Bronco Webinar 800x100 1
Semiconductor Expert Forum

Posted on

System-level Design for IoT and Automotive

System-level Design for IoT and Automotive
by Daniel Payne on 11-08-2016 at 12:00 pm
Categories: Automotive, Cadence, EDA, FPGA, IoT

Several years ago a former EDA co-worker went to work for MathWorks, so I started paying a lot more attention to this privately held company that is well known for the MATLAB language and analysis environment. Engineers at MathWorks have created a graphical environment called Simulink for both simulation and model-based design of multi-domain dynamic and embedded systems. On the electronics side of product development you can model and simulate analog sensors and circuits at the component level using the PSpice simulator. What about modeling and simulating with both MATLAB and PSpice at the same time, instead of separately? Before this week, you had to divide and conquer, using these two popular software tools separately and then hoping that your actual system would work after a prototype was built.

What Cadence and MathWorks decided to do was connect these two simulation environments together, using the Simulink technology, and that’s good news for systems designers because you can finally model and simulate your entire system before building any prototype. So here’s how you split up your modeling efforts between the tools:

  • MathWorks – mechanical, thermal, hydraulic
  • PSpice – electrical


Upper left – Simulink, lower left – PSpice waveforms, right – OrCAD schematics

The integration is bi-directional, so you can include PSpice models for analog and AMS in your Simulink (digital models) environment, or place MATLAB models in a PSpice design. You also get to choose which analysis tool to use for visualizing results, it’s really the best of both worlds. Let’s say that you want to visualize a phase plot, then the Simulink window on the left shows you polar plot results while the PSpice window on the right shows you a frequency response:


Polar and Frequency plots

Systems designers doing IoT and automotive projects can quickly benefit from this kind of technology because it shortens the product development cycle and provides feedback and validation that requirements have been met prior to production. The old way of doing product design by building a prototype, testing, iterating and refining are just too slow in comparison to the newer method of modeling a virtual prototype. Applications for this system-level simulation in the automotive market would include[SUP]1[/SUP]:

  • Engine control
  • Transmission electronics
  • Active safety
  • Driver assistance
  • Passenger comfort
  • Infotainment

IoT markets are quite diverse and are characterized by the use of analog sensors and mechanical actuators all controlled by digital electronics[SUP]​2[/SUP]:

  • Media
  • Environmental monitoring
  • Infrastructure management
  • Energy management
  • Medical and healthcare
  • Building and home automation
  • Transportation
  • Metropolitan scale deployments
  • Consumer products

Related blog – Eight Improvements for PCB Software

PSpice has been around for decades now and has some 34,000 models ready to be simulated for your next PCB project. The integration between PSpice and Simulink gives you a single, integrated environment for system design and debug. Using the PSpice Device Model Interface (DMI) you can model using C, C++, SystemC, Verilog ADMS components, or MATLAB software-generated code and then simulate.

Simulation results from PSpice can even be visualized in the MATLAB plotting tool using all of the advanced features. Any trace or DAT file can be exported from PSpice into MATLAB by clicking a drop-down menu choice in PSpice. From PSpice you can even start to use MATLAB functions in any of your measurement expressions or behavioral modeling.

Related blog – Growing Innovation in Modern PCB Design Tools

If this approach of using a virtual prototype for system-level design looks interesting, then consider contacting Cadence and MathWorks to get more info. On the sales side of things you still buy PSpice and OrCAD through Cadence or a channel partner, and Simulink through MathWorks. The team at MathWorks has been integrating with many other companies using Simulink over the years, so this integration with Cadence makes a lot of sense.

References
1 – Wikipedia, Automotive electronics
2 – Wikipedia, Internet of things

Posted on

#IoT Big Data is worthless!

#IoT Big Data is worthless!
by Diya Soubra on 11-08-2016 at 7:00 am
Categories: IoT

I have been writing about big data for over three years now. In all that I wrote and many articles that I read, there is an underlying assumption that people naturally accept the huge economic value associated with big data. It turns out that this is a bad assumption. They don’t!


There are many people that see big data as worthless and they are totally correct. Data is actually worthless until it is transformed into information. In this example, McKinsey states that only 1% of the data collected from 30,000 active sensors is actually used, the rest is wasted. I believe that the same applies to many other deployments. Industry is generating terabytes of data and we have only just started to process that data to extract meaningful information. Big data is truly worthless, the economic value is actually in the extracted structured information. People talk about big data but they actually mean structured information.

