway, or in snow, other times you just need to go 2 miles from your house to shop or to go to work. Ford sees the solution to this dilemma in the form of car sharing, fractional ownership or pay as you go. If you think about it, cars are extremely underutilized. They spend most of their lives idle in your driveway or in a parking spot.

OK, so let’s talk about where electronics comes into the picture. Jim pointed out that the design activity in cars has moved from pure mechanical and electromechanical to an era where electronics and electronic controls are enabling nearly every important vehicle system. However automotive products are situated in a very interesting position between consumer products and things like aircraft.

With a phone, it might be tolerable if some part is not working properly, but with cars – just as with airplanes – it needs to “just work.” Consumer products have high volumes and can defray development costs over large numbers of units. Airplanes are low volume and very expensive. Cars must thread the needle to find an acceptable balance with their moderate volumes, and pricing that works for automobile buyers. More so than phones, autos have regulatory requirements, but not as severe as those for aircraft.

The end goal for cars is autonomous vehicles. We are seeing cars with Level 1 and Level 2 automation. Level 1 is driver assistance, and level 2 is partial automation – like the Teslas being produced today. Though, there is some gray area regarding whether the current Tesla autopilot is Level 2 or 3. Ford feels strongly that any system that requires the driver to hand off and regain control can create ambiguity and therefore is more dangerous. Ford is skipping Level 3 and committed to having Level 4 by 2021.

Connectivity is the watchword for Ford. The car becomes another device connected to the internet. For their navigation system they will use map data as a primary data source and then overlay camera and sensor data to ascertain actual driving conditions. What this says is that they will not rely on sensor data as primary input for route decisions. Ford feels that there is still a lot of work to be done to ensure the high reliability internet connections for autos, especially at highway speeds.

They will be taking a cue from Silicon Valley in leveraging existing infrastructure as much as possible. Automobile data systems need to be secure, they want seamless cloud integration and they are looking for closer than ever cooperation with their technology partners. They see newly developed and existing standards, like ISO26262, as critical components.

The rest of the day was a deep dive into technologies that are enabling development of automotive IC’s and systems in the areas of engine control, autonomous vehicles, safety and infotainment.

One of the big takeaways was that it is now possible to perform virtual testing of all the above systems. No longer is it necessary to hook up real hardware to test system functionality and performance. Synopsys provides tools that can be used for virtual prototyping of automotive systems. This can shorten overall development time, especially when there is hardware and software co-design. The software development can occur much sooner in the process. Also during debug, the virtual prototype can assist by providing full transparency into system state to accelerate the process of resolving issues.

Car companies are broadening their nets – witness Ford’s newer emphasis on Mobility – which will necessitate reliance on a broad selection of electronics, from power devices to advanced GPU’s. These will be integrated into complex systems to deliver what once would have been considered science fiction levels of services. The inevitable result is that car companies, their suppliers, and even the suppliers to their suppliers all need to embrace new and challenging technologies. The next 5 years will deliver some pretty amazing stuff.

For more information on the Synopsys portfolio of automotive-specific IC design tools, IP and software development tools, like those being used by the Seminar presenters, please look at the Synopsys website.

Read more SemiWiki automotive blogs here……..

Read more articles by Tom Simon here…..

Posted on

IC Design Management: Build or Buy?

IC Design Management: Build or Buy?
by Daniel Payne on 11-17-2016 at 12:00 pm
Categories: EDA, Perforce

When I first started doing circuit design with Intel at the transistor level back in the late 1970’s we had exactly two EDA tools at our disposal: an internally developed SPICE circuit simulator, and a commercial IC layout system. Over the years at Intel the internal CAD group added many more automation tools: gate level simulator, cycle based simulator, DRC, LVS, PLA generator, schematic capture, IC layout. The point is that many IC and SoC companies have internal CAD groups that are tasked with creating tools to make the design and management of IP easier for the design groups. From a management perspective someone has to be asking the question, “Should we develop this automation ourselves, or just use something off the shelf that is commercially supported?”

