San Jose, Calif. -- Security specialist Certicom Corp. this week will roll out a hardware-based approach to protecting silicon intellectual property using its elliptic-curve cryptography (ECC) technology and a 20,000-gate embedded core. The company hopes to gain an early-mover advantage as commercial and military developers step up efforts in semiconductor security.

Commercial chip designers are increasingly eager to tap emerging foundries in China but have reservations given the country's checkered history of intellectual-property (IP) protection. Such concerns help fuel efforts by groups like the Virtual Socket Interface Alliance (VSIA), which is working on upgrades to its software-based IP-tagging standards.

On the military front, the Defense Advanced Research Projects Agency (Darpa) last month put out a call for "revolutionary advances in science, devices or systems" in silicon security. The initiative was in part motivated by a Department of Defense study--released in February 2005--that recommended the government raise the bar, given that an increasing number of chips are manufactured in overseas foundries.

Lots of interest
The new Certicom hardware attempts to close the door on contract chip makers that might produce more chips than requested and sell the excess on the gray market. Certicom and others contacted last week could not point to any instances of such activity. However, concerns run high about the potential for fraud, especially in China, where foundry costs can be as much as 40 percent lower than in other countries, said Brian Neill, who manages the new product at Certicom (Mississauga, Ontario).

"These companies don't want to go to the new foundries, because they have IP concerns," said Neill. "And a lot of them don't want to tell you they think they are being ripped off."

The Certicom approach employs keys based on ECC that can be used to disable any part of the chip the designer desires. New keys can be added at each stage of manufacturing, fully activating the part only at a late stage of production, such as when the chip is put on a circuit board.

The offering leverages Certicom's existing KeyInject controller and servers, which generate and place ECC keys in board-level products for companies such as graphics designer ATI Technologies Inc. It also leverages a version of an IP core Certicom rolled out earlier this year, specifically for sensor and RFID networks.

The current product targets any fabless company using a foundry or assembly-and-test company. Future variants will offer core-based security for middleware used on system-level products.

Although Certicom could not make available any experts who have reviewed their technology, a senior technology executive at a large fabless semiconductor maker expressed enthusiasm when told about the product.

"At the end of the day, we feel we spend a lot of energy on measures [to secure silicon intellectual property] that don't add value to the product or help time-to-market," said the source, who asked not to be named. "That's not something we want to do. So if there is some new technology to resolve this issue, I think a lot of people would be interested."

The fabless company is now ramping up production of some of its older chips at one of the largest Chinese foundries, he said, and also uses fabs at companies that make their own chips and systems."We have concerns [about gray marketeering], but we haven't experienced it firsthand," he said.

To date, the company has used a variety of mainly businesses practices to ensure security. It seeks only long-term foundry relations, requires noncompete clauses in some of its contracts, conducts detailed audits of foundry computer systems and requires top executives to endorse security policies.

In addition, the fabless company often tapes out parts to third parties that make masks so foundries get only manufacturing files, not the original GDSII design databases. "Logistically, this is a nightmare, and it hurts our turnaround times," the executive said. "We've also had internal debates about measures like making a NAND flash layout look like a NOR block to make reverse-engineering more difficult, or having testing and wafer probe done by separate companies from the foundry."

Other techniques in broad use include standards for tagging soft and hard IP blocks set by the VSIA. "I assume a fair portion of the companies we work with are using these technologies," said Lisa Tafoya, vice president of global research for the Fabless Semiconductor Association (FSA), which includes both fabless design companies and foundries.

The VSIA is just weeks away from upgrading those standards. It is also in the early stages of defining standards for watermarking, encrypting and fingerprinting IP blocks. A number of companies are working on defining and promoting the VSIA security specs, including Cadence Design Systems, Freescale, IBM, Intel, Mentor Graphics, Philips, Sonics, STMicroelectronics and TSMC.

Separately, the FSA has been active in encouraging best practices for trading IP in China. In June the association signed a preliminary agreement with three China-related semiconductor groups to establish the Greater China Semiconductor Intellectual Property Trading Centre. The new body will help promote best technology, legal and business practices in the China, Hong Kong and Taiwan, leveraging work the FSA has done on related issues.