Linking this subject to my continuous effort to push for a horizontal #IoT, I can add that for big data to yield meaningful information it has to come from a diversity of sensors. If I collect a million data points from a temperature sensor on a motor then the information that I extract will be linear and of little value. Now, if I was to collect data from ten different sensors on that same motor then the value of the information I extract will be multiplied by many factors of ten.

This is the power of horizontal #IoT. The mash-up of diverse unstructured data streams to generate valuable structured information. This technique has been proven over the past few years by application to crowd analysis. Various diverse streams of data are inter-processed to extract, for example, “sentiment”, an item in fashion these days. There is really no difference in the mash-up operation, be it user data or motor data. The same concept applies to both. Simply take in a huge volume of diverse, unstructured, real time data and extract structured information. Same concept, different algorithm.

Most people really want structured information, not big data, since it can be used to make decisions. This is where the real economic value lies. The most famous example is the airline company willing to pay GE a few million dollars in order to know in advance when an engine is about to fail. If it wasn’t for the expert data scientists at GE that know how to extract meaningful information, then the terabyte of data generated by the engine during flight would have remained worthless. Based on that structured information, a decision is made about the impeding failure of the engine. The airline is willing to pay serious amounts of money to avoid the liabilities associated with a plane falling from the sky due to engine failure. Structured information used to make a decision of much higher economic value, probably by multiple orders of magnitude.

Any #IoT or big data discussion, since they are so intertwined, would be more fruitful if both parties can agree to the value of what they are talking about. To facilitate that value estimate I am in the process of creating a formula to indicate the dollar value of information relative to that of big data. Something like :

Market $ value of information = Ʊm x ∑ ( ∑ Data(i)(k) )

Data(i) is the $ value of each sensor sample. i is the number of data points of one specific type of sensor while k represents the number of diverse data streams. Ʊm would be the fudge factor that represents the multiplier value of the extracted information for a specific market. This formula, when complete, would help two parties agree on the value of the data streams and of the information extracted. Most of all it would hopefully push people to deploy diverse sensors to do mash-ups in order to charge more for the extracted structured information. It is an excellent solution for both parties and for #IoT. People interested in deploying #IoT nodes will see where the revenue stream would come from and the information traders would see how they will create their revenue. Everyone wins.

If we are able to quantify the value then people would invest and deploy #IoT nodes and the resulting information would be traded at it’s fair value. Once that formula is complete then we would move on to the next level where we would need to quantify the value of the decisions made based on that structured information. This is a much harder problem.

A business professional that I work with and that I highly respect always drives to the point by saying: “show me the money”. I hope with this formula I can answer his question regarding big data for #IoT.

All feedback from experts who may have already figured this out is highly appreciated.

Also read: What’s Really Going to Limit the IoT?

Posted on

Managing the IoT

Managing the IoT
by Bernard Murphy on 11-07-2016 at 4:00 pm
Categories: Arm, IoT, IP

Now that ARM has introduced its end-to-end IoT, including the mbed Cloud SaaS to handle the cloud end of the IoT, you might wonder what service providers are going to offer on top of this solution. DevicePilot showcased one such solution at ARM TechCon, to manage connected products. These guys especially deserve to be featured because they won the “Best Software Product” award at TechCon, which makes sense when you consider how well they complement ARM’s direction.

DevicePilot provides a software solution, running in the cloud, to manage connected products automatically. You may have thought about the need for this kind of service, but apparently that would put you in a minority. According to Cees Links, CEO of IoT solution provider GreenPeak and a pioneer in wireless networking “It surprises me how many device companies don’t even know how many of their devices have been deployed, let alone how many are working. As the IoT matures, users’ expectations of service quality are rapidly increasing, and you really have to keep on top of this stuff. When it comes to the smart home we expect all devices to be connected and providing useful information for owners and manufacturers on usage, diagnostics, need for refurbishment and replacement.”


Think about the scale of a city-wide deployment – to monitor street lighting, or smart parking or waste management controls for example. Now you have thousands, maybe tens of thousands of devices. You need to understand where each of those devices is and what it is (if I’m an operations manager, I don’t want to jump between different tools to monitor different features or edge nodes from different vendors). You also probably want to plan where you should add coverage. So your first question is around location – what do you have out there, what are they and what kind of coverage do you have.


