Last week, the 58th Design Automation Conference (DAC) in San Francisco dropped a few hints that the semiconductor industry will finally consider making chips secure before manufacturing. However, not without kicking, screaming and complaining.
The industry traditionally defined “security” as a means to protect against patent infringement. Protecting user data was not their problem.
Brian Fuller, editor in chief for ARM, opened the first session on security (see “Trust and Verify” full video below) with a question: Is the industry is taking security seriously or were they “still tossing it over the wall” to the systems designers. The response from the panellists from Synopsys, the Global Semiconductor Alliance, the University of Florida, and security startup FortifyIQ could be summed up as, “Well, yeah. but it’s getting better.”
Governments, the biggest customer of the industry, are forcing the issue. Hence the presence of startups at the conference that would normally be participating in systems conference. At the same time, the panel had a hard time agreeing on how to explain why what they are doing is important for the broader population. (Hear the audio version of that debate below.)
Signs of improvement
FortifyIQ and Silex Insight were two exhibiting companies providing intellectual property (IP) cores processor design meeting US and EU standards. FortifyIQ also sells analysis and testing products to determine if designs are vulnerable to side-channel attacks and fault injection.
Barreling down the design highway are dangers from quantum computing hacks. Current encryption can fight off most sophisticated cybercriminals and hostile nation-states. When quantum computers become prevalent all bets are off. PQShield, a startup that introduced itself at DAC, wants to provide protection to that long before that becomes real.
Again, government requirements, specifically the NIST Post-Quantum Cryptography Standardization Process are driving the market for their product. The company mission is to transition from legacy RSA and Elliptic Curve cryptography to quantum-secure IP for secure elements, IoT firmware, PKI, mobile and server technologies, as well as end-user applications.
Beyond those bright spots, however, DAC was an echo chamber of security happy talk. There were few technical sessions addressing security during the live event, and a single session on the virtual event. That last session was prefaced with concern over what being security-focused would do to a design budget. It brought to mind the hackneyed sales point of the security industry: “Imagine what it will cost if you don’t.” In the case of semiconductor design, that argument might be well considered.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.