Crypto model plugs leaky fabs

San Jose, Calif. -- Security specialist Certicom Corp. this week will roll out a hardware-based approach to protecting silicon intellectual property using its elliptic-curve cryptography (ECC) technology and a 20,000-gate embedded core. The company hopes to gain an early-mover advantage as commercial and military developers step up efforts in semiconductor security.

Commercial chip designers are increasingly eager to tap emerging foundries in China but have reservations given the country's checkered history of intellectual-property (IP) protection. Such concerns help fuel efforts by groups like the Virtual Socket Interface Alliance (VSIA), which is working on upgrades to its software-based IP-tagging standards.

On the military front, the Defense Advanced Research Projects Agency (Darpa) last month put out a call for "revolutionary advances in science, devices or systems" in silicon security. The initiative was in part motivated by a Department of Defense study--released in February 2005--that recommended the government raise the bar, given that an increasing number of chips are manufactured in overseas foundries.

Lots of interest
The new Certicom hardware attempts to close the door on contract chip makers that might produce more chips than requested and sell the excess on the gray market. Certicom and others contacted last week could not point to any instances of such activity. However, concerns run high about the potential for fraud, especially in China, where foundry costs can be as much as 40 percent lower than in other countries, said Brian Neill, who manages the new product at Certicom (Mississauga, Ontario).

"These companies don't want to go to the new foundries, because they have IP concerns," said Neill. "And a lot of them don't want to tell you they think they are being ripped off."

The Certicom approach employs keys based on ECC that can be used to disable any part of the chip the designer desires. New keys can be added at each stage of manufacturing, fully activating the part only at a late stage of production, such as when the chip is put on a circuit board.

The offering leverages Certicom's existing KeyInject controller and servers, which generate and place ECC keys in board-level products for companies such as graphics designer ATI Technologies Inc. It also leverages a version of an IP core Certicom rolled out earlier this year, specifically for sensor and RFID networks.

The current product targets any fabless company using a foundry or assembly-and-test company. Future variants will offer core-based security for middleware used on system-level products.

Although Certicom could not make available any experts who have reviewed their technology, a senior technology executive at a large fabless semiconductor maker expressed enthusiasm when told about the product.

"At the end of the day, we feel we spend a lot of energy on measures [to secure silicon intellectual property] that don't add value to the product or help time-to-market," said the source, who asked not to be named. "That's not something we want to do. So if there is some new technology to resolve this issue, I think a lot of people would be interested."

The fabless company is now ramping up production of some of its older chips at one of the largest Chinese foundries, he said, and also uses fabs at companies that make their own chips and systems."We have concerns [about gray marketeering], but we haven't experienced it firsthand," he said.

To date, the company has used a variety of mainly businesses practices to ensure security. It seeks only long-term foundry relations, requires noncompete clauses in some of its contracts, conducts detailed audits of foundry computer systems and requires top executives to endorse security policies.