Focusing on the area of IC design management (DM) our semiconductor industry has often coded their own version control systems that made a lot of sense at the time the need was identified. A common architecture to start with for data management uses a single server per project as shown below:

There are some limitations when using a server per project for design management, like:

  • Difficult to share or re-use semiconductor IP across projects
  • Little scaling
  • Limited performance

A more modern approach to DM tools is to re-use existing version control software, have a centralized architecture, and scale across an entire organization. Here’s a picture of this architecture:

Some of the immediate benefits of this centralized approach is how easy it is to share IP and updates across the entire company.

OK, so the modern approach looks better than the server per project idea, so which commercial DM tool should I even consider? Well, first consider selecting a vendor that gives you a choice in file versioning system instead of locking you into a proprietary file versioning system. The idea is that you can choose a commercial file versioning system that has the best scalability and reliability to handle your biggest SoC designs easily. Proprietary version control systems don’t scale well to support the giga-size volumes that modern SoCs demand.

Being able to easily share all of the semiconductor IP within your company to all projects is a big plus with the centralized server architecture, because there are no more silos of data to stitch together. With a Platform Based Design methodology each of your project teams can get quick access to the most updated version of IP and support files, then get alerts when there’s been any updates. With a Single Source of Truth your company is going to spend less time on IT and support costs.

Here’s a summary of what you should be looking for in a modern, IP management system:

[LIST=1]

  • Scalability, reliability, supporting 10,000+ users and projects at once
  • Quick access to remote users
  • Minimize network traffic and disk space
  • Track all IP, release management, workspace contents, versioning, bug tracking
  • Identify each IP developed, capabilities, and build workspaces per IP specifications
  • Report the quality status of IP, bugs, versions, retirement status
  • Usable within design tools, command line, or browser
  • Support traceable export control

    That’s quite the list of IP management requirements and one EDA vendor that meets this list is Methodics. Engineers at Methodics have created ProjectIC that enables IP centric Platform Based Design using the concept of Single Source of Truth by handling all of your IC project:

    • Design Files
    • Permissions
    • Hierarchy
    • IP Versions
    • Bug Tracking
    • Labels and Custom Fields
    • Release Management
    • Hooks
    • IP Usage Tracking
    • Workspace Tracking

    The technology to enable file sharing while reducing the size and network bandwidth by up to 90% is called Warpstor, and it’s going to come in handy when your SoC workspace exceed 100GB. Best of all Warpstor is invisible to design engineers.

    One of the best file versioning systems around is Perforce Helix because it has server technology that supports tens of thousands of users.

    Cadence IC design users will be right at home with Methodics because the VersIC design tool integrates ProjectIC and Perforce into their familiar user interface.

    Summary
    Now that you know a bit more about DM from Methodics with their Single Source of Truth, you get to compare that versus any internal or proprietary system in use now. Many design groups opt for a commercial tool because of the features, performance, reliability and integration. Read the full White Paperon this topic.

    Related blog – Requirements Management and IP Management Working Together

    Related blog – 5 Reasons Why Platform Based Design Can Help Your Next SoC

    • Posted on

    Ada in the IoT?

    Ada in the IoT?
    by Bernard Murphy on 11-17-2016 at 7:00 am
    Categories: IoT

    For the great majority (I assume) of my audience, if you think about Ada at all, you probably think about military and aerospace applications. Using Ada in the IoT might seem like overkill – cumbersome, over-powered and entirely unnecessary. Or so I thought until I talked to Quentin Ochem of Adacore at ARM TechCon.

    For those of you unfamiliar with Ada, I’ll start with a quick summary. The language was developed under a US Department of Defense contract with the objective of ensuring intrinsically high quality by construction. This would be achieved, to the greatest extent possible, be ensuring errors would be found in the compiler rather than at run-time. The language was named after Ada, Countess Lovelace, the only legitimate child of Lord Byron and famous for developing the first algorithm to be run on a machine. Closer to home, VHDL was founded in large part on Ada syntax, thanks to another US DoD contract which wanted to maximize overlap of this hardware language with the software language.