Your next problem is monitoring. What is the status of each of those devices? Isolate problems and give me a quick triage on each. What are the possible problems –battery running low, wireless issue, device problems? You’ll use this to optimize field service activity.

Then you want to manage devices. This includes monitoring through their lifecycle, from deployment to end of life (I seem to have had a lot of problems with this device, maybe I should just replace it), managing firmware upgrades and, on the other side of the cloud, integrating with existing business process. According to the website, this feature set in the product is coming soon.

Device Pilot was co-founded by Pilgrim Beart in the UK. Pilgrim has quite a background in founding connected product companies including most recently AlertMe, a connected home solution recently acquired by British Gas for $100M. In the course of building AlertMe, Pilgrim saw the need for this level of management in IoT deployment, so this solution is built on a lot of relevant experience for a domain as young as the IoT.

It’s worth remembering that the promise of IoT could easily turn into the nightmare of IoT if device management is not well handled. For an IoT deployment to work well you have to be on top of where all the devices are, how they are performing and what needs fixing (or might need fixing in the near future). Solutions like DevicePilot will be an important part of that management. You can learn more about DevicePilot HERE.

More articles by Bernard…

Posted on

CEVA Webinar: Vision Based Autonomous Driving

CEVA Webinar: Vision Based Autonomous Driving
by Eric Esteve on 11-07-2016 at 10:00 am
Categories: Automotive, Ceva, IP

CEVA Webinar “Challenges of Vision Based Autonomous Driving & Facilitation of An Embedded Neural Network Platform” will be held on November 16[SUP]th[/SUP] and will address one of the hottest topics today in our industry, probably the hottest in the automotive industry as all the players are working hard on autonomous vehicles.

The automotive market is seeing accelerated growth and rapid adoption of vision applications that will lead the way to autonomous vehicles. The solutions based on artificial intelligence and deep learning algorithms to identify objects were limited to research labs just a couple of years ago.

Why does deep learning and convolutional neural network (CNN) have exit the labs and be adopted by the automotive industry, Tier-1 suppliers and OEM? Deep learning is requiring a great amount of high performance processing and the new technologies like 16 nm (or below, 10 or 7 nm) allow targeting one chip solution; that’s the first reason. But the second reason and probably the most crucial is linked with deep learning performance improvements: it’s only since 2015 that the imageNet error rate is better than human performance, see below.

CEVA is offering CEVA-XM6 vision processor, an efficient HW and SW platform that is optimized for CNN workloads and other deep learning approaches. You can learn more about CEVA-XM6 HERE.

To register, use this v16 -CEVA-XM6%20&utm_source=semiwiki&utm_medium=post”>webinar link.

During this webinar you will hear about:

  • Challenges of ADAS and vision based autonomous driving
  • CEVA’s 5th generation deep learning embedded platform based on the CEVA-XM6 vision processor
  • Implementing low power machine vision solutions using the CEVA Deep Neural Network (CDNN) toolkit
  • Free space detection utilizing AdasWorks drive 2.0 SW implemented on CEVA’s imaging and vision platform

The webinar will be held by deep learning experts, from CEVA and the automotive industry:
Liran Bar
Director of Product Marketing, Imaging & Vision, CEVA

Jeff VanWashenova
Director of Automotive Segment Marketing, CEVA

Arpad Takacs
Outreach Scientist, AdasWorks

Again, to register for the CEVA Webinar (November 16th at 10 am PST 1pm EST) “Challenges of Vision Based Autonomous Driving & Facilitation of An Embedded Neural Network Platform” use this webinar link.

CEVA is the leading licensor of signal processing IP for a smarter, connected world. We partner with semiconductor companies and OEMs worldwide to create power-efficient, intelligent and connected devices for a range of end markets, including mobile, consumer, automotive, industrial and IoT. Our ultra-low-power IPs for vision, audio, communications and connectivity include comprehensive DSP-based platforms for LTE/LTE-A/5G baseband processing in handsets, infrastructure and machine-to-machine devices, computer vision and computational photography for any camera-enabled device, audio/voice/speech and ultra-low power always-on/sensing applications for multiple IoT markets. For connectivity, we offer the industry’s most widely adopted IPs for Bluetooth (Smart and Smart Ready), Wi-Fi (802.11 b/g/n/ac up to 4×4) and serial storage (SATA and SAS).

