Global Sources
EE Times-Asia
Stay in touch with EE Times Asia
EE Times-Asia > EDA/IP

Crypto model checks IP leakage in fabs

Posted: 01 Sep 2006 ?? ?Print Version ?Bookmark and Share

Keywords:Certicom? silicon IP? intellectual property? IP? elliptic-curve cryptography?

Security specialist Certicom Corp. rolled out in July a hardware-based approach to protecting silicon intellectual property (IP) using its elliptic-curve cryptography (ECC) technology and a 20,000-gate embedded core. The company hopes to gain an early-mover advantage as commercial and military developers step up efforts in semiconductor security.

Commercial chip designers are increasingly eager to tap emerging foundries in China, but have reservations, given the country's checkered history of IP protection. Such concerns help fuel efforts by groups like the Virtual Socket Interface Alliance (VSIA), which is working on upgrades to its software-based IP-tagging standards.

The new Certicom hardware attempts to close the door on contract chipmakers that might produce more chips than requested and sell the excess on the gray market. Certicom could not point to any instances of such activity. However, concerns run high about the potential for fraud, especially in China, where foundry costs can be as much as 40 percent lower than in other countries, said Brian Neill, who manages the new product at Certicom.

"These companies don't want to go to the new foundries because they have IP concerns," said Neill. "And a lot of them don't want to tell you they think they are being ripped off."

The Certicom approach uses keys based on ECC that can be used to disable any part of the chip the designer desires. New keys can be added at each stage of manufacturing, fully activating the part only at a late stage of production, such as when the chip is put on a circuit board.

The product targets any fabless company using a foundry or assembly-and-test company. Future variants will offer core-based security for middleware used on system-level products.

Current measures
To date, security measures used by fabless companies have focused mainly on business practices, such as seeking only long-term foundry relations, requiring non-compete clauses in some contracts, conducting detailed audits of foundry computer systems and requiring top executives to endorse security policies.

Other techniques include standards for tagging soft and hard IP blocks set by the VSIA. "I assume that a fair portion of the companies we work with are using these technologies," said Lisa Tafoya, VP of global research for the Fabless Semiconductor Association (FSA), which includes both fabless design companies and foundries.

The VSIA has been upgrading those standards. It is also in the early stages of defining standards for watermarking, encrypting and fingerprinting IP blocks. A number of companies are now working on defining and promoting the VSIA security specs.

Separately, the FSA has been active in encouraging best practices for trading IP in China. In June, the association signed a preliminary agreement with three China-related IC groups to establish the Greater China Semiconductor Intellectual Property Trading Centre. The new body will help promote best technology, legal and business practices in China, Hong Kong and Taiwan, leveraging work the FSA has done on related issues.

The U.S. Department of Defense is making its own moves. Looking for a longer-term solution, the U.S. Defense Advanced Research Projects Agency (Darpa) announced in June its Trust for Integrated Circuits initiative. The initiative was in part motivated by a February 2005 study by the Department of Defense that recommended the government raise the bar, given that an increasing number of chips are manufactured in overseas foundries. Darpa called for "revolutionary advances in science, devices or systems" to verify that chips that end up in weapons have not been tampered with during manufacturing.

Ed Keyes, VP and CTO at research firm Semiconductor Insights, said that some of the security threats cited by Darpa seemed farfetched. Fabs, he said, are "pretty tightly controlled. To produce a chip out of spec, you'd have to defeat all the alarmsand it would be dead from the get-go."

How it's done
Certicom executives said they were not aware of the Darpa call for proposals. However, their technology is clearly relevant to the military effort.

The Certicom core relied on a processing element in the host chip. It "is comprised only of a key expander module and a decryption module," said Dan O'Loughlin, director of hardware engineering at Certicom.

The module uses one-time programmable (OTP) memory to store the key data programmed in during the manufacturing process. It also needs some masked ROM, or some other type of non-volatile memory, to store encrypted instructions, O'Loughlin said.

Decrypted instructions are stored in SRAM that can be part of the instruction memory on the processor in the host device. The module executes following power-on-reset and also requires some very basic custom firmware in the boot code of the host processor.

At power-on-reset, the initial keys are read from OTP, and the keys used for decryption are generated by the key expander and fed to the decryption module. The decryption module reads the encrypted instructions from ROM, uses the keys from the key expander and translates the cipher-text instruction data into plain-text instruction data, writing the decrypted instructions into the instruction memory of the processor.

Then the firmware detects that decrypted instructions have been loaded into instruction memory and jumps to the decrypted instructions. Those instructions are used to enable features defined by the chip's designer. If the proper key data is not present, these instructions will be random data, preventing the features from being enabled. Disabled portions of the chip can still be tested by traditional BIST and auto-scanning techniques, O'Loughlin said.

The company charges $350,000 for controllers that generate the keys and servers that inject them into the chip at the manufacturing plant. The charge covers design consulting on how to implement the core. Certicom also charges a royalty based on a percentage of the overall chip's price.

Users must work directly with their chip-manufacturing partners to implement the approach. Certicom does not plan direct sales to foundries or packaging and test houses.

- Rick Merritt
EE Times

Article Comments - Crypto model checks IP leakage in fa...
*? You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.

Back to Top