    As you might expect, Ada products from Adacore have been used in spacecraft, aircraft and military programs. But they have also been selected for hospital IS management, financial systems, grid management, railway control and air traffic management systems. They are also being used in a Toyota research program in Japan, together with Adacore’s Spark formal verification software, to develop a vehicle (car, truck, etc) component implementation that can be proven to be free of run-time errors. These are all programs that come closer to our day-to-day lives, yet all require very high assurances of safety, and increasingly security. And since many of these applications are either mobile or remote, they clearly impact IoT implementations, whether at the edge or in the cloud.

    Of course one concern might be that Ada run-time libraries would be too heavy to be used at the edge. But Quentin told me they have already ported to an AVR 8-bit controller with 256KB memory, so that shouldn’t be a concern. Another might be lack of a pool of trained software engineers. Quentin said this is more an issue of commitment than difficulty. In their experience, good C/C++ developers can get up and running with Ada in a week. Presumably it takes longer for them to become fully proficient, though perhaps no more so than in switching from C++ to Python. (And yes, Ada now supports object-oriented programming if you were wondering.) Another concern would be interoperability with legacy software (who can afford to rewrite everything in Ada?). This apparently isn’t a problem – bindings are provided to interface with C, C++, Java and Python, among other languages. You only have to consider Ada for the bits you feel are safety-critical.

    One very interesting tool in the Adacore product lineup is Spark, a formal prover for Ada code. Formal proving started for software but has been commercially much less successful that its cousin in hardware-proving, perhaps in part because of the loose structure of common programming languages. As a tightly constrained language Ada software-proving is apparently more tractable (though presumably you still need to bound the scope of code in which you are aiming to prove properties). This should further enhance the appeal of Adacore in safety-critical applications. By way of example there is an interesting blog on rewriting part of the control software for a drone in Ada, to make the device less prone to crashes. Safety-proving in this project was accomplished using Spark.

    As we move (asymptotically) closer to IoT hardware aiming for safety and security by construction, questions about why we can’t do the same for the software running on that hardware are likely to become more urgent. Perhaps Ada’s day in the commercial sun is dawning. You can learn more about Ada and Adacore HERE.

    More articles by Bernard…

    Posted on

    FPGAs allow customization of SEU mitigation

    FPGAs allow customization of SEU mitigation
    by Don Dingee on 11-16-2016 at 4:00 pm
    Categories: Automotive, EDA, FPGA, Synopsys

    Teams working on avionics, space-based electronics, weapons delivery systems, nuclear generating plants, medical imaging equipment, and other applications where radiation leads to single-event upsets (SEU) are already sensitive to functional safety requirements. What about automotive applications?

    With electronic content in cars booming, complexity rising to support advanced algorithms, and semiconductor geometries shrinking, the potential for SEU errors is growing. The idea that SEUs don’t apply to terrestrial applications is completely outdated – almost any application using the latest chip technology needs a mitigation strategy. SEUs are also a function of how much atmosphere is between the chip and the sun. A chip seated in the Purple Row of Coors Field at just 5280 feet is four times more likely to experience an SEU than the same device at sea level. That same chip driven into nearby Rocky Mountain National Park with road surfaces over 11,000 feet becomes eight times more susceptible.


    To solve several problems, many automotive designers are turning to FPGAs. One motivation is ISO 26262 and requirements traceability. Rather than relying on a merchant ASIC with indeterminate steps implemented, an FPGA can be completely customized to support both functional requirements and ISO 26262 requirements.

    FPGAs also give designers another customization capability: tuning redundancy and mitigation techniques to handle the possibility of SEU errors. Mitigation steps are important because an error can propagate through an entire chip, and indeed throughout the entire car, very quickly. Detecting and correcting errors close to the source is key to maintaining safe operation.