Posted on

Executive Interview: Vic Kulkarni of ANSYS

Executive Interview: Vic Kulkarni of ANSYS
by Daniel Nenni on 11-07-2016 at 7:00 am
Categories: Ansys, Inc., CEO Interviews, EDA

Having known Vic for many years, it is always great to spend time with him and catch up on what is happening inside the semiconductor ecosystem. As Senior Vice President and General Manager, RTL Power Business, at ANSYS in Silicon Valley, Vic spends a lot of time in the field with customers, partners, and at industry events so he has intimate knowledge of some of the changes we are experiencing, absolutely.

Prior to merging with Apache in 2009 and subsequently with ANSYS, Vic was a co-founder, President and CEO of Sequence Design. In addition to driving product and business growth within the ANSYS Semiconductor Business Unit with the senior leadership team, Vic is also evangelizing the emerging IoT opportunity along with other business units, connecting the dotsfrom chip-package-system software solutions with ANSYS multi-physics simulation tools targeted at various IoT vertical segments.

Tell us about ANSYS
We are a leading provider (Nasdaq: ANSS) of simulation products headquartered in Canonsburg, PA. The Company has been laser-focused on providing multi-physics and multi-domain simulation software to enable the product design for over 40 years! Multi-physics refers to an environment where products are subject to multiple physical forces such as thermal effects, structural integrity, electro-magnetics radiation and so on. Multi-domain typically refers to chip, package and system power domains in electronics, simulation of antenna radiation pattern, fluid dynamics to complete electro-mechanical systems. We have over 45,000 customers worldwide. ANSYS acquired Apache Design in 2011 and the Semiconductor BU of ANSYS was born.

Early this year ANSYS formally launched the IoT initiative to provide solutions for several vertical segments, ranging from Wearables, Healthcare, Automotive, Industrial, Defense to Smart & Connected Cities.

What are the key focus areas for ANSYS?
IoT is clearly an exciting business opportunity for the worldwide industry. Recently SoftBank CEO Masayoshi Son-san made a seminal statement in his keynote during the ARM TechCon Conference when he compared the emerging IoT explosion to the Cambrian explosion! He stated that chip sensing capabilities are evolving rapidly and will exceed the collective human intelligence in next few years akin to what happened to senses of intelligent animal species during the Cambrian explosion!

At ANSYS we see these rapidly growing trends especially with the Industry 4.0 applications, autonomous vehicles and advanced mobile segments. Increasingly, our customers have started to address critical challenges related to communication system design, sensor design and product reliability to out-innovate the competition. In this incredibly fast-paced environment, virtual prototyping using simulation software is an important strategic vehicle for creating a meaningful competitive advantage by getting the newest product model or next-generation features into customers’ hands as fast as possible.

Explain how ANSYS enables customers in this revolution.
This “revolution” is happening due to a confluence of several technological advances that have happened in the past decade or so, and simultaneously too.

The first one is Miniaturization – More and more electronics are being packed into smaller and smaller space, providing unprecedented processing and computing capability. The first cell phone weighed 2 pounds. In comparison, the newest generation of mobile phone weighs only about 4.6 – 4.8 ounces, and it enables you to do lot more than just talk! This type of miniaturization is enabled by smaller chips and electronic components. Now people talk about the trend towards “More Than Moore”. It refers to the fact that chips continue to gobble up more and more of the circuitry on a PCB. This kind of integration is enabling miniaturization at the larger scale, enabling planes, cars, drones, and virtual reality systems to get more sophisticated.

As an example for a connected car the performance and ADAS model must be tested in a simulated model of roads, buildings and pedestrians under diverse driving scenarios. Whether designing planes, cars or smartphones, engineers typically need to optimize IoT products for size, weight, power and cooling — a set of design requirements popularly known as “SWAP-C.” Engineers must manage all these components in a constrained space, while optimizing performance. This means relying on simulation to make design trade-offs quickly and cost-efficiently.

ANSYS provides a complete platform for engineering simulation, product designers can identify and address any functional flaws, such as impractical power demands at the chip, package and board level or faulty antenna design, as quickly as possible — and as early as possible in the design cycle, when mistakes are less costly to address.

According to an independent study of over 600 companies done by the Aberdeen Group clearly states that simulation is a key enabler in product design, reducing development time by 9X, reducing the overall product cost by 4X, with over 85% more likely to decrease the warranty costs and new product introductions with a success rate of over 65%!

