Many chips are vulnerable to techniques such as differential power analysis (DPA) that analyses the power consumption and electromagnetic emissions to determine the instructions and data being handled, especially during encryption operations such as AES or RSA.
Synopsys has changed the three stage pipeline ARC core for the SEM variant by adding several ways to hide the instructions, for example with extra blank instructions and randonmizing the data. These can be switched on only for sensitive operations to minimize the performance overhead.
“We make it hard to pick out an RSA or AES operation vs something else by adding blank instructions – it’s not something that you would see in the development tool,” said Angela Raucher, product line manager for the ARC EM processors. “There is an impact on performance but the benefit is you can use it only when you are doing sensitive operations. Timing and power randomization are similarly turned on and off, inserting random signals to throw off any analysis.”
“Looking at DPA simulations you see the power profile and then the simulation data can tell you how to modify it to be random,” she said. “You can add instructions randomly and that will also change the power – there’s also a way to look across the chip through simulation and use the two pass compile capability in MetaWare to minimize code density.”
“The key thing is that it will vary at the system level depending on when you are doing crypto instructions only on updates or all the time – the penalty will vary a lot but running a normal IoT edge node you will see a 10-15% impact,” she said.
The SEM110 processor IP can be used as either a security core within a system-on-chip design with Trusted Execution Environment (TEE) support or as a standalone security processor. A SecureShield Runtime Library manages the partitioning and isolation of containers within a TEE to ensure data is stored and processed in a safe environment. The SEM120D adds DSP functionality for applications such as sensor processing and voice identification in health care and IoT devices.
“Some customer want to have a trusted application environment with multiple execution units and that capability enables a low cost, lower power solution in applications that can’t afford the penalty of a second processor with the memory,” said Raucher. “But we also have customers that are doing security all the time for example in a gateways where the main processor is already tasked with other activities – it’s about the processing horsepower they need overall.”
First silicon from customers will be available in early 2017.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.