    The question is not if you’re going to get SEU errors – the question is, what will you do about it?

    One approach would be just to implement everything in triplicate, and use voting to resolve outcomes. The likelihood that SEUs hit two legs of a triplicated circuit at the same exact time is slim. However, just tripling the real estate for an FPGA design may drive an implementation that fits over the edge. A more realistic approach uses redundancy more efficiently. This also factors in when considering ISO 26262 and realizing different subsystems have different levels of functional safety requirements.

    Different FPGA constructs also have different redundancy needs. Finite state machines (FSMs) may use Hamming-3 codes, and safe FSMs may dictate forced resets upon error detection, or a specific error recovery scheme. Triple redundancy can come in three flavors: local TMR, where registers are triplicated and fed to a voter; distributed TMR, where TMR blocks are separated on the chip to further reduce chances of SEUs; and block-level TMR, popular where black-box IP is deployed. Memory and I/O can also be triplicated, and other techniques such as inferencing ECC and creating error flags can protect memory.

    Synopsys has spent huge amounts of effort on Synplify Premier to automate high-reliability techniques for FPGA synthesis. Automotive designs can just tap in to that experience, adding functional safety steps in weeks less time compared to manual implementations.

    Joe Mallett, formerly of Xilinx and now senior product marketing manager at Synopsys, has written his thoughts in the Synopsys Insight newsletter:

    http://www.synopsys.com/Company/Publications/SynopsysInsight/Documents/snps-insight-issue1-2016.pdf

    This newsletter contains other articles on ISO 26262 and automotive-certified IP which should be of interest to automotive teams.

    Where mitigating SEUs used to be a gory, manual process, Synopsys is making the road to functional safety in FPGA designs much easier with Synplify Premier.

    Posted on

    Can Huawei Shift From Carrier Leader To Global Cloud Player?

    Can Huawei Shift From Carrier Leader To Global Cloud Player?
    by Patrick Moorhead on 11-16-2016 at 12:00 pm
    Categories: General

    AAEAAQAAAAAAAAfQAAAAJDdhMTBhYjc4LTA2NzgtNDg4NC1iMGZkLTA2NDcwMWVjY2U4NA

    Huawei Technologies is a large, $60B China-based company that, while many in the U.S. may not be familiar with, is a very big name in the carrier and telco equipment and consumer smartphone space—especially in China and EMEA (Europe, Middle East, Africa). The company is making serious moves to expand their reach into the carrier and enterprise cloud and take on the role of a “global ICT leader” and believes that the “C”, “communications”, in “IT” will make the difference.

    I attended Huawei Connect 2016 in Shanghai a few weeks ago along with approximately 20,000 Huawei ecosystem partners, customers, press and analysts. This was the company’s first integrated conference—combining the three separate Cloud, Network, and Developer’s Congresses Huawei has traditionally held. The theme of the conference was appropriately titled “Shape the Cloud,” and it was their first big opportunity on the public stage to demonstrate the company’s new global cloud trajectory.

    This isn’t a research paper, research brief and I am only doing an overview from their CEOs keynote address and subsequent meetings, but I may follow up with those details if there is interest. Also, I will be focusing on carrier and enterprise, not their consumer business.

    A Chinese Carrier Powerhouse
    Before we dive into Huawei Connect, I wanted to provide some background on Huawei for those unacquainted with the company. First off, they are a very large company in revenue, racking up $60B in 2015 and their recent 2016 financials are putting them on a much bigger track as the first half they saw 40% growth. Huawei was founded in 1987, and are privately-owned by 85,000 Chinese employees. The other 90,000 non-Chinese employees, though they cannot own it, are provided tracking shares in the company so they can enjoy in the upside. While they aren’t public, they do issue audited topline financials every six months.

    Over half of their $60B 2015 revenue comes from China (42%), and the rest from EMEA (32%), APAC (13%) and the Americas (10%). They’ve yet to make serious inroads in the Americas, but we could be seeing more growth in that direction. Huawei takes an interesting, non-committal stance on the U.S. It’s kind of a “we don’t need to be successful here but it would be nice.”