How does Semiconductor Business Unit (SCBU) fit in the overall ANSYS Corporate strategy?
Apache Design (now called Semiconductor Business Unit) has been one of the important strategic acquisitions that ANSYS has made over the years to enable simulation of a complete electronic system design— from IP, Soc level RTL power analysis and power reduction, power integrity sign-off including dynamic voltage drop, electro-migration, on-chip ESD, and co-simulation of package, board and system level thermal and power effects in the context of chip-level dynamic voltage drop.

Designers are now able to analyze dynamic voltage drop of a complete SoC and evaluate its impact on the downstream electro-magnetic radiation signature analysis and system level thermal analysis. This is rather critical for designers to understand the overall system-level behavior in various vertical applications such as autonomous vehicles, health-care to advanced mobile devices.

What keeps you awake at night?
We have 290+ employees in our SCBU singularly focused on addressing the challenges posed by the most energy-efficient IP, SoC and electronic system designs.

There are 3 main areas which keep us awake at night:

  • N7 technology challenges
  • A comprehensive Chip-Package-System (CPS) simulation solution
  • Big Data for EDA with elastic compute driven architecture for next-generation SoC design challenges

We have seen complexity of designs exploding to Bn+ logic instances with 1,000+ I/Os, technology nodes going from 40 nm to 7nm feature sizes in just a few years. Along with the technology process node, innovative packaging techniques have kept up the pace as well… from a 2.5/3D package configuration to technologies such as InFO-WLP improve power, performance and reduce form factor.

The stakes are obviously very high when as much as $250+million investment and 500+ person-years (Ref: Gartner) are needed to bring a 7nm SoC to market.

As an example, meeting a 15 percent dynamic voltage drop limit in a 7-nm design running at 500mV is extremely challenging since the design trade-off choices that affect die-size, schedule and performance must be made to achieve the desirable outcome. On-chip variation, electro-migration (EM) and ESD sign-off considerations require careful modeling of advanced extraction and foundry rules both in an N7 chip and its InFO-WLP package. Accuracy convergence methodology must be followed rigorously from register-transfer level (RTL) power budgeting, estimation and regression to the final sign-off before committing to silicon.

At our Business Unit currently we are tracking 8 customers who are designing 7-nm SoCs. Complexity of these chips can range from 2- 4+ billion logical instances, with the number of physical geometries reaching 40 billion and parasitics reaching 400+ billion. One can now say we are reaching the “Big Data” problem!

The traditional architecture of EDA tools must be transformed. Why?
Conventionally EDA databases have always remained in silos and are structured (SQL – structured Query Language). They all use the exact same traditional monolithic database and data model systems. e.g. netlist, layout, logic, timing, RC, timing and so on. So it has been very challenging for engineers to readily explore design alternatives for an optimal solution where one physical effect can have serious impact on the other, e.g. voltage on timing. Our purpose-built SeaScape architecture is based on the principles of Big data elastic-compute principles to address these challenges since it enables a designer to run hundreds of what-if experiments in the time it used to take to build a single prototype, and create highly optimized designs.

To do this you will need to move away from the traditional silo-based design flow to a chip-package-board co-simulation workflow and methodology.

By leveraging chip-package-system flows and methodologies to target 7-nm technologies, one can achieve faster design convergence along with considerable business advantages. You can additionally profit from the reduced power consumption, higher speed and density improvements available from the 7-nm process node. Such simulation flows and solutions have to meet two broad requirements to make a meaningful impact: they must provide multi-physics sign-off accuracy and coverage, and enable accelerated design closure and optimization.

In addition, signal integrity analyses need to expand beyond traditional “SI” or cross-talk focus to include coupling of power rail and signal noise to predict jitter and noise coupling both inside and outside the chip to meet stringent DDR, SerDes data rate specifications.

Also Read:

CEO Interview: Taher Madraswala of Open-Silicon

CEO Interview: Simon Butler of Methodics

CEO Interview: Charlie Janac of Arteris

 

Posted on

What’s Really Going to Limit the IoT?

