tech

Security is crucial for commercial chiplets

Data management, trust, traceability, and provenance tracking are crucial for building a successful small chip market.

Panel experts:

Frank Schirrmeister, Vice President of Solutions and Business Development at Semiconductor Engineering and Arteris

Mayank Bhatnagar, Director of Product Marketing at Cadence Silicon Valley Solutions Group

Paul Karazuba, Vice President of Marketing at Expedera

Stephen Slater, EDA Product Management/Integration Manager at Keysight Technologies

Kevin Rinebold, Senior Packaging Solutions Technical Manager at Siemens EDA

Mick Posner, Vice President of Product Management for High Performance Computing IP Solutions at SynopsysSafety will be a top priority in the design of small chips. What should the design team and chip architects pay attention to here?

Karazuba: Ensuring the source of monolithic silicon is already challenging enough, especially with the theoretical environment where silicon wafers are manufactured, packaged, and finally tested and shipped in the same location, there are still many security risks such as Trojan horses or man-in-the-middle attacks. The security aspect of small chips is like the "Wild West." The ideal implementation is that each small chip has a security element, always ensuring its origin, and communicating with other small chips to ensure that everything inside the multi-chip package is authentic and reliable. However, from the perspective of IP and silicon, this solution is costly, and it is difficult to include it in the bill of materials. This means that those who use small chips will largely decide what security measures to adopt based on cost and threat conditions. It's a tough choice. I don't envy those who have to make these decisions because security should be the primary consideration. Yet, in many initial implementations of small chips, this may not be given enough attention.

Advertisement

Rinebold: I completely agree. This will be a huge challenge. We need to deal with a large amount of data, which involves the issue of data management. This includes revising all aspects of tracking, such as who has been in contact, when, and how many times. Do we have the latest version? Even after all the work is done, how to verify it? As mentioned before, is there any built-in verification IP that connects with all adjacent devices to ensure whether it should be here and whether it is working as expected. In some government projects I've learned about, I find it interesting that their core themes include trust, traceability, and source tracking. Because again, many customers in the defense industry and military/aerospace fields are considering heterogeneous packaging based on small chips as their next-generation platform. Although this may be a daunting and daunting task, we will eventually face and solve this problem. But it is unknown whether it will take two years, three years, or ten years to achieve.

Bhatnagar: Another security aspect to note is the security of applications at the chip level and the security of IP at the silicon level, because small chips will be shipped without packaging - just as small chips. Reverse engineering is a quite mature risk factor in reality, and it can also happen at the packaging level, but it just adds another layer. So this is something to pay attention to. In addition, in terms of IP, if you manufacture a small chip and sell it on the market and send it all over the world, how can you ensure that it only ends up in the hands of partners you trust, rather than being purchased by malicious buyers? You certainly don't want your small chips to enter the market in this way.

Posner: Yes, there are many aspects to consider here. The key is the need for small chip certification, so that between small chips, "This is a system, this is the fingerprint, you know these small chips are authentic and reliable." This is one aspect. Another aspect is data integrity and encryption. When implementing a confidential computing subsystem or system, each component must comply with a zero-knowledge architecture. Therefore, although the chip-to-chip interface requires basic encryption, in the chip-to-chip interface space, this will add some latency to the usage patterns that try to reduce latency. At the same time, in a zero-knowledge architecture, this is a necessary condition. From a hardware perspective, chip certification, data integrity and encryption, and the supply chain (usually beyond our scope because we don't sell chips), but this is also a key issue. The focus here is how to prevent reverse engineering of silicon.

What about the security testing of small chips? From a testing perspective, do small chips have security vulnerabilities?

Posner: Absolutely. For chips connected to testers, what is the interface between them? Through chip-to-chip connections, regardless of the final packaging, security vulnerabilities still exist today through JTAG or other high-performance testing interfaces.

Finally, where do you think the most interesting prospects for small chips lie?Karazuba: For consumer goods, industrial products, and the like, the ideal small chip implementation is full of potential. The overall value of a small chip lies in providing everything you need and nothing you don't. From a design perspective, this sounds very appealing.

Bhatnagar: The democratization of the small chip ecosystem provides opportunities for smaller players to engage in chip design without having to design an entire chip. We will definitely see improvements in this regard, with people competing for niche markets, such as having multiple suppliers for a type of small chip. Overall, this will reduce the cost of uncertainty and bring more research results to the field. This is undoubtedly very exciting.

Slater: This is creating an ecosystem where more participants can enter the market, from the current companies producing IP, to ultimately achieving design victories and gradually building credibility. Typically, to achieve this goal, you need the support of a larger company. I hope in the world of small chips, if you design a small chip, verify and test whether your small chip interface is effective, that should be enough. Trust can be greatly enhanced because all interfaces have been tested and adhere to the UCIe standard. That's what I'm hoping for.

Rinebold: One thing that surprises me is that as small chips and heterogeneous technologies are adopted more widely, we may see more situations like this—where there is a law of diminishing returns based on the number of chips you can integrate in a package. Is it 10 chips? Or 30? Or 50? This number varies for everyone. Some companies have already temporarily given up exploring this question. Overall, there is a yield issue here. This exact number will vary depending on factors such as device type, device quantity, underlying substrate technology, testability, etc. For some companies that are adopting this technology, the challenge lies in finding the right production quantity and striking a balance between all these different characteristics.

Posner: The vision of the small chip market has indeed become a catalyst and springboard for this important turning point. Multi-chip systems have actually existed for more than 10 years, but in the past year, they have suddenly emerged in all applications, driving a lot of innovation. I have not yet seen such a large-scale new interface IP or entirely new protocols entering the market, so this is indeed a driver for the next generation of system design.

Schirrmeister: What's particularly exciting is that it's addressing a problem that could pose a serious obstacle in the coming years. So for me, this is actually a must-do. I'm excited about it because it brings us new protocols, new sensitivities, and new partners with whom we can collaborate in this area. At the same time, I'm also excited about the real progress it's making in the overall development of the semiconductor industry, because without it, we wouldn't be able to achieve all the innovations.