feature article
Subscribe Now

Security Processors Made Easy

Synopsys ARC SEM Subsystem Does the Dirty Work

“I don’t pay to have my dirty work done for me. I do it myself.” – Ted Nugent

Security experts are like proctologists: you wouldn’t want the job but you’re glad they’re around when you need one.

So let’s all give a (gloved) hand to the engineers at Synopsys for doing what the rest of us don’t want to do: creating a secure microprocessor island for SoC development. The hardy souls at Synopsys’s IP clinic have made it easier for the rest of us to secure newly developed chips against the scourge of backdoors, invasive probing, password sniffing, overflows, viruses, and various other communicable diseases.

All this new hardware surrounds the company’s existing ARC SEM secure-processor core, announced last year. The processor was a good start; the new support logic finishes the job. It surrounds the CPU core with security-enhanced memory controllers, buses, crypto accelerators, tamper-proof NVRAM, and more subtle shielding tricks to guard against an array of known (and potentially unknown) attack vectors. If you liked the idea of using the secured ARC SEM processor, you’ll like the packaged subsystem even better.

To recap, the SEM (which presumably stands for Secure Embedded Microprocessor) is a 32-bit RISC CPU that’s been tweaked to make it harder for miscreants to hack. All instructions execute in the same number of cycles, so you can’t monitor software routines to glean useful timing data. Many circuits deliberately inject RF noise, so you can’t remotely monitor their activity. Address, instruction, and data buses are all scrambled so you can’t reverse-engineer the code. And some activities invoke small but random delays, so you can’t observe their goings-on. You get the idea.

In addition to all that, ARC processors have always allowed designers to add their own hardware instructions and/or execution units. These are normally created to enhance performance or to execute some truly obscure or application-specific operation that a normal CPU wouldn’t be equipped to handle. But custom instructions also aid security. Bad guys can’t disassemble an instruction they’ve never seen. Some Synopsys customers add instructions to the CPU precisely because they complicate third-party observation.

Synopsys isn’t the only company to offer security-enhanced processors. In fact, this isn’t even their first one. MIPS, ARM, Cypress, and other CPU vendors have all rolled out hacker-resistant CPU designs boasting roughly the same set of features. Tortuga Logic even sells a security-enhancement tool set for developers. Security is a big thing these days.

The new security subsystem – remarkably, Synopsys hasn’t given it a catchy name – is aimed at fairly high-end, high-risk devices. “This is overkill for a smart lightbulb,” says marketing manager Rich Collins. It’s intended more for passports, embedded SIM cards, energy meters, and industrial equipment. That’s not because Synopsys believes its new subsystem is expensive; just because they think it’s that good.

Showing off the processor’s extensibility, Synopsys allows you to dial in the type of cryptographic acceleration you want. You get your choice of three flavors: all-software, software/hardware swirl, and all-hardware hardcore. In the all-software mode, your crypto work is done… well… all in software, this courtesy of Synopsys’s acquisition of Elliptic Technologies two years ago. The mixed-mode approach uses ARC’s signature party trick of adding custom instructions to the processor, although this time they’re ready-made Synopsys IP specifically for crypto acceleration. Finally, the all-hardware approach uses dedicated hardwired logic blocks for both symmetric (AES, CBC, CTR, etc.) and asymmetric (PKA-RSA and -ECC) algorithms.

As you’d expect, there are size, speed, and power tradeoffs for these choices. But that’s the point: you get to decide. Synopsys says the all-hardware approach is about 12 times faster than all-software, but it nearly doubles the processor’s gate count. The hardware/software mix is, not surprisingly, about in the middle, at about 7 times faster and one-third bigger than the code-based approach.

Buried somewhere beneath all this armor is a ridiculously small processor. The ARC SEM110 (the basic CPU) and SEM120D (with DSP extensions) employ just a three-stage pipeline – fetch, decode, execute – which is about the simplest design possible. In actual silicon, the CPU measures about 0.01 mm2 – a rounding error for most SoC designs. (An ARM Cortex-A9 CPU is about 100x larger.)

There’s something about security hardware that makes me think of a Saturn V rocket. That huge launch vehicle weighed 6.2 million pounds and stood 36 stories tall, yet only the very tip of it – barely big enough for three men to squeeze into and scarcely visible from the ground – made it to the moon and back. Approximately 99.8 percent of the mass of the beast was disposable support infrastructure, there to get that last 0.2 percent to its destination.

Similarly, Synopsys’s secure processor IP is a whole lot of anti-hacker logic wrapped around a very small and simple CPU. Only a tiny percentage of the logic does any actual work; it seems like the remaining 99% is there to thwart bad guys.

That is, if you define “work” as moving data in and out of registers, performing arithmetic operations, and making Boolean logic decisions. You know, computer stuff. But if your definition of work more broadly encompasses guarding against side-channel attacks, obfuscating operations, sidestepping exploits, and interfering with reverse-engineering, then it’s all good.

Leave a Reply

featured blogs
Dec 2, 2022
A picture tells more than a thousand words, so here are some pictures of CadenceLIVE Europe 2023 Academic and Entrepreneur Tracks to tell a story. After two years of absence, finally the Academic Dinner could take place with professors from Lead Institutions and Program Chair...
Nov 30, 2022
By Chris Clark, Senior Manager, Synopsys Automotive Group The post How Software-Defined Vehicles Expand the Automotive Revenue Stream appeared first on From Silicon To Software....
Nov 30, 2022
By Joe Davis Sponsored by France's ElectroniqueS magazine, the Electrons d'Or Award program identifies the most innovative products of the… ...
Nov 18, 2022
This bodacious beauty is better equipped than my car, with 360-degree collision avoidance sensors, party lights, and a backup camera, to name but a few....

featured video

Unique AMS Emulation Technology

Sponsored by Synopsys

Learn about Synopsys' collaboration with DARPA and other partners to develop a one-of-a-kind, high-performance AMS silicon verification capability. Please watch the video interview or read it online.

Read the interview online:

featured paper

Algorithm Verification with FPGAs and ASICs

Sponsored by MathWorks

Developing new FPGA and ASIC designs involves implementing new algorithms, which presents challenges for verification for algorithm developers, hardware designers, and verification engineers. This eBook explores different aspects of hardware design verification and how you can use MATLAB and Simulink to reduce development effort and improve the quality of end products.

Click here to read more

featured chalk talk

Automotive Electronic Seat Control

Sponsored by Infineon

Today’s automotive seat design must keep in mind size, cost, battery life and passing EMC testing. In this episode of Chalk Talk, Amelia Dalton and Rick Browarski from Infineon investigate the newest innovations in automotive electronic seat control. They take a closer look at the anatomy of power seats today, the role that an ECU plays in the control of electronic seats and how Infineon chip set offerings can help you with your next smart power seat design.

Click here for more information about information about Infineon Seat Control