What’s Really Going to Limit the IoT?
by David G. Simmons on 11-06-2016 at 8:00 pm
Categories: IoT
2 Comments

There’s a lot of hype about the Internet of Things (IoT) as anyone who’s reading anything about these days already knows. There’s wearable tech, there’s healthcare IoT, there’s M2M IoT and a host of other areas of the IoT that are all projected to explode over the next 10 years. Billions and billions of devices are forecast.

Those are huge numbers and they are exciting to anyone working in the field, or even observing it. But there’s a problem. A big problem: Power. How will we power these billions of devices? Some of them, of course, will be powered by simply plugging them into a constant power supply. Let’s ignore those because we already have a lot of them (computers). A fair number of them — possibly most of them — will be small, embedded devices: wearables, medical devices, environmental sensors, remote sensors, etc. These will need to be powered by batteries. And there’s your problem. Batteries. Lots of batteries. Boat loads of batteries.

I spent a lot of time, back in the day, researching batteries in order for the Sun SPOT platform to achieve a balance between size, weight, and capacity. Oh, and price. Batteries can be expensive. Very expensive. But the size and weight and capacity of batteries isn’t even going to be the biggest problem with the Internet of Things. There’s plenty of research going on all over the world to make batteries smaller, more powerful, and more efficient. No, just the sheer number of batteries is going to be the problem. And it’s a problem that not enough people are thinking about, and almost no one is talking about.

Here’s what I mean. Let’s take the common number of 20 – 30 billion IoT devices on-line by 2025. Gartner, Forrester (pay-wall), IDC, Ovum, and pretty much everyone else is using this number, and I don’t want to argue about it right now so we’ll just take that as a given and go with 20 billion devices. Now let’s say that roughly half of those devices will be powered by mains, and won’t need a battery. So we’re now left with 10 billion devices with batteries. Some devices can go a year or more on a single battery. Some can only go a few weeks. So let’s, for argument’s sake, say that the average is that about a third of the devices will have to have their battery changed over the course of a year. That seems more than reasonable as it assumes a 3-year duty cycle which is very generous. It seems reasonable, until you do the following calculations:

20B ÷ 2 = 10B — the number of battery-dependent devices.

10B ÷ 3 = 3.4B — the number of batteries that will have to be changed in a year.

3.4B ÷ 365 = 9.1M — the number of batteries that will have to be changed every day.

Do you see the problem now? Changing 9.1 million batteries a day, every day of the year. But it gets worse. Much worse. Now let’s scale that to a trillion devices — a number that is often used when talking about the IoT. Heck, I’ve been using that number myself since 2004! So let’s scale the above calculations to a trillion.

1T ÷ 3 = 333B — That’s a lot of batteries!

333B ÷ 3 = 111B — The number of batteries that will need to be changed in a year.

111B ÷ 365 = 304M — the number of batteries that will need to be changed every single day. That’s 34,000 batteries an hour.

Given those numbers, the IoT will collapse under its own weight. I haven’t extrapolated this to the number of people it would take to change 34,000 batteries an hour, but I’m pretty sure it’s not going to be sustainable if it’s even achievable.

Now, if you’re a battery company, I‘m sure those numbers are quite reassuring, but for anyone looking at how the IoT will actually function, it is clear that those numbers are not just unsustainable, but they are completely unworkable. We’ll need an army of people who do nothing but go from device to device changing batteries, 24 hours a day, 7 days a week, in order to keep up. We clearly need another solution.

The big question is why is no one in the IoT field talking about this? Why is there radio-silence on this looming, crippling problem in IoT? There are only a few select people working on some solutions to this battery problem.

If you’re in IoT, and you’re not already thinking about how to manage the battery problem in your ecosystem, now might be the time to start.

Posted on

New IoT Botnets Emerge

New IoT Botnets Emerge
by Matthew Rosenquist on 11-06-2016 at 12:00 pm
Categories: IoT, Security

On the heels of severe Distributed Denial of Service (DDoS) attacks, new Internet-of-Things (IoT) powered botnets are emerging. There are already hundreds of such botnets which exist in the underground hacking ecosystem, where services, code, and specific attacks can be purchased or acquired. New botnets are being developed to meet the growing demand and to circumvent anticipated security controls.

The latest IoT botnet
Researchers have spotted a new IoT botnet called Linux/IRCTelnet. In just 5 days it infected 3500 devices and features an old-school adaptation: using Internet Relay Chat (IRC) as the command and control structure. IRC is a very old technology based upon original chat-boards of the Internet (pre world-wide-web). Many of the original botnets used IRC, a decade ago. It is not particularly difficult to undermine for security software, therefore represents an interesting choice by the attackers, whom I assume are not top-tier (ie. not nation state level).