    $36 billion (60%) of Huawei’s 2015 revenue came from the telco and carrier market. This has historically been their bread and butter—they claim 45 of the top 50 telcos under their umbrella, excluding notable exceptions such as AT&T, Verizon, and Sprint. The rest of their business is comprised of 33% consumer ($20 billion), and 7% enterprise (a small, but quickly growing $4 billion).

    In the carrier and telco space, Huawei competes with Ericsson and Nokia, both who are having their challenges. Ericsson’s CEO was pushed out by the board this July and Nokia’s Networks business was down 11% YoY for Q2. Huawei holds the #1 smartphone unit share in China as Lenovo and Xiaomi declined and are #3 globally to Samsung and Apple. The most impressive thing about Huawei’s smartphone ascension is that they aren’t just doing cheap, they are increasing share in the midrange and premium smartphone space.

    Another interesting tidbit is that Huawei employs an innovative rotating CEO system, wherein three senior executives take six-month turns as acting CEO of the company. That hasn’t worked well at any other company before I’m aware of, but seems to be working well so far at Huawei.

    Huawei’s Cloud Vision
    Current rotating CEO Ken Hu delivered the Day 1 Connect 16 Keynote—the first half of which focused on the usual meta-concepts of digital transformation, IoT, the cloud, and preparing for what Hu referred to as the “intelligent world.” He differentiated between what he called the current Cloud 1.0 era- based on “agile innovation, good user experience, and low costs,” and impending Cloud 2.0 era, “in which enterprises are the main players, and we will see the rise of countless industry clouds.” Hu went as far as to predict that by 2025, more than 85% of enterprise applications will be cloud-based.

    It’s that new era in which Huawei is trying to position themselves as the “Enabler and Driver of the Intelligent World.” The second half of the keynote outlined Huawei’s overall strategy: staying customer-centric, providing innovative cloud technology, becoming their customers’ preferred partner, and proactively contributing to the growing cloud ecosystem.

    I have attended many big tent events and there wasn’t much here I hadn’t heard in other keynotes the past few years. Huawei did introduce the “industry cloud”, but this is a new word, not a new concept as it is basically it is a vertical approach to private clouds. Clouds are vertical now and vary by workloads, latency, responsiveness, security, regulation and scalability. I like it, it’s not new, and it underlines Huawei’s vertical approach which I saw everywhere at the show.

    Customer centricity through customization and “open”
    Hu touted the company’s 28 years of customer-centricity, saying it is part of Huawei’s DNA. Every company says they are customer-centric and in the west most IT companies have stopped using the term because customers are skeptical. I do believe Huawei when they say this as they appear to do so many customizations for their customers.

    Hu went on to say that as technology providers, a one-size-fits-all approach isn’t always the right solution—Huawei pledged to learn from customers and develop innovative cloud solutions that are right for their specific needs. Hu cited Huawei’s development of open cloud architecture as an example of meeting their large enterprise customer’s desire for independence and interoperability, and emphasized the company’s commitment to “openness, security, and enterprise grade performance” in all of their cloud solutions.

    I was a bit skeptical at first about the “most open” approach as everyone says they’re “open”, the Linux Foundation executive director Jim Zemlin literally got on stage day two and said Huawei leads in “open”. Not “a leader”, “one of the leaders”, but “THE leader”. That blew me away.

    Strategic partner to drive beyond the “dumb pipe”
    The next key part of Huawei’s strategy is being more than just a vendor to their customers—being a true strategic partner. Like customer-centric, pretty much all IT providers say they are strategic. Hu highlighted Huawei’s work with Deutsche Telekom (a German telecom company) as a case study: this past June, Deutsche Telekom released their Open Telekom cloud, a set of private and public cloud services and software solutions developed for the enterprise. They partnered with Huawei to provide hardware and software solutions for the project. Harkening back to the previous point, Hu said that the most noteworthy aspect of the collaboration was that Open Telekom was “completely driven by customer needs,” and said that so far the product had been receiving widely positive reviews but no indication from DT on revenue.

