feature article
Subscribe Now

Spinning Heads & Busting Spooks

Q: When is a disk drive not a disk drive? A: When it becomes your next memory chip.

We’ve seen how flash memory chips are steadily replacing hard disk drives in MP3 players, laptop computers, and all sorts of embedded systems. Now, in a weird reversal of technology fortunes, disk-drive technology is moving into nonvolatile memory chips.

The perpetrator of this counter-intuitive strategy is Crocus, a French startup named after a Mediterranean flower bulb. Just as the crocus competes with the tulip in horticultural circles, Crocus competes with flash memories among technophiles. Its technology provides many of the same benefits as conventional flash, but it paradoxically does so using magnetic read-head technology spun off from hard disk drives.

That makes Crocus one of a handful of companies dabbling with so-called MRAMs, or magnetic random-access memories. Perhaps the best-known MRAM supplier (if that adjective applies here) is EverSpin, the spin-off from Freescale Semiconductor. In addition to Crocus and EverSpin, tech giants like IBM, Toshiba, and Hitachi have also been steadily developing MRAM technology for years.

Crocus’s chips use the intriguingly named “spin-transfer torque” technology, a term that suggests some kind of dark and arcane dabbling in the subatomic arts. The reality isn’t far off. The underlying technology seems to be equal parts physics, magic, and magnetism, with a bit of Schrödinger’s cat thrown in. A single-sense transistor is biased (or not) based on polarizing layers implanted just above it. When these layers are charged in the right combination, the transistor can be used to sense a slight current… more or less forever. The science was originally intended for read/write heads in high-capacity hard drives, but it’s been tweaked by Crocus for semiconductor applications.

Crocus chips do what all good NVRAM chips should do: they retain data for a long time (about 20 years) without power, and they read and write fairly quickly. This last characteristic is a Crocus strong point: its chips don’t have to be erased the way flash chips do, so it’s just as quick and easy to write to a Crocus MRAM as it is to read from it. This symmetric read/write time makes them much more like SRAMs or DRAMs, but with longer memories.

A traditional drawback with most MRAMs is that they’re, well, magnetic. That doesn’t mean you can erase them by waving a refrigerator magnet (that’s a myth) but it does mean they’re hard to manufacture in a conventional semiconductor fab or foundry. Chip-making plants are painstakingly designed to handle silicon, aluminum, gold, and a handful of other materials; they’re not set up to deal with magnetic materials, which are generally considered contaminants.

Crocus gets around much of this problem (though not all) by limiting its magnetic materials to just a few deposition layers. Most of an MRAM chip can be manufactured using normal CMOS processes, then sent outside to have its magnetic magic added before returning to standard processing. Or, the manufacturer can do all the work in-house by making a few small adjustments to the production line. The equipment already exists and is commonplace in disk-drive plants. It’s just not normally found within the confines of semiconductor clean rooms.

Today, Crocus’s chips are manufactured at Tower Semiconductor, which produces chips on its 130-nm line, with 90-nm chips on the horizon. The company also has its own small clean room within the headquarters building near Grenoble, France. Beyond the 90-nm node, Crocus is looking to sign up additional manufacturing licensees to complement Tower’s capacity. Crocus expects samples of its 1-Mbit spin-transfer torque MRAMs around the middle of next year. By the end of the year, those chips should be production-worthy. And worthy of your attention if you’re shopping for nonvolatile memory.

Crypto Silicon, Minus the Cloak and Dagger

While we’re on the subject of “spooky action at a distance” (to borrow Albert Einstein’s phrase), did you know you can crack a cryptography system merely by measuring its power consumption with an oscilloscope?

Neither did I, but apparently that’s a well-known trick among the black hats, and just one of many surprising attacks employed against seemingly impenetrable security systems. Here’s where the appropriately named Cryptography Research comes in. The San Francisco–based company employs about 50 engineers and crypto-spooks who produce security countermeasures for chip designers and embedded developers like you and me.

Cryptography Research licenses its circuit designs as IP, the way you’d include an 8051 or a UART in your own chip. The circuitry’s designed to augment whatever security measures you think you’ve included – features that, likely as not, are more crackable than we’d like to believe.

Apart from the “simple power analysis” (SPA) trick described above, the company provides blocks against chip decapitation, brute-force key cracking, scan chains that were intended only for manufacturing testing, and they address power-glitch vulnerabilities, fix reset weaknesses, and much more. The list of countermeasures is as surprising as the attacks they’re designed to thwart. The details are strictly on a need-to-know basis, of course, but include such fun-sounding features as “entropic arrays,” on-chip light sensors, and “canary logic” (as in coal mines).