The U.S. Department of Defense is making its own moves in this area, motivated in part by recommendations from the Defense Science Board Task Force on High Performance Microchip Supply. The task force's report, released in February 2005, had its roots in an October 2003 memo from Deputy Secretary Paul Wolfowitz calling for the government to form a "trusted integrated circuit strategy."

The report detailed risks based on the migration of semiconductor manufacturing to foundries, particularly in Asia, as well as the increasing use of commercial off-the-shelf chips in military electronics.

Today the government runs a "trusted fab" program for sensitive chips that are made by IBM, its sole fab partner. The government is exploring a second foundry partnership with another top-tier chip maker, but considers the program a short-term remedy to the security issue.

Looking for a longer-term solution, Darpa announced in June its Trust for Integrated Circuits initiative. Researchers have until mid-August to respond to Darpa's call for "revolutionary advances in science, devices or systems" to verify that chips that end up in weapons have not been tampered with during manufacturing.

The call for proposals also mentioned issues with protecting intellectual property and military secrets that are, of necessity, embedded in ICs or needed by the manufacturer. Finally, Darpa cites a need to find ways of getting around the possible reverse-engineering of ICs and systems that are no longer under U.S. control.

It is not clear from the call for proposals how much money the United States is prepared to spend and how quickly it expects supported research to yield results.

Responding to the announcement of the new initiative, Ed Keyes, vice president and chief technology officer at research firm Semiconductor Insights (Kanata, Ontario), said that some of the security threats seemed farfetched. Fabs, he said, are "pretty tightly controlled. To produce a chip out of spec, you'd have to defeat all the alarms--and it would be dead from the get-go." He pointed to the Trojan horse incursion, where a weapons chip could be designed to fail under certain circumstances, such as in combat, as a stronger possibility. "But it would still require a pretty sophisticated individual," Keyes said.

In the case of reverse-engineering, Keyes said the best way to ensure security is to go to an FPGA-based design, where it's hard to detect a blown fuse from one that isn't blown. "For every one connection you have 99 other possibilities--but then you face significant cost and performance hit, vs. an ASIC."

Still, reverse-engineering is hard to prevent, said Dick James, senior technology analyst at Chipworks (Ottawa), a semiconductor analysis firm. "It's all down to time and money." James added that the most vulnerable stage of a design is when it's still in software form. "Software is hackable," he said.

How Certicom does it
Certicom executives said they were not aware of the Darpa call for proposals. However, their technology is clearly germane to the military effort.

The core that is to be announced this week relies on a processing element in the host chip. It "is comprised only of a key expander module and a decryption module," said Dan O'Loughlin, director of hardware engineering at Certicom.

The module uses onetime programmable memory to store the key data programmed in during the manufacturing process. It also needs some masked ROM, or some other type of nonvolatile memory, to store encrypted instructions, O'Loughlin said.

Decrypted instructions are stored in SRAM that can be part of the instruction memory on the processor in the host device. The module executes following power-on-reset and also requires some very basic custom firmware in the boot code of the host processor.

At power-on-reset, the initial keys are read from OTP, and the keys used for decryption are generated by the key expander and fed to the decryption module. The decryption module reads the encrypted instructions from ROM, uses the keys from the key expander and translates the cipher-text instruction data into plain-text instruction data, writing the decrypted instructions into the instruction memory of the processor.

Then the firmware detects that decrypted instructions have been loaded into instruction memory and jumps to the decrypted instructions. Those instructions are used to enable features defined by the chip's designer. If the proper key data is not present, these instructions will be random data, preventing the features from being enabled. Disabled portions of the chip can still be tested by traditional BIST and auto-scanning techniques, O'Loughlin said.

Certicom is preparing a version of the core that handles the processing work for chips, such as memory devices that do not have an embedded instruction-based processor. It is also working on a version that can verify whether anyone has tampered with firmware on a chip.

The company charges $350,000 for controllers that generate the keys and servers that inject them into the chip at the manufacturing plant. The charge covers design consulting on how to implement the core. Certicom also charges a royalty based on a percentage of the overall chip's price.

Users must work directly with their chip-manufacturing partners to implement the approach. Certicom does not plan direct sales to foundries or packaging and test houses.

-- Peter Clarke, George Leopold and Patrick Mannion contributed to this report.

    See related chart