    I believe Huawei is dedicated to and trying very hard to be a strategic partner to the carriers. I think Huawei can deliver the carriers what it takes to help them, but I question whether the carriers can pull it off. I have to start off with some background. Carriers aka “telcos” try their hardest not to be relinquished to the non-differentiated “dumb pipe”. You can differentiate a pipe, and carriers are globally all trying to provide value-add services to the consumer and/or the enterprise. In addition to video services, Huawei is helping carriers to fulfill their desired goal what I will call the “carrier cloud”. The carrier loud is all about providing services like Amazon AWS, Microsoft Azure, IBM SoftLayer and Google Cloud provide today and more as workloads sub-segment and advance even more in the future.

    I see a potential edge IIoT (industrial IoT) carrier play, but I am very skeptical about everything else. Carriers haven’t exactly been lighting the enterprise world on fire and aren’t investing like the “Super7” cloud giants. This is Huawei’s best play and are playing it even better than Ericsson and certainly bring a lot more to the table than Nokia.

    The biggest question for me still on Huawei’s “data play” is how they stack up to Cisco Systems, Dell EMC, and Hewlett-Packard Enterprise whose business isthe private and hybrid. Huawei has the carriers attention and does have enterprise capabilities, but the others have 25 years’ enterprise experience and are more focused than ever. Enterprise is 7% of Huawei’s current business and 100% of Cisco, HPE and most of Dell EMC’s business. Huawei will do very well in the “carrier cloud” and will grow in the enterprise for sure, but they have a whole different kind of competition in the cloud.

    Cloud ecosystem development
    The last big point Hu emphasized was Huawei’s commitment to the development of the cloud ecosystem. Instead of simply releasing “a handful of clouds on its own,” in Hu’s words, Huawei is looking to help their customers build a variety of different clouds—in turn building out the entire cloud ecosystem. Huawei also has strategic business alliances with some big names—SAP, Accenture, Microsoft, and Intel, to name a few.

    According to Hu, these alliances help promote openness, collaboration, and shared success for everyone, which in turn guarantees the ongoing development of the cloud ecosystem. He went on to stress the importance that everyone involved in the cloud ecosystem bring their unique strengths to the table, concluding the thought by saying, “We are Huawei. Our role is to make good products and serve our customers well.”

    I’ll admit, I was initially surprised to see SAP’s and Accenture’s aggressiveness, but when you drill in, where Huawei is successful, SAP and Accenture want to be more successful, and vice-versa. Also, having Intel CEO Brian Krzanich on-stage day 3 I thought was a big deal.

    Wrapping up
    Huawei Technologies is an impressive company. The company is a force with carriers and in smartphones. At Connect 16 in Shanghai, they did a good job communicating what they want to do, who they want to do it with and why they want to do it, but it was challenging to parse why they are better at what they do. I think the answer could lie in R&D and innovation. Huawei invested $9.2B into R&D in 2015, $38B over the last ten years which puts is in the top 5 of all high tech. They are also a leader in PCT (Patent Cooperation Treaty) published patent applications. Patents don’t guarantee future success but certainly is a leading indicator for innovation.

    It’s still far too soon to say whether or not Huawei is going to pull of their reinvention into the enterprise and the carrier cloud. Huawei has a long, successful track record in the telecom industry with carriers, and while that won’t necessarily automatically translate over to cloud and the enterprise, it speaks volumes to the company’s ability to be competitive, innovate, and stay on top of market trends. It’ll be interesting too to see if this new trajectory allows them to gain more ground in North America and Western Europe where they haven’t had as much success as China, APAC, Eastern Europe, Middle East and Africa. I know the company will get big carrier wins, but what I’m most looking forward to are big enterprise cloud wins.

    Read more from Patrick….