GSA Forum GSA Forum Homepage
home Articles semiconductor member news foundry focus back-end alley supply chain chronicles industry reflections global trends and insights private showing innovator spotlight forum archives
Articles AdvertisementsTSMC

New Security Technologies Protect Chip Margins

Craig Rawlings, Sr. Director, Product Management, Certicom Corp.

As the semiconductor market moves to off-shore manufacturing for the industry's traditional markets, concerns about intellectual property (IP) theft and the threat of low-cost competition developing in these emerging markets via technology transfer are on the rise. Additionally, new device architectures, such as platform-oriented architecture (POA), provide value-added features and services that may be sold and provisioned in an aftermarket. For semiconductor devices and any connected services they provide, this means sensitive IP must be protected during manufacturing, and premium features and services must be protected through distribution and retail channels. Since several of the most rapidly growing markets for electronic products do not yet provide adequate legal IP protection, a new imperative has arisen such that new technical solutions must be developed to protect digital assets for this new breed of system-on-chip (SOC) architectures.

Electronic Product Growth Markets

As most in the electronics industry are aware, there are two countries with large populations (markets) that have rapidly growing gross domestic products (GDPs). China and India each boast populations in excess of well over one billion people and double-digit wage inflation over a number of years in most of the high-technology sector. These developing markets will fuel demand for electronic products, specifically, consumer electronic products.

Figure 1. High-Growth Global Markets
Figure 1. High-Growth Global Markets

According to the research firm RCNOS, China's consumer electronics market is positioned to emerge as the world's largest market by 2011 as measured by potential, market size and growth. They further state that China's consumer electronics market has grown at a compound annual growth rate (CAGR) of 11.7 percent from 2002 to 2006, and project that the market's growth will accelerate in the future. Other researchers independently anticipate growth in China at a CAGR of 12 percent from 2007 to 2011.

India's electronics market measured US$11.5 billion in 2004 and will be the fastest growing electronics market worldwide over the next several years according to a report by In-Stat. Researchers tracking consumer electronic markets in India are also forecasting a CAGR of between 10 to 12 percent in the coming years. These forecasts indicate that both markets will drive high growth in demand for consumer electronics, as well as for other types of electronic products. This trend signals a market shift that will overtime strongly emphasize these growth markets as vendors work hard to protect their investments in product research and development.

The Shift from Low-Cost Manufacturing to Low-Cost Product Development

Naturally, both China and India are strongly oriented toward promoting economic development to improve the prospects of their citizenry. As know-how and research and development evolves, both countries are rapidly shifting their economies from contract manufacturing and development centers for foreign interests towards the development and export of end products by domestic companies. This is a product of these countries' interests to further develop their own market economies. This means that there is a strong interest in technology transfer via contract manufacturing and development operations to catch up to other developed countries' progressed state of technology. Promoting local brands is particularly emphasized as these large potential markets develop their own local brands.

There are a few examples in China that illustrate the country's emphasis on local brand development achieved by promoting similar products at a discounted price to foreign brands. It goes without saying that technology transfer reduces research investment requirements for local companies to develop low-cost competing products and technologies.

It is worth noting the rivalries between local and foreign concerns in China such as the contests between Huawei and Cisco in the high-speed Internet router market, and the rivalry between liquid crystal display (LCD) TV foreign manufacturers Sony, Samsung, Sharp and Toshiba and local manufacturers Hisense, Skyworth, Konka and TCL. Both of these contests depend heavily on the local companies' ability to compete on technology within tight market windows at competitive or reduced prices. Not surprisingly, reverse engineering and cloning are common practices in the race to develop local products and brands.

As they say, "competition is good," but there is no doubt that there will be heated competition over who will win the most market share in these rapidly growing markets as vendors in the high-technology industry depend heavily on economies of scale to maintain their economic advantages. As wage levels equalize with other developed countries, the role of technology and IP ownership will increasingly play an important role in high-tech competition.

A Technical Solution

For any technology company that has poured investment into product development to produce a superior product, it is in that company's best interest to protect its investment. As markets cross global borders where views toward IP rights are different, legal protections are no longer effective. This is particularly true in high-tech, where product life cycles are relatively short and development cycles arguably move much faster than the law, even in traditional markets such as Europe, Japan and North America.

Due to the open nature of most systems, in terms of hardware that runs system software, security has been a challenge. Let's face it, how long does it take an experienced engineer to poke through software in system memory or on disk to find an installation or security encryption key? For those among us with security expertise, it has long been observed that many security schemes are not developed by security experts, which is one reason why young hackers are often so successful. For this reason, security experts have long been dreaming of ways to make strong security more accessible to non-security product development engineers and information technology (IT) engineers.

To deliver on the promise of easy-to-implement, strong and effective security that is still user friendly, multiple disciplines are required. This is what makes security that keeps sensitive electronic information private more of a challenge. After all, software resides on hardware which is physical, must be debugged and tested, and may be observed visually and electronically.