Linux/IRCTelnet is not based upon the popular Mirai IoT DDoS botnet software, but rather Aidra code. It does however leverage default passwords of IoT devices to gain control. It is just the easiest path at the moment. Attackers will evolve as that door closes, so don’t get too excited and think we can ‘solve’ IoT security with the elimination of default passwords. It is just one chess-move in a long game we are begrudgingly forced to play. Although this Linux bot is still new and small, it could hold potential for more directed attacks and highlights how malware writers are working to differentiate their attack code.

More targets will be explored.
We are already seeing a broad diversity of different telecommunications, political, business, Internet infrastructure, and social sites being targeted. The latest is an attack against the internet access for the country of Liberia. Access to the web has been spotty for customers with attackers at times pushing over 600 Gb/s of data to choke the network. Most access is provided by the African Coast to Europe (ACE) undersea cable and these attacks could affect many other nations in West Africa who rely on this data pipeline.

What comes next?
Expect many more entry-level botnets, which will eventually be supplanted by more professional malware. Thus far, most of the IoT botnets have been basic. This will change as more professional and well-funded players emerge.

Look for the pro’s to do the following when they come into this space:
[LIST=1]

  • Patch/change-passwords of the victim IoT devices after infection, so others can’t take over their prey
  • Setup more sophisticated and concealed Command and Control (C2) structures to make it more difficult to track bot-herders or interfere with their control
  • Implement encrypted communications to the end-nodes, to conceal instructions, updates, and new targeting instructions
  • Begin exploiting OS/RTOS vulnerabilities on higher-end devices to gain more functionality and persistence
  • Begin siphoning data from IoT devices, which can be valuable for many different purposes, including extending attacks further into homes, businesses, and governments

    I predict the next phase of availability attacks will begin right around the time the industry reaches the tipping point in addressing the ‘default’ password weaknesses. Then confidentiality attacks, followed by integrity compromises will come. Brace for a long fight as IoT devices are highly coveted by attackers. This matchup should be exciting as it unfolds!

    Interested in more? Follow me on Twitter (@Matt_Rosenquist), Steemit, and LinkedIn to hear insights and what is going on in cybersecurity.

    Also read: Let’s Talk About Cyber Risks

    • Posted on

    Let’s Talk About Cyber Risks

    Let’s Talk About Cyber Risks
    by Matthew Rosenquist on 11-06-2016 at 7:00 am
    Categories: Security

    In the last 12 months, we have seen an unprecedented number of cyber-attacks occur or come to light. Sophisticated attacks against governments, businesses, consumers, and the pillars of the Internet itself. The future appears to be fraught with run-away risks. Can security tame data breaches, ransomware, massive DDoS assaults, cyber theft, and attacks against autonomous and internet connected devices which potentially put people’s lives in jeopardy?

    That was the topic for the advisory council members of the Bay Area SecureWorld conference recently held in San Jose CA. As moderator, the task is keeping control of a conversation with a room full of passionate experts who live and breathe these challenges every day.

    In the past year, a number of significant risks have risen. The team had no hesitation in talking about some of the big issues.

    IoT DDoS Attacks
    Consumers and business are feeling the impact of massive Distributed Denial of Service (DDoS) attacks, fueled by insecure Internet of Things (IoT) devices. The sheer impact of data and requests which these botnets can wield is an order of magnitude ahead of where the industry is comfortable. The consensus is that everyone should be worried and the fix is not quick. The IoT industry must change to embrace security across the life-cycle of these devices. In a twisted way, these recent attacks are a good wake-up call for the industry. The group agreed, it is far better to have these incidents occur now, versus down the road when billions more IoT devices are connected to the global Internet.

    Data Breaches
    On the heels of the worst year for healthcare data breaches (2015), the hemorrhaging continues. It is by no means limited to healthcare, as many other sectors are being impacted. An interesting debate emerged challenging the role and impacts of government regulations in this space. One side postulated the government has weakened security by setting a confusing bar, which is too low. Compliance does not make organizations secure, which is an unfortunate mental trap, where many organizations only fund what is needed to achieve the minimal requirements. On the other side, advocates of regulation and auditing pointed out that without a baseline many organizations would fall severely short. As we all work together, assurance is needed to establish confidence other partners, parties, suppliers, and vendors are implementing security controls which meet expectations.