The company’s technology currently appears in more than 3 billion chips, mostly smartcards. Consumer electronics is a growth area, however, as more and more devices (like cell phones, video games, or satellite-TV receivers) are sold at a loss but bundled with a service subscription. That creates a lucrative opportunity for hackers who can defeat the product’s encryption or security features, thus divorcing the low-cost product from its high-profit service. Cryptography Research says it’s not uncommon for hackers to spend well over $2 million to crack a popular device. Could your product withstand such a concerted attack?

Back to the oscilloscope attack: most encryption algorithms running on microprocessors or microcontrollers break down large keys into smaller chunks, so that a 128-bit key, for example, is often calculated 8 bits at a time. Moreover, most such algorithms make heavy use of the processor’s multiplier for cycling through bits of an exponent. And that activity makes heavy use of the chip’s carry and/or zero flags, signals that are often routed to so many places throughout the chip that they measurably affect its power consumption. By watching power spike as the firmware iterates through bits of the key (while also compensating for other on-chip activity), it’s possible to tease out the state of the flag bits and, eventually, the entire encryption key. Sure, this technique may require a little practice before you get good at it, but if the same key – or even the same encryption technique – is used throughout a product’s entire production run, you’ve just cracked every product on the market at once.

Like a lot of security products, Cryptography Research’s business depends on what its customers don’t know. Is their chip really vulnerable? How easy would it be to crack? What would be the financial impact if it were compromised? When and how would they ever know if it was? And how much can Cryptography Research really alleviate the problem – enough to satisfy the investors, partners, and service providers? On one hand, it seems likely that some of the company’s current customers probably have never been hacked, so they’ve essentially wasted their money. But on the other hand, it’s absolutely certain that some non-customers have been the target of attacks and could have used it. How much do you value your product design and the important information it contains? Like an insurance policy, you don’t want to find out how good it is.

Leave a Reply

featured blogs
May 21, 2022
May is Asian American and Pacific Islander (AAPI) Heritage Month. We would like to spotlight some of our incredible AAPI-identifying employees to celebrate. We recognize the important influence that... ...
May 20, 2022
I'm very happy with my new OMTech 40W CO2 laser engraver/cutter, but only because the folks from Makers Local 256 helped me get it up and running....
May 19, 2022
Learn about the AI chip design breakthroughs and case studies discussed at SNUG Silicon Valley 2022, including autonomous PPA optimization using DSO.ai. The post Key Highlights from SNUG 2022: AI Is Fast Forwarding Chip Design appeared first on From Silicon To Software....
May 12, 2022
By Shelly Stalnaker Every year, the editors of Elektronik in Germany compile a list of the most interesting and innovative… ...

featured video

Synopsys PPA(V) Voltage Optimization

Sponsored by Synopsys

Performance-per-watt has emerged as one of the highest priorities in design quality, leading to a shift in technology focus and design power optimization methodologies. Variable operating voltage possess high potential in optimizing performance-per-watt results but requires a signoff accurate and efficient methodology to explore. Synopsys Fusion Design Platform™, uniquely built on a singular RTL-to-GDSII data model, delivers a full-flow voltage optimization and closure methodology to achieve the best performance-per-watt results for the most demanding semiconductor segments.

Learn More

featured paper

Introducing new dynamic features for exterior automotive lights with DLP® technology

Sponsored by Texas Instruments

Exterior lighting, primarily used to illuminate ground areas near the vehicle door, can now be transformed into a projection system used for both vehicle communication and unique styling features. A small lighting module that utilizes automotive-grade digital micromirror devices, such as the DLP2021-Q1 or DLP3021-Q1, can display an endless number of patterns in any color imaginable as well as communicate warnings and alerts to drivers and other vehicles.

Click to read more

featured chalk talk

i.MX RT1170

Sponsored by Mouser Electronics and NXP Semiconductors

Dual Core microcontrollers can bring a lot of benefits to today’s modern embedded designs in order to keep all of our design requirements in balance. In this episode of Chalk Talk, Amelia Dalton chats with Patrick Kennedy from NXP about why newer design requirements for today’s connected embedded systems are making this balancing act even harder than ever before and how the i.MX RT1170 can help solve these problems with its heterogeneous dual cores, MIPI interface, multi-core low power strategy and SRAM PUF technology can make all the difference in your next embedded design.

Click here for More information about NXP Semiconductors i.MX RT1170 crossover microcontrollers