Part of the  

Chip Design Magazine


About  |  Contact



Cadence Addresses Security in SoC

Steve Carlson, product management group director, Cadence Design Systems

Security has been a growing concern as more examples of failed security come to light in the news. The connected, automated world makes us all more vulnerable, and there is good cause for concern. Whether it has been the demonstration of taking control of a car through hacking or causing nuclear material refinement equipment to spin to destruction, the realization of the gravity of the situation is a widely-shared concern.

To create a secure system a design-for-security mindset needs to be adopted by all parties participating in the product creation. A secure system needs to have security at all layers. At the core, the underlying hardware needs to be designed to be secure. Design methods for creating trusted zones for computation and support for data security are essential.

Layers of security needed for secure system deployment.

Fortunately, there is help in the form of verification technology that can definitively prove whether or not there are any potential side access channels that could leak data. Where normal simulation approaches become intractable, formal methods are targeted and complete.

For example, the JasperGold® Security Path Verification (SPV) App is a formal verification product that uses path sensitization technology to exhaustively prove that secure data:

1.  Can’t be read illegally (no leaks)

2.  Can’t be illegally overwritten (sanctity)

3.  Remains secure in the face of faults or failure

The process of creating secure hardware has become a riskier proposition with the broad use of third party IP and the vertical nature of the foundry model. Hardware Trojans have been inserted into a number of designs that created compromised security. Detection of hardware Trojans is being approached in a number of different ways, but there is no silver bullet, particularly when it is “an inside job.” A formal approach to design verification with detailed metrics is a good component in nefarious content detection. Understanding what is activated in each test scenario can help uncover covertly-added content.

Software-based attacks are incessant. A constant stream of attempted attacks are visible in instrumented IT centers. The nexus of the system hardware and software (firmware or bare metal software) is a point of attack that exploits the perimeter between realms. Here the system verification task requires high performance platforms like emulators that can accurately depict the behavior of the software-hardware interaction in intended and unintended instruction streams. Detection tests are tedious to create and are often not thorough for that reason. Applying automation for software-driven testbench creation provides orders of magnitude improvement in test time creation and ultimately attack scenario coverage.

There are a host of attack methods on encryption have been documented. Attacks based on side channels: power trace, fault attacks (e.g., voltage and clock frequency), timing attacks, scan chain, cache attacks (power trace, memory spy process, time measurement (different data takes different computation time) have all been successful.  Various obfuscation methods such as state space expansion and self-referencing have proved to be effective.

The core computation engines in secure SoCs need to consider not just the processor itself, but also how the interaction with other hardware features are implemented. An example based on the Cadence Tensilica Xtensa processor depicts some the capabilities that are necessary to create a secure system.  Among those is the capability to create instruction set extensions that can create private regions and hidden registers. These capabilities help to frustrate hackers.

Example: Tensilica Xtensa security elements

The further implications of using extension instructions are highlighted in the figure below. These advantages highlight the value of a unique processor. In short, a customized processor creates yet another layer that hackers must seek to defeat.

Cadence Tensilica Xtensa security-related capabilities

Security mechanism support features in Cadence Tensilica Xtensa

A summary of the Tensilica Xtensa processor security capabilities are summarized below:

  1. User defined TIE resources are proprietary (hidden)
    1. Xtensa base instructions cannot access the resources
    2. They are accessed by user-defined proprietary TIE instructions only
  2. User-defined TIE resources
    1. Registers including states
    2. Interfaces (port, queue, lookup)
  3. User-defined TIE resources can be hidden even via debugger
  4. Hidden registers can be used to save such as
    1. Crypto key
    2. Hash value
    3. User ID
  5. Hidden interfaces can be used to connect restricted resources such as
    1. Crypto engine
    2. Hash key generator
    3. Random value generator

Security breaches have alarmed us all. Clearly we need to get better and more methodical about it.  Adopting a holistic design-for-security mindset is essential. You cannot just layer security upon an insecure system and expect good results. As innovative security hackers devise new methods to defeat security, there are corresponding innovations to improve protection. We can all expect to see security in the news for the foreseeable future. While the breaches get all the notoriety, the unsung attack preventions are legion.

Tags: , , , , , ,

Leave a Reply