It has long been understood by security experts that a root of trust (ROT) is essential to system security (Figure 2). A ROT is a secret that if kept will not compromise the security of the overall system. A ROT is necessary to provide: (1) a safe place for system-critical secrets, (2) secure processes and (3) extended trust to internal and external entities. Securing the ROT has posed a fundamental challenge.

More recently, this idea has been extended to the concept of a hardware root of trust (HROT) since software has been vulnerable to attack. This is because software is hosted on commonly known and understood hardware, and a software image is for practical purposes identical across all instances of its existence on a general-purpose hardware platform. A HROT, on the other hand, may provide a ROT that is unique to each system or device and one that provides much stronger security to even the most sophisticated forms of attack. New embedded non-volatile memory (NVM) technologies and security IP cores are establishing strong security, which makes it economically impractical to mount an attack on systems which leverage one or both of these more recent technologies.

Figure 2. HROT Protects System Information
Figure 2. HROT Protects System Information

Since it is now the global information age, securing off-shore and third-party manufacturing facilities to a company's secure internal facilities to protect sensitive data requires secure channels to protect sensitive product technology, as well as internal and third-party (trade) secrets. This requires IT infrastructure support that manages and leverages the HROT in combination with secure server platforms that protect against tampering in low-trust or no-trust environments. In combination, the elements required to form this secure channel are a small footprint embedded security IP core that provides the ROT; a secure computing platform that may be co-located in a hostile environment; and hardened system and application software for managing sensitive information throughout the manufacturing, distribution and retail channel (Figure 3).

Figure 3. Virtual Company Information Security
Figure 3. Virtual Company Information Security

As previously mentioned, there are important trends in system architectures that are leading to applications that require stronger device-level and system-level security. The advent of the SOC is now progressing to its next evolutionary step—the POA. A POA device is a single design that is capable of taking on multiple personalities in post production. These personalities may incorporate multiple logic and analog functions that may be digitally activated and/or deactivated in post production to support multiple interface and feature configuration options. While adding modest complexity and therefore unit cost to a design, the benefits of reduced NRE risk and virtualized SKU'ing bring strong competitive and economic advantages. As these POA devices incorporate the configuration and management of premium product features and services, the requirement to secure these devices and the systems they support becomes a critical requirement for the system architect.

Applications for Secure POAs

During the 1980s and early 1990s, it was semiconductor chips that delivered new technologies for system developers. While product system engineers and engineering managers are still coping with recent changes, the delivery vehicle for new electronic technologies is now IP. IP comes in many forms such as silicon IP, firmware, technology (patent) licensing and software. To further emphasize this point, there is no technologist today in our traditional high-tech economies who does not spend part of his day reading licensing terms and conditions.

Several applications for consumer electronic POAs are identified below:

  • Mobile phone SOC.
  • Media player SOC.
  • Home AV equipment SOC.
  • Digital television (DTV) SOC.
  • Set-top box (STB) SOC.
  • Home networking SOC.
  • Advanced DVD technology SOC.

These devices may incorporate premium features or services, which may be configured anywhere in the global supply chain or in the aftermarket, such as:

  • High-resolution digital camera sensor.
  • Premium high-resolution video.
  • Combination of video and audio communications.
  • Premium surround sound audio.
  • Secure communications.
  • Internet television.
  • Premium multi-media programming and content.
  • Virtual private network (VPN).
  • Online banking.
  • Electronic credit and debit payment transactions.

As intuited from the types of POA applications above, the importance of securing information owned by the product developer, IP provider, service provider and/or the end user is critical to protecting each party's investment in the future. For POA-based devices and systems, the prospects for virtualizing SKUs, as well as supporting aftermarket feature and/or conditional access service activation, bring about a powerful shift in how new consumer electronic markets will be addressed.

A technical approach to establishing trust in POA device and system technologies benefits everyone as new markets and economies are developed through healthy and fair competition by all parties with minimal negative economic impact due to gray markets and unfair trade practices. Importantly, the individual end user may also rest easier knowing that his information, financial and otherwise, is private and secure.

About the Author

Craig Rawlings is the Sr. Director of product management at Certicom Corp. Craig started his career at Hewlett-Packard in 1985 and has since worked in executive high-tech marketing and sales positions for Kilopass, Actel, Resilience and Progress Software. Craig has published numerous articles and has earned a B.S.E.E. and MBA from Brigham Young University. Craig may be reached for inquiries at crawlings@certicom.com.

Back to Articles Home
Advertisements
Siliconaire
Chartered Semiconductor
Forum Home | Articles | Semiconductor Member News | Foundry Focus | Back-End Alley | Supply Chain Chronicles | Industry Reflections
Global Trends & Insights | Private Showing | Innovator Spotlight | Forum Archives | GSA Home