Memory solution addressing power and security problems in embedded designs
Wireless monitoring devices and digital wallets are creating a new category of battery-powered system on chip (SoC) designs. With embedded processing capability and wireless connectivity, these SoCs demand months or years of operation without recharge or battery swap. This article will examine the memory requirements—static RAM (SRAM), read only (ROM), and non-volatile memory (NVM)—of these SoCs and offer an innovative solution to accommodate the new constraints of this category of design.
The world market for remote monitoring services was worth more than $29 billion in 2011, equivalent to $2.4 billion in recurring monthly revenues (RMR) across the year, according to the IMS Research’s report “The World Market for Remote Monitoring Service – 2012 Edition”1. The Wellingborough, England, Research Firm estimated that, in the same year, 54 million customer locations were provided with services such as alarm and remote video monitoring, physical access control and fire detection, and Personal Emergency Response Services. IMS Research also states that 14 million wearable devices were shipped in 2011 and the market is on track to generate a minimum revenue opportunity of $6 billion by 2016 in its "World Market for Wearable Technology—A Quantitative Market Assessment—2012"2 report.
Mobile financial transactions have experienced fits and start as financial institutions battled communications service providers and handset suppliers over who would do what. However, in the report, “Mobile Financial Services—A Technology and Market Analysis,”3 research firm Frost & Sullivan states that near field communications (NFC)-based mobile commerce is approaching a tipping point, thanks to more NFC-enabled mobile devices and growing partnerships between telecom service providers and financial institutions. These partnerships encourage semiconductor vendors, mobile device manufacturers, and mobile operators to proliferate more NFC-enabled mobile devices to the market.
Emerging design constraints
Two critical design elements will influence the functionality of wireless devices providing remote monitoring and financial transactions. Foremost is power as users will expect these devices to be always performing their tasks. Just as a leather wallet can be accessed as long as it has funds, NFC-enabled digital wallet must operate even if mobile phone power has run out. Users of remote monitoring devices will have the same instant-on expectation.
The second critical design element is security, both from non-invasive and invasive tampering as well as from remote attacks. Security concerns are obvious for financial transactions. Lost or stolen phones can be hacked to remove digital funds as well as the owner’s identity; the same vulnerability exists from cyber hackers. Less obvious, but just as important to the OEM, are algorithm intellectual property theft and counterfeit prevention.
Remote monitoring devices are increasingly being wirelessly connected to the cloud, such as the Microsoft HealthVault that accepts health and fitness data from heart rate watches, blood pressure monitors, etc. As medical care begins treating more of the aging population in homes rather than in hospitals, digital monitoring of patients’ vital signs and prescription drug use will need to be secure. Hacking into a system where monitoring devices upload vital health information to the cloud leaves users vulnerable.
Challenging design requirements
An embedded design today might contain the elements shown in Fig. 1—an MCU with SRAM and an external EEPROM/Flash for firmware and data storage, creating significant power limitations in the design. The most obvious is the on-board SRAM, which continuously draws power to maintain stored data. At smaller process geometries, 65nm and below, for example, the SRAM drain is aggravated by the leaky nature of the processes themselves.
Placing the SRAM in non-retentive standby mode has measurable power and performance implications. Power loss from communicating with external devices is caused by the higher voltage and capacitance of the external interconnect (P=CV2F, where power P is equal to CV2F where C is capacitance, V is voltage and F is frequency). Restoring program code from external EEPROM or serial Flash every sleep exit takes too much time, eliminating the instant-on capability.
NVM technology that uses other storage elements—eFuse and ROM—addresses the power problem but has its own limitations. The eFuse has limited storage capacity due to its low density. ROM offers great cost, performance, and power capability, but is limited by its design, validation, and manufacturing cycle. Data is stored in the silicon of the ROM array using via or diffusion. ROM contents must be included in the GDSII of the SoC prior to mask making. Once the SoC is fabricated, changing its ROM contents requires a new mask set and full manufacturing cycle, both costly in time and money. Using many ROM versions of the same base design is costly and presents operations challenges (e.g. supply forecasting and inventory management; not having the right product mix at the right time is opportunity lost).
Security vulnerabilities in embedded designs
In the simple design shown in Fig. 1, the security vulnerabilities are apparent. The stored content of the external EEPROM/Flash are susceptible to non-invasive as well as invasive attacks. A simple attack would be monitoring the flow of data moving between CPU and external memory either with a physical connection or via a clever software hack as described in the New York Times “From Black Hat: Hackers Demonstrate a Rising Vulnerability of Smartphones.”4
Embedded as well as external floating gate non-volatile memory technologies are also vulnerable to several low-cost non-invasive information attacks including Glitching and Data Remanence, and semi-invasive approaches including UV attacks, Fault Injection, and Voltage Contrast. For an overview of these techniques, see Dr. Sergei Skorobogatov’s presentation "Physical Attacks on Tamper Resistance: Progress and Lessons,"5 which details how easy it is to access stored content in floating gate memory.
Embedded non-volatile memory based on blown fuse links (eFuse) or hard-wired memory (ROM) is immune from non-invasive attacks. However these storage mechanisms relinquish their contents easily through semi-invasive methods such as device de-processing and observation of the silicide or metal link break through a focused ion beam (FIB) microscope.
An integrated memory system
For designs that require the lowest power with high security, a better memory system architecture is required. One element of such architecture is integrating external EEPROM/Flash NVM on chip, immediately lowering power consumption, boosting security, and reducing the system bill of materials by one component.
However, integrating external EEPROM/Flash breaks down at 65nm and below, where the floating gate structures used to create EEPROM and Flash becomes a challenge for technical and business reasons. Floating gate technologies may migrate down process geometries, but for today’s development, floating gate is a non-starter in 65nm and below.
The antifuse solution
NVM technology by its nature consumes no power when memory is not being accessed and all embedded NVM solutions discussed meet the low power mandated by mobile monitoring devices and digital wallet chips. However, of the available embedded NVMs, antifuse technology (Fig. 2) offers the best combination of power, security, and programming flexibility. Table 1 shows some typical characteristics of a mobile SoC.
Power and security advantages of an antifuse OTP are derived from the way data is stored in its fundamental storage bit cell. For example, one of Kilopass’ developed antifuse bit cells consists of two NMOS transistors: one for programming and a second select transistor that is coupled in series. Applying a voltage to the programming transistor produces a breakdown in its gate dielectric. The breakdown creates a connection between the gate and the channel of the transistor. Thus, a high resistance gate dielectric becomes a low resistance silicon link: changing the cell state from a zero “0” to a one “1”. (See Fig. 3.)
Programming the antifuse bit cell induces a randomly localized physical property change in a tiny region of the gate oxide. The bit determines an initial “0” or programmed “1” through the process of a current sensing, making the bit cell less vulnerable to low-cost, non-invasive attacks—glitching and data remanence—as well as semi-invasive attacks such as UV attacks, fault injection, and voltage contrast. Furthermore, there is no deterministic way to locate and view the oxide breakdown, making the memory contents resistant to physical attacks such as de-processing and FIB examination. This is one reason antifuse memory technology is widely deployed for encryption key storage. (See Fig. 4.)
The value of the embedded design resides in the firmware. When incorporated on chip, it becomes resistant to physical hacking attacks. This code has distinct elements: (1) the main control program (locked in non-changeable one-time programmable NVM) for ultimate security; (2) a section of code in FTP (few time programmable) NVM that can be used for secure updates; and (3) for authentication, another secure area of storage hidden from passive or physical attacks.
The typical size of an embedded program is 32kB to 128kB. Applications in this category include Bluetooth, Zigbee, and Wi-Fi peripherals ranging from designs for wireless devices that monitor health and fitness to more sophisticated designs for home automation and security and NFC devices for digital wallet, wireless financial transactions, and electronic identification—driver’s license, passport, fare collection, and others. Battery powered and easily connected to the web, these applications can be remotely accessed, for example, using secure and authenticated Smartphone programs.
Over two years ago, Kilopass pioneered logic antifuse technology and addressed code storage needs with the introduction of Gusto, a high-density embedded antifuse NVM for code storage. With growing adoption for code storage and emerging market trends to address the “Internet of Things,” Kilopass recently released a second-generation code storage product called Gusto-2. It addresses low-power and small form factor requirements, as well as the security needs for tomorrow’s applications from mobile wallet to low-energy Bluetooth devices. Initially, Gusto-2 is available in 65nm/55nm, followed by 40nm.
The power and area will take up a fraction of the SOC described in Table 1. The standby power will be significantly smaller than SRAM. The array area will be comparable to that of a similar capacity SRAM. The performance will delivery 400MB/s throughput. Initial storage capacities of 256kb, 512kb, and 1024kb will be available. And, it supports wide synchronous datapath CPU bus architectures to enable efficient execute-in-place access.
Remote monitoring and electronic financial transactions are applications driving a new generation of SoC designs that will be energy frugal, high performance, and sufficiently small enough to fit into space-constrained consumer devices. Such SoCs demand a memory subsystem to match their stringent power and security needs.
References
- The World Market for Remote Monitoring Service – 2012 Edition IMS Research, Wellingborough, England
- World Market for Wearable Technology – A Quantitative Market Assessment – 2012, IMS Research, Wellingborough, England
- Mobile Financial Services—A Technology and Market Analysis, Frost & Sullivan, Mountain View, California
- From Black Hat: Hackers Demonstrate a Rising Vulnerability of Smartphones, New York Times July 26, 2012
- Physical Attacks on Tamper Resistance: Progress and Lessons, Dr Sergei Skorobogatov, University of Cambridge, presentation before 2nd ARO Special Workshop on HW Assurance, Washington DC, 11-12 April 2011, excerpted from Sergei Skorobogatov: Physical Attacks and Tamper Resistance, Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
About the author:
Andre Hassan is Field Marketing and Applications Director at Kilopass. He is an industry veteran with over 20 years of semiconductors and systems experience. Hassan brings a broad business experience in marketing, sales and operations, as well as depth in multiple engineering disciplines. Prior to Kilopass, he held senior management and engineering positions at Sigmatel, Monolithic System, S3, Sun Microsystems and Digital Equipment.
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