    Nobody believed the legislative process could effectively keep pace with the changes in the industry. But both agreed, that the lack of consistency, readability, and simplicity of regulations is a problem. Complexity increases costs, delays implementation, and causes confusion. Smarter, lightweight, and easily understood guidelines might be an opportunity to benefit the community.

    Credit Card and Online Fraud
    Major retailers saw a drop in in-store credit fraud with the introduction of new ‘chip’ cards in the U.S., accompanied with an correlated rise of online theft, where the ‘chip’ doesn’t play a role. In effect, fraud continues, but the bubble was squeezed from in-store to online properties. It is a predictable outcome when threat agents are viewed as intelligent attackers. They will adapt. Shrinkage figures are not outrageous, but the online security teams are feeling the heat to keep them low. This will likely require a combination of new technology, back-end analytics, and end-user behavioral changes. Greed is a persistent attribute for cyber-criminals. Other activities, such as Ransomware, are also currently painful for consumers, healthcare, and small businesses. Enterprises have their ears open to shifts where they may become the primary target if attackers can find a way to reach into their deep pockets.

    Gone in 60 Minutes
    The industry is full of risks and opportunities. Sitting in a room of experienced professionals who are sharing their insights and experiences reveals one important fact. This must occur more often, if we are to keep pace with the attackers. Our adversaries share information and are masterful at working together to our detriment. We, the cybersecurity community, must do the same in order to survive. Our one-hour together disappeared quickly. I look forward to more meetings, discussions, debates, and venting sessions.

    Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

    Also read: New IoT Botnets Emerge

    Posted on

    Automotive Semiconductor Safety

    Automotive Semiconductor Safety
    by Daniel Nenni on 11-05-2016 at 7:00 am
    Categories: Automotive, Cadence, EDA

    One of the more telling trends in the semiconductor industry is the “fabless systems companies” transformation. Systems companies that used to buy chips are now making their own to better control the system they are designing: from the chip, package, PCB, the complete system. Apple is the best example as they are now one of the most influential fabless semiconductor companies. Tesla is another example of disruption in the automotive industry, which brings up another very important trend and that is semiconductor safety.


    Last month at ARM TechCon, Cadence came out in support of Automotive Design for Safety with the industry’s first comprehensive Tool Confidence Level 1 (TCL1) documentation that is compliant with the automotive ISO 26262 standard. Cadence also has more than 30 tools that will contribute to an ISO 26262 compliant development lifecycle which is the broadest EDA tool offering for the automotive industry, absolutely.

    “Proven safety compliance along with a complete design and verification tool flow is a requirement for Infineon so that we can deliver our AURIX microcontroller designs to the market on time and ensure that they meet the safety standards the automotive market demands,” said Dr. Joerg Schepers, senior director, Microcontrollers Powertrain at Infineon Technologies AG. “Cadence’s work with TÜV SÜD provides us with added confidence because its software tools have been properly assessed to support the ISO 26262 standard.”

    Before the conference, I had an interesting discussion about automotive trends and the impact on the semiconductor ecosystem with Rob Knoth, Product Management Director of Digital and Signoff Group, and Randal Childers, Director of Corporate Quality at Cadence. Design for Safety was the focus of the discussion so I wouldn’t be surprised to see the DFS acronym coming about.

    Bottom line:     Cars are much more complicated than smartphones or even data centers with huge communications components. As we move towards advanced driver assistance systems (ADAS), design complexity is increasing exponentially so qualifying point tools will not be enough.

    The Cadence announcement is not only the first comprehensive TCL1 documentation, offering the broadest tool support for the ISO 26262 standard, Cadence is also offering both digital and custom design and verification flows followed by a digital implementation and signoff flow expected to be completed by the end of this year.

    You can see the Cadence ISO 26262 Compliance page HERE, but first take a quick look at this automotive video which talks about the “Systems of Systems”, it is definitely worth two minutes of your time. Cadence is promoting a holistic system design approach here which encompasses chip, package, and board.

    Attached below is the announcement slide deck which is worth a glance. According to industry analysts, automotive semiconductors will be the fastest growing segment through 2020 which I believe. In looking at SemiWiki analytics, automotive is also a fast growing segment second only to IoT.