As chips plug into more of the world’s critical infrastructure, they’re increasingly at risk from digital attacks and malicious hardware modifications. For a long time, it has been standard practice to protect the chips at the heart of aerospace and defense systems, on factory floors, under the hood of cars, and inside medical devices by locking them down against attacks you already know about. But that can leave other potential vulnerabilities concealed on the “dark side” of the attack surface.
“The current solution to security is not keeping new hardware attacks from happening, and in fact, it’s not even slowing them down,” said Margaret Schmitt, head of the microelectronics unit at Amida Technology Solutions.
Amida aims to build better security into silicon chips with a new software tool called Achilles, which helps uncover chip-level vulnerabilities that tend to elude chip engineers early in the design process. By imitating how hackers are known to manipulate hardware, Achilles can analyze the early code of what the chip is going to become—the RTL—and identify where it’s vulnerable to being attacked. Then, chip designers can use the insights to figure out where and how to harden the device against current and future threats.
“It’s very difficult to patch hardware,” Schmitt told Electronic Design. “You can patch software, but once the hardware is down, it’s down. If you uncover a hardware vulnerability in a satellite, for instance, that could be deployed for more than a decade in orbit, you can’t go into space and swap out the chip. So, you can think of the exposure of the device to new and emerging hardware attacks. It’s a clear and present danger.”
Developed with funding from the U.S. Department of Defense, Achilles can be integrated easily in the chip development and the board-level programmable-device design processes, said Amida. It’s compatible with all major electronic design automation (EDA) tool chains.
While it’s targeting the chip design process at first, Schmitt said the plan is to roll out a set of software tools that span the rest of the semiconductor lifecycle, monitoring for vulnerabilities while the device is out in the field.
Achilles was on display at the recent Design Automation Conference (DAC) in San Francisco, Calif.
Why Hardware Security is Becoming Harder and Harder
Though it’s important to secure all the different building blocks in a system, ranging from the circuit board to the operating system to the software and applications that run on top it, the silicon sits at the heart of it all.
Schmitt said Amida is trying to stay a step ahead of rising demand for hardware security and assurance, most notably from the Department of Defense. She added that in aerospace, defense, and other safety-critical systems, hardware security is as much about reliability as it is about keeping data safe. If any one of the thousands of chips inside a car is maliciously altered or attacked, it could be fatal. In a missile or a radar system, a malfunction that occurs because of a hardware bug could be catastrophic.
Given the rising complexity of embedded systems and the chips inside them, the world is aiming to cover more of its bases with new standards and regulations for hardware security—for instance, the ISO 21434 standard for cybersecurity in cars.
“In a world increasingly reliant on digital infrastructure, microelectronics security is the last bastion of cyber-defense,” said Joe Costello, a Cadence co-founder and Amida board member. “Hardware is an expansive attack surface and is increasingly susceptible to malicious inclusions and in-field attacks. Unlike software, hardware cannot be easily patched, so it is essential to mitigate [attacks] before they happen and isolate them when they do.”
But the current state of hardware security is shaky due to the rising complexity of modern ICs. The transistors at their heart can be arranged into tens of million up to tens of billions of logic gates, which are then folded into processors, accelerators, and various other building blocks of IP before being spread out over the floorplan of the device. More complexity means more potential points for vulnerabilities that can be exposed or exploited in the future, said Amida’s Schmitt. Tracing the origin of a specific problem becomes more of a challenge, too.
As the semiconductor industry falls further behind on Moore’s Law, it’s becoming more common to bind heterogeneous dies or chiplets in 2.5D and 3D packages, creating a new set of security challenges. These devices are not all inherently secure, and their overall security can be unclear since many of them may be developed by other companies, not all based in the U.S. “That is an expansive attack surface because you as a chip designer are likely not designing all those things yourself,” noted Schmitt.
The other difficulty is the longevity of many chips. Even if hardware starts out secure, the reality is that it rarely stays secure throughout its entire lifespan. Since modern chips can remain in use for decades under the hood of cars or in medical devices, it’s not only important to lock down hardware vulnerabilities in pre-production, but also to give the hardware the flexibility to thwart more sophisticated attacks in the future, said Schmitt.
Finding and fixing vulnerabilities in chips tends to be a forensic process, akin to formal verification used in the world of chip design. “The focus is on attacks that have happened before, so when the attack happens, we analyze it, we define rules, and we incorporate them in the design process so that the attack can never happen again,” said Schmitt. But the current strategy, according to Schmitt, is falling short as more and more security holes are uncovered in hardware.
She added, “We wanted to see if we could take a more future-looking approach. How can you protect a device against an attack that you don’t know and that you can’t define rules for because you haven’t seen it yet?”
How Achilles Helps Lock Down Hardware Vulnerabilities
With Achilles, Amida is aiming to play a more prominent role in the ongoing arms race between attackers targeting critical systems and those defending them. “Chip security starts with design,” noted Schmitt.
The complexity of a modern chip means that it’s not possible to design it transistor by transistor or logic gate by logic gate. Instead, it’s standard practice to use a hardware description language (HDL) to create abstract models of the chip’s behavior. The register-transfer level (RTL) models a digital circuit by mapping out the flow of signals and data traveling between the different building blocks—hardware registers (usually flip-flops) and the logical functions in a circuit (usually logic gates) that use these signals to perform operations.
Amida said Achilles can uniquely transform the digital model of the chip’s functionality into a graph, scan through it to pinpoint potential weaknesses in the hardware, and then classify and rank the vulnerabilities.
By applying these advanced graph transform techniques, the software may reveal hidden weaknesses and future exploits in the early stages of the chip design process. Specifically, it is trying to uncover vulnerabilities that could give hackers the ability to alter how the hardware works, forcing it to shut down or sabotaging it in ways that can disrupt its normal operation, said Schmitt.
Amida claims it can predict what kind of attacks are likely, how they will manifest, how they will impact the device’s operation, and what can be done to prevent them before the chip is made. “We are showing you where the vulnerabilities are within a device during the design phase, so that you can fortify and strengthen them, so in the event attackers get access to the hardware, they won’t be able to do any damage,” said Schmitt.
Further in the future, Amida plans to enable on-chip integration of its Achilles technology. That way, it can act as a sort of immune system for a semiconductor device to detect and prevent attacks